Change SidecarConfig to use string type for SentrySPIFFEID

Signed-off-by: joshvanl <me@joshvanl.dev>
dapr · Jan 18, 2024 · 6973095 · 6973095
1 parent ea6de1b
commit 6973095
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 11 deletions.
diff --git a/cmd/injector/app/app.go b/cmd/injector/app/app.go
@@ -17,6 +17,7 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"os"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -39,7 +40,7 @@ import (
 var log = logger.NewLogger("dapr.injector")
 
 func Run() {
-	opts := options.New()
+	opts := options.New(os.Args[1:])
 
 	// Apply options to all loggers
 	err := logger.ApplyOptionsToLoggers(&opts.Logger)
@@ -107,7 +108,7 @@ func Run() {
 		log.Fatalf("Error creating injector: %v", err)
 	}
 
-	healthzServer := health.NewServer(log)
+	healthzServer := health.NewServer(health.Options{Log: log})
 	caBundleCh := make(chan []byte)
 	mngr := concurrency.NewRunnerManager(
 		metricsExporter.Run,

diff --git a/pkg/injector/patcher/sidecar.go b/pkg/injector/patcher/sidecar.go
@@ -19,7 +19,6 @@ import (
 	"strings"
 
 	"github.com/spf13/cast"
-	"github.com/spiffe/go-spiffe/v2/spiffeid"
 	corev1 "k8s.io/api/core/v1"
 
 	injectorConsts "github.com/dapr/dapr/pkg/injector/consts"
@@ -54,7 +53,7 @@ type SidecarConfig struct {
 	ControlPlaneTrustDomain     string
 	ActorsService               string
 	RemindersService            string
-	SentrySPIFFEID              spiffeid.ID
+	SentrySPIFFEID              string
 	SidecarHTTPPort             int32 `default:"3500"`
 	SidecarAPIGRPCPort          int32 `default:"50001"`
 	SidecarInternalGRPCPort     int32 `default:"50002"`

diff --git a/pkg/injector/patcher/sidecar_patcher_test.go b/pkg/injector/patcher/sidecar_patcher_test.go
@@ -18,7 +18,6 @@ import (
 	"testing"
 
 	jsonpatch "github.com/evanphx/json-patch/v5"
-	"github.com/spiffe/go-spiffe/v2/spiffeid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
@@ -270,10 +269,7 @@ func TestPatching(t *testing.T) {
 			c.Identity = "pod:identity"
 			c.CertChain = "certchain"
 			c.CertKey = "certkey"
-			td, err := spiffeid.TrustDomainFromString("foo.bar")
-			require.NoError(t, err)
-			c.SentrySPIFFEID, err = spiffeid.FromSegments(td, "ns", "example", "dapr-sentry")
-			require.NoError(t, err)
+			c.SentrySPIFFEID = "spiffe://foo.bar/ns/example/dapr-sentry"
 
 			if tc.sidecarConfigModifierFn != nil {
 				tc.sidecarConfigModifierFn(c)

diff --git a/pkg/injector/patcher/sidecar_volumes.go b/pkg/injector/patcher/sidecar_volumes.go
@@ -77,7 +77,7 @@ func (c *SidecarConfig) getTokenVolume() corev1.Volume {
 				DefaultMode: ptr.Of(int32(420)),
 				Sources: []corev1.VolumeProjection{{
 					ServiceAccountToken: &corev1.ServiceAccountTokenProjection{
-						Audience:          c.SentrySPIFFEID.String(),
+						Audience:          c.SentrySPIFFEID,
 						ExpirationSeconds: ptr.Of(int64(7200)),
 						Path:              "token",
 					},

diff --git a/pkg/injector/service/pod_patch.go b/pkg/injector/service/pod_patch.go
@@ -76,7 +76,7 @@ func (i *injector) getPodPatchOperations(ctx context.Context, ar *admissionv1.Ad
 	sidecar.SidecarDropALLCapabilities = i.config.GetDropCapabilities()
 	sidecar.ControlPlaneNamespace = i.controlPlaneNamespace
 	sidecar.ControlPlaneTrustDomain = i.controlPlaneTrustDomain
-	sidecar.SentrySPIFFEID = i.sentrySPIFFEID
+	sidecar.SentrySPIFFEID = i.sentrySPIFFEID.String()
 	sidecar.CurrentTrustAnchors = trustAnchors
 	sidecar.CertChain = string(daprdCert)
 	sidecar.CertKey = string(daprdPrivateKey)