New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get resolver based on attestation method #652
Get resolver based on attestation method #652
Conversation
Signed-off-by: Marcos G. Yedro <marcosyedro@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
neat! a few comments...
pkg/server/endpoints/node/handler.go
Outdated
selectors = append(selectors, resolved.Entries...) | ||
if nodeResolver == nil { | ||
// If not matching node resolver found, skip adding additional selectors | ||
h.c.Log.Debug("could not find node resolver type %s", attestationType) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
%q
is a little nicer for logging arbitrary strings
@@ -38,12 +38,12 @@ func (c *Catalog) DataStores() []*catalog.ManagedDataStore { | |||
return c.dataStores | |||
} | |||
|
|||
func (c *Catalog) SetNodeAttestors(nodeAttestors ...nodeattestor.NodeAttestor) { | |||
func (c *Catalog) SetNodeAttestors(baseName string, nodeAttestors ...nodeattestor.NodeAttestor) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this feels a little clunky to me... i'd think i'd rather leave the Set
methods as they are and instead introduce a new method (which the Set method could use):
func (c *Catalog) SetNodeAttestors(nodeAttestors ...nodeattestor.NodeAttestor) {
c.nodeAttestors = nil
for i, nodeAttestor := range nodeAttestors {
c.AddNodeAttestorNamed(pluginName("nodeattestor", i), nodeAttestor)
}
}
func (c *Catalog) AddNodeAttestorNamed(name string, nodeAttestor nodeattestor.NodeAttestor) {
c.nodeAttestors = append(c.nodeAttestors, catalog.NewManagedNodeAttestor(
nodeAttestor, common.PluginConfig{
PluginName: name,
}))
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, that looks better 👍
@@ -60,7 +60,7 @@ type HandlerTestSuite struct { | |||
now time.Time | |||
} | |||
|
|||
func SetupHandlerTest(t *testing.T) *HandlerTestSuite { | |||
func SetupHandlerTest(t *testing.T, attestorBaseName, resolverBaseName string) *HandlerTestSuite { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rather than requiring each test to pass these values, i think it might be cleaner and clearer if SetupHandlerTest
adds the node attestor using some default name, like "fake" or something, and then all of the other tests don't bother adding a resolver. Then there can be a test that adds a resolver under the right name, and one that adds a resolver under the wrong name (and depending on the rest of the tests, a test that has no resolver).
All of the above assumes you add a new field to the suite to hold onto the catalog...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I totally agree!
Signed-off-by: Marcos G. Yedro <marcosyedro@gmail.com>
Pull Request check list
Affected functionality
Node resolver selection (spire-server)
Description of change
Currently, spire-server selects the first configured node resolver when trying to discover additional node selectors. This PR introduces a change to make this selection based on attestation method.
Which issue this PR fixes
Fixes #555