21 lines
689 B
Go
21 lines
689 B
Go
// OIDC Attestor — SPIRE WorkloadAttestor plugin.
|
|
//
|
|
// Runs in SPIRE Agent. Verifies OIDC tokens presented by workloads
|
|
// and maps their claims to SPIRE selectors for registration matching.
|
|
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
func main() {
|
|
// TODO: wire up go-plugin serve with SPIRE WorkloadAttestor interface
|
|
// The plugin will:
|
|
// 1. Receive a workload PID from SPIRE Agent
|
|
// 2. Read the workload's OIDC token (from filesystem or environment)
|
|
// 3. Verify the token using pkg/oidc
|
|
// 4. Return selectors: oidc:sub:<subject>, oidc:iss:<issuer>, oidc:email:<email>
|
|
fmt.Fprintln(os.Stderr, "oidc-attestor: SPIRE WorkloadAttestor plugin (not yet implemented)")
|
|
os.Exit(1)
|
|
}
|