Add agent bootstrap logic #94
Conversation
Commit light refactor of agent and cli code
evan2645
requested review from
amartinezfayo,
kunzimariano,
paul-argeniss,
walmav and
y2bishop2y
as code owners
| PluginTypeMap = map[string]plugin.Plugin{ | ||
| "KeyManager": &keymanager.KeyManagerPlugin{}, | ||
| "NodeAttestor": &nodeattestor.NodeAttestorPlugin{}, | ||
| "WorkloadAttestor": &workloadattestor.WorkloadAttestorPlugin{}, |
There was a problem hiding this comment.
maybe have const PluginType = "KeyManager" in keymanagerso u can usekeymanager.PluginType here
There was a problem hiding this comment.
That's a good idea! That pattern will probably help to solve some of the other challenges we have been facing with plugin management
Most of the code related to this is pre-existing and this PR just moved it from one place to another. We also need to send a change to the plugin catalog to handle a call to Configure so if it's OK, I'm thinking to reserve this for that PR since we'd probably want to update it across the board (server + agent).
| MaxPlugins = map[string]int{ | ||
| "KeyManager": 1, | ||
| "NodeAttestor": 1, | ||
| "WorkloadAttestor": 1, |
pkg/agent/agent.go
Outdated
|
|
||
| go func() { | ||
| listener, err := net.Listen(a.Config.BindAddress.Network(), a.Config.BindAddress.String()) | ||
| if err != nil { |
There was a problem hiding this comment.
Is there a way to gracefully shut down the connection? I vaguely remember being able to make a listener that uses context.Context.
There was a problem hiding this comment.
Good thought, I'll investigate this. Same code exists in spire server we'll need to update it there too
pkg/agent/agent.go
Outdated
| a.Config.Log.Log("msg", "Preparing to attest against %s", a.Config.ServerAddress.String()) | ||
|
|
||
| // Look up the node attestor plugin | ||
| pluginClients := a.Catalog.GetPluginsByType("NodeAttestor") |
There was a problem hiding this comment.
another use for nodeattestor.PluginType
pkg/agent/agent.go
Outdated
| // Main event loop | ||
| a.Config.Log.Log("msg", "SPIRE Agent is now running") | ||
| for { | ||
| select { |
pkg/agent/agent.go
Outdated
| } | ||
|
|
||
| func (a *Agent) initPlugins() error { | ||
| a.Config.Log.Log("msg", "Starting plugins") |
There was a problem hiding this comment.
Maybe logger is a better name.
a.Config.Logger.Log
There was a problem hiding this comment.
Yea :( I'm not a fan of the interface this logger exposes. When I wrote this originally I was hoping to directly access leveled logger here, but figured out later that it was more complicated than I thought. I'll change it on your suggestion
cmd/spire-agent/cli/command/run.go
Outdated
| defaultDataDir = "." | ||
| defaultLogFile = "spire-server.log" | ||
| defaultLogLevel = "INFO" | ||
| defaultPluginDir = "../../plugin/agent/.conf" |
There was a problem hiding this comment.
should this be a relative path? I guess I can see pro's and cons for each.
There was a problem hiding this comment.
Ultimately I think we'd want to make this something a little more usable (like etc or opt) but for now this works well during development. Definitely should change to absolute path at some point IMO
|
@boz hmm I'm not sure I follow. The event loop in |
|
Thanks for the explanation @boz I updated the PR to pick up your second suggestion. I'll circle back around later on to make the channels private, and add proper Shutdown func etc |
* fix: added error return to AttestContainerSignatures method * fix: changed variable from camel to snake case * fix: add returned type to error message in getBundleSignatureContent method * fix: changed log from camel to snake case * fix: fixed nil payload test case * fix: fix import order * fix: sync with remote * fix: change import order
* fix: added error return to AttestContainerSignatures method * fix: changed variable from camel to snake case * fix: add returned type to error message in getBundleSignatureContent method * fix: changed log from camel to snake case * fix: fixed nil payload test case * fix: fix import order * fix: sync with remote * fix: change import order Signed-off-by: Willian Alves <wiilliian.alves@gmail.com>
* fix: added error return to AttestContainerSignatures method * fix: changed variable from camel to snake case * fix: add returned type to error message in getBundleSignatureContent method * fix: changed log from camel to snake case * fix: fixed nil payload test case * fix: fix import order * fix: sync with remote * fix: change import order Signed-off-by: Willian Alves <wiilliian.alves@gmail.com>
* fix: added error return to AttestContainerSignatures method * fix: changed variable from camel to snake case * fix: add returned type to error message in getBundleSignatureContent method * fix: changed log from camel to snake case * fix: fixed nil payload test case * fix: fix import order * fix: sync with remote * fix: change import order Signed-off-by: Willian Alves <wiilliian.alves@gmail.com> Signed-off-by: Matheus Santos <matheusdefariascs@gmail.com>
* fix: added error return to AttestContainerSignatures method * fix: changed variable from camel to snake case * fix: add returned type to error message in getBundleSignatureContent method * fix: changed log from camel to snake case * fix: fixed nil payload test case * fix: fix import order * fix: sync with remote * fix: change import order Signed-off-by: Willian Alves <wiilliian.alves@gmail.com> Signed-off-by: Matheus Santos <matheusdefariascs@gmail.com>
* fix: added error return to AttestContainerSignatures method * fix: changed variable from camel to snake case * fix: add returned type to error message in getBundleSignatureContent method * fix: changed log from camel to snake case * fix: fixed nil payload test case * fix: fix import order * fix: sync with remote * fix: change import order Signed-off-by: Willian Alves <wiilliian.alves@gmail.com> Signed-off-by: Matheus Santos <matheusdefariascs@gmail.com>
* fix: added error return to AttestContainerSignatures method * fix: changed variable from camel to snake case * fix: add returned type to error message in getBundleSignatureContent method * fix: changed log from camel to snake case * fix: fixed nil payload test case * fix: fix import order * fix: sync with remote * fix: change import order Signed-off-by: Willian Alves <wiilliian.alves@gmail.com> Signed-off-by: Matheus Santos <matheusdefariascs@gmail.com>
This is an initial pass at the spire agent bootstrap logic. This change includes all the core business logic for spire agent to get up and attest against spire server. It also does a few other things:
Tests are coming soon. Getting this out early for review
Outstanding:
Configure