3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-29 08:57:18 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: support re-proxying request through control plane for kubernetes (#2051)

Browse source 
* proxy: support re-proxying request from envoy for kubernetes

* encrypt policy id for reproxy, implement tls options

* add comment, use hmac

* use httputil handler and error

* remove reproxy headers on all incoming request

* only allow re-proxying for kubernetes, strip headers

* fix tests
This commit is contained in:
Caleb Doxsey 2021-04-06 12:08:09 -06:00 committed by GitHub
parent f84f7551d0
commit d8f11dcb91
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 392 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/httputil/headers.go
View file

@ -5,7 +5,8 @@ const AuthorizationTypePomerium = "Pomerium"
// Standard headers
const (
HeaderReferrer = "Referer"
HeaderReferrer = "Referer"
HeaderImpersonateGroup = "Impersonate-Group"
)
// Pomerium headers contain information added to a request.
@ -17,6 +18,10 @@ const (
HeaderPomeriumResponse = "x-pomerium-intercepted-response"
// HeaderPomeriumJWTAssertion is the header key containing JWT signed user details.
HeaderPomeriumJWTAssertion = "x-pomerium-jwt-assertion"
// HeaderPomeriumReproxyPolicy is the header key containing the policy to reproxy a request to.
HeaderPomeriumReproxyPolicy = "x-pomerium-reproxy-policy"
// HeaderPomeriumReproxyPolicyHMAC is an HMAC of the HeaderPomeriumReproxyPolicy header.
HeaderPomeriumReproxyPolicyHMAC = "x-pomerium-reproxy-policy-hmac"
)
// HeadersContentSecurityPolicy are the content security headers added to the service's handlers