Add tainted field to upstream authority messages (#39)

* Add tainted propagation to upstream authorities. Signed-off-by: Marcos Yacob <[email protected]>
spiffe · Sep 10, 2024 · c5bd211 · c5bd211
1 parent a2e5ba6
commit c5bd211
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 12 deletions.
diff --git a/proto/spire/plugin/types/jwtkey.pb.go b/proto/spire/plugin/types/jwtkey.pb.go
diff --git a/proto/spire/plugin/types/jwtkey.proto b/proto/spire/plugin/types/jwtkey.proto
@@ -12,4 +12,7 @@ message JWTKey {
     // When the key expires (seconds since Unix epoch). If zero, the key does
     // not expire.
     int64 expires_at = 3;
+
+    // Indicates if the key has been tainted. A tainted key is not safe to be used anymore.
+    bool tainted = 4;
 }
diff --git a/proto/spire/plugin/types/x509certificate.pb.go b/proto/spire/plugin/types/x509certificate.pb.go
diff --git a/proto/spire/plugin/types/x509certificate.proto b/proto/spire/plugin/types/x509certificate.proto
@@ -5,4 +5,7 @@ option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types
 message X509Certificate {
     // The ASN.1 DER encoded bytes of the X.509 certificate.
     bytes asn1 = 1;
+
+    // Indicates if the authority has been tainted. A tainted authority is not safe to be used anymore.
+    bool tainted = 2;
 }