forked from spiffe/spire
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request spiffe#403 from evan2645/add-watch-flag-to-api-fetch
Add CLI command to watch Workload API
- Loading branch information
Showing
5 changed files
with
151 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package api | ||
|
||
import ( | ||
"crypto/x509" | ||
"fmt" | ||
"time" | ||
|
||
"github.com/spiffe/spire/proto/api/workload" | ||
) | ||
|
||
func printX509SVIDResponse(resp *workload.X509SVIDResponse, respTime time.Duration) { | ||
lenMsg := fmt.Sprintf("Received %v bundle", len(resp.Svids)) | ||
if len(resp.Svids) != 1 { | ||
lenMsg = lenMsg + "s" | ||
} | ||
lenMsg = lenMsg + fmt.Sprintf(" after %s", respTime) | ||
|
||
fmt.Println(lenMsg) | ||
for _, s := range resp.Svids { | ||
fmt.Println() | ||
printX509SVID(s) | ||
} | ||
|
||
fmt.Println() | ||
} | ||
|
||
func printX509SVID(msg *workload.X509SVID) { | ||
// Print SPIFFE ID first so if we run into a problem, we | ||
// get to know which record it was | ||
fmt.Printf("SPIFFE ID:\t\t%s\n", msg.SpiffeId) | ||
|
||
// Parse SVID and CA bundle. If we encounter an error, | ||
// simply print it and return so we can go to the next bundle | ||
svid, err := x509.ParseCertificate(msg.X509Svid) | ||
if err != nil { | ||
fmt.Printf("ERROR: Could not parse SVID: %s\n", err) | ||
return | ||
} | ||
|
||
svidBundle, err := x509.ParseCertificates(msg.Bundle) | ||
if err != nil { | ||
fmt.Printf("ERROR: Could not parse CA Certificates: %s\n", err) | ||
return | ||
} | ||
|
||
fmt.Printf("SVID Valid After:\t%v\n", svid.NotBefore) | ||
fmt.Printf("SVID Valid Until:\t%v\n", svid.NotAfter) | ||
for i, ca := range svidBundle { | ||
num := i + 1 | ||
fmt.Printf("CA #%v Valid After:\t%v\n", num, ca.NotBefore) | ||
fmt.Printf("CA #%v Valid Until:\t%v\n", num, ca.NotAfter) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
package api | ||
|
||
import ( | ||
"flag" | ||
"fmt" | ||
"log" | ||
"net" | ||
"os" | ||
"os/signal" | ||
"syscall" | ||
"time" | ||
|
||
"github.com/spiffe/spire/api/workload" | ||
) | ||
|
||
type WatchConfig struct { | ||
socketPath string | ||
} | ||
|
||
type WatchCLI struct { | ||
config *WatchConfig | ||
|
||
stopChan chan struct{} | ||
} | ||
|
||
func (WatchCLI) Synopsis() string { | ||
return "Attaches to the Workload API and prints updates as they're received" | ||
} | ||
|
||
func (w WatchCLI) Help() string { | ||
err := w.parseConfig([]string{"-h"}) | ||
return err.Error() | ||
} | ||
|
||
func (w *WatchCLI) Run(args []string) int { | ||
err := w.parseConfig(args) | ||
if err != nil { | ||
fmt.Println(err) | ||
return 1 | ||
} | ||
|
||
client, err := w.startClient() | ||
if err != nil { | ||
fmt.Println(err) | ||
return 1 | ||
} | ||
|
||
updateTime := time.Now() | ||
go w.signalListener() | ||
for { | ||
select { | ||
case <-w.stopChan: | ||
return 0 | ||
case u := <-client.UpdateChan(): | ||
printX509SVIDResponse(u, time.Since(updateTime)) | ||
updateTime = time.Now() | ||
} | ||
} | ||
} | ||
|
||
func (w *WatchCLI) parseConfig(args []string) error { | ||
fs := flag.NewFlagSet("watch", flag.ContinueOnError) | ||
c := &WatchConfig{} | ||
fs.StringVar(&c.socketPath, "socketPath", "/tmp/agent.sock", "Path to the Workload API socket") | ||
|
||
w.config = c | ||
return fs.Parse(args) | ||
} | ||
|
||
func (w *WatchCLI) startClient() (workload.Client, error) { | ||
addr := &net.UnixAddr{ | ||
Net: "unix", | ||
Name: w.config.socketPath, | ||
} | ||
|
||
l := log.New(os.Stdout, "", log.LstdFlags) | ||
|
||
c := &workload.ClientConfig{ | ||
Addr: addr, | ||
Logger: l, | ||
} | ||
|
||
client := workload.NewClient(c) | ||
return client, client.Start() | ||
} | ||
|
||
func (w *WatchCLI) signalListener() { | ||
signalChan := make(chan os.Signal, 1) | ||
signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM) | ||
|
||
<-signalChan | ||
close(w.stopChan) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters