Skip to content

Conversation

@JoshVanL
Copy link
Contributor

Adds 0011-CR-x509-svid-component-auth.md which outlines enabling X.509 certificate authentication in Components using the Dapr SPIFFE identity.

@jjcollinge
Copy link

probably a terrible idea but can we combine the 2? Pass the data in the context encrypted, pass the encryption key in the metadata? If someone leaks the context by mistake then it’s safe. If someone deliberately leaked the context after decrypting it then it’d be obvious in code review.

@mikeee mikeee mentioned this pull request Apr 2, 2024
43 tasks
JoshVanL added a commit to JoshVanL/kit that referenced this pull request Apr 3, 2024
Adds spiffe package to crypto. This is a refactored version of the
existing `pkg/security` package. This new package is more modulated and
fuller test coverage.

This package has been moved so that it can be both imported by dapr &
components-contrib, as well as making the package more suitable for
further development to support X.509 Component auth.
dapr/proposals#51

Also moves in `test/utils` from dapr to `crypto/test` for shared usage.

Signed-off-by: joshvanl <[email protected]>
JoshVanL added a commit to JoshVanL/kit that referenced this pull request Apr 3, 2024
Adds spiffe package to crypto. This is a refactored version of the
existing `pkg/security` package. This new package is more modulated and
fuller test coverage.

This package has been moved so that it can be both imported by dapr &
components-contrib, as well as making the package more suitable for
further development to support X.509 Component auth.
dapr/proposals#51

Also moves in `test/utils` from dapr to `crypto/test` for shared usage.

Signed-off-by: joshvanl <[email protected]>
JoshVanL added a commit to JoshVanL/dapr that referenced this pull request Apr 3, 2024
Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>
yaron2 pushed a commit to dapr/kit that referenced this pull request Apr 15, 2024
* Adds crypto/spiffe

Adds spiffe package to crypto. This is a refactored version of the
existing `pkg/security` package. This new package is more modulated and
fuller test coverage.

This package has been moved so that it can be both imported by dapr &
components-contrib, as well as making the package more suitable for
further development to support X.509 Component auth.
dapr/proposals#51

Also moves in `test/utils` from dapr to `crypto/test` for shared usage.

Signed-off-by: joshvanl <[email protected]>

* Adds crypto/spiffe/context

Signed-off-by: joshvanl <[email protected]>

---------

Signed-off-by: joshvanl <[email protected]>
JoshVanL added a commit to JoshVanL/dapr that referenced this pull request Apr 16, 2024
Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>
JoshVanL added a commit to JoshVanL/dapr that referenced this pull request Apr 23, 2024
Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>
JoshVanL added a commit to JoshVanL/dapr that referenced this pull request May 6, 2024
Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>
JoshVanL added a commit to JoshVanL/dapr that referenced this pull request May 7, 2024
Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>
yaron2 pushed a commit to dapr/dapr that referenced this pull request May 10, 2024
* Refactor SPIFFE from `pkg/security` to `kit`

Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>

* Include SVID context with `Init`ing Component

Signed-off-by: joshvanl <[email protected]>

* Adds security to processor options

Signed-off-by: joshvanl <[email protected]>

* Update github.com/dapr/dapr to master

Signed-off-by: joshvanl <[email protected]>

* Update `util` to new `test` package import

Signed-off-by: joshvanl <[email protected]>

* Update go.sum

Signed-off-by: joshvanl <[email protected]>

---------

Signed-off-by: joshvanl <[email protected]>
cicoyle pushed a commit to cicoyle/dapr that referenced this pull request May 24, 2024
* Refactor SPIFFE from `pkg/security` to `kit`

Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>

* Include SVID context with `Init`ing Component

Signed-off-by: joshvanl <[email protected]>

* Adds security to processor options

Signed-off-by: joshvanl <[email protected]>

* Update github.com/dapr/dapr to master

Signed-off-by: joshvanl <[email protected]>

* Update `util` to new `test` package import

Signed-off-by: joshvanl <[email protected]>

* Update go.sum

Signed-off-by: joshvanl <[email protected]>

---------

Signed-off-by: joshvanl <[email protected]>
elena-kolevska pushed a commit to elena-kolevska/dapr that referenced this pull request Jun 10, 2024
* Refactor SPIFFE from `pkg/security` to `kit`

Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>

* Include SVID context with `Init`ing Component

Signed-off-by: joshvanl <[email protected]>

* Adds security to processor options

Signed-off-by: joshvanl <[email protected]>

* Update github.com/dapr/dapr to master

Signed-off-by: joshvanl <[email protected]>

* Update `util` to new `test` package import

Signed-off-by: joshvanl <[email protected]>

* Update go.sum

Signed-off-by: joshvanl <[email protected]>

---------

Signed-off-by: joshvanl <[email protected]>
Signed-off-by: Elena Kolevska <[email protected]>
AnnuCode pushed a commit to AnnuCode/dapr that referenced this pull request Aug 7, 2024
* Refactor SPIFFE from `pkg/security` to `kit`

Updates the `pkg/security` package to move the SPIFFE implementation to
a new kit package. This new kit package is more modulated and fuller
test coverage. This package has been moved so that it can be both
imported by dapr & components-contrib, as well as making the package
more suitable for further development to support X.509 Component auth.

dapr/proposals#51

Also moves in test/utils from dapr to crypto/test for shared usage.

Part of dapr/proposals#51

Uses go mod fork of dapr/kit#92

Signed-off-by: joshvanl <[email protected]>

* Include SVID context with `Init`ing Component

Signed-off-by: joshvanl <[email protected]>

* Adds security to processor options

Signed-off-by: joshvanl <[email protected]>

* Update github.com/dapr/dapr to master

Signed-off-by: joshvanl <[email protected]>

* Update `util` to new `test` package import

Signed-off-by: joshvanl <[email protected]>

* Update go.sum

Signed-off-by: joshvanl <[email protected]>

---------

Signed-off-by: joshvanl <[email protected]>
Signed-off-by: Annu Singh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants