3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-21 21:17:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: refactor handler setup code (#1205)

Browse source
This commit is contained in:
Travis Groth 2020-08-05 01:48:44 -04:00 committed by GitHub
parent 202b42f307
commit f538b29a0c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

19
proxy/proxy.go
View file

@ -157,6 +157,11 @@ func New(opts config.Options) (*Proxy, error) {
} }
p.authzClient = envoy_service_auth_v2.NewAuthorizationClient(authzConn) p.authzClient = envoy_service_auth_v2.NewAuthorizationClient(authzConn)
err = p.UpdateOptions(opts)
if err != nil {
return nil, err
}
metrics.AddPolicyCountCallback("pomerium-proxy", func() int64 { metrics.AddPolicyCountCallback("pomerium-proxy", func() int64 {
return int64(len(opts.Policies)) return int64(len(opts.Policies))
}) })
@ -171,11 +176,11 @@ func (p *Proxy) UpdateOptions(o config.Options) error {
return nil return nil
} }
log.Info().Str("checksum", fmt.Sprintf("%x", o.Checksum())).Msg("proxy: updating options") log.Info().Str("checksum", fmt.Sprintf("%x", o.Checksum())).Msg("proxy: updating options")
return p.UpdatePolicies(&o) p.setHandlers(&o)
return nil
} }
// UpdatePolicies updates the H basedon the configured policies func (p *Proxy) setHandlers(opts *config.Options) {
func (p *Proxy) UpdatePolicies(opts *config.Options) error {
if len(opts.Policies) == 0 { if len(opts.Policies) == 0 {
log.Warn().Msg("proxy: configuration has no policies") log.Warn().Msg("proxy: configuration has no policies")
} }
@ -195,15 +200,7 @@ func (p *Proxy) UpdatePolicies(opts *config.Options) error {
h.PathPrefix("/").Handler(p.registerFwdAuthHandlers()) h.PathPrefix("/").Handler(p.registerFwdAuthHandlers())
} }
for _, policy := range opts.Policies {
if err := policy.Validate(); err != nil {
return fmt.Errorf("proxy: invalid policy %w", err)
}
}
p.currentRouter.Store(r) p.currentRouter.Store(r)
return nil
} }
func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {

2
proxy/proxy_test.go
View file

@ -178,10 +178,8 @@ func Test_UpdateOptions(t *testing.T) {
{"good no change", good, good, "https://corp.example.example", false, true}, {"good no change", good, good, "https://corp.example.example", false, true},
{"changed", good, newPolicies, "https://bar.example", false, true}, {"changed", good, newPolicies, "https://bar.example", false, true},
{"changed and missing", good, newPolicies, "https://corp.example.example", false, false}, {"changed and missing", good, newPolicies, "https://corp.example.example", false, false},
{"bad change bad policy url", good, badNewPolicy, "https://bar.example", true, false},
{"disable tls verification", good, disableTLSPolicies, "https://bar.example", false, true}, {"disable tls verification", good, disableTLSPolicies, "https://bar.example", false, true},
{"custom root ca", good, customCAPolicies, "https://bar.example", false, true}, {"custom root ca", good, customCAPolicies, "https://bar.example", false, true},
{"bad custom root ca base64", good, badCustomCAPolicies, "https://bar.example", true, false},
{"good client certs", good, goodClientCertPolicies, "https://bar.example", false, true}, {"good client certs", good, goodClientCertPolicies, "https://bar.example", false, true},
{"custom server name", customServerName, customServerName, "https://bar.example", false, true}, {"custom server name", customServerName, customServerName, "https://bar.example", false, true},
{"good no policies to start", emptyPolicies, good, "https://corp.example.example", false, true}, {"good no policies to start", emptyPolicies, good, "https://corp.example.example", false, true},