Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make all oidc-token-verifier parameters configurable #11000

Open
3 tasks
dekiel opened this issue Jun 12, 2024 · 2 comments
Open
3 tasks

Make all oidc-token-verifier parameters configurable #11000

dekiel opened this issue Jun 12, 2024 · 2 comments
Labels
area/ci Issues or PRs related to CI related topics image-builder lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. oidc-token-verifier

Comments

@dekiel
Copy link
Contributor

dekiel commented Jun 12, 2024

Description

oidc-token-verifier checks the value of job_workflow_ref claim against an expected trusted workflow value. The expected workflow value is hardcoded along with trusted issuer data. These configuration data should be provided as flags or configuration file. The same approach must be applied for supported signing algorithms.

The configuration must allow providing multiple values.

Reasons

Hardcoding configuration values together with code is an anti pattern. It's not flexible and doesn't allow to use a tool for multiple use cases without code change.

Acceptance Criteria

  • The configuration data can be provided as a config file.
  • The configuration data can be provided as flag when reasonable.
  • Token verifier usage in oci-image-builder is updated to use a new way.
@dekiel dekiel added area/ci Issues or PRs related to CI related topics image-builder oidc-token-verifier labels Jun 12, 2024
@dekiel
Copy link
Contributor Author

dekiel commented Jun 12, 2024

We should consider creating a separate issue for updating the usage in oci-image-builder for better estimation.

Copy link

This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ci Issues or PRs related to CI related topics image-builder lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. oidc-token-verifier
Projects
None yet
Development

No branches or pull requests

1 participant