Add types and RPCs for WIT-SVID #80
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sorindumitru
requested review from
MarcosDY,
amartinezfayo,
evan2645 and
rturner3
as code owners
sorindumitru
force-pushed
the
wit-svid
branch
from
4cd6952 to
b58591a
Compare
sorindumitru
force-pushed
the
wit-svid
branch
from
b58591a to
1db03ba
Compare
arndt-s
reviewed
Oct 27, 2025
| // Required. SPIFFE ID of the JWT-SVID. | ||
| spire.api.types.SPIFFEID id = 1; | ||
|
|
||
| // Required. Public key for the cnf claim. |
Member
There was a problem hiding this comment.
This should specify the encoding. I propose either JWK incl. private key or ASN1 DER.
arndt-s
reviewed
Oct 27, 2025
| // Required. The entry ID for the identity being requested. | ||
| string entry_id = 1; | ||
|
|
||
| // Required. The ASN.1 DER encoded Certificate Signing Request (CSR). The |
Member
There was a problem hiding this comment.
I don't think a CSR should be required for requesting a WIT. Similar to comment above I propose to just require the key itself (JWK or ASN DER)
sorindumitru
force-pushed
the
wit-svid
branch
3 times, most recently
from
192769c to
64018b1
Compare
3 tasks
sorindumitru
force-pushed
the
wit-svid
branch
2 times, most recently
from
e909332 to
65ac377
Compare
Member
amartinezfayo
left a comment
amartinezfayo
left a comment
There was a problem hiding this comment.
Thank you @sorindumitru for taking this on, and @arndt-s for the review!
I think it’s looking great, I just found a few copy-paste issues in the comments :)
|
|
||
|
|
||
| message BatchNewWITSVIDRequest { | ||
| // Required. One or more X509-SVID parameters for X509-SVID entries to |
Member
There was a problem hiding this comment.
Suggested change
| // Required. One or more X509-SVID parameters for X509-SVID entries to | |
| // Required. One or more WIT-SVID parameters for WIT-SVID entries to |
| // The status of creating the WIT-SVID. | ||
| spire.api.types.Status status = 1; | ||
|
|
||
| // The newly created X509-SVID. This will be set if the status is OK. |
Member
There was a problem hiding this comment.
Suggested change
| // The newly created X509-SVID. This will be set if the status is OK. | |
| // The newly created WIT-SVID. This will be set if the status is OK. |
| spire.api.types.WITSVID svid = 2; | ||
| } | ||
|
|
||
| // Result for each X509-SVID requested (order is maintained). |
Member
There was a problem hiding this comment.
Suggested change
| // Result for each X509-SVID requested (order is maintained). | |
| // Result for each WIT-SVID requested (order is maintained). |
proto/spire/api/types/witsvid.proto
Outdated
| // The serialized JWT token. | ||
| string token = 1; | ||
|
|
||
| // The SPIFFE ID of the JWT-SVID. |
Member
There was a problem hiding this comment.
Suggested change
| // The SPIFFE ID of the JWT-SVID. | |
| // The SPIFFE ID of the WIT-SVID. |
sorindumitru
force-pushed
the
wit-svid
branch
from
1d52fec to
17fa8e6
Compare
This contains the types and RPCs for some basic functionality for WIT-SVIDs to work. Extra functionality is required for UpstreamAuthority spire to function and for tainting and revoking keys. Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
sorindumitru
force-pushed
the
wit-svid
branch
from
17fa8e6 to
9c15297
Compare
sorindumitru
added a commit
to sorindumitru/spire-api-sdk
that referenced
this pull request
Dec 4, 2025
* Add types and RPCs for WIT-SVID This contains the types and RPCs for some basic functionality for WIT-SVIDs to work. Extra functionality is required for UpstreamAuthority spire to function and for tainting and revoking keys. Signed-off-by: Sorin Dumitru <sorin@returnze.ro> * Specify desired protoc_gen_go_version on install Signed-off-by: Sorin Dumitru <sorin@returnze.ro> * Also add local-authority APIs Signed-off-by: Sorin Dumitru <sorin@returnze.ro> * Fixup typos Signed-off-by: Sorin Dumitru <sorin@returnze.ro> * Some more typos Signed-off-by: Sorin Dumitru <sorin@returnze.ro> --------- Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
sorindumitru
added a commit
that referenced
this pull request
Dec 8, 2025
* Add types and RPCs for WIT-SVID This contains the types and RPCs for some basic functionality for WIT-SVIDs to work. Extra functionality is required for UpstreamAuthority spire to function and for tainting and revoking keys. * Specify desired protoc_gen_go_version on install * Also add local-authority APIs * Fixup typos * Some more typos --------- Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This contains the types and RPCs for some basic functionality for WIT-SVIDs to work. Extra functionality is required for UpstreamAuthority spire to function and for tainting and revoking keys.