Skip to content

add trust domain to meshconfig#697

Merged
istio-testing merged 3 commits intoistio:masterfrom
quanjielin:quanlintd1107
Nov 7, 2018
Merged

add trust domain to meshconfig#697
istio-testing merged 3 commits intoistio:masterfrom
quanjielin:quanlintd1107

Conversation

@quanjielin
Copy link
Copy Markdown
Contributor

@quanjielin quanjielin commented Nov 7, 2018

istio/istio#9035

later pilot needs to read meshconfig.trustdomain to construct secure naming

@googlebot googlebot added the cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. label Nov 7, 2018
wattli
wattli approved these changes Nov 7, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@wattli wattli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Nov 7, 2018

@wattli: changing LGTM is restricted to assignees, and only istio/api repo collaborators may be assigned issues.

Details

In response to this:

/lgtm
/approve

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@quanjielin
Copy link
Copy Markdown
Contributor Author

quanjielin commented Nov 7, 2018

/cc @diemtvu for api owner approval.

@quanjielin quanjielin mentioned this pull request Nov 7, 2018
Merged
diemtvu
diemtvu reviewed Nov 7, 2018
View reviewed changes
mesh/v1alpha1/config.proto
bool enable_sds_token_mount = 23;

// The trust domain corresponds to the trust root of a system.
// Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
Copy link
Copy Markdown
Contributor

@diemtvu diemtvu Nov 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the expected behavior if this is not set?

Copy link
Copy Markdown
Contributor Author

@quanjielin quanjielin Nov 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add comment // Fallback to old identity format(without trust domain) if not set.

@diemtvu
Copy link
Copy Markdown
Contributor

diemtvu commented Nov 7, 2018

/lgtm
/approve

@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Nov 7, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: diemtvu, quanjielin, wattli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@istio-testing istio-testing merged commit 11e496c into istio:master Nov 7, 2018
@quanjielin quanjielin deleted the quanlintd1107 branch November 7, 2018 22:22
@rshriram rshriram mentioned this pull request Nov 14, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geeknoid geeknoid Awaiting requested review from geeknoid

@mandarjog mandarjog Awaiting requested review from mandarjog

2 more reviewers

@diemtvu diemtvu diemtvu left review comments

@wattli wattli wattli approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@diemtvu diemtvu

Labels

cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@quanjielin @istio-testing @diemtvu @wattli @googlebot