Skip to content

[minor] Add cert refresh#16

Merged
WindzCUHK merged 59 commits intomasterfrom
add-cert-refresh
Feb 14, 2023
Merged

[minor] Add cert refresh#16
WindzCUHK merged 59 commits intomasterfrom
add-cert-refresh

Conversation

@kyfujisa
Copy link
Copy Markdown
Contributor

@kyfujisa kyfujisa commented Feb 1, 2023
edited by WindzCUHK
Loading

Description

Add feature to reload server certificate.

2023-02-08 18:26:31     [INFO]: authorization proxy api server starting
2023-02-08 18:26:31     [INFO]: authorization proxy debug server starting
2023-02-08 18:26:36     [INFO]: Checking to refresh server certificate.
2023-02-08 18:26:41     [INFO]: Checking to refresh server certificate.
2023-02-08 18:26:41     [INFO]: Refreshed server certificate.

new configuration

server:
  tls:
    certRefreshPeriod: "24h"

Type of change

  • Bug fix
  • New feature
  • Refactoring (no functional changes, no api changes)
  • Non-code changes (update documentation, pipeline, etc.)

Flags

  • Breaks backward compatibility
  • Requires a documentation update
  • Has untestable code

Checklist

  • Followed the guidelines in the CONTRIBUTING document
  • Added prefix [skip ci]/[ci skip]/[no ci]/[skip actions]/[actions skip] in the PR title if necessary
  • Tested and linted the code
  • Commented the code
  • Made corresponding changes to the documentation
  • Passed all pipeline checking

Checklist for maintainer

  • Use Squash and merge
  • Double-confirm the merge message has prefix [skip ci]/[ci skip]/[no ci]/[skip actions]/[actions skip]
  • Delete the branch after merge

ctyano
ctyano reviewed Feb 3, 2023
View reviewed changes
Comment thread service/tls.go Outdated
@kyfujisa kyfujisa changed the title [WIP] Add cert refresh [nightly] Add cert refresh Feb 7, 2023
@ssunorz
Copy link
Copy Markdown
Contributor

ssunorz commented Feb 8, 2023

下記ファイルの更新(certRefreshPeriodの追加)もお願いします
https://github.com/AthenZ/authorization-proxy/blob/master/test/data/example_config.yaml#L8

ssunorz
ssunorz reviewed Feb 8, 2023
View reviewed changes
Comment thread config/config.go Outdated
@kyfujisa
Copy link
Copy Markdown
Contributor Author

kyfujisa commented Feb 8, 2023

下記ファイルの更新(certRefreshPeriodの追加)もお願いします
https://github.com/AthenZ/authorization-proxy/blob/master/test/data/example_config.yaml#L8

5f6cb93で追加しました。

ssunorz
ssunorz reviewed Feb 8, 2023
View reviewed changes
Comment thread service/server.go Outdated
ssunorz
ssunorz reviewed Feb 8, 2023
View reviewed changes
Comment thread service/tls.go Outdated
ssunorz
ssunorz reviewed Feb 8, 2023
View reviewed changes
Comment thread service/tls.go Outdated
WindzCUHK
WindzCUHK reviewed Feb 8, 2023
View reviewed changes
Comment thread config/config.go Outdated
Comment thread service/tls.go Outdated
Comment thread usecase/authz_proxyd.go Outdated
Comment thread service/tls.go Outdated
Comment thread service/tls.go
Comment thread service/tls.go Outdated
Comment thread service/tls.go Outdated
Comment thread service/tls.go
Comment thread usecase/authz_proxyd.go Outdated
Comment thread usecase/authz_proxyd.go Outdated
t4niwa and others added 20 commits February 13, 2023 16:48
@t4niwa @kyfujisa
add option status code log from origin (#4)
2eb6746 
* add status-code log

Signed-off-by: taniwa <taniwa@yahoo-corp.jp>

* update

Signed-off-by: taniwa <taniwa@yahoo-corp.jp>

* add option for origin log

Signed-off-by: taniwa <taniwa@yahoo-corp.jp>

* update

Signed-off-by: taniwa <taniwa@yahoo-corp.jp>

* fix

Signed-off-by: taniwa <taniwa@yahoo-corp.jp>

* add handler_test

Signed-off-by: taniwa <taniwa@yahoo-corp.jp>

Signed-off-by: taniwa <taniwa@yahoo-corp.jp>
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@WindzCUHK @mlajkim @kyfujisa
fix error & fatal in normal shutdown (#6)
2afba0b 
* draft

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* bug fix: server error not appened

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* add main unit test

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* remove -

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* refactor: handle err for shared functionalities

Signed-off-by: Jeongwoo Kim - jekim <jekim@yahoo-corp.jp>

* fix comment

Signed-off-by: wfan <wfan@yahoo-corp.jp>

Signed-off-by: wfan <wfan@yahoo-corp.jp>
Signed-off-by: Jeongwoo Kim - jekim <jekim@yahoo-corp.jp>
Co-authored-by: Jeongwoo Kim - jekim <jekim@yahoo-corp.jp>
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@WindzCUHK @kyfujisa
add resource prefix config (#12)
74f011f 
* add resource prefix config

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* add unit test

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* fix test

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* upgrade authorizer

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* upgrade go.mod

Signed-off-by: wfan <wfan@yahoo-corp.jp>

Signed-off-by: wfan <wfan@yahoo-corp.jp>
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@WindzCUHK @ssunorz @kyfujisa
new noAuthPaths option supporting wildcard characters (#15)
150d873 
* draft

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* add unit test

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* fix quote

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* fix empty regex

Signed-off-by: wfan <wfan@yahoo-corp.jp>

* Update handler/error.go

Co-authored-by: ssunorz <42366422+ssunorz@users.noreply.github.com>
Signed-off-by: Windz <WindzCUHK@users.noreply.github.com>

Signed-off-by: wfan <wfan@yahoo-corp.jp>
Signed-off-by: Windz <WindzCUHK@users.noreply.github.com>
Co-authored-by: ssunorz <42366422+ssunorz@users.noreply.github.com>
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add cert refresh period configulation
67a3c7d 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add parse cert refresh period and Add Refresh logic
d3d6a18 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Run cert refresh logic
ac32012 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Load certificate
0c786f2 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add new server struct option
8e3ac7b 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add TLSCertificateCache, New function
4af61cf 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Move TLS config setting to authz_proxyd.go
54a97d4 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add comments
ee84eab 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Move TLS cert invalid test
d907cb1 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add WithTLSConfig test
0fe265d 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Move hash() function
4755b3a 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add enable / tlsConfig check
8bcf715 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add HTTPS server test
cdc7e63 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Use atomic.Value cache
e78e495 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add NewServer error test
7303bc6 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add lock for update
f5f796f 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add TestTLSCertificateCache_RefreshCertificate
ab7a24e 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add CertRefreshPeriod 0 check
2ccaf6e 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add comment
0764566 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add certRefreshPeriod option
22ca473 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add comment
ed05411 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix test for config(add CertRefreshPeriod)
bbd299a 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix typo
b247331 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix typo
b653f3c 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix comment
e214e9a 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix CertRefreshPeriod 0 check logic
3596735 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Remove dot
a94e93d 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Use NewTLSConfig in NewTLSConfigWithTLSCertificateCache
c3100c8 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Revert "Use NewTLSConfig in NewTLSConfigWithTLSCertificateCache"
beed8a6 
This reverts commit 74006c8.

Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Use NewTLSConfigWithTLSCertificateCache in NewTLSConfig
2b5cccd 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Move CertRefreshPeriod check to NewTLSConfigWithTLSCertificateCache
d0cb64d 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix comment and log
19667a7 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add process for compatibility
76edebd 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix test for tls.go
04c9cdc 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix condition for running cert refresh daemon
736f266 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix tests for authz_proxyd_test.go
45c5d58 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix initialization
29dec34 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Fix use modified config
240c2ed 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Remove TLSConfigWithTLSCertificateCache
f8c6e4a 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Add not refreshed log
66aab41 
Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@kyfujisa
Merge branch 'master' of github.com:AthenZ/authorization-proxy into a…
4592f4f 
…dd-cert-refresh

Signed-off-by: Kyo Fujisaki <kyfujisa@yahoo-corp.jp>
@WindzCUHK WindzCUHK changed the title [nightly] Add cert refresh [minor] Add cert refresh Feb 14, 2023
@WindzCUHK WindzCUHK merged commit 2340ced into master Feb 14, 2023
@WindzCUHK WindzCUHK deleted the add-cert-refresh branch February 14, 2023 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ctyano ctyano ctyano left review comments

+2 more reviewers

@ssunorz ssunorz ssunorz left review comments

@WindzCUHK WindzCUHK WindzCUHK approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@kyfujisa @ssunorz @WindzCUHK @ctyano @t4niwa @thgm3116