spiffe · edwbuck · Apr 17, 2023 · Jun 22, 2023 · Jun 28, 2024
@@ -3,7 +3,34 @@
 This document gives guidance for authoring plugins.
 
 SPIRE plugins implement one and only one plugin _type_ (e.g. KeyManager). They
-also implement zero or more services.
+also implement zero or more services. Below is a list of plugin types, alongside templates that can be used as a base
+for authoring plugins.
+
+## Templates
+Each template contains a go file that can be used as a starting point for authoring plugins. A test file is also
+provided for each template; the test file contains a test suite that can be used to verify that the plugin has been 
+loaded and is working as expected using [plugintest](https://pkg.go.dev/github.com/spiffe/spire-plugin-sdk/plugintest).
+
+### Agent
+
+| Plugin           | Description                                           | Template                                    |
+|------------------|-------------------------------------------------------|---------------------------------------------|
+| KeyManager       | Manages private keys and performs signing operations. | [link](../templates/agent/keymanager)       |
+| NodeAttestor     | Performs the agent side of the node attestation flow. | [link](../templates/agent/nodeattestor)     |
+| SVIDStore        | Stores workload X509-SVIDs to arbitrary destinations. | [link](../templates/agent/svidstore)        |
+| WorkloadAttestor | Attests workloads and provides selectors.             | [link](../templates/agent/workloadattestor) |
+
+### Server
+
+| Plugin             | Description                                            | Template                                       |
+|--------------------|--------------------------------------------------------|------------------------------------------------|
+| KeyManager         | Manages private keys and performs signing operations.  | [link](../templates/server/keymanager)         |
+| NodeAttestor       | Performs the server side of the node attestation flow. | [link](../templates/server/nodeattestor)       |
+| Notifier           | Notifies external systems of certain SPIRE events.     | [link](../templates/server/notifier)           |
+| UpstreamAuthority  | Plugs SPIRE into an upstream PKI.                      | [link](../templates/server/upstreamauthority)  |
+| CredentialComposer | Allows customization of SVID and CA attributes.        | [link](../templates/server/credentialcomposer) |
+
+
 
 ## Configuration
 
@@ -69,7 +96,7 @@ func main() {
     plugin := new(Plugin)
     pluginmain.Serve(
         keymanagerv1.KeyManagerPluginServer(plugin),
-        configv1.ConfigPluginServer(plugin), // <-- add the Config service server implementation
+        configv1.ConfigServiceServer(plugin), // <-- add the Config service server implementation
     )
 }
 ```
@@ -150,7 +177,7 @@ plugin will fail to load.
 
 ## Cleanup
 
-Plugins are seperate processes and are terminated when the plugin is unloaded.
+Plugins are separate processes and are terminated when the plugin is unloaded.
 However, it may be desirable to perform some graceful cleanup operations.
 
 To facilitate this, if plugin/service implementations implement the io.Closer
@@ -176,7 +203,7 @@ See the package docs for more information.
 ## Running
 
 The [pluginmain](https://pkg.go.dev/github.com/spiffe/spire-plugin-sdk/pluginmain) package
-is used to run the plugin. It takes care of setting up all of the plugin facilities and
+is used to run the plugin. It takes care of setting up all the plugin facilities and
 wiring up the logger and hostservices.
 
 See the package docs for more information.
@@ -52,5 +52,5 @@ SPIRE repository can be updated by running `go get
 github.com/spiffe/spire-plugin-sdk@next` from the SPIRE repository.
 
 Relying on a pseudo versions means that this repository only needs tags
-for the offically released versions, while still allowing SPIRE to work with
+for the officially released versions, while still allowing SPIRE to work with
 unreleased changes during development.
@@ -125,7 +125,7 @@ to couple it to that operation.
 
 The `Attest` RPC request and response fields are now contained within `oneof`'s
 to strongly convey the difference in field requirements in requests and
-responses during the atestation flow. The attestation payload no longer needs
+responses during the attestation flow. The attestation payload no longer needs
 to include a type, since that is now inferred by SPIRE from the name of the
 plugin. The selectors returned in the final response are selector values only.
 The selector type is inferred by SPIRE from the name of the plugin.

@@ -8,13 +8,13 @@ import (
 // Serve serves the plugin using the given plugin/service servers. It does
 // not return. It is intended to be called from main(). For example:
 //
-// func main() {
-//     plugin := new(Plugin)
-//     pluginmain.Serve(
-//          keymanagerv1.KeyManagerPluginServer(plugin),
-//          configv1.ConfigPluginServer(plugin),
-//     )
-// }
+//	func main() {
+//	    plugin := new(Plugin)
+//	    pluginmain.Serve(
+//	         keymanagerv1.KeyManagerPluginServer(plugin),
+//	         configv1.ConfigServiceServer(plugin),
+//	    )
+//	}
 func Serve(pluginServer pluginsdk.PluginServer, serviceServers ...pluginsdk.ServiceServer) {
 	logger := internal.NewLogger()
 	internal.Serve(logger, logger, pluginServer, serviceServers, nil)