Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spire agent should error if -insecureBootstrap and -trustBundleUrl are given #4530

Closed
mnp opened this issue Sep 27, 2023 · 4 comments
Closed
Labels
good first issue Issues with this label are good candidates for first-time contributions help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog

Comments

@mnp
Copy link

mnp commented Sep 27, 2023

  • Version:
    1.7.2
  • Platform:
    Linux da497fc50492 5.10.124-linuxkit CLI authentication #1 SMP Thu Jun 30 08:19:10 UTC 2022 x86_64 GNU/Linux
  • Subsystem:
    agent

Docs say only one of the three options can be set at once, but the agent will not error out with that message if you try.

Eg spire-agent run -config /hacked.conf -joinToken ... -insecureBootstrap -trustBundleUrl https://abc.xy:8081 will carry on trying to call the URL instead of bailing early.

This noob user was confused for a while before more RTFM and realized it's an invalid usage.

@evan2645 evan2645 added triage/in-progress Issue triage is in progress good first issue Issues with this label are good candidates for first-time contributions help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog and removed triage/in-progress Issue triage is in progress labels Sep 28, 2023
@evan2645
Copy link
Member

Thanks for reporting this @mnp

Any chance you're up for sending a PR too?

@mnp
Copy link
Author

mnp commented Sep 28, 2023

Yeah, if I get a minute. Anyone else, feel free though.

@SilvaMatteus
Copy link
Contributor

Hi guys,

I was looking at the issues to contribute again after some time not being able to do so.

There is a test in https://github.com/spiffe/spire/blob/main/cmd/spire-agent/cli/run/run_test.go#L744. However this test does not catch the right error. I forced the test case to fail by setting expectError: false:

--- FAIL: TestNewAgentConfig (0.00s)
    --- FAIL: TestNewAgentConfig/insecure_bootstrap_and_trust_bundle_url_cannot_both_be_set (0.00s)
        run_test.go:935:
            	Error Trace:	/home/matteus/spire/cmd/spire-agent/cli/run/run_test.go:935
            	Error:      	Received unexpected error:
            	            	only one of trust_bundle_url or trust_bundle_path can be specified, not both
            	Test:       	TestNewAgentConfig/insecure_bootstrap_and_trust_bundle_url_cannot_both_be_set
FAIL

It is actually failing because of "only one of trust_bundle_url or trust_bundle_path can be specified, not both".

I would use a function expectErrorContains to catch the right error, if you guys do not mind me tackling this issue.

@SilvaMatteus
Copy link
Contributor

@evan2645, should we close this now that #4532 is merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Issues with this label are good candidates for first-time contributions help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog
Projects
None yet
Development

No branches or pull requests

4 participants