Merge branch 'main' into 191

cmd/spiffe-helper/config/config.go

@@ -87,7 +87,7 @@ func (c *Config) ParseConfigFlagOverrides(daemonModeFlag bool, daemonModeFlagNam
 	}
 }
 
-func (c *Config) ValidateConfig() error {
+func (c *Config) ValidateConfig(log logrus.FieldLogger) error {
 	if err := c.checkForUnknownConfig(); err != nil {
 		return err
 	}
@@ -106,8 +106,18 @@ func (c *Config) ValidateConfig() error {
 	}
 
 	if c.AgentAddress == "" {
-		c.AgentAddress = os.Getenv("SPIRE_AGENT_ADDRESS")
-		if c.AgentAddress == "" {
+		spireAgentAddress := os.Getenv("SPIRE_AGENT_ADDRESS")
+		spiffeEndpointSocket := os.Getenv("SPIFFE_ENDPOINT_SOCKET")
+
+		switch {
+		case spireAgentAddress != "" && spiffeEndpointSocket == "":
+			log.Warn("SPIRE_AGENT_ADDRESS is deprecated and will be removed in 0.10.0. Use SPIFFE_ENDPOINT_SOCKET instead.")
+			c.AgentAddress = spireAgentAddress
+		case spireAgentAddress != "" && spiffeEndpointSocket != "":
+			return errors.New("both SPIRE_AGENT_ADDRESS and SPIFFE_ENDPOINT_SOCKET set. Use SPIFFE_ENDPOINT_SOCKET only. Support for SPIRE_AGENT_ADDRESS is deprecated and will be removed in 0.10.0")
+		case spireAgentAddress == "" && spiffeEndpointSocket != "":
+			c.AgentAddress = spiffeEndpointSocket
+		default:
 			c.AgentAddress = defaultAgentAddress
 		}
 	}

cmd/spiffe-helper/config/config_test.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"testing"
 
+	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -113,7 +114,8 @@ func TestValidateConfig(t *testing.T) {
 		},
 	} {
 		t.Run(tt.name, func(t *testing.T) {
-			err := tt.config.ValidateConfig()
+			log, _ := test.NewNullLogger()
+			err := tt.config.ValidateConfig(log)
 
 			if tt.expectError != "" {
 				require.EqualError(t, err, tt.expectError)
@@ -186,18 +188,21 @@ func TestDetectsUnknownConfig(t *testing.T) {
 			c, err := ParseConfig(configFile.Name())
 			require.NoError(t, err)
 
-			err = c.ValidateConfig()
+			log, _ := test.NewNullLogger()
+			err = c.ValidateConfig(log)
 			require.EqualError(t, err, tt.expectError)
 		})
 	}
 }
 
 func TestDefaultAgentAddress(t *testing.T) {
 	for _, tt := range []struct {
-		name                 string
-		agentAddress         string
-		envAgentAddress      string
-		expectedAgentAddress string
+		name                    string
+		agentAddress            string
+		envSPIREAgentAddress    string
+		envSPIFFEEndpointSocket string
+		expectedAgentAddress    string
+		expectError             string
 	}{
 		{
 			name:                 "Agent Address not set in config or env",
@@ -209,28 +214,53 @@ func TestDefaultAgentAddress(t *testing.T) {
 			expectedAgentAddress: "MY_ADDRESS",
 		},
 		{
-			name:                 "Agent Address not set in config but set in env",
-			envAgentAddress:      "MY_ENV_ADDRESS",
+			name:                 "Agent Address not set in config but SPIRE_AGENT_ADDRESS is set in env",
+			envSPIREAgentAddress: "MY_ENV_ADDRESS",
 			expectedAgentAddress: "MY_ENV_ADDRESS",
 		},
 		{
-			name:                 "Agent Address set in config and set in env",
-			agentAddress:         "MY_ADDRESS",
-			envAgentAddress:      "MY_ENV_ADDRESS",
-			expectedAgentAddress: "MY_ADDRESS",
+			name:                    "Agent Address not set in config but SPIFFE_ENDPOINT_SOCKET is set in env",
+			envSPIFFEEndpointSocket: "MY_ENV_ADDRESS",
+			expectedAgentAddress:    "MY_ENV_ADDRESS",
+		},
+		{
+			name:                    "Both SPIRE_AGENT_ADDRESS and SPIFFE_ENDPOINT_SOCKET are set in env",
+			envSPIREAgentAddress:    "MY_SPIRE_AGENT_ADDRESS",
+			envSPIFFEEndpointSocket: "MY_SPIFFE_ENDPOINT_SOCKET",
+			expectError:             "both SPIRE_AGENT_ADDRESS and SPIFFE_ENDPOINT_SOCKET set. Use SPIFFE_ENDPOINT_SOCKET only. Support for SPIRE_AGENT_ADDRESS is deprecated and will be removed in 0.10.0",
+		},
+		{
+			name:                    "Agent Address set in config and set in env",
+			agentAddress:            "MY_ADDRESS",
+			envSPIFFEEndpointSocket: "MY_ENV_ADDRESS",
+			expectedAgentAddress:    "MY_ADDRESS",
 		},
 	} {
 		t.Run(tt.name, func(t *testing.T) {
-			os.Setenv("SPIRE_AGENT_ADDRESS", tt.envAgentAddress)
+			os.Setenv("SPIRE_AGENT_ADDRESS", tt.envSPIREAgentAddress)
+			os.Setenv("SPIFFE_ENDPOINT_SOCKET", tt.envSPIFFEEndpointSocket)
+
 			config := &Config{
 				AgentAddress:       tt.agentAddress,
 				SVIDFileName:       "cert.pem",
 				SVIDKeyFileName:    "key.pem",
 				SVIDBundleFileName: "bundle.pem",
 			}
-			err := config.ValidateConfig()
+
+			log, hook := test.NewNullLogger()
+			err := config.ValidateConfig(log)
+			if tt.expectError != "" {
+				require.EqualError(t, err, tt.expectError)
+				return
+			}
 			require.NoError(t, err)
+
 			assert.Equal(t, config.AgentAddress, tt.expectedAgentAddress)
+
+			if tt.envSPIREAgentAddress != "" && tt.envSPIFFEEndpointSocket == "" {
+				require.NotNil(t, hook.LastEntry())
+				assert.Equal(t, "SPIRE_AGENT_ADDRESS is deprecated and will be removed in 0.10.0. Use SPIFFE_ENDPOINT_SOCKET instead.", hook.LastEntry().Message)
+			}
 		})
 	}
 }

cmd/spiffe-helper/main.go

@@ -43,7 +43,7 @@ func startSidecar(configFile string, daemonModeFlag bool, log logrus.FieldLogger
 	}
 	hclConfig.ParseConfigFlagOverrides(daemonModeFlag, daemonModeFlagName)
 
-	if err := hclConfig.ValidateConfig(); err != nil {
+	if err := hclConfig.ValidateConfig(log); err != nil {
 		return fmt.Errorf("invalid configuration: %w", err)
 	}