pomerium / pomerium / 25883175838
52%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 711
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 45.948% (+0.03%) from 45.919%
25883175838

push

github

web-flow 
feat: update session recording protocol & disable session recording (#6335)

## Summary

Implements the new unix pipe-based protocol.

Disables the recording server entirely, it is not loaded in any pomerium
code paths in this PR. Removes the recording server from authorize.

When paired with the follow up PR that configures dynamic extensions,
the new server will live in `pkg/envoy`, since whenever envoy hot
restarts a new set of pipes must be constructed and the transport needs
to be informed/reloaded.

Changes with previous protocol handler:

- gRPC integration is removed.
- Each protocol handler is long-lived, and should live as long as the
process lives or envoy hot restarts
- Each chunk of data has to be tagged with an ID, since the protocol no
longer handles one recorded session per client
- `protocol_test.go` holds detailed step by step conformance the client
should respect.
- gRPC is no longer the default. GRPC cannot be configured as a
transport in the initial release of the feature, as pipes will the
default for IPC.
- OnConfigChange was separated into `OnConfigChange` and
`OnTransportChange`:
- `OnConfigChange` handles the hot reloadable configuration tied to the
blob store
- `OnTransportChange` handles when the transport change (pipes), and is
triggered when envoy hot restarts

## Related issues

Requires :
https://linear.app/pomerium/issue/ENG-3971/envoy-build-dynamic-link-to-libc-when-building-for-macos


[ENG-3933](https://linear.app/pomerium/issue/ENG-3933/session-recording-server-unix-pipe-transport)

Follow up : https://github.com/pomerium/pomerium/pull/6283

## User Explanation

N/A

## AI disclosure

Claude PR review

## Checklist

- [X] reference any related issues
- [X] updated unit tests
- [X] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [X] disclosed AI usage (or wrote "none") per AI_POLICY.md
- [X] ready for review

362 of 579 new or added lines in 9 files covered. (62.52%)

318 existing lines in 18 files now uncovered.

36608 of 79672 relevant lines covered (45.95%)

305.55 hits per line

Uncovered Changes

Lines Coverage File
83
0.0
 pkg/storage/blob/testutil/object.go
65
77.35
 internal/recording/protocol.go
30
51.15
 -4.32% pkg/ipc/pipe_workers.go
21
70.46
 -1.85% pkg/storage/blob/chunk.go
14
82.09
 2.17% internal/recording/server.go
4
78.85
 -0.4% pkg/ipc/pipe_server.go

Coverage Regressions

Lines Coverage File
100
0.0
 0.0% pkg/ssh/test/policy_index_suite.go
46
50.0
 1.37% config/config.go
46
2.63
 0.0% internal/testenv/environment.go
41
2.53
 0.0% pkg/envoy/envoy.go
34
81.73
 0.54% config/envoyconfig/bootstrap.go
11
58.21
 -16.42% pkg/storage/blob/util.go
8
82.09
 2.17% internal/recording/server.go
7
92.08
 6.29% config/config_source.go
6
78.36
 -1.06% pkg/storage/postgres/backend.go
4
74.26
 -1.18% internal/databroker/config_source.go
4
88.52
 -0.88% pkg/storage/postgres/postgres.go
3
84.71
 -1.18% pkg/storage/postgres/iterate.go
2
69.83
 -0.3% internal/databroker/server_backend.go
2
51.15
 -4.32% pkg/ipc/pipe_workers.go
1
78.85
 -0.4% pkg/ipc/pipe_server.go
1
80.13
 -0.21% pkg/ssh/manager.go
1
70.46
 -1.85% pkg/storage/blob/chunk.go
1
75.41
 0.0% pkg/storage/postgres/registry.go
Jobs
ID Job ID Ran Files Coverage
1 25883175838.1 711
45.95
 GitHub Action Run
Source Files on build 25883175838