spiffe · kfox1111 · Nov 2, 2024 · Nov 2, 2024 · Nov 5, 2024 · Nov 5, 2024
@@ -32,7 +32,7 @@ Sample configuration:
     }
 ```
 
-If `assume_role` is set, the SPIRE server will assume the role as specified by the template `arn:{{Partition}}:iam::{{AccountID}}:role/{{AssumeRole}}` where `Partition` comes from the AWS NodeAttestor plugin configuration if specified otherwise set to 'aws', `AccountID` is taken from the AWS IID document sent by the SPIRE agent to the SPIRE server and `AssumeRole` comes from the AWS NodeAttestor plugin configuration.
+If `assume_role` is set, the SPIRE server will assume the role as specified by the template `arn:{{Partition}}:iam::{{AccountID}}:role/{{AssumeRole}}` where `Partition` comes from the AWS NodeAttestor plugin configuration if specified otherwise set to 'aws', `AccountID` is taken from the AWS IID document sent by the SPIRE agent to the SPIRE server and `AssumeRole` comes from the AWS NodeAttestor plugin configuration. Details about the template engine are available [here](template_engine.md).
 
 In the following configuration,
 

@@ -104,6 +104,7 @@ All the selectors have the type `azure_msi`.
 
 The agent path template is a way of customizing the format of generated SPIFFE IDs for agents.
 The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [MSI access token](https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#payload-claims).
+Details about the template engine are available [here](template_engine.md).
 
 Some useful values are:
 

@@ -74,6 +74,7 @@ The service account must have IAM permissions and Authorization Scopes granting
 
 The agent path template is a way of customizing the format of generated SPIFFE IDs for agents.
 The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [Compute Engine identity token](https://cloud.google.com/compute/docs/instances/verifying-instance-identity#payload).
+Details about the template engine are available [here](template_engine.md).
 
 Some useful values are:
 

@@ -47,6 +47,7 @@ A sample configuration:
 
 The agent path template is a way of customizing the format of generated SPIFFE IDs for agents.
 The template formatter is using Golang text/template conventions, it can reference values provided by the plugin or in a [golang x509.Certificate](https://pkg.go.dev/crypto/x509#Certificate)
+Details about the template engine are available [here](template_engine.md).
 
 Some useful values are:
 

@@ -0,0 +1,13 @@
+# Go Text Template Engine
+
+## About
+
+In various plugins, the go based text/template engine is used. More information about this language can be found [here](https://pkg.go.dev/text/template).
+
+## Functions
+
+In addition to the built in functions as described [here](https://pkg.go.dev/text/template#hdr-Functions), we also include a set of functions from the SPRIG library.
+
+The list of SPRIG functions is available [here](https://github.com/spiffe/spire/blob/main/pkg/common/agentpathtemplate/template.go#L11).
+
+The functions behavior can be found in the SPRIG documentation [here](https://masterminds.github.io/sprig/).