3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

cluster name (#1834)

Browse source
This commit is contained in:
wasaga 2021-01-29 16:55:38 -05:00 committed by GitHub
parent 67f6030e1e
commit 66ff2cdaba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 86 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

6
config/policy.go
View file

@ -224,6 +224,12 @@ func NewPolicyFromProto(pb *configpb.Route) (*Policy, error) {
} }
p.EnvoyOpts = pb.EnvoyOpts p.EnvoyOpts = pb.EnvoyOpts
if p.EnvoyOpts == nil {
p.EnvoyOpts = new(envoy_config_cluster_v3.Cluster)
}
if pb.Name != "" && p.EnvoyOpts.Name == "" {
p.EnvoyOpts.Name = pb.Name
}
for _, sp := range pb.GetPolicies() { for _, sp := range pb.GetPolicies() {
p.SubPolicies = append(p.SubPolicies, SubPolicy{ p.SubPolicies = append(p.SubPolicies, SubPolicy{

35
config/policy_test.go
View file

@ -5,6 +5,7 @@ import (
"net/url" "net/url"
"testing" "testing"
envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -159,6 +160,8 @@ func TestPolicy_Checksum(t *testing.T) {
func TestPolicy_FromToPb(t *testing.T) { func TestPolicy_FromToPb(t *testing.T) {
t.Parallel() t.Parallel()
t.Run("normal", func(t *testing.T) {
p := &Policy{ p := &Policy{
From: "https://pomerium.io", From: "https://pomerium.io",
To: mustParseWeightedURLs(t, "http://localhost"), To: mustParseWeightedURLs(t, "http://localhost"),
@ -179,4 +182,36 @@ func TestPolicy_FromToPb(t *testing.T) {
assert.Equal(t, p.From, policyFromPb.From) assert.Equal(t, p.From, policyFromPb.From)
assert.Equal(t, p.To, policyFromPb.To) assert.Equal(t, p.To, policyFromPb.To)
assert.Equal(t, p.AllowedUsers, policyFromPb.AllowedUsers) assert.Equal(t, p.AllowedUsers, policyFromPb.AllowedUsers)
})
t.Run("envoy cluster name", func(t *testing.T) {
p := &Policy{
From: "https://pomerium.io",
To: mustParseWeightedURLs(t, "http://localhost"),
AllowedUsers: []string{"foo@bar.com"},
}
pbPolicy, err := p.ToProto()
require.NoError(t, err)
cases := []struct {
pbPolicyName string
pbEnvoyOpts *envoy_config_cluster_v3.Cluster
expectedPolicyName string
}{
{"", nil, ""},
{"pb-name", nil, "pb-name"},
{"", &envoy_config_cluster_v3.Cluster{Name: "pb-envoy-name"}, "pb-envoy-name"},
{"pb-name", &envoy_config_cluster_v3.Cluster{Name: "pb-envoy-name"}, "pb-envoy-name"},
}
for _, tc := range cases {
pbPolicy.Name = tc.pbPolicyName
pbPolicy.EnvoyOpts = tc.pbEnvoyOpts
policyFromPb, err := NewPolicyFromProto(pbPolicy)
assert.NoError(t, err)
assert.Equal(t, tc.expectedPolicyName, policyFromPb.EnvoyOpts.Name)
}
})
} }

8
docs/reference/readme.md
View file

@ -1361,6 +1361,14 @@ When enabled, this option will pass identity headers to upstream applications. T
If set, enables proxying of SPDY protocol upgrades. If set, enables proxying of SPDY protocol upgrades.
### Cluster Name
- Config File Key: `name`
- Type: `string`
- Optional
Runtime metrics for this policy would be available under `envoy_cluster_`*`name`* prefix.
### Load Balancing ### Load Balancing
- Config File Key: `lb_policy` - Config File Key: `lb_policy`
- Type: `enum` - Type: `enum`

8
docs/reference/settings.yaml
View file

@ -1494,6 +1494,14 @@ settings:
- Default: `false` - Default: `false`
doc: | doc: |
If set, enables proxying of SPDY protocol upgrades. If set, enables proxying of SPDY protocol upgrades.
- name: "Cluster Name"
keys: ["name"]
attributes: |
- Config File Key: `name`
- Type: `string`
- Optional
doc: |
Runtime metrics for this policy would be available under `envoy_cluster_`*`name`* prefix.
- name: "Load Balancing" - name: "Load Balancing"
keys: ["lb_policy"] keys: ["lb_policy"]
attributes: | attributes: |

4
internal/controlplane/xds_routes.go
View file

@ -243,6 +243,10 @@ func (srv *Server) buildControlPlanePrefixRoute(prefix string, protected bool) (
} }
var getPolicyName = func(policy *config.Policy) string { var getPolicyName = func(policy *config.Policy) string {
if policy.EnvoyOpts != nil && policy.EnvoyOpts.Name != "" {
return policy.EnvoyOpts.Name
}
id, _ := policy.RouteID() id, _ := policy.RouteID()
return fmt.Sprintf("policy-%x", id) return fmt.Sprintf("policy-%x", id)
} }

6
internal/controlplane/xds_routes_test.go
View file

@ -6,6 +6,7 @@ import (
"testing" "testing"
"time" "time"
envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -936,6 +937,11 @@ func Test_buildPolicyRouteRedirectAction(t *testing.T) {
}) })
} }
func TestPolicyName(t *testing.T) {
assert.Greater(t, getPolicyName(&config.Policy{}), "policy-")
assert.Equal(t, getPolicyName(&config.Policy{EnvoyOpts: &envoy_config_cluster_v3.Cluster{Name: "my-pomerium-cluster"}}), "my-pomerium-cluster")
}
func mustParseURL(t *testing.T, str string) *url.URL { func mustParseURL(t *testing.T, str string) *url.URL {
u, err := url.Parse(str) u, err := url.Parse(str)
require.NoError(t, err, str) require.NoError(t, err, str)