grpc: send client traffic through envoy (#2469)

* wip * wip * handle wildcards in override name * remove wait for ready, add comment about sync, force initial sync complete in test * address comments
2025-06-13 00:04:31 +02:00 · 2021-08-16 16:12:22 -06:00 · 2021-08-16 16:12:22 -06:00 · bbec2cae9f
commit bbec2cae9f
parent 87c3c675d2
26 changed files with 391 additions and 480 deletions
--- a/authorize/grpc.go
+++ b/authorize/grpc.go
@ -23,6 +23,11 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
 	ctx, span := trace.StartSpan(ctx, "authorize.grpc.Check")
 	defer span.End()

+	// wait for the initial sync to complete so that data is available for evaluation
+	if err := a.WaitForInitialSync(ctx); err != nil {
+		return nil, err
+	}
+
 	state := a.state.Load()

 	// convert the incoming envoy-style http request into a go-style http request
--- a/authorize/grpc_test.go
+++ b/authorize/grpc_test.go
@ -330,6 +330,8 @@ func TestAuthorize_Check(t *testing.T) {
 	}
 	a.currentOptions.Store(&config.Options{ForwardAuthURLString: "https://forward-auth.example.com"})

+	close(a.dataBrokerInitialSync)
+
 	cmpOpts := []cmp.Option{
 		cmpopts.IgnoreUnexported(envoy_service_auth_v3.CheckResponse{}),
 		cmpopts.IgnoreUnexported(status.Status{}),
--- a/authorize/state.go
+++ b/authorize/state.go
@ -51,22 +51,11 @@ func newAuthorizeStateFromConfig(cfg *config.Config, store *evaluator.Store) (*a
 		return nil, err
 	}

-	urls, err := cfg.Options.GetDataBrokerURLs()
-	if err != nil {
-		return nil, err
-	}
-
-	cc, err := grpc.GetGRPCClientConn(context.Background(), "databroker", &grpc.Options{
-		Addrs:                   urls,
-		OverrideCertificateName: cfg.Options.OverrideCertificateName,
-		CA:                      cfg.Options.CA,
-		CAFile:                  cfg.Options.CAFile,
-		RequestTimeout:          cfg.Options.GRPCClientTimeout,
-		ClientDNSRoundRobin:     cfg.Options.GRPCClientDNSRoundRobin,
-		WithInsecure:            cfg.Options.GetGRPCInsecure(),
-		InstallationID:          cfg.Options.InstallationID,
-		ServiceName:             cfg.Options.Services,
-		SignedJWTKey:            sharedKey,
+	cc, err := grpc.GetOutboundGRPCClientConn(context.Background(), &grpc.OutboundOptions{
+		OutboundPort:   cfg.OutboundPort,
+		InstallationID: cfg.Options.InstallationID,
+		ServiceName:    cfg.Options.Services,
+		SignedJWTKey:   sharedKey,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("authorize: error creating databroker connection: %w", err)