spiffe
cmd exit behavior
The current behavior has a gap in functionality. There are two different behaviors you might want to have when cmd exits.
The current implementation assumes oneshot runs. This enables use cases like with mysql (https://github.com/spiffe/spiffe-helper/blob/main/examples/mysql/helper.conf#L5-L8) Where it runs a command each time the certificates are updated, the command exits, and stays not running until the next certificate update which could be minutes to hours. This is a good feature for this use case.
But, if cmd is a long running daemon such as a web server and it exits prematurely, it will not get restarted until the next certificate update which could be minutes to hours later, which is undesirable.
So I think we probably need a new configuration option stating the desired exit behavior of cmd. To oneshot it like supported now, or restart to immediately restart cmd if it exits.
