spiffe-workload 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/lib/spiffe/version.rb +1 -1
- data/lib/spiffe/workload/client.rb +4 -26
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9387f8ae1df01cf17f0511784b2417f69412d1b26022378ae8c624103eb65dd2
|
|
4
|
+
data.tar.gz: 72bbd6d4a9f4374d5fa1ec3bee65b28b3a58de799fb17fab72af773b8348c8fd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a2cc54182e4fa2ad8cc747282c01882afa055639eb190ae7cdfb3f973eac7903de8913d8c9f5d48ab6d3440b82a5e8eff9ba5167c08d4d8bb1a9f3ea4ebd02aa
|
|
7
|
+
data.tar.gz: 315c790f4e4f004cc61b75020faed2c0e78733908c52f9e675f7f69331d745230eda6994226e3fac9d14b5d2bf56dc2a9b174c50346e4cc03bd102c45a462ce3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,18 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.0.1] - 2026-02-09
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
- Add required security header 'workload.spiffe.io: true' to all Workload API calls
|
|
7
|
+
- Fixes "security header missing from request" error when fetching JWT SVIDs
|
|
8
|
+
- SPIRE Workload API requires this header for authentication over Unix domain sockets
|
|
9
|
+
|
|
10
|
+
## [1.0.0] - 2026-02-09
|
|
11
|
+
|
|
12
|
+
### Changed
|
|
13
|
+
- Initial public release on rubygems.org
|
|
14
|
+
- Production-ready SPIFFE Workload API client
|
|
15
|
+
|
|
3
16
|
## [0.1.0] - 2026-02-04
|
|
4
17
|
|
|
5
18
|
### Added
|
data/lib/spiffe/version.rb
CHANGED
|
@@ -73,7 +73,8 @@ module Spiffe
|
|
|
73
73
|
spiffe_id: spiffe_id || ''
|
|
74
74
|
)
|
|
75
75
|
|
|
76
|
-
|
|
76
|
+
# SPIRE requires this security header for workload API calls
|
|
77
|
+
metadata = { 'workload.spiffe.io' => 'true' }
|
|
77
78
|
response = stub.fetch_jwtsvid(request, metadata: metadata)
|
|
78
79
|
|
|
79
80
|
raise Spiffe::Error, 'No JWT SVID returned' if response.svids.empty?
|
|
@@ -152,29 +153,6 @@ module Spiffe
|
|
|
152
153
|
end
|
|
153
154
|
end
|
|
154
155
|
|
|
155
|
-
# Interceptor to add SPIRE security header to all requests
|
|
156
|
-
class SpireHeaderInterceptor < GRPC::ClientInterceptor
|
|
157
|
-
def request_response(request:, call:, method:, metadata:)
|
|
158
|
-
metadata['workload.spiffe.io'] = '1'
|
|
159
|
-
yield
|
|
160
|
-
end
|
|
161
|
-
|
|
162
|
-
def client_streamer(requests:, call:, method:, metadata:)
|
|
163
|
-
metadata['workload.spiffe.io'] = '1'
|
|
164
|
-
yield
|
|
165
|
-
end
|
|
166
|
-
|
|
167
|
-
def server_streamer(request:, call:, method:, metadata:)
|
|
168
|
-
metadata['workload.spiffe.io'] = '1'
|
|
169
|
-
yield
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
def bidi_streamer(requests:, call:, method:, metadata:)
|
|
173
|
-
metadata['workload.spiffe.io'] = '1'
|
|
174
|
-
yield
|
|
175
|
-
end
|
|
176
|
-
end
|
|
177
|
-
|
|
178
156
|
def stub
|
|
179
157
|
@stub ||= begin
|
|
180
158
|
# Create gRPC channel to Unix socket
|
|
@@ -222,7 +200,7 @@ module Spiffe
|
|
|
222
200
|
|
|
223
201
|
def stream_x509_svids
|
|
224
202
|
request = Spiffe::Workload::X509SVIDRequest.new
|
|
225
|
-
metadata = { 'workload.spiffe.io' => '
|
|
203
|
+
metadata = { 'workload.spiffe.io' => 'true' }
|
|
226
204
|
|
|
227
205
|
stub.fetch_x509_svid(request, metadata: metadata).each do |response|
|
|
228
206
|
process_x509_response(response)
|
|
@@ -272,7 +250,7 @@ module Spiffe
|
|
|
272
250
|
|
|
273
251
|
def stream_x509_bundles
|
|
274
252
|
request = Spiffe::Workload::X509BundlesRequest.new
|
|
275
|
-
metadata = { 'workload.spiffe.io' => '
|
|
253
|
+
metadata = { 'workload.spiffe.io' => 'true' }
|
|
276
254
|
|
|
277
255
|
stub.fetch_x509_bundles(request, metadata: metadata).each do |response|
|
|
278
256
|
process_x509_bundles_response(response)
|