3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-23 13:08:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

bugfixes

Browse source
This commit is contained in:
Joe Kralicky 2024-11-04 14:02:40 -05:00
parent 85f06ab36b
commit bfd7cf73b3
No known key found for this signature in database
GPG key ID: 75C4875F34A9FB79
9 changed files with 43 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/envoyconfig/bootstrap_test.go
View file

@ -25,7 +25,7 @@ func TestBuilder_BuildBootstrapAdmin(t *testing.T) {
"address": { "address": {
"pipe": { "pipe": {
"mode": 384, "mode": 384,
"path": "`+envoyAdminAddressSockName+`" "path": "/tmp/`+envoyAdminAddressSockName+`"
} }
} }
} }

5
config/envoyconfig/clusters_envoy_admin.go
View file

@ -2,6 +2,8 @@ package envoyconfig
import ( import (
"context" "context"
"os"
"path/filepath"
envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
@ -23,7 +25,8 @@ func (b *Builder) buildEnvoyAdminCluster(_ context.Context, _ *config.Config) (*
Address: &envoy_config_core_v3.Address{ Address: &envoy_config_core_v3.Address{
Address: &envoy_config_core_v3.Address_Pipe{ Address: &envoy_config_core_v3.Address_Pipe{
Pipe: &envoy_config_core_v3.Pipe{ Pipe: &envoy_config_core_v3.Pipe{
Path: envoyAdminAddressSockName, Path: filepath.Join(os.TempDir(), envoyAdminAddressSockName),
Mode: uint32(envoyAdminAddressMode),
}, },
}, },
}, },

2
config/envoyconfig/protocols_int_test.go
View file

@ -22,6 +22,7 @@ import (
"github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/testenv" "github.com/pomerium/pomerium/internal/testenv"
"github.com/pomerium/pomerium/internal/testenv/scenarios" "github.com/pomerium/pomerium/internal/testenv/scenarios"
"github.com/pomerium/pomerium/internal/testenv/snippets"
"github.com/pomerium/pomerium/internal/testenv/upstreams" "github.com/pomerium/pomerium/internal/testenv/upstreams"
"github.com/pomerium/pomerium/internal/testenv/values" "github.com/pomerium/pomerium/internal/testenv/values"
"github.com/pomerium/pomerium/pkg/cmd/pomerium" "github.com/pomerium/pomerium/pkg/cmd/pomerium"
@ -48,6 +49,7 @@ func TestH2C_v2(t *testing.T) {
env.AddUpstream(up) env.AddUpstream(up)
env.Start() env.Start()
snippets.WaitStartupComplete(env)
t.Run("h2c", func(t *testing.T) { t.Run("h2c", func(t *testing.T) {
t.Parallel() t.Parallel()

1
config/envoyconfig/testdata/clusters.json vendored
View file

@ -280,6 +280,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"pipe": { "pipe": {
"mode": 384,
"path": "/tmp/pomerium-envoy-admin.sock" "path": "/tmp/pomerium-envoy-admin.sock"
} }
} }

19
internal/benchmarks/latency_bench_test.go
View file

@ -15,10 +15,14 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
var numRoutes int var (
numRoutes int
dumpErrLogs bool
)
func init() { func init() {
flag.IntVar(&numRoutes, "routes", 100, "number of routes") flag.IntVar(&numRoutes, "routes", 100, "number of routes")
flag.BoolVar(&dumpErrLogs, "dump-err-logs", false, "if the test fails, write all captured logs to a file (testdata/<test-name>)")
} }
func TestRequestLatency(t *testing.T) { func TestRequestLatency(t *testing.T) {
@ -49,13 +53,21 @@ func TestRequestLatency(t *testing.T) {
snippets.WaitStartupComplete(env) snippets.WaitStartupComplete(env)
out := testing.Benchmark(func(b *testing.B) { out := testing.Benchmark(func(b *testing.B) {
b.ReportAllocs()
b.RunParallel(func(pb *testing.PB) { b.RunParallel(func(pb *testing.PB) {
// rec := env.NewLogRecorder(testenv.WithSkipCloseDelay()) var rec *testenv.LogRecorder
if dumpErrLogs {
rec = env.NewLogRecorder(testenv.WithSkipCloseDelay())
}
for pb.Next() { for pb.Next() {
idx := rand.IntN(numRoutes) idx := rand.IntN(numRoutes)
resp, err := up.Get(routes[idx], upstreams.AuthenticateAs(fmt.Sprintf("user%d@example.com", idx))) resp, err := up.Get(routes[idx], upstreams.AuthenticateAs(fmt.Sprintf("user%d@example.com", idx)))
if !assert.NoError(b, err) { if !assert.NoError(b, err) {
// rec.DumpToFile(filepath.Join("testdata", strings.ReplaceAll(b.Name(), "/", "_"))) filename := "TestRequestLatency_err.log"
if dumpErrLogs {
rec.DumpToFile(filename)
b.Logf("test logs written to %s", filename)
}
return return
} }
@ -67,6 +79,7 @@ func TestRequestLatency(t *testing.T) {
} }
}) })
}) })
t.Log(out) t.Log(out)
t.Logf("req/s: %f", float64(out.N)/out.T.Seconds()) t.Logf("req/s: %f", float64(out.N)/out.T.Seconds())

2
internal/log/debug.go
View file

@ -7,4 +7,6 @@ var (
DebugDisableZapLogger atomic.Bool DebugDisableZapLogger atomic.Bool
// Debug option to suppress global warnings // Debug option to suppress global warnings
DebugDisableGlobalWarnings atomic.Bool DebugDisableGlobalWarnings atomic.Bool
// Debug option to suppress global (non-warning) messages
DebugDisableGlobalMessages atomic.Bool
) )

8
internal/testenv/environment.go
View file

@ -269,13 +269,17 @@ func New(t testing.TB, opts ...EnvironmentOption) Environment {
writer := log.NewMultiWriter() writer := log.NewMultiWriter()
silent := options.forceSilent || isSilent(t) silent := options.forceSilent || isSilent(t)
if silent { if silent {
// this sets the global zap level to fatal, then resets the global zerolog
// level to debug
log.SetLevel(zerolog.FatalLevel) log.SetLevel(zerolog.FatalLevel)
zerolog.SetGlobalLevel(zerolog.DebugLevel) zerolog.SetGlobalLevel(zerolog.DebugLevel)
log.DebugDisableGlobalWarnings.Store(true)
log.DebugDisableZapLogger.Store(true)
} else { } else {
log.SetLevel(zerolog.InfoLevel)
writer.Add(os.Stdout) writer.Add(os.Stdout)
} }
log.DebugDisableGlobalWarnings.Store(silent)
log.DebugDisableGlobalMessages.Store(silent)
log.DebugDisableZapLogger.Store(silent)
setGrpcLoggerOnce.Do(func() { setGrpcLoggerOnce.Do(func() {
grpclog.SetLoggerV2(grpclog.NewLoggerV2WithVerbosity(io.Discard, io.Discard, io.Discard, 0)) grpclog.SetLoggerV2(grpclog.NewLoggerV2WithVerbosity(io.Discard, io.Discard, io.Discard, 0))
}) })

14
internal/testenv/logs.go
View file

@ -31,8 +31,8 @@ type LogRecorder struct {
buf *buffer buf *buffer
recordedLogs []map[string]any recordedLogs []map[string]any
closeOnce func() removeGlobalWriterOnce func()
collectLogsOnce sync.Once collectLogsOnce sync.Once
} }
type LogRecorderOptions struct { type LogRecorderOptions struct {
@ -132,14 +132,14 @@ func (e *environment) NewLogRecorder(opts ...LogRecorderOption) *LogRecorder {
buf: newBuffer(), buf: newBuffer(),
} }
e.logWriter.Add(lr.buf) e.logWriter.Add(lr.buf)
lr.closeOnce = sync.OnceFunc(func() { lr.removeGlobalWriterOnce = sync.OnceFunc(func() {
// wait for envoy access logs, which flush on a 1 second interval // wait for envoy access logs, which flush on a 1 second interval
if !lr.skipCloseDelay { if !lr.skipCloseDelay {
time.Sleep(1100 * time.Millisecond) time.Sleep(1100 * time.Millisecond)
} }
e.logWriter.Remove(lr.buf) e.logWriter.Remove(lr.buf)
}) })
context.AfterFunc(e.ctx, lr.closeOnce) context.AfterFunc(e.ctx, lr.removeGlobalWriterOnce)
return lr return lr
} }
@ -156,13 +156,13 @@ type (
// Close stops the log recorder. After calling this method, Logs() or Match() // Close stops the log recorder. After calling this method, Logs() or Match()
// can be called to inspect the logs that were captured. // can be called to inspect the logs that were captured.
func (lr *LogRecorder) Close() { func (lr *LogRecorder) Close() {
lr.closeOnce() lr.removeGlobalWriterOnce()
} }
func (lr *LogRecorder) collectLogs(shouldClose bool) { func (lr *LogRecorder) collectLogs(shouldClose bool) {
if shouldClose { if shouldClose {
lr.removeGlobalWriterOnce()
lr.buf.Close() lr.buf.Close()
lr.closeOnce()
} }
lr.collectLogsOnce.Do(func() { lr.collectLogsOnce.Do(func() {
recordedLogs := []map[string]any{} recordedLogs := []map[string]any{}
@ -201,7 +201,7 @@ func (lr *LogRecorder) WaitForMatch(expectedLog map[string]any, timeout ...time.
go func() { go func() {
defer close(done) defer close(done)
lr.collectLogs(false) lr.collectLogs(false)
lr.closeOnce() lr.removeGlobalWriterOnce()
}() }()
if len(timeout) != 0 { if len(timeout) != 0 {
select { select {

8
pkg/cryptutil/tls.go
View file

@ -1,7 +1,6 @@
package cryptutil package cryptutil
import ( import (
"context"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/base64" "encoding/base64"
@ -15,10 +14,9 @@ import (
// GetCertPool gets a cert pool for the given CA or CAFile. // GetCertPool gets a cert pool for the given CA or CAFile.
func GetCertPool(ca, caFile string) (*x509.CertPool, error) { func GetCertPool(ca, caFile string) (*x509.CertPool, error) {
ctx := context.TODO()
rootCAs, err := x509.SystemCertPool() rootCAs, err := x509.SystemCertPool()
if err != nil { if err != nil {
log.Ctx(ctx).Error().Err(err).Msg("pkg/cryptutil: failed getting system cert pool making new one") log.Error().Err(err).Msg("pkg/cryptutil: failed getting system cert pool making new one")
rootCAs = x509.NewCertPool() rootCAs = x509.NewCertPool()
} }
if ca == "" && caFile == "" { if ca == "" && caFile == "" {
@ -40,7 +38,9 @@ func GetCertPool(ca, caFile string) (*x509.CertPool, error) {
if ok := rootCAs.AppendCertsFromPEM(data); !ok { if ok := rootCAs.AppendCertsFromPEM(data); !ok {
return nil, fmt.Errorf("failed to append any PEM-encoded certificates") return nil, fmt.Errorf("failed to append any PEM-encoded certificates")
} }
log.Ctx(ctx).Debug().Msg("pkg/cryptutil: added custom certificate authority") if !log.DebugDisableGlobalMessages.Load() {
log.Debug().Msg("pkg/cryptutil: added custom certificate authority")
}
return rootCAs, nil return rootCAs, nil
} }