]> go.fuhry.dev Git - runtime.git/commit
projects / runtime.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e070759) | patch
[grpc] support loading ACLs from ephs
authorDan Fuhry <dan@fuhry.com>
Fri, 14 Nov 2025 16:52:07 +0000 (11:52 -0500)
committerDan Fuhry <dan@fuhry.com>
Fri, 14 Nov 2025 17:05:25 +0000 (12:05 -0500)
commit5462300cff602ce8f210e6b0a90e16b6e60b148a
tree00876b2e335d4584d4ad9340aed2a4369f5af3f5tree | snapshot (tar.gz zip)
parente070759f0af4eebc57da4865161ff6f931145875commit | diff
[grpc] support loading ACLs from ephs

Supporting changes:

- Rearranged grpc into internal/{client,server,common} packages to deal with circular dep between ephs and grpc
- Rename `mtls.parseName` -> `mtls.ParseRemoteIdentity` and make the returned struct and its properties public
- In ephs server ACLs, try to parse principal; if successful, set `name`, `class` and `domain` substitutions in the key
- Fixed severely incorrect invocation of acl.Check in ephs server (not a security issue, legitimate requests were blocked but no illegitimate requests were allowed)
- Add `utils/context` package - wrapper for `context` with shared `Interruptible` context that cancels on SIGTERM and SIGINT
23 files changed:
ephs/BUILD.bazel diff | blob | history
ephs/client.go diff | blob | history
ephs/servicer/acl.go diff | blob | history
ephs/servicer/acl_test.go diff | blob | history
ephs/servicer/servicer.go diff | blob | history
grpc/BUILD.bazel diff | blob | history
grpc/imports.go [new file with mode: 0644] blob
grpc/internal/acl/BUILD.bazel [moved from grpc/acl/BUILD.bazel with 67% similarity] diff | blob | history
grpc/internal/acl/acl_yaml.go [moved from grpc/acl/acl_yaml.go with 60% similarity] diff | blob | history
grpc/internal/client/BUILD.bazel [new file with mode: 0644] blob
grpc/internal/client/client.go [moved from grpc/client.go with 91% similarity] diff | blob | history
grpc/internal/common/BUILD.bazel [new file with mode: 0644] blob
grpc/internal/common/conn_base.go [moved from grpc/conn_base.go with 98% similarity] diff | blob | history
grpc/internal/common/conn_quic.go [moved from grpc/conn_quic.go with 99% similarity] diff | blob | history
grpc/internal/common/conn_tcp.go [moved from grpc/conn_tcp.go with 98% similarity] diff | blob | history
grpc/internal/server/BUILD.bazel [new file with mode: 0644] blob
grpc/internal/server/context.go [moved from grpc/context.go with 98% similarity] diff | blob | history
grpc/internal/server/healthcheck.go [moved from grpc/healthcheck.go with 99% similarity] diff | blob | history
grpc/internal/server/server.go [moved from grpc/server.go with 96% similarity] diff | blob | history
mtls/verify_names.go diff | blob | history
utils/context/BUILD.bazel [new file with mode: 0644] blob
utils/context/imports.go [new file with mode: 0644] blob
utils/context/interruptible.go [new file with mode: 0644] blob