Fixes bug in config.go validations, changes JWT files structure, upda…

…tes README.md.

Signed-off-by: JU4N98 <[email protected]>

README.md

@@ -28,7 +28,7 @@ The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted f
  |`svid_key_file_name`      | File name to be used to store the X.509 SVID private key and public certificate in PEM format.                 | `"svid_key.pem"`     |
  |`svid_bundle_file_name`   | File name to be used to store the X.509 SVID Bundle in PEM format.                                             | `"svid_bundle.pem"`  |
  |`audience`                | JWT SVID audience.                                                                                             | `"example.org"`|
- |`jwt_file_name`           | File name to be used to store JWT SVID certificate in JSON format.                                             | `"jwt.json"`         |
+ |`jwt_file_name`           | File name to be used to store JWT SVID in JSON format.                                                         | `"jwt.json"`         |
  |`jwk_file_name`           | File name to be used to store JWT SVID Bundle in JSON format.                                                  | `"jwk.json"`         |
 
 ### Configuration example

pkg/sidecar/config.go

@@ -32,7 +32,7 @@ type Config struct {
 	RenewSignalDeprecated              string `hcl:"renewSignal"`
 
 	// JWT configuration
-	JWTAudience string `hcl:"audience"`
+	JWTAudience string `hcl:"jwt_audience"`
 	JWTFilename string `hcl:"jwt_file_name"`
 	JWKFilename string `hcl:"jwk_file_name"`
 
@@ -120,16 +120,7 @@ func ValidateConfig(c *Config) error {
 		c.RenewSignal = c.RenewSignalDeprecated
 	}
 
-	switch {
-	case c.SvidFileName == "":
-		return errors.New("svid_file_name is required")
-	case c.SvidKeyFileName == "":
-		return errors.New("svid_key_file_name is required")
-	case c.SvidBundleFileName == "":
-		return errors.New("svid_bundle_file_name is required")
-	default:
-		return nil
-	}
+	return nil
 }
 
 func getWarning(s1 string, s2 string) string {

pkg/sidecar/config_test.go

@@ -50,34 +50,6 @@ func TestValidateConfig(t *testing.T) {
 				SvidBundleFileName: "bundle.pem",
 			},
 		},
-		{
-			name: "no SVID file",
-			config: &Config{
-				AgentAddress:       "path",
-				SvidKeyFileName:    "key.pem",
-				SvidBundleFileName: "bundle.pem",
-			},
-			expectError: "svid_file_name is required",
-		},
-		{
-			name: "no key file",
-			config: &Config{
-				AgentAddress:       "path",
-				SvidFileName:       "cert.pem",
-				SvidBundleFileName: "bundle.pem",
-			},
-			expectError: "svid_key_file_name is required",
-		},
-		{
-			name: "no bundle file",
-			config: &Config{
-				AgentAddress:    "path",
-				SvidFileName:    "cert.pem",
-				SvidKeyFileName: "key.pem",
-			},
-			expectError: "svid_bundle_file_name is required",
-		},
-
 		// Duplicated field error:
 		{
 			name: "Both agent_address & agentAddress in use",

pkg/sidecar/sidecar.go

@@ -189,22 +189,6 @@ func (s *Sidecar) dumpBundles(svidResponse *workloadapi.X509Context) error {
 	return nil
 }
 
-func (s *Sidecar) readJSON(fileName string) map[string]interface{} {
-	jsonPath := path.Join(s.config.CertDir, fileName)
-	file, err := os.ReadFile(jsonPath)
-	if err != nil {
-		s.config.Log.Warnf("Unable to read json file: %v", err)
-	}
-
-	certs := make(map[string]interface{})
-	err = json.Unmarshal(file, &certs)
-	if err != nil {
-		s.config.Log.Warnf("Unable to parse json: %v", err)
-	}
-
-	return certs
-}
-
 func (s *Sidecar) writeJSON(fileName string, certs map[string]interface{}) {
 	file, err := json.Marshal(certs)
 	if err != nil {
@@ -221,7 +205,7 @@ func (s *Sidecar) writeJSON(fileName string, certs map[string]interface{}) {
 func (s *Sidecar) updateJWTBundle(jwkSet *jwtbundle.Set) {
 	s.config.Log.Info("Updating JWK bundles")
 
-	bundles := make(map[string]string)
+	bundles := make(map[string]interface{})
 	for _, bundle := range jwkSet.Bundles() {
 		bytes, err := bundle.Marshal()
 		if err != nil {
@@ -231,9 +215,7 @@ func (s *Sidecar) updateJWTBundle(jwkSet *jwtbundle.Set) {
 		bundles[bundle.TrustDomain().Name()] = base64.StdEncoding.EncodeToString(bytes)
 	}
 
-	certs := s.readJSON(s.config.JWKFilename)
-	certs["bundles"] = bundles
-	s.writeJSON(s.config.JWKFilename, certs)
+	s.writeJSON(s.config.JWKFilename, bundles)
 }
 
 func (s *Sidecar) fetchJWTSVID(options ...workloadapi.ClientOption) (*jwtsvid.SVID, error) {
@@ -274,9 +256,12 @@ func (s *Sidecar) updateJWTSVID(ctx context.Context, options ...workloadapi.Clie
 				continue
 			}
 
-			certs := s.readJSON(s.config.JWTFilename)
-			certs["svid"] = jwtSVID.Marshal()
-			s.writeJSON(s.config.JWTFilename, certs)
+			filePath := path.Join(s.config.CertDir, s.config.JWTFilename)
+			err = os.WriteFile(filePath, []byte(jwtSVID.Marshal()), os.ModePerm)
+			if err != nil {
+				s.config.Log.Warnf("Unable to write JWT SVID to a file: %v", err)
+				continue
+			}
 
 			s.config.Log.Infof("JWT SVID updated")
 			time.Sleep(time.Until(jwtSVID.Expiry)/2 + 1*time.Second)

pkg/sidecar/util_windows.go

@@ -47,7 +47,6 @@ func (s *Sidecar) RunDaemon(ctx context.Context) error {
 		go func() {
 			defer wg.Done()
 			s.updateJWTSVID(ctx, workloadapi.WithNamedPipeName(s.config.AgentAddress))
-			errch <- nil
 		}()
 	}