Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workload API is not working in Windows. #258

Open
prasanthAllu opened this issue Dec 28, 2023 · 0 comments
Open

Workload API is not working in Windows. #258

prasanthAllu opened this issue Dec 28, 2023 · 0 comments

Comments

@prasanthAllu
Copy link

prasanthAllu commented Dec 28, 2023

The steps that I have followed to run the workload api in windows as given below.

  1. spire-server and spire-agent taken from the following .zip file
    https://github.com/spiffe/spire/releases/download/v1.8.7/spire-1.8.7-windows-amd64.zip

  2. And the configuration I have updated to support in windows that I have attached below.
    conf.zip

  3. And the SocketPath = "npipe:\\.\pipe\spire-agent\public\api"

  4. To start spire-server executed the following command.
    spire-server run -config conf/server/server.conf

  5. Generating the joinToken
    spire-server token generate -spiffeID spiffe://example.org/host

  6. To start spire-agent executed the following command.
    spire-agent run -config conf/agent/agent.conf -joinToken

  7. Created 2 new users server-workload and client-workload

  8. Define SPIRE server entries for the users:
    spire-server entry create -spiffeID spiffe://example.org/server -parentID spiffe://example.org/host -selector
    windows_account:username:server-workload

    spire-server entry create -spiffeID spiffe://example.org/server -parentID spiffe://example.org/host -selector
    windows_account:username:client-workload

  9. Run the server workload:
    runas /user:server-workload ".\server.exe" or go run main.go -username=server-workload

  10. Run the client workload:
    runas /user:client-workload ".\client.exe" or go run main.go -username=client-workload

Have I missed any essential commands in the process?

And If workload is working on windows, can you provide the demo video for it or steps with description.

image

from the watcher.go file

func newWatcher(ctx context.Context, config watcherConfig, x509ContextFn func(*X509Context), jwtBundlesFn func(*jwtbundle.Set)) (_ *watcher, err error) {
log.Println("Entered into newWatcher method")
w := &watcher{
updatedCh: make(chan struct{}, 1),
client: config.client,
cancel: func() {},
x509ContextFn: x509ContextFn,
x509ContextSet: make(chan struct{}),
jwtBundlesFn: jwtBundlesFn,
jwtBundlesSet: make(chan struct{}),
}

// If this function fails, we need to clean up the source.
defer func() {
	if err != nil {
		err = errs.Combine(err, w.Close())
	}
}()

// Initialize a new client unless one is provided by the options
if w.client == nil {
	client, err := New(ctx, config.clientOptions...)
	if err != nil {
		return nil, err
	}
	w.client = client
	w.ownsClient = true
}
log.Println("Before waitFor")
errCh := make(chan error, 2)
**waitFor := func(has <-chan struct{}) error {
	log.Println("one")
	select {
	case <-has:
		return nil
	case err := <-errCh:
		return err
	case <-ctx.Done():
		return ctx.Err()
	}
}**
log.Println("After waitFor")
// Kick up a background goroutine that watches the Workload API for
// updates.
var watchCtx context.Context
watchCtx, w.cancel = context.WithCancel(context.Background())
log.Println("Before if w.x509ContextFn")
if w.x509ContextFn != nil {
	w.wg.Add(1)
	go func() {
		defer w.wg.Done()
		errCh <- w.client.WatchX509Context(watchCtx, w)
	}()
	if err := waitFor(w.x509ContextSet); err != nil {
		return nil, err
	}
}
log.Println("Before if w.jwtBundlesFn")
if w.jwtBundlesFn != nil {
	w.wg.Add(1)
	go func() {
		defer w.wg.Done()
		errCh <- w.client.WatchJWTBundles(watchCtx, w)
	}()
	if err := waitFor(w.jwtBundlesSet); err != nil {
		return nil, err
	}
}

// Drain the update channel since this function blocks until an update and
// don't want callers to think there was an update on the source right
// after it was initialized. If we ever allow the watcher to be initialzed
// without waiting, this reset should be removed.
log.Println("Before w.drainUpdated()")
w.drainUpdated()
log.Println("After w.drainUpdated()")

return w, nil

}

the code I am highlighting where pointer has structed, means it is not coming out form the loop.

waitFor := func(has <-chan struct{}) error {
	log.Println("one")
	select {
	case <-has:
		return nil
	case err := <-errCh:
		return err
	case <-ctx.Done():
		return ctx.Err()
	}
}
@prasanthAllu prasanthAllu changed the title Getting the error while running in windows. for workload api (spiffe/error: Failed to watch the Workload API : rpc error: code = Unavailable desc = connection error: desc = "transport: Erro r while dialing: open \\.\pipe\backend-agent\public\api: The system cannot find the file specified.") Workload API is not working in Windows. Jan 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant