Improve OIDCIssuer abstraction
#275
Comments
|
I definitely agree this is overdue for a refactor. This is leftover from when there were 2-3 options, and just keeps growing. I'd be happy to give feedback / discuss if you have ideas! |
|
Sweet, I'll give it a little thought and share a WIP PR or something if I brew up an idea. |
|
Drafted a proposal for this change here https://docs.google.com/document/d/1PKAou7wEmEob4VOLq6rFlx5maOM5hkJ3XffZizfwdFw/edit?usp=sharing. Looking for some eyeballs before diving in to implementing |
|
@nsmith5 Do you have an estimate as to the amount of work left for this refactor? Context is determining when to make a new release of Fulcio. |
|
Yup remaining work is as follows:
So maybe a week or two? |
|
Thanks. We'll likely cut the prerelease candidate from before this then, cherry-picking in any bug fixes. |
|
Closing as this has been wrapped up |
Description
To add an new class of oidc issuer (eg. spiffe, github workflow...) to fulcio requires touching a lot of different areas of the code base. Here are all the locations I can think of
I feel like these OIDC issuer types would be easier to test and probably easier to write if we make a interface for them all to obey and make the implementation details of each one abstracted from the rest of the code base.
Not sure what that interface would be. Has anyone gave this idea some thought already? It seems like at a high level, the issuers need to
The text was updated successfully, but these errors were encountered: