feat(attestation): federated verification (#1825)

Signed-off-by: Miguel Martinez <[email protected]>

Author: migmartri

app/controlplane/cmd/wire.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2024 The Chainloop Authors.
+// Copyright 2024-2025 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -52,7 +52,7 @@ func wireApp(*conf.Bootstrap, credentials.ReaderWriter, log.Logger, sdk.Availabl
 			wire.Bind(new(biz.CASClient), new(*biz.CASClientUseCase)),
 			serviceOpts,
 			wire.Value([]biz.CASClientOpts{}),
-			wire.FieldsOf(new(*conf.Bootstrap), "Server", "Auth", "Data", "CasServer", "ReferrerSharedIndex", "Onboarding", "PrometheusIntegration", "PolicyProviders", "NatsServer", "CertificateAuthorities"),
+			wire.FieldsOf(new(*conf.Bootstrap), "Server", "Auth", "Data", "CasServer", "ReferrerSharedIndex", "Onboarding", "PrometheusIntegration", "PolicyProviders", "NatsServer", "CertificateAuthorities", "FederatedAuthentication"),
 			wire.FieldsOf(new(*conf.Data), "Database"),
 			dispatcher.New,
 			authz.NewDatabaseEnforcer,

app/controlplane/cmd/wire_gen.go

@@ -93,4 +93,8 @@ policy_providers:
     default: true
     url: http://localhost:8002/v1
 
-enable_profiler: true
+enable_profiler: true
+
+# federated_authentication:
+#   enabled: true
+#   url: http://localhost:8002/machine-identity/verify-token

app/controlplane/configs/config.devel.yaml

@@ -96,3 +96,9 @@ prometheus_integration:
   - org_name: "my-org"
 
 enable_profiler: true
+
+# Enable federated authentication during attestation process
+# This means that the controlplane will send the JWT token to a remote endpoint to verify it
+# federated_authentication:
+#   enabled: true
+#   url: http://localhost:8002/machine-identity/verify-token