23 lines
1 KiB
Go
23 lines
1 KiB
Go
package main
|
|
|
|
// SSHCredentialComposer implements the SPIRE CredentialComposer plugin interface.
|
|
//
|
|
// This is a merged plugin that handles both SSH certificate generation and
|
|
// Shellstream extension injection. In SPIRE's model, CredentialComposer plugins
|
|
// can modify credentials during the minting pipeline.
|
|
//
|
|
// The plugin:
|
|
// - Creates an SSH user certificate with the SPIFFE ID as the primary principal
|
|
// - Embeds Shellstream @guildhouse.io extensions carrying governance metadata
|
|
// - Signs the certificate using the SSH CA key (from KeyManager)
|
|
// - Returns the certificate as part of the composed credential bundle
|
|
//
|
|
// This was originally designed as two separate plugins (ssh-svid-handler and
|
|
// shellstream-composer) but merged because both are CredentialComposer plugins
|
|
// performing conceptually one operation.
|
|
type SSHCredentialComposer struct {
|
|
// TODO: add fields
|
|
// - sshcert.Builder for certificate construction
|
|
// - governance.Client for fetching current governance state
|
|
// - config for trust domain, default TTL, etc.
|
|
}
|