diff --git a/doc/plugin_server_nodeattestor_aws_iid.md b/doc/plugin_server_nodeattestor_aws_iid.md index 9d9e3f4ecf..3e25806102 100644 --- a/doc/plugin_server_nodeattestor_aws_iid.md +++ b/doc/plugin_server_nodeattestor_aws_iid.md @@ -32,7 +32,7 @@ Sample configuration: } ``` -If `assume_role` is set, the SPIRE server will assume the role as specified by the template `arn:{{Partition}}:iam::{{AccountID}}:role/{{AssumeRole}}` where `Partition` comes from the AWS NodeAttestor plugin configuration if specified otherwise set to 'aws', `AccountID` is taken from the AWS IID document sent by the SPIRE agent to the SPIRE server and `AssumeRole` comes from the AWS NodeAttestor plugin configuration. +If `assume_role` is set, the SPIRE server will assume the role as specified by the template `arn:{{Partition}}:iam::{{AccountID}}:role/{{AssumeRole}}` where `Partition` comes from the AWS NodeAttestor plugin configuration if specified otherwise set to 'aws', `AccountID` is taken from the AWS IID document sent by the SPIRE agent to the SPIRE server and `AssumeRole` comes from the AWS NodeAttestor plugin configuration. Details about the template engine are available [here](template_engine.md). In the following configuration, diff --git a/doc/plugin_server_nodeattestor_azure_msi.md b/doc/plugin_server_nodeattestor_azure_msi.md index 92914568cc..f445f3b98f 100644 --- a/doc/plugin_server_nodeattestor_azure_msi.md +++ b/doc/plugin_server_nodeattestor_azure_msi.md @@ -104,6 +104,7 @@ All the selectors have the type `azure_msi`. The agent path template is a way of customizing the format of generated SPIFFE IDs for agents. The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [MSI access token](https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#payload-claims). +Details about the template engine are available [here](template_engine.md). Some useful values are: diff --git a/doc/plugin_server_nodeattestor_gcp_iit.md b/doc/plugin_server_nodeattestor_gcp_iit.md index 3a2d2756b1..009c2eee92 100644 --- a/doc/plugin_server_nodeattestor_gcp_iit.md +++ b/doc/plugin_server_nodeattestor_gcp_iit.md @@ -74,6 +74,7 @@ The service account must have IAM permissions and Authorization Scopes granting The agent path template is a way of customizing the format of generated SPIFFE IDs for agents. The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [Compute Engine identity token](https://cloud.google.com/compute/docs/instances/verifying-instance-identity#payload). +Details about the template engine are available [here](template_engine.md). Some useful values are: diff --git a/doc/plugin_server_nodeattestor_x509pop.md b/doc/plugin_server_nodeattestor_x509pop.md index 121f0ff970..f90021da18 100644 --- a/doc/plugin_server_nodeattestor_x509pop.md +++ b/doc/plugin_server_nodeattestor_x509pop.md @@ -47,6 +47,7 @@ A sample configuration: The agent path template is a way of customizing the format of generated SPIFFE IDs for agents. The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [golang x509.Certificate](https://pkg.go.dev/crypto/x509#Certificate) +Details about the template engine are available [here](template_engine.md). Some useful values are: diff --git a/doc/template_engine.md b/doc/template_engine.md new file mode 100644 index 0000000000..5738b04d84 --- /dev/null +++ b/doc/template_engine.md @@ -0,0 +1,13 @@ +# Go Text Template Engine + +## About + +In various plugins, the go based text/template engine is used. More information about this language can be found [here](https://pkg.go.dev/text/template). + +## Functions + +In addition to the built in functions as described [here](https://pkg.go.dev/text/template#hdr-Functions), we also include a set of functions from the SPRIG library. + +The list of SPRIG functions is available [here](https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11). + +The functions behavior can be found in the SPRIG documentation [here](https://masterminds.github.io/sprig/).