forked from spiffe/spire
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue spiffe#2700: Adds support for X509 and JWT specific SVID TTLs (s…
…piffe#3445) * Adds support for X509 and JWT specific SVID TTLs Fixes spiffe#2700 This change adds support for X509 and JWT specific SVID TTLs in each of the following places * Default values in spire-server configuration. Similar to the existing TTL value, if provided then it must be >= 0. A value of 0 is considered 'unset', meaning there is no default. * Entry records in the database and API During Entry creation and update * If the API call contains a non-zero X509SvidTtl value then that will be stored, else the config default x509SvidTtl value is used * If the API call contains a non-zero JWTSvidTtl value then that will stored, else the config default jwtSvidTtl value is used During X509-SVID creation * If the API call contains a non-zero TTL value then that is used, else * If the stored record contains a non-zero X509SvidTtl value then that will be used, else * If the stored record contains a non-zero TTL value then that will be used, * The hard-coded default X509SvidTTL value will be used During JWT-SVID creation * If the API call contains a non-zero TTL value then that is used, else * If the stored record contains a non-zero JWTSvidTtl value then that will be used, else * If the stored record contains a non-zero TTL value then that will be used, * The hard-coded default JWTSvidTTL value will be used X509SvidTtl and JwtSvidTtl will be considered during the following cases * All must be valid with-respect-to the configured CA TTL - they are all part of the min/max validation checks * Entry sorting now includes each of X509SvidTtl and JwtSvidTtl Signed-off-by: Dennis Gove <dgove1@bloomberg.net>
- Loading branch information
1 parent
b5240ec
commit 50ba284
Showing
39 changed files
with
1,606 additions
and
745 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.