From b76b9c19716f724f94e20d740c07fe4e6e842db7 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Mon, 26 Jun 2023 15:49:20 -0300 Subject: [PATCH 01/13] Adds plugin support and a simple plugin as example. Signed-off-by: JU4N98 --- go.mod | 2 +- pkg/plugin/plugin.pb.go | 209 ++++++++++++++++++++ pkg/plugin/plugin_grpc.pb.go | 109 ++++++++++ pkg/plugin/simple-example/simple-example.go | 41 ++++ pkg/sidecar/config.go | 13 +- pkg/sidecar/sidecar.go | 43 ++++ proto/plugin/plugin.proto | 14 ++ 7 files changed, 423 insertions(+), 8 deletions(-) create mode 100644 pkg/plugin/plugin.pb.go create mode 100644 pkg/plugin/plugin_grpc.pb.go create mode 100644 pkg/plugin/simple-example/simple-example.go create mode 100644 proto/plugin/plugin.proto diff --git a/go.mod b/go.mod index f2cf1b61..ee94c350 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/stretchr/testify v1.8.4 golang.org/x/sys v0.15.0 google.golang.org/grpc v1.60.1 + google.golang.org/protobuf v1.31.0 ) require google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect @@ -26,6 +27,5 @@ require ( golang.org/x/net v0.16.0 // indirect golang.org/x/text v0.13.0 // indirect golang.org/x/tools v0.6.0 // indirect - google.golang.org/protobuf v1.31.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/pkg/plugin/plugin.pb.go b/pkg/plugin/plugin.pb.go new file mode 100644 index 00000000..27dcb8ab --- /dev/null +++ b/pkg/plugin/plugin.pb.go @@ -0,0 +1,209 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc v3.12.4 +// source: plugin.proto + +package plugin + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Empty struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *Empty) Reset() { + *x = Empty{} + if protoimpl.UnsafeEnabled { + mi := &file_plugin_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Empty) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Empty) ProtoMessage() {} + +func (x *Empty) ProtoReflect() protoreflect.Message { + mi := &file_plugin_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Empty.ProtoReflect.Descriptor instead. +func (*Empty) Descriptor() ([]byte, []int) { + return file_plugin_proto_rawDescGZIP(), []int{0} +} + +type ConfigsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Configs map[string]string `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *ConfigsRequest) Reset() { + *x = ConfigsRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_plugin_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConfigsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConfigsRequest) ProtoMessage() {} + +func (x *ConfigsRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConfigsRequest.ProtoReflect.Descriptor instead. +func (*ConfigsRequest) Descriptor() ([]byte, []int) { + return file_plugin_proto_rawDescGZIP(), []int{1} +} + +func (x *ConfigsRequest) GetConfigs() map[string]string { + if x != nil { + return x.Configs + } + return nil +} + +var File_plugin_proto protoreflect.FileDescriptor + +var file_plugin_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, + 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, + 0x8b, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32, 0x46, 0x0a, + 0x0c, 0x53, 0x70, 0x69, 0x66, 0x66, 0x65, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x36, 0x0a, + 0x0b, 0x50, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x16, 0x2e, 0x70, + 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0d, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x45, 0x6d, + 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x12, 0x5a, 0x10, 0x2e, 0x2e, 0x2f, 0x2e, 0x2e, 0x2f, 0x70, + 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, +} + +var ( + file_plugin_proto_rawDescOnce sync.Once + file_plugin_proto_rawDescData = file_plugin_proto_rawDesc +) + +func file_plugin_proto_rawDescGZIP() []byte { + file_plugin_proto_rawDescOnce.Do(func() { + file_plugin_proto_rawDescData = protoimpl.X.CompressGZIP(file_plugin_proto_rawDescData) + }) + return file_plugin_proto_rawDescData +} + +var file_plugin_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_plugin_proto_goTypes = []interface{}{ + (*Empty)(nil), // 0: plugin.Empty + (*ConfigsRequest)(nil), // 1: plugin.ConfigsRequest + nil, // 2: plugin.ConfigsRequest.ConfigsEntry +} +var file_plugin_proto_depIdxs = []int32{ + 2, // 0: plugin.ConfigsRequest.configs:type_name -> plugin.ConfigsRequest.ConfigsEntry + 1, // 1: plugin.SpiffeHelper.PostConfigs:input_type -> plugin.ConfigsRequest + 0, // 2: plugin.SpiffeHelper.PostConfigs:output_type -> plugin.Empty + 2, // [2:3] is the sub-list for method output_type + 1, // [1:2] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_plugin_proto_init() } +func file_plugin_proto_init() { + if File_plugin_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_plugin_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Empty); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_plugin_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConfigsRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_plugin_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_proto_goTypes, + DependencyIndexes: file_plugin_proto_depIdxs, + MessageInfos: file_plugin_proto_msgTypes, + }.Build() + File_plugin_proto = out.File + file_plugin_proto_rawDesc = nil + file_plugin_proto_goTypes = nil + file_plugin_proto_depIdxs = nil +} diff --git a/pkg/plugin/plugin_grpc.pb.go b/pkg/plugin/plugin_grpc.pb.go new file mode 100644 index 00000000..c37f64c9 --- /dev/null +++ b/pkg/plugin/plugin_grpc.pb.go @@ -0,0 +1,109 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v3.12.4 +// source: plugin.proto + +package plugin + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + SpiffeHelper_PostConfigs_FullMethodName = "/plugin.SpiffeHelper/PostConfigs" +) + +// SpiffeHelperClient is the client API for SpiffeHelper service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type SpiffeHelperClient interface { + PostConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) +} + +type spiffeHelperClient struct { + cc grpc.ClientConnInterface +} + +func NewSpiffeHelperClient(cc grpc.ClientConnInterface) SpiffeHelperClient { + return &spiffeHelperClient{cc} +} + +func (c *spiffeHelperClient) PostConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, SpiffeHelper_PostConfigs_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// SpiffeHelperServer is the server API for SpiffeHelper service. +// All implementations must embed UnimplementedSpiffeHelperServer +// for forward compatibility +type SpiffeHelperServer interface { + PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) + mustEmbedUnimplementedSpiffeHelperServer() +} + +// UnimplementedSpiffeHelperServer must be embedded to have forward compatible implementations. +type UnimplementedSpiffeHelperServer struct { +} + +func (UnimplementedSpiffeHelperServer) PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method PostConfigs not implemented") +} +func (UnimplementedSpiffeHelperServer) mustEmbedUnimplementedSpiffeHelperServer() {} + +// UnsafeSpiffeHelperServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to SpiffeHelperServer will +// result in compilation errors. +type UnsafeSpiffeHelperServer interface { + mustEmbedUnimplementedSpiffeHelperServer() +} + +func RegisterSpiffeHelperServer(s grpc.ServiceRegistrar, srv SpiffeHelperServer) { + s.RegisterService(&SpiffeHelper_ServiceDesc, srv) +} + +func _SpiffeHelper_PostConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ConfigsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SpiffeHelperServer).PostConfigs(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SpiffeHelper_PostConfigs_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SpiffeHelperServer).PostConfigs(ctx, req.(*ConfigsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// SpiffeHelper_ServiceDesc is the grpc.ServiceDesc for SpiffeHelper service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var SpiffeHelper_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "plugin.SpiffeHelper", + HandlerType: (*SpiffeHelperServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "PostConfigs", + Handler: _SpiffeHelper_PostConfigs_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "plugin.proto", +} diff --git a/pkg/plugin/simple-example/simple-example.go b/pkg/plugin/simple-example/simple-example.go new file mode 100644 index 00000000..05e375aa --- /dev/null +++ b/pkg/plugin/simple-example/simple-example.go @@ -0,0 +1,41 @@ +package main + +import ( + "context" + "fmt" + "log" + "net" + + pb "github.com/spiffe/spiffe-helper/pkg/plugin" + "google.golang.org/grpc" +) + +type simpleExampleServer struct { + pb.SpiffeHelperServer +} + +func (s *simpleExampleServer) PostConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { + configs := request.Configs + + fmt.Printf("From: %s\n", configs["from"]) + fmt.Printf("To: %s\n", configs["to"]) + fmt.Printf("Message: %s\n", configs["message"]) + + return new(pb.Empty), nil +} + +func main() { + lis, err := net.Listen("tcp", "localhost:8081") + if err != nil { + log.Fatalf("failed to listen: %v", err) + } + + grpcServer := grpc.NewServer() + simpleExampleServer := &simpleExampleServer{} + pb.RegisterSpiffeHelperServer(grpcServer, simpleExampleServer) + log.Printf("server listening at %v", lis.Addr()) + + if err := grpcServer.Serve(lis); err != nil { + log.Fatalf("failed to serve: %v", err) + } +} diff --git a/pkg/sidecar/config.go b/pkg/sidecar/config.go index c6af3202..d48499a8 100644 --- a/pkg/sidecar/config.go +++ b/pkg/sidecar/config.go @@ -37,28 +37,27 @@ type Config struct { JWTSvidFilename string `hcl:"jwt_svid_file_name"` JWTBundleFilename string `hcl:"jwt_bundle_file_name"` + Plugins map[string]map[string]string `hcl:"plugins,block"` // TODO: is there a reason for this to be exposed? and inside of config? ReloadExternalProcess func() error // TODO: is there a reason for this to be exposed? and inside of config? Log logrus.FieldLogger } -// ParseConfig parses the given HCL file into a SidecarConfig struct -func ParseConfig(file string) (*Config, error) { - sidecarConfig := new(Config) - +func ParseConfig(fileName string) (*Config, error) { // Read HCL file - dat, err := os.ReadFile(file) + dat, err := os.ReadFile(fileName) if err != nil { return nil, err } // Parse HCL - if err := hcl.Decode(sidecarConfig, string(dat)); err != nil { + config := new(Config) + if err := hcl.Decode(config, string(dat)); err != nil { return nil, err } - return sidecarConfig, nil + return config, nil } func ValidateConfig(c *Config) error { diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index 54d7b70f..c02c495c 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -11,6 +11,7 @@ import ( "os" "os/exec" "path" + "strconv" "strings" "sync" "sync/atomic" @@ -20,7 +21,10 @@ import ( "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" "github.com/spiffe/go-spiffe/v2/workloadapi" + pb "github.com/spiffe/spiffe-helper/pkg/plugin" + "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" ) @@ -148,6 +152,9 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) { os.Exit(0) } + s.config.Log.Infof("Updating plugins") + s.updatePlugins() + select { case s.certReadyChan <- struct{}{}: default: @@ -190,6 +197,42 @@ func (s *Sidecar) signalProcess() (err error) { return nil } +func (s *Sidecar) updatePlugins() { + for pluginName, pluginConfig := range s.config.Plugins { + // create request + request := &pb.ConfigsRequest{} + request.Configs = pluginConfig + request.Configs["certDir"] = s.config.CertDir + request.Configs["addIntermediatesToBundle"] = strconv.FormatBool(s.config.AddIntermediatesToBundle) + request.Configs["svidFileName"] = s.config.SvidFileName + request.Configs["svidKeyFileName"] = s.config.SvidKeyFileName + request.Configs["svidBundleFileName"] = s.config.SvidBundleFileName + + // try to post request + hostname := pluginConfig["hostname"] + port := pluginConfig["port"] + if hostname == "" || port == "" { + fmt.Printf("Please provide hostname and port for plugin %s", pluginName) + continue + } + + conn, err := grpc.Dial(hostname+":"+port, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + s.config.Log.Errorf("Failed to connect with plugin %s", pluginName) + continue + } + + client := pb.NewSpiffeHelperClient(conn) + response, err := client.PostConfigs(context.Background(), request) + if err != nil { + s.config.Log.Errorf("Failed to post configs for plugin %s", pluginName) + continue + } + + s.config.Log.Infof("Plugin %s updated: %s", pluginName, response) + } +} + func (s *Sidecar) checkProcessExit() { atomic.StoreInt32(&s.processRunning, 1) _, err := s.process.Wait() diff --git a/proto/plugin/plugin.proto b/proto/plugin/plugin.proto new file mode 100644 index 00000000..5334617f --- /dev/null +++ b/proto/plugin/plugin.proto @@ -0,0 +1,14 @@ +syntax = "proto3"; + +package plugin; +option go_package = "../../pkg/plugin"; + +message Empty {} + +message ConfigsRequest { + map configs = 1; +} + +service SpiffeHelper { + rpc PostConfigs(ConfigsRequest) returns (Empty) {}; +} From 1f13db787365f08cdbfbffb4dbb6ec1a0ffaec28 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Tue, 27 Jun 2023 15:05:49 -0300 Subject: [PATCH 02/13] Minor changes. Signed-off-by: JU4N98 --- pkg/sidecar/config.go | 4 ++-- pkg/sidecar/sidecar.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/sidecar/config.go b/pkg/sidecar/config.go index d48499a8..407cf6f3 100644 --- a/pkg/sidecar/config.go +++ b/pkg/sidecar/config.go @@ -44,9 +44,9 @@ type Config struct { Log logrus.FieldLogger } -func ParseConfig(fileName string) (*Config, error) { +func ParseConfig(file string) (*Config, error) { // Read HCL file - dat, err := os.ReadFile(fileName) + dat, err := os.ReadFile(file) if err != nil { return nil, err } diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index c02c495c..9e93028d 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -212,7 +212,7 @@ func (s *Sidecar) updatePlugins() { hostname := pluginConfig["hostname"] port := pluginConfig["port"] if hostname == "" || port == "" { - fmt.Printf("Please provide hostname and port for plugin %s", pluginName) + s.config.Log.Warnf("Please provide hostname and port for plugin %s", pluginName) continue } @@ -229,7 +229,7 @@ func (s *Sidecar) updatePlugins() { continue } - s.config.Log.Infof("Plugin %s updated: %s", pluginName, response) + s.config.Log.Infof("Plugin %s updated %s", pluginName, response) } } From 739f980718cf010e2e142e1c0b455cb1666419e9 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Tue, 27 Jun 2023 15:08:55 -0300 Subject: [PATCH 03/13] Adds previous comment. Signed-off-by: JU4N98 --- pkg/sidecar/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/sidecar/config.go b/pkg/sidecar/config.go index 407cf6f3..39f0c65b 100644 --- a/pkg/sidecar/config.go +++ b/pkg/sidecar/config.go @@ -44,6 +44,7 @@ type Config struct { Log logrus.FieldLogger } +// ParseConfig parses the given HCL file into a SidecarConfig struct func ParseConfig(file string) (*Config, error) { // Read HCL file dat, err := os.ReadFile(file) From 2f30c591b12cc907a76148d99ea52dcf882d7e55 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Tue, 4 Jul 2023 14:42:28 -0300 Subject: [PATCH 04/13] Improves usage of external plugins. Signed-off-by: JU4N98 --- go.mod | 9 +++ go.sum | 22 +++++++ pkg/{plugin => helper-plugin}/plugin.pb.go | 51 +++++++-------- .../plugin_grpc.pb.go | 6 +- pkg/helper-plugin/shared.go | 62 +++++++++++++++++++ .../simple-example/simple-example.go | 33 ++++++++++ pkg/plugin/simple-example/simple-example.go | 41 ------------ pkg/sidecar/sidecar.go | 37 +++++++---- proto/plugin/plugin.proto | 4 +- 9 files changed, 182 insertions(+), 83 deletions(-) rename pkg/{plugin => helper-plugin}/plugin.pb.go (68%) rename pkg/{plugin => helper-plugin}/plugin_grpc.pb.go (96%) create mode 100644 pkg/helper-plugin/shared.go create mode 100644 pkg/helper-plugin/simple-example/simple-example.go delete mode 100644 pkg/plugin/simple-example/simple-example.go diff --git a/go.mod b/go.mod index ee94c350..d56bacab 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/spiffe/spiffe-helper go 1.21 require ( + github.com/hashicorp/go-plugin v1.4.10 github.com/hashicorp/hcl v1.0.0 github.com/spiffe/go-spiffe/v2 v2.1.6 github.com/stretchr/testify v1.8.4 @@ -13,12 +14,20 @@ require ( require google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect +require github.com/hashicorp/go-hclog v0.14.1 // indirect + require ( github.com/Microsoft/go-winio v0.6.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/fatih/color v1.7.0 // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/golang/protobuf v1.5.3 // indirect + github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect github.com/kr/text v0.1.0 // indirect + github.com/mattn/go-colorable v0.1.4 // indirect + github.com/mattn/go-isatty v0.0.10 // indirect + github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 // indirect + github.com/oklog/run v1.0.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/sirupsen/logrus v1.9.3 github.com/zeebo/errs v1.3.0 // indirect diff --git a/go.sum b/go.sum index a9e718a1..83b88d83 100644 --- a/go.sum +++ b/go.sum @@ -3,6 +3,8 @@ github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2B github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= @@ -12,13 +14,30 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/hashicorp/go-hclog v0.14.1 h1:nQcJDQwIAGnmoUWp8ubocEX40cCml/17YkF6csQLReU= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-plugin v1.4.10 h1:xUbmA4jC6Dq163/fWcp8P3JuHilrHHMLNRxzGQJ9hNk= +github.com/hashicorp/go-plugin v1.4.10/go.mod h1:6/1TEzT0eQznvI/gV2CM29DLSkAK/e58mUWKVsPaph0= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.10 h1:qxFzApOv4WsAL965uUPIsXzAKCZxN2p9UqdhFS4ZW10= +github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 h1:7GoSOOW2jpsfkntVKaS2rAr1TJqfcxotyaUcuxoZSzg= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= @@ -26,6 +45,7 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs github.com/spiffe/go-spiffe/v2 v2.1.6 h1:4SdizuQieFyL9eNU+SPiCArH4kynzaKOOj0VvM8R7Xo= github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= @@ -44,7 +64,9 @@ golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= diff --git a/pkg/plugin/plugin.pb.go b/pkg/helper-plugin/plugin.pb.go similarity index 68% rename from pkg/plugin/plugin.pb.go rename to pkg/helper-plugin/plugin.pb.go index 27dcb8ab..fbd407f4 100644 --- a/pkg/plugin/plugin.pb.go +++ b/pkg/helper-plugin/plugin.pb.go @@ -4,7 +4,7 @@ // protoc v3.12.4 // source: plugin.proto -package plugin +package helper_plugin import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" @@ -108,24 +108,25 @@ func (x *ConfigsRequest) GetConfigs() map[string]string { var File_plugin_proto protoreflect.FileDescriptor var file_plugin_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, - 0x8b, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32, 0x46, 0x0a, - 0x0c, 0x53, 0x70, 0x69, 0x66, 0x66, 0x65, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x36, 0x0a, - 0x0b, 0x50, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x16, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0d, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x45, 0x6d, - 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x12, 0x5a, 0x10, 0x2e, 0x2e, 0x2f, 0x2e, 0x2e, 0x2f, 0x70, - 0x6b, 0x67, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x0a, 0x0c, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, + 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x22, 0x07, 0x0a, 0x05, + 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x91, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x65, 0x6c, 0x70, + 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, + 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32, 0x52, 0x0a, 0x0c, 0x53, 0x70, 0x69, + 0x66, 0x66, 0x65, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0b, 0x50, 0x6f, 0x73, + 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, + 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, + 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x19, 0x5a, + 0x17, 0x2e, 0x2e, 0x2f, 0x2e, 0x2e, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x68, 0x65, 0x6c, 0x70, 0x65, + 0x72, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -142,14 +143,14 @@ func file_plugin_proto_rawDescGZIP() []byte { var file_plugin_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_plugin_proto_goTypes = []interface{}{ - (*Empty)(nil), // 0: plugin.Empty - (*ConfigsRequest)(nil), // 1: plugin.ConfigsRequest - nil, // 2: plugin.ConfigsRequest.ConfigsEntry + (*Empty)(nil), // 0: helperPlugin.Empty + (*ConfigsRequest)(nil), // 1: helperPlugin.ConfigsRequest + nil, // 2: helperPlugin.ConfigsRequest.ConfigsEntry } var file_plugin_proto_depIdxs = []int32{ - 2, // 0: plugin.ConfigsRequest.configs:type_name -> plugin.ConfigsRequest.ConfigsEntry - 1, // 1: plugin.SpiffeHelper.PostConfigs:input_type -> plugin.ConfigsRequest - 0, // 2: plugin.SpiffeHelper.PostConfigs:output_type -> plugin.Empty + 2, // 0: helperPlugin.ConfigsRequest.configs:type_name -> helperPlugin.ConfigsRequest.ConfigsEntry + 1, // 1: helperPlugin.SpiffeHelper.PostConfigs:input_type -> helperPlugin.ConfigsRequest + 0, // 2: helperPlugin.SpiffeHelper.PostConfigs:output_type -> helperPlugin.Empty 2, // [2:3] is the sub-list for method output_type 1, // [1:2] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/pkg/plugin/plugin_grpc.pb.go b/pkg/helper-plugin/plugin_grpc.pb.go similarity index 96% rename from pkg/plugin/plugin_grpc.pb.go rename to pkg/helper-plugin/plugin_grpc.pb.go index c37f64c9..cfd93d9c 100644 --- a/pkg/plugin/plugin_grpc.pb.go +++ b/pkg/helper-plugin/plugin_grpc.pb.go @@ -4,7 +4,7 @@ // - protoc v3.12.4 // source: plugin.proto -package plugin +package helper_plugin import ( context "context" @@ -19,7 +19,7 @@ import ( const _ = grpc.SupportPackageIsVersion7 const ( - SpiffeHelper_PostConfigs_FullMethodName = "/plugin.SpiffeHelper/PostConfigs" + SpiffeHelper_PostConfigs_FullMethodName = "/helperPlugin.SpiffeHelper/PostConfigs" ) // SpiffeHelperClient is the client API for SpiffeHelper service. @@ -96,7 +96,7 @@ func _SpiffeHelper_PostConfigs_Handler(srv interface{}, ctx context.Context, dec // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) var SpiffeHelper_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "plugin.SpiffeHelper", + ServiceName: "helperPlugin.SpiffeHelper", HandlerType: (*SpiffeHelperServer)(nil), Methods: []grpc.MethodDesc{ { diff --git a/pkg/helper-plugin/shared.go b/pkg/helper-plugin/shared.go new file mode 100644 index 00000000..5667ecf6 --- /dev/null +++ b/pkg/helper-plugin/shared.go @@ -0,0 +1,62 @@ +package helper_plugin + +import ( + context "context" + + "github.com/hashicorp/go-plugin" + grpc "google.golang.org/grpc" +) + +type SpiffeHelperPlugin interface { + PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) + mustEmbedUnimplementedSpiffeHelperServer() +} + +type GRPCSpiffeHelperPlugin struct { + plugin.Plugin + Impl SpiffeHelperPlugin +} + +func (p *GRPCSpiffeHelperPlugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error { + RegisterSpiffeHelperServer(s, &GRPCServer{Impl: p.Impl}) + return nil +} + +func (p *GRPCSpiffeHelperPlugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { + return &GRPCClient{client: NewSpiffeHelperClient(c)}, nil +} + +type GRPCClient struct { + client SpiffeHelperClient +} + +func (m *GRPCClient) PostConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { + return m.client.PostConfigs(context.Background(), config) +} + +func (m *GRPCClient) mustEmbedUnimplementedSpiffeHelperServer() { +} + +type GRPCServer struct { + Impl SpiffeHelperPlugin +} + +func (m *GRPCServer) PostConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { + _, err := m.Impl.PostConfigs(ctx, config) + return &Empty{}, err +} + +func (m *GRPCServer) mustEmbedUnimplementedSpiffeHelperServer() { +} + +func GetHandshakeConfig() plugin.HandshakeConfig { + return plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "SPIFFE_HELPER", + MagicCookieValue: "SPIFFE_HELPER", + } +} + +func GetPluginMap() map[string]plugin.Plugin { + return map[string]plugin.Plugin{"plugin": &GRPCSpiffeHelperPlugin{}} +} diff --git a/pkg/helper-plugin/simple-example/simple-example.go b/pkg/helper-plugin/simple-example/simple-example.go new file mode 100644 index 00000000..11f7535b --- /dev/null +++ b/pkg/helper-plugin/simple-example/simple-example.go @@ -0,0 +1,33 @@ +package main + +import ( + "context" + "fmt" + + "github.com/hashicorp/go-plugin" + pb "github.com/spiffe/spiffe-helper/pkg/helper-plugin" +) + +type SimplePlugin struct { + pb.SpiffeHelperServer +} + +func (s *SimplePlugin) PostConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { + configs := request.Configs + + fmt.Printf("From: %s\n", configs["from"]) + fmt.Printf("To: %s\n", configs["to"]) + fmt.Printf("Message: %s\n", configs["message"]) + + return new(pb.Empty), nil +} + +func main() { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: pb.GetHandshakeConfig(), + Plugins: map[string]plugin.Plugin{ + "simplePlugin": &pb.GRPCSpiffeHelperPlugin{Impl: &SimplePlugin{}}, + }, + GRPCServer: plugin.DefaultGRPCServer, + }) +} diff --git a/pkg/plugin/simple-example/simple-example.go b/pkg/plugin/simple-example/simple-example.go deleted file mode 100644 index 05e375aa..00000000 --- a/pkg/plugin/simple-example/simple-example.go +++ /dev/null @@ -1,41 +0,0 @@ -package main - -import ( - "context" - "fmt" - "log" - "net" - - pb "github.com/spiffe/spiffe-helper/pkg/plugin" - "google.golang.org/grpc" -) - -type simpleExampleServer struct { - pb.SpiffeHelperServer -} - -func (s *simpleExampleServer) PostConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { - configs := request.Configs - - fmt.Printf("From: %s\n", configs["from"]) - fmt.Printf("To: %s\n", configs["to"]) - fmt.Printf("Message: %s\n", configs["message"]) - - return new(pb.Empty), nil -} - -func main() { - lis, err := net.Listen("tcp", "localhost:8081") - if err != nil { - log.Fatalf("failed to listen: %v", err) - } - - grpcServer := grpc.NewServer() - simpleExampleServer := &simpleExampleServer{} - pb.RegisterSpiffeHelperServer(grpcServer, simpleExampleServer) - log.Printf("server listening at %v", lis.Addr()) - - if err := grpcServer.Serve(lis); err != nil { - log.Fatalf("failed to serve: %v", err) - } -} diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index 9e93028d..6ecca3c5 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -8,6 +8,7 @@ import ( "encoding/json" "encoding/pem" "fmt" + "log" "os" "os/exec" "path" @@ -17,14 +18,13 @@ import ( "sync/atomic" "time" + "github.com/hashicorp/go-plugin" "github.com/sirupsen/logrus" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" "github.com/spiffe/go-spiffe/v2/workloadapi" - pb "github.com/spiffe/spiffe-helper/pkg/plugin" - "google.golang.org/grpc" + pb "github.com/spiffe/spiffe-helper/pkg/helper-plugin" "google.golang.org/grpc/codes" - "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" ) @@ -209,23 +209,36 @@ func (s *Sidecar) updatePlugins() { request.Configs["svidBundleFileName"] = s.config.SvidBundleFileName // try to post request - hostname := pluginConfig["hostname"] - port := pluginConfig["port"] - if hostname == "" || port == "" { - s.config.Log.Warnf("Please provide hostname and port for plugin %s", pluginName) + pluginPath := pluginConfig["path"] + if pluginPath == "" { + s.config.Log.Warnf("Please provide a path for plugin %s", pluginName) continue } - conn, err := grpc.Dial(hostname+":"+port, grpc.WithTransportCredentials(insecure.NewCredentials())) + client := plugin.NewClient(&plugin.ClientConfig{ + HandshakeConfig: pb.GetHandshakeConfig(), + Plugins: pb.GetPluginMap(), + Cmd: exec.Command(pluginPath), + AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC}, + }) + defer client.Kill() + + RPCClient, err := client.Client() + if err != nil { + log.Fatal(err) + continue + } + + raw, err := RPCClient.Dispense("plugin") if err != nil { - s.config.Log.Errorf("Failed to connect with plugin %s", pluginName) + log.Fatal(err) continue } - client := pb.NewSpiffeHelperClient(conn) - response, err := client.PostConfigs(context.Background(), request) + spiffeHelperPlugin := raw.(pb.SpiffeHelperPlugin) + response, err := spiffeHelperPlugin.PostConfigs(context.Background(), request) if err != nil { - s.config.Log.Errorf("Failed to post configs for plugin %s", pluginName) + s.config.Log.Warnf("Failed to post configs to plugin %s", pluginName) continue } diff --git a/proto/plugin/plugin.proto b/proto/plugin/plugin.proto index 5334617f..955d574a 100644 --- a/proto/plugin/plugin.proto +++ b/proto/plugin/plugin.proto @@ -1,7 +1,7 @@ syntax = "proto3"; -package plugin; -option go_package = "../../pkg/plugin"; +package helperPlugin; +option go_package = "../../pkg/helper-plugin"; message Empty {} From 25a54757190634e27d609f9c527c5be5b5a31bde Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Tue, 4 Jul 2023 15:15:31 -0300 Subject: [PATCH 05/13] Improves simple-example. Signed-off-by: JU4N98 --- pkg/helper-plugin/simple-example/simple-example.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/helper-plugin/simple-example/simple-example.go b/pkg/helper-plugin/simple-example/simple-example.go index 11f7535b..15c0276b 100644 --- a/pkg/helper-plugin/simple-example/simple-example.go +++ b/pkg/helper-plugin/simple-example/simple-example.go @@ -2,7 +2,7 @@ package main import ( "context" - "fmt" + "log" "github.com/hashicorp/go-plugin" pb "github.com/spiffe/spiffe-helper/pkg/helper-plugin" @@ -15,9 +15,7 @@ type SimplePlugin struct { func (s *SimplePlugin) PostConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { configs := request.Configs - fmt.Printf("From: %s\n", configs["from"]) - fmt.Printf("To: %s\n", configs["to"]) - fmt.Printf("Message: %s\n", configs["message"]) + log.Printf("Message sent by %s to %s: %s", configs["from"], configs["to"], configs["message"]) return new(pb.Empty), nil } From b2771fa79107ebc3164f22837b067c3ad0819971 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Tue, 4 Jul 2023 15:58:34 -0300 Subject: [PATCH 06/13] Fixes lint errors. Signed-off-by: JU4N98 --- pkg/{helper-plugin => helperPlugin}/plugin.pb.go | 8 ++++---- pkg/{helper-plugin => helperPlugin}/plugin_grpc.pb.go | 2 +- pkg/{helper-plugin => helperPlugin}/shared.go | 2 +- .../simple-example/simple-example.go | 2 +- pkg/sidecar/sidecar.go | 7 +++---- proto/plugin/plugin.proto | 2 +- 6 files changed, 11 insertions(+), 12 deletions(-) rename pkg/{helper-plugin => helperPlugin}/plugin.pb.go (96%) rename pkg/{helper-plugin => helperPlugin}/plugin_grpc.pb.go (99%) rename pkg/{helper-plugin => helperPlugin}/shared.go (98%) rename pkg/{helper-plugin => helperPlugin}/simple-example/simple-example.go (92%) diff --git a/pkg/helper-plugin/plugin.pb.go b/pkg/helperPlugin/plugin.pb.go similarity index 96% rename from pkg/helper-plugin/plugin.pb.go rename to pkg/helperPlugin/plugin.pb.go index fbd407f4..adf4d0be 100644 --- a/pkg/helper-plugin/plugin.pb.go +++ b/pkg/helperPlugin/plugin.pb.go @@ -4,7 +4,7 @@ // protoc v3.12.4 // source: plugin.proto -package helper_plugin +package helperPlugin import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" @@ -124,9 +124,9 @@ var file_plugin_proto_rawDesc = []byte{ 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x19, 0x5a, - 0x17, 0x2e, 0x2e, 0x2f, 0x2e, 0x2e, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x68, 0x65, 0x6c, 0x70, 0x65, - 0x72, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x18, 0x5a, + 0x16, 0x2e, 0x2e, 0x2f, 0x2e, 0x2e, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x68, 0x65, 0x6c, 0x70, 0x65, + 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/helper-plugin/plugin_grpc.pb.go b/pkg/helperPlugin/plugin_grpc.pb.go similarity index 99% rename from pkg/helper-plugin/plugin_grpc.pb.go rename to pkg/helperPlugin/plugin_grpc.pb.go index cfd93d9c..790ff855 100644 --- a/pkg/helper-plugin/plugin_grpc.pb.go +++ b/pkg/helperPlugin/plugin_grpc.pb.go @@ -4,7 +4,7 @@ // - protoc v3.12.4 // source: plugin.proto -package helper_plugin +package helperPlugin import ( context "context" diff --git a/pkg/helper-plugin/shared.go b/pkg/helperPlugin/shared.go similarity index 98% rename from pkg/helper-plugin/shared.go rename to pkg/helperPlugin/shared.go index 5667ecf6..e8a4039f 100644 --- a/pkg/helper-plugin/shared.go +++ b/pkg/helperPlugin/shared.go @@ -1,4 +1,4 @@ -package helper_plugin +package helperPlugin import ( context "context" diff --git a/pkg/helper-plugin/simple-example/simple-example.go b/pkg/helperPlugin/simple-example/simple-example.go similarity index 92% rename from pkg/helper-plugin/simple-example/simple-example.go rename to pkg/helperPlugin/simple-example/simple-example.go index 15c0276b..79f1d90f 100644 --- a/pkg/helper-plugin/simple-example/simple-example.go +++ b/pkg/helperPlugin/simple-example/simple-example.go @@ -5,7 +5,7 @@ import ( "log" "github.com/hashicorp/go-plugin" - pb "github.com/spiffe/spiffe-helper/pkg/helper-plugin" + pb "github.com/spiffe/spiffe-helper/pkg/helperPlugin" ) type SimplePlugin struct { diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index 6ecca3c5..0d1c5b65 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -8,7 +8,6 @@ import ( "encoding/json" "encoding/pem" "fmt" - "log" "os" "os/exec" "path" @@ -23,7 +22,7 @@ import ( "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" "github.com/spiffe/go-spiffe/v2/workloadapi" - pb "github.com/spiffe/spiffe-helper/pkg/helper-plugin" + pb "github.com/spiffe/spiffe-helper/pkg/helperPlugin" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -225,13 +224,13 @@ func (s *Sidecar) updatePlugins() { RPCClient, err := client.Client() if err != nil { - log.Fatal(err) + s.config.Log.Warn(err) continue } raw, err := RPCClient.Dispense("plugin") if err != nil { - log.Fatal(err) + s.config.Log.Warn(err) continue } diff --git a/proto/plugin/plugin.proto b/proto/plugin/plugin.proto index 955d574a..e94d8eb6 100644 --- a/proto/plugin/plugin.proto +++ b/proto/plugin/plugin.proto @@ -1,7 +1,7 @@ syntax = "proto3"; package helperPlugin; -option go_package = "../../pkg/helper-plugin"; +option go_package = "../../pkg/helperPlugin"; message Empty {} From c87fed32da74840dad077a7e5b7822618368fc4a Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Fri, 7 Jul 2023 14:00:13 -0300 Subject: [PATCH 07/13] Renames rpc methods, adds UpdateX509SVID rpc, plugins don't stop. Signed-off-by: JU4N98 --- pkg/helperPlugin/plugin.pb.go | 210 ----------------- pkg/helperPlugin/plugin_grpc.pb.go | 109 --------- pkg/helperPlugin/shared.go | 62 ----- pkg/notifier/notifier.pb.go | 214 ++++++++++++++++++ pkg/notifier/notifier.proto | 15 ++ pkg/notifier/notifier_grpc.pb.go | 146 ++++++++++++ pkg/notifier/shared.go | 72 ++++++ .../simple-example/simple-example.go | 15 +- pkg/sidecar/sidecar.go | 39 +++- proto/plugin/plugin.proto | 14 -- 10 files changed, 484 insertions(+), 412 deletions(-) delete mode 100644 pkg/helperPlugin/plugin.pb.go delete mode 100644 pkg/helperPlugin/plugin_grpc.pb.go delete mode 100644 pkg/helperPlugin/shared.go create mode 100644 pkg/notifier/notifier.pb.go create mode 100644 pkg/notifier/notifier.proto create mode 100644 pkg/notifier/notifier_grpc.pb.go create mode 100644 pkg/notifier/shared.go rename pkg/{helperPlugin => notifier}/simple-example/simple-example.go (55%) delete mode 100644 proto/plugin/plugin.proto diff --git a/pkg/helperPlugin/plugin.pb.go b/pkg/helperPlugin/plugin.pb.go deleted file mode 100644 index adf4d0be..00000000 --- a/pkg/helperPlugin/plugin.pb.go +++ /dev/null @@ -1,210 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 -// source: plugin.proto - -package helperPlugin - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Empty struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *Empty) Reset() { - *x = Empty{} - if protoimpl.UnsafeEnabled { - mi := &file_plugin_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Empty) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Empty) ProtoMessage() {} - -func (x *Empty) ProtoReflect() protoreflect.Message { - mi := &file_plugin_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Empty.ProtoReflect.Descriptor instead. -func (*Empty) Descriptor() ([]byte, []int) { - return file_plugin_proto_rawDescGZIP(), []int{0} -} - -type ConfigsRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Configs map[string]string `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *ConfigsRequest) Reset() { - *x = ConfigsRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_plugin_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConfigsRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConfigsRequest) ProtoMessage() {} - -func (x *ConfigsRequest) ProtoReflect() protoreflect.Message { - mi := &file_plugin_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConfigsRequest.ProtoReflect.Descriptor instead. -func (*ConfigsRequest) Descriptor() ([]byte, []int) { - return file_plugin_proto_rawDescGZIP(), []int{1} -} - -func (x *ConfigsRequest) GetConfigs() map[string]string { - if x != nil { - return x.Configs - } - return nil -} - -var File_plugin_proto protoreflect.FileDescriptor - -var file_plugin_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, - 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x22, 0x07, 0x0a, 0x05, - 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x91, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x65, 0x6c, 0x70, - 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, - 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32, 0x52, 0x0a, 0x0c, 0x53, 0x70, 0x69, - 0x66, 0x66, 0x65, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0b, 0x50, 0x6f, 0x73, - 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, - 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x18, 0x5a, - 0x16, 0x2e, 0x2e, 0x2f, 0x2e, 0x2e, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x68, 0x65, 0x6c, 0x70, 0x65, - 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_plugin_proto_rawDescOnce sync.Once - file_plugin_proto_rawDescData = file_plugin_proto_rawDesc -) - -func file_plugin_proto_rawDescGZIP() []byte { - file_plugin_proto_rawDescOnce.Do(func() { - file_plugin_proto_rawDescData = protoimpl.X.CompressGZIP(file_plugin_proto_rawDescData) - }) - return file_plugin_proto_rawDescData -} - -var file_plugin_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_plugin_proto_goTypes = []interface{}{ - (*Empty)(nil), // 0: helperPlugin.Empty - (*ConfigsRequest)(nil), // 1: helperPlugin.ConfigsRequest - nil, // 2: helperPlugin.ConfigsRequest.ConfigsEntry -} -var file_plugin_proto_depIdxs = []int32{ - 2, // 0: helperPlugin.ConfigsRequest.configs:type_name -> helperPlugin.ConfigsRequest.ConfigsEntry - 1, // 1: helperPlugin.SpiffeHelper.PostConfigs:input_type -> helperPlugin.ConfigsRequest - 0, // 2: helperPlugin.SpiffeHelper.PostConfigs:output_type -> helperPlugin.Empty - 2, // [2:3] is the sub-list for method output_type - 1, // [1:2] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_plugin_proto_init() } -func file_plugin_proto_init() { - if File_plugin_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_plugin_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Empty); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_plugin_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConfigsRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_plugin_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_plugin_proto_goTypes, - DependencyIndexes: file_plugin_proto_depIdxs, - MessageInfos: file_plugin_proto_msgTypes, - }.Build() - File_plugin_proto = out.File - file_plugin_proto_rawDesc = nil - file_plugin_proto_goTypes = nil - file_plugin_proto_depIdxs = nil -} diff --git a/pkg/helperPlugin/plugin_grpc.pb.go b/pkg/helperPlugin/plugin_grpc.pb.go deleted file mode 100644 index 790ff855..00000000 --- a/pkg/helperPlugin/plugin_grpc.pb.go +++ /dev/null @@ -1,109 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. -// versions: -// - protoc-gen-go-grpc v1.3.0 -// - protoc v3.12.4 -// source: plugin.proto - -package helperPlugin - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 - -const ( - SpiffeHelper_PostConfigs_FullMethodName = "/helperPlugin.SpiffeHelper/PostConfigs" -) - -// SpiffeHelperClient is the client API for SpiffeHelper service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type SpiffeHelperClient interface { - PostConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) -} - -type spiffeHelperClient struct { - cc grpc.ClientConnInterface -} - -func NewSpiffeHelperClient(cc grpc.ClientConnInterface) SpiffeHelperClient { - return &spiffeHelperClient{cc} -} - -func (c *spiffeHelperClient) PostConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, SpiffeHelper_PostConfigs_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// SpiffeHelperServer is the server API for SpiffeHelper service. -// All implementations must embed UnimplementedSpiffeHelperServer -// for forward compatibility -type SpiffeHelperServer interface { - PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) - mustEmbedUnimplementedSpiffeHelperServer() -} - -// UnimplementedSpiffeHelperServer must be embedded to have forward compatible implementations. -type UnimplementedSpiffeHelperServer struct { -} - -func (UnimplementedSpiffeHelperServer) PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method PostConfigs not implemented") -} -func (UnimplementedSpiffeHelperServer) mustEmbedUnimplementedSpiffeHelperServer() {} - -// UnsafeSpiffeHelperServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to SpiffeHelperServer will -// result in compilation errors. -type UnsafeSpiffeHelperServer interface { - mustEmbedUnimplementedSpiffeHelperServer() -} - -func RegisterSpiffeHelperServer(s grpc.ServiceRegistrar, srv SpiffeHelperServer) { - s.RegisterService(&SpiffeHelper_ServiceDesc, srv) -} - -func _SpiffeHelper_PostConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ConfigsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SpiffeHelperServer).PostConfigs(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: SpiffeHelper_PostConfigs_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SpiffeHelperServer).PostConfigs(ctx, req.(*ConfigsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -// SpiffeHelper_ServiceDesc is the grpc.ServiceDesc for SpiffeHelper service. -// It's only intended for direct use with grpc.RegisterService, -// and not to be introspected or modified (even as a copy) -var SpiffeHelper_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "helperPlugin.SpiffeHelper", - HandlerType: (*SpiffeHelperServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "PostConfigs", - Handler: _SpiffeHelper_PostConfigs_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "plugin.proto", -} diff --git a/pkg/helperPlugin/shared.go b/pkg/helperPlugin/shared.go deleted file mode 100644 index e8a4039f..00000000 --- a/pkg/helperPlugin/shared.go +++ /dev/null @@ -1,62 +0,0 @@ -package helperPlugin - -import ( - context "context" - - "github.com/hashicorp/go-plugin" - grpc "google.golang.org/grpc" -) - -type SpiffeHelperPlugin interface { - PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) - mustEmbedUnimplementedSpiffeHelperServer() -} - -type GRPCSpiffeHelperPlugin struct { - plugin.Plugin - Impl SpiffeHelperPlugin -} - -func (p *GRPCSpiffeHelperPlugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error { - RegisterSpiffeHelperServer(s, &GRPCServer{Impl: p.Impl}) - return nil -} - -func (p *GRPCSpiffeHelperPlugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { - return &GRPCClient{client: NewSpiffeHelperClient(c)}, nil -} - -type GRPCClient struct { - client SpiffeHelperClient -} - -func (m *GRPCClient) PostConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { - return m.client.PostConfigs(context.Background(), config) -} - -func (m *GRPCClient) mustEmbedUnimplementedSpiffeHelperServer() { -} - -type GRPCServer struct { - Impl SpiffeHelperPlugin -} - -func (m *GRPCServer) PostConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { - _, err := m.Impl.PostConfigs(ctx, config) - return &Empty{}, err -} - -func (m *GRPCServer) mustEmbedUnimplementedSpiffeHelperServer() { -} - -func GetHandshakeConfig() plugin.HandshakeConfig { - return plugin.HandshakeConfig{ - ProtocolVersion: 1, - MagicCookieKey: "SPIFFE_HELPER", - MagicCookieValue: "SPIFFE_HELPER", - } -} - -func GetPluginMap() map[string]plugin.Plugin { - return map[string]plugin.Plugin{"plugin": &GRPCSpiffeHelperPlugin{}} -} diff --git a/pkg/notifier/notifier.pb.go b/pkg/notifier/notifier.pb.go new file mode 100644 index 00000000..0abd4252 --- /dev/null +++ b/pkg/notifier/notifier.pb.go @@ -0,0 +1,214 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc v3.12.4 +// source: notifier.proto + +package notifier + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Empty struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *Empty) Reset() { + *x = Empty{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Empty) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Empty) ProtoMessage() {} + +func (x *Empty) ProtoReflect() protoreflect.Message { + mi := &file_notifier_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Empty.ProtoReflect.Descriptor instead. +func (*Empty) Descriptor() ([]byte, []int) { + return file_notifier_proto_rawDescGZIP(), []int{0} +} + +type ConfigsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Configs map[string]string `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *ConfigsRequest) Reset() { + *x = ConfigsRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConfigsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConfigsRequest) ProtoMessage() {} + +func (x *ConfigsRequest) ProtoReflect() protoreflect.Message { + mi := &file_notifier_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConfigsRequest.ProtoReflect.Descriptor instead. +func (*ConfigsRequest) Descriptor() ([]byte, []int) { + return file_notifier_proto_rawDescGZIP(), []int{1} +} + +func (x *ConfigsRequest) GetConfigs() map[string]string { + if x != nil { + return x.Configs + } + return nil +} + +var File_notifier_proto protoreflect.FileDescriptor + +var file_notifier_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x08, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d, + 0x70, 0x74, 0x79, 0x22, 0x8d, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, + 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x32, 0x7c, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, + 0x3a, 0x0a, 0x0b, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x18, + 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x34, 0x0a, 0x0e, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x12, 0x0f, 0x2e, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x0f, + 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, + 0x00, 0x42, 0x0d, 0x5a, 0x0b, 0x2e, 0x2f, 0x3b, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_notifier_proto_rawDescOnce sync.Once + file_notifier_proto_rawDescData = file_notifier_proto_rawDesc +) + +func file_notifier_proto_rawDescGZIP() []byte { + file_notifier_proto_rawDescOnce.Do(func() { + file_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(file_notifier_proto_rawDescData) + }) + return file_notifier_proto_rawDescData +} + +var file_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_notifier_proto_goTypes = []interface{}{ + (*Empty)(nil), // 0: notifier.Empty + (*ConfigsRequest)(nil), // 1: notifier.ConfigsRequest + nil, // 2: notifier.ConfigsRequest.ConfigsEntry +} +var file_notifier_proto_depIdxs = []int32{ + 2, // 0: notifier.ConfigsRequest.configs:type_name -> notifier.ConfigsRequest.ConfigsEntry + 1, // 1: notifier.Notifier.LoadConfigs:input_type -> notifier.ConfigsRequest + 0, // 2: notifier.Notifier.UpdateX509SVID:input_type -> notifier.Empty + 0, // 3: notifier.Notifier.LoadConfigs:output_type -> notifier.Empty + 0, // 4: notifier.Notifier.UpdateX509SVID:output_type -> notifier.Empty + 3, // [3:5] is the sub-list for method output_type + 1, // [1:3] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_notifier_proto_init() } +func file_notifier_proto_init() { + if File_notifier_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Empty); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConfigsRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_notifier_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_notifier_proto_goTypes, + DependencyIndexes: file_notifier_proto_depIdxs, + MessageInfos: file_notifier_proto_msgTypes, + }.Build() + File_notifier_proto = out.File + file_notifier_proto_rawDesc = nil + file_notifier_proto_goTypes = nil + file_notifier_proto_depIdxs = nil +} diff --git a/pkg/notifier/notifier.proto b/pkg/notifier/notifier.proto new file mode 100644 index 00000000..d9b6215c --- /dev/null +++ b/pkg/notifier/notifier.proto @@ -0,0 +1,15 @@ +syntax = "proto3"; + +package notifier; +option go_package = "./;notifier"; + +message Empty {} + +message ConfigsRequest { + map configs = 1; +} + +service Notifier { + rpc LoadConfigs(ConfigsRequest) returns (Empty) {}; + rpc UpdateX509SVID(Empty) returns (Empty) {}; +} diff --git a/pkg/notifier/notifier_grpc.pb.go b/pkg/notifier/notifier_grpc.pb.go new file mode 100644 index 00000000..8b19df1e --- /dev/null +++ b/pkg/notifier/notifier_grpc.pb.go @@ -0,0 +1,146 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v3.12.4 +// source: notifier.proto + +package notifier + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + Notifier_LoadConfigs_FullMethodName = "/notifier.Notifier/LoadConfigs" + Notifier_UpdateX509SVID_FullMethodName = "/notifier.Notifier/UpdateX509SVID" +) + +// NotifierClient is the client API for Notifier service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type NotifierClient interface { + LoadConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) + UpdateX509SVID(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) +} + +type notifierClient struct { + cc grpc.ClientConnInterface +} + +func NewNotifierClient(cc grpc.ClientConnInterface) NotifierClient { + return ¬ifierClient{cc} +} + +func (c *notifierClient) LoadConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, Notifier_LoadConfigs_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *notifierClient) UpdateX509SVID(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, Notifier_UpdateX509SVID_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// NotifierServer is the server API for Notifier service. +// All implementations must embed UnimplementedNotifierServer +// for forward compatibility +type NotifierServer interface { + LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) + UpdateX509SVID(context.Context, *Empty) (*Empty, error) + mustEmbedUnimplementedNotifierServer() +} + +// UnimplementedNotifierServer must be embedded to have forward compatible implementations. +type UnimplementedNotifierServer struct { +} + +func (UnimplementedNotifierServer) LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method LoadConfigs not implemented") +} +func (UnimplementedNotifierServer) UpdateX509SVID(context.Context, *Empty) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateX509SVID not implemented") +} +func (UnimplementedNotifierServer) mustEmbedUnimplementedNotifierServer() {} + +// UnsafeNotifierServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to NotifierServer will +// result in compilation errors. +type UnsafeNotifierServer interface { + mustEmbedUnimplementedNotifierServer() +} + +func RegisterNotifierServer(s grpc.ServiceRegistrar, srv NotifierServer) { + s.RegisterService(&Notifier_ServiceDesc, srv) +} + +func _Notifier_LoadConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ConfigsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(NotifierServer).LoadConfigs(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Notifier_LoadConfigs_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(NotifierServer).LoadConfigs(ctx, req.(*ConfigsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Notifier_UpdateX509SVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(NotifierServer).UpdateX509SVID(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Notifier_UpdateX509SVID_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(NotifierServer).UpdateX509SVID(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +// Notifier_ServiceDesc is the grpc.ServiceDesc for Notifier service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Notifier_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "notifier.Notifier", + HandlerType: (*NotifierServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "LoadConfigs", + Handler: _Notifier_LoadConfigs_Handler, + }, + { + MethodName: "UpdateX509SVID", + Handler: _Notifier_UpdateX509SVID_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "notifier.proto", +} diff --git a/pkg/notifier/shared.go b/pkg/notifier/shared.go new file mode 100644 index 00000000..d72b4b9a --- /dev/null +++ b/pkg/notifier/shared.go @@ -0,0 +1,72 @@ +package notifier + +import ( + context "context" + + "github.com/hashicorp/go-plugin" + grpc "google.golang.org/grpc" +) + +type Notifier interface { + LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) + UpdateX509SVID(context.Context, *Empty) (*Empty, error) + mustEmbedUnimplementedNotifierServer() +} + +type GRPCNotifier struct { + plugin.Plugin + Impl Notifier +} + +func (p *GRPCNotifier) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error { + RegisterNotifierServer(s, &GRPCServer{Impl: p.Impl}) + return nil +} + +func (p *GRPCNotifier) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { + return &GRPCClient{client: NewNotifierClient(c)}, nil +} + +type GRPCClient struct { + client NotifierClient +} + +func (m *GRPCClient) LoadConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { + return m.client.LoadConfigs(context.Background(), config) +} + +func (m *GRPCClient) UpdateX509SVID(ctx context.Context, empty *Empty) (*Empty, error) { + return m.client.UpdateX509SVID(context.Background(), empty) +} + +func (m *GRPCClient) mustEmbedUnimplementedNotifierServer() { +} + +type GRPCServer struct { + Impl Notifier +} + +func (m *GRPCServer) LoadConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { + _, err := m.Impl.LoadConfigs(ctx, config) + return &Empty{}, err +} + +func (m *GRPCServer) UpdateX509SVID(ctx context.Context, empty *Empty) (*Empty, error) { + _, err := m.Impl.UpdateX509SVID(ctx, empty) + return &Empty{}, err +} + +func (m *GRPCServer) mustEmbedUnimplementedNotifierServer() { +} + +func GetHandshakeConfig() plugin.HandshakeConfig { + return plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "NOTIFIER", + MagicCookieValue: "NOTIFIER", + } +} + +func GetPluginMap() map[string]plugin.Plugin { + return map[string]plugin.Plugin{"plugin": &GRPCNotifier{}} +} diff --git a/pkg/helperPlugin/simple-example/simple-example.go b/pkg/notifier/simple-example/simple-example.go similarity index 55% rename from pkg/helperPlugin/simple-example/simple-example.go rename to pkg/notifier/simple-example/simple-example.go index 79f1d90f..f7b66f18 100644 --- a/pkg/helperPlugin/simple-example/simple-example.go +++ b/pkg/notifier/simple-example/simple-example.go @@ -5,26 +5,29 @@ import ( "log" "github.com/hashicorp/go-plugin" - pb "github.com/spiffe/spiffe-helper/pkg/helperPlugin" + pb "github.com/spiffe/spiffe-helper/pkg/notifier" ) type SimplePlugin struct { - pb.SpiffeHelperServer + pb.NotifierServer } -func (s *SimplePlugin) PostConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { +func (s *SimplePlugin) LoadConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { configs := request.Configs - log.Printf("Message sent by %s to %s: %s", configs["from"], configs["to"], configs["message"]) + return &pb.Empty{}, nil +} - return new(pb.Empty), nil +func (s *SimplePlugin) UpdateX509SVID(ctx context.Context, empty *pb.Empty) (*pb.Empty, error) { + log.Printf("Svid updated") + return &pb.Empty{}, nil } func main() { plugin.Serve(&plugin.ServeConfig{ HandshakeConfig: pb.GetHandshakeConfig(), Plugins: map[string]plugin.Plugin{ - "simplePlugin": &pb.GRPCSpiffeHelperPlugin{Impl: &SimplePlugin{}}, + "simplePlugin": &pb.GRPCNotifier{Impl: &SimplePlugin{}}, }, GRPCServer: plugin.DefaultGRPCServer, }) diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index 0d1c5b65..67f230c7 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -22,7 +22,7 @@ import ( "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" "github.com/spiffe/go-spiffe/v2/workloadapi" - pb "github.com/spiffe/spiffe-helper/pkg/helperPlugin" + pb "github.com/spiffe/spiffe-helper/pkg/notifier" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -41,6 +41,7 @@ type Sidecar struct { processRunning int32 process *os.Process certReadyChan chan struct{} + plugins map[string]*pb.Notifier } // New creates a new SPIFFE sidecar @@ -71,10 +72,14 @@ func New(configPath string, log logrus.FieldLogger) (*Sidecar, error) { config.Log.Warn("No cmd defined to execute.") } - return &Sidecar{ + sidecar := &Sidecar{ config: config, certReadyChan: make(chan struct{}, 1), - }, nil + plugins: make(map[string]*pb.Notifier), + } + sidecar.loadPlugins() + + return sidecar, nil } // RunDaemon starts the main loop @@ -152,7 +157,7 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) { } s.config.Log.Infof("Updating plugins") - s.updatePlugins() + s.notifyPlugins() select { case s.certReadyChan <- struct{}{}: @@ -196,9 +201,8 @@ func (s *Sidecar) signalProcess() (err error) { return nil } -func (s *Sidecar) updatePlugins() { +func (s *Sidecar) loadPlugins() { for pluginName, pluginConfig := range s.config.Plugins { - // create request request := &pb.ConfigsRequest{} request.Configs = pluginConfig request.Configs["certDir"] = s.config.CertDir @@ -207,7 +211,6 @@ func (s *Sidecar) updatePlugins() { request.Configs["svidKeyFileName"] = s.config.SvidKeyFileName request.Configs["svidBundleFileName"] = s.config.SvidBundleFileName - // try to post request pluginPath := pluginConfig["path"] if pluginPath == "" { s.config.Log.Warnf("Please provide a path for plugin %s", pluginName) @@ -220,7 +223,6 @@ func (s *Sidecar) updatePlugins() { Cmd: exec.Command(pluginPath), AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC}, }) - defer client.Kill() RPCClient, err := client.Client() if err != nil { @@ -234,13 +236,15 @@ func (s *Sidecar) updatePlugins() { continue } - spiffeHelperPlugin := raw.(pb.SpiffeHelperPlugin) - response, err := spiffeHelperPlugin.PostConfigs(context.Background(), request) + notifier := raw.(pb.Notifier) + response, err := notifier.LoadConfigs(context.Background(), request) if err != nil { - s.config.Log.Warnf("Failed to post configs to plugin %s", pluginName) + s.config.Log.Warnf("Failed to load configs into plugin %s", pluginName) continue } + s.plugins[pluginName] = ¬ifier + s.config.Log.Infof("Plugin %s updated %s", pluginName, response) } } @@ -255,6 +259,17 @@ func (s *Sidecar) checkProcessExit() { atomic.StoreInt32(&s.processRunning, 0) } +func (s *Sidecar) notifyPlugins() { + for pluginName := range s.plugins { + plugin := *s.plugins[pluginName] + _, err := plugin.UpdateX509SVID(context.Background(), &pb.Empty{}) + if err != nil { + s.config.Log.Warnf("Failed to update x509 svid to plugin %s", pluginName) + continue + } + } +} + // dumpBundles takes a X509SVIDResponse, representing a svid message from // the Workload API, and calls writeCerts and writeKey to write to disk // the svid, key and bundle of certificates. @@ -296,6 +311,8 @@ func (s *Sidecar) dumpBundles(svidResponse *workloadapi.X509Context) error { return err } + s.notifyPlugins() + return nil } diff --git a/proto/plugin/plugin.proto b/proto/plugin/plugin.proto deleted file mode 100644 index e94d8eb6..00000000 --- a/proto/plugin/plugin.proto +++ /dev/null @@ -1,14 +0,0 @@ -syntax = "proto3"; - -package helperPlugin; -option go_package = "../../pkg/helperPlugin"; - -message Empty {} - -message ConfigsRequest { - map configs = 1; -} - -service SpiffeHelper { - rpc PostConfigs(ConfigsRequest) returns (Empty) {}; -} From c30c4379465701c3553e4597121e0ffa1bdf7c75 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Mon, 10 Jul 2023 09:13:20 -0300 Subject: [PATCH 08/13] Adds checksum validation. Signed-off-by: JU4N98 --- pkg/notifier/shared.go | 17 +++++++++++++++++ pkg/sidecar/sidecar.go | 25 +++++++++++++++++++------ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/pkg/notifier/shared.go b/pkg/notifier/shared.go index d72b4b9a..c1838eb6 100644 --- a/pkg/notifier/shared.go +++ b/pkg/notifier/shared.go @@ -2,6 +2,9 @@ package notifier import ( context "context" + "crypto/sha256" + "encoding/hex" + "fmt" "github.com/hashicorp/go-plugin" grpc "google.golang.org/grpc" @@ -70,3 +73,17 @@ func GetHandshakeConfig() plugin.HandshakeConfig { func GetPluginMap() map[string]plugin.Plugin { return map[string]plugin.Plugin{"plugin": &GRPCNotifier{}} } + +func GetSecureConfig(checksum string) (*plugin.SecureConfig, error) { + sum, err := hex.DecodeString(checksum) + if err != nil { + return nil, fmt.Errorf("checksum is not a valid hex string") + } + + hash := sha256.New() + if len(sum) != hash.Size() { + return nil, fmt.Errorf("expected checksum of length %d; got %d", hash.Size()*2, len(sum)*2) + } + + return &plugin.SecureConfig{Checksum: sum, Hash: sha256.New()}, nil +} diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index 67f230c7..f1ec0540 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -203,6 +203,24 @@ func (s *Sidecar) signalProcess() (err error) { func (s *Sidecar) loadPlugins() { for pluginName, pluginConfig := range s.config.Plugins { + pluginPath := pluginConfig["path"] + if pluginPath == "" { + s.config.Log.Warnf("Please provide a path for plugin %s", pluginName) + continue + } + + checksum := pluginConfig["checksum"] + if checksum == "" { + s.config.Log.Warnf("Please provide a checksum for plugin %s", pluginName) + continue + } + + secureConfig, err := pb.GetSecureConfig(checksum) + if err != nil { + s.config.Log.Warnf("Error while trying to create secure config for plugin %s", pluginName) + continue + } + request := &pb.ConfigsRequest{} request.Configs = pluginConfig request.Configs["certDir"] = s.config.CertDir @@ -211,17 +229,12 @@ func (s *Sidecar) loadPlugins() { request.Configs["svidKeyFileName"] = s.config.SvidKeyFileName request.Configs["svidBundleFileName"] = s.config.SvidBundleFileName - pluginPath := pluginConfig["path"] - if pluginPath == "" { - s.config.Log.Warnf("Please provide a path for plugin %s", pluginName) - continue - } - client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: pb.GetHandshakeConfig(), Plugins: pb.GetPluginMap(), Cmd: exec.Command(pluginPath), AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC}, + SecureConfig: secureConfig, }) RPCClient, err := client.Client() From 1db30a3c9ceaf347b2548700cf95f1e9a0ddd079 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Tue, 1 Aug 2023 13:53:26 -0300 Subject: [PATCH 09/13] Removes interface, adds messages. Signed-off-by: JU4N98 --- pkg/notifier/notifier.pb.go | 218 +++++++++++++----- pkg/notifier/notifier.proto | 17 +- pkg/notifier/notifier_grpc.pb.go | 28 +-- pkg/notifier/shared.go | 26 +-- pkg/notifier/simple-example/simple-example.go | 8 +- pkg/sidecar/sidecar.go | 10 +- 6 files changed, 209 insertions(+), 98 deletions(-) diff --git a/pkg/notifier/notifier.pb.go b/pkg/notifier/notifier.pb.go index 0abd4252..30ca2492 100644 --- a/pkg/notifier/notifier.pb.go +++ b/pkg/notifier/notifier.pb.go @@ -20,14 +20,16 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) -type Empty struct { +type LoadConfigsRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + Configs map[string]string `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } -func (x *Empty) Reset() { - *x = Empty{} +func (x *LoadConfigsRequest) Reset() { + *x = LoadConfigsRequest{} if protoimpl.UnsafeEnabled { mi := &file_notifier_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -35,13 +37,13 @@ func (x *Empty) Reset() { } } -func (x *Empty) String() string { +func (x *LoadConfigsRequest) String() string { return protoimpl.X.MessageStringOf(x) } -func (*Empty) ProtoMessage() {} +func (*LoadConfigsRequest) ProtoMessage() {} -func (x *Empty) ProtoReflect() protoreflect.Message { +func (x *LoadConfigsRequest) ProtoReflect() protoreflect.Message { mi := &file_notifier_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -53,21 +55,26 @@ func (x *Empty) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use Empty.ProtoReflect.Descriptor instead. -func (*Empty) Descriptor() ([]byte, []int) { +// Deprecated: Use LoadConfigsRequest.ProtoReflect.Descriptor instead. +func (*LoadConfigsRequest) Descriptor() ([]byte, []int) { return file_notifier_proto_rawDescGZIP(), []int{0} } -type ConfigsRequest struct { +func (x *LoadConfigsRequest) GetConfigs() map[string]string { + if x != nil { + return x.Configs + } + return nil +} + +type LoadConfigsResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - - Configs map[string]string `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } -func (x *ConfigsRequest) Reset() { - *x = ConfigsRequest{} +func (x *LoadConfigsResponse) Reset() { + *x = LoadConfigsResponse{} if protoimpl.UnsafeEnabled { mi := &file_notifier_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -75,13 +82,13 @@ func (x *ConfigsRequest) Reset() { } } -func (x *ConfigsRequest) String() string { +func (x *LoadConfigsResponse) String() string { return protoimpl.X.MessageStringOf(x) } -func (*ConfigsRequest) ProtoMessage() {} +func (*LoadConfigsResponse) ProtoMessage() {} -func (x *ConfigsRequest) ProtoReflect() protoreflect.Message { +func (x *LoadConfigsResponse) ProtoReflect() protoreflect.Message { mi := &file_notifier_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -93,42 +100,119 @@ func (x *ConfigsRequest) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use ConfigsRequest.ProtoReflect.Descriptor instead. -func (*ConfigsRequest) Descriptor() ([]byte, []int) { +// Deprecated: Use LoadConfigsResponse.ProtoReflect.Descriptor instead. +func (*LoadConfigsResponse) Descriptor() ([]byte, []int) { return file_notifier_proto_rawDescGZIP(), []int{1} } -func (x *ConfigsRequest) GetConfigs() map[string]string { - if x != nil { - return x.Configs +type UpdateX509SVIDRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *UpdateX509SVIDRequest) Reset() { + *x = UpdateX509SVIDRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } - return nil +} + +func (x *UpdateX509SVIDRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateX509SVIDRequest) ProtoMessage() {} + +func (x *UpdateX509SVIDRequest) ProtoReflect() protoreflect.Message { + mi := &file_notifier_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateX509SVIDRequest.ProtoReflect.Descriptor instead. +func (*UpdateX509SVIDRequest) Descriptor() ([]byte, []int) { + return file_notifier_proto_rawDescGZIP(), []int{2} +} + +type UpdateX509SVIDResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *UpdateX509SVIDResponse) Reset() { + *x = UpdateX509SVIDResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateX509SVIDResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateX509SVIDResponse) ProtoMessage() {} + +func (x *UpdateX509SVIDResponse) ProtoReflect() protoreflect.Message { + mi := &file_notifier_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateX509SVIDResponse.ProtoReflect.Descriptor instead. +func (*UpdateX509SVIDResponse) Descriptor() ([]byte, []int) { + return file_notifier_proto_rawDescGZIP(), []int{3} } var File_notifier_proto protoreflect.FileDescriptor var file_notifier_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x08, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d, - 0x70, 0x74, 0x79, 0x22, 0x8d, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x32, 0x7c, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, - 0x3a, 0x0a, 0x0b, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x18, - 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x34, 0x0a, 0x0e, 0x55, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x12, 0x0f, 0x2e, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x0f, - 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, - 0x00, 0x42, 0x0d, 0x5a, 0x0b, 0x2e, 0x2f, 0x3b, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x12, 0x08, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x22, 0x95, 0x01, 0x0a, 0x12, 0x4c, + 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x43, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x4c, 0x6f, + 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x22, 0x15, 0x0a, 0x13, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x17, 0x0a, 0x15, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x22, 0x18, 0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xaf, 0x01, 0x0a, + 0x08, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x4c, 0x6f, 0x61, + 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, + 0x72, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x12, 0x1f, 0x2e, 0x6e, 0x6f, 0x74, 0x69, + 0x66, 0x69, 0x65, 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, + 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6e, 0x6f, 0x74, + 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x0d, + 0x5a, 0x0b, 0x2e, 0x2f, 0x3b, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -143,18 +227,20 @@ func file_notifier_proto_rawDescGZIP() []byte { return file_notifier_proto_rawDescData } -var file_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 5) var file_notifier_proto_goTypes = []interface{}{ - (*Empty)(nil), // 0: notifier.Empty - (*ConfigsRequest)(nil), // 1: notifier.ConfigsRequest - nil, // 2: notifier.ConfigsRequest.ConfigsEntry + (*LoadConfigsRequest)(nil), // 0: notifier.LoadConfigsRequest + (*LoadConfigsResponse)(nil), // 1: notifier.LoadConfigsResponse + (*UpdateX509SVIDRequest)(nil), // 2: notifier.UpdateX509SVIDRequest + (*UpdateX509SVIDResponse)(nil), // 3: notifier.UpdateX509SVIDResponse + nil, // 4: notifier.LoadConfigsRequest.ConfigsEntry } var file_notifier_proto_depIdxs = []int32{ - 2, // 0: notifier.ConfigsRequest.configs:type_name -> notifier.ConfigsRequest.ConfigsEntry - 1, // 1: notifier.Notifier.LoadConfigs:input_type -> notifier.ConfigsRequest - 0, // 2: notifier.Notifier.UpdateX509SVID:input_type -> notifier.Empty - 0, // 3: notifier.Notifier.LoadConfigs:output_type -> notifier.Empty - 0, // 4: notifier.Notifier.UpdateX509SVID:output_type -> notifier.Empty + 4, // 0: notifier.LoadConfigsRequest.configs:type_name -> notifier.LoadConfigsRequest.ConfigsEntry + 0, // 1: notifier.Notifier.LoadConfigs:input_type -> notifier.LoadConfigsRequest + 2, // 2: notifier.Notifier.UpdateX509SVID:input_type -> notifier.UpdateX509SVIDRequest + 1, // 3: notifier.Notifier.LoadConfigs:output_type -> notifier.LoadConfigsResponse + 3, // 4: notifier.Notifier.UpdateX509SVID:output_type -> notifier.UpdateX509SVIDResponse 3, // [3:5] is the sub-list for method output_type 1, // [1:3] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name @@ -169,7 +255,7 @@ func file_notifier_proto_init() { } if !protoimpl.UnsafeEnabled { file_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Empty); i { + switch v := v.(*LoadConfigsRequest); i { case 0: return &v.state case 1: @@ -181,7 +267,31 @@ func file_notifier_proto_init() { } } file_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConfigsRequest); i { + switch v := v.(*LoadConfigsResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_notifier_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateX509SVIDRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_notifier_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateX509SVIDResponse); i { case 0: return &v.state case 1: @@ -199,7 +309,7 @@ func file_notifier_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_notifier_proto_rawDesc, NumEnums: 0, - NumMessages: 3, + NumMessages: 5, NumExtensions: 0, NumServices: 1, }, diff --git a/pkg/notifier/notifier.proto b/pkg/notifier/notifier.proto index d9b6215c..ae49735a 100644 --- a/pkg/notifier/notifier.proto +++ b/pkg/notifier/notifier.proto @@ -3,13 +3,20 @@ syntax = "proto3"; package notifier; option go_package = "./;notifier"; -message Empty {} - -message ConfigsRequest { +message LoadConfigsRequest { map configs = 1; } +message LoadConfigsResponse { +} + +message UpdateX509SVIDRequest { +} + +message UpdateX509SVIDResponse { +} + service Notifier { - rpc LoadConfigs(ConfigsRequest) returns (Empty) {}; - rpc UpdateX509SVID(Empty) returns (Empty) {}; + rpc LoadConfigs(LoadConfigsRequest) returns (LoadConfigsResponse) {}; + rpc UpdateX509SVID(UpdateX509SVIDRequest) returns (UpdateX509SVIDResponse) {}; } diff --git a/pkg/notifier/notifier_grpc.pb.go b/pkg/notifier/notifier_grpc.pb.go index 8b19df1e..1f48e2c8 100644 --- a/pkg/notifier/notifier_grpc.pb.go +++ b/pkg/notifier/notifier_grpc.pb.go @@ -27,8 +27,8 @@ const ( // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type NotifierClient interface { - LoadConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) - UpdateX509SVID(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) + LoadConfigs(ctx context.Context, in *LoadConfigsRequest, opts ...grpc.CallOption) (*LoadConfigsResponse, error) + UpdateX509SVID(ctx context.Context, in *UpdateX509SVIDRequest, opts ...grpc.CallOption) (*UpdateX509SVIDResponse, error) } type notifierClient struct { @@ -39,8 +39,8 @@ func NewNotifierClient(cc grpc.ClientConnInterface) NotifierClient { return ¬ifierClient{cc} } -func (c *notifierClient) LoadConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) +func (c *notifierClient) LoadConfigs(ctx context.Context, in *LoadConfigsRequest, opts ...grpc.CallOption) (*LoadConfigsResponse, error) { + out := new(LoadConfigsResponse) err := c.cc.Invoke(ctx, Notifier_LoadConfigs_FullMethodName, in, out, opts...) if err != nil { return nil, err @@ -48,8 +48,8 @@ func (c *notifierClient) LoadConfigs(ctx context.Context, in *ConfigsRequest, op return out, nil } -func (c *notifierClient) UpdateX509SVID(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) +func (c *notifierClient) UpdateX509SVID(ctx context.Context, in *UpdateX509SVIDRequest, opts ...grpc.CallOption) (*UpdateX509SVIDResponse, error) { + out := new(UpdateX509SVIDResponse) err := c.cc.Invoke(ctx, Notifier_UpdateX509SVID_FullMethodName, in, out, opts...) if err != nil { return nil, err @@ -61,8 +61,8 @@ func (c *notifierClient) UpdateX509SVID(ctx context.Context, in *Empty, opts ... // All implementations must embed UnimplementedNotifierServer // for forward compatibility type NotifierServer interface { - LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) - UpdateX509SVID(context.Context, *Empty) (*Empty, error) + LoadConfigs(context.Context, *LoadConfigsRequest) (*LoadConfigsResponse, error) + UpdateX509SVID(context.Context, *UpdateX509SVIDRequest) (*UpdateX509SVIDResponse, error) mustEmbedUnimplementedNotifierServer() } @@ -70,10 +70,10 @@ type NotifierServer interface { type UnimplementedNotifierServer struct { } -func (UnimplementedNotifierServer) LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) { +func (UnimplementedNotifierServer) LoadConfigs(context.Context, *LoadConfigsRequest) (*LoadConfigsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method LoadConfigs not implemented") } -func (UnimplementedNotifierServer) UpdateX509SVID(context.Context, *Empty) (*Empty, error) { +func (UnimplementedNotifierServer) UpdateX509SVID(context.Context, *UpdateX509SVIDRequest) (*UpdateX509SVIDResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateX509SVID not implemented") } func (UnimplementedNotifierServer) mustEmbedUnimplementedNotifierServer() {} @@ -90,7 +90,7 @@ func RegisterNotifierServer(s grpc.ServiceRegistrar, srv NotifierServer) { } func _Notifier_LoadConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ConfigsRequest) + in := new(LoadConfigsRequest) if err := dec(in); err != nil { return nil, err } @@ -102,13 +102,13 @@ func _Notifier_LoadConfigs_Handler(srv interface{}, ctx context.Context, dec fun FullMethod: Notifier_LoadConfigs_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(NotifierServer).LoadConfigs(ctx, req.(*ConfigsRequest)) + return srv.(NotifierServer).LoadConfigs(ctx, req.(*LoadConfigsRequest)) } return interceptor(ctx, in, info, handler) } func _Notifier_UpdateX509SVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) + in := new(UpdateX509SVIDRequest) if err := dec(in); err != nil { return nil, err } @@ -120,7 +120,7 @@ func _Notifier_UpdateX509SVID_Handler(srv interface{}, ctx context.Context, dec FullMethod: Notifier_UpdateX509SVID_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(NotifierServer).UpdateX509SVID(ctx, req.(*Empty)) + return srv.(NotifierServer).UpdateX509SVID(ctx, req.(*UpdateX509SVIDRequest)) } return interceptor(ctx, in, info, handler) } diff --git a/pkg/notifier/shared.go b/pkg/notifier/shared.go index c1838eb6..1f8c3722 100644 --- a/pkg/notifier/shared.go +++ b/pkg/notifier/shared.go @@ -10,15 +10,9 @@ import ( grpc "google.golang.org/grpc" ) -type Notifier interface { - LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) - UpdateX509SVID(context.Context, *Empty) (*Empty, error) - mustEmbedUnimplementedNotifierServer() -} - type GRPCNotifier struct { plugin.Plugin - Impl Notifier + Impl NotifierServer } func (p *GRPCNotifier) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error { @@ -34,11 +28,11 @@ type GRPCClient struct { client NotifierClient } -func (m *GRPCClient) LoadConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { +func (m *GRPCClient) LoadConfigs(ctx context.Context, config *LoadConfigsRequest) (*LoadConfigsResponse, error) { return m.client.LoadConfigs(context.Background(), config) } -func (m *GRPCClient) UpdateX509SVID(ctx context.Context, empty *Empty) (*Empty, error) { +func (m *GRPCClient) UpdateX509SVID(ctx context.Context, empty *UpdateX509SVIDRequest) (*UpdateX509SVIDResponse, error) { return m.client.UpdateX509SVID(context.Background(), empty) } @@ -46,17 +40,17 @@ func (m *GRPCClient) mustEmbedUnimplementedNotifierServer() { } type GRPCServer struct { - Impl Notifier + Impl NotifierServer } -func (m *GRPCServer) LoadConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { - _, err := m.Impl.LoadConfigs(ctx, config) - return &Empty{}, err +func (m *GRPCServer) LoadConfigs(ctx context.Context, request *LoadConfigsRequest) (*LoadConfigsResponse, error) { + _, err := m.Impl.LoadConfigs(ctx, request) + return &LoadConfigsResponse{}, err } -func (m *GRPCServer) UpdateX509SVID(ctx context.Context, empty *Empty) (*Empty, error) { - _, err := m.Impl.UpdateX509SVID(ctx, empty) - return &Empty{}, err +func (m *GRPCServer) UpdateX509SVID(ctx context.Context, request *UpdateX509SVIDRequest) (*UpdateX509SVIDResponse, error) { + _, err := m.Impl.UpdateX509SVID(ctx, request) + return &UpdateX509SVIDResponse{}, err } func (m *GRPCServer) mustEmbedUnimplementedNotifierServer() { diff --git a/pkg/notifier/simple-example/simple-example.go b/pkg/notifier/simple-example/simple-example.go index f7b66f18..728ada70 100644 --- a/pkg/notifier/simple-example/simple-example.go +++ b/pkg/notifier/simple-example/simple-example.go @@ -12,15 +12,15 @@ type SimplePlugin struct { pb.NotifierServer } -func (s *SimplePlugin) LoadConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { +func (s *SimplePlugin) LoadConfigs(ctx context.Context, request *pb.LoadConfigsRequest) (*pb.LoadConfigsResponse, error) { configs := request.Configs log.Printf("Message sent by %s to %s: %s", configs["from"], configs["to"], configs["message"]) - return &pb.Empty{}, nil + return &pb.LoadConfigsResponse{}, nil } -func (s *SimplePlugin) UpdateX509SVID(ctx context.Context, empty *pb.Empty) (*pb.Empty, error) { +func (s *SimplePlugin) UpdateX509SVID(ctx context.Context, request *pb.UpdateX509SVIDRequest) (*pb.UpdateX509SVIDResponse, error) { log.Printf("Svid updated") - return &pb.Empty{}, nil + return &pb.UpdateX509SVIDResponse{}, nil } func main() { diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index f1ec0540..f6b33c8d 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -41,7 +41,7 @@ type Sidecar struct { processRunning int32 process *os.Process certReadyChan chan struct{} - plugins map[string]*pb.Notifier + plugins map[string]*pb.NotifierServer } // New creates a new SPIFFE sidecar @@ -75,7 +75,7 @@ func New(configPath string, log logrus.FieldLogger) (*Sidecar, error) { sidecar := &Sidecar{ config: config, certReadyChan: make(chan struct{}, 1), - plugins: make(map[string]*pb.Notifier), + plugins: make(map[string]*pb.NotifierServer), } sidecar.loadPlugins() @@ -221,7 +221,7 @@ func (s *Sidecar) loadPlugins() { continue } - request := &pb.ConfigsRequest{} + request := &pb.LoadConfigsRequest{} request.Configs = pluginConfig request.Configs["certDir"] = s.config.CertDir request.Configs["addIntermediatesToBundle"] = strconv.FormatBool(s.config.AddIntermediatesToBundle) @@ -249,7 +249,7 @@ func (s *Sidecar) loadPlugins() { continue } - notifier := raw.(pb.Notifier) + notifier := raw.(pb.NotifierServer) response, err := notifier.LoadConfigs(context.Background(), request) if err != nil { s.config.Log.Warnf("Failed to load configs into plugin %s", pluginName) @@ -275,7 +275,7 @@ func (s *Sidecar) checkProcessExit() { func (s *Sidecar) notifyPlugins() { for pluginName := range s.plugins { plugin := *s.plugins[pluginName] - _, err := plugin.UpdateX509SVID(context.Background(), &pb.Empty{}) + _, err := plugin.UpdateX509SVID(context.Background(), &pb.UpdateX509SVIDRequest{}) if err != nil { s.config.Log.Warnf("Failed to update x509 svid to plugin %s", pluginName) continue From fb121c7d62577302a873e10f6703c4dd9abe3a5c Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Wed, 27 Dec 2023 16:01:42 -0300 Subject: [PATCH 10/13] Adds support for plugins that use JWTs. Signed-off-by: JU4N98 --- cmd/spiffe-helper/main.go | 4 +- pkg/notifier/notifier.pb.go | 390 ++++++++++++++---- pkg/notifier/notifier.proto | 14 + pkg/notifier/notifier_grpc.pb.go | 91 +++- pkg/notifier/shared.go | 22 +- pkg/notifier/simple-example/simple-example.go | 12 +- pkg/sidecar/sidecar.go | 62 ++- pkg/sidecar/sidecar_test.go | 6 +- 8 files changed, 484 insertions(+), 117 deletions(-) diff --git a/cmd/spiffe-helper/main.go b/cmd/spiffe-helper/main.go index 0ea6eef0..7095f6bb 100644 --- a/cmd/spiffe-helper/main.go +++ b/cmd/spiffe-helper/main.go @@ -34,9 +34,9 @@ func startSidecar(configPath string, log logrus.FieldLogger) error { ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt) defer stop() - spiffeSidecar, err := sidecar.New(configPath, log) + spiffeSidecar, err := sidecar.New(configPath, ctx, log) if err != nil { - return fmt.Errorf("Failed to create sidecar: %w", err) + return fmt.Errorf("failed to create sidecar: %w", err) } return spiffeSidecar.RunDaemon(ctx) diff --git a/pkg/notifier/notifier.pb.go b/pkg/notifier/notifier.pb.go index 30ca2492..69c65649 100644 --- a/pkg/notifier/notifier.pb.go +++ b/pkg/notifier/notifier.pb.go @@ -1,8 +1,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.28.1 // protoc v3.12.4 -// source: notifier.proto +// source: notifier/notifier.proto package notifier @@ -31,7 +31,7 @@ type LoadConfigsRequest struct { func (x *LoadConfigsRequest) Reset() { *x = LoadConfigsRequest{} if protoimpl.UnsafeEnabled { - mi := &file_notifier_proto_msgTypes[0] + mi := &file_notifier_notifier_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -44,7 +44,7 @@ func (x *LoadConfigsRequest) String() string { func (*LoadConfigsRequest) ProtoMessage() {} func (x *LoadConfigsRequest) ProtoReflect() protoreflect.Message { - mi := &file_notifier_proto_msgTypes[0] + mi := &file_notifier_notifier_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -57,7 +57,7 @@ func (x *LoadConfigsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use LoadConfigsRequest.ProtoReflect.Descriptor instead. func (*LoadConfigsRequest) Descriptor() ([]byte, []int) { - return file_notifier_proto_rawDescGZIP(), []int{0} + return file_notifier_notifier_proto_rawDescGZIP(), []int{0} } func (x *LoadConfigsRequest) GetConfigs() map[string]string { @@ -76,7 +76,7 @@ type LoadConfigsResponse struct { func (x *LoadConfigsResponse) Reset() { *x = LoadConfigsResponse{} if protoimpl.UnsafeEnabled { - mi := &file_notifier_proto_msgTypes[1] + mi := &file_notifier_notifier_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -89,7 +89,7 @@ func (x *LoadConfigsResponse) String() string { func (*LoadConfigsResponse) ProtoMessage() {} func (x *LoadConfigsResponse) ProtoReflect() protoreflect.Message { - mi := &file_notifier_proto_msgTypes[1] + mi := &file_notifier_notifier_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -102,7 +102,7 @@ func (x *LoadConfigsResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use LoadConfigsResponse.ProtoReflect.Descriptor instead. func (*LoadConfigsResponse) Descriptor() ([]byte, []int) { - return file_notifier_proto_rawDescGZIP(), []int{1} + return file_notifier_notifier_proto_rawDescGZIP(), []int{1} } type UpdateX509SVIDRequest struct { @@ -114,7 +114,7 @@ type UpdateX509SVIDRequest struct { func (x *UpdateX509SVIDRequest) Reset() { *x = UpdateX509SVIDRequest{} if protoimpl.UnsafeEnabled { - mi := &file_notifier_proto_msgTypes[2] + mi := &file_notifier_notifier_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -127,7 +127,7 @@ func (x *UpdateX509SVIDRequest) String() string { func (*UpdateX509SVIDRequest) ProtoMessage() {} func (x *UpdateX509SVIDRequest) ProtoReflect() protoreflect.Message { - mi := &file_notifier_proto_msgTypes[2] + mi := &file_notifier_notifier_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -140,7 +140,7 @@ func (x *UpdateX509SVIDRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateX509SVIDRequest.ProtoReflect.Descriptor instead. func (*UpdateX509SVIDRequest) Descriptor() ([]byte, []int) { - return file_notifier_proto_rawDescGZIP(), []int{2} + return file_notifier_notifier_proto_rawDescGZIP(), []int{2} } type UpdateX509SVIDResponse struct { @@ -152,7 +152,7 @@ type UpdateX509SVIDResponse struct { func (x *UpdateX509SVIDResponse) Reset() { *x = UpdateX509SVIDResponse{} if protoimpl.UnsafeEnabled { - mi := &file_notifier_proto_msgTypes[3] + mi := &file_notifier_notifier_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -165,7 +165,7 @@ func (x *UpdateX509SVIDResponse) String() string { func (*UpdateX509SVIDResponse) ProtoMessage() {} func (x *UpdateX509SVIDResponse) ProtoReflect() protoreflect.Message { - mi := &file_notifier_proto_msgTypes[3] + mi := &file_notifier_notifier_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -178,83 +178,261 @@ func (x *UpdateX509SVIDResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateX509SVIDResponse.ProtoReflect.Descriptor instead. func (*UpdateX509SVIDResponse) Descriptor() ([]byte, []int) { - return file_notifier_proto_rawDescGZIP(), []int{3} -} - -var File_notifier_proto protoreflect.FileDescriptor - -var file_notifier_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x08, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x22, 0x95, 0x01, 0x0a, 0x12, 0x4c, - 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x43, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x4c, 0x6f, - 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x22, 0x15, 0x0a, 0x13, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x17, 0x0a, 0x15, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x22, 0x18, 0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, - 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xaf, 0x01, 0x0a, - 0x08, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x4c, 0x6f, 0x61, - 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x12, 0x1f, 0x2e, 0x6e, 0x6f, 0x74, 0x69, + return file_notifier_notifier_proto_rawDescGZIP(), []int{3} +} + +type UpdateJWTSVIDRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *UpdateJWTSVIDRequest) Reset() { + *x = UpdateJWTSVIDRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_notifier_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateJWTSVIDRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateJWTSVIDRequest) ProtoMessage() {} + +func (x *UpdateJWTSVIDRequest) ProtoReflect() protoreflect.Message { + mi := &file_notifier_notifier_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateJWTSVIDRequest.ProtoReflect.Descriptor instead. +func (*UpdateJWTSVIDRequest) Descriptor() ([]byte, []int) { + return file_notifier_notifier_proto_rawDescGZIP(), []int{4} +} + +type UpdateJWTSVIDResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *UpdateJWTSVIDResponse) Reset() { + *x = UpdateJWTSVIDResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_notifier_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateJWTSVIDResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateJWTSVIDResponse) ProtoMessage() {} + +func (x *UpdateJWTSVIDResponse) ProtoReflect() protoreflect.Message { + mi := &file_notifier_notifier_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateJWTSVIDResponse.ProtoReflect.Descriptor instead. +func (*UpdateJWTSVIDResponse) Descriptor() ([]byte, []int) { + return file_notifier_notifier_proto_rawDescGZIP(), []int{5} +} + +type UpdateJWTBundleRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *UpdateJWTBundleRequest) Reset() { + *x = UpdateJWTBundleRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_notifier_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateJWTBundleRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateJWTBundleRequest) ProtoMessage() {} + +func (x *UpdateJWTBundleRequest) ProtoReflect() protoreflect.Message { + mi := &file_notifier_notifier_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateJWTBundleRequest.ProtoReflect.Descriptor instead. +func (*UpdateJWTBundleRequest) Descriptor() ([]byte, []int) { + return file_notifier_notifier_proto_rawDescGZIP(), []int{6} +} + +type UpdateJWTBundleResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *UpdateJWTBundleResponse) Reset() { + *x = UpdateJWTBundleResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_notifier_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateJWTBundleResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateJWTBundleResponse) ProtoMessage() {} + +func (x *UpdateJWTBundleResponse) ProtoReflect() protoreflect.Message { + mi := &file_notifier_notifier_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateJWTBundleResponse.ProtoReflect.Descriptor instead. +func (*UpdateJWTBundleResponse) Descriptor() ([]byte, []int) { + return file_notifier_notifier_proto_rawDescGZIP(), []int{7} +} + +var File_notifier_notifier_proto protoreflect.FileDescriptor + +var file_notifier_notifier_proto_rawDesc = []byte{ + 0x0a, 0x17, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x22, 0x95, 0x01, 0x0a, 0x12, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x07, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x6e, 0x6f, + 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, + 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x15, 0x0a, 0x13, 0x4c, + 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x17, 0x0a, 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x18, 0x0a, 0x16, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, + 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x17, 0x0a, + 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x18, 0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x22, 0x19, 0x0a, 0x17, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, + 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xdd, 0x02, 0x0a, 0x08, + 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x4c, 0x6f, 0x61, 0x64, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, + 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, + 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x12, 0x1f, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, + 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, - 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x6e, 0x6f, 0x74, - 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, - 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x0d, - 0x5a, 0x0b, 0x2e, 0x2f, 0x3b, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x52, 0x0a, + 0x0d, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x12, 0x1e, + 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, + 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x12, 0x58, 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x42, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x20, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, + 0x72, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x0d, 0x5a, 0x0b, 0x2e, + 0x2f, 0x3b, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( - file_notifier_proto_rawDescOnce sync.Once - file_notifier_proto_rawDescData = file_notifier_proto_rawDesc + file_notifier_notifier_proto_rawDescOnce sync.Once + file_notifier_notifier_proto_rawDescData = file_notifier_notifier_proto_rawDesc ) -func file_notifier_proto_rawDescGZIP() []byte { - file_notifier_proto_rawDescOnce.Do(func() { - file_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(file_notifier_proto_rawDescData) +func file_notifier_notifier_proto_rawDescGZIP() []byte { + file_notifier_notifier_proto_rawDescOnce.Do(func() { + file_notifier_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(file_notifier_notifier_proto_rawDescData) }) - return file_notifier_proto_rawDescData + return file_notifier_notifier_proto_rawDescData } -var file_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_notifier_proto_goTypes = []interface{}{ - (*LoadConfigsRequest)(nil), // 0: notifier.LoadConfigsRequest - (*LoadConfigsResponse)(nil), // 1: notifier.LoadConfigsResponse - (*UpdateX509SVIDRequest)(nil), // 2: notifier.UpdateX509SVIDRequest - (*UpdateX509SVIDResponse)(nil), // 3: notifier.UpdateX509SVIDResponse - nil, // 4: notifier.LoadConfigsRequest.ConfigsEntry +var file_notifier_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 9) +var file_notifier_notifier_proto_goTypes = []interface{}{ + (*LoadConfigsRequest)(nil), // 0: notifier.LoadConfigsRequest + (*LoadConfigsResponse)(nil), // 1: notifier.LoadConfigsResponse + (*UpdateX509SVIDRequest)(nil), // 2: notifier.UpdateX509SVIDRequest + (*UpdateX509SVIDResponse)(nil), // 3: notifier.UpdateX509SVIDResponse + (*UpdateJWTSVIDRequest)(nil), // 4: notifier.UpdateJWTSVIDRequest + (*UpdateJWTSVIDResponse)(nil), // 5: notifier.UpdateJWTSVIDResponse + (*UpdateJWTBundleRequest)(nil), // 6: notifier.UpdateJWTBundleRequest + (*UpdateJWTBundleResponse)(nil), // 7: notifier.UpdateJWTBundleResponse + nil, // 8: notifier.LoadConfigsRequest.ConfigsEntry } -var file_notifier_proto_depIdxs = []int32{ - 4, // 0: notifier.LoadConfigsRequest.configs:type_name -> notifier.LoadConfigsRequest.ConfigsEntry +var file_notifier_notifier_proto_depIdxs = []int32{ + 8, // 0: notifier.LoadConfigsRequest.configs:type_name -> notifier.LoadConfigsRequest.ConfigsEntry 0, // 1: notifier.Notifier.LoadConfigs:input_type -> notifier.LoadConfigsRequest 2, // 2: notifier.Notifier.UpdateX509SVID:input_type -> notifier.UpdateX509SVIDRequest - 1, // 3: notifier.Notifier.LoadConfigs:output_type -> notifier.LoadConfigsResponse - 3, // 4: notifier.Notifier.UpdateX509SVID:output_type -> notifier.UpdateX509SVIDResponse - 3, // [3:5] is the sub-list for method output_type - 1, // [1:3] is the sub-list for method input_type + 4, // 3: notifier.Notifier.UpdateJWTSVID:input_type -> notifier.UpdateJWTSVIDRequest + 6, // 4: notifier.Notifier.UpdateJWTBundle:input_type -> notifier.UpdateJWTBundleRequest + 1, // 5: notifier.Notifier.LoadConfigs:output_type -> notifier.LoadConfigsResponse + 3, // 6: notifier.Notifier.UpdateX509SVID:output_type -> notifier.UpdateX509SVIDResponse + 5, // 7: notifier.Notifier.UpdateJWTSVID:output_type -> notifier.UpdateJWTSVIDResponse + 7, // 8: notifier.Notifier.UpdateJWTBundle:output_type -> notifier.UpdateJWTBundleResponse + 5, // [5:9] is the sub-list for method output_type + 1, // [1:5] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name 1, // [1:1] is the sub-list for extension extendee 0, // [0:1] is the sub-list for field type_name } -func init() { file_notifier_proto_init() } -func file_notifier_proto_init() { - if File_notifier_proto != nil { +func init() { file_notifier_notifier_proto_init() } +func file_notifier_notifier_proto_init() { + if File_notifier_notifier_proto != nil { return } if !protoimpl.UnsafeEnabled { - file_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_notifier_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*LoadConfigsRequest); i { case 0: return &v.state @@ -266,7 +444,7 @@ func file_notifier_proto_init() { return nil } } - file_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_notifier_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*LoadConfigsResponse); i { case 0: return &v.state @@ -278,7 +456,7 @@ func file_notifier_proto_init() { return nil } } - file_notifier_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_notifier_notifier_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateX509SVIDRequest); i { case 0: return &v.state @@ -290,7 +468,7 @@ func file_notifier_proto_init() { return nil } } - file_notifier_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_notifier_notifier_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UpdateX509SVIDResponse); i { case 0: return &v.state @@ -302,23 +480,71 @@ func file_notifier_proto_init() { return nil } } + file_notifier_notifier_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateJWTSVIDRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_notifier_notifier_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateJWTSVIDResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_notifier_notifier_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateJWTBundleRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_notifier_notifier_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateJWTBundleResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_notifier_proto_rawDesc, + RawDescriptor: file_notifier_notifier_proto_rawDesc, NumEnums: 0, - NumMessages: 5, + NumMessages: 9, NumExtensions: 0, NumServices: 1, }, - GoTypes: file_notifier_proto_goTypes, - DependencyIndexes: file_notifier_proto_depIdxs, - MessageInfos: file_notifier_proto_msgTypes, + GoTypes: file_notifier_notifier_proto_goTypes, + DependencyIndexes: file_notifier_notifier_proto_depIdxs, + MessageInfos: file_notifier_notifier_proto_msgTypes, }.Build() - File_notifier_proto = out.File - file_notifier_proto_rawDesc = nil - file_notifier_proto_goTypes = nil - file_notifier_proto_depIdxs = nil + File_notifier_notifier_proto = out.File + file_notifier_notifier_proto_rawDesc = nil + file_notifier_notifier_proto_goTypes = nil + file_notifier_notifier_proto_depIdxs = nil } diff --git a/pkg/notifier/notifier.proto b/pkg/notifier/notifier.proto index ae49735a..9cf877e0 100644 --- a/pkg/notifier/notifier.proto +++ b/pkg/notifier/notifier.proto @@ -16,7 +16,21 @@ message UpdateX509SVIDRequest { message UpdateX509SVIDResponse { } +message UpdateJWTSVIDRequest { +} + +message UpdateJWTSVIDResponse { +} + +message UpdateJWTBundleRequest { +} + +message UpdateJWTBundleResponse { +} + service Notifier { rpc LoadConfigs(LoadConfigsRequest) returns (LoadConfigsResponse) {}; rpc UpdateX509SVID(UpdateX509SVIDRequest) returns (UpdateX509SVIDResponse) {}; + rpc UpdateJWTSVID(UpdateJWTSVIDRequest) returns (UpdateJWTSVIDResponse) {}; + rpc UpdateJWTBundle(UpdateJWTBundleRequest) returns (UpdateJWTBundleResponse) {}; } diff --git a/pkg/notifier/notifier_grpc.pb.go b/pkg/notifier/notifier_grpc.pb.go index 1f48e2c8..0a679d62 100644 --- a/pkg/notifier/notifier_grpc.pb.go +++ b/pkg/notifier/notifier_grpc.pb.go @@ -1,8 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.3.0 +// - protoc-gen-go-grpc v1.2.0 // - protoc v3.12.4 -// source: notifier.proto +// source: notifier/notifier.proto package notifier @@ -18,17 +18,14 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 -const ( - Notifier_LoadConfigs_FullMethodName = "/notifier.Notifier/LoadConfigs" - Notifier_UpdateX509SVID_FullMethodName = "/notifier.Notifier/UpdateX509SVID" -) - // NotifierClient is the client API for Notifier service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type NotifierClient interface { LoadConfigs(ctx context.Context, in *LoadConfigsRequest, opts ...grpc.CallOption) (*LoadConfigsResponse, error) UpdateX509SVID(ctx context.Context, in *UpdateX509SVIDRequest, opts ...grpc.CallOption) (*UpdateX509SVIDResponse, error) + UpdateJWTSVID(ctx context.Context, in *UpdateJWTSVIDRequest, opts ...grpc.CallOption) (*UpdateJWTSVIDResponse, error) + UpdateJWTBundle(ctx context.Context, in *UpdateJWTBundleRequest, opts ...grpc.CallOption) (*UpdateJWTBundleResponse, error) } type notifierClient struct { @@ -41,7 +38,7 @@ func NewNotifierClient(cc grpc.ClientConnInterface) NotifierClient { func (c *notifierClient) LoadConfigs(ctx context.Context, in *LoadConfigsRequest, opts ...grpc.CallOption) (*LoadConfigsResponse, error) { out := new(LoadConfigsResponse) - err := c.cc.Invoke(ctx, Notifier_LoadConfigs_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, "/notifier.Notifier/LoadConfigs", in, out, opts...) if err != nil { return nil, err } @@ -50,7 +47,25 @@ func (c *notifierClient) LoadConfigs(ctx context.Context, in *LoadConfigsRequest func (c *notifierClient) UpdateX509SVID(ctx context.Context, in *UpdateX509SVIDRequest, opts ...grpc.CallOption) (*UpdateX509SVIDResponse, error) { out := new(UpdateX509SVIDResponse) - err := c.cc.Invoke(ctx, Notifier_UpdateX509SVID_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, "/notifier.Notifier/UpdateX509SVID", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *notifierClient) UpdateJWTSVID(ctx context.Context, in *UpdateJWTSVIDRequest, opts ...grpc.CallOption) (*UpdateJWTSVIDResponse, error) { + out := new(UpdateJWTSVIDResponse) + err := c.cc.Invoke(ctx, "/notifier.Notifier/UpdateJWTSVID", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *notifierClient) UpdateJWTBundle(ctx context.Context, in *UpdateJWTBundleRequest, opts ...grpc.CallOption) (*UpdateJWTBundleResponse, error) { + out := new(UpdateJWTBundleResponse) + err := c.cc.Invoke(ctx, "/notifier.Notifier/UpdateJWTBundle", in, out, opts...) if err != nil { return nil, err } @@ -63,6 +78,8 @@ func (c *notifierClient) UpdateX509SVID(ctx context.Context, in *UpdateX509SVIDR type NotifierServer interface { LoadConfigs(context.Context, *LoadConfigsRequest) (*LoadConfigsResponse, error) UpdateX509SVID(context.Context, *UpdateX509SVIDRequest) (*UpdateX509SVIDResponse, error) + UpdateJWTSVID(context.Context, *UpdateJWTSVIDRequest) (*UpdateJWTSVIDResponse, error) + UpdateJWTBundle(context.Context, *UpdateJWTBundleRequest) (*UpdateJWTBundleResponse, error) mustEmbedUnimplementedNotifierServer() } @@ -76,6 +93,12 @@ func (UnimplementedNotifierServer) LoadConfigs(context.Context, *LoadConfigsRequ func (UnimplementedNotifierServer) UpdateX509SVID(context.Context, *UpdateX509SVIDRequest) (*UpdateX509SVIDResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateX509SVID not implemented") } +func (UnimplementedNotifierServer) UpdateJWTSVID(context.Context, *UpdateJWTSVIDRequest) (*UpdateJWTSVIDResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateJWTSVID not implemented") +} +func (UnimplementedNotifierServer) UpdateJWTBundle(context.Context, *UpdateJWTBundleRequest) (*UpdateJWTBundleResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateJWTBundle not implemented") +} func (UnimplementedNotifierServer) mustEmbedUnimplementedNotifierServer() {} // UnsafeNotifierServer may be embedded to opt out of forward compatibility for this service. @@ -99,7 +122,7 @@ func _Notifier_LoadConfigs_Handler(srv interface{}, ctx context.Context, dec fun } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: Notifier_LoadConfigs_FullMethodName, + FullMethod: "/notifier.Notifier/LoadConfigs", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(NotifierServer).LoadConfigs(ctx, req.(*LoadConfigsRequest)) @@ -117,7 +140,7 @@ func _Notifier_UpdateX509SVID_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: Notifier_UpdateX509SVID_FullMethodName, + FullMethod: "/notifier.Notifier/UpdateX509SVID", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(NotifierServer).UpdateX509SVID(ctx, req.(*UpdateX509SVIDRequest)) @@ -125,6 +148,42 @@ func _Notifier_UpdateX509SVID_Handler(srv interface{}, ctx context.Context, dec return interceptor(ctx, in, info, handler) } +func _Notifier_UpdateJWTSVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpdateJWTSVIDRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(NotifierServer).UpdateJWTSVID(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/notifier.Notifier/UpdateJWTSVID", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(NotifierServer).UpdateJWTSVID(ctx, req.(*UpdateJWTSVIDRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Notifier_UpdateJWTBundle_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpdateJWTBundleRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(NotifierServer).UpdateJWTBundle(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/notifier.Notifier/UpdateJWTBundle", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(NotifierServer).UpdateJWTBundle(ctx, req.(*UpdateJWTBundleRequest)) + } + return interceptor(ctx, in, info, handler) +} + // Notifier_ServiceDesc is the grpc.ServiceDesc for Notifier service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -140,7 +199,15 @@ var Notifier_ServiceDesc = grpc.ServiceDesc{ MethodName: "UpdateX509SVID", Handler: _Notifier_UpdateX509SVID_Handler, }, + { + MethodName: "UpdateJWTSVID", + Handler: _Notifier_UpdateJWTSVID_Handler, + }, + { + MethodName: "UpdateJWTBundle", + Handler: _Notifier_UpdateJWTBundle_Handler, + }, }, Streams: []grpc.StreamDesc{}, - Metadata: "notifier.proto", + Metadata: "notifier/notifier.proto", } diff --git a/pkg/notifier/shared.go b/pkg/notifier/shared.go index 1f8c3722..16117bbb 100644 --- a/pkg/notifier/shared.go +++ b/pkg/notifier/shared.go @@ -29,11 +29,19 @@ type GRPCClient struct { } func (m *GRPCClient) LoadConfigs(ctx context.Context, config *LoadConfigsRequest) (*LoadConfigsResponse, error) { - return m.client.LoadConfigs(context.Background(), config) + return m.client.LoadConfigs(ctx, config) } func (m *GRPCClient) UpdateX509SVID(ctx context.Context, empty *UpdateX509SVIDRequest) (*UpdateX509SVIDResponse, error) { - return m.client.UpdateX509SVID(context.Background(), empty) + return m.client.UpdateX509SVID(ctx, empty) +} + +func (m *GRPCClient) UpdateJWTSVID(ctx context.Context, empty *UpdateJWTSVIDRequest) (*UpdateJWTSVIDResponse, error) { + return m.client.UpdateJWTSVID(ctx, empty) +} + +func (m *GRPCClient) UpdateJWTBundle(ctx context.Context, empty *UpdateJWTBundleRequest) (*UpdateJWTBundleResponse, error) { + return m.client.UpdateJWTBundle(ctx, empty) } func (m *GRPCClient) mustEmbedUnimplementedNotifierServer() { @@ -53,6 +61,16 @@ func (m *GRPCServer) UpdateX509SVID(ctx context.Context, request *UpdateX509SVID return &UpdateX509SVIDResponse{}, err } +func (m *GRPCServer) UpdateJWTSVID(ctx context.Context, request *UpdateJWTSVIDRequest) (*UpdateJWTSVIDResponse, error) { + _, err := m.Impl.UpdateJWTSVID(ctx, request) + return &UpdateJWTSVIDResponse{}, err +} + +func (m *GRPCServer) UpdateJWTBundle(ctx context.Context, request *UpdateJWTBundleRequest) (*UpdateJWTBundleResponse, error) { + _, err := m.Impl.UpdateJWTBundle(ctx, request) + return &UpdateJWTBundleResponse{}, err +} + func (m *GRPCServer) mustEmbedUnimplementedNotifierServer() { } diff --git a/pkg/notifier/simple-example/simple-example.go b/pkg/notifier/simple-example/simple-example.go index 728ada70..cd1123b3 100644 --- a/pkg/notifier/simple-example/simple-example.go +++ b/pkg/notifier/simple-example/simple-example.go @@ -19,10 +19,20 @@ func (s *SimplePlugin) LoadConfigs(ctx context.Context, request *pb.LoadConfigsR } func (s *SimplePlugin) UpdateX509SVID(ctx context.Context, request *pb.UpdateX509SVIDRequest) (*pb.UpdateX509SVIDResponse, error) { - log.Printf("Svid updated") + log.Printf("X.509 SVID updated") return &pb.UpdateX509SVIDResponse{}, nil } +func (s *SimplePlugin) UpdateJWTSVID(ctx context.Context, request *pb.UpdateJWTSVIDRequest) (*pb.UpdateJWTSVIDResponse, error) { + log.Printf("JWT SVID updated") + return &pb.UpdateJWTSVIDResponse{}, nil +} + +func (s *SimplePlugin) UpdateJWTBundle(ctx context.Context, request *pb.UpdateJWTBundleRequest) (*pb.UpdateJWTBundleResponse, error) { + log.Printf("JWT bundle updated") + return &pb.UpdateJWTBundleResponse{}, nil +} + func main() { plugin.Serve(&plugin.ServeConfig{ HandshakeConfig: pb.GetHandshakeConfig(), diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index f6b33c8d..20976713 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -42,10 +42,11 @@ type Sidecar struct { process *os.Process certReadyChan chan struct{} plugins map[string]*pb.NotifierServer + ctx context.Context } // New creates a new SPIFFE sidecar -func New(configPath string, log logrus.FieldLogger) (*Sidecar, error) { +func New(configPath string, ctx context.Context, log logrus.FieldLogger) (*Sidecar, error) { config, err := ParseConfig(configPath) if err != nil { return nil, fmt.Errorf("failed to parse %q: %w", configPath, err) @@ -73,6 +74,7 @@ func New(configPath string, log logrus.FieldLogger) (*Sidecar, error) { } sidecar := &Sidecar{ + ctx: ctx, config: config, certReadyChan: make(chan struct{}, 1), plugins: make(map[string]*pb.NotifierServer), @@ -145,6 +147,7 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) { return } s.config.Log.Info("X.509 certificates updated") + s.notifyX509Update() if s.config.Cmd != "" { if err := s.signalProcess(); err != nil { @@ -156,9 +159,6 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) { os.Exit(0) } - s.config.Log.Infof("Updating plugins") - s.notifyPlugins() - select { case s.certReadyChan <- struct{}{}: default: @@ -223,11 +223,14 @@ func (s *Sidecar) loadPlugins() { request := &pb.LoadConfigsRequest{} request.Configs = pluginConfig - request.Configs["certDir"] = s.config.CertDir - request.Configs["addIntermediatesToBundle"] = strconv.FormatBool(s.config.AddIntermediatesToBundle) - request.Configs["svidFileName"] = s.config.SvidFileName - request.Configs["svidKeyFileName"] = s.config.SvidKeyFileName - request.Configs["svidBundleFileName"] = s.config.SvidBundleFileName + request.Configs["cert_dir"] = s.config.CertDir + request.Configs["add_intermediates_to_bundle"] = strconv.FormatBool(s.config.AddIntermediatesToBundle) + request.Configs["svid_file_name"] = s.config.SvidFileName + request.Configs["svid_key_file_name"] = s.config.SvidKeyFileName + request.Configs["svid_bundle_file_name"] = s.config.SvidBundleFileName + request.Configs["jwt_audience"] = s.config.JWTAudience + request.Configs["jwt_svid_file_name"] = s.config.JWTSvidFilename + request.Configs["jwt_bundle_file_name"] = s.config.JWTBundleFilename client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: pb.GetHandshakeConfig(), @@ -250,7 +253,7 @@ func (s *Sidecar) loadPlugins() { } notifier := raw.(pb.NotifierServer) - response, err := notifier.LoadConfigs(context.Background(), request) + response, err := notifier.LoadConfigs(s.ctx, request) if err != nil { s.config.Log.Warnf("Failed to load configs into plugin %s", pluginName) continue @@ -258,7 +261,7 @@ func (s *Sidecar) loadPlugins() { s.plugins[pluginName] = ¬ifier - s.config.Log.Infof("Plugin %s updated %s", pluginName, response) + s.config.Log.Infof("Plugin %s loaded %s", pluginName, response) } } @@ -272,10 +275,12 @@ func (s *Sidecar) checkProcessExit() { atomic.StoreInt32(&s.processRunning, 0) } -func (s *Sidecar) notifyPlugins() { +func (s *Sidecar) notifyX509Update() { for pluginName := range s.plugins { plugin := *s.plugins[pluginName] - _, err := plugin.UpdateX509SVID(context.Background(), &pb.UpdateX509SVIDRequest{}) + ctx, cancel := context.WithTimeout(s.ctx, 10*time.Second) + defer cancel() + _, err := plugin.UpdateX509SVID(ctx, &pb.UpdateX509SVIDRequest{}) if err != nil { s.config.Log.Warnf("Failed to update x509 svid to plugin %s", pluginName) continue @@ -283,6 +288,32 @@ func (s *Sidecar) notifyPlugins() { } } +func (s *Sidecar) notifyJWTSVIDUpdate() { + for pluginName := range s.plugins { + plugin := *s.plugins[pluginName] + ctx, cancel := context.WithTimeout(s.ctx, 10*time.Second) + defer cancel() + _, err := plugin.UpdateJWTSVID(ctx, &pb.UpdateJWTSVIDRequest{}) + if err != nil { + s.config.Log.Warnf("Failed to update jwt svid to plugin %s", pluginName) + continue + } + } +} + +func (s *Sidecar) notifyJWTBundleUpdate() { + for pluginName := range s.plugins { + plugin := *s.plugins[pluginName] + ctx, cancel := context.WithTimeout(s.ctx, 10*time.Second) + defer cancel() + _, err := plugin.UpdateJWTBundle(ctx, &pb.UpdateJWTBundleRequest{}) + if err != nil { + s.config.Log.Warnf("Failed to update jwt bundle to plugin %s", pluginName) + continue + } + } +} + // dumpBundles takes a X509SVIDResponse, representing a svid message from // the Workload API, and calls writeCerts and writeKey to write to disk // the svid, key and bundle of certificates. @@ -324,8 +355,6 @@ func (s *Sidecar) dumpBundles(svidResponse *workloadapi.X509Context) error { return err } - s.notifyPlugins() - return nil } @@ -360,6 +389,7 @@ func (s *Sidecar) updateJWTBundle(jwkSet *jwtbundle.Set) { s.config.Log.Errorf("Unable to write JSON file: %v", err) } else { s.config.Log.Info("JWT bundle updated") + s.notifyJWTBundleUpdate() } } @@ -417,6 +447,8 @@ func (s *Sidecar) performJWTSVIDUpdate(ctx context.Context) (*jwtsvid.SVID, erro } s.config.Log.Info("JWT SVID updated") + s.notifyJWTSVIDUpdate() + return jwtSVID, nil } diff --git a/pkg/sidecar/sidecar_test.go b/pkg/sidecar/sidecar_test.go index cf4d382f..dc982a59 100644 --- a/pkg/sidecar/sidecar_test.go +++ b/pkg/sidecar/sidecar_test.go @@ -194,14 +194,14 @@ func TestSidecar_RunDaemon(t *testing.T) { func TestDefaultAgentAddress(t *testing.T) { log, _ := test.NewNullLogger() - spiffeSidecar, err := New("../../test/sidecar/config/helper.conf", log) + spiffeSidecar, err := New("../../test/sidecar/config/helper.conf", context.Background(), log) require.NoError(t, err) assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock") } func TestEnvAgentAddress(t *testing.T) { os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/spire-agent/public/api.sock") log, _ := test.NewNullLogger() - spiffeSidecar, err := New("../../test/sidecar/config/helper.conf", log) + spiffeSidecar, err := New("../../test/sidecar/config/helper.conf", context.Background(), log) require.NoError(t, err) assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock") } @@ -210,7 +210,7 @@ func TestAgentAddress(t *testing.T) { // This test is used to verify that we get the agent_address of the .conf file instead of the ENV value, if we have both os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/spire-agent/public/api.sock") log, _ := test.NewNullLogger() - spiffeSidecar, err := New("../../test/sidecar/configWithAddress/helper.conf", log) + spiffeSidecar, err := New("../../test/sidecar/configWithAddress/helper.conf", context.Background(), log) require.NoError(t, err) assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock") } From 65835b2d0e569a5e35bc19c0e7e1bdeea5684c07 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Wed, 27 Dec 2023 16:06:09 -0300 Subject: [PATCH 11/13] Fixes lint errors. Signed-off-by: JU4N98 --- cmd/spiffe-helper/main.go | 2 +- pkg/sidecar/sidecar.go | 2 +- pkg/sidecar/sidecar_test.go | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cmd/spiffe-helper/main.go b/cmd/spiffe-helper/main.go index 7095f6bb..54dc5ebc 100644 --- a/cmd/spiffe-helper/main.go +++ b/cmd/spiffe-helper/main.go @@ -34,7 +34,7 @@ func startSidecar(configPath string, log logrus.FieldLogger) error { ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt) defer stop() - spiffeSidecar, err := sidecar.New(configPath, ctx, log) + spiffeSidecar, err := sidecar.New(ctx, configPath, log) if err != nil { return fmt.Errorf("failed to create sidecar: %w", err) } diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index 20976713..abe8eed6 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -46,7 +46,7 @@ type Sidecar struct { } // New creates a new SPIFFE sidecar -func New(configPath string, ctx context.Context, log logrus.FieldLogger) (*Sidecar, error) { +func New(ctx context.Context, configPath string, log logrus.FieldLogger) (*Sidecar, error) { config, err := ParseConfig(configPath) if err != nil { return nil, fmt.Errorf("failed to parse %q: %w", configPath, err) diff --git a/pkg/sidecar/sidecar_test.go b/pkg/sidecar/sidecar_test.go index dc982a59..e6a627c4 100644 --- a/pkg/sidecar/sidecar_test.go +++ b/pkg/sidecar/sidecar_test.go @@ -194,14 +194,14 @@ func TestSidecar_RunDaemon(t *testing.T) { func TestDefaultAgentAddress(t *testing.T) { log, _ := test.NewNullLogger() - spiffeSidecar, err := New("../../test/sidecar/config/helper.conf", context.Background(), log) + spiffeSidecar, err := New(context.Background(), "../../test/sidecar/config/helper.conf", log) require.NoError(t, err) assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock") } func TestEnvAgentAddress(t *testing.T) { os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/spire-agent/public/api.sock") log, _ := test.NewNullLogger() - spiffeSidecar, err := New("../../test/sidecar/config/helper.conf", context.Background(), log) + spiffeSidecar, err := New(context.Background(), "../../test/sidecar/config/helper.conf", log) require.NoError(t, err) assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock") } @@ -210,7 +210,7 @@ func TestAgentAddress(t *testing.T) { // This test is used to verify that we get the agent_address of the .conf file instead of the ENV value, if we have both os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/spire-agent/public/api.sock") log, _ := test.NewNullLogger() - spiffeSidecar, err := New("../../test/sidecar/configWithAddress/helper.conf", context.Background(), log) + spiffeSidecar, err := New(context.Background(), "../../test/sidecar/configWithAddress/helper.conf", log) require.NoError(t, err) assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock") } From 7c29265832becb99f92acd622a00b544520e17c8 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Thu, 28 Dec 2023 15:18:20 -0300 Subject: [PATCH 12/13] Updates README. Signed-off-by: JU4N98 --- README.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3d4f6cdc..0371b911 100644 --- a/README.md +++ b/README.md @@ -31,9 +31,11 @@ The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted f | `jwt_audience` | JWT SVID audience. | `"your-audience"` | | `jwt_svid_file_name` | File name to be used to store JWT SVID in Base64-encoded string. | `"jwt_svid.token"` | | `jwt_bundle_file_name` | File name to be used to store JWT Bundle in JSON format. | `"jwt_bundle.json"` | +| `plugins` | Block of plugins. | | + ### Configuration example -``` +```hcl agent_address = "/tmp/spire-agent/public/api.sock" cmd = "ghostunnel" cmd_args = "server --listen localhost:8002 --target localhost:8001 --keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database" @@ -45,10 +47,17 @@ svid_bundle_file_name = "svid_bundle.pem" jwt_audience = "your-audience" jwt_svid_file_name = "jwt.token" jwt_bundle_file_name = "bundle.json" +plugins { + "plugin_name" { + path="/tmp/plugins/plugin_name" + checksum="7ae182614c5b2f96b0c6655a6bf3e1e64fb0dbb9142fa50c8cf0002c5c5bb9c5" + custom_config="random_value" + } +} ``` ### Windows example -``` +```hcl agent_address = "spire-agent\\public\\api" cert_dir = "certs" svid_file_name = "svid.pem" @@ -57,4 +66,11 @@ svid_bundle_file_name = "svid_bundle.pem" jwt_audience = "your-audience" jwt_svid_file_name = "jwt.token" jwt_bundle_file_name = "bundle.json" +plugins { + "plugin_name" { + path="c:\\tmp\\plugins\\plugin_name" + checksum="7ae182614c5b2f96b0c6655a6bf3e1e64fb0dbb9142fa50c8cf0002c5c5bb9c5" + custom_config="random_value" + } +} ``` From d5376345b21a9ac9bbe276b78217db20b9d20386 Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Wed, 3 Jan 2024 13:08:25 -0300 Subject: [PATCH 13/13] Adds it for plugins. Signed-off-by: JU4N98 --- .github/tests/it/client/Dockerfile | 18 +++++++-- .github/tests/it/client/helper.conf | 14 +++++++ .github/tests/it/integration_test.sh | 4 ++ .github/tests/it/run-plugin-test.sh | 40 +++++++++++++++++++ .github/tests/it/spiffe-helper/Dockerfile | 1 + .github/tests/run-plugin-test.sh | 15 +++++++ .../plugin/plugin.go | 25 +++++++++++- pkg/sidecar/sidecar.go | 5 +++ 8 files changed, 117 insertions(+), 5 deletions(-) create mode 100644 .github/tests/it/run-plugin-test.sh create mode 100644 .github/tests/run-plugin-test.sh rename pkg/notifier/simple-example/simple-example.go => examples/plugin/plugin.go (66%) diff --git a/.github/tests/it/client/Dockerfile b/.github/tests/it/client/Dockerfile index a94f8f4b..ca1e4c90 100644 --- a/.github/tests/it/client/Dockerfile +++ b/.github/tests/it/client/Dockerfile @@ -11,21 +11,33 @@ ARG DEBIAN_FRONTEND=noninteractive RUN apt update && apt install postgresql mysql-client -y RUN mkdir -p /run/client/certs +RUN mkdir -p /run/client/plugin_certs COPY ./postgres-connect.sh /run/client/postgres-connect.sh COPY ./mysql-connect.sh /run/client/mysql-connect.sh COPY ./assert.sh /run/client/assert.sh -RUN touch /run/client/certs/svid.crt /run/client/certs/svid.key /run/client/certs/root.crt +RUN touch /run/client/certs/svid.crt /run/client/certs/svid.key /run/client/certs/root.crt \ +/run/client/certs/jwt.json /run/client/certs/jwk.json /run/client/plugin_certs/svid.crt \ +/run/client/plugin_certs/jwt.json /run/client/plugin_certs/jwk.json RUN chmod +x /run/client/postgres-connect.sh /run/client/mysql-connect.sh /run/client/assert.sh -RUN chmod 600 /run/client/certs/svid.crt /run/client/certs/svid.key /run/client/certs/root.crt +RUN chmod 600 /run/client/certs/svid.crt /run/client/certs/svid.key /run/client/certs/root.crt \ +/run/client/certs/jwt.json /run/client/certs/jwk.json /run/client/plugin_certs/svid.crt \ +/run/client/plugin_certs/jwt.json /run/client/plugin_certs/jwk.json RUN chown client:client \ /run/client/postgres-connect.sh \ /run/client/mysql-connect.sh \ /run/client/assert.sh \ /run/client/certs/svid.crt \ /run/client/certs/svid.key \ - /run/client/certs/root.crt + /run/client/certs/root.crt \ + /run/client/certs/jwt.json \ + /run/client/certs/jwk.json \ + /run/client/plugin_certs/svid.crt \ + /run/client/plugin_certs/jwt.json \ + /run/client/plugin_certs/jwk.json + USER root COPY --from=it-spiffe-helper /service/spiffe-helper /opt/helper/spiffe-helper +COPY --from=it-spiffe-helper /service/simple-plugin /opt/helper/simple-plugin COPY --from=builder /service/client /opt/go-client/client diff --git a/.github/tests/it/client/helper.conf b/.github/tests/it/client/helper.conf index 95ae2a81..3f7a5589 100644 --- a/.github/tests/it/client/helper.conf +++ b/.github/tests/it/client/helper.conf @@ -6,3 +6,17 @@ renewSignal = "SIGUSR1" svidFileName = "svid.crt" svidKeyFileName = "svid.key" svidBundleFileName = "root.crt" +jwt_audience = "example.org" +jwt_svid_file_name = "jwt.json" +jwt_bundle_file_name = "jwk.json" + +plugins { + "simple-plugin" { + path="/opt/helper/simple-plugin" + checksum="039bffe8a30ce9a6f3a1596e2d82ac6269cf2a083584ffae19c0ef178e23aba4" + plugin_cert_dir="/run/client/plugin_certs/" + x509_svid_file_name="svid.crt" + jwt_svid_file_name="jwt.json" + jwt_bundle_file_name="jwk.json" + } +} diff --git a/.github/tests/it/integration_test.sh b/.github/tests/it/integration_test.sh index 104df92b..e1cdb036 100755 --- a/.github/tests/it/integration_test.sh +++ b/.github/tests/it/integration_test.sh @@ -33,6 +33,10 @@ TEST_FAILED=$((TEST_FAILED + $?)) bash change-entry-client-test.sh TEST_FAILED=$((TEST_FAILED + $?)) +# Testing to upload a plugin and notify changes on SVIDs and bundles +bash run-plugin-test.sh +TEST_FAILED=$((TEST_FAILED + $?)) + echo if ((TEST_FAILED == 1)); then echo -e "${RED}❌ ${TEST_FAILED} test failed.${RESET}" diff --git a/.github/tests/it/run-plugin-test.sh b/.github/tests/it/run-plugin-test.sh new file mode 100644 index 00000000..db96eb54 --- /dev/null +++ b/.github/tests/it/run-plugin-test.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +RED='\033[0;31m' +GREEN='\033[0;32m' +RESET='\033[0m' +bad=0 + +ok(){ + echo -e "${GREEN}✔️ $1 succeeded ${RESET}" +} + +fail(){ + echo -e "${RED}❌ $1 failed ${RESET}" +} + +docker compose exec client su client -c "test -s /run/client/plugin_certs/svid.crt" +if [ $? -eq 0 ]; then + ok "Test plugin X.509 svid update" +else + fail "Test plugin X.509 svid update" + exit 1 +fi + +docker compose exec client su client -c "test -s /run/client/plugin_certs/jwt.json" +if [ $? -eq 0 ]; then + ok "Test plugin JWT svid update" +else + fail "Test plugin JWT svid update" + exit 1 +fi + +docker compose exec client su client -c "test -s /run/client/plugin_certs/jwk.json" +if [ $? -eq 0 ]; then + ok "Test plugin JWT bundle update" +else + fail "Test plugin JWT bundle update" + exit 1 +fi + +exit 0 diff --git a/.github/tests/it/spiffe-helper/Dockerfile b/.github/tests/it/spiffe-helper/Dockerfile index 17f9cb0f..71f686c5 100644 --- a/.github/tests/it/spiffe-helper/Dockerfile +++ b/.github/tests/it/spiffe-helper/Dockerfile @@ -2,3 +2,4 @@ FROM golang:1.21-alpine AS spiffe-helper COPY ./ /service/ WORKDIR /service RUN go build -tags netgo -a -v -o /service/spiffe-helper ./cmd/spiffe-helper +RUN go build -tags netgo -a -v -o /service/simple-plugin ./examples/plugin/plugin.go diff --git a/.github/tests/run-plugin-test.sh b/.github/tests/run-plugin-test.sh new file mode 100644 index 00000000..e226153e --- /dev/null +++ b/.github/tests/run-plugin-test.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# Define the target directory path +target_dir="./it" + +# Check if the target directory exists +if [ ! -d "$target_dir" ]; then + echo "Error: The target directory '$target_dir' does not exist." + exit 1 +fi + +# Change to the target directory +cd "$target_dir" || exit + +bash run-plugin-test.sh 1 \ No newline at end of file diff --git a/pkg/notifier/simple-example/simple-example.go b/examples/plugin/plugin.go similarity index 66% rename from pkg/notifier/simple-example/simple-example.go rename to examples/plugin/plugin.go index cd1123b3..011c8602 100644 --- a/pkg/notifier/simple-example/simple-example.go +++ b/examples/plugin/plugin.go @@ -3,6 +3,8 @@ package main import ( "context" "log" + "os" + "path" "github.com/hashicorp/go-plugin" pb "github.com/spiffe/spiffe-helper/pkg/notifier" @@ -10,25 +12,44 @@ import ( type SimplePlugin struct { pb.NotifierServer + configs map[string]string +} + +func writeSomething(path string) { + file, err := os.Create(path) + if err != nil { + log.Fatal(err) + } + defer file.Close() + + if _, err := file.WriteString("something"); err != nil { + log.Fatal(err) + } } func (s *SimplePlugin) LoadConfigs(ctx context.Context, request *pb.LoadConfigsRequest) (*pb.LoadConfigsResponse, error) { - configs := request.Configs - log.Printf("Message sent by %s to %s: %s", configs["from"], configs["to"], configs["message"]) + s.configs = request.Configs + log.Printf("Plugin loaded") return &pb.LoadConfigsResponse{}, nil } func (s *SimplePlugin) UpdateX509SVID(ctx context.Context, request *pb.UpdateX509SVIDRequest) (*pb.UpdateX509SVIDResponse, error) { + path := path.Join(s.configs["plugin_cert_dir"], s.configs["x509_svid_file_name"]) + writeSomething(path) log.Printf("X.509 SVID updated") return &pb.UpdateX509SVIDResponse{}, nil } func (s *SimplePlugin) UpdateJWTSVID(ctx context.Context, request *pb.UpdateJWTSVIDRequest) (*pb.UpdateJWTSVIDResponse, error) { + path := path.Join(s.configs["plugin_cert_dir"], s.configs["jwt_svid_file_name"]) + writeSomething(path) log.Printf("JWT SVID updated") return &pb.UpdateJWTSVIDResponse{}, nil } func (s *SimplePlugin) UpdateJWTBundle(ctx context.Context, request *pb.UpdateJWTBundleRequest) (*pb.UpdateJWTBundleResponse, error) { + path := path.Join(s.configs["plugin_cert_dir"], s.configs["jwt_bundle_file_name"]) + writeSomething(path) log.Printf("JWT bundle updated") return &pb.UpdateJWTBundleResponse{}, nil } diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index abe8eed6..92a82c6e 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -215,6 +215,11 @@ func (s *Sidecar) loadPlugins() { continue } + if _, typeIsPresent := pluginConfig["type"]; typeIsPresent { + s.config.Log.Warnf("Please update the configuration for plugin %s, type is a reserved configuration name", pluginName) + continue + } + secureConfig, err := pb.GetSecureConfig(checksum) if err != nil { s.config.Log.Warnf("Error while trying to create secure config for plugin %s", pluginName)