Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some commands fail if SPIRE server is not running #52

Closed
markgoddard opened this issue Nov 29, 2024 · 3 comments · Fixed by #53
Closed

Some commands fail if SPIRE server is not running #52

markgoddard opened this issue Nov 29, 2024 · 3 comments · Fixed by #53
Assignees
@markgoddard
Milestone
release-0.7.0

Comments

@markgoddard
Copy link
Contributor

Steps to reproduce:

rm -f cofide.yaml
./cofidectl init
./cofidectl trust-zone add tz1 --trust-domain td1 --kubernetes-context kind-local1 --kubernetes-cluster local1 --profile kubernetes
./cofidectl trust-zone add tz2 --trust-domain td2 --kubernetes-context kind-local2 --kubernetes-cluster local2 --profile kubernetes
./cofidectl federation add --from tz1 --to tz2
./cofidectl federation add --from tz2 --to tz1          
./cofidectl federation list
Error: failed to stream exec: pods "spire-server-0" not found

We should check if the SPIRE chart has been deployed and report Inactive or similar for the status.
@jsnctl
Copy link
Contributor

jsnctl commented Nov 29, 2024

Good spot, cheers for opening. Are there any other post-install commands similar to this that have a check in place already (or may need one)?

@markgoddard markgoddard self-assigned this Nov 29, 2024
@markgoddard markgoddard added this to the release-0.7.0 milestone Nov 29, 2024
@markgoddard
Copy link
Contributor Author

I can pick this one up, shouldn't be too tricky. We have a check in place for the trust zone status command. I'll take a look at other commands.

@markgoddard markgoddard changed the title cofidectl federation list command now fails if SPIRE server is not running Some commands fail if SPIRE server is not running Nov 29, 2024
@markgoddard
Copy link
Contributor Author

These two are also affected:

cofidectl workload list
cofidectl workload discover

The first requires SPIRE server, but we could do the second without it.

markgoddard added a commit that referenced this issue Nov 29, 2024
@markgoddard
Check if trust zone is deployed in commands that exec into SPIRE server
38b3c89 
Some cofidectl commands exec into the SPIRE server to query it using the
spire-server CLI. This fails with an error if the SPIRE server has not
yet been deployed.

This change fixes the issue for the following commands:

- federation list (reports Health as Inactive)
- workload list (fails with a better error message)
- workload discover (continues without querying SPIRE server)

Fixes: #52
@markgoddard markgoddard mentioned this issue Nov 29, 2024
Merged
markgoddard added a commit that referenced this issue Dec 2, 2024
@markgoddard
Merge pull request #53 from /issues/52
5de2941 
Check if trust zone is deployed in commands that exec into SPIRE server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markgoddard markgoddard

Labels
None yet
Projects
None yet
Milestone
release-0.7.0
Development

Successfully merging a pull request may close this issue.

Check if trust zone is deployed in commands that exec into SPIRE server cofide/cofidectl
2 participants
@markgoddard @jsnctl