3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-26 14:38:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: move mTLS settings to new struct (#4442)

Browse source 
Move downstream mTLS settings to a nested config file object, under the
key 'downstream_mtls', and add a new DownstreamMTLSSettings struct for
these settings.

Deprecate the existing ClientCA and ClientCAFile fields in the Options
struct, but continue to honor them for now (log a warning if either is
populated).

Delete the ClientCRL and ClientCRLFile fields entirely (in current
releases these cannot be set without causing an Envoy error, so this
should not be a breaking change).

Update the Settings proto to mirror this nested structure.
This commit is contained in:
Kenneth Jenkins 2023-08-08 10:22:48 -07:00 committed by GitHub
parent a16bdd9cb0
commit 24b09186a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 671 additions and 395 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/config_source.go
View file

@ -225,12 +225,13 @@ func (src *FileWatcherSource) check(ctx context.Context, cfg *Config) {
cfg.Options.CAFile,
cfg.Options.CertFile,
cfg.Options.ClientCAFile,
cfg.Options.ClientCRLFile,
cfg.Options.ClientSecretFile,
cfg.Options.CookieSecretFile,
cfg.Options.DataBrokerStorageCAFile,
cfg.Options.DataBrokerStorageCertFile,
cfg.Options.DataBrokerStorageCertKeyFile,
cfg.Options.DownstreamMTLS.CAFile,
cfg.Options.DownstreamMTLS.CRLFile,
cfg.Options.KeyFile,
cfg.Options.MetricsCertificateFile,
cfg.Options.MetricsCertificateKeyFile,