From 2fa371f6d60e5da960c30703469b88cb8990eabe Mon Sep 17 00:00:00 2001 From: JU4N98 Date: Fri, 7 Jul 2023 14:00:13 -0300 Subject: [PATCH] Renames rpc methods, adds UpdateX509SVID rpc, plugins don't stop. Signed-off-by: JU4N98 --- pkg/helperPlugin/plugin.pb.go | 210 ----------------- pkg/helperPlugin/plugin_grpc.pb.go | 109 --------- pkg/helperPlugin/shared.go | 62 ----- pkg/notifier/notifier.pb.go | 214 ++++++++++++++++++ pkg/notifier/notifier.proto | 15 ++ pkg/notifier/notifier_grpc.pb.go | 146 ++++++++++++ pkg/notifier/shared.go | 72 ++++++ .../simple-example/simple-example.go | 15 +- pkg/sidecar/sidecar.go | 40 ++-- proto/plugin/plugin.proto | 14 -- 10 files changed, 483 insertions(+), 414 deletions(-) delete mode 100644 pkg/helperPlugin/plugin.pb.go delete mode 100644 pkg/helperPlugin/plugin_grpc.pb.go delete mode 100644 pkg/helperPlugin/shared.go create mode 100644 pkg/notifier/notifier.pb.go create mode 100644 pkg/notifier/notifier.proto create mode 100644 pkg/notifier/notifier_grpc.pb.go create mode 100644 pkg/notifier/shared.go rename pkg/{helperPlugin => notifier}/simple-example/simple-example.go (55%) delete mode 100644 proto/plugin/plugin.proto diff --git a/pkg/helperPlugin/plugin.pb.go b/pkg/helperPlugin/plugin.pb.go deleted file mode 100644 index adf4d0be..00000000 --- a/pkg/helperPlugin/plugin.pb.go +++ /dev/null @@ -1,210 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 -// source: plugin.proto - -package helperPlugin - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Empty struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *Empty) Reset() { - *x = Empty{} - if protoimpl.UnsafeEnabled { - mi := &file_plugin_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Empty) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Empty) ProtoMessage() {} - -func (x *Empty) ProtoReflect() protoreflect.Message { - mi := &file_plugin_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Empty.ProtoReflect.Descriptor instead. -func (*Empty) Descriptor() ([]byte, []int) { - return file_plugin_proto_rawDescGZIP(), []int{0} -} - -type ConfigsRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Configs map[string]string `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *ConfigsRequest) Reset() { - *x = ConfigsRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_plugin_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConfigsRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConfigsRequest) ProtoMessage() {} - -func (x *ConfigsRequest) ProtoReflect() protoreflect.Message { - mi := &file_plugin_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConfigsRequest.ProtoReflect.Descriptor instead. -func (*ConfigsRequest) Descriptor() ([]byte, []int) { - return file_plugin_proto_rawDescGZIP(), []int{1} -} - -func (x *ConfigsRequest) GetConfigs() map[string]string { - if x != nil { - return x.Configs - } - return nil -} - -var File_plugin_proto protoreflect.FileDescriptor - -var file_plugin_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, - 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x22, 0x07, 0x0a, 0x05, - 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x91, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x65, 0x6c, 0x70, - 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, - 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32, 0x52, 0x0a, 0x0c, 0x53, 0x70, 0x69, - 0x66, 0x66, 0x65, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0b, 0x50, 0x6f, 0x73, - 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, - 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x50, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x18, 0x5a, - 0x16, 0x2e, 0x2e, 0x2f, 0x2e, 0x2e, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x68, 0x65, 0x6c, 0x70, 0x65, - 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_plugin_proto_rawDescOnce sync.Once - file_plugin_proto_rawDescData = file_plugin_proto_rawDesc -) - -func file_plugin_proto_rawDescGZIP() []byte { - file_plugin_proto_rawDescOnce.Do(func() { - file_plugin_proto_rawDescData = protoimpl.X.CompressGZIP(file_plugin_proto_rawDescData) - }) - return file_plugin_proto_rawDescData -} - -var file_plugin_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_plugin_proto_goTypes = []interface{}{ - (*Empty)(nil), // 0: helperPlugin.Empty - (*ConfigsRequest)(nil), // 1: helperPlugin.ConfigsRequest - nil, // 2: helperPlugin.ConfigsRequest.ConfigsEntry -} -var file_plugin_proto_depIdxs = []int32{ - 2, // 0: helperPlugin.ConfigsRequest.configs:type_name -> helperPlugin.ConfigsRequest.ConfigsEntry - 1, // 1: helperPlugin.SpiffeHelper.PostConfigs:input_type -> helperPlugin.ConfigsRequest - 0, // 2: helperPlugin.SpiffeHelper.PostConfigs:output_type -> helperPlugin.Empty - 2, // [2:3] is the sub-list for method output_type - 1, // [1:2] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_plugin_proto_init() } -func file_plugin_proto_init() { - if File_plugin_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_plugin_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Empty); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_plugin_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConfigsRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_plugin_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_plugin_proto_goTypes, - DependencyIndexes: file_plugin_proto_depIdxs, - MessageInfos: file_plugin_proto_msgTypes, - }.Build() - File_plugin_proto = out.File - file_plugin_proto_rawDesc = nil - file_plugin_proto_goTypes = nil - file_plugin_proto_depIdxs = nil -} diff --git a/pkg/helperPlugin/plugin_grpc.pb.go b/pkg/helperPlugin/plugin_grpc.pb.go deleted file mode 100644 index 790ff855..00000000 --- a/pkg/helperPlugin/plugin_grpc.pb.go +++ /dev/null @@ -1,109 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. -// versions: -// - protoc-gen-go-grpc v1.3.0 -// - protoc v3.12.4 -// source: plugin.proto - -package helperPlugin - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 - -const ( - SpiffeHelper_PostConfigs_FullMethodName = "/helperPlugin.SpiffeHelper/PostConfigs" -) - -// SpiffeHelperClient is the client API for SpiffeHelper service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type SpiffeHelperClient interface { - PostConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) -} - -type spiffeHelperClient struct { - cc grpc.ClientConnInterface -} - -func NewSpiffeHelperClient(cc grpc.ClientConnInterface) SpiffeHelperClient { - return &spiffeHelperClient{cc} -} - -func (c *spiffeHelperClient) PostConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, SpiffeHelper_PostConfigs_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// SpiffeHelperServer is the server API for SpiffeHelper service. -// All implementations must embed UnimplementedSpiffeHelperServer -// for forward compatibility -type SpiffeHelperServer interface { - PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) - mustEmbedUnimplementedSpiffeHelperServer() -} - -// UnimplementedSpiffeHelperServer must be embedded to have forward compatible implementations. -type UnimplementedSpiffeHelperServer struct { -} - -func (UnimplementedSpiffeHelperServer) PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method PostConfigs not implemented") -} -func (UnimplementedSpiffeHelperServer) mustEmbedUnimplementedSpiffeHelperServer() {} - -// UnsafeSpiffeHelperServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to SpiffeHelperServer will -// result in compilation errors. -type UnsafeSpiffeHelperServer interface { - mustEmbedUnimplementedSpiffeHelperServer() -} - -func RegisterSpiffeHelperServer(s grpc.ServiceRegistrar, srv SpiffeHelperServer) { - s.RegisterService(&SpiffeHelper_ServiceDesc, srv) -} - -func _SpiffeHelper_PostConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ConfigsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SpiffeHelperServer).PostConfigs(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: SpiffeHelper_PostConfigs_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SpiffeHelperServer).PostConfigs(ctx, req.(*ConfigsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -// SpiffeHelper_ServiceDesc is the grpc.ServiceDesc for SpiffeHelper service. -// It's only intended for direct use with grpc.RegisterService, -// and not to be introspected or modified (even as a copy) -var SpiffeHelper_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "helperPlugin.SpiffeHelper", - HandlerType: (*SpiffeHelperServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "PostConfigs", - Handler: _SpiffeHelper_PostConfigs_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "plugin.proto", -} diff --git a/pkg/helperPlugin/shared.go b/pkg/helperPlugin/shared.go deleted file mode 100644 index e8a4039f..00000000 --- a/pkg/helperPlugin/shared.go +++ /dev/null @@ -1,62 +0,0 @@ -package helperPlugin - -import ( - context "context" - - "github.com/hashicorp/go-plugin" - grpc "google.golang.org/grpc" -) - -type SpiffeHelperPlugin interface { - PostConfigs(context.Context, *ConfigsRequest) (*Empty, error) - mustEmbedUnimplementedSpiffeHelperServer() -} - -type GRPCSpiffeHelperPlugin struct { - plugin.Plugin - Impl SpiffeHelperPlugin -} - -func (p *GRPCSpiffeHelperPlugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error { - RegisterSpiffeHelperServer(s, &GRPCServer{Impl: p.Impl}) - return nil -} - -func (p *GRPCSpiffeHelperPlugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { - return &GRPCClient{client: NewSpiffeHelperClient(c)}, nil -} - -type GRPCClient struct { - client SpiffeHelperClient -} - -func (m *GRPCClient) PostConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { - return m.client.PostConfigs(context.Background(), config) -} - -func (m *GRPCClient) mustEmbedUnimplementedSpiffeHelperServer() { -} - -type GRPCServer struct { - Impl SpiffeHelperPlugin -} - -func (m *GRPCServer) PostConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { - _, err := m.Impl.PostConfigs(ctx, config) - return &Empty{}, err -} - -func (m *GRPCServer) mustEmbedUnimplementedSpiffeHelperServer() { -} - -func GetHandshakeConfig() plugin.HandshakeConfig { - return plugin.HandshakeConfig{ - ProtocolVersion: 1, - MagicCookieKey: "SPIFFE_HELPER", - MagicCookieValue: "SPIFFE_HELPER", - } -} - -func GetPluginMap() map[string]plugin.Plugin { - return map[string]plugin.Plugin{"plugin": &GRPCSpiffeHelperPlugin{}} -} diff --git a/pkg/notifier/notifier.pb.go b/pkg/notifier/notifier.pb.go new file mode 100644 index 00000000..0abd4252 --- /dev/null +++ b/pkg/notifier/notifier.pb.go @@ -0,0 +1,214 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc v3.12.4 +// source: notifier.proto + +package notifier + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Empty struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *Empty) Reset() { + *x = Empty{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Empty) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Empty) ProtoMessage() {} + +func (x *Empty) ProtoReflect() protoreflect.Message { + mi := &file_notifier_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Empty.ProtoReflect.Descriptor instead. +func (*Empty) Descriptor() ([]byte, []int) { + return file_notifier_proto_rawDescGZIP(), []int{0} +} + +type ConfigsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Configs map[string]string `protobuf:"bytes,1,rep,name=configs,proto3" json:"configs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *ConfigsRequest) Reset() { + *x = ConfigsRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_notifier_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConfigsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConfigsRequest) ProtoMessage() {} + +func (x *ConfigsRequest) ProtoReflect() protoreflect.Message { + mi := &file_notifier_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConfigsRequest.ProtoReflect.Descriptor instead. +func (*ConfigsRequest) Descriptor() ([]byte, []int) { + return file_notifier_proto_rawDescGZIP(), []int{1} +} + +func (x *ConfigsRequest) GetConfigs() map[string]string { + if x != nil { + return x.Configs + } + return nil +} + +var File_notifier_proto protoreflect.FileDescriptor + +var file_notifier_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x08, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d, + 0x70, 0x74, 0x79, 0x22, 0x8d, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, + 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x32, 0x7c, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, + 0x3a, 0x0a, 0x0b, 0x4c, 0x6f, 0x61, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, 0x12, 0x18, + 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x34, 0x0a, 0x0e, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x12, 0x0f, 0x2e, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x0f, + 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, + 0x00, 0x42, 0x0d, 0x5a, 0x0b, 0x2e, 0x2f, 0x3b, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_notifier_proto_rawDescOnce sync.Once + file_notifier_proto_rawDescData = file_notifier_proto_rawDesc +) + +func file_notifier_proto_rawDescGZIP() []byte { + file_notifier_proto_rawDescOnce.Do(func() { + file_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(file_notifier_proto_rawDescData) + }) + return file_notifier_proto_rawDescData +} + +var file_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_notifier_proto_goTypes = []interface{}{ + (*Empty)(nil), // 0: notifier.Empty + (*ConfigsRequest)(nil), // 1: notifier.ConfigsRequest + nil, // 2: notifier.ConfigsRequest.ConfigsEntry +} +var file_notifier_proto_depIdxs = []int32{ + 2, // 0: notifier.ConfigsRequest.configs:type_name -> notifier.ConfigsRequest.ConfigsEntry + 1, // 1: notifier.Notifier.LoadConfigs:input_type -> notifier.ConfigsRequest + 0, // 2: notifier.Notifier.UpdateX509SVID:input_type -> notifier.Empty + 0, // 3: notifier.Notifier.LoadConfigs:output_type -> notifier.Empty + 0, // 4: notifier.Notifier.UpdateX509SVID:output_type -> notifier.Empty + 3, // [3:5] is the sub-list for method output_type + 1, // [1:3] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_notifier_proto_init() } +func file_notifier_proto_init() { + if File_notifier_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Empty); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConfigsRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_notifier_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_notifier_proto_goTypes, + DependencyIndexes: file_notifier_proto_depIdxs, + MessageInfos: file_notifier_proto_msgTypes, + }.Build() + File_notifier_proto = out.File + file_notifier_proto_rawDesc = nil + file_notifier_proto_goTypes = nil + file_notifier_proto_depIdxs = nil +} diff --git a/pkg/notifier/notifier.proto b/pkg/notifier/notifier.proto new file mode 100644 index 00000000..d9b6215c --- /dev/null +++ b/pkg/notifier/notifier.proto @@ -0,0 +1,15 @@ +syntax = "proto3"; + +package notifier; +option go_package = "./;notifier"; + +message Empty {} + +message ConfigsRequest { + map configs = 1; +} + +service Notifier { + rpc LoadConfigs(ConfigsRequest) returns (Empty) {}; + rpc UpdateX509SVID(Empty) returns (Empty) {}; +} diff --git a/pkg/notifier/notifier_grpc.pb.go b/pkg/notifier/notifier_grpc.pb.go new file mode 100644 index 00000000..8b19df1e --- /dev/null +++ b/pkg/notifier/notifier_grpc.pb.go @@ -0,0 +1,146 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v3.12.4 +// source: notifier.proto + +package notifier + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + Notifier_LoadConfigs_FullMethodName = "/notifier.Notifier/LoadConfigs" + Notifier_UpdateX509SVID_FullMethodName = "/notifier.Notifier/UpdateX509SVID" +) + +// NotifierClient is the client API for Notifier service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type NotifierClient interface { + LoadConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) + UpdateX509SVID(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) +} + +type notifierClient struct { + cc grpc.ClientConnInterface +} + +func NewNotifierClient(cc grpc.ClientConnInterface) NotifierClient { + return ¬ifierClient{cc} +} + +func (c *notifierClient) LoadConfigs(ctx context.Context, in *ConfigsRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, Notifier_LoadConfigs_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *notifierClient) UpdateX509SVID(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, Notifier_UpdateX509SVID_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// NotifierServer is the server API for Notifier service. +// All implementations must embed UnimplementedNotifierServer +// for forward compatibility +type NotifierServer interface { + LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) + UpdateX509SVID(context.Context, *Empty) (*Empty, error) + mustEmbedUnimplementedNotifierServer() +} + +// UnimplementedNotifierServer must be embedded to have forward compatible implementations. +type UnimplementedNotifierServer struct { +} + +func (UnimplementedNotifierServer) LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method LoadConfigs not implemented") +} +func (UnimplementedNotifierServer) UpdateX509SVID(context.Context, *Empty) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateX509SVID not implemented") +} +func (UnimplementedNotifierServer) mustEmbedUnimplementedNotifierServer() {} + +// UnsafeNotifierServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to NotifierServer will +// result in compilation errors. +type UnsafeNotifierServer interface { + mustEmbedUnimplementedNotifierServer() +} + +func RegisterNotifierServer(s grpc.ServiceRegistrar, srv NotifierServer) { + s.RegisterService(&Notifier_ServiceDesc, srv) +} + +func _Notifier_LoadConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ConfigsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(NotifierServer).LoadConfigs(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Notifier_LoadConfigs_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(NotifierServer).LoadConfigs(ctx, req.(*ConfigsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Notifier_UpdateX509SVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(NotifierServer).UpdateX509SVID(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Notifier_UpdateX509SVID_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(NotifierServer).UpdateX509SVID(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +// Notifier_ServiceDesc is the grpc.ServiceDesc for Notifier service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Notifier_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "notifier.Notifier", + HandlerType: (*NotifierServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "LoadConfigs", + Handler: _Notifier_LoadConfigs_Handler, + }, + { + MethodName: "UpdateX509SVID", + Handler: _Notifier_UpdateX509SVID_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "notifier.proto", +} diff --git a/pkg/notifier/shared.go b/pkg/notifier/shared.go new file mode 100644 index 00000000..d72b4b9a --- /dev/null +++ b/pkg/notifier/shared.go @@ -0,0 +1,72 @@ +package notifier + +import ( + context "context" + + "github.com/hashicorp/go-plugin" + grpc "google.golang.org/grpc" +) + +type Notifier interface { + LoadConfigs(context.Context, *ConfigsRequest) (*Empty, error) + UpdateX509SVID(context.Context, *Empty) (*Empty, error) + mustEmbedUnimplementedNotifierServer() +} + +type GRPCNotifier struct { + plugin.Plugin + Impl Notifier +} + +func (p *GRPCNotifier) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error { + RegisterNotifierServer(s, &GRPCServer{Impl: p.Impl}) + return nil +} + +func (p *GRPCNotifier) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { + return &GRPCClient{client: NewNotifierClient(c)}, nil +} + +type GRPCClient struct { + client NotifierClient +} + +func (m *GRPCClient) LoadConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { + return m.client.LoadConfigs(context.Background(), config) +} + +func (m *GRPCClient) UpdateX509SVID(ctx context.Context, empty *Empty) (*Empty, error) { + return m.client.UpdateX509SVID(context.Background(), empty) +} + +func (m *GRPCClient) mustEmbedUnimplementedNotifierServer() { +} + +type GRPCServer struct { + Impl Notifier +} + +func (m *GRPCServer) LoadConfigs(ctx context.Context, config *ConfigsRequest) (*Empty, error) { + _, err := m.Impl.LoadConfigs(ctx, config) + return &Empty{}, err +} + +func (m *GRPCServer) UpdateX509SVID(ctx context.Context, empty *Empty) (*Empty, error) { + _, err := m.Impl.UpdateX509SVID(ctx, empty) + return &Empty{}, err +} + +func (m *GRPCServer) mustEmbedUnimplementedNotifierServer() { +} + +func GetHandshakeConfig() plugin.HandshakeConfig { + return plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "NOTIFIER", + MagicCookieValue: "NOTIFIER", + } +} + +func GetPluginMap() map[string]plugin.Plugin { + return map[string]plugin.Plugin{"plugin": &GRPCNotifier{}} +} diff --git a/pkg/helperPlugin/simple-example/simple-example.go b/pkg/notifier/simple-example/simple-example.go similarity index 55% rename from pkg/helperPlugin/simple-example/simple-example.go rename to pkg/notifier/simple-example/simple-example.go index 79f1d90f..f7b66f18 100644 --- a/pkg/helperPlugin/simple-example/simple-example.go +++ b/pkg/notifier/simple-example/simple-example.go @@ -5,26 +5,29 @@ import ( "log" "github.com/hashicorp/go-plugin" - pb "github.com/spiffe/spiffe-helper/pkg/helperPlugin" + pb "github.com/spiffe/spiffe-helper/pkg/notifier" ) type SimplePlugin struct { - pb.SpiffeHelperServer + pb.NotifierServer } -func (s *SimplePlugin) PostConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { +func (s *SimplePlugin) LoadConfigs(ctx context.Context, request *pb.ConfigsRequest) (*pb.Empty, error) { configs := request.Configs - log.Printf("Message sent by %s to %s: %s", configs["from"], configs["to"], configs["message"]) + return &pb.Empty{}, nil +} - return new(pb.Empty), nil +func (s *SimplePlugin) UpdateX509SVID(ctx context.Context, empty *pb.Empty) (*pb.Empty, error) { + log.Printf("Svid updated") + return &pb.Empty{}, nil } func main() { plugin.Serve(&plugin.ServeConfig{ HandshakeConfig: pb.GetHandshakeConfig(), Plugins: map[string]plugin.Plugin{ - "simplePlugin": &pb.GRPCSpiffeHelperPlugin{Impl: &SimplePlugin{}}, + "simplePlugin": &pb.GRPCNotifier{Impl: &SimplePlugin{}}, }, GRPCServer: plugin.DefaultGRPCServer, }) diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index 83c23dc3..0f302f49 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -16,7 +16,7 @@ import ( "github.com/hashicorp/go-plugin" "github.com/sirupsen/logrus" "github.com/spiffe/go-spiffe/v2/workloadapi" - pb "github.com/spiffe/spiffe-helper/pkg/helperPlugin" + pb "github.com/spiffe/spiffe-helper/pkg/notifier" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -33,6 +33,7 @@ type Sidecar struct { processRunning int32 process *os.Process certReadyChan chan struct{} + plugins map[string]*pb.Notifier } // New creates a new SPIFFE sidecar @@ -57,10 +58,14 @@ func New(configPath string, log logrus.FieldLogger) (*Sidecar, error) { config.Log.Warn("No cmd defined to execute.") } - return &Sidecar{ + sidecar := &Sidecar{ config: config, certReadyChan: make(chan struct{}, 1), - }, nil + plugins: make(map[string]*pb.Notifier), + } + sidecar.loadPlugins() + + return sidecar, nil } // CertReadyChan returns a channel to know when the certificates are ready @@ -84,9 +89,6 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) { } } - s.config.Log.Infof("Updating plugins") - s.updatePlugins() - select { case s.certReadyChan <- struct{}{}: default: @@ -129,9 +131,8 @@ func (s *Sidecar) signalProcess() (err error) { return nil } -func (s *Sidecar) updatePlugins() { +func (s *Sidecar) loadPlugins() { for pluginName, pluginConfig := range s.config.Plugins { - // create request request := &pb.ConfigsRequest{} request.Configs = pluginConfig request.Configs["certDir"] = s.config.CertDir @@ -140,7 +141,6 @@ func (s *Sidecar) updatePlugins() { request.Configs["svidKeyFileName"] = s.config.SvidKeyFileName request.Configs["svidBundleFileName"] = s.config.SvidBundleFileName - // try to post request pluginPath := pluginConfig["path"] if pluginPath == "" { s.config.Log.Warnf("Please provide a path for plugin %s", pluginName) @@ -153,7 +153,6 @@ func (s *Sidecar) updatePlugins() { Cmd: exec.Command(pluginPath), AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC}, }) - defer client.Kill() RPCClient, err := client.Client() if err != nil { @@ -167,13 +166,15 @@ func (s *Sidecar) updatePlugins() { continue } - spiffeHelperPlugin := raw.(pb.SpiffeHelperPlugin) - response, err := spiffeHelperPlugin.PostConfigs(context.Background(), request) + notifier := raw.(pb.Notifier) + response, err := notifier.LoadConfigs(context.Background(), request) if err != nil { - s.config.Log.Warnf("Failed to post configs to plugin %s", pluginName) + s.config.Log.Warnf("Failed to load configs into plugin %s", pluginName) continue } + s.plugins[pluginName] = ¬ifier + s.config.Log.Infof("Plugin %s updated %s", pluginName, response) } } @@ -188,6 +189,17 @@ func (s *Sidecar) checkProcessExit() { atomic.StoreInt32(&s.processRunning, 0) } +func (s *Sidecar) notifyPlugins() { + for pluginName := range s.plugins { + plugin := *s.plugins[pluginName] + _, err := plugin.UpdateX509SVID(context.Background(), &pb.Empty{}) + if err != nil { + s.config.Log.Warnf("Failed to update x509 svid to plugin %s", pluginName) + continue + } + } +} + // dumpBundles takes a X509SVIDResponse, representing a svid message from // the Workload API, and calls writeCerts and writeKey to write to disk // the svid, key and bundle of certificates. @@ -229,6 +241,8 @@ func (s *Sidecar) dumpBundles(svidResponse *workloadapi.X509Context) error { return err } + s.notifyPlugins() + return nil } diff --git a/proto/plugin/plugin.proto b/proto/plugin/plugin.proto deleted file mode 100644 index e94d8eb6..00000000 --- a/proto/plugin/plugin.proto +++ /dev/null @@ -1,14 +0,0 @@ -syntax = "proto3"; - -package helperPlugin; -option go_package = "../../pkg/helperPlugin"; - -message Empty {} - -message ConfigsRequest { - map configs = 1; -} - -service SpiffeHelper { - rpc PostConfigs(ConfigsRequest) returns (Empty) {}; -}