Skip to content

Don't contact trust_bundle_url needlessly #6065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 15, 2025
Merged

Don't contact trust_bundle_url needlessly #6065

merged 5 commits into from
May 15, 2025

Conversation

kfox1111
Copy link
Contributor

Pull Request check list

  • Commit conforms to CONTRIBUTING.md?
  • Proper tests/regressions included?
  • Documentation updated?

Description of change
The agent contacts the trust_bundle_url on startup even if it already has a trust bundle. If connection fails, the agent fails. This requirement puts more load on the server needlessly, and either makes the agent lower availability or puts higher availability requirements on the server. Change it so that this doesn't happen.

Which issue this PR fixes
Fixes: #5893

@kfox1111
Don't contact trust_bundle_url needlessly
2362998 
The agent contacts the trust_bundle_url on startup even if it already
has a trust bundle. If connection fails, the agent fails. This
requirement puts more load on the server needlessly, and either makes
the agent lower availability or puts higher availability requirements
on the server. Change it so that this doesn't happen.

Signed-off-by: Kevin Fox <[email protected]>
@kfox1111
Copy link
Contributor Author

Fix broken out of #5892

@kfox1111
Fix lint
ee2d3a3 
Signed-off-by: Kevin Fox <[email protected]>
amartinezfayo
amartinezfayo reviewed May 15, 2025
View reviewed changes
Copy link
Member

@amartinezfayo amartinezfayo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good! Thank you @kfox1111

pkg/agent/agent.go Outdated
Comment on lines 118 to 119
InsecureBootstrap := false
BootstrapTrustBundle, err := sto.LoadBundle()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variables InsecureBootstrap and BootstrapTrustBundle are declared with an uppercase first letter, which is typically reserved for exported variables. Consider renaming them to insecureBootstrap and bootstrapTrustBundle.

pkg/agent/agent.go Outdated
Comment on lines 152 to 153
InsecureBootstrap := false
BootstrapTrustBundle, err := sto.LoadBundle()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

@amartinezfayo amartinezfayo merged commit 81d54ef into spiffe:main May 15, 2025
36 checks passed
@amartinezfayo amartinezfayo added this to the 1.12.2 milestone May 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amartinezfayo amartinezfayo amartinezfayo approved these changes

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@sorindumitru sorindumitru Awaiting requested review from sorindumitru sorindumitru is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees

@amartinezfayo amartinezfayo

Labels
None yet
Projects
None yet
Milestone
1.12.4
Development

Successfully merging this pull request may close these issues.

trust_bundle_url contact on agent startup
2 participants
@kfox1111 @amartinezfayo