Tyler King
420a4e2ea0
Critical fixes: - F-01: SatScope array form support (single pointer → slice with polymorphic JSON) - F-02: Add governance-intent@guildhouse.dev as 10th Shellstream extension - F-06: Replace os.Exit(1) stubs with go-plugin Serve() boilerplate in all cmd/ - F-13: Validate SatScope.ResourcePattern is non-empty High priority: - F-03: Add normative Accord policy syntax note to credential-governance.md §8.2 - F-04: Replace OID XXXXX placeholder with explicit PEN reference and IANA TODO - F-05: Document CredentialComposer hook mapping in spec and plugin-types.md - F-07/F-08: Commit CI pipeline (.github/workflows/ci.yaml) - F-09: Add hashicorp/go-plugin v1.6.3 to go.mod Medium priority: - F-10: Wire sample-ssh-cert-extensions.json fixture into shellstream tests - F-11: Cross-reference merkle proof depth limit (256 leaves) in governance spec - F-12: Add YAML format clarification headers to deploy configs - F-14: Expand README with project status, docs links, and quick-start Low priority: - F-15: Standardize "SSH SVID" → "SSH-SVID" terminology across docs - F-16: Add GovernanceEpochSeconds to PluginConfig and deploy configs - F-17: Add troubleshooting section to deployment.md, error handling to OIDC docs Global: Rename all extension keys from @guildhouse.io to @guildhouse.dev Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
45 lines
1.5 KiB
Go
45 lines
1.5 KiB
Go
// Package config provides configuration loading for SPIRE plugins.
|
|
// SPIRE plugins receive configuration via HCL in the SPIRE server/agent config file.
|
|
package config
|
|
|
|
import (
|
|
"fmt"
|
|
)
|
|
|
|
// PluginConfig holds common configuration fields shared by all Guildhouse SPIRE plugins.
|
|
type PluginConfig struct {
|
|
// GovernanceAddr is the gRPC address of the GovernanceService.
|
|
GovernanceAddr string `hcl:"governance_addr"`
|
|
|
|
// CeremonyAddr is the gRPC address of the CeremonyService.
|
|
CeremonyAddr string `hcl:"ceremony_addr"`
|
|
|
|
// NotaryAddr is the gRPC address of the NotaryService.
|
|
NotaryAddr string `hcl:"notary_addr"`
|
|
|
|
// TrustDomain is the SPIFFE trust domain.
|
|
TrustDomain string `hcl:"trust_domain"`
|
|
|
|
// ClusterID identifies this cluster for notary anchoring.
|
|
ClusterID string `hcl:"cluster_id"`
|
|
|
|
// GovernanceEpochSeconds is the duration of a governance epoch in seconds.
|
|
// Controls how frequently merkle anchors are created. Must not exceed 256
|
|
// credential events per epoch (see shellstream merkle-proof depth limit).
|
|
// Default: 300 (5 minutes).
|
|
GovernanceEpochSeconds int `hcl:"governance_epoch_seconds"`
|
|
}
|
|
|
|
// Validate checks that required fields are present.
|
|
func (c *PluginConfig) Validate() error {
|
|
if c.TrustDomain == "" {
|
|
return fmt.Errorf("config: trust_domain is required")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// LoadFromHCL parses plugin configuration from HCL bytes.
|
|
// TODO: implement — use hashicorp/hcl to parse configuration.
|
|
func LoadFromHCL(data []byte) (*PluginConfig, error) {
|
|
return nil, fmt.Errorf("config: LoadFromHCL not yet implemented")
|
|
}
|