Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

identity: Change (sophisticate) ServiceIdentity from a string to a struct{} so it can capture more context #3188

Closed
Tracked by #3701
draychev opened this issue Apr 16, 2021 · 3 comments
Closed
Tracked by #3701

identity: Change (sophisticate) ServiceIdentity from a string to a struct{} so it can capture more context #3188

draychev opened this issue Apr 16, 2021 · 3 comments
Labels
area/identity size/M 7 days (~1.5 week) stale

Comments

@draychev
Copy link
Contributor

draychev commented Apr 16, 2021
edited
Loading

This issue is to change (sophisticate) the ServiceIdentity type in pkg/identity from a string to a struct{} so it can capture more context.

As a string this relies on implied structure, form, separators etc. to capture context of service accounts, namespaces, trust domain etc. Changing this to a struct would allow us to not rely on parsing strings, but actually capturing this in properly typed fields of a struct.

Context: #3170 (comment)

This is a sub-task of #2218
@draychev draychev added the size/M 7 days (~1.5 week) label Apr 16, 2021
This was referenced Apr 16, 2021
Merged
Closed
@draychev draychev added this to the v0.10.0 milestone May 5, 2021
@shashankram shashankram mentioned this issue May 21, 2021
Closed
@draychev draychev mentioned this issue Jun 30, 2021
Closed
6 tasks
@allenlsy allenlsy self-assigned this Jul 6, 2021
@allenlsy allenlsy mentioned this issue Jul 6, 2021
Closed
@shashankram
Copy link
Member

shashankram commented Jul 7, 2021
edited
Loading

After the resolution of #3186, we no longer need to parse k8s primitives to construct the ServiceIdentity for a proxy. The ServiceIdentity is now encoded in the XDS bootstrap cert, and is derived using the GetServiceIdentityFromProxyCertificate() helper.

Thus, the only conversion necessary is when we want to retrieve the ServiceAccount from the ServiceIdentity, for which we already have identity.ToK8sServiceAccount().

In general, it makes sense to convert identity.ServiceIdentity to a struct if sophistication is needed, but I don't see that being necessary at the moment. Using a string type allows abstracting the identity, which in the future could hold a SPIFFE ID. This would not be possible if we start encoding k8s primitives in the ServiceIdentity type, without also tightly coupling ServiceIdentity to k8s primitives.

@draychev draychev modified the milestones: v0.10.0, vNext Aug 19, 2021
@allenlsy allenlsy removed their assignment Jan 25, 2022
@snehachhabria snehachhabria removed this from the vNext milestone Feb 2, 2022
@github-actions
Copy link

github-actions bot commented Apr 5, 2022

This issue will be closed due to a long period of inactivity. If you would like this issue to remain open then please comment or update.

@github-actions github-actions bot added the stale label Apr 5, 2022
@github-actions
Copy link

Issue closed due to inactivity.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/identity size/M 7 days (~1.5 week) stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@allenlsy @shashankram @draychev @snehachhabria