docs: update changelog, documentaiton, and helm configurations. (#63)

- Update changelog.
- Update docs to cover authorization support.
- Updates helm to support authorization, and policy file.

proxy/clients/authenticate_client.go

@@ -23,9 +23,9 @@ type Authenticator interface {
 	Close() error
 }
 
-// NewAuthenticateClient returns a new authenticate service client.
+// NewAuthenticateClient returns a new authenticate service client. Presently,
+// only gRPC is supported and is always returned so name is ignored.
 func NewAuthenticateClient(name string, opts *Options) (a Authenticator, err error) {
-	// Only gRPC is supported and is always returned so name is ignored
 	return NewGRPCAuthenticateClient(opts)
 }
 
@@ -112,8 +112,6 @@ func (a *AuthenticateGRPC) Validate(ctx context.Context, idToken string) (bool,
 	// }
 	ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
 	defer cancel()
-	// todo(bdd): add grpc specific timeouts to main options
-	// todo(bdd): handle request id (metadata!?) in grpc receiver and add to ctx logger
 	r, err := a.client.Validate(ctx, &pb.ValidateRequest{IdToken: idToken})
 	if err != nil {
 		return false, err

proxy/clients/authorize_client_test.go

@@ -4,37 +4,35 @@ import (
 	"context"
 	"testing"
 
+	"github.com/golang/mock/gomock"
 	"github.com/pomerium/pomerium/internal/sessions"
-	pb "github.com/pomerium/pomerium/proto/authorize"
-	"google.golang.org/grpc"
+	"github.com/pomerium/pomerium/proto/authorize"
+	mock "github.com/pomerium/pomerium/proto/authorize/mock_authorize"
 )
 
 func TestAuthorizeGRPC_Authorize(t *testing.T) {
-	type fields struct {
-		Conn   *grpc.ClientConn
-		client pb.AuthorizerClient
-	}
-	type args struct {
-		ctx   context.Context
-		route string
-		s     *sessions.SessionState
-	}
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	client := mock.NewMockAuthorizerClient(ctrl)
+	client.EXPECT().Authorize(
+		gomock.Any(),
+		gomock.Any(),
+	).Return(&authorize.AuthorizeReply{IsValid: true}, nil).AnyTimes()
+
 	tests := []struct {
 		name    string
-		fields  fields
-		args    args
+		route   string
+		s       *sessions.SessionState
 		want    bool
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{"good", "hello.pomerium.io", &sessions.SessionState{User: "admin@pomerium.io", Email: "admin@pomerium.io"}, true, false},
+		{"session cannot be nil", "hello.pomerium.io", nil, false, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			a := &AuthorizeGRPC{
-				Conn:   tt.fields.Conn,
-				client: tt.fields.client,
-			}
-			got, err := a.Authorize(tt.args.ctx, tt.args.route, tt.args.s)
+			a := &AuthorizeGRPC{client: client}
+			got, err := a.Authorize(context.Background(), tt.route, tt.s)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("AuthorizeGRPC.Authorize() error = %v, wantErr %v", err, tt.wantErr)
 				return

proxy/clients/clients.go

@@ -86,9 +86,7 @@ func NewGRPCClientConn(opts *Options) (*grpc.ClientConn, error) {
 		cp = newCp
 	}
 
-	log.Info().
-		Str("OverrideCertificateName", opts.OverrideCertificateName).
-		Str("addr", connAddr).Msgf("proxy/clients: grpc connection")
+	log.Debug().Str("cert-override-name", opts.OverrideCertificateName).Str("addr", connAddr).Msgf("proxy/clients: grpc connection")
 	cert := credentials.NewTLS(&tls.Config{RootCAs: cp})
 
 	// override allowed certificate name string, typically used when doing behind ingress connection

proxy/handlers.go

@@ -212,7 +212,7 @@ func (p *Proxy) OAuthCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	log.FromRequest(r).Info().
+	log.FromRequest(r).Debug().
 		Str("code", r.Form.Get("code")).
 		Str("state", r.Form.Get("state")).
 		Str("RefreshToken", session.RefreshToken).

proxy/proxy.go

@@ -79,7 +79,7 @@ var defaultOptions = &Options{
 	DefaultUpstreamTimeout: time.Duration(30) * time.Second,
 }
 
-// OptionsFromEnvConfig builds the IdentityProvider service's configuration
+// OptionsFromEnvConfig builds the identity provider service's configuration
 // options from provided environmental variables
 func OptionsFromEnvConfig() (*Options, error) {
 	o := defaultOptions