Merge branch 'main' into multiple-jwt-audiences

spiffe · Jan 9, 2024 · 38e1561 · 38e1561
2 parents 558ea30 + a9e9743
commit 38e1561
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -22,6 +22,7 @@ The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted f
  | `cmd`                         | The path to the process to launch.                                                                             | `"ghostunnel"`                                                                                                                                                       |
  | `cmd_args`                    | The arguments of the process to launch.                                                                        | `"server --listen localhost:8002 --target localhost:8001--keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database"` |
  | `cert_dir`                    | Directory name to store the fetched certificates. This directory must be created previously.                   | `"certs"`                                                                                                                                                            |
+ | `exit_when_ready`             | Fetch x509 certificate and then exit(0)                                                                        | `true`               |
  | `add_intermediates_to_bundle` | Add intermediate certificates into Bundle file instead of SVID file.                                           | `true`                                                                                                                                                               |
  | `renew_signal`                | The signal that the process to be launched expects to reload the certificates. It is not supported on Windows. | `"SIGUSR1"`                                                                                                                                                          |
  | `svid_file_name`              | File name to be used to store the X.509 SVID public certificate in PEM format.                                 | `"svid.pem"`                                                                                                                                                         |
@@ -55,4 +56,4 @@ svid_bundle_file_name = "svid_bundle.pem"
 jwt_audience = "your-audience"
 jwt_svid_file_name = "jwt.token"
 jwt_bundle_file_name = "bundle.json"
-```
+```
diff --git a/pkg/sidecar/config.go b/pkg/sidecar/config.go
@@ -17,6 +17,7 @@ type Config struct {
 	CmdArgsDeprecated      string `hcl:"cmdArgs"`
 	CertDir                string `hcl:"cert_dir"`
 	CertDirDeprecated      string `hcl:"certDir"`
+	ExitWhenReady          bool   `hcl:"exit_when_ready"`
 	// Merge intermediate certificates into Bundle file instead of SVID file,
 	// it is useful is some scenarios like MySQL,
 	// where this is the expected format for presented certificates and bundles

diff --git a/pkg/sidecar/sidecar.go b/pkg/sidecar/sidecar.go
@@ -147,6 +147,10 @@ func (s *Sidecar) updateCertificates(svidResponse *workloadapi.X509Context) {
 		}
 	}
 
+	if s.config.ExitWhenReady {
+		os.Exit(0)
+	}
+
 	select {
 	case s.certReadyChan <- struct{}{}:
 	default: