3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-16 00:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

add support for TCP routes (#1695)

Browse source
This commit is contained in:
Caleb Doxsey 2020-12-16 13:09:48 -07:00 committed by GitHub
parent 64816720c8
commit ad828c6e84
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 86 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

33
internal/controlplane/xds_routes.go
View file

@ -192,20 +192,29 @@ func buildPolicyRoutes(options *config.Options, domain string) []*envoy_config_r
routeTimeout := getRouteTimeout(options, &policy)
prefixRewrite, regexRewrite := getRewriteOptions(&policy)
upgradeConfigs := []*envoy_config_route_v3.RouteAction_UpgradeConfig{
{
UpgradeType: "websocket",
Enabled: &wrappers.BoolValue{Value: policy.AllowWebsockets},
},
{
UpgradeType: "spdy/3.1",
Enabled: &wrappers.BoolValue{Value: policy.AllowSPDY},
},
}
if urlutil.IsTCP(policy.Source.URL) {
upgradeConfigs = append(upgradeConfigs, &envoy_config_route_v3.RouteAction_UpgradeConfig{
UpgradeType: "CONNECT",
Enabled: &wrappers.BoolValue{Value: true},
ConnectConfig: &envoy_config_route_v3.RouteAction_UpgradeConfig_ConnectConfig{},
})
}
routeAction := &envoy_config_route_v3.RouteAction{
ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{
Cluster: clusterName,
},
UpgradeConfigs: []*envoy_config_route_v3.RouteAction_UpgradeConfig{
{
UpgradeType: "websocket",
Enabled: &wrappers.BoolValue{Value: policy.AllowWebsockets},
},
{
UpgradeType: "spdy/3.1",
Enabled: &wrappers.BoolValue{Value: policy.AllowSPDY},
},
},
UpgradeConfigs: upgradeConfigs,
HostRewriteSpecifier: &envoy_config_route_v3.RouteAction_AutoHostRewrite{
AutoHostRewrite: &wrappers.BoolValue{Value: !policy.PreserveHostHeader},
},
@ -271,6 +280,10 @@ func toEnvoyHeaders(headers map[string]string) []*envoy_config_core_v3.HeaderVal
func mkRouteMatch(policy *config.Policy) *envoy_config_route_v3.RouteMatch {
match := &envoy_config_route_v3.RouteMatch{}
switch {
case urlutil.IsTCP(policy.Source.URL):
match.PathSpecifier = &envoy_config_route_v3.RouteMatch_ConnectMatcher_{
ConnectMatcher: &envoy_config_route_v3.RouteMatch_ConnectMatcher{},
}
case policy.Regex != "":
match.PathSpecifier = &envoy_config_route_v3.RouteMatch_SafeRegex{
SafeRegex: &envoy_type_matcher_v3.RegexMatcher{