Skip to content

Commit

Permalink
Add support for signaling an external process via pid file
Browse files Browse the repository at this point in the history 
Signed-off-by: Kevin Fox <[email protected]>
  • Loading branch information
@kfox1111
kfox1111 committed Dec 19, 2023
1 parent e7fbc8e commit 1f25b1d
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 1 deletion.
1 change: 1 addition & 0 deletions pkg/sidecar/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ type Config struct {
// where this is the expected format for presented certificates and bundles
AddIntermediatesToBundle bool `hcl:"add_intermediates_to_bundle"`
AddIntermediatesToBundleDeprecated bool `hcl:"addIntermediatesToBundle"`
PidFileName string `hcl:"pid_file_name"`
SvidFileName string `hcl:"svid_file_name"`
SvidFileNameDeprecated string `hcl:"svidFileName"`
SvidKeyFileName string `hcl:"svid_key_file_name"`
Expand Down
20 changes: 19 additions & 1 deletion pkg/sidecar/sidecar.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@ import (
"encoding/json"
"encoding/pem"
"fmt"
"io/ioutil"

Check failure on line 11 in pkg/sidecar/sidecar.go

View workflow job for this annotation

GitHub Actions / lint (linux) 

SA1019: "io/ioutil" has been deprecated since Go 1.19: As of Go 1.16, the same functionality is now provided by package [io] or package [os], and those implementations should be preferred in new code. See the specific function documentation for details. (staticcheck)
"os"
"os/exec"
"path"
"strconv"
"strings"
"sync"
"sync/atomic"
Expand Down Expand Up @@ -138,7 +140,7 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) {
}
s.config.Log.Info("X.509 certificates updated")

if s.config.Cmd != "" {
if s.config.Cmd != "" || s.config.PidFileName != "" {
if err := s.signalProcess(); err != nil {
s.config.Log.WithError(err).Error("Unable to signal process")
}
Expand All @@ -153,6 +155,22 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) {
// signalProcess sends the configured Renew signal to the process running the proxy
// to reload itself so that the proxy uses the new SVID
func (s *Sidecar) signalProcess() (err error) {
if s.config.PidFileName != "" {
atomic.StoreInt32(&s.processRunning, 1)
bytes, err := ioutil.ReadFile(s.config.PidFileName)
if err != nil {
return fmt.Errorf("Failed to read pid file: %s\n%w", s.config.PidFileName, err)
}
lines := strings.Split(string(bytes), "\n")
pid, err := strconv.Atoi(lines[0])
if err != nil {
return fmt.Errorf("Failed to parse pid file: %s\n%w", s.config.PidFileName, err)
}
s.process, err = os.FindProcess(pid)
if err != nil {
return fmt.Errorf("Failed to find process: %d\n%w", pid, err)
}
}
// TODO: is ReloadExternalProcess still used?
switch s.config.ReloadExternalProcess {
case nil:
Expand Down

0 comments on commit 1f25b1d

Please sign in to comment.