fix dupe script, more content

2025-08-06 02:09:15 +02:00 · 2021-07-28 13:04:57 -05:00 · 2021-07-28 13:04:57 -05:00 · 5083efe9a6
commit 5083efe9a6
parent 374779e685
5 changed files with 135 additions and 29 deletions
--- a/docs/enterprise/console-settings.yaml
+++ b/docs/enterprise/console-settings.yaml
@ -15,15 +15,17 @@ settings:
          - name: "General"
            doc: |
              The **General** tab defines the route path, both from the internet and to the internal service, and the policies attached. Note that policies enforced on a Namespace the Route resides in will also be applied.
-
-              Several fields in the New Route View behave the same as their counterpoints in open-source Pomerium. See [Configuation Settings](/reference/) for more information on the following fields:
-                - [From](/reference/#from)
-                - [To](/reference/#to)
-                - [Redirect](/reference/#redirect)
-                - [Pass Identity Headers](/reference/#pass-identity-headers)
            settings:
              - name: "Name"
                doc: This value is only visible in the Console UI.
+              - name: "From"
+                dupe: true
+              - name: "To"
+                dupe: true
+              - name: "Redirect"
+                dupe: true
+              - name: "Pass Identity Headers"
+                dupe: true
              - name: "Policies"
                doc: Add or remove Policies to be applied to the Route. Note that Policies enforced in the Route's Namespace will be applied automatically.
              - name: "Enable Google Cloud Serverless Authentication"
@ -38,6 +40,10 @@ settings:
              - name: Regex
                dupe: true
          - name: "Rewrite"
+            settings:
+              - name: Prefix Rewrite"
+                dupe: true
+              
          - name: "Timeouts"
          - name: "Headers"
          - name: "Load Balancer"
--- a/docs/enterprise/reference/config.md
+++ b/docs/enterprise/reference/config.md
@ -8,7 +8,7 @@ meta:

 # Pomerium Console Environment Variables

-The keys listed below can be applied in Pomerium Console's `config.yaml` file, or appled as environment variables (in uppercase, replacing `-` with `_`).
+The keys listed below can be applied in Pomerium Console's `config.yaml` file, or applied as environment variables (in uppercase, replacing `-` with `_`).

 ## administrators

--- a/docs/enterprise/reference/configure.md
+++ b/docs/enterprise/reference/configure.md
@ -13,6 +13,7 @@ meta:

@travis fill me with delicious data!

+
 ## Settings

 ### Global
@ -35,6 +36,7 @@ meta:

 <!-- Explain Service Accounts -->

+
 ## Namespaces

 A Namespace is a collection of users, groups, routes, and policies that allows system administrators to organize, manage, and delegate permissions across their infrastructure.
@ -42,3 +44,4 @@ A Namespace is a collection of users, groups, routes, and policies that allows s
 - Policies can be optional or enforced on a Namespace, and they can be nested to create inheritance.
 - Users or groups can be granted permission to edit access to routes within a Namespace, allowing them self-serve access to the routes critical to their work.

+
--- a/docs/enterprise/reference/manage.md
+++ b/docs/enterprise/reference/manage.md
@ -13,26 +13,115 @@ meta:

 A Route provides access to a service through Pomerium.

+
 ### General

 The **General** tab defines the route path, both from the internet and to the internal service, and the policies attached. Note that policies enforced on a Namespace the Route resides in will also be applied.

+Several fields in the New Route View behave the same as their counterpoints in open-source Pomerium. See [Configuation Settings](/reference/) for more information on the following fields:
+  - [From](/reference/#from)
+  - [To](/reference/#to)
+  - [Redirect](/reference/#redirect)
+  - [Pass Identity Headers](/reference/#pass-identity-headers)
+
+
 #### Name

+This value is only visible in the Console UI.
+
 #### From

+`From` is the externally accessible URL for the proxied request.
+
+Specifying `tcp+https` for the scheme enables [TCP proxying](../docs/topics/tcp-support.md) support for the route. You may map more than one port through the same hostname by specifying a different `:port` in the URL.
+
 #### To

+`To` is the destination(s) of a proxied request. It can be an internal resource, or an external resource. Multiple upstream resources can be targeted by using a list instead of a single URL:
+
+```yaml
+- from: https://example.com
+  to:
+  - https://a.example.com
+  - https://b.example.com
+```
+
+A load balancing weight may be associated with a particular upstream by appending `,[weight]` to the URL.  The exact behavior depends on your [`lb_policy`](#load-balancing-policy) setting.  See [Load Balancing](/docs/topics/load-balancing) for example [configurations](/docs/topics/load-balancing.html#load-balancing-weight).
+
+Must be `tcp` if `from` is `tcp+https`.
+
+:::warning
+
+Be careful with trailing slash.
+
+With rule:
+
+```yaml
+- from: https://verify.corp.example.com
+  to: https://verify.pomerium.com/anything
+```
+
+Requests to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything`, while requests to `https://verify.corp.example.com/foo` will be forwarded to `https://verify.pomerium.com/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
+
+While the rule:
+
+```yaml
+- from: https://verify.corp.example.com
+  to: https://verify.pomerium.com/anything/
+```
+
+All requests to `https://verify.corp.example.com/*` will be forwarded to `https://verify.pomerium.com/anything/*`. That means accessing to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
+
+Either `redirect` or `to` must be set.
+
+:::
+
 #### Redirect

-#### Policies
+`Redirect` is used to redirect incoming requests to a new URL. The `redirect` field is an object with several possible
+options:
+
+- `https_redirect` (boolean): the incoming scheme will be swapped with "https".
+- `scheme_redirect` (string): the incoming scheme will be swapped with the given value.
+- `host_redirect` (string): the incoming host will be swapped with the given value.
+- `port_redirect` (integer): the incoming port will be swapped with the given value.
+- `path_redirect` (string): the incoming path portion of the URL will be swapped with the given value.
+- `prefix_rewrite` (string): the incoming matched prefix will be swapped with the given value.
+- `response_code` (integer): the response code to use for the redirect. Defaults to 301.
+- `strip_query` (boolean): indicates that during redirection, the query portion of the URL will be removed. Defaults to false.
+
+Either `redirect` or `to` must be set.

 #### Pass Identity Headers

+When enabled, this option will pass identity headers to upstream applications. These headers include:
+
+- X-Pomerium-Jwt-Assertion
+- X-Pomerium-Claim-*
+
+#### Policies
+
+Add or remove Policies to be applied to the Route. Note that Policies enforced in the Route's Namespace will be applied automatically.
+
 #### Enable Google Cloud Serverless Authentication

+@Travis plz explain.
+
+
 ### Matchers

+#### Path
+
+If set, the route will only match incoming requests with a path that is an exact match for the specified path.
+
+#### Prefix
+
+If set, the route will only match incoming requests with a path that begins with the specified prefix.
+
+#### Regex
+
+If set, the route will only match incoming requests with a path that matches the specified regular expression. The supported syntax is the same as the Go [regexp package](https://golang.org/pkg/regexp/) which is based on [re2](https://github.com/google/re2/wiki/Syntax).
+
 ### Rewrite

 ### Timeouts
@ -51,19 +140,19 @@ This is a separate concept from [policies](../reference/#policy) in the non-ente

 Policies can be constructed three ways:

-#### Web UI
+### Web UI

 From the **BUILDER** tab, users can add allow or deny blocks to a policy, containing and/or/not/nor logic to allow or deny sets of users and groups.

 ![A policy being constructed in Pomerium Enterprise console allowing a single user access](../img/example-policy-single-user.png)

-#### Pomerium Policy Language
+### Pomerium Policy Language

 From the **EDITOR** tab users can write policies in Pomerium Policy Language (**PPL**), a YAML-based notation.

 ![A policy as viewed from the editor tab](../img/example-policy-editor.png)

-#### Rego
+### Rego

 For those using [OPA](https://www.openpolicyagent.org/), the **REGO** tab will accept policies written in Rego.

@ -71,10 +160,12 @@ For those using [OPA](https://www.openpolicyagent.org/), the **REGO** tab will a
 A policy can only support PPL or Rego. Once one is set, the other tab is disabled.
 :::

-#### Overrides
+### Overrides
+
 - **Any Authenticated User**: This setting will allow access to a route with this policy attached to any user who can authenticate to your Identity Provider (**IdP**).
 - **CORS Preflight**: 
 - **Public Access**: This setting allows complete, unrestricted access to an associated route. Use this setting with caution.

+
 ## Certificates

--- a/scripts/generate-console-pages.js
+++ b/scripts/generate-console-pages.js
@ -12,6 +12,16 @@ const yaml = require('js-yaml');
 */


+// return subSections.map(topic => {
+//    //console.log(topic)
+//    if (topic['name'] === dupe && topic['doc']) {
+//        console.log(topic['doc'])
+//        return topic['doc']
+//    }
+//})
+
+//filter((x => x.name === dupe)
+
 // Functions

 /**
@ -19,23 +29,19 @@ const yaml = require('js-yaml');
 * Import content from /docs/reference/settings.yaml when needed.
 */
 const fromOSSettings = (dupe) => { //Where dupe is the name provided to the function in writeSubsection()
-        //console.log(`dupe: ${dupe}`) // For Debugging
-        // For each object, pull out each key/value pair
-        // 
-    //const asArray = Object.entries(OSSettings.settings)
-    const asMap = Object.entries(OSSettings.settings).map((key) => {
-        const subSections = Object.entries(key)
-        const subSettings = subSections.map((key, value) => {
-            return(key[1].settings)
-            //console.log(key[1].docs)
+    const asMap = Object.values(OSSettings.settings).map((section) => {
+        const subSections = Object.values(section.settings)
+        return subSections
    } )
-        console.log(subSettings)
-        return subSettings
-    } )
-    //console.log(asMap)
-    return asMap.filter(x => x.name === dupe).doc
-    //console.log(JSON.stringify(recursiveSearch([OSSettings], `${dupe}`)))  // One of several helper functions I tried and scrapped.
-    //return console.log(asArray)
+    let result = ''
+    for (let i = 0; i < asMap.length; i++ ) {
+        for (j = 0; j < asMap[i].length; j++){
+            if (asMap[i][j].name === dupe) {
+                result = asMap[i][j].doc
+            }
+        }
+    }
+    return result
 }


@ -115,7 +121,7 @@ const writeSubsection = (subsection, depth) => {
        return
    }
    if (subsection.dupe) {
-        subContent = fromOSSettings(subsection.name)
+        subContent = fromOSSettings(subsection.name) + '\n'
    }
    let header = '#'.repeat(depth) + ' ' + subsection.name + '\n' + '\n'
    subContent = subContent + (subsection.doc ? subsection.doc.toString() + '\n\n' : '')