From e490b12e1e1c9df1704be569fe1aad3c3669698d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 2 Nov 2024 07:02:41 -0700 Subject: [PATCH 1/4] Add basic documentation about the template engine Signed-off-by: Kevin Fox --- doc/plugin_server_nodeattestor_aws_iid.md | 2 +- doc/plugin_server_nodeattestor_azure_msi.md | 1 + doc/plugin_server_nodeattestor_gcp_iit.md | 1 + doc/plugin_server_nodeattestor_x509pop.md | 1 + doc/template_engine.md | 19 +++++++++++++++++++ 5 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 doc/template_engine.md diff --git a/doc/plugin_server_nodeattestor_aws_iid.md b/doc/plugin_server_nodeattestor_aws_iid.md index 68babbcf96..2c013a73db 100644 --- a/doc/plugin_server_nodeattestor_aws_iid.md +++ b/doc/plugin_server_nodeattestor_aws_iid.md @@ -32,7 +32,7 @@ Sample configuration: } ``` -If `assume_role` is set, the SPIRE server will assume the role as specified by the template `arn:{{Partition}}:iam::{{AccountID}}:role/{{AssumeRole}}` where `Partition` comes from the AWS NodeAttestor plugin configuration if specified otherwise set to 'aws', `AccountID` is taken from the AWS IID document sent by the SPIRE agent to the SPIRE server and `AssumeRole` comes from the AWS NodeAttestor plugin configuration. +If `assume_role` is set, the SPIRE server will assume the role as specified by the template `arn:{{Partition}}:iam::{{AccountID}}:role/{{AssumeRole}}` where `Partition` comes from the AWS NodeAttestor plugin configuration if specified otherwise set to 'aws', `AccountID` is taken from the AWS IID document sent by the SPIRE agent to the SPIRE server and `AssumeRole` comes from the AWS NodeAttestor plugin configuration. Details about the template engine are available [here](template_engine.md). In the following configuration, diff --git a/doc/plugin_server_nodeattestor_azure_msi.md b/doc/plugin_server_nodeattestor_azure_msi.md index efaa07167a..01c3531c57 100644 --- a/doc/plugin_server_nodeattestor_azure_msi.md +++ b/doc/plugin_server_nodeattestor_azure_msi.md @@ -104,6 +104,7 @@ All of the selectors have the type `azure_msi`. The agent path template is a way of customizing the format of generated SPIFFE IDs for agents. The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [MSI access token](https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#payload-claims). +Details about the template engine are available [here](template_engine.md). Some useful values are: diff --git a/doc/plugin_server_nodeattestor_gcp_iit.md b/doc/plugin_server_nodeattestor_gcp_iit.md index 3a2d2756b1..009c2eee92 100644 --- a/doc/plugin_server_nodeattestor_gcp_iit.md +++ b/doc/plugin_server_nodeattestor_gcp_iit.md @@ -74,6 +74,7 @@ The service account must have IAM permissions and Authorization Scopes granting The agent path template is a way of customizing the format of generated SPIFFE IDs for agents. The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [Compute Engine identity token](https://cloud.google.com/compute/docs/instances/verifying-instance-identity#payload). +Details about the template engine are available [here](template_engine.md). Some useful values are: diff --git a/doc/plugin_server_nodeattestor_x509pop.md b/doc/plugin_server_nodeattestor_x509pop.md index 121f0ff970..f90021da18 100644 --- a/doc/plugin_server_nodeattestor_x509pop.md +++ b/doc/plugin_server_nodeattestor_x509pop.md @@ -47,6 +47,7 @@ A sample configuration: The agent path template is a way of customizing the format of generated SPIFFE IDs for agents. The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [golang x509.Certificate](https://pkg.go.dev/crypto/x509#Certificate) +Details about the template engine are available [here](template_engine.md). Some useful values are: diff --git a/doc/template_engine.md b/doc/template_engine.md new file mode 100644 index 0000000000..3a334d0339 --- /dev/null +++ b/doc/template_engine.md @@ -0,0 +1,19 @@ +## About + +In various plugins, the go based text/template engine is used. + +More about this language can be found here: +https://pkg.go.dev/text/template + +## Functions + +In addition to the built in functions as described here: +https://pkg.go.dev/text/template#hdr-Functions + +We also include a set of functions from the SPRIG library. + +The list of functions is available here: +https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11 + +The functions behavior can be found in the SPRIG documentation here: +https://masterminds.github.io/sprig/ From a4508b5d2b721ac1f047ad956f7ce9174d943b6a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 2 Nov 2024 07:39:31 -0700 Subject: [PATCH 2/4] Fix lint Signed-off-by: Kevin Fox --- doc/template_engine.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/doc/template_engine.md b/doc/template_engine.md index 3a334d0339..90974ffa9b 100644 --- a/doc/template_engine.md +++ b/doc/template_engine.md @@ -1,19 +1,15 @@ -## About +# Go Text Template Engine -In various plugins, the go based text/template engine is used. +## About -More about this language can be found here: -https://pkg.go.dev/text/template +In various plugins, the go based text/template engine is used. More information about this language can be found [here](https://pkg.go.dev/text/template). ## Functions -In addition to the built in functions as described here: -https://pkg.go.dev/text/template#hdr-Functions +In addition to the built in functions as described [here](https://pkg.go.dev/text/template#hdr-Functions). We also include a set of functions from the SPRIG library. -The list of functions is available here: -https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11 +The list of functions is available [here](https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11). -The functions behavior can be found in the SPRIG documentation here: -https://masterminds.github.io/sprig/ +The functions behavior can be found in the SPRIG documentation [here](https://masterminds.github.io/sprig/). From d51c3e720ea71ed59c250408136d53a94442c996 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 5 Nov 2024 15:23:40 -0800 Subject: [PATCH 3/4] Update doc/template_engine.md Co-authored-by: Andrew Harding Signed-off-by: kfox1111 --- doc/template_engine.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/template_engine.md b/doc/template_engine.md index 90974ffa9b..60eb4fc5d3 100644 --- a/doc/template_engine.md +++ b/doc/template_engine.md @@ -10,6 +10,6 @@ In addition to the built in functions as described [here](https://pkg.go.dev/tex We also include a set of functions from the SPRIG library. -The list of functions is available [here](https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11). +The list of SPRIG functions is available [here](https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11). The functions behavior can be found in the SPRIG documentation [here](https://masterminds.github.io/sprig/). From e1f337906896ec52ae1d4895b07847411a193445 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 5 Nov 2024 15:24:24 -0800 Subject: [PATCH 4/4] Update doc/template_engine.md Signed-off-by: kfox1111 --- doc/template_engine.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/template_engine.md b/doc/template_engine.md index 60eb4fc5d3..5738b04d84 100644 --- a/doc/template_engine.md +++ b/doc/template_engine.md @@ -6,9 +6,7 @@ In various plugins, the go based text/template engine is used. More information ## Functions -In addition to the built in functions as described [here](https://pkg.go.dev/text/template#hdr-Functions). - -We also include a set of functions from the SPRIG library. +In addition to the built in functions as described [here](https://pkg.go.dev/text/template#hdr-Functions), we also include a set of functions from the SPRIG library. The list of SPRIG functions is available [here](https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11).