mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-09 06:12:42 +02:00
bump envoy to v1.24.0 (#3767)
This commit is contained in:
Denis Mishin
GitHub
parent
1d252f43ee
commit
fa0ba60aee
6 changed files with 20 additions and 23 deletions
|
|
@ -13,7 +13,6 @@ import (
|
||||||
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
|
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
|
||||||
envoy_service_auth_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
|
envoy_service_auth_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
|
||||||
envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
|
envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
|
||||||
"github.com/golang/protobuf/ptypes/wrappers"
|
|
||||||
"github.com/tniswong/go.rfcx/rfc7231"
|
"github.com/tniswong/go.rfcx/rfc7231"
|
||||||
"google.golang.org/genproto/googleapis/rpc/status"
|
"google.golang.org/genproto/googleapis/rpc/status"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
|
|
@ -99,7 +98,7 @@ func (a *Authorize) handleResultDenied(
|
||||||
func (a *Authorize) okResponse(headers http.Header) *envoy_service_auth_v3.CheckResponse {
|
func (a *Authorize) okResponse(headers http.Header) *envoy_service_auth_v3.CheckResponse {
|
||||||
var requestHeaders []*envoy_config_core_v3.HeaderValueOption
|
var requestHeaders []*envoy_config_core_v3.HeaderValueOption
|
||||||
for k, vs := range headers {
|
for k, vs := range headers {
|
||||||
requestHeaders = append(requestHeaders, mkHeader(k, strings.Join(vs, ","), false))
|
requestHeaders = append(requestHeaders, mkHeader(k, strings.Join(vs, ",")))
|
||||||
}
|
}
|
||||||
// ensure request headers are sorted by key for deterministic output
|
// ensure request headers are sorted by key for deterministic output
|
||||||
sort.Slice(requestHeaders, func(i, j int) bool {
|
sort.Slice(requestHeaders, func(i, j int) bool {
|
||||||
|
|
@ -153,7 +152,7 @@ func (a *Authorize) deniedResponse(
|
||||||
|
|
||||||
// add any additional headers
|
// add any additional headers
|
||||||
for k, v := range headers {
|
for k, v := range headers {
|
||||||
respHeader = append(respHeader, mkHeader(k, v, false))
|
respHeader = append(respHeader, mkHeader(k, v))
|
||||||
}
|
}
|
||||||
|
|
||||||
return &envoy_service_auth_v3.CheckResponse{
|
return &envoy_service_auth_v3.CheckResponse{
|
||||||
|
|
@ -256,15 +255,13 @@ func (a *Authorize) requireWebAuthnResponse(
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func mkHeader(k, v string, shouldAppend bool) *envoy_config_core_v3.HeaderValueOption {
|
func mkHeader(k, v string) *envoy_config_core_v3.HeaderValueOption {
|
||||||
return &envoy_config_core_v3.HeaderValueOption{
|
return &envoy_config_core_v3.HeaderValueOption{
|
||||||
Header: &envoy_config_core_v3.HeaderValue{
|
Header: &envoy_config_core_v3.HeaderValue{
|
||||||
Key: k,
|
Key: k,
|
||||||
Value: v,
|
Value: v,
|
||||||
},
|
},
|
||||||
Append: &wrappers.BoolValue{
|
AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
|
||||||
Value: shouldAppend,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -277,7 +274,7 @@ func toEnvoyHeaders(headers http.Header) []*envoy_config_core_v3.HeaderValueOpti
|
||||||
|
|
||||||
envoyHeaders := make([]*envoy_config_core_v3.HeaderValueOption, 0, len(headers))
|
envoyHeaders := make([]*envoy_config_core_v3.HeaderValueOption, 0, len(headers))
|
||||||
for _, k := range ks {
|
for _, k := range ks {
|
||||||
envoyHeaders = append(envoyHeaders, mkHeader(k, headers.Get(k), false))
|
envoyHeaders = append(envoyHeaders, mkHeader(k, headers.Get(k)))
|
||||||
}
|
}
|
||||||
return envoyHeaders
|
return envoyHeaders
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -150,8 +150,8 @@ func TestAuthorize_deniedResponse(t *testing.T) {
|
||||||
Code: envoy_type_v3.StatusCode(codes.InvalidArgument),
|
Code: envoy_type_v3.StatusCode(codes.InvalidArgument),
|
||||||
},
|
},
|
||||||
Headers: []*envoy_config_core_v3.HeaderValueOption{
|
Headers: []*envoy_config_core_v3.HeaderValueOption{
|
||||||
mkHeader("Content-Type", "text/html; charset=UTF-8", false),
|
mkHeader("Content-Type", "text/html; charset=UTF-8"),
|
||||||
mkHeader("X-Pomerium-Intercepted-Response", "true", false),
|
mkHeader("X-Pomerium-Intercepted-Response", "true"),
|
||||||
},
|
},
|
||||||
Body: "Access Denied",
|
Body: "Access Denied",
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -223,21 +223,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
|
||||||
"name": "example.com",
|
"name": "example.com",
|
||||||
"domains": ["example.com"],
|
"domains": ["example.com"],
|
||||||
"responseHeadersToAdd": [{
|
"responseHeadersToAdd": [{
|
||||||
"append": false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header": {
|
"header": {
|
||||||
"key": "Strict-Transport-Security",
|
"key": "Strict-Transport-Security",
|
||||||
"value": "max-age=31536000; includeSubDomains; preload"
|
"value": "max-age=31536000; includeSubDomains; preload"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"append": false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header": {
|
"header": {
|
||||||
"key": "X-Frame-Options",
|
"key": "X-Frame-Options",
|
||||||
"value": "SAMEORIGIN"
|
"value": "SAMEORIGIN"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"append": false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header": {
|
"header": {
|
||||||
"key": "X-XSS-Protection",
|
"key": "X-XSS-Protection",
|
||||||
"value": "1; mode=block"
|
"value": "1; mode=block"
|
||||||
|
|
@ -364,21 +364,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
|
||||||
"name": "catch-all",
|
"name": "catch-all",
|
||||||
"domains": ["*"],
|
"domains": ["*"],
|
||||||
"responseHeadersToAdd": [{
|
"responseHeadersToAdd": [{
|
||||||
"append": false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header": {
|
"header": {
|
||||||
"key": "Strict-Transport-Security",
|
"key": "Strict-Transport-Security",
|
||||||
"value": "max-age=31536000; includeSubDomains; preload"
|
"value": "max-age=31536000; includeSubDomains; preload"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"append": false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header": {
|
"header": {
|
||||||
"key": "X-Frame-Options",
|
"key": "X-Frame-Options",
|
||||||
"value": "SAMEORIGIN"
|
"value": "SAMEORIGIN"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"append": false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header": {
|
"header": {
|
||||||
"key": "X-XSS-Protection",
|
"key": "X-XSS-Protection",
|
||||||
"value": "1; mode=block"
|
"value": "1; mode=block"
|
||||||
|
|
@ -521,21 +521,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
"headersToAdd":[
|
"headersToAdd":[
|
||||||
{
|
{
|
||||||
"append":false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header":{
|
"header":{
|
||||||
"key":"Strict-Transport-Security",
|
"key":"Strict-Transport-Security",
|
||||||
"value":"max-age=31536000; includeSubDomains; preload"
|
"value":"max-age=31536000; includeSubDomains; preload"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"append":false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header":{
|
"header":{
|
||||||
"key":"X-Frame-Options",
|
"key":"X-Frame-Options",
|
||||||
"value":"SAMEORIGIN"
|
"value":"SAMEORIGIN"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"append":false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header":{
|
"header":{
|
||||||
"key":"X-XSS-Protection",
|
"key":"X-XSS-Protection",
|
||||||
"value":"1; mode=block"
|
"value":"1; mode=block"
|
||||||
|
|
|
||||||
|
|
@ -222,7 +222,7 @@ func (b *Builder) buildPolicyRoutes(options *config.Options, domain string) ([]*
|
||||||
Key: hdr[0],
|
Key: hdr[0],
|
||||||
Value: hdr[1],
|
Value: hdr[1],
|
||||||
},
|
},
|
||||||
Append: wrapperspb.Bool(false),
|
AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -343,7 +343,7 @@ func mkEnvoyHeader(k, v string) *envoy_config_core_v3.HeaderValueOption {
|
||||||
Key: k,
|
Key: k,
|
||||||
Value: v,
|
Value: v,
|
||||||
},
|
},
|
||||||
Append: &wrappers.BoolValue{Value: false},
|
AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -485,7 +485,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"requestHeadersToAdd": [{
|
"requestHeadersToAdd": [{
|
||||||
"append": false,
|
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
|
||||||
"header": {
|
"header": {
|
||||||
"key": "HEADER-KEY",
|
"key": "HEADER-KEY",
|
||||||
"value": "HEADER-VALUE"
|
"value": "HEADER-VALUE"
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ PATH="$PATH:$(go env GOPATH)/bin"
|
||||||
export PATH
|
export PATH
|
||||||
|
|
||||||
_project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
|
_project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
|
||||||
_envoy_version=1.23.2
|
_envoy_version=1.24.0
|
||||||
_dir="$_project_root/pkg/envoy/files"
|
_dir="$_project_root/pkg/envoy/files"
|
||||||
_target="${TARGET:-"$(go env GOOS)-$(go env GOARCH)"}"
|
_target="${TARGET:-"$(go env GOOS)-$(go env GOARCH)"}"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue