cache: support databroker option changes (#1294)

2025-06-26 06:28:18 +02:00 · 2020-08-18 07:27:20 -06:00 · 2020-08-18 07:27:20 -06:00 · a1378c81f8
commit a1378c81f8
parent 31205c0c29
16 changed files with 408 additions and 179 deletions
--- a/cache/databroker.go
+++ b/cache/databroker.go
@ -1,55 +1,38 @@
 package cache

 import (
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/base64"
-	"fmt"
-	"io/ioutil"
-
 	"google.golang.org/grpc"

 	"github.com/pomerium/pomerium/config"
-	internal_databroker "github.com/pomerium/pomerium/internal/databroker"
-	"github.com/pomerium/pomerium/internal/log"
-	"github.com/pomerium/pomerium/pkg/cryptutil"
-	"github.com/pomerium/pomerium/pkg/grpc/databroker"
+	"github.com/pomerium/pomerium/internal/databroker"
+	databrokerpb "github.com/pomerium/pomerium/pkg/grpc/databroker"
 )

 // A DataBrokerServer implements the data broker service interface.
 type DataBrokerServer struct {
-	databroker.DataBrokerServiceServer
+	*databroker.Server
 }

 // NewDataBrokerServer creates a new databroker service server.
-func NewDataBrokerServer(grpcServer *grpc.Server, opts config.Options) (*DataBrokerServer, error) {
-	key, err := base64.StdEncoding.DecodeString(opts.SharedKey)
-	if err != nil || len(key) != cryptutil.DefaultKeySize {
-		return nil, fmt.Errorf("shared key is required and must be %d bytes long", cryptutil.DefaultKeySize)
-	}
-
-	caCertPool := x509.NewCertPool()
-	if caCert, err := ioutil.ReadFile(opts.DataBrokerStorageCAFile); err == nil {
-		caCertPool.AppendCertsFromPEM(caCert)
-	} else {
-		log.Warn().Err(err).Msg("failed to read databroker CA file")
-	}
-	tlsConfig := &tls.Config{
-		RootCAs: caCertPool,
-		// nolint: gosec
-		InsecureSkipVerify: opts.DataBrokerStorageCertSkipVerify,
-	}
-	if opts.DataBrokerCertificate != nil {
-		tlsConfig.Certificates = []tls.Certificate{*opts.DataBrokerCertificate}
-	}
-
-	internalSrv := internal_databroker.New(
-		internal_databroker.WithSecret(key),
-		internal_databroker.WithStorageType(opts.DataBrokerStorageType),
-		internal_databroker.WithStorageConnectionString(opts.DataBrokerStorageConnectionString),
-		internal_databroker.WithStorageTLSConfig(tlsConfig),
-	)
-	srv := &DataBrokerServer{DataBrokerServiceServer: internalSrv}
-	databroker.RegisterDataBrokerServiceServer(grpcServer, srv)
-	return srv, nil
+func NewDataBrokerServer(grpcServer *grpc.Server, cfg *config.Config) *DataBrokerServer {
+	srv := &DataBrokerServer{}
+	srv.Server = databroker.New(srv.getOptions(cfg)...)
+	databrokerpb.RegisterDataBrokerServiceServer(grpcServer, srv)
+	return srv
+}
+
+// OnConfigChange updates the underlying databroker server whenever configuration is changed.
+func (srv *DataBrokerServer) OnConfigChange(cfg *config.Config) {
+	srv.UpdateConfig(srv.getOptions(cfg)...)
+}
+
+func (srv *DataBrokerServer) getOptions(cfg *config.Config) []databroker.ServerOption {
+	return []databroker.ServerOption{
+		databroker.WithSharedKey(cfg.Options.SharedKey),
+		databroker.WithStorageType(cfg.Options.DataBrokerStorageType),
+		databroker.WithStorageConnectionString(cfg.Options.DataBrokerStorageConnectionString),
+		databroker.WithStorageCAFile(cfg.Options.DataBrokerStorageCAFile),
+		databroker.WithStorageCertificate(cfg.Options.DataBrokerCertificate),
+		databroker.WithStorageCertSkipVerify(cfg.Options.DataBrokerStorageCertSkipVerify),
+	}
 }