Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

close connections which violate policy after updates #772

Merged
merged 21 commits into from
Feb 5, 2024
Merged

close connections which violate policy after updates #772

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
2f36a49
initial impl for draining connections which are invalid after policy …
ilrudie Jan 16, 2024
eeef8b0
addressing early comments, fixing deadlocks, fixing drain logic
ilrudie Jan 17, 2024
07589b6
seperate connection close and proxy drain into different channels
ilrudie Jan 22, 2024
2ac3e7a
fix cargo fmt error
ilrudie Jan 22, 2024
e042654
unit testing for ConnectionManager
ilrudie Jan 23, 2024
b7825f9
sort connections to remove flakiness from indeterminant vec ordering
ilrudie Jan 23, 2024
5080ea8
fix trait impls for Identity per clippy
ilrudie Jan 23, 2024
99dacd9
more clippy fixes
ilrudie Jan 23, 2024
e90bf03
impl closing denied connections for inbound_passthrough, DRY asnyc fn…
ilrudie Jan 23, 2024
fa5dd8a
testing for policy_watcher
ilrudie Jan 24, 2024
59594d3
cleanup extra newline
ilrudie Jan 24, 2024
4808316
use hickory_resolver instead of trust_dns_resolver for connection_man…
ilrudie Jan 24, 2024
0ac3b25
enhancement to stop leaking connection channels in the connection man…
ilrudie Jan 24, 2024
79c12c8
remove unnecessary atomic
ilrudie Jan 30, 2024
55e6afa
use the map.entry... suggestion
ilrudie Jan 30, 2024
e4f4ce6
derive PartialOrd and Ord instead of implement
ilrudie Jan 30, 2024
f6d174b
alert policy subscribers at most once per xds update
ilrudie Jan 31, 2024
aadcc51
remove unneeded clone
ilrudie Jan 31, 2024
a840456
separate beginning to manage a conn from requestin a close receiver
ilrudie Feb 2, 2024
e2468da
register connections in outbound as well
ilrudie Feb 2, 2024
45c243f
switch to borrows for connection_manager, audit clone usage
ilrudie Feb 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/identity/manager.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ use super::Error::{self, Spiffe};

const CERT_REFRESH_FAILURE_RETRY_DELAY: Duration = Duration::from_secs(60);

#[derive(Debug, PartialEq, Eq, Clone, Hash)]
#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone, Hash)]
pub enum Identity {
Spiffe {
trust_domain: String,
Expand Down
1 change: 1 addition & 0 deletions src/proxy.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ use crate::state::workload::{network_addr, Workload};
use crate::state::DemandProxyState;
use crate::{config, identity, socket, tls};

mod connection_manager;
mod inbound;
mod inbound_passthrough;
#[allow(non_camel_case_types)]
Expand Down
Loading