Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(proxy): Implement access control with VPC endpoint checks and block for public internet / VPC #10143

Merged
merged 16 commits into from
Jan 31, 2025
Merged

feat(proxy): Implement access control with VPC endpoint checks and block for public internet / VPC #10143

merged 16 commits into from
Jan 31, 2025

Conversation

stradig
Copy link
Contributor

@stradig stradig commented Dec 13, 2024
edited by awarus
Loading

  • Wired up filtering on VPC endpoints
  • Wired up block access from public internet / VPC depending on per project flag
  • Added cache invalidation for VPC endpoints (partially based on PR from Raphael)
  • Removed BackendIpAllowlist trait

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 13, 2024
edited
Loading

7414 tests run: 7061 passed, 0 failed, 353 skipped (full report)

Flaky tests (2)

Postgres 17

Code coverage* (full report)

  • functions: 33.3% (8522 of 25618 functions)
  • lines: 49.0% (71535 of 146077 lines)

* collected from Rust tests only

The comment gets automatically updated with the latest test results
f4a331d at 2025-01-31T20:41:13.763Z :recycle:

@stradig stradig changed the title First stab at adding VPC endpoint checks Implement Access control with VPC endpoint checks and block for public internet / VPC Dec 19, 2024
@stradig stradig changed the title Implement Access control with VPC endpoint checks and block for public internet / VPC Implement access control with VPC endpoint checks and block for public internet / VPC Dec 19, 2024
@stradig stradig requested a review from awarus December 19, 2024 16:20
@conradludgate conradludgate self-requested a review January 14, 2025 15:02
@awarus awarus self-requested a review January 21, 2025 08:19
@awarus awarus force-pushed the vpc_endpoint_filter branch 2 times, most recently from 56f978d to f8df81a Compare January 21, 2025 10:31
@awarus awarus changed the title Implement access control with VPC endpoint checks and block for public internet / VPC feat(proxy): Implement access control with VPC endpoint checks and block for public internet / VPC Jan 21, 2025
@awarus awarus force-pushed the vpc_endpoint_filter branch 2 times, most recently from 4201eec to ffbe7bc Compare January 24, 2025 15:18
@awarus
Copy link
Contributor

awarus commented Jan 24, 2025

Rebased on the top of CancelMap Redis PR #10364

@awarus awarus marked this pull request as ready for review January 27, 2025 08:41
@awarus awarus requested a review from a team as a code owner January 27, 2025 08:41
@awarus awarus force-pushed the vpc_endpoint_filter branch 2 times, most recently from 8e13345 to 719f70f Compare January 27, 2025 09:02
@conradludgate conradludgate changed the base branch from main to redis-cancel January 27, 2025 12:27
@conradludgate conradludgate requested review from a team as code owners January 27, 2025 12:27
@conradludgate conradludgate requested review from problame, myrrc and lubennikovaav and removed request for a team January 27, 2025 12:27
@conradludgate conradludgate changed the base branch from redis-cancel to main January 27, 2025 12:27
@awarus awarus force-pushed the vpc_endpoint_filter branch 2 times, most recently from 83c48ec to e11a969 Compare January 29, 2025 13:59
@awarus awarus force-pushed the vpc_endpoint_filter branch from e11a969 to fdc0c78 Compare January 31, 2025 10:47
awarus
awarus reviewed Jan 31, 2025
View reviewed changes
Copy link
Contributor

@awarus awarus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ready for review

@awarus awarus requested review from awarus and removed request for awarus January 31, 2025 10:48
conradludgate
conradludgate approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@conradludgate conradludgate left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

haven't reviewed too closely but it generally looks correct

proxy/src/auth/backend/mod.rs Outdated Show resolved Hide resolved
@awarus awarus enabled auto-merge January 31, 2025 19:14
@awarus awarus added this pull request to the merge queue Jan 31, 2025
Merged via the queue into main with commit 6dd48ba Jan 31, 2025
84 checks passed
@awarus awarus deleted the vpc_endpoint_filter branch January 31, 2025 20:40
winter-loo pushed a commit to winter-loo/neon that referenced this pull request Feb 4, 2025
@stradig @awarus @winter-loo
feat(proxy): Implement access control with VPC endpoint checks and bl…
894a124 
…ock for public internet / VPC (neondatabase#10143)

- Wired up filtering on VPC endpoints
- Wired up block access from public internet / VPC depending on per
project flag
- Added cache invalidation for VPC endpoints (partially based on PR from
Raphael)
- Removed BackendIpAllowlist trait

---------

Co-authored-by: Ivan Efremov <[email protected]>
@awarus awarus mentioned this pull request Feb 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@awarus awarus awarus left review comments

@conradludgate conradludgate conradludgate approved these changes

Assignees

@awarus awarus

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stradig @awarus @conradludgate