cmd,internal,feature: add workload idenity support to gitops pusher
Add support for authenticating the gitops-pusher using workload identity federation. Updates https://github.com/tailscale/corp/issues/34172 Signed-off-by: Mario Minardi <mario@tailscale.com>
This commit is contained in:
Mario Minardi
committed by
Mario Minardi
Mario Minardi
parent
3e45e5b420
commit
4c37141ab7
@@ -9,11 +9,19 @@ import (
|
||||
"tailscale.com/feature"
|
||||
)
|
||||
|
||||
// HookResolveAuthKeyViaWIF resolves to [identityfederation.ResolveAuthKey] when the
|
||||
// HookResolveAuthKeyViaWIF resolves to [identityfederation.resolveAuthKey] when the
|
||||
// corresponding feature tag is enabled in the build process.
|
||||
//
|
||||
// baseURL is the URL of the control server used for token exchange and authkey generation.
|
||||
// clientID is the federated client ID used for token exchange, the format is <tailnet ID>/<oauth client ID>
|
||||
// clientID is the federated client ID used for token exchange
|
||||
// idToken is the Identity token from the identity provider
|
||||
// tags is the list of tags to be associated with the auth key
|
||||
var HookResolveAuthKeyViaWIF feature.Hook[func(ctx context.Context, baseURL, clientID, idToken string, tags []string) (string, error)]
|
||||
|
||||
// HookExchangeJWTForTokenViaWIF resolves to [identityfederation.exchangeJWTForToken] when the
|
||||
// corresponding feature tag is enabled in the build process.
|
||||
//
|
||||
// baseURL is the URL of the control server used for token exchange
|
||||
// clientID is the federated client ID used for token exchange
|
||||
// idToken is the Identity token from the identity provider
|
||||
var HookExchangeJWTForTokenViaWIF feature.Hook[func(ctx context.Context, baseURL, clientID, idToken string) (string, error)]
|
||||
|
||||
Reference in New Issue
Block a user