From 1343f5e4347ac1fb3631c6c3e4eb879184e6eb6f Mon Sep 17 00:00:00 2001 From: Caleb Doxsey Date: Thu, 15 Feb 2024 14:25:53 -0700 Subject: [PATCH] update --- .../envoyconfig/route_configurations_test.go | 8 ++-- config/envoyconfig/routes_test.go | 34 ++++++------- config/policy.go | 27 +++++------ pkg/grpc/config/config.pb.go | 48 +++++++++---------- pkg/grpc/config/config.proto | 3 +- 5 files changed, 58 insertions(+), 62 deletions(-) diff --git a/config/envoyconfig/route_configurations_test.go b/config/envoyconfig/route_configurations_test.go index 153f75904..a5323c2a6 100644 --- a/config/envoyconfig/route_configurations_test.go +++ b/config/envoyconfig/route_configurations_test.go @@ -77,7 +77,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) { ], "route": { "autoHostRewrite": true, - "cluster": "route-2d64558829968bfa", + "cluster": "route-5d678ee30d16332b", "hashPolicy": [ { "header": { "headerName": "x-pomerium-routing-key" }, "terminal": true }, { "connectionProperties": { "sourceIp": true }, "terminal": true } @@ -94,7 +94,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "3270833272679468026" + "route_id": "6730505273956774699" } } } @@ -130,7 +130,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) { ], "route": { "autoHostRewrite": true, - "cluster": "route-2d64558829968bfa", + "cluster": "route-5d678ee30d16332b", "hashPolicy": [ { "header": { "headerName": "x-pomerium-routing-key" }, "terminal": true }, { "connectionProperties": { "sourceIp": true }, "terminal": true } @@ -147,7 +147,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "3270833272679468026" + "route_id": "6730505273956774699" } } } diff --git a/config/envoyconfig/routes_test.go b/config/envoyconfig/routes_test.go index fc8cc454c..7741f2836 100644 --- a/config/envoyconfig/routes_test.go +++ b/config/envoyconfig/routes_test.go @@ -444,7 +444,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "4543802651395957651" + "route_id": "16913502743845432363" } } } @@ -515,7 +515,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "17558548610279586349" + "route_id": "911713133804109577" } } } @@ -585,7 +585,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "4416253321558567236" + "route_id": "6407864870815560799" } } } @@ -657,7 +657,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "9640508295720520345" + "route_id": "1103677309004574500" } } } @@ -728,7 +728,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "4416253321558567236" + "route_id": "6407864870815560799" } } } @@ -798,7 +798,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "17558548610279586349" + "route_id": "911713133804109577" } } } @@ -869,7 +869,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "17558548610279586349" + "route_id": "911713133804109577" } } } @@ -940,7 +940,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "443953882935101172" + "route_id": "17831746838845374842" } } } @@ -1123,7 +1123,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "14447498311292459240" + "route_id": "15730681265277585877" } } } @@ -1195,7 +1195,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "14447498311292459240" + "route_id": "15730681265277585877" } } } @@ -1293,7 +1293,7 @@ func Test_buildPolicyRoutes(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "4342850494368657515" + "route_id": "16598125949405432745" } } } @@ -1423,7 +1423,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "13747520195974094942" + "route_id": "13828028232508831592" } } } @@ -1494,7 +1494,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "13747520195974094942" + "route_id": "13828028232508831592" } } } @@ -1570,7 +1570,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "13747520195974094942" + "route_id": "13828028232508831592" } } } @@ -1641,7 +1641,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "13747520195974094942" + "route_id": "13828028232508831592" } } } @@ -1712,7 +1712,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "13747520195974094942" + "route_id": "13828028232508831592" } } } @@ -1788,7 +1788,7 @@ func Test_buildPolicyRoutesRewrite(t *testing.T) { "checkSettings": { "contextExtensions": { "internal": "false", - "route_id": "13747520195974094942" + "route_id": "13828028232508831592" } } } diff --git a/config/policy.go b/config/policy.go index b2b28a473..9868e35d8 100644 --- a/config/policy.go +++ b/config/policy.go @@ -28,17 +28,16 @@ import ( type Policy struct { ID string `mapstructure:"-" yaml:"-" json:"-"` - From string `mapstructure:"from" yaml:"from"` - To WeightedURLs `mapstructure:"to" yaml:"to"` + From string `mapstructure:"from" yaml:"from"` + To WeightedURLs `mapstructure:"to" yaml:"to"` + // Redirect is used for a redirect action instead of `To` + Redirect *PolicyRedirect `mapstructure:"redirect" yaml:"redirect"` Response *DirectResponse `mapstructure:"response" yaml:"response,omitempty" json:"response,omitempty"` // LbWeights are optional load balancing weights applied to endpoints specified in To // this field exists for compatibility with mapstructure LbWeights []uint32 `mapstructure:"_to_weights,omitempty" json:"-" yaml:"-"` - // Redirect is used for a redirect action instead of `To` - Redirect *PolicyRedirect `mapstructure:"redirect" yaml:"redirect"` - // Identity related policy AllowedUsers []string `mapstructure:"allowed_users" yaml:"allowed_users,omitempty" json:"allowed_users,omitempty"` AllowedDomains []string `mapstructure:"allowed_domains" yaml:"allowed_domains,omitempty" json:"allowed_domains,omitempty"` @@ -585,8 +584,7 @@ func (p *Policy) RouteID() (uint64, error) { } else if p.Redirect != nil { id.Redirect = p.Redirect } else if p.Response != nil { - id.DirectResponseStatus = p.Response.Status - id.DirectResponseBody = p.Response.Body + id.Response = p.Response } else { return 0, errEitherToOrRedirectOrResponseRequired } @@ -699,14 +697,13 @@ func (p *Policy) GetPassIdentityHeaders(options *Options) bool { } type routeID struct { - From string - To []string - Prefix string - Path string - Regex string - Redirect *PolicyRedirect - DirectResponseStatus int - DirectResponseBody string + From string + To []string + Prefix string + Path string + Regex string + Redirect *PolicyRedirect + Response *DirectResponse } /* diff --git a/pkg/grpc/config/config.pb.go b/pkg/grpc/config/config.pb.go index 85d19e8a3..81cf17c6e 100644 --- a/pkg/grpc/config/config.pb.go +++ b/pkg/grpc/config/config.pb.go @@ -390,14 +390,14 @@ type Route struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` From string `protobuf:"bytes,2,opt,name=from,proto3" json:"from,omitempty"` To []string `protobuf:"bytes,3,rep,name=to,proto3" json:"to,omitempty"` + Redirect *RouteRedirect `protobuf:"bytes,34,opt,name=redirect,proto3" json:"redirect,omitempty"` Response *RouteDirectResponse `protobuf:"bytes,62,opt,name=response,proto3" json:"response,omitempty"` // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint_components.proto#envoy-v3-api-msg-config-endpoint-v3-lbendpoint // optional load balancing weights assigned to upstream servers defined in TO // if not specified, all upstream servers would be assigned the same weight // if provided, load_balancing_weights[i] >= 1 and len(to) == // len(load_balancing_weights) - LoadBalancingWeights []uint32 `protobuf:"varint,37,rep,packed,name=load_balancing_weights,json=loadBalancingWeights,proto3" json:"load_balancing_weights,omitempty"` - Redirect *RouteRedirect `protobuf:"bytes,34,opt,name=redirect,proto3" json:"redirect,omitempty"` + LoadBalancingWeights []uint32 `protobuf:"varint,37,rep,packed,name=load_balancing_weights,json=loadBalancingWeights,proto3" json:"load_balancing_weights,omitempty"` // Deprecated: Do not use. AllowedUsers []string `protobuf:"bytes,4,rep,name=allowed_users,json=allowedUsers,proto3" json:"allowed_users,omitempty"` // repeated string allowed_groups = 5 [ deprecated = true ]; @@ -506,6 +506,13 @@ func (x *Route) GetTo() []string { return nil } +func (x *Route) GetRedirect() *RouteRedirect { + if x != nil { + return x.Redirect + } + return nil +} + func (x *Route) GetResponse() *RouteDirectResponse { if x != nil { return x.Response @@ -520,13 +527,6 @@ func (x *Route) GetLoadBalancingWeights() []uint32 { return nil } -func (x *Route) GetRedirect() *RouteRedirect { - if x != nil { - return x.Redirect - } - return nil -} - // Deprecated: Do not use. func (x *Route) GetAllowedUsers() []string { if x != nil { @@ -1975,19 +1975,19 @@ var file_config_proto_rawDesc = []byte{ 0x05, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, - 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x12, 0x40, - 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x24, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x34, 0x0a, 0x16, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, - 0x6e, 0x67, 0x5f, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x25, 0x20, 0x03, 0x28, 0x0d, - 0x52, 0x14, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x57, - 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, - 0x63, 0x74, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, - 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, - 0x63, 0x74, 0x12, 0x27, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x75, 0x73, + 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x12, 0x3a, + 0x0a, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1e, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x52, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x40, 0x0a, 0x08, 0x72, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, + 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x52, + 0x6f, 0x75, 0x74, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x34, 0x0a, 0x16, + 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x77, + 0x65, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x25, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x14, 0x6c, 0x6f, + 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x57, 0x65, 0x69, 0x67, 0x68, + 0x74, 0x73, 0x12, 0x27, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x55, 0x73, 0x65, 0x72, 0x73, 0x12, 0x2b, 0x0a, 0x0f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x06, @@ -2743,8 +2743,8 @@ var file_config_proto_goTypes = []interface{}{ var file_config_proto_depIdxs = []int32{ 5, // 0: pomerium.config.Config.routes:type_name -> pomerium.config.Route 7, // 1: pomerium.config.Config.settings:type_name -> pomerium.config.Settings - 4, // 2: pomerium.config.Route.response:type_name -> pomerium.config.RouteDirectResponse - 3, // 3: pomerium.config.Route.redirect:type_name -> pomerium.config.RouteRedirect + 3, // 2: pomerium.config.Route.redirect:type_name -> pomerium.config.RouteRedirect + 4, // 3: pomerium.config.Route.response:type_name -> pomerium.config.RouteDirectResponse 9, // 4: pomerium.config.Route.allowed_idp_claims:type_name -> pomerium.config.Route.AllowedIdpClaimsEntry 18, // 5: pomerium.config.Route.timeout:type_name -> google.protobuf.Duration 18, // 6: pomerium.config.Route.idle_timeout:type_name -> google.protobuf.Duration diff --git a/pkg/grpc/config/config.proto b/pkg/grpc/config/config.proto index 5d5240419..fd97c01be 100644 --- a/pkg/grpc/config/config.proto +++ b/pkg/grpc/config/config.proto @@ -44,6 +44,7 @@ message Route { string from = 2; repeated string to = 3; + RouteRedirect redirect = 34; RouteDirectResponse response = 62; // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint_components.proto#envoy-v3-api-msg-config-endpoint-v3-lbendpoint @@ -53,8 +54,6 @@ message Route { // len(load_balancing_weights) repeated uint32 load_balancing_weights = 37; - RouteRedirect redirect = 34; - repeated string allowed_users = 4 [ deprecated = true ]; // repeated string allowed_groups = 5 [ deprecated = true ]; repeated string allowed_domains = 6 [ deprecated = true ];