spire
spire copied to clipboard
spiffe
The SPIFFE Runtime Environment
``` --- FAIL: TestStreamSecrets (0.07s) --- FAIL: TestStreamSecrets/Unknown_resource (0.00s) handler_test.go:632: Error Trace: /home/runner/work/spire/spire/pkg/agent/endpoints/sdsv3/assertions.go:50 /home/runner/work/spire/spire/pkg/agent/endpoints/sdsv3/handler_test.go:632 Error: Status code="Internal" msg="malformed header: missing HTTP status; malformed header: missing HTTP content-type" does not match...
[Agent Debug GetInfo API definition](https://github.com/spiffe/spire-api-sdk/blob/27e2edf0882bd5ad3aaaa51f986dd53748772bdf/proto/spire/api/agent/debug/v1/debug.proto#L29-L30) The comment for the response field `svids_count` says: ``` // Number of SVIDs cached in memory int32 svids_count = 3; ``` There is no specificity...
## Issue Although spire supports json as a file format for server and agent configuration, it's not ergonomic to use. It gets parsed as the HCL equivalent which is quite...
Currently spire configuration supports storing the certificates/tokens in AWS KMS service. we would like to have a plugin with GCP KMS service since the workloads will be deployed/migrated to GCP...
When configuring SPIRE Agent to reach the kubelet over the secure port by setting `kubelet_secure_port`, the k8s WorkloadAttestor plugin requires usage of either an X.509 client certificate or a service...
Encountered the following test failure running the race tests in CI/CD on GH: ``` 2022/07/01 18:42:52 http: TLS handshake error from 127.0.0.1:46624: tls: client didn't provide a certificate 2022/07/01 18:42:52...
The following data race was discovered by the race tests running in GH: ``` ================= WARNING: DATA RACE Read at 0x00c0008923c8 by goroutine 65: github.com/spiffe/spire/pkg/common/bundleutil.(*Bundle).RootCAs() /home/runner/work/spire/spire/pkg/common/bundleutil/bundle.go:125 +0xdae github.com/spiffe/spire/pkg/agent/manager.TestSurvivesCARotation() /home/runner/work/spire/spire/pkg/agent/manager/manager_test.go:785 +0xd85...
Documentation and best practices on rotating the trust root CA used by spire-server are missing. Documentation on this matter would be great for ongoing maintenance and avoiding downtime. @azdagron and...
Current tests don't cover the `Run` function (in the server and in the agent) that runs the server and the agent. There are things like endpoints preparation (create / not...
go-spiffe now supports Named Pipes in gRPC target strings, since v2.1.1. This can simplify the current usage of named pipes in SPIRE through the go-spiffe library.