spire icon indicating copy to clipboard operation
spire copied to clipboard
verified publisher icon spiffe

Organization List Feature in Server AWS Node Attester Plugin "aws_iid"

Open rushi47 opened this issue 1 year ago • 2 comments

Pull Request check list

  • [x] Commit conforms to CONTRIBUTING.md?
  • [x] Proper tests/regressions included?
  • [x] Documentation updated?

Affected functionality This PR adds new feature to AWS Node Attester Plugin. It's optional feature, if its enabled it provides additional check executed at very first step during node attestation. It verifies, if node's aws account id is part of AWS Organization or not. If it's not part of organization, attestation request will be rejected.

More on this feature can be read in the issue

Description of change

  • Adds new functionality in AWS Node Attester Plugin

Which issue this PR fixes Fixes : issue

rushi47 avatar Jan 26 '24 03:01 rushi47

Details about the feature are being discussed on : https://github.com/spiffe/spire/issues/4770

rushi47 avatar Feb 06 '24 20:02 rushi47

Thanks so much for this contribution @rushi47 ❤️

I took a pass on it and I think it will need one or two more. I started with some high level comments on config shape, docs, etc. I'll make another pass over the logic shortly

Thank you @evan2645 for review ❤️. I will wait for your review on logic as well, before I push new commits to resolve above comments.

rushi47 avatar Mar 14 '24 15:03 rushi47

Hello @MarcosDY Thank you so much for reviewing and adding comments. Will work on this changes.

rushi47 avatar Apr 08 '24 19:04 rushi47