Skip to content

Update to new specification implied by workload identity #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vishvananda merged 7 commits into from
Apr 2, 2025
Merged

Update to new specification implied by workload identity #9

vishvananda merged 7 commits into from
Apr 2, 2025

Conversation

@vishvananda
Copy link
Member

@vishvananda vishvananda commented Mar 30, 2025

This updates the factor "platform" and documentation in the following ways:

  1. Instead of exposing __REF__*_TOKEN it exposes a json representation of credentials as a *_CREDS json blob that looks like the following:
{
  "type": "oidc",
  "data": {
    "token": "file://path/to/default.token"
  }
}
  1. It allows for incoming identities to be specified in the environment as a *_CLIENT_CREDS json blob that looks like the following:
{
  "type": "oidc",
  "client_id": "default",
  "data": {
    "iss": "http://localhost:5000",
    "sub": "local",
    "aud": "default"
  }
}
  1. It uses X-Client-Id instead of X-Factor-Client-Id for the header representing the client id
  2. It allows for REJECT_UNKNOWN to be specified in the environment to control whether requests from unknown clients should be rejected with a 403 or passed through with no X-Client-Id header

@vishvananda vishvananda merged commit 5638ba4 into main Apr 2, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vishvananda