3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-30 08:28:20 +02:00
Code Issues Projects Releases Packages Wiki Activity

update

Browse source
This commit is contained in:
Caleb Doxsey 2024-02-15 14:25:53 -07:00
parent 4c7086a342
commit 1343f5e434
5 changed files with 58 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/envoyconfig/route_configurations_test.go
View file

@ -77,7 +77,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) {
],
"route": {
"autoHostRewrite": true,
"cluster": "route-2d64558829968bfa",
"cluster": "route-5d678ee30d16332b",
"hashPolicy": [
{ "header": { "headerName": "x-pomerium-routing-key" }, "terminal": true },
{ "connectionProperties": { "sourceIp": true }, "terminal": true }
@ -94,7 +94,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "3270833272679468026"
"route_id": "6730505273956774699"
}
}
}
@ -130,7 +130,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) {
],
"route": {
"autoHostRewrite": true,
"cluster": "route-2d64558829968bfa",
"cluster": "route-5d678ee30d16332b",
"hashPolicy": [
{ "header": { "headerName": "x-pomerium-routing-key" }, "terminal": true },
{ "connectionProperties": { "sourceIp": true }, "terminal": true }
@ -147,7 +147,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "3270833272679468026"
"route_id": "6730505273956774699"
}
}
}

34
config/envoyconfig/routes_test.go
View file

@ -444,7 +444,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "4543802651395957651"
"route_id": "16913502743845432363"
}
}
}
@ -515,7 +515,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "17558548610279586349"
"route_id": "911713133804109577"
}
}
}
@ -585,7 +585,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "4416253321558567236"
"route_id": "6407864870815560799"
}
}
}
@ -657,7 +657,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "9640508295720520345"
"route_id": "1103677309004574500"
}
}
}
@ -728,7 +728,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "4416253321558567236"
"route_id": "6407864870815560799"
}
}
}
@ -798,7 +798,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "17558548610279586349"
"route_id": "911713133804109577"
}
}
}
@ -869,7 +869,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "17558548610279586349"
"route_id": "911713133804109577"
}
}
}
@ -940,7 +940,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "443953882935101172"
"route_id": "17831746838845374842"
}
}
}
@ -1123,7 +1123,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "14447498311292459240"
"route_id": "15730681265277585877"
}
}
}
@ -1195,7 +1195,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "14447498311292459240"
"route_id": "15730681265277585877"
}
}
}
@ -1293,7 +1293,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "4342850494368657515"
"route_id": "16598125949405432745"
}
}
}
@ -1423,7 +1423,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "13747520195974094942"
"route_id": "13828028232508831592"
}
}
}
@ -1494,7 +1494,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "13747520195974094942"
"route_id": "13828028232508831592"
}
}
}
@ -1570,7 +1570,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "13747520195974094942"
"route_id": "13828028232508831592"
}
}
}
@ -1641,7 +1641,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "13747520195974094942"
"route_id": "13828028232508831592"
}
}
}
@ -1712,7 +1712,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "13747520195974094942"
"route_id": "13828028232508831592"
}
}
}
@ -1788,7 +1788,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) {
"checkSettings": {
"contextExtensions": {
"internal": "false",
"route_id": "13747520195974094942"
"route_id": "13828028232508831592"
}
}
}

27
config/policy.go
View file

@ -28,17 +28,16 @@ import (
type Policy struct {
ID string `mapstructure:"-" yaml:"-" json:"-"`
From string `mapstructure:"from" yaml:"from"`
To WeightedURLs `mapstructure:"to" yaml:"to"`
From string `mapstructure:"from" yaml:"from"`
To WeightedURLs `mapstructure:"to" yaml:"to"`
// Redirect is used for a redirect action instead of `To`
Redirect *PolicyRedirect `mapstructure:"redirect" yaml:"redirect"`
Response *DirectResponse `mapstructure:"response" yaml:"response,omitempty" json:"response,omitempty"`
// LbWeights are optional load balancing weights applied to endpoints specified in To
// this field exists for compatibility with mapstructure
LbWeights []uint32 `mapstructure:"_to_weights,omitempty" json:"-" yaml:"-"`
// Redirect is used for a redirect action instead of `To`
Redirect *PolicyRedirect `mapstructure:"redirect" yaml:"redirect"`
// Identity related policy
AllowedUsers []string `mapstructure:"allowed_users" yaml:"allowed_users,omitempty" json:"allowed_users,omitempty"`
AllowedDomains []string `mapstructure:"allowed_domains" yaml:"allowed_domains,omitempty" json:"allowed_domains,omitempty"`
@ -585,8 +584,7 @@ func (p *Policy) RouteID() (uint64, error) {
} else if p.Redirect != nil {
id.Redirect = p.Redirect
} else if p.Response != nil {
id.DirectResponseStatus = p.Response.Status
id.DirectResponseBody = p.Response.Body
id.Response = p.Response
} else {
return 0, errEitherToOrRedirectOrResponseRequired
}
@ -699,14 +697,13 @@ func (p *Policy) GetPassIdentityHeaders(options *Options) bool {
}
type routeID struct {
From string
To []string
Prefix string
Path string
Regex string
Redirect *PolicyRedirect
DirectResponseStatus int
DirectResponseBody string
From string
To []string
Prefix string
Path string
Regex string
Redirect *PolicyRedirect
Response *DirectResponse
}
/*

48
pkg/grpc/config/config.pb.go
View file

@ -390,14 +390,14 @@ type Route struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
From string `protobuf:"bytes,2,opt,name=from,proto3" json:"from,omitempty"`
To []string `protobuf:"bytes,3,rep,name=to,proto3" json:"to,omitempty"`
Redirect *RouteRedirect `protobuf:"bytes,34,opt,name=redirect,proto3" json:"redirect,omitempty"`
Response *RouteDirectResponse `protobuf:"bytes,62,opt,name=response,proto3" json:"response,omitempty"`
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint_components.proto#envoy-v3-api-msg-config-endpoint-v3-lbendpoint
// optional load balancing weights assigned to upstream servers defined in TO
// if not specified, all upstream servers would be assigned the same weight
// if provided, load_balancing_weights[i] >= 1 and len(to) ==
// len(load_balancing_weights)
LoadBalancingWeights []uint32 `protobuf:"varint,37,rep,packed,name=load_balancing_weights,json=loadBalancingWeights,proto3" json:"load_balancing_weights,omitempty"`
Redirect *RouteRedirect `protobuf:"bytes,34,opt,name=redirect,proto3" json:"redirect,omitempty"`
LoadBalancingWeights []uint32 `protobuf:"varint,37,rep,packed,name=load_balancing_weights,json=loadBalancingWeights,proto3" json:"load_balancing_weights,omitempty"`
// Deprecated: Do not use.
AllowedUsers []string `protobuf:"bytes,4,rep,name=allowed_users,json=allowedUsers,proto3" json:"allowed_users,omitempty"`
// repeated string allowed_groups = 5 [ deprecated = true ];
@ -506,6 +506,13 @@ func (x *Route) GetTo() []string {
return nil
}
func (x *Route) GetRedirect() *RouteRedirect {
if x != nil {
return x.Redirect
}
return nil
}
func (x *Route) GetResponse() *RouteDirectResponse {
if x != nil {
return x.Response
@ -520,13 +527,6 @@ func (x *Route) GetLoadBalancingWeights() []uint32 {
return nil
}
func (x *Route) GetRedirect() *RouteRedirect {
if x != nil {
return x.Redirect
}
return nil
}
// Deprecated: Do not use.
func (x *Route) GetAllowedUsers() []string {
if x != nil {
@ -1975,19 +1975,19 @@ var file_config_proto_rawDesc = []byte{
0x05, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72,
0x6f, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e,
0x0a, 0x02, 0x74, 0x6f, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x12, 0x40,
0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x12, 0x34, 0x0a, 0x16, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69,
0x6e, 0x67, 0x5f, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x25, 0x20, 0x03, 0x28, 0x0d,
0x52, 0x14, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x57,
0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65,
0x63, 0x74, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72,
0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65,
0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65,
0x63, 0x74, 0x12, 0x27, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x75, 0x73,
0x0a, 0x02, 0x74, 0x6f, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x12, 0x3a,
0x0a, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x1e, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
0x52, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x40, 0x0a, 0x08, 0x72, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70,
0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x52,
0x6f, 0x75, 0x74, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x34, 0x0a, 0x16,
0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x77,
0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x25, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x14, 0x6c, 0x6f,
0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x57, 0x65, 0x69, 0x67, 0x68,
0x74, 0x73, 0x12, 0x27, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x75, 0x73,
0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x61,
0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x55, 0x73, 0x65, 0x72, 0x73, 0x12, 0x2b, 0x0a, 0x0f, 0x61,
0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x06,
@ -2743,8 +2743,8 @@ var file_config_proto_goTypes = []interface{}{
var file_config_proto_depIdxs = []int32{
5, // 0: pomerium.config.Config.routes:type_name -> pomerium.config.Route
7, // 1: pomerium.config.Config.settings:type_name -> pomerium.config.Settings
4, // 2: pomerium.config.Route.response:type_name -> pomerium.config.RouteDirectResponse
3, // 3: pomerium.config.Route.redirect:type_name -> pomerium.config.RouteRedirect
3, // 2: pomerium.config.Route.redirect:type_name -> pomerium.config.RouteRedirect
4, // 3: pomerium.config.Route.response:type_name -> pomerium.config.RouteDirectResponse
9, // 4: pomerium.config.Route.allowed_idp_claims:type_name -> pomerium.config.Route.AllowedIdpClaimsEntry
18, // 5: pomerium.config.Route.timeout:type_name -> google.protobuf.Duration
18, // 6: pomerium.config.Route.idle_timeout:type_name -> google.protobuf.Duration

3
pkg/grpc/config/config.proto
View file

@ -44,6 +44,7 @@ message Route {
string from = 2;
repeated string to = 3;
RouteRedirect redirect = 34;
RouteDirectResponse response = 62;
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint_components.proto#envoy-v3-api-msg-config-endpoint-v3-lbendpoint
@ -53,8 +54,6 @@ message Route {
// len(load_balancing_weights)
repeated uint32 load_balancing_weights = 37;
RouteRedirect redirect = 34;
repeated string allowed_users = 4 [ deprecated = true ];
// repeated string allowed_groups = 5 [ deprecated = true ];
repeated string allowed_domains = 6 [ deprecated = true ];