Currently the RunWithRestart() loop may not exit when execFn returns an
error unrelated to its context cancellation. Add an additional check for
this case.
Add a utility for updating the integration test certificates. It takes
three file paths: the existing certificate, the CA certificate, and the
CA key. It will update the NotBefore and NotAfter timestamps and the
certificate signature, overwriting the existing certificate.
Example usage:
cd integration/tpl/files
go run renew-cert.go trusted.pem ca.pem ca-key.pem
Several of the integration test certificates expired today. Update these
so that they are valid for another 10 years. Also update several other
certificates that were due to expire tomorrow.
* core/config: update file watcher source to handle base64 encoded certificates
* fix data race
* core/config: only allow files in certificates
* remove test
* re-add test
Add a parameter to evaluator.New() for the previous Evaluator (if any).
If the evaluatorConfig is the same, reuse any PolicyEvaluators for
policies that have not changed from the previous Evaluator.
Use the route IDs along with the policy checksums to determine whether a
given policy has changed. Similarly, add a new cacheKey() method to the
evaluatorConfig to compute a checksum used for determine whether the
evaluatorConfig has changed. (Store this checksum on the Evaluator.)
Update the AccessTracker, WebAuthn handlers, and identity manager
refresh loop to perform their session record updates using the
databroker Patch() method.
This should prevent any of these updates from conflicting.
* core/config: refactor file watcher
* add comments
* updates
* only use the polling watcher
* fix test
* fix test
* try to fix test again
* remove batching
* dont rely on file modification timestamp
* remove benchmark
* try fix again
Add a Patch() method to the databroker gRPC service.
Update the storage.Backend interface to include the Patch() method now
that all the storage.Backend implementations include it.
Add a test to exercise the patch method under concurrent usage.
Remove the Redis databroker backend. According to
https://www.pomerium.com/docs/internals/data-storage#redis it has been
discouraged since Pomerium v0.18.
Update the config options validation to return an error if "redis" is
set as the databroker storage backend type.
Add a new Patch() method that updates specific fields of an existing
record's data, based on a field mask.
Extract some logic from the existing Get() and Put() methods so it can
be shared with the new Patch() method.
* core/config: refactor change dispatcher
* update test
* close listener go routine when context is canceled
* use cancel cause
* use context
* add more time
* more time
