Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Config Files with SPIRE Agent Default Socket Path and Fix README.md Table Formatting #102

Merged
merged 1 commit into from
Dec 20, 2023
Merged

Update Config Files with SPIRE Agent Default Socket Path and Fix README.md Table Formatting #102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,24 +16,24 @@ If `-config` is not specified, the default value `helper.conf` is assumed.
## Configuration
The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted file that defines the following configurations:

| Configuration | Description | Example Value |
|-----------------------------|----------------------------------------------------------------------------------------------------------------| -------------------- |
|`agent_address` | Socket address of SPIRE Agent. | `"/tmp/agent.sock"` |
|`cmd` | The path to the process to launch. | `"ghostunnel"` |
|`cmd_args` | The arguments of the process to launch. | `"server --listen localhost:8002 --target localhost:8001--keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database"` |
|`cert_dir` | Directory name to store the fetched certificates. This directory must be created previously. | `"certs"` |
|`add_intermediates_to_bundle`| Add intermediate certificates into Bundle file instead of SVID file. | `true` |
|`renew_signal` | The signal that the process to be launched expects to reload the certificates. It is not supported on Windows. | `"SIGUSR1"` |
|`svid_file_name` | File name to be used to store the X.509 SVID public certificate in PEM format. | `"svid.pem"` |
|`svid_key_file_name` | File name to be used to store the X.509 SVID private key and public certificate in PEM format. | `"svid_key.pem"` |
|`svid_bundle_file_name` | File name to be used to store the X.509 SVID Bundle in PEM format. | `"svid_bundle.pem"` |
|`jwt_audience` | JWT SVID audience. | `"your-audience"` |
|`jwt_svid_file_name` | File name to be used to store JWT SVID in Base64-encoded string. | `"jwt_svid.token"` |
|`jwt_bundle_file_name` | File name to be used to store JWT Bundle in JSON format. | `"jwt_bundle.json"` |
| Configuration | Description | Example Value |
|-------------------------------|----------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `agent_address` | Socket address of SPIRE Agent. | `"/tmp/agent.sock"` |
| `cmd` | The path to the process to launch. | `"ghostunnel"` |
| `cmd_args` | The arguments of the process to launch. | `"server --listen localhost:8002 --target localhost:8001--keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database"` |
| `cert_dir` | Directory name to store the fetched certificates. This directory must be created previously. | `"certs"` |
| `add_intermediates_to_bundle` | Add intermediate certificates into Bundle file instead of SVID file. | `true` |
| `renew_signal` | The signal that the process to be launched expects to reload the certificates. It is not supported on Windows. | `"SIGUSR1"` |
| `svid_file_name` | File name to be used to store the X.509 SVID public certificate in PEM format. | `"svid.pem"` |
| `svid_key_file_name` | File name to be used to store the X.509 SVID private key and public certificate in PEM format. | `"svid_key.pem"` |
| `svid_bundle_file_name` | File name to be used to store the X.509 SVID Bundle in PEM format. | `"svid_bundle.pem"` |
| `jwt_audience` | JWT SVID audience. | `"your-audience"` |
| `jwt_svid_file_name` | File name to be used to store JWT SVID in Base64-encoded string. | `"jwt_svid.token"` |
| `jwt_bundle_file_name` | File name to be used to store JWT Bundle in JSON format. | `"jwt_bundle.json"` |

### Configuration example
```
agent_address = "/tmp/agent.sock"
agent_address = "/tmp/spire-agent/public/api.sock"
cmd = "ghostunnel"
cmd_args = "server --listen localhost:8002 --target localhost:8001 --keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database"
cert_dir = "certs"
Expand Down
2 changes: 1 addition & 1 deletion examples/mysql/helper.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# SPIRE agent unix socket path
agent_address = "/tmp/agent.sock"
agent_address = "/tmp/spire-agent/public/api.sock"
faisal-memon marked this conversation as resolved.
Show resolved Hide resolved

# mysql binary path
cmd = "/usr/bin/mysql"
Expand Down
2 changes: 1 addition & 1 deletion examples/mysql/spire-agent.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ agent {
log_level = "DEBUG"
server_address = "127.0.0.1"
server_port = "8081"
socket_path ="/tmp/agent.sock"
socket_path ="/tmp/spire-agent/public/api.sock"
trust_bundle_path = "./conf/agent/dummy_root_ca.crt"
trust_domain = "example.org"
}
Expand Down
2 changes: 1 addition & 1 deletion examples/postgresql/helper.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
#

# SPIRE agent unix socket path
agent_address = "/tmp/agent.sock"
agent_address = "/tmp/spire-agent/public/api.sock"

# psql binary path
cmd = "/usr/bin/psql"
Expand Down
2 changes: 1 addition & 1 deletion examples/postgresql/spire-agent.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ agent {
log_level = "DEBUG"
server_address = "127.0.0.1"
server_port = "8081"
socket_path ="/tmp/agent.sock"
socket_path ="/tmp/spire-agent/public/api.sock"
trust_bundle_path = "./conf/agent/dummy_root_ca.crt"
trust_domain = "example.org"
}
Expand Down
2 changes: 1 addition & 1 deletion helper.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
agent_address = "/tmp/agent.sock"
agent_address = "/tmp/spire-agent/public/api.sock"
cmd = ""
cmd_args = ""
cert_dir = "certs"
Expand Down
2 changes: 1 addition & 1 deletion helper_envoy.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
agent_address = "/tmp/agent.sock"
agent_address = "/tmp/spire-agent/public/api.sock"
cmd = "hot-restarter.py"
cmd_args = "start_envoy.sh"
cert_dir = "certs"
Expand Down
2 changes: 1 addition & 1 deletion helper_ghostunnel.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
agent_address = "/tmp/agent.sock"
agent_address = "/tmp/spire-agent/public/api.sock"
cmd = "ghostunnel"
cmd_args = "server --listen localhost:8002 --target localhost:8001 --keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database"
cert_dir = "certs"
Expand Down
2 changes: 1 addition & 1 deletion pkg/sidecar/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ func TestParseConfig(t *testing.T) {

assert.NoError(t, err)

expectedAgentAddress := "/tmp/agent.sock"
expectedAgentAddress := "/tmp/spire-agent/public/api.sock"
expectedCmd := "hot-restarter.py"
expectedCmdArgs := "start_envoy.sh"
expectedCertDir := "certs"
Expand Down
6 changes: 3 additions & 3 deletions pkg/sidecar/sidecar_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,16 +199,16 @@ func TestDefaultAgentAddress(t *testing.T) {
assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock")
}
func TestEnvAgentAddress(t *testing.T) {
os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/agent.sock")
os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/spire-agent/public/api.sock")
log, _ := test.NewNullLogger()
spiffeSidecar, err := New("../../test/sidecar/config/helper.conf", log)
require.NoError(t, err)
assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/agent.sock")
assert.Equal(t, spiffeSidecar.config.AgentAddress, "/tmp/spire-agent/public/api.sock")
}

func TestAgentAddress(t *testing.T) {
// This test is used to verify that we get the agent_address of the .conf file instead of the ENV value, if we have both
os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/agent.sock")
os.Setenv("SPIRE_AGENT_ADDRESS", "/tmp/spire-agent/public/api.sock")
log, _ := test.NewNullLogger()
spiffeSidecar, err := New("../../test/sidecar/configWithAddress/helper.conf", log)
require.NoError(t, err)
Expand Down
2 changes: 1 addition & 1 deletion test/fixture/config/helper.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
agent_address = "/tmp/agent.sock"
agent_address = "/tmp/spire-agent/public/api.sock"
cmd = "hot-restarter.py"
cmd_args = "start_envoy.sh"
cert_dir = "certs"
Expand Down
Loading