databroker: add tracing for rego evaluation and databroker sync, fix bug in databroker config source (#1367)

2025-05-20 20:47:16 +02:00 · 2020-09-03 08:11:34 -06:00 · 2020-09-03 08:11:34 -06:00 · 49d1a71ff2
commit 49d1a71ff2
parent 5488e6d5fa
2 changed files with 21 additions and 7 deletions
--- a/authorize/evaluator/custom.go
+++ b/authorize/evaluator/custom.go
@ -8,6 +8,8 @@ import (
 	"github.com/open-policy-agent/opa/rego"
 	"github.com/open-policy-agent/opa/storage"
 	"github.com/pomerium/pomerium/internal/telemetry/trace"
 )
 // A CustomEvaluatorRequest is the data needed to evaluate a custom rego policy.
@ -42,6 +44,9 @@ func NewCustomEvaluator(store storage.Store) *CustomEvaluator {
 // Evaluate evaluates the custom rego policy.
 func (ce *CustomEvaluator) Evaluate(ctx context.Context, req *CustomEvaluatorRequest) (*CustomEvaluatorResponse, error) {
 	_, span := trace.StartSpan(ctx, "authorize.evaluator.custom.Evaluate")
 	defer span.End()
 	q, err := ce.getPreparedEvalQuery(ctx, req.RegoPolicy)
 	if err != nil {
 		return nil, err
--- a/internal/databroker/config_source.go
+++ b/internal/databroker/config_source.go
@ -12,6 +12,7 @@ import (
 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/internal/log"
 	"github.com/pomerium/pomerium/internal/telemetry/trace"
 	"github.com/pomerium/pomerium/pkg/grpc"
 	configpb "github.com/pomerium/pomerium/pkg/grpc/config"
 	"github.com/pomerium/pomerium/pkg/grpc/databroker"
@ -70,6 +71,9 @@ func (src *ConfigSource) GetConfig() *config.Config {
 }
 func (src *ConfigSource) rebuild(firstTime bool) {
 	_, span := trace.StartSpan(context.Background(), "databroker.config_source.rebuild")
 	defer span.End()
 	src.mu.Lock()
 	defer src.mu.Unlock()
@ -83,10 +87,18 @@ func (src *ConfigSource) rebuild(firstTime bool) {
 		seen[policy.RouteID()] = struct{}{}
 	}
 	var additionalPolicies []config.Policy
 	// add all the config policies to the list
 	for _, cfgpb := range src.dbConfigs {
 		cfg.Options.ApplySettings(cfgpb.Settings)
 		err := cfg.Options.Validate()
 		if err != nil {
 			log.Warn().Err(err).Msg("databroker: invalid config detected, ignoring")
 			return
 		}
 		for _, routepb := range cfgpb.GetRoutes() {
 			policy, err := config.NewPolicyFromProto(routepb)
 			if err != nil {
@ -112,15 +124,12 @@ func (src *ConfigSource) rebuild(firstTime bool) {
 			}
 			seen[routeID] = struct{}{}
-			cfg.Options.Policies = append(cfg.Options.Policies, *policy)
+			additionalPolicies = append(additionalPolicies, *policy)
 		}
 	}
-		err := cfg.Options.Validate()
+	// add the additional policies here since calling `Validate` will reset them.
-		if err != nil {
+	cfg.Options.Policies = append(cfg.Options.Policies, additionalPolicies...)
 			log.Warn().Err(err).Msg("databroker: invalid config detected, ignoring")
 			return
 		}
 	}
 	src.computedConfig = cfg
 	if !firstTime {