Dennis Gove
Dennis Gove
### Summary This ticket proposes enhancements to the authorization logic in the SPIRE server to support administration actions from a multitude of actor types, including people. It extends on #1975...
Fixes #2700 Depends on https://github.com/spiffe/spire-api-sdk/pull/29 This change adds support for X509 and JWT specific SVID TTLs in each of the following places * Default values in spire-server configuration. Similar to...
I'm attempting to follow the [README](https://github.com/theparanoids/crypki#usage) instructions to build the Docker image but am running into an error when`init_hsm.sh` executes. ```bash crypki $> docker build -f docker-softhsm/Dockerfile -t crypki-local ....
Sphero sells a device called [Sphero BOLT](https://sphero.com/products/sphero-bolt) which is similar (in appearance) to the SPRK+. However it appears that the Ollie driver code doesn't work with it. In particular, the...
This updates a link in the README file due to a branch rename in https://github.com/bloomberg/.github.
Integration tests should exist to test the usage of this plugin in a running Vault instance. Initial list of things that should be tested * Registering & enabling the plugin...
The plugin is designed to support multiple sources of trust used to verify SVIDs but currently the only implemented one is [TrustFileSource](https://github.com/bloomberg/vault-auth-spire/blob/develop/internal/common/trustfilesource.go). **Purpose**: Track the implementation of a `TrustSpireSource`. ####...
The project currently doesn't include any tests of individual methods / classes and should. Initial set of tests to add: * Settings file parsing * Loading invalid certificates from valid...
## Background Authentication using X509 SVIDs is a three-step process. 1. Prove client logging into Vault is the owner of the X509-SVID being passed in. 2. Prove the X509-SVID was...
The current implementation of [`SvidVerifier::Verify`](https://github.com/bloomberg/vault-auth-spire/blob/f2e20e33d85979aeb867a288d95d71efd0f541cf/internal/common/svidverifier.go#L49) assumes the SVID will be an [`x509-SVID`](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md) and doesn't consider the possibility of a [`JWT-SVID`](https://github.com/spiffe/spiffe/blob/master/standards/JWT-SVID.md). **Purpose**: This issue will track the discussion and implementation of...