config: use full string url instead of just the hostname for the policy options

authorize/evaluator/opa/opa_test.go

@@ -91,9 +91,11 @@ func Test_Eval(t *testing.T) {
 			}
 			req := struct {
 				Host string `json:"host,omitempty"`
+				URL  string `json:"url,omitempty"`
 				User string `json:"user,omitempty"`
 			}{
 				Host: tt.route,
+				URL:  "https://" + tt.route,
 				User: rawJWT,
 			}
 			got, err := pe.IsAuthorized(context.TODO(), req)

config/options_test.go

@@ -152,7 +152,7 @@ func Test_parsePolicyFile(t *testing.T) {
 		want        []Policy
 		wantErr     bool
 	}{
-		{"simple json", []byte(fmt.Sprintf(`{"policy":[{"from": "%s","to":"%s"}]}`, source, dest)), []Policy{{From: source, To: dest, Source: &HostnameURL{sourceURL}, Destination: destURL}}, false},
+		{"simple json", []byte(fmt.Sprintf(`{"policy":[{"from": "%s","to":"%s"}]}`, source, dest)), []Policy{{From: source, To: dest, Source: &StringURL{sourceURL}, Destination: destURL}}, false},
 		{"bad from", []byte(`{"policy":[{"from": "%","to":"httpbin.org"}]}`), nil, true},
 		{"bad to", []byte(`{"policy":[{"from": "pomerium.io","to":"%"}]}`), nil, true},
 	}

config/policy.go

@@ -21,7 +21,7 @@ type Policy struct {
 	AllowedGroups  []string `mapstructure:"allowed_groups" yaml:"allowed_groups,omitempty" json:"allowed_groups,omitempty"`
 	AllowedDomains []string `mapstructure:"allowed_domains" yaml:"allowed_domains,omitempty" json:"allowed_domains,omitempty"`
 
-	Source      *HostnameURL `yaml:",omitempty" json:"source,omitempty"`
+	Source      *StringURL `yaml:",omitempty" json:"source,omitempty"`
 	Destination *url.URL   `yaml:",omitempty" json:"destination,omitempty"`
 
 	// Additional route matching options
@@ -90,7 +90,7 @@ func (p *Policy) Validate() error {
 	if err != nil {
 		return fmt.Errorf("config: policy bad source url %w", err)
 	}
-	p.Source = &HostnameURL{source}
+	p.Source = &StringURL{source}
 
 	p.Destination, err = urlutil.ParseAndValidateURL(p.To)
 	if err != nil {
@@ -140,13 +140,12 @@ func (p *Policy) String() string {
 	return fmt.Sprintf("%s → %s", p.Source.String(), p.Destination.String())
 }
 
-// HostnameURL wraps url but marshals only the host representation of that
+// StringURL stores a URL as a string in json.
-// url struct.
+type StringURL struct {
-type HostnameURL struct {
 	*url.URL
 }
 
 // MarshalJSON returns the URLs host as json.
-func (j *HostnameURL) MarshalJSON() ([]byte, error) {
+func (u *StringURL) MarshalJSON() ([]byte, error) {
-	return json.Marshal(j.Host)
+	return json.Marshal(u.String())
 }

config/policy_test.go

@@ -57,8 +57,8 @@ func TestPolicy_String(t *testing.T) {
 		want     string
 		wantFrom string
 	}{
-		{"good", "https://pomerium.io", "https://localhost", "https://pomerium.io → https://localhost", `"pomerium.io"`},
+		{"good", "https://pomerium.io", "https://localhost", "https://pomerium.io → https://localhost", `"https://pomerium.io"`},
-		{"failed to validate", "https://pomerium.io", "localhost", "https://pomerium.io → localhost", `"pomerium.io"`},
+		{"failed to validate", "https://pomerium.io", "localhost", "https://pomerium.io → localhost", `"https://pomerium.io"`},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

proxy/proxy_test.go

@@ -336,7 +336,7 @@ func TestRouteMatcherFuncFromPolicy(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
-		src := &config.HostnameURL{URL: srcURL}
+		src := &config.StringURL{URL: srcURL}
 		matcher := routeMatcherFuncFromPolicy(config.Policy{
 			Source: src,
 			Prefix: tt.prefix,