Workload API is not working in Windows.

[prasanthAllu]

The steps that I have followed to run the workload api in windows as given below.

1. spire-server and spire-agent taken from the following .zip file
   https://github.com/spiffe/spire/releases/download/v1.8.7/spire-1.8.7-windows-amd64.zip

2. And the configuration I have updated to support in windows that I have attached below.
   conf.zip

3. And the SocketPath = "npipe:\\.\pipe\spire-agent\public\api"

4. To start spire-server executed the following command.
   spire-server run -config conf/server/server.conf

5. Generating the joinToken
   spire-server token generate -spiffeID spiffe://example.org/host

6. To start spire-agent executed the following command.
   spire-agent run -config conf/agent/agent.conf -joinToken

7. Created 2 new users server-workload and client-workload

8. Define SPIRE server entries for the users:
   spire-server entry create -spiffeID spiffe://example.org/server -parentID spiffe://example.org/host -selector
   windows_account:username:server-workload

   spire-server entry create -spiffeID spiffe://example.org/server -parentID spiffe://example.org/host -selector
   windows_account:username:client-workload

9. Run the server workload:
   runas /user:server-workload ".\server.exe" or go run main.go -username=server-workload

10. Run the client workload:
    runas /user:client-workload ".\client.exe" or go run main.go -username=client-workload

Have I missed any essential commands in the process?

And If workload is working on windows, can you provide the demo video for it or steps with description.

from the watcher.go file

func newWatcher(ctx context.Context, config watcherConfig, x509ContextFn func(*X509Context), jwtBundlesFn func(*jwtbundle.Set)) (_ *watcher, err error) {
log.Println("Entered into newWatcher method")
w := &watcher{
updatedCh: make(chan struct{}, 1),
client: config.client,
cancel: func() {},
x509ContextFn: x509ContextFn,
x509ContextSet: make(chan struct{}),
jwtBundlesFn: jwtBundlesFn,
jwtBundlesSet: make(chan struct{}),
}

// If this function fails, we need to clean up the source.
defer func() {
	if err != nil {
		err = errs.Combine(err, w.Close())
	}
}()

// Initialize a new client unless one is provided by the options
if w.client == nil {
	client, err := New(ctx, config.clientOptions...)
	if err != nil {
		return nil, err
	}
	w.client = client
	w.ownsClient = true
}
log.Println("Before waitFor")
errCh := make(chan error, 2)
**waitFor := func(has <-chan struct{}) error {
	log.Println("one")
	select {
	case <-has:
		return nil
	case err := <-errCh:
		return err
	case <-ctx.Done():
		return ctx.Err()
	}
}**
log.Println("After waitFor")
// Kick up a background goroutine that watches the Workload API for
// updates.
var watchCtx context.Context
watchCtx, w.cancel = context.WithCancel(context.Background())
log.Println("Before if w.x509ContextFn")
if w.x509ContextFn != nil {
	w.wg.Add(1)
	go func() {
		defer w.wg.Done()
		errCh <- w.client.WatchX509Context(watchCtx, w)
	}()
	if err := waitFor(w.x509ContextSet); err != nil {
		return nil, err
	}
}
log.Println("Before if w.jwtBundlesFn")
if w.jwtBundlesFn != nil {
	w.wg.Add(1)
	go func() {
		defer w.wg.Done()
		errCh <- w.client.WatchJWTBundles(watchCtx, w)
	}()
	if err := waitFor(w.jwtBundlesSet); err != nil {
		return nil, err
	}
}

// Drain the update channel since this function blocks until an update and
// don't want callers to think there was an update on the source right
// after it was initialized. If we ever allow the watcher to be initialzed
// without waiting, this reset should be removed.
log.Println("Before w.drainUpdated()")
w.drainUpdated()
log.Println("After w.drainUpdated()")

return w, nil

}

the code I am highlighting where pointer has structed, means it is not coming out form the loop.

waitFor := func(has <-chan struct{}) error {
	log.Println("one")
	select {
	case <-has:
		return nil
	case err := <-errCh:
		return err
	case <-ctx.Done():
		return ctx.Err()
	}
}