*: developer machine HSPKI credentials
In addition to k8s certificates, prodaccess now issues HSPKI
certificates, with DN=$username.sso.hswaw.net. These are installed into
XDG_CONFIG_HOME (or os equiv).
//go/pki will now automatically attempt to load these certificates. This
means you can now run any pki-dependant tool with -hspki_disable, and
with automatic mTLS!
Change-Id: I5b28e193e7c968d621bab0d42aabd6f0510fed6d
diff --git a/cluster/prodvider/BUILD.bazel b/cluster/prodvider/BUILD.bazel
index 14690b7..c15ab66 100644
--- a/cluster/prodvider/BUILD.bazel
+++ b/cluster/prodvider/BUILD.bazel
@@ -5,6 +5,7 @@
name = "go_default_library",
srcs = [
"certs.go",
+ "hspki.go",
"kubernetes.go",
"main.go",
"service.go",
@@ -15,6 +16,7 @@
"//cluster/prodvider/proto:go_default_library",
"@com_github_cloudflare_cfssl//config:go_default_library",
"@com_github_cloudflare_cfssl//csr:go_default_library",
+ "@com_github_cloudflare_cfssl//helpers:go_default_library",
"@com_github_cloudflare_cfssl//signer:go_default_library",
"@com_github_cloudflare_cfssl//signer/local:go_default_library",
"@com_github_golang_glog//:go_default_library",
@@ -59,6 +61,6 @@
image = ":runtime",
format = "Docker",
registry = "registry.k0.hswaw.net",
- repository = "cluster/prodvider",
+ repository = "q3k/prodvider",
tag = "{BUILD_TIMESTAMP}-{STABLE_GIT_COMMIT}",
)