3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 02:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: fix google cloudrun header audience (#2558)

Browse source
This commit is contained in:
Caleb Doxsey 2021-09-02 09:55:06 -06:00 committed by GitHub
parent 511ab66523
commit de1ed61b9a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
authorize/evaluator/headers_evaluator.go
View file

@ -31,7 +31,7 @@ func NewHeadersRequestFromPolicy(policy *config.Policy) *HeadersRequest {
}
input.KubernetesServiceAccountToken = policy.KubernetesServiceAccountToken
for _, wu := range policy.To {
input.ToAudience = wu.URL.Hostname()
input.ToAudience = "https://" + wu.URL.Hostname()
}
return input
}

17
authorize/evaluator/headers_evaluator_test.go
View file

@ -19,6 +19,23 @@ import (
"github.com/pomerium/pomerium/pkg/grpc/user"
)
func TestNewHeadersRequestFromPolicy(t *testing.T) {
req := NewHeadersRequestFromPolicy(&config.Policy{
EnableGoogleCloudServerlessAuthentication: true,
From: "https://from.example.com",
To: config.WeightedURLs{
{
URL: *mustParseURL("http://to.example.com"),
},
},
})
assert.Equal(t, &HeadersRequest{
EnableGoogleCloudServerlessAuthentication: true,
FromAudience: "from.example.com",
ToAudience: "https://to.example.com",
}, req)
}
func TestHeadersEvaluator(t *testing.T) {
type A = []interface{}
type M = map[string]interface{}