Add a README and build script

Justfile

@@ -0,0 +1,23 @@
+
+set export
+set shell := ["bash", "-euo", "pipefail", "-c"]
+
+export KO_DOCKER_REPO := env_var_or_default("KO_DOCKER_REPO", "kind.local")
+export KIND_CLUSTER_NAME := env_var_or_default("KIND_CLUSTER_NAME", "kind")
+
+lint *args:
+    golangci-lint run --show-stats {{args}}
+
+check-deps:
+    # Check for demo script dependencies
+    for cmd in ko kubectl; do \
+        if ! command -v $cmd &> /dev/null; then \
+            echo "Error: $cmd is not installed" >&2; \
+            exit 1; \
+        fi \
+    done
+    echo "All dependencies installed"
+
+# Build application
+build: check-deps
+    ko build github.com/cofide/cofidectl-debug-container/cmd

README.md

@@ -1 +1,49 @@
-# cofidectl-debug-container
+# cofidectl debug container
+
+This is a debug container that is used by [`cofidectl`](https://www.github.com/cofide/cofidectl) to discover the SPIFFE SVID and trust bundle issued to a workload, as part of the `cofidectl workload status` command. It helps to debug a running workload in a cluster and ensure it's identity is as intended.
+
+Cofide provide a ready-made container image used by `cofidectl` but you may wish to [build](#build) your own.
+
+## Prerequisites
+
+Building a `cofidectl-debug-container` binary requires:
+
+* [Go 1.22 toolchain](https://golang.org/doc/install)
+* [`just`](https://github.com/casey/just) as a command runner
+
+## Build
+
+To run the unit tests and build the `cofidectl-debug-container` binary:
+
+```sh
+just build
+```
+
+## How it works
+
+With `cofidectl`, this container is executed in-cluster as a Kubernetes [ephemeral container](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/). The Go application interfaces with the [SPIFFE Workload API](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Workload_API.md) to obtain the SPIFFE SVID and trust bundle issued to a workload. `cofidectl` prints this to the console - for example:
+
+```
+./cofidectl workload status foo --namespace demo --pod-name ping-pong-client-f6f6495b5-zb9bd --trust-zone cofide-a
+✅ Complete: Successfully executed emphemeral container in ping-pong-client-f6f6495b5-zb9bd
+
+Trust bundles received
+* spiffe://cofide-a.test
+    Certificate "22:FA:3D:F3:D5:B7:FC:47:5E:AA:A1:7A:66:A6:03:2D:B0:90:E3:30:A7:7C:9F:3C:F0:33:18:78:3A:41:62:EB"
+    is a CA certificate
+    valid from "2024-11-22T04:15:53Z" to "2024-11-22T16:16:03Z"
+    Subject: SERIALNUMBER=134874419949172333976462662483560844916,CN=example.org,O=Example,C=ARPA
+    DNS names: spiffe://cofide-a.test
+    Signature algorithm: SHA256-RSA
+    Issuer: SERIALNUMBER=134874419949172333976462662483560844916,CN=example.org,O=Example,C=ARPA
+
+SVIDs received
+* spiffe://cofide-a.test/ns/demo/sa/ping-pong-client
+    Certificate "4D:FA:5B:56:EC:B4:73:FF:24:9C:2D:E6:DE:AC:41:3B:0B:BE:42:B8:2F:E9:2C:71:87:FF:BD:E0:C3:C8:9D:E4"
+    valid from "2024-11-22T09:10:10Z" to "2024-11-22T13:10:20Z"
+    Subject: O=SPIRE,C=US
+    DNS names: spiffe://cofide-a.test/ns/demo/sa/ping-pong-client
+    Signature algorithm: SHA256-RSA
+    Issuer: SERIALNUMBER=134874419949172333976462662483560844916,CN=example.org,O=Example,C=ARPA
+    SVID verified against trust bundle
+```

cmd/main.go

@@ -15,7 +15,7 @@ import (
 	"github.com/spiffe/go-spiffe/v2/workloadapi"
 )
 
-const spiffeSocket = "unix:///tmp/spire.sock"
+const spiffeSocket = "unix:///spiffe-workload-api/spire-agent.sock"
 
 func main() {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)

go.mod

@@ -6,13 +6,15 @@ require github.com/spiffe/go-spiffe/v2 v2.4.0
 
 require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
-	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/net v0.28.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect
 	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 )

go.sum

@@ -1,32 +1,32 @@
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
 github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/spiffe/go-spiffe/v2 v2.4.0 h1:j/FynG7hi2azrBG5cvjRcnQ4sux/VNj8FAVc99Fl66c=
 github.com/spiffe/go-spiffe/v2 v2.4.0/go.mod h1:m5qJ1hGzjxjtrkGHZupoXHo/FDWwCB1MdSyBzfHugx0=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
 github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
 google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=