From d708a650f274f55e5abbb5bf1b29b84567793c19 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 15 Jan 2025 07:11:59 -0800 Subject: [PATCH 1/3] SPIFFE_ENDPOINT_SOCKET env suport for spire-agent Signed-off-by: Kevin Fox --- cmd/spire-agent/cli/common/defaults_posix.go | 19 +++++++++++++++++-- .../cli/common/defaults_windows.go | 19 +++++++++++++++++-- cmd/spire-agent/cli/run/run_posix.go | 2 +- cmd/spire-agent/cli/run/run_windows.go | 2 +- 4 files changed, 36 insertions(+), 6 deletions(-) diff --git a/cmd/spire-agent/cli/common/defaults_posix.go b/cmd/spire-agent/cli/common/defaults_posix.go index d28d8bde42..1cc33a13a4 100644 --- a/cmd/spire-agent/cli/common/defaults_posix.go +++ b/cmd/spire-agent/cli/common/defaults_posix.go @@ -2,9 +2,24 @@ package common +import ( + "os" +) + const ( - // DefaultSocketPath is the SPIRE agent's default socket path - DefaultSocketPath = "/tmp/spire-agent/public/api.sock" + // DefaultRunSocketPath is the SPIRE agent's default socket path + DefaultRunSocketPath = "/tmp/spire-agent/public/api.sock" // DefaultAdminSocketPath is the SPIRE agent's default admin socket path DefaultAdminSocketPath = "/tmp/spire-agent/private/admin.sock" ) + +// DefaultSocketPath is the SPIRE agent's default socket path +var DefaultSocketPath string + +func init() { + DefaultSocketPath = DefaultRunSocketPath + ses := os.Getenv("SPIFFE_ENDPOINT_SOCKET") + if ses != "" { + DefaultSocketPath = ses + } +} diff --git a/cmd/spire-agent/cli/common/defaults_windows.go b/cmd/spire-agent/cli/common/defaults_windows.go index 4ce4d2a1b4..a27cdcd0b1 100644 --- a/cmd/spire-agent/cli/common/defaults_windows.go +++ b/cmd/spire-agent/cli/common/defaults_windows.go @@ -2,9 +2,24 @@ package common +import ( + "os" +) + const ( - // DefaultNamedPipeName is the SPIRE agent's default named pipe name - DefaultNamedPipeName = "\\spire-agent\\public\\api" + // DefaultRunNamedPipeName is the SPIRE agent's default named pipe name + DefaultRunNamedPipeName = "\\spire-agent\\public\\api" // DefaultAdminNamedPipeName is the SPIRE agent's default admin named pipe name DefaultAdminNamedPipeName = "\\spire-agent\\private\\admin" ) + +// DefaultNamedPipeName is the SPIRE agent's default named pipe name +var DefaultNamedPipeName string + +func init() { + DefaultNamedPipeName = DefaultRunNamedPipeName + ses := os.Getenv("SPIFFE_ENDPOINT_SOCKET") + if ses != "" { + DefaultNamedPipeName = ses + } +} diff --git a/cmd/spire-agent/cli/run/run_posix.go b/cmd/spire-agent/cli/run/run_posix.go index 4c8ddd9d03..9f730d9330 100644 --- a/cmd/spire-agent/cli/run/run_posix.go +++ b/cmd/spire-agent/cli/run/run_posix.go @@ -22,7 +22,7 @@ func (c *agentConfig) addOSFlags(flags *flag.FlagSet) { } func (c *agentConfig) setPlatformDefaults() { - c.SocketPath = common.DefaultSocketPath + c.SocketPath = common.DefaultRunSocketPath } func (c *agentConfig) getAddr() (net.Addr, error) { diff --git a/cmd/spire-agent/cli/run/run_windows.go b/cmd/spire-agent/cli/run/run_windows.go index 015bbc3420..4c2b1df2c7 100644 --- a/cmd/spire-agent/cli/run/run_windows.go +++ b/cmd/spire-agent/cli/run/run_windows.go @@ -17,7 +17,7 @@ func (c *agentConfig) addOSFlags(flags *flag.FlagSet) { } func (c *agentConfig) setPlatformDefaults() { - c.Experimental.NamedPipeName = common.DefaultNamedPipeName + c.Experimental.NamedPipeName = common.DefaultRunNamedPipeName } func (c *agentConfig) getAddr() (net.Addr, error) { From 6b528207479c0b3e77909151eb945d7ba635dd68 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 31 Jan 2025 14:53:18 -0800 Subject: [PATCH 2/3] Parse out entrypoint names Signed-off-by: Kevin Fox --- cmd/spire-agent/cli/common/defaults_posix.go | 15 +++++++++++- .../cli/common/defaults_windows.go | 8 ++++++- go.mod | 10 ++++---- go.sum | 24 +++++++++---------- 4 files changed, 38 insertions(+), 19 deletions(-) diff --git a/cmd/spire-agent/cli/common/defaults_posix.go b/cmd/spire-agent/cli/common/defaults_posix.go index 1cc33a13a4..cf16baa826 100644 --- a/cmd/spire-agent/cli/common/defaults_posix.go +++ b/cmd/spire-agent/cli/common/defaults_posix.go @@ -3,7 +3,11 @@ package common import ( + "fmt" + "net/url" "os" + + "github.com/spiffe/go-spiffe/v2/workloadapi" ) const ( @@ -20,6 +24,15 @@ func init() { DefaultSocketPath = DefaultRunSocketPath ses := os.Getenv("SPIFFE_ENDPOINT_SOCKET") if ses != "" { - DefaultSocketPath = ses + var err error + ses, err = workloadapi.TargetFromAddress(ses) + if err != nil { + panic(err) + } + u, err := url.Parse(ses) + if u.Scheme != "unix" { + panic(fmt.Sprintf("Unsupported scheme: %s", u.Scheme)) + } + DefaultSocketPath = u.Path } } diff --git a/cmd/spire-agent/cli/common/defaults_windows.go b/cmd/spire-agent/cli/common/defaults_windows.go index a27cdcd0b1..57da7a5ee4 100644 --- a/cmd/spire-agent/cli/common/defaults_windows.go +++ b/cmd/spire-agent/cli/common/defaults_windows.go @@ -4,6 +4,8 @@ package common import ( "os" + + "github.com/spiffe/go-spiffe/v2/workloadapi" ) const ( @@ -20,6 +22,10 @@ func init() { DefaultNamedPipeName = DefaultRunNamedPipeName ses := os.Getenv("SPIFFE_ENDPOINT_SOCKET") if ses != "" { - DefaultNamedPipeName = ses + var err error + DefaultNamedPipeName, err = workloadapi.TargetFromAddress(ses) + if err != nil { + panic(err) + } } } diff --git a/go.mod b/go.mod index 8fc39df4a1..e37ea3058a 100644 --- a/go.mod +++ b/go.mod @@ -71,7 +71,7 @@ require ( github.com/sigstore/rekor v1.3.8 github.com/sigstore/sigstore v1.8.12 github.com/sirupsen/logrus v1.9.3 - github.com/spiffe/go-spiffe/v2 v2.4.0 + github.com/spiffe/go-spiffe/v2 v2.5.0 github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a github.com/spiffe/spire-plugin-sdk v1.4.4-0.20240701180828-594312f4444d github.com/stretchr/testify v1.10.0 @@ -85,7 +85,7 @@ require ( golang.org/x/time v0.9.0 google.golang.org/api v0.217.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 - google.golang.org/grpc v1.69.4 + google.golang.org/grpc v1.70.0 google.golang.org/protobuf v1.36.3 k8s.io/api v0.32.1 k8s.io/apimachinery v0.32.1 @@ -96,7 +96,7 @@ require ( ) require ( - cel.dev/expr v0.18.0 // indirect + cel.dev/expr v0.19.0 // indirect cloud.google.com/go v0.116.0 // indirect cloud.google.com/go/auth v0.14.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect @@ -284,14 +284,14 @@ require ( go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.31.0 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect go.opentelemetry.io/otel v1.33.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/sdk v1.33.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.31.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect diff --git a/go.sum b/go.sum index cab68b43e6..f41fc49b99 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= -cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +cel.dev/expr v0.19.0 h1:lXuo+nDhpyJSpWxpPVi5cPUwzKb+dsdOiw6IreM5yt0= +cel.dev/expr v0.19.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -869,8 +869,8 @@ github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0kt github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= -github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.3 h1:oDTdz9f5VGVVNGu/Q7UXKWYsD0873HXLHdJUNBsSEKM= +github.com/golang/glog v1.2.3/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1397,8 +1397,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk= -github.com/spiffe/go-spiffe/v2 v2.4.0 h1:j/FynG7hi2azrBG5cvjRcnQ4sux/VNj8FAVc99Fl66c= -github.com/spiffe/go-spiffe/v2 v2.4.0/go.mod h1:m5qJ1hGzjxjtrkGHZupoXHo/FDWwCB1MdSyBzfHugx0= +github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= +github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a h1:z4A5TA8JKmXQirhOfSv45mjo1DEtmpWH/VJW+uidGQA= github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI= github.com/spiffe/spire-plugin-sdk v1.4.4-0.20240701180828-594312f4444d h1:Upcyq8u1aWFHTQSEskwxBE2PehobpY+M21LXXDS/mPw= @@ -1492,8 +1492,8 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/detectors/gcp v1.31.0 h1:G1JQOreVrfhRkner+l4mrGxmfqYCAuy76asTDAo0xsA= -go.opentelemetry.io/contrib/detectors/gcp v1.31.0/go.mod h1:tzQL6E1l+iV44YFTkcAeNQqzXUiekSYP9jjJjXwEd00= +go.opentelemetry.io/contrib/detectors/gcp v1.32.0 h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8= +go.opentelemetry.io/contrib/detectors/gcp v1.32.0/go.mod h1:TVqo0Sda4Cv8gCIixd7LuLwW4EylumVWfhjZJjDD4DU= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= @@ -1512,8 +1512,8 @@ go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5W go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= -go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= -go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= +go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -2133,8 +2133,8 @@ google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A= -google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= +google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 837f455821d4a63c427beb1b650f8e02c05a1593 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 31 Jan 2025 16:06:21 -0800 Subject: [PATCH 3/3] Fix lint Signed-off-by: Kevin Fox --- cmd/spire-agent/cli/common/defaults_posix.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/spire-agent/cli/common/defaults_posix.go b/cmd/spire-agent/cli/common/defaults_posix.go index cf16baa826..17569564b3 100644 --- a/cmd/spire-agent/cli/common/defaults_posix.go +++ b/cmd/spire-agent/cli/common/defaults_posix.go @@ -29,7 +29,7 @@ func init() { if err != nil { panic(err) } - u, err := url.Parse(ses) + u, _ := url.Parse(ses) if u.Scheme != "unix" { panic(fmt.Sprintf("Unsupported scheme: %s", u.Scheme)) }