mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 08:50:42 +02:00
c7c2087483
In split service mode, and during periods of inactivity, the gRPC connections to the databroker may fall idle. Some network firewalls may eventually time out an idle TCP connection and even start dropping subsequent packets once connection traffic resumes. Combined with Linux default TCP retransmission settings, this could cause a broken connection to persist for over 15 minutes. In an attempt to avoid this scenario, enable TCP keepalive for outbound gRPC connections, matching the Go standard library default settings for time & interval: 15 seconds for both. (The probe count does not appear to be set, so it will remain at the OS default.) Add a test case exercising the BuildClusters() method with the default configuration options, comparing the results with a reference "golden" file in the testdata directory. Also add an '-update' flag to make it easier to update the reference golden when needed: go test ./config/envoyconfig -update
78 lines
1.8 KiB
YAML
78 lines
1.8 KiB
YAML
run:
|
|
deadline: 20m
|
|
|
|
linters-settings:
|
|
gci:
|
|
custom-order: true
|
|
sections:
|
|
- standard
|
|
- default
|
|
- prefix(github.com/pomerium)
|
|
|
|
linters:
|
|
disable-all: true
|
|
enable:
|
|
- asasalint
|
|
- bodyclose
|
|
- dogsled
|
|
- errcheck
|
|
- errorlint
|
|
- exportloopref
|
|
- gci
|
|
- gocheckcompilerdirectives
|
|
- gofumpt
|
|
- goimports
|
|
- goprintffuncname
|
|
- gosec
|
|
- gosimple
|
|
- govet
|
|
- ineffassign
|
|
- misspell
|
|
- nakedret
|
|
- nolintlint
|
|
- revive
|
|
- staticcheck
|
|
- stylecheck
|
|
- tenv
|
|
- unconvert
|
|
- unused
|
|
- usestdlibvars
|
|
|
|
issues:
|
|
# List of regexps of issue texts to exclude, empty list by default.
|
|
# But independently from this option we use default exclude patterns,
|
|
# it can be disabled by `exclude-use-default: false`. To list all
|
|
# excluded by default patterns execute `golangci-lint run --help`
|
|
exclude:
|
|
## Defaults we want from golangci-lint
|
|
# errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
|
|
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
|
|
- empty-block
|
|
|
|
# go sec : we want to allow skipping tls auth
|
|
- "TLS InsecureSkipVerify set true."
|
|
- "SA1019"
|
|
|
|
exclude-rules:
|
|
# Exclude some linters from running on test files.
|
|
- path: _test\.go$|^tests/|^integration/|^samples/|^internal/testutil/|templates\.go$
|
|
linters:
|
|
- bodyclose
|
|
- errcheck
|
|
- gomnd
|
|
- gosec
|
|
- lll
|
|
- maligned
|
|
- staticcheck
|
|
- unparam
|
|
- unused
|
|
- scopelint
|
|
- gosec
|
|
- gosimple
|
|
- path: internal/identity/oauth/github/github.go
|
|
text: "Potential hardcoded credentials"
|
|
linters:
|
|
- gosec
|
|
- text: "G112:"
|
|
linters:
|
|
- gosec
|