Various small fixes for issues discovered in review.

Signed-off-by: Edwin Buck <edwbuck@gmail.com>
spiffe · Sep 23, 2024 · b504c25 · b504c25
1 parent 31a1e30
commit b504c25
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 26 deletions.
diff --git a/pkg/agent/plugin/workloadattestor/docker/docker_posix.go b/pkg/agent/plugin/workloadattestor/docker/docker_posix.go
@@ -46,6 +46,7 @@ func (p *Plugin) createHelper(c *dockerPluginConfig, status *pluginconf.Status)
  status.ReportError("the new container locator and custom cgroup matchers cannot both be used; please open an issue if the new container locator fails to locate workload containers in your environment; to continue using custom matchers set use_new_container_locator=false")
  return nil
  }
+ p.log.Warn("Using the legacy container locator with custom cgroup matchers. This feature will be removed in a future release.")
  status.ReportInfo("Using the legacy container locator with custom cgroup matchers. This feature will be removed in a future release.")
  var err error
  containerIDFinder, err = cgroup.NewContainerIDFinder(c.ContainerIDCGroupMatchers)

diff --git a/pkg/agent/plugin/workloadattestor/systemd/systemd_windows.go b/pkg/agent/plugin/workloadattestor/systemd/systemd_windows.go
@@ -33,8 +33,5 @@ func (p *Plugin) Configure(context.Context, *configv1.ConfigureRequest) (*config
 }
 
 func (p *Plugin) Validate(context.Context, *configv1.ValidateRequest) (*configv1.ValidateResponse, error) {
- return &configv1.ValidateResponse{
- Valid: false,
- Notes: []string{"plugin not supported in this platform"},
- }, status.Error(codes.Unimplemented, "plugin not supported in this platform")
+ return nil, status.Error(codes.Unimplemented, "plugin not supported in this platform")
 }
diff --git a/pkg/agent/plugin/workloadattestor/unix/unix_windows.go b/pkg/agent/plugin/workloadattestor/unix/unix_windows.go
@@ -33,10 +33,5 @@ func (p *Plugin) Configure(context.Context, *configv1.ConfigureRequest) (*config
 }
 
 func (p *Plugin) Validate(context.Context, *configv1.ValidateRequest) (*configv1.ValidateResponse, error) {
- return &configv1.ValidateResponse{
- Valid: false,
- Notes: []string{
- "plugin not supported on this platform",
- },
- }, status.Error(codes.Unimplemented, "plugin not supported in this platform")
+ return nil, status.Error(codes.Unimplemented, "plugin not supported in this platform")
 }
diff --git a/pkg/server/plugin/upstreamauthority/awssecret/awssecret.go b/pkg/server/plugin/upstreamauthority/awssecret/awssecret.go
@@ -60,17 +60,9 @@ func (p *Plugin) buildConfig(coreConfig catalog.CoreConfig, hclText string, stat
  return nil
  }
 
- env_session_token, env_session_token_exists := os.LookupEnv("AWS_SESSION_TOKEN")
- if newConfig.SecurityToken == "" && !env_session_token_exists {
- status.ReportError("either the config 'secret_token' or the env variable AWS_SESSION_TOKEN must be set")
+ if newConfig.SecurityToken == "" {
+ newConfig.SecurityToken = p.hooks.getenv("AWS_SESSION_TOKEN")
  }
- if newConfig.SecurityToken == "" && env_session_token == "" {
- status.ReportError("when the config 'secret_token' is unset, the env variable AWS_SESSION_TOKEN must have a value")
- }
- if newConfig.SecurityToken != "" && env_session_token_exists {
- status.ReportInfo("security token set twice, once in the config 'secret_token' and once in env variable AWS_SESSION_TOKEN, using the config file setting")
- }
- newConfig.SecurityToken = p.hooks.getenv("AWS_SESSION_TOKEN")
 
  if newConfig.CertFileARN == "" {
  status.ReportError("configuration missing 'cert_file_arn' value")

diff --git a/pkg/server/plugin/upstreamauthority/certmanager/certmanager.go b/pkg/server/plugin/upstreamauthority/certmanager/certmanager.go
@@ -132,10 +132,6 @@ func (p *Plugin) Configure(_ context.Context, req *configv1.ConfigureRequest) (*
  return nil, err
  }
 
- if req.CoreConfiguration.TrustDomain == "" {
- return nil, status.Error(codes.InvalidArgument, "trust_domain is required")
- }
-
  cmclient, err := p.hooks.newClient(newConfig.KubeConfigFilePath)
  if err != nil {
  return nil, status.Errorf(codes.Internal, "failed to create cert-manager client: %v", err)

diff --git a/pkg/server/plugin/upstreamauthority/disk/disk.go b/pkg/server/plugin/upstreamauthority/disk/disk.go
@@ -26,8 +26,8 @@ import (
 
 const (
  CoreConfigRequired = "server core configuration is required"
- CoreConfigTrustdomainRequired = "server core configuration must contain trust_domain"
- CoreConfigTrustdomainMalformed = "server core configuration trust_domain is malformed"
+ CoreConfigTrustDomainRequired = "server core configuration must contain trust_domain"
+ CoreConfigTrustDomainMalformed = "server core configuration trust_domain is malformed"
 )
 
 func BuiltIn() catalog.BuiltIn {