Adding downstream support to CRD

[noxora]

Pull Request check list

• Commit conforms to CONTRIBUTING.md?
• Proper tests/regressions included?
• Documentation updated?

Affected functionality

This PR impacts the Spiffe ID CRD resource and the controller in charge of reconciling the Spiffe ID resource

Description of change

This PR adds a field to the CRD which allows the user to mark resource as a downstream entry.

Which issue this PR fixes

fixes #2886

[faisal-memon]

@noxora Can you update the README and add a section on using the new field? Or just a simple update to the SPIFFE ID Custom Resource Example section? https://github.com/spiffe/spire/blob/main/support/k8s/k8s-workload-registrar/mode-crd/README.md

[noxora]

@noxora Can you update the README and add a section on using the new field? Or just a simple update to the SPIFFE ID Custom Resource Example section? https://github.com/spiffe/spire/blob/main/support/k8s/k8s-workload-registrar/mode-crd/README.md

@faisal-memon I've gone ahead and added to the example, I don't think it's complicated enough to warrant its own section, since it's just adding a boolean field to the CRD, but it's a good idea to clarify that it's both optional and should default to false

Outside of that, I wanted to test my changes in an environment and make sure that there isn't a nil pointer exception because I'm worried about support/k8s/k8s-workload-registrar/mode-crd/api/spiffeid/v1beta1/spiffeid_types.go being nil and then attempting to set nil when creating the spiffeID

[faisal-memon]

Outside of that, I wanted to test my changes in an environment and make sure that there isn't a nil pointer exception because I'm worried about support/k8s/k8s-workload-registrar/mode-crd/api/spiffeid/v1beta1/spiffeid_types.go being nil and then attempting to set nil when creating the spiffeID

Are you worried the new field will be nil?

[faisal-memon]

The changes look good for manually created entries. Do we need a mechanism for auto-generated entries to have downstream set?

[noxora]

Yes, I was worried it would be nil. I don't think this change would impact auto-registration unless that needed to set downstream in the yaml. My other concerns were that there might be other behavior that needs to be updated that I hadn't addressed, since I don't know the entire system very well, just what I've read.

By manually created entries, do you mean those created with yaml files or those entered through a terminal on the server?

[noxora]

I wanted to followup and comment that I have had a chance to manually test this and it seems to work. I have linked my terminal's output for the test in slack. I can post it here as well as needed, but I am very confident this doesn't break existing functionality and adds the feature.

[azdagron]

\o/, thanks @noxora