com.publicdomainrelay.temp.compute.config.wif.simple

johnandersen777.bsky.social

Documentation

Simple Workload Identity Federation parameters used by the requester to obtain a token authorized for the provider.

main record

Simple Workload Identity Federation parameters used by the requester to obtain a token authorized for the provider.

Record Key tid Timestamp-based ID

Properties

accept_path string Required

Path on disk to the

issuer_uri string Required

OIDC issuer URI, rfp actor configures their RBAC to trust this

subject string Required

The subject of tokens you request MUST follow this format.

to_issue string Required

The role of the token you will be issued within this compute providers RBAC, this role will allow for token exchange. You don't care about it unless you might be allowed to do other things. Inspect their RBAC policy if you care.

token_path string Required

Workload identity token which can be used with token issuance service for requesting subsequent tokens to talk to other services.

url_path string Required

Path on disk to file containing URL of token issuance service for requesting subsequent tokens from.

url_route string Required

The route against $(cat url_path) you can request new tokens from.

View raw schema 
{
  "key": "tid",
  "type": "record",
  "record": {
    "type": "object",
    "required": [
      "accept_path",
      "issuer_uri",
      "to_issue",
      "token_path",
      "url_path",
      "url_route",
      "subject"
    ],
    "properties": {
      "subject": {
        "type": "string",
        "description": "The subject of tokens you request MUST follow this format."
      },
      "to_issue": {
        "type": "string",
        "description": "The role of the token you will be issued within this compute providers RBAC, this role will allow for token exchange. You don't care about it unless you might be allowed to do other things. Inspect their RBAC policy if you care."
      },
      "url_path": {
        "type": "string",
        "description": "Path on disk to file containing URL of token issuance service for requesting subsequent tokens from."
      },
      "url_route": {
        "type": "string",
        "description": "The route against $(cat url_path) you can request new tokens from."
      },
      "issuer_uri": {
        "type": "string",
        "description": "OIDC issuer URI, rfp actor configures their RBAC to trust this"
      },
      "token_path": {
        "type": "string",
        "description": "Workload identity token which can be used with token issuance service for requesting subsequent tokens to talk to other services."
      },
      "accept_path": {
        "type": "string",
        "description": "Path on disk to the "
      }
    }
  },
  "description": "Simple Workload Identity Federation parameters used by the requester to obtain a token authorized for the provider."
}

Lexicon Garden

@