From b080d96109b7a6953e8696d08610bdf55726bd4e Mon Sep 17 00:00:00 2001 From: Sean Breen Date: Mon, 3 Mar 2025 16:04:31 +0000 Subject: [PATCH 1/3] add command.tls paths to credential watcher if present --- .../credentials/credential_watcher_service.go | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/internal/watcher/credentials/credential_watcher_service.go b/internal/watcher/credentials/credential_watcher_service.go index 440c029db..9bf20b24f 100644 --- a/internal/watcher/credentials/credential_watcher_service.go +++ b/internal/watcher/credentials/credential_watcher_service.go @@ -107,11 +107,11 @@ func (cws *CredentialWatcherService) addWatcher(ctx context.Context, filePath st if err := cws.watcher.Add(filePath); err != nil { slog.ErrorContext(ctx, "Failed to add credential watcher", "path", filePath, "error", err) - removeError := cws.watcher.Remove(filePath) - if removeError != nil { - slog.ErrorContext( - ctx, "Failed to remove credential watcher", "path", filePath, "error", removeError) - } + //removeError := cws.watcher.Remove(filePath) + //if removeError != nil { + // slog.ErrorContext( + // ctx, "Failed to remove credential watcher", "path", filePath, "error", removeError) + //} return } @@ -183,6 +183,19 @@ func credentialPaths(agentConfig *config.Config) []string { } } + // agent's tls certs + if agentConfig.Command.TLS != nil { + if agentConfig.Command.TLS.Ca != "" { + paths = append(paths, agentConfig.Command.TLS.Ca) + } + if agentConfig.Command.TLS.Cert != "" { + paths = append(paths, agentConfig.Command.TLS.Cert) + } + if agentConfig.Command.TLS.Key != "" { + paths = append(paths, agentConfig.Command.TLS.Key) + } + } + return paths } From 0205e64c1e864e96528a76fb21ecf1a3632be9ac Mon Sep 17 00:00:00 2001 From: Sean Breen Date: Mon, 3 Mar 2025 16:33:31 +0000 Subject: [PATCH 2/3] Add unit tests for tls cert paths --- .../credential_watcher_service_test.go | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/internal/watcher/credentials/credential_watcher_service_test.go b/internal/watcher/credentials/credential_watcher_service_test.go index 23fd3b9e5..cdb62746c 100644 --- a/internal/watcher/credentials/credential_watcher_service_test.go +++ b/internal/watcher/credentials/credential_watcher_service_test.go @@ -224,6 +224,27 @@ func Test_credentialPaths(t *testing.T) { }, want: nil, }, + { + name: "Test 3: Add TLS paths if Command TLS is set", + agentConfig: &config.Config{ + Command: &config.Command{ + Server: nil, + Auth: nil, + TLS: &config.TLSConfig{ + Cert: "/tmp-ca", + Key: "/tmp-token", + Ca: "/tmp-key", + ServerName: "my-server", + SkipVerify: false, + }, + }, + }, + want: []string{ + "/tmp-key", + "/tmp-ca", + "/tmp-token", + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { From a5774714e38a56933641ede1f6d97d46a72e06a9 Mon Sep 17 00:00:00 2001 From: Sean Breen Date: Mon, 3 Mar 2025 16:37:33 +0000 Subject: [PATCH 3/3] update tests --- internal/watcher/credentials/credential_watcher_service.go | 5 ----- .../watcher/credentials/credential_watcher_service_test.go | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/internal/watcher/credentials/credential_watcher_service.go b/internal/watcher/credentials/credential_watcher_service.go index 9bf20b24f..3dd5dcc9f 100644 --- a/internal/watcher/credentials/credential_watcher_service.go +++ b/internal/watcher/credentials/credential_watcher_service.go @@ -107,11 +107,6 @@ func (cws *CredentialWatcherService) addWatcher(ctx context.Context, filePath st if err := cws.watcher.Add(filePath); err != nil { slog.ErrorContext(ctx, "Failed to add credential watcher", "path", filePath, "error", err) - //removeError := cws.watcher.Remove(filePath) - //if removeError != nil { - // slog.ErrorContext( - // ctx, "Failed to remove credential watcher", "path", filePath, "error", removeError) - //} return } diff --git a/internal/watcher/credentials/credential_watcher_service_test.go b/internal/watcher/credentials/credential_watcher_service_test.go index cdb62746c..60d740a09 100644 --- a/internal/watcher/credentials/credential_watcher_service_test.go +++ b/internal/watcher/credentials/credential_watcher_service_test.go @@ -211,6 +211,9 @@ func Test_credentialPaths(t *testing.T) { agentConfig: types.AgentConfig(), want: []string{ "/tmp/token", + "ca.pem", + "cert.pem", + "key.pem", }, }, {