spiffe · kfox1111 · Jan 15, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 25, 2025
@@ -2,9 +2,37 @@
 
 package common
 
+import (
+	"fmt"
+	"net/url"
+	"os"
+
+	"github.com/spiffe/go-spiffe/v2/workloadapi"
+)
+
 const (
-	// DefaultSocketPath is the SPIRE agent's default socket path
-	DefaultSocketPath = "/tmp/spire-agent/public/api.sock"
+	// DefaultRunSocketPath is the SPIRE agent's default socket path
+	DefaultRunSocketPath = "/tmp/spire-agent/public/api.sock"
 	// DefaultAdminSocketPath is the SPIRE agent's default admin socket path
 	DefaultAdminSocketPath = "/tmp/spire-agent/private/admin.sock"
 )
+
+// DefaultSocketPath is the SPIRE agent's default socket path
+var DefaultSocketPath string
+
+func init() {
+	DefaultSocketPath = DefaultRunSocketPath
+	ses := os.Getenv("SPIFFE_ENDPOINT_SOCKET")
+	if ses != "" {
+		var err error
+		ses, err = workloadapi.TargetFromAddress(ses)
+		if err != nil {
+			panic(err)
+		}
+		u, _ := url.Parse(ses)
+		if u.Scheme != "unix" {
+			panic(fmt.Sprintf("Unsupported scheme: %s", u.Scheme))
+		}
+		DefaultSocketPath = u.Path
+	}
+}
@@ -2,9 +2,30 @@
 
 package common
 
+import (
+	"os"
+
+	"github.com/spiffe/go-spiffe/v2/workloadapi"
+)
+
 const (
-	// DefaultNamedPipeName is the SPIRE agent's default named pipe name
-	DefaultNamedPipeName = "\\spire-agent\\public\\api"
+	// DefaultRunNamedPipeName is the SPIRE agent's default named pipe name
+	DefaultRunNamedPipeName = "\\spire-agent\\public\\api"
 	// DefaultAdminNamedPipeName is the SPIRE agent's default admin named pipe name
 	DefaultAdminNamedPipeName = "\\spire-agent\\private\\admin"
 )
+
+// DefaultNamedPipeName is the SPIRE agent's default named pipe name
+var DefaultNamedPipeName string
+
+func init() {
+	DefaultNamedPipeName = DefaultRunNamedPipeName
+	ses := os.Getenv("SPIFFE_ENDPOINT_SOCKET")
+	if ses != "" {
+		var err error
+		DefaultNamedPipeName, err = workloadapi.TargetFromAddress(ses)
+		if err != nil {
+			panic(err)
+		}
+	}
+}
@@ -22,7 +22,7 @@ func (c *agentConfig) addOSFlags(flags *flag.FlagSet) {
 }
 
 func (c *agentConfig) setPlatformDefaults() {
-	c.SocketPath = common.DefaultSocketPath
+	c.SocketPath = common.DefaultRunSocketPath
 }
 
 func (c *agentConfig) getAddr() (net.Addr, error) {

@@ -17,7 +17,7 @@ func (c *agentConfig) addOSFlags(flags *flag.FlagSet) {
 }
 
 func (c *agentConfig) setPlatformDefaults() {
-	c.Experimental.NamedPipeName = common.DefaultNamedPipeName
+	c.Experimental.NamedPipeName = common.DefaultRunNamedPipeName
 }
 
 func (c *agentConfig) getAddr() (net.Addr, error) {

@@ -71,7 +71,7 @@ require (
 	github.com/sigstore/rekor v1.3.9
 	github.com/sigstore/sigstore v1.8.12
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spiffe/go-spiffe/v2 v2.4.0
+	github.com/spiffe/go-spiffe/v2 v2.5.0
 	github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a
 	github.com/spiffe/spire-plugin-sdk v1.4.4-0.20240701180828-594312f4444d
 	github.com/stretchr/testify v1.10.0

@@ -1397,8 +1397,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
 github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
 github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk=
-github.com/spiffe/go-spiffe/v2 v2.4.0 h1:j/FynG7hi2azrBG5cvjRcnQ4sux/VNj8FAVc99Fl66c=
-github.com/spiffe/go-spiffe/v2 v2.4.0/go.mod h1:m5qJ1hGzjxjtrkGHZupoXHo/FDWwCB1MdSyBzfHugx0=
+github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE=
+github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g=
 github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a h1:z4A5TA8JKmXQirhOfSv45mjo1DEtmpWH/VJW+uidGQA=
 github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI=
 github.com/spiffe/spire-plugin-sdk v1.4.4-0.20240701180828-594312f4444d h1:Upcyq8u1aWFHTQSEskwxBE2PehobpY+M21LXXDS/mPw=