Skip to content

Commit

Permalink
Add preferred_ttl field to SVID.NewDownstreamX509CA
Browse files Browse the repository at this point in the history
This field will facilitate using the downstream CA TTL configuration as
a sane default for the downstream intermediate CA cert lifetime.

See SPIRE issue #5236.

Also removed an unused import.
  • Loading branch information
azdagron committed Jun 27, 2024
1 parent 967353a commit 05f0fac
Show file tree
Hide file tree
Showing 4 changed files with 71 additions and 57 deletions.
116 changes: 65 additions & 51 deletions proto/spire/api/server/svid/v1/svid.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions proto/spire/api/server/svid/v1/svid.proto
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,11 @@ message NewDownstreamX509CARequest {
// CSR is only used to convey the public key; other fields in the CSR are
// ignored. The X509-SVID attributes are determined by the downstream entry.
bytes csr = 1;

// Optional. The TTL preferred by the downstream SPIRE Server for the
// signed intermediate CA. If zero, the upstream SPIRE Server will use its
// own default.
int32 preferred_ttl = 2;
}

message NewDownstreamX509CAResponse {
Expand Down
5 changes: 1 addition & 4 deletions proto/spire/api/types/logger.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 0 additions & 2 deletions proto/spire/api/types/logger.proto
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ syntax = "proto3";
package spire.api.types;
option go_package = "github.com/spiffe/spire-api-sdk/proto/spire/api/types";

import "google/protobuf/wrappers.proto";

// The logger log levels.
enum LogLevel {
UNSPECIFIED = 0;
Expand Down

0 comments on commit 05f0fac

Please sign in to comment.