spiffe / spiffe.io

Source for the SPIFFE and SPIRE project websites. Hosted by the Cloud Native Computing Foundation
https://spiffe.io/
Other
26 stars 61 forks source link

Confusing documentation in the last SPIRE version 1.5.x about NodeResolver #263

Open idexter opened 1 year ago

idexter commented 1 year ago

Hello. I'm new in Spire and started using it since v1.5.0. As I understand, since v1.5.0, NodeResolver plugin was deprecated. At the same time it still exists in actual version of documentation hosted on: https://spiffe.io/

I have found it at least it these sections:

My questions are:

Thanks

MarcosDY commented 1 year ago

as you mention it is no possible to add custom selectors from v1.5.0, do you have a use case for that?

About spiffe.io, we'll need to update that documentation, thanks for your summary!!!

idexter commented 1 year ago

do you have a use case for that?

Thanks for the explanation. 🙏 Right now I'm not sure, but most likely it appears in my case the near future. If it happens I will come back and share it.

evan2645 commented 1 year ago

Hi @idexter!

Is it possible to add custom node selectors since v1.5.0 without forking existing NodeAttestors?

You should be able to embed the upstream node attestor into a custom one (i.e. wrap it), to inject custom selectors without having to fully fork the attestor. I opened this related issue: https://github.com/spiffe/spire-plugin-sdk/issues/34

It it possible to remove that confusing information from documentation and maybe add a new section which explains ways to add custom node selectors?

We should definitely remove the stale documentation. I'm going to move this issue to the spiffe.io repo