IBM/trusted-service-identity

Issues

• Documentation for Split Images

  #163 opened 2 years ago by mrsabath
  0

• Issue deploying Tornjak Helm chart with Minikube

  #162 opened 2 years ago by maia-iyer
  0

• Evaluate the replacement of the Workload Registrar with the Controller Manager

  #161 opened 2 years ago by mrsabath
  0

• Workload Registrar deprecated; need to migrate to SPIRE Controller Manager

  #156 opened 2 years ago by mrsabath
  0

• Updated documentation is needed for configuring User Managment option

  #154 opened 2 years ago by mrsabath
  0

• Error running OIDC with SPIRE 1.3.5

  #149 opened 2 years ago by mrsabath
  1

• OpenShift install - deprecated code

  #148 opened 2 years ago by mrsabath
  0

• Our demo breaks as AWS mandates using region

  #147 opened 2 years ago by mrsabath
  1

• crd logic

  #144 opened 2 years ago by kfox1111
  6

• Preserve the resource if already exists.

  #128 opened 2 years ago by mrsabath
  0

• Migrate to the new docker hub `tsidentity`

  #80 opened 2 years ago by mrsabath
  0

• OIDC error when upgrading to SPIRE 1.2.0

  #126 opened 3 years ago by mrsabath
  0

• Testing SPIRE sidecar

  #125 opened 3 years ago by mrsabath
  0

• Use public Vault image for examples

  #124 opened 3 years ago by mrsabath
  0

• Update the Helm charts files to comply with new Best Practices.

  #117 opened 3 years ago by mrsabath
  0

• Introduce a way to configure helm charts with custom metadata endpoints.

  #116 opened 3 years ago by mrsabath
  0

• Allow specifying identity template format in Helm `values.yaml`

  #115 opened 3 years ago by mrsabath
  0

• Remove temporary Tornjak image

  #113 opened 3 years ago by mrsabath
  0

• "The `service_account_whitelist` configurable is deprecated

  #112 opened 3 years ago by mrsabath
  0

• Vault security alert

  #109 opened 3 years ago by mrsabath
  0

• Evaluate NodeAttestors configuration (aws_iid, azure_msi, etc)

  #107 opened 3 years ago by mrsabath
  0

• Upgrade to SPIRE 1.0.x

  #105 opened 3 years ago by mrsabath
  0

• Deprecated CustomResourceDefinition in 1.16

  #106 opened 3 years ago by mrsabath
  0

• Need to add PRs that merge with `spire-master` to automated testing.

  #91 opened 3 years ago by mrsabath
  0

• Error handling short-circuit failure for bash scripts

  #89 opened 3 years ago by lumjjb
  0

• Create entry for the workload registrar with only one SPIRE agent

  #88 opened 3 years ago by mrsabath
  0

• Errors while testing - temporarily suppress the error

  #86 opened 3 years ago by mrsabath
  1

• Review JSS libraries that use outdated crypto

  #87 opened 3 years ago by mrsabath
  0

• Testing failures

  #83 opened 4 years ago by mrsabath
  0

• Test files require update to accommodate recent changes

  #77 opened 4 years ago by mrsabath
  1

• Update cryptography to 3.2 and python to =< 3

  #75 opened 4 years ago by mrsabath
  0

• gen-jwt.py flags need to be updated

  #70 opened 4 years ago by lumjjb
  0

• Consistent sorting of pod images.

  #67 opened 4 years ago by mrsabath
  0

• To prevent CMD modification, add it to workload identity (claims)

  #64 opened 4 years ago by mrsabath
  0

• K8s Jobs never complete with TSI

  #61 opened 4 years ago by mrsabath
  2

• Suggestion: move the sidecar work into container-init, so the secret is done only once, per lifetime of the pod

  #58 opened 4 years ago by mrsabath
  1

• Move certain parameters from helm parameter to a configmap

  #60 opened 4 years ago by lumjjb
  0

• IKS installation on 1.17.7 fails

  #52 opened 4 years ago by mrsabath
  1

• Open-Shift install script does not start on CRC standalone

  #56 opened 4 years ago by mrsabath
  1

• Design a process for securely adding and removing worker nodes into the cluster

  #55 opened 4 years ago by mrsabath
  0

• Jss-server doesn't work with Open-Shift install

  #54 opened 4 years ago by mrsabath
  0

• Initialize helm as a part of the namespace-init, or cleanup

  #53 opened 4 years ago by mrsabath
  0

• Change the JSS error code for incorrect claims.

  #48 opened 4 years ago by mrsabath
  1

• The utility secret-maker.sh needs to support pods with multiple images

  #49 opened 4 years ago by mrsabath
  0

• Extend CSR with x509v3 extended attribute fields for arrbitrary vaules

  #30 opened 4 years ago by mrsabath
  1

• Once active the Webhook prevents the JSS daemonset from being recreated

  #38 opened 4 years ago by mrsabath
  1

• Claims validation should include root CA subject alt names

  #37 opened 4 years ago by lumjjb
  0

• Since we don't support Helm v3 yet, check the client version

  #34 opened 4 years ago by mrsabath
  0

• Move all the run-time measurements into the sidecar

  #33 opened 4 years ago by mrsabath
  0

• Revoked keys should be removed by the sidecar from the container

  #32 opened 4 years ago by mrsabath
  0