Merge remote-tracking branch 'origin/master' into feature/envoy

2025-08-04 01:09:36 +02:00 · 2020-05-08 11:17:30 -06:00 · 2020-05-08 11:17:30 -06:00 · 02615b8b6c
commit 02615b8b6c
parent 99e788a9b4
48 changed files with 1283 additions and 561 deletions
--- a/integration/manifests/lib/backends.libsonnet
+++ b/integration/manifests/lib/backends.libsonnet
@ -0,0 +1,105 @@
+local configMap = function(name, data) {
+  apiVersion: 'v1',
+  kind: 'ConfigMap',
+  metadata: {
+    namespace: 'default',
+    name: name,
+    labels: {
+      app: name,
+    },
+  },
+  data: data,
+};
+
+local service = function(name) {
+  apiVersion: 'v1',
+  kind: 'Service',
+  metadata: {
+    namespace: 'default',
+    name: name,
+    labels: { app: name },
+  },
+  spec: {
+    selector: { app: name },
+    ports: [{
+      name: 'http',
+      port: 80,
+      targetPort: 'http',
+    }],
+  },
+};
+
+local deployment = function(name) {
+  apiVersion: 'apps/v1',
+  kind: 'Deployment',
+  metadata: {
+    namespace: 'default',
+    name: name,
+  },
+  spec: {
+    replicas: 1,
+    selector: { matchLabels: { app: name } },
+    template: {
+      metadata: {
+        labels: { app: name },
+      },
+      spec: {
+        initContainers: [{
+          name: 'init',
+          image: 'node:14-stretch-slim',
+          imagePullPolicy: 'IfNotPresent',
+          args: ['bash', '-c', 'cp -rL /src/* /app/'],
+          volumeMounts: [{
+            name: 'src',
+            mountPath: '/src',
+          }, {
+            name: 'app',
+            mountPath: '/app',
+          }],
+        }],
+        containers: [{
+          name: name,
+          image: 'node:14-stretch-slim',
+          imagePullPolicy: 'IfNotPresent',
+          args: ['bash', '-c', 'cd /app && npm install && node index.js'],
+          ports: [{
+            name: 'http',
+            containerPort: 8080,
+          }],
+          volumeMounts: [{
+            name: 'app',
+            mountPath: '/app',
+          }],
+        }],
+        volumes: [{
+          name: 'src',
+          configMap: {
+            name: name,
+          },
+        }, {
+          name: 'app',
+          emptyDir: {},
+        }],
+      },
+    },
+  },
+};
+
+{
+  apiVersion: 'v1',
+  kind: 'List',
+  items: [
+    configMap('httpdetails', {
+      'index.js': importstr '../../backends/httpdetails/index.js',
+    }),
+    service('httpdetails'),
+    deployment('httpdetails'),
+
+    configMap('ws-echo', {
+      'package.json': importstr '../../backends/ws-echo/package.json',
+      'index.js': importstr '../../backends/ws-echo/index.js',
+    }),
+    service('ws-echo'),
+    deployment('ws-echo'),
+  ],
+}
--- a/integration/manifests/lib/httpdetails.libsonnet
+++ b/integration/manifests/lib/httpdetails.libsonnet
@ -1,79 +0,0 @@
-{
-  apiVersion: 'v1',
-  kind: 'List',
-  items: [
-    {
-      apiVersion: 'v1',
-      kind: 'ConfigMap',
-      metadata: {
-        namespace: 'default',
-        name: 'httpdetails',
-        labels: {
-          app: 'httpdetails',
-        },
-      },
-      data: {
-        'index.js': importstr '../../backends/httpdetails/index.js',
-      },
-    },
-    {
-      apiVersion: 'v1',
-      kind: 'Service',
-      metadata: {
-        namespace: 'default',
-        name: 'httpdetails',
-        labels: { app: 'httpdetails' },
-      },
-      spec: {
-        selector: { app: 'httpdetails' },
-        ports: [{
-          name: 'http',
-          port: 80,
-          targetPort: 'http',
-        }],
-      },
-    },
-    {
-      apiVersion: 'apps/v1',
-      kind: 'Deployment',
-      metadata: {
-        namespace: 'default',
-        name: 'httpdetails',
-      },
-      spec: {
-        replicas: 1,
-        selector: { matchLabels: { app: 'httpdetails' } },
-        template: {
-          metadata: {
-            labels: { app: 'httpdetails' },
-          },
-          spec: {
-            containers: [{
-              name: 'httpbin',
-              image: 'node:14-stretch-slim',
-              imagePullPolicy: 'IfNotPresent',
-              args: [
-                'node',
-                '/app/index.js',
-              ],
-              ports: [{
-                name: 'http',
-                containerPort: 8080,
-              }],
-              volumeMounts: [{
-                name: 'httpdetails',
-                mountPath: '/app',
-              }],
-            }],
-            volumes: [{
-              name: 'httpdetails',
-              configMap: {
-                name: 'httpdetails',
-              },
-            }],
-          },
-        },
-      },
-    },
-  ],
-}
--- a/integration/manifests/lib/pomerium.libsonnet
+++ b/integration/manifests/lib/pomerium.libsonnet
@ -20,18 +20,61 @@ local PomeriumPolicy = function() std.flattenArrays([
      to: 'http://' + domain + '.default.svc.cluster.local',
      allowed_groups: ['admin'],
    },
+    // cors_allow_preflight option
+    {
+      from: 'http://' + domain + '.localhost.pomerium.io',
+      to: 'http://' + domain + '.default.svc.cluster.local',
+      prefix: '/cors-enabled',
+      cors_allow_preflight: true,
+    },
+    {
+      from: 'http://' + domain + '.localhost.pomerium.io',
+      to: 'http://' + domain + '.default.svc.cluster.local',
+      prefix: '/cors-disabled',
+      cors_allow_preflight: false,
+    },
+    // preserve_host_header option
+    {
+      from: 'http://' + domain + '.localhost.pomerium.io',
+      to: 'http://' + domain + '.default.svc.cluster.local',
+      path: '/preserve-host-header-enabled',
+      allow_public_unauthenticated_access: true,
+      preserve_host_header: true,
+    },
+    {
+      from: 'http://' + domain + '.localhost.pomerium.io',
+      to: 'http://' + domain + '.default.svc.cluster.local',
+      path: '/preserve-host-header-disabled',
+      allow_public_unauthenticated_access: true,
+      preserve_host_header: false,
+    },
    {
      from: 'http://' + domain + '.localhost.pomerium.io',
      to: 'http://' + domain + '.default.svc.cluster.local',
      allow_public_unauthenticated_access: true,
+      set_request_headers: {
+        'X-Custom-Request-Header': 'custom-request-header-value',
+      },
    },
    {
      from: 'http://restricted-' + domain + '.localhost.pomerium.io',
      to: 'http://' + domain + '.default.svc.cluster.local',
    },
  ]
-  for domain in ['httpdetails', 'fa-httpdetails']
-]);
+  for domain in ['httpdetails', 'fa-httpdetails', 'ws-echo']
+]) + [
+  {
+    from: 'http://enabled-ws-echo.localhost.pomerium.io',
+    to: 'http://ws-echo.default.svc.cluster.local',
+    allow_public_unauthenticated_access: true,
+    allow_websockets: true,
+  },
+  {
+    from: 'http://disabled-ws-echo.localhost.pomerium.io',
+    to: 'http://ws-echo.default.svc.cluster.local',
+    allow_public_unauthenticated_access: true,
+  },
+];

 local PomeriumPolicyHash = std.base64(std.md5(std.manifestJsonEx(PomeriumPolicy(), '')));

@ -231,6 +274,8 @@ local PomeriumIngress = function() {
    'httpecho.localhost.pomerium.io',
    'httpdetails.localhost.pomerium.io',
    'restricted-httpdetails.localhost.pomerium.io',
+    'enabled-ws-echo.localhost.pomerium.io',
+    'disabled-ws-echo.localhost.pomerium.io',
  ],

  apiVersion: 'extensions/v1beta1',
--- a/integration/manifests/manifests.jsonnet
+++ b/integration/manifests/manifests.jsonnet
@ -1,4 +1,4 @@
-local httpdetails = import './lib/httpdetails.libsonnet';
+local backends = import './lib/backends.libsonnet';
 local nginxIngressController = import './lib/nginx-ingress-controller.libsonnet';
 local pomerium = import './lib/pomerium.libsonnet';
 local openid = import './lib/reference-openid-provider.libsonnet';
@ -6,5 +6,5 @@ local openid = import './lib/reference-openid-provider.libsonnet';
 {
  apiVersion: 'v1',
  kind: 'List',
-  items: nginxIngressController.items + pomerium.items + openid.items + httpdetails.items,
+  items: nginxIngressController.items + pomerium.items + openid.items + backends.items,
 }