3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-30 15:00:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: populate issuer even when policy is nil (#4211)

Browse source
This commit is contained in:
Kenneth Jenkins 2023-05-30 17:07:27 -07:00 committed by github-actions[bot]
parent 6efd1d6bc9
commit 578507d5fe
2 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
authorize/evaluator/headers_evaluator.go
View file

@ -30,11 +30,11 @@ type HeadersRequest struct {
// NewHeadersRequestFromPolicy creates a new HeadersRequest from a policy.
func NewHeadersRequestFromPolicy(policy *config.Policy, hostname string) *HeadersRequest {
input := new(HeadersRequest)
input.Issuer = hostname
if policy != nil {
input.EnableGoogleCloudServerlessAuthentication = policy.EnableGoogleCloudServerlessAuthentication
input.EnableRoutingKey = policy.EnvoyOpts.GetLbPolicy() == envoy_config_cluster_v3.Cluster_RING_HASH ||
policy.EnvoyOpts.GetLbPolicy() == envoy_config_cluster_v3.Cluster_MAGLEV
input.Issuer = hostname
input.KubernetesServiceAccountToken = policy.KubernetesServiceAccountToken
for _, wu := range policy.To {
input.ToAudience = "https://" + wu.URL.Hostname()

7
authorize/evaluator/headers_evaluator_test.go
View file

@ -36,6 +36,13 @@ func TestNewHeadersRequestFromPolicy(t *testing.T) {
}, req)
}
func TestNewHeadersRequestFromPolicy_nil(t *testing.T) {
req := NewHeadersRequestFromPolicy(nil, "from.example.com")
assert.Equal(t, &HeadersRequest{
Issuer: "from.example.com",
}, req)
}
func TestHeadersEvaluator(t *testing.T) {
type A = []interface{}
type M = map[string]interface{}