3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-17 11:07:18 +02:00
Code Issues Projects Releases Packages Wiki Activity

core/kubernetes: fix impersonate group header (#5090)

Browse source 
* core/kubernetes: fix impersonate group header

* formatting
This commit is contained in:
Caleb Doxsey 2024-04-26 15:26:41 -06:00 committed by GitHub
parent 99a5dbd65b
commit 8b3a79152b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 34 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

24
authorize/evaluator/headers_evaluator_test.go
View file

@ -15,6 +15,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/reflect/protoreflect"
"google.golang.org/protobuf/types/known/structpb"
"google.golang.org/protobuf/types/known/timestamppb"
@ -22,6 +23,7 @@ import (
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/pkg/cryptutil"
"github.com/pomerium/pomerium/pkg/grpc/session"
"github.com/pomerium/pomerium/pkg/grpc/user"
"github.com/pomerium/pomerium/pkg/storage"
)
@ -58,6 +60,8 @@ func TestNewHeadersRequestFromPolicy_nil(t *testing.T) {
}
func TestHeadersEvaluator(t *testing.T) {
t.Parallel()
type A = []interface{}
type M = map[string]interface{}
@ -231,6 +235,26 @@ func TestHeadersEvaluator(t *testing.T) {
assert.Equal(t, "", output.Headers.Get("fingerprint"))
})
t.Run("kubernetes", func(t *testing.T) {
t.Parallel()
output, err := eval(t,
[]protoreflect.ProtoMessage{
&session.Session{Id: "s1", UserId: "u1"},
&user.User{Id: "u1", Email: "u1@example.com"},
},
&HeadersRequest{
Issuer: "from.example.com",
ToAudience: "to.example.com",
KubernetesServiceAccountToken: "TOKEN",
Session: RequestSession{ID: "s1"},
})
require.NoError(t, err)
assert.Equal(t, "Bearer TOKEN", output.Headers.Get("Authorization"))
assert.Equal(t, "u1@example.com", output.Headers.Get("Impersonate-User"))
assert.Empty(t, output.Headers["Impersonate-Group"])
})
}
func decodeJWSPayload(t *testing.T, jws string) []byte {