3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 00:10:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

ppl: pass contextual information through policy (#2612)

Browse source 
* ppl: pass contextual information through policy

* maybe fix nginx

* fix nginx

* pr comments

* go mod tidy
This commit is contained in:
Caleb Doxsey 2021-09-20 16:02:26 -06:00 committed by GitHub
parent 5340f55c20
commit efffe57bf0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
40 changed files with 1144 additions and 703 deletions
Download patch file Download diff file Expand all files Collapse all files

16
authorize/check_response_test.go
View file

@ -63,28 +63,28 @@ func TestAuthorize_okResponse(t *testing.T) {
}{
{
"ok reply",
&evaluator.Result{Allow: true},
&evaluator.Result{Allow: evaluator.NewRuleResult(true)},
&envoy_service_auth_v3.CheckResponse{
Status: &status.Status{Code: 0, Message: "OK"},
},
},
{
"ok reply with k8s svc",
&evaluator.Result{Allow: true},
&evaluator.Result{Allow: evaluator.NewRuleResult(true)},
&envoy_service_auth_v3.CheckResponse{
Status: &status.Status{Code: 0, Message: "OK"},
},
},
{
"ok reply with k8s svc impersonate",
&evaluator.Result{Allow: true},
&evaluator.Result{Allow: evaluator.NewRuleResult(true)},
&envoy_service_auth_v3.CheckResponse{
Status: &status.Status{Code: 0, Message: "OK"},
},
},
{
"ok reply with jwt claims header",
&evaluator.Result{Allow: true},
&evaluator.Result{Allow: evaluator.NewRuleResult(true)},
&envoy_service_auth_v3.CheckResponse{
Status: &status.Status{Code: 0, Message: "OK"},
},
@ -93,7 +93,7 @@ func TestAuthorize_okResponse(t *testing.T) {
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
got := a.okResponse(tc.reply)
got := a.okResponse(tc.reply.Headers)
assert.Equal(t, tc.want.Status.Code, got.Status.Code)
assert.Equal(t, tc.want.Status.Message, got.Status.Message)
want, _ := protojson.Marshal(tc.want.GetOkResponse())
@ -175,7 +175,7 @@ func TestRequireLogin(t *testing.T) {
require.NoError(t, err)
t.Run("accept empty", func(t *testing.T) {
res, err := a.requireLoginResponse(context.Background(), &envoy_service_auth_v3.CheckRequest{})
res, err := a.requireLoginResponse(context.Background(), &envoy_service_auth_v3.CheckRequest{}, false)
require.NoError(t, err)
assert.Equal(t, http.StatusFound, int(res.GetDeniedResponse().GetStatus().GetCode()))
})
@ -190,7 +190,7 @@ func TestRequireLogin(t *testing.T) {
},
},
},
})
}, false)
require.NoError(t, err)
assert.Equal(t, http.StatusFound, int(res.GetDeniedResponse().GetStatus().GetCode()))
})
@ -205,7 +205,7 @@ func TestRequireLogin(t *testing.T) {
},
},
},
})
}, false)
require.NoError(t, err)
assert.Equal(t, http.StatusUnauthorized, int(res.GetDeniedResponse().GetStatus().GetCode()))
})