Skip to content

Implement SPIFFE Broker Endpoint & API#6915

Draft
matheuscscp wants to merge 1 commit into
spiffe:mainfrom
matheuscscp:broker-api
Draft

Implement SPIFFE Broker Endpoint & API#6915
matheuscscp wants to merge 1 commit into
spiffe:mainfrom
matheuscscp:broker-api

Conversation

@matheuscscp
Copy link
Copy Markdown

@matheuscscp matheuscscp commented Apr 30, 2026
edited
Loading

This is a Work In Progress.

Reference implementation for spiffe/spiffe#340 arndt-s/spiffe#1

api-sdk PR: spiffe/spire-api-sdk#96 plugin-sdk PR: spiffe/spire-plugin-sdk#74

Pull Request check list

  • Commit conforms to CONTRIBUTING.md?
  • Proper tests/regressions included?
  • Documentation updated?

Affected functionality

Description of change

Which issue this PR fixes

Supersedes: #6594

This was referenced Apr 30, 2026
Closed
Closed
@matheuscscp
Copy link
Copy Markdown
Author

matheuscscp commented Apr 30, 2026

@arndt-s @amartinezfayo @MarcosDY @sorindumitru I spiked through the implementation, will add tests and docs after an initial review. PTAL 🙏

@matheuscscp matheuscscp mentioned this pull request May 3, 2026
Open
@matheuscscp
Copy link
Copy Markdown
Author

matheuscscp commented May 3, 2026

@sorindumitru I updated the PR according to the spire-plugin-sdk changes your requested (remove workloadattestorv2), PTAL 🙏

https://github.com/spiffe/spire/compare/1162ed0003f12d4b39bce24229b12fe2432a1101..66717590424544388b3ccd6baa08745d3f5df61f

arndt-s
arndt-s reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@arndt-s arndt-s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Structural-wise I believe this is looking good.

Comment thread conf/agent/agent_full.conf Outdated
Comment thread pkg/agent/broker/api/service.go Outdated
Comment thread pkg/agent/broker/endpoints.go Outdated
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go Outdated
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go Outdated
@matheuscscp
Copy link
Copy Markdown
Author

matheuscscp commented May 5, 2026

@arndt-s Addressed your first three comments here: https://github.com/spiffe/spire/compare/4973fcf5ee282081a3025b9c1faf68a06bd79368..cfe8a847be3432652de75e7aa386f5a68aa51700

@matheuscscp matheuscscp force-pushed the broker-api branch 2 times, most recently from e492e76 to 2a814e3 Compare May 6, 2026 12:00
sorindumitru
sorindumitru reviewed May 7, 2026
View reviewed changes
Comment thread cmd/spire-agent/cli/run/run.go Outdated
Comment thread cmd/spire-agent/cli/run/run.go
Comment thread conf/agent/agent_full.conf Outdated
Comment thread cmd/spire-agent/cli/run/run.go
Comment thread pkg/agent/attestor/node/result.go Outdated
Comment thread pkg/agent/attestor/workload/workload.go
Comment thread pkg/agent/broker/endpoints.go
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go
@matheuscscp matheuscscp force-pushed the broker-api branch 2 times, most recently from 0ba6010 to 97772d7 Compare May 8, 2026 00:11
amartinezfayo
amartinezfayo reviewed May 12, 2026
View reviewed changes
Comment thread pkg/agent/agent.go Outdated
Comment thread pkg/agent/broker/endpoints.go
Comment thread pkg/agent/broker/api/service.go Outdated
Comment thread pkg/agent/broker/endpoints.go
Comment thread pkg/agent/broker/api/service.go Outdated
Comment thread pkg/agent/broker/api/service.go
MarcosDY
MarcosDY reviewed May 13, 2026
View reviewed changes
Comment thread pkg/agent/broker/api/service.go
Comment thread pkg/agent/broker/api/service.go Outdated
Comment thread pkg/agent/broker/api/service.go Outdated
Comment thread pkg/agent/manager/cache/lru_cache.go
Comment thread pkg/agent/manager/manager.go
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go Outdated
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go Outdated
Comment thread pkg/agent/plugin/workloadattestor/k8s/k8s.go Outdated
@amartinezfayo amartinezfayo mentioned this pull request May 13, 2026
Open
@matheuscscp matheuscscp mentioned this pull request May 15, 2026
Open
@matheuscscp matheuscscp force-pushed the broker-api branch 9 times, most recently from 39cd713 to c4b0c6c Compare May 17, 2026 13:20
@matheuscscp matheuscscp force-pushed the broker-api branch 9 times, most recently from 7ed5c34 to fe96fc1 Compare May 17, 2026 15:53
@matheuscscp
Implement SPIFFE Broker Endpoint & API
b5dc6bf 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sorindumitru sorindumitru sorindumitru left review comments

@kfox1111 kfox1111 kfox1111 left review comments

@MarcosDY MarcosDY MarcosDY left review comments

@arndt-s arndt-s arndt-s left review comments

@amartinezfayo amartinezfayo amartinezfayo left review comments

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 will be requested when the pull request is marked ready for review evan2645 is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 will be requested when the pull request is marked ready for review rturner3 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@matheuscscp @sorindumitru @kfox1111 @MarcosDY @arndt-s @amartinezfayo