21 lines
941 B
Go
21 lines
941 B
Go
package main
|
|
|
|
// GovernanceNotifier implements the SPIRE Notifier plugin interface.
|
|
//
|
|
// SPIRE Server calls Notify() on credential lifecycle events. This plugin
|
|
// bridges those events into the Guildhouse governance framework:
|
|
//
|
|
// 1. Credential issued → CreateIntent(registry_type="credential", verb="issue")
|
|
// 2. Credential rotated → CreateIntent(registry_type="credential", verb="rotate")
|
|
// 3. Credential revoked → CreateIntent(registry_type="credential", verb="revoke")
|
|
//
|
|
// For each event, the plugin also constructs a MutationEnvelope containing
|
|
// the event payload (JCS-canonicalized) and submits the SHA-256 hash as a
|
|
// merkle leaf to the NotaryService for audit anchoring.
|
|
//
|
|
// See specs/credential-governance.md for the full specification.
|
|
type GovernanceNotifier struct {
|
|
// TODO: add fields
|
|
// - governance.Client for GovernanceService/CeremonyService/NotaryService
|
|
// - config for cluster ID, trust domain
|
|
}
|