mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 00:40:25 +02:00
config: remove source, remove deadcode, fix linting issues (#4118)
* remove source, remove deadcode, fix linting issues * use github action for lint * fix missing envoy
This commit is contained in:
Caleb Doxsey
GitHub
parent
34c1e44c7e
commit
bbed421cd8
122 changed files with 438 additions and 998 deletions
|
|
@ -4,7 +4,6 @@ import (
|
|||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
|
|
@ -41,8 +40,6 @@ type Policy struct {
|
|||
AllowedDomains []string `mapstructure:"allowed_domains" yaml:"allowed_domains,omitempty" json:"allowed_domains,omitempty"`
|
||||
AllowedIDPClaims identity.FlattenedClaims `mapstructure:"allowed_idp_claims" yaml:"allowed_idp_claims,omitempty" json:"allowed_idp_claims,omitempty"`
|
||||
|
||||
Source *StringURL `yaml:",omitempty" json:"source,omitempty" hash:"ignore"`
|
||||
|
||||
// Additional route matching options
|
||||
Prefix string `mapstructure:"prefix" yaml:"prefix,omitempty" json:"prefix,omitempty"`
|
||||
Path string `mapstructure:"path" yaml:"path,omitempty" json:"path,omitempty"`
|
||||
|
|
@ -450,8 +447,6 @@ func (p *Policy) Validate() error {
|
|||
source.String())
|
||||
}
|
||||
|
||||
p.Source = &StringURL{source}
|
||||
|
||||
if len(p.To) == 0 && p.Redirect == nil {
|
||||
return errEitherToOrRedirectRequired
|
||||
}
|
||||
|
|
@ -558,7 +553,7 @@ func (p *Policy) Checksum() uint64 {
|
|||
// RouteID returns a unique identifier for a route
|
||||
func (p *Policy) RouteID() (uint64, error) {
|
||||
id := routeID{
|
||||
Source: p.Source,
|
||||
From: p.From,
|
||||
Prefix: p.Prefix,
|
||||
Path: p.Path,
|
||||
Regex: p.Regex,
|
||||
|
|
@ -589,19 +584,20 @@ func (p *Policy) String() string {
|
|||
to = strings.Join(dsts, ",")
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%s → %s", p.Source.String(), to)
|
||||
return fmt.Sprintf("%s → %s", p.From, to)
|
||||
}
|
||||
|
||||
// Matches returns true if the policy would match the given URL.
|
||||
func (p *Policy) Matches(requestURL url.URL) bool {
|
||||
// handle nils by always returning false
|
||||
if p.Source == nil {
|
||||
// an invalid from URL should not match anything
|
||||
fromURL, err := urlutil.ParseAndValidateURL(p.From)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
// make sure one of the host domains matches the incoming url
|
||||
found := false
|
||||
for _, host := range urlutil.GetDomainsForURL(p.Source.URL) {
|
||||
for _, host := range urlutil.GetDomainsForURL(fromURL) {
|
||||
found = found || host == requestURL.Host
|
||||
}
|
||||
if !found {
|
||||
|
|
@ -634,6 +630,11 @@ func (p *Policy) IsForKubernetes() bool {
|
|||
return p.KubernetesServiceAccountTokenFile != "" || p.KubernetesServiceAccountToken != ""
|
||||
}
|
||||
|
||||
// IsTCP returns true if the route is for TCP.
|
||||
func (p *Policy) IsTCP() bool {
|
||||
return strings.HasPrefix(p.From, "tcp")
|
||||
}
|
||||
|
||||
// AllAllowedDomains returns all the allowed domains.
|
||||
func (p *Policy) AllAllowedDomains() []string {
|
||||
var ads []string
|
||||
|
|
@ -674,25 +675,8 @@ func (p *Policy) GetSetAuthorizationHeader() configpb.Route_AuthorizationHeaderM
|
|||
return mode
|
||||
}
|
||||
|
||||
// StringURL stores a URL as a string in json.
|
||||
type StringURL struct {
|
||||
*url.URL
|
||||
}
|
||||
|
||||
func (su *StringURL) String() string {
|
||||
if su == nil || su.URL == nil {
|
||||
return "?"
|
||||
}
|
||||
return su.URL.String()
|
||||
}
|
||||
|
||||
// MarshalJSON returns the URLs host as json.
|
||||
func (su *StringURL) MarshalJSON() ([]byte, error) {
|
||||
return json.Marshal(su.String())
|
||||
}
|
||||
|
||||
type routeID struct {
|
||||
Source *StringURL
|
||||
From string
|
||||
To []string
|
||||
Prefix string
|
||||
Path string
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue