Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proxy: auth broker #8855

Merged
merged 18 commits into from
Sep 30, 2024
Merged

proxy: auth broker #8855

merged 18 commits into from
Sep 30, 2024

Conversation

conradludgate
Copy link
Contributor

@conradludgate conradludgate commented Aug 28, 2024
edited
Loading

Opens http2 connection to local-proxy and forwards requests over with all headers and body

closes https://github.com/neondatabase/cloud/issues/16039

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 28, 2024
edited
Loading

5013 tests run: 4855 passed, 0 failed, 158 skipped (full report)

Flaky tests (3)

Postgres 17

Postgres 16

Postgres 14

  • test_ondemand_wal_download_in_replication_slot_funcs: release-x86-64

Code coverage* (full report)

  • functions: 31.3% (7487 of 23884 functions)
  • lines: 49.6% (60100 of 121197 lines)

* collected from Rust tests only

The comment gets automatically updated with the latest test results
c862d95 at 2024-09-30T18:30:04.636Z :recycle:

orca-security-us[bot]
orca-security-us bot reviewed Sep 11, 2024
View reviewed changes
Copy link

@orca-security-us orca-security-us bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed Infrastructure as Code high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Secrets high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Vulnerabilities high 0   medium 0   low 0   info 0 View in Orca

@conradludgate conradludgate force-pushed the proxy-auth-broker branch 2 times, most recently from 2abdd5f to bd8ab50 Compare September 17, 2024 13:33
@conradludgate conradludgate mentioned this pull request Sep 18, 2024
Merged
@conradludgate conradludgate changed the base branch from main to proxy-misc-auth-changes September 18, 2024 15:56
Base automatically changed from proxy-misc-auth-changes to main September 19, 2024 15:09
conradludgate added a commit that referenced this pull request Sep 19, 2024
@conradludgate
proxy: remove auth info from http conn info & fixup jwt api trait (#9047
0a1ca76 
)

misc changes split out from #8855 

- **allow cloning the request context in a read-only fashion for
background tasks**
- **propagate endpoint and request context through the jwk cache**
- **only allow password based auth for md5 during testing**
- **remove auth info from conn info**
@conradludgate conradludgate force-pushed the proxy-auth-broker branch 2 times, most recently from caada6e to 2d1d11d Compare September 23, 2024 11:48
@coderabbitai coderabbitai

This comment was marked as off-topic.

Sign in to view
conradludgate
conradludgate commented Sep 23, 2024
View reviewed changes
proxy/src/http.rs Outdated Show resolved Hide resolved
@conradludgate conradludgate marked this pull request as ready for review September 23, 2024 14:26
@conradludgate conradludgate requested a review from a team as a code owner September 23, 2024 14:26
@davidgomes davidgomes self-assigned this Sep 23, 2024
@davidgomes
Copy link
Contributor

I'm taking over this PR 🫡

@conradludgate conradludgate mentioned this pull request Sep 24, 2024
Closed
@davidgomes davidgomes removed their assignment Sep 25, 2024
cloneable
cloneable reviewed Sep 25, 2024
View reviewed changes
proxy/src/config.rs Show resolved Hide resolved
proxy/src/http.rs Outdated Show resolved Hide resolved
proxy/src/serverless/sql_over_http.rs Outdated Show resolved Hide resolved
proxy/src/serverless/sql_over_http.rs Outdated Show resolved Hide resolved
proxy/src/serverless/http_conn_pool.rs Show resolved Hide resolved
proxy/src/serverless/backend.rs Outdated Show resolved Hide resolved
proxy/src/serverless/backend.rs Outdated Show resolved Hide resolved
proxy/src/console/provider/mock.rs Outdated Show resolved Hide resolved
proxy/src/console/provider/neon.rs Outdated Show resolved Hide resolved
proxy/src/serverless/http_conn_pool.rs Outdated Show resolved Hide resolved
@conradludgate conradludgate mentioned this pull request Sep 26, 2024
Merged
@conradludgate conradludgate changed the base branch from main to proxy-cplane-jwks-api September 26, 2024 11:59
Base automatically changed from proxy-cplane-jwks-api to main September 27, 2024 15:08
@cloneable cloneable self-requested a review September 27, 2024 15:30
@conradludgate
Copy link
Contributor Author

I am working on adding some integration tests in a separate branch. Will open a PR in the coming days.

cloneable
cloneable reviewed Sep 30, 2024
View reviewed changes
proxy/src/serverless/http_conn_pool.rs Outdated Show resolved Hide resolved
proxy/src/auth/backend/jwt.rs Show resolved Hide resolved
proxy/src/serverless/http_conn_pool.rs Outdated Show resolved Hide resolved
@conradludgate conradludgate merged commit 94a5ca2 into main Sep 30, 2024
79 checks passed
@conradludgate conradludgate deleted the proxy-auth-broker branch September 30, 2024 19:43
@cloneable cloneable mentioned this pull request Oct 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orca-security-us orca-security-us[bot] orca-security-us[bot] left review comments

@cloneable cloneable cloneable approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@conradludgate @davidgomes @cloneable