Add support for listening on unix domain sockets

[squalus]

Added unix domain socket support for the listen setting.

Added socket_mode setting to change socket permissions.

Example configuration:

listen: /run/vouch-proxy/socket
socket_mode: 0600

[bnfinet]

@squalus thanks for your contributions. Both of these PRs are of interest.

That said, could you please read the README. I see some items worthy of discussion here.

[squalus]

Added an issue, changelog entry, and unit test

[bnfinet]

instead of contructing a config object, please create and consume a config file in config/testing and then use a setup function similar to...
https://github.com/vouch/vouch-proxy/blob/master/pkg/cfg/cfg_test.go#L23-L26

please also add config examples in config/config.yml_example and config/config.yml_example_listen_unix_socket

[squalus]

• Updated test to use testing config files instead of constructing a config object
• Added config examples to config/config.yml_example. I didn't add another standalone one, because it would just be an exact duplicate of another one of the other files with one extra line.

[bnfinet]

for consistency, instead of passing config *cfg.Config please just use cfg.Cfg.___ and leave the signature as listen(). Config isn't meant to be passed around, just plucked from the ether as a global.

[squalus]

Updated the listen function to use the global configuration object

[bnfinet]

@squalus thanks for the fine addition to VP

I've left a few comments inline to the code.

Please do also ensure that the unix socket can be configured via environmental variables and adjust this test accordingly..
https://github.com/vouch/vouch-proxy/blob/master/pkg/cfg/cfg_test.go#L129

Cheers!

[bnfinet]

One other good addition would be to add a check to the basicTest() to make sure that if cfg.Listen starts with unix: then socket_mode is required and set properly.
https://github.com/vouch/vouch-proxy/blob/master/pkg/cfg/cfg.go#L398

Perhaps SocketMode should default to 0600?

In general, VP tries to catch configuration errors and offer clear logging in hopes of helping fellow admins find their way quickly, and avoid support tickets showing up here.

[squalus]

One other good addition would be to add a check to the basicTest() to make sure that if cfg.Listen starts with unix: then socket_mode is required and set properly. https://github.com/vouch/vouch-proxy/blob/master/pkg/cfg/cfg.go#L398

Perhaps SocketMode should default to 0600?

In general, VP tries to catch configuration errors and offer clear logging in hopes of helping fellow admins find their way quickly, and avoid support tickets showing up here.

Updated listen() to default SocketMode to 0777. (I'm copying PostgreSQL's defaults)

[squalus]

• Added new settings to the envconfig tests
• Added socket_group setting for setting group ownership. This is similar to the socket settings PostgreSQL exposes. https://www.postgresql.org/docs/14/runtime-config-connection.html

[bnfinet]

@squalus sorry for the delay in reviewing this PR

I've set a default of socket perms to 0660 somewhat based off of what nginx is doing

https://serverfault.com/questions/437077/what-should-be-proper-permission-of-unix-socket

Thanks again for the fine PR, I'm going to merge and ship