spiffe · azdagron · Apr 2, 2021 · Apr 2, 2021
diff --git a/conf/server/server.conf b/conf/server/server.conf
@@ -26,10 +26,6 @@ plugins {
         }
     }
 
-    NodeResolver "noop" {
-        plugin_data {}
-    }
-
     KeyManager "memory" {
         plugin_data = {}
     }

diff --git a/conf/server/server_full.conf b/conf/server/server_full.conf
@@ -452,12 +452,6 @@ plugins {
     #     }
     # }
 
-    # NodeResolver "noop": It is mandatory to have at least one node resolver
-    # plugin configured. This one is a no-op.
-    NodeResolver "noop" {
-        plugin_data {}
-    }
-
     # Notifier "gcs_bundle": A notifier that pushes the latest trust bundle
     # contents into an object in Google Cloud Storage.
     # Notifier "gcs_bundle" {

diff --git a/doc/SPIRE101.md b/doc/SPIRE101.md
@@ -87,10 +87,6 @@ If you don't already have Docker installed, please follow these [installation in
             }
         }
 
-        NodeResolver "noop" {
-            plugin_data {}
-        }
-
         KeyManager "memory" {
             plugin_data = {}
         }

diff --git a/doc/plugin_server_noderesolver_noop.md b/doc/plugin_server_noderesolver_noop.md
diff --git a/doc/spire_server.md b/doc/spire_server.md
@@ -30,7 +30,6 @@ This document is a configuration reference for SPIRE Server. It includes informa
 | NodeAttestor | [x509pop](/doc/plugin_server_nodeattestor_x509pop.md) | A node attestor which attests agent identity using an existing X.509 certificate |
 | NodeResolver | [aws_iid](/doc/plugin_server_noderesolver_aws_iid.md) | A node resolver which extends the [aws_iid](/doc/plugin_server_nodeattestor_aws_iid.md) node attestor plugin to support selecting nodes based on additional properties (such as Security Group ID). |
 | NodeResolver | [azure_msi](/doc/plugin_server_noderesolver_azure_msi.md) | A node resolver which extends the [azure_msi](/doc/plugin_server_nodeattestor_azure_msi.md) node attestor plugin to support selecting nodes based on additional properties (such as Network Security Group). |
-| NodeResolver | [noop](/doc/plugin_server_noderesolver_noop.md) | It is mandatory to have at least one node resolver plugin configured. This one is a no-op |
 | Notifier   | [gcs_bundle](/doc/plugin_server_notifier_gcs_bundle.md) | A notifier that pushes the latest trust bundle contents into an object in Google Cloud Storage. |
 | Notifier   | [k8sbundle](/doc/plugin_server_notifier_k8sbundle.md) | A notifier that pushes the latest trust bundle contents into a Kubernetes ConfigMap. |
 | UpstreamAuthority | [disk](/doc/plugin_server_upstreamauthority_disk.md) | Uses a CA loaded from disk to sign SPIRE server intermediate certificates. |
@@ -477,9 +476,6 @@ plugins {
     NodeAttestor "join_token" {
         plugin_data {}
     }
-    NodeResolver "noop" {
-        plugin_data {}
-    }
     KeyManager "disk" {
         plugin_data {
             keys_path = "/opt/spire/.data/keys.json"

diff --git a/pkg/server/catalog/catalog.go b/pkg/server/catalog/catalog.go
@@ -31,7 +31,6 @@ import (
 	"github.com/spiffe/spire/pkg/server/plugin/noderesolver"
 	nr_aws_iid "github.com/spiffe/spire/pkg/server/plugin/noderesolver/aws"
 	nr_azure_msi "github.com/spiffe/spire/pkg/server/plugin/noderesolver/azure"
-	nr_noop "github.com/spiffe/spire/pkg/server/plugin/noderesolver/noop"
 	"github.com/spiffe/spire/pkg/server/plugin/notifier"
 	no_gcs_bundle "github.com/spiffe/spire/pkg/server/plugin/notifier/gcsbundle"
 	no_k8sbundle "github.com/spiffe/spire/pkg/server/plugin/notifier/k8sbundle"
@@ -49,6 +48,11 @@ import (
 	upstreamauthorityv0 "github.com/spiffe/spire/proto/spire/plugin/server/upstreamauthority/v0"
 )
 
+const (
+	dataStoreType    = "DataStore"
+	nodeResolverType = "NodeResolver"
+)
+
 var (
 	builtIns = []catalog.Plugin{
 		// NodeAttestors
@@ -61,7 +65,6 @@ var (
 		na_k8s_psat.BuiltIn(),
 		na_join_token.BuiltIn(),
 		// NodeResolvers
-		nr_noop.BuiltIn(),
 		nr_aws_iid.BuiltIn(),
 		nr_azure_msi.BuiltIn(),
 		// UpstreamAuthorities
@@ -169,13 +172,19 @@ type Repository struct {
 func Load(ctx context.Context, config Config) (*Repository, error) {
 	// Strip out the Datastore plugin configuration and load the SQL plugin
 	// directly. This allows us to bypass gRPC and get rid of response limits.
-	dataStoreConfig := config.PluginConfig[datastore.Type]
-	delete(config.PluginConfig, datastore.Type)
+	dataStoreConfig := config.PluginConfig[dataStoreType]
+	delete(config.PluginConfig, dataStoreType)
 	ds, err := loadSQLDataStore(config.Log, dataStoreConfig)
 	if err != nil {
 		return nil, err
 	}
 
+	if _, ok := config.PluginConfig[nodeResolverType]["noop"]; ok {
+		// TODO: remove in 1.1.0
+		delete(config.PluginConfig[nodeResolverType], "noop")
+		config.Log.Warn(`The "noop" NodeResolver is not required, is deprecated, and will be removed from a future release`)
+	}
+
 	pluginConfigs, err := catalog.PluginConfigsFromHCL(config.PluginConfig)
 	if err != nil {
 		return nil, err
@@ -263,7 +272,7 @@ func loadSQLDataStore(log logrus.FieldLogger, datastoreConfig map[string]catalog
 		return nil, fmt.Errorf("pluggability for the DataStore is deprecated; only the built-in %q plugin is supported", ds_sql.PluginName)
 	}
 
-	sqlConfig, err := catalog.PluginConfigFromHCL(datastore.Type, ds_sql.PluginName, sqlHCLConfig)
+	sqlConfig, err := catalog.PluginConfigFromHCL(dataStoreType, ds_sql.PluginName, sqlHCLConfig)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/server/plugin/datastore/datastore.go b/pkg/server/plugin/datastore/datastore.go
@@ -8,8 +8,6 @@ import (
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
-const Type = "DataStore"
-
 // DataStore is the data storage interface
 type DataStore interface {
 	AppendBundle(context.Context, *AppendBundleRequest) (*AppendBundleResponse, error)

diff --git a/pkg/server/plugin/noderesolver/noop/noop.go b/pkg/server/plugin/noderesolver/noop/noop.go