cache: support databroker option changes (#1294)

This commit is contained in:
Caleb Doxsey 2020-08-18 07:27:20 -06:00 committed by GitHub
parent 31205c0c29
commit a1378c81f8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 408 additions and 179 deletions

97
cache/cache.go vendored
View file

@ -15,6 +15,7 @@ import (
"github.com/pomerium/pomerium/internal/directory"
"github.com/pomerium/pomerium/internal/identity"
"github.com/pomerium/pomerium/internal/identity/manager"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/telemetry"
"github.com/pomerium/pomerium/internal/urlutil"
"github.com/pomerium/pomerium/pkg/cryptutil"
@ -35,18 +36,7 @@ type Cache struct {
}
// New creates a new cache service.
func New(opts config.Options) (*Cache, error) {
if err := validate(opts); err != nil {
return nil, fmt.Errorf("cache: bad option: %w", err)
}
authenticator, err := identity.NewAuthenticator(opts.GetOauthOptions())
if err != nil {
return nil, fmt.Errorf("cache: failed to create authenticator: %w", err)
}
directoryProvider := directory.GetProvider(&opts)
func New(cfg *config.Config) (*Cache, error) {
localListener, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
return nil, err
@ -56,7 +46,7 @@ func New(opts config.Options) (*Cache, error) {
// if we no longer register with that grpc Server
localGRPCServer := grpc.NewServer()
clientStatsHandler := telemetry.NewGRPCClientStatsHandler(opts.Services)
clientStatsHandler := telemetry.NewGRPCClientStatsHandler(cfg.Options.Services)
clientDialOptions := clientStatsHandler.DialOptions(grpc.WithInsecure())
localGRPCConnection, err := grpc.DialContext(
@ -68,30 +58,33 @@ func New(opts config.Options) (*Cache, error) {
return nil, err
}
dataBrokerServer, err := NewDataBrokerServer(localGRPCServer, opts)
if err != nil {
return nil, err
}
dataBrokerClient := databroker.NewDataBrokerServiceClient(localGRPCConnection)
manager := manager.New(
authenticator,
directoryProvider,
dataBrokerClient,
manager.WithGroupRefreshInterval(opts.RefreshDirectoryInterval),
manager.WithGroupRefreshTimeout(opts.RefreshDirectoryTimeout),
)
return &Cache{
dataBrokerServer: dataBrokerServer,
manager: manager,
dataBrokerServer := NewDataBrokerServer(localGRPCServer, cfg)
c := &Cache{
dataBrokerServer: dataBrokerServer,
localListener: localListener,
localGRPCServer: localGRPCServer,
localGRPCConnection: localGRPCConnection,
deprecatedCacheClusterDomain: opts.GetDataBrokerURL().Hostname(),
dataBrokerStorageType: opts.DataBrokerStorageType,
}, nil
deprecatedCacheClusterDomain: cfg.Options.GetDataBrokerURL().Hostname(),
dataBrokerStorageType: cfg.Options.DataBrokerStorageType,
}
err = c.update(cfg)
if err != nil {
return nil, err
}
return c, nil
}
// OnConfigChange is called whenever configuration is changed.
func (c *Cache) OnConfigChange(cfg *config.Config) {
err := c.update(cfg)
if err != nil {
log.Error().Err(err).Msg("cache: error updating configuration")
}
c.dataBrokerServer.OnConfigChange(cfg)
}
// Register registers all the gRPC services with the given server.
@ -121,9 +114,45 @@ func (c *Cache) Run(ctx context.Context) error {
return t.Wait()
}
func (c *Cache) update(cfg *config.Config) error {
if err := validate(cfg.Options); err != nil {
return fmt.Errorf("cache: bad option: %w", err)
}
authenticator, err := identity.NewAuthenticator(cfg.Options.GetOauthOptions())
if err != nil {
return fmt.Errorf("cache: failed to create authenticator: %w", err)
}
directoryProvider := directory.GetProvider(directory.Options{
ServiceAccount: cfg.Options.ServiceAccount,
Provider: cfg.Options.Provider,
ProviderURL: cfg.Options.ProviderURL,
QPS: cfg.Options.QPS,
})
dataBrokerClient := databroker.NewDataBrokerServiceClient(c.localGRPCConnection)
options := []manager.Option{
manager.WithAuthenticator(authenticator),
manager.WithDirectoryProvider(directoryProvider),
manager.WithDataBrokerClient(dataBrokerClient),
manager.WithGroupRefreshInterval(cfg.Options.RefreshDirectoryInterval),
manager.WithGroupRefreshTimeout(cfg.Options.RefreshDirectoryTimeout),
}
if c.manager == nil {
c.manager = manager.New(options...)
} else {
c.manager.UpdateConfig(options...)
}
return nil
}
// validate checks that proper configuration settings are set to create
// a cache instance
func validate(o config.Options) error {
func validate(o *config.Options) error {
if _, err := cryptutil.NewAEADCipherFromBase64(o.SharedKey); err != nil {
return fmt.Errorf("invalid 'SHARED_SECRET': %w", err)
}