Add Windows instance flag support for named pipes#6977
Open
Devansh1093 wants to merge 5 commits into
Open
Conversation
Devansh1093
requested review from
MarcosDY,
amartinezfayo,
evan2645,
rturner3 and
sorindumitru
as code owners
Signed-off-by: Devansh1093 <dr30031102@gmail.com>
sorindumitru
left a comment
sorindumitru
left a comment
Member
There was a problem hiding this comment.
Thanks @Devansh1093 for the changes. I think spire-agent would also require similar changes to support the instance environment variable.
Devansh1093
force-pushed
the
feat/windows-instance-flag
branch
from
d167c8f to
c0c8e75
Compare
Devansh1093
force-pushed
the
feat/windows-instance-flag
branch
from
c0c8e75 to
75ff5f2
Compare
Signed-off-by: Devansh1093 <dr30031102@gmail.com>
Comment on lines
5
to
16
| import ( | ||
| "context" | ||
| "flag" | ||
| "net" | ||
| "strings" | ||
|
|
||
| "fmt" | ||
| "os" | ||
|
|
||
| "github.com/Microsoft/go-winio" | ||
| "github.com/spiffe/spire/pkg/common/namedpipe" | ||
| ) |
Comment on lines
23
to
26
| func (a *Adapter) addOSFlags(flags *flag.FlagSet) { | ||
| flags.StringVar(&a.namedPipeName, "namedPipeName", DefaultNamedPipeName, "Pipe name of the SPIRE Server API named pipe") | ||
| flags.StringVar(&a.instance, "instance", "", "Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE).") | ||
| } |
Comment on lines
35
to
+66
| func (a *Adapter) getGRPCAddr() (string, error) { | ||
| if a.namedPipeName == "" { | ||
| a.namedPipeName = DefaultNamedPipeName | ||
| tpl := os.Getenv("SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE") | ||
| pipe := os.Getenv("SPIRE_SERVER_PRIVATE_SOCKET") | ||
|
|
||
| if a.instance != "" { | ||
| if tpl == "" { | ||
| return "", fmt.Errorf( | ||
| "you must define %s to use the instance flag", | ||
| "SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE", | ||
| ) | ||
| } | ||
|
|
||
| if !strings.Contains(tpl, "%i") { | ||
| return "", fmt.Errorf( | ||
| "failed to find %%i in %s", | ||
| "SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE", | ||
| ) | ||
| } | ||
| } | ||
|
|
||
| namedPipeName := DefaultNamedPipeName | ||
|
|
||
| switch { | ||
| case a.namedPipeName != DefaultNamedPipeName: | ||
| namedPipeName = a.namedPipeName | ||
|
|
||
| case a.instance != "": | ||
| namedPipeName = strings.ReplaceAll(tpl, "%i", a.instance) | ||
|
|
||
| case pipe != "": | ||
| namedPipeName = pipe | ||
| } |
Member
There was a problem hiding this comment.
Yes, it would be good to have a test for this
Comment on lines
6
to
12
| setUsage = `Usage of logger set: | ||
| -instance string | ||
| Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE). | ||
|
|
||
| -level string | ||
| The new log level, one of (panic, fatal, error, warn, info, debug, trace) | ||
| -namedPipeName string |
Comment on lines
6
to
12
| getUsage = `Usage of logger get: | ||
| -instance string | ||
| Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE). | ||
| -namedPipeName string | ||
| -namedPipeName string | ||
| Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") | ||
| -output value |
| ` | ||
| evictUsage = `Usage of agent evict: | ||
| -instance string | ||
| Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE). |
| -matchSelectorsOn string | ||
| The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") | ||
| -instance string | ||
| Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE). |
| ` | ||
| showUsage = `Usage of agent show: | ||
| -instance string | ||
| Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE). |
| -jwtSVIDTTL int | ||
| The lifetime, in seconds, for JWT-SVIDs issued based on this registration entry. | ||
| -instance string | ||
| Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE). |
| -matchSelectorsOn string | ||
| The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") | ||
| -instance string | ||
| Instance name to substitute into socket templates (env SPIRE_SERVER_PRIVATE_SOCKET_TEMPLATE). |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Devansh Roy <dr30031102@gmail.com>
Author
|
Hi @sorindumitru, I am a bit confused here. Do I need to make changes in my code suggested by copilot? . It would be helpful if you could tell me. |
Member
Hi @Devansh1093, yes, it would be good to go through those and see which make sense to address or not. I'll also go through them when reviewing the code. |
Member
Did you run the |
Author
|
I ran the tests on linux system. |
Member
You'll have to find a way to run them on windows, to test it out. For example via a VM, microsoft has ISOs available for evaluation purposes. |
Author
|
I am not able to run them on virtual machines. I tried multiple times. |
Member
Does something like |
Signed-off-by: Devansh Roy <dr30031102@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request check list
Affected functionality
Windows named pipe address resolution for SPIRE server CLI utilities.
Description of change
Adds support for the
instanceflag inutil_windows.goto align Windows behavior with the existing POSIX implementation.This change enables named pipe paths to be resolved using template environment variables similarly to the POSIX socket template flow.
The implementation intentionally keeps the
%iplaceholder format consistent with the POSIX implementation to preserve cross-platform behavior and avoid introducing a separate Windows-specific template syntax.Validation performed:
go test ./...GOOS=windows go build ./...Which issue this PR fixes
Related to #6937