mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-28 00:17:34 +02:00
cache: support databroker option changes (#1294)
This commit is contained in:
Caleb Doxsey
GitHub
parent
31205c0c29
commit
a1378c81f8
16 changed files with 408 additions and 179 deletions
97
cache/cache.go
vendored
97
cache/cache.go
vendored
|
|
@ -15,6 +15,7 @@ import (
|
|||
"github.com/pomerium/pomerium/internal/directory"
|
||||
"github.com/pomerium/pomerium/internal/identity"
|
||||
"github.com/pomerium/pomerium/internal/identity/manager"
|
||||
"github.com/pomerium/pomerium/internal/log"
|
||||
"github.com/pomerium/pomerium/internal/telemetry"
|
||||
"github.com/pomerium/pomerium/internal/urlutil"
|
||||
"github.com/pomerium/pomerium/pkg/cryptutil"
|
||||
|
|
@ -35,18 +36,7 @@ type Cache struct {
|
|||
}
|
||||
|
||||
// New creates a new cache service.
|
||||
func New(opts config.Options) (*Cache, error) {
|
||||
if err := validate(opts); err != nil {
|
||||
return nil, fmt.Errorf("cache: bad option: %w", err)
|
||||
}
|
||||
|
||||
authenticator, err := identity.NewAuthenticator(opts.GetOauthOptions())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cache: failed to create authenticator: %w", err)
|
||||
}
|
||||
|
||||
directoryProvider := directory.GetProvider(&opts)
|
||||
|
||||
func New(cfg *config.Config) (*Cache, error) {
|
||||
localListener, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -56,7 +46,7 @@ func New(opts config.Options) (*Cache, error) {
|
|||
// if we no longer register with that grpc Server
|
||||
localGRPCServer := grpc.NewServer()
|
||||
|
||||
clientStatsHandler := telemetry.NewGRPCClientStatsHandler(opts.Services)
|
||||
clientStatsHandler := telemetry.NewGRPCClientStatsHandler(cfg.Options.Services)
|
||||
clientDialOptions := clientStatsHandler.DialOptions(grpc.WithInsecure())
|
||||
|
||||
localGRPCConnection, err := grpc.DialContext(
|
||||
|
|
@ -68,30 +58,33 @@ func New(opts config.Options) (*Cache, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
dataBrokerServer, err := NewDataBrokerServer(localGRPCServer, opts)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
dataBrokerClient := databroker.NewDataBrokerServiceClient(localGRPCConnection)
|
||||
|
||||
manager := manager.New(
|
||||
authenticator,
|
||||
directoryProvider,
|
||||
dataBrokerClient,
|
||||
manager.WithGroupRefreshInterval(opts.RefreshDirectoryInterval),
|
||||
manager.WithGroupRefreshTimeout(opts.RefreshDirectoryTimeout),
|
||||
)
|
||||
|
||||
return &Cache{
|
||||
dataBrokerServer: dataBrokerServer,
|
||||
manager: manager,
|
||||
dataBrokerServer := NewDataBrokerServer(localGRPCServer, cfg)
|
||||
|
||||
c := &Cache{
|
||||
dataBrokerServer: dataBrokerServer,
|
||||
localListener: localListener,
|
||||
localGRPCServer: localGRPCServer,
|
||||
localGRPCConnection: localGRPCConnection,
|
||||
deprecatedCacheClusterDomain: opts.GetDataBrokerURL().Hostname(),
|
||||
dataBrokerStorageType: opts.DataBrokerStorageType,
|
||||
}, nil
|
||||
deprecatedCacheClusterDomain: cfg.Options.GetDataBrokerURL().Hostname(),
|
||||
dataBrokerStorageType: cfg.Options.DataBrokerStorageType,
|
||||
}
|
||||
|
||||
err = c.update(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return c, nil
|
||||
}
|
||||
|
||||
// OnConfigChange is called whenever configuration is changed.
|
||||
func (c *Cache) OnConfigChange(cfg *config.Config) {
|
||||
err := c.update(cfg)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("cache: error updating configuration")
|
||||
}
|
||||
|
||||
c.dataBrokerServer.OnConfigChange(cfg)
|
||||
}
|
||||
|
||||
// Register registers all the gRPC services with the given server.
|
||||
|
|
@ -121,9 +114,45 @@ func (c *Cache) Run(ctx context.Context) error {
|
|||
return t.Wait()
|
||||
}
|
||||
|
||||
func (c *Cache) update(cfg *config.Config) error {
|
||||
if err := validate(cfg.Options); err != nil {
|
||||
return fmt.Errorf("cache: bad option: %w", err)
|
||||
}
|
||||
|
||||
authenticator, err := identity.NewAuthenticator(cfg.Options.GetOauthOptions())
|
||||
if err != nil {
|
||||
return fmt.Errorf("cache: failed to create authenticator: %w", err)
|
||||
}
|
||||
|
||||
directoryProvider := directory.GetProvider(directory.Options{
|
||||
ServiceAccount: cfg.Options.ServiceAccount,
|
||||
Provider: cfg.Options.Provider,
|
||||
ProviderURL: cfg.Options.ProviderURL,
|
||||
QPS: cfg.Options.QPS,
|
||||
})
|
||||
|
||||
dataBrokerClient := databroker.NewDataBrokerServiceClient(c.localGRPCConnection)
|
||||
|
||||
options := []manager.Option{
|
||||
manager.WithAuthenticator(authenticator),
|
||||
manager.WithDirectoryProvider(directoryProvider),
|
||||
manager.WithDataBrokerClient(dataBrokerClient),
|
||||
manager.WithGroupRefreshInterval(cfg.Options.RefreshDirectoryInterval),
|
||||
manager.WithGroupRefreshTimeout(cfg.Options.RefreshDirectoryTimeout),
|
||||
}
|
||||
|
||||
if c.manager == nil {
|
||||
c.manager = manager.New(options...)
|
||||
} else {
|
||||
c.manager.UpdateConfig(options...)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// validate checks that proper configuration settings are set to create
|
||||
// a cache instance
|
||||
func validate(o config.Options) error {
|
||||
func validate(o *config.Options) error {
|
||||
if _, err := cryptutil.NewAEADCipherFromBase64(o.SharedKey); err != nil {
|
||||
return fmt.Errorf("invalid 'SHARED_SECRET': %w", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue