Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement the Validate RPC on built-in plugins #5303

Merged
merged 14 commits into from
Sep 23, 2024
Merged

Implement the Validate RPC on built-in plugins #5303

merged 14 commits into from
Sep 23, 2024

Conversation

edwbuck
Copy link
Contributor

@edwbuck edwbuck commented Jul 16, 2024

Update all plugins to have a Validate gRPC and centralize the existing validation logic such that it is reached from Validate and Configure gRPC calls.

@edwbuck edwbuck marked this pull request as draft July 16, 2024 14:01
@azdagron
Copy link
Member

Something like this might help establish a pattern and reduce boilerplate: https://gist.github.com/azdagron/b55f1e70e1855cfa1aa73cb8f0027699

@edwbuck
Copy link
Contributor Author

edwbuck commented Jul 19, 2024

Something like this might help establish a pattern and reduce boilerplate: https://gist.github.com/azdagron/b55f1e70e1855cfa1aa73cb8f0027699

The pattern of coupling the configuration usability control and the note as an error or informational message under one API was adopted and applied to the plugins that have been reworked under this PR.

@edwbuck edwbuck force-pushed the validate branch 3 times, most recently from 88c039f to ab60481 Compare August 21, 2024 22:17
@edwbuck edwbuck force-pushed the validate branch 9 times, most recently from d1bc067 to 5709867 Compare September 9, 2024 22:55
@edwbuck edwbuck marked this pull request as ready for review September 10, 2024 13:31
@amartinezfayo amartinezfayo added this to the 1.11.0 milestone Sep 10, 2024
@amartinezfayo
Copy link
Member

Hi @edwbuck, I spent some time looking at the aws_kms test failures.
I left some comments. In summary, I don't think that we need to make any change in the way that plugintest.Load is called in the setupTest function, so most of the changes can be avoided.

Here is a patch that essentially removes those changes and makes go test -race to pass.
aws_kms-test-fix.patch

@edwbuck
Copy link
Contributor Author

edwbuck commented Sep 16, 2024

Hi @edwbuck, I spent some time looking at the aws_kms test failures. I left some comments. In summary, I don't think that we need to make any change in the way that plugintest.Load is called in the setupTest function, so most of the changes can be avoided.

Here is a patch that essentially removes those changes and makes go test -race to pass. aws_kms-test-fix.patch

Thank you Agustin. I read over the patch, and in all other files I didn't notice that this combined two different testing patterns, such that it configured each plugin twice, creating the conditions that eventually triggered my race condition with my additional call to plugintest.CoreConfig(...).

Expect a push soon.

@edwbuck
Update all plugins and plugin unit tests to work with new plugin API.
3d3a43b 
The old API performed all configuration checks coupled with plugin
reconfiguration under the Configure() func.

The new API adds a Validation() func that only performs configuration
checks but has no impact on the running plugin.

To facilitate easier user, the pluginconf package was added that makes
it easier to handle the merged code streams through a pluginconf.Status
struct that will capture the first error (for integration with
Configure() while permitting the Validation() to capture all errors
that can be captured.

Unit tests had to be reworked, as a side-effect of using the new
pluginconf package is that all plugins now automatically check their
trustdomain, instead of each plugin checking it in a haphazard manner.

Occasionally, very small fixes were performed on plugins, and plugin
coding standards were tweaked in small ways to be more similar to each
other.

Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix linting and gocritic issues.
febcff9 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix windows build issues.
d4fbe08 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix bug.
dd4a72f 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix failing windows unit test.
459753b 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix more windows unit tests.
587f2b1 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix lint for windows platform.
c36eada 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix awskms unit test race condition.
f305f78 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix race condition encountered in unit testing.
f9f9353 
For the "extra keys" the order of key retreival is not stable,
so we must combine extra keys into the expected output.

Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Fix linting.
0e5e0ee 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Copy link
Contributor Author

edwbuck commented Sep 23, 2024

Ready for review two weeks ago. Please prioritize so I can stop keeping this up-to-date with the moving main branch.

azdagron
azdagron reviewed Sep 23, 2024
View reviewed changes
Copy link
Member

@azdagron azdagron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting in this work, @edwbuck. One overarching comment is that a large majority of the *_test.go changes could be reverted if we change the plugintest package to default to a valid CoreConfig (e.g. one with "example.org" provided as the trust domain). Tests that use plugintest.WithCoreConfig would still be able to override the default.

pkg/agent/plugin/nodeattestor/tpmdevid/devid_test.go Outdated Show resolved Hide resolved
pkg/agent/plugin/nodeattestor/x509pop/x509pop.go Show resolved Hide resolved
pkg/agent/plugin/workloadattestor/docker/docker_posix.go Outdated Show resolved Hide resolved
pkg/agent/plugin/workloadattestor/systemd/systemd_windows.go Outdated Show resolved Hide resolved
pkg/agent/plugin/workloadattestor/unix/unix_windows.go Outdated Show resolved Hide resolved
pkg/server/plugin/notifier/k8sbundle/k8sbundle.go Show resolved Hide resolved
pkg/server/plugin/upstreamauthority/awssecret/awssecret.go Outdated Show resolved Hide resolved
pkg/server/plugin/upstreamauthority/awssecret/awssecret.go Outdated Show resolved Hide resolved
pkg/server/plugin/upstreamauthority/certmanager/certmanager.go Outdated Show resolved Hide resolved
pkg/server/plugin/upstreamauthority/disk/disk.go Outdated Show resolved Hide resolved
@azdagron azdagron changed the title Validate Implement the Validate RPC on built-in plugins Sep 23, 2024
@edwbuck edwbuck mentioned this pull request Sep 23, 2024
Open
@edwbuck
Fix tmpdevid return code for autodetect failure.
31a1e30 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Various small fixes for issues discovered in review.
b504c25 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
This was referenced Sep 23, 2024
Open
Open
@edwbuck
More fixes suggested by code review.
e88b270 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@edwbuck
Merge branch 'main' into validate
5de6753 
Signed-off-by: Edwin Buck <edwbuck@gmail.com>
@azdagron azdagron merged commit 41746f0 into spiffe:main Sep 23, 2024
34 checks passed
@edwbuck edwbuck mentioned this pull request Sep 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amartinezfayo amartinezfayo amartinezfayo left review comments

@azdagron azdagron azdagron approved these changes

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees

@azdagron azdagron

Labels
None yet
Projects
None yet
Milestone
1.11.0
Development

Successfully merging this pull request may close these issues.
3 participants
@edwbuck @azdagron @amartinezfayo