3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-29 17:07:24 +02:00
Code Issues Projects Releases Packages Wiki Activity

bump envoy to v1.24.0 (#3767)

Browse source
This commit is contained in:
Denis Mishin 2022-11-28 11:32:31 -05:00 committed by GitHub
parent 1d252f43ee
commit fa0ba60aee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

13
authorize/check_response.go
View file

@ -13,7 +13,6 @@ import (
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_service_auth_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
"github.com/golang/protobuf/ptypes/wrappers"
"github.com/tniswong/go.rfcx/rfc7231"
"google.golang.org/genproto/googleapis/rpc/status"
"google.golang.org/grpc/codes"
@ -99,7 +98,7 @@ func (a *Authorize) handleResultDenied(
func (a *Authorize) okResponse(headers http.Header) *envoy_service_auth_v3.CheckResponse {
var requestHeaders []*envoy_config_core_v3.HeaderValueOption
for k, vs := range headers {
requestHeaders = append(requestHeaders, mkHeader(k, strings.Join(vs, ","), false))
requestHeaders = append(requestHeaders, mkHeader(k, strings.Join(vs, ",")))
}
// ensure request headers are sorted by key for deterministic output
sort.Slice(requestHeaders, func(i, j int) bool {
@ -153,7 +152,7 @@ func (a *Authorize) deniedResponse(
// add any additional headers
for k, v := range headers {
respHeader = append(respHeader, mkHeader(k, v, false))
respHeader = append(respHeader, mkHeader(k, v))
}
return &envoy_service_auth_v3.CheckResponse{
@ -256,15 +255,13 @@ func (a *Authorize) requireWebAuthnResponse(
})
}
func mkHeader(k, v string, shouldAppend bool) *envoy_config_core_v3.HeaderValueOption {
func mkHeader(k, v string) *envoy_config_core_v3.HeaderValueOption {
return &envoy_config_core_v3.HeaderValueOption{
Header: &envoy_config_core_v3.HeaderValue{
Key: k,
Value: v,
},
Append: &wrappers.BoolValue{
Value: shouldAppend,
},
AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
}
}
@ -277,7 +274,7 @@ func toEnvoyHeaders(headers http.Header) []*envoy_config_core_v3.HeaderValueOpti
envoyHeaders := make([]*envoy_config_core_v3.HeaderValueOption, 0, len(headers))
for _, k := range ks {
envoyHeaders = append(envoyHeaders, mkHeader(k, headers.Get(k), false))
envoyHeaders = append(envoyHeaders, mkHeader(k, headers.Get(k)))
}
return envoyHeaders
}

4
authorize/check_response_test.go
View file

@ -150,8 +150,8 @@ func TestAuthorize_deniedResponse(t *testing.T) {
Code: envoy_type_v3.StatusCode(codes.InvalidArgument),
},
Headers: []*envoy_config_core_v3.HeaderValueOption{
mkHeader("Content-Type", "text/html; charset=UTF-8", false),
mkHeader("X-Pomerium-Intercepted-Response", "true", false),
mkHeader("Content-Type", "text/html; charset=UTF-8"),
mkHeader("X-Pomerium-Intercepted-Response", "true"),
},
Body: "Access Denied",
},

18
config/envoyconfig/listeners_test.go
View file

@ -223,21 +223,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
"name": "example.com",
"domains": ["example.com"],
"responseHeadersToAdd": [{
"append": false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains; preload"
}
},
{
"append": false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
}
},
{
"append": false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "X-XSS-Protection",
"value": "1; mode=block"
@ -364,21 +364,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
"name": "catch-all",
"domains": ["*"],
"responseHeadersToAdd": [{
"append": false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains; preload"
}
},
{
"append": false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
}
},
{
"append": false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "X-XSS-Protection",
"value": "1; mode=block"
@ -521,21 +521,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
},
"headersToAdd":[
{
"append":false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header":{
"key":"Strict-Transport-Security",
"value":"max-age=31536000; includeSubDomains; preload"
}
},
{
"append":false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header":{
"key":"X-Frame-Options",
"value":"SAMEORIGIN"
}
},
{
"append":false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header":{
"key":"X-XSS-Protection",
"value":"1; mode=block"

4
config/envoyconfig/routes.go
View file

@ -222,7 +222,7 @@ func (b *Builder) buildPolicyRoutes(options *config.Options, domain string) ([]*
Key: hdr[0],
Value: hdr[1],
},
Append: wrapperspb.Bool(false),
AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
})
}
}
@ -343,7 +343,7 @@ func mkEnvoyHeader(k, v string) *envoy_config_core_v3.HeaderValueOption {
Key: k,
Value: v,
},
Append: &wrappers.BoolValue{Value: false},
AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
}
}

2
config/envoyconfig/routes_test.go
View file

@ -485,7 +485,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
]
},
"requestHeadersToAdd": [{
"append": false,
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "HEADER-KEY",
"value": "HEADER-VALUE"

2
scripts/get-envoy.bash
View file

@ -5,7 +5,7 @@ PATH="$PATH:$(go env GOPATH)/bin"
export PATH
_project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
_envoy_version=1.23.2
_envoy_version=1.24.0
_dir="$_project_root/pkg/envoy/files"
_target="${TARGET:-"$(go env GOOS)-$(go env GOARCH)"}"