From 1f25b1d6a0dedb19f8e70f06b41c78c1a61e71ae Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 19 Dec 2023 07:48:52 -0800 Subject: [PATCH] Add support for signaling an external process via pid file Signed-off-by: Kevin Fox --- pkg/sidecar/config.go | 1 + pkg/sidecar/sidecar.go | 20 +++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/pkg/sidecar/config.go b/pkg/sidecar/config.go index e83c30bd..82257be8 100644 --- a/pkg/sidecar/config.go +++ b/pkg/sidecar/config.go @@ -22,6 +22,7 @@ type Config struct { // where this is the expected format for presented certificates and bundles AddIntermediatesToBundle bool `hcl:"add_intermediates_to_bundle"` AddIntermediatesToBundleDeprecated bool `hcl:"addIntermediatesToBundle"` + PidFileName string `hcl:"pid_file_name"` SvidFileName string `hcl:"svid_file_name"` SvidFileNameDeprecated string `hcl:"svidFileName"` SvidKeyFileName string `hcl:"svid_key_file_name"` diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go index a9a31a49..5bb9dd98 100644 --- a/pkg/sidecar/sidecar.go +++ b/pkg/sidecar/sidecar.go @@ -8,9 +8,11 @@ import ( "encoding/json" "encoding/pem" "fmt" + "io/ioutil" "os" "os/exec" "path" + "strconv" "strings" "sync" "sync/atomic" @@ -138,7 +140,7 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) { } s.config.Log.Info("X.509 certificates updated") - if s.config.Cmd != "" { + if s.config.Cmd != "" || s.config.PidFileName != "" { if err := s.signalProcess(); err != nil { s.config.Log.WithError(err).Error("Unable to signal process") } @@ -153,6 +155,22 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) { // signalProcess sends the configured Renew signal to the process running the proxy // to reload itself so that the proxy uses the new SVID func (s *Sidecar) signalProcess() (err error) { + if s.config.PidFileName != "" { + atomic.StoreInt32(&s.processRunning, 1) + bytes, err := ioutil.ReadFile(s.config.PidFileName) + if err != nil { + return fmt.Errorf("Failed to read pid file: %s\n%w", s.config.PidFileName, err) + } + lines := strings.Split(string(bytes), "\n") + pid, err := strconv.Atoi(lines[0]) + if err != nil { + return fmt.Errorf("Failed to parse pid file: %s\n%w", s.config.PidFileName, err) + } + s.process, err = os.FindProcess(pid) + if err != nil { + return fmt.Errorf("Failed to find process: %d\n%w", pid, err) + } + } // TODO: is ReloadExternalProcess still used? switch s.config.ReloadExternalProcess { case nil: