add integration test for https IP address route (#4476)
Update the integration test libsonnet templates to assign a fixed IP
address to the trusted-httpdetails service. This requires also assigning
a fixed IP subnet to the docker network.
Configure a route with a 'to' URL using https and this fixed IP address.
Add a corresponding certificate with the IP address. Finally, add a test
case that makes a request to this route.
add integration test for Pomerium JWT (#4472)
Add an integration test case to verify properties of the Pomerium
attestation JWT:
- The 'iat' and 'exp' timestamps should be plain integers.
- The JWT should contain an issuer and audience claim.
- A JWT retrieved from the /.pomerium/jwt endpoint should contain all
the same data as a JWT from the X-Pomerium-Jwt-Assertion header.
* add support for proxy protocol on HTTP listener (#1777)
* add support for proxy protocol on HTTP listener
* rename option, add doc
* reduce memory usage by handling http/2 coalescing via a lua script
* move script to file
* use wellknown
* fix integration test
- gofumpt everything
- fix TLS MinVersion to be at least 1.2
- add octal syntax
- remove newlines
- fix potential decompression bomb in ecjson
- remove implicit memory aliasing in for loops.
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
Currently, user's identity headers are always inserted to downstream
request. For privacy reason, it would be better to not insert these
headers by default, and let user chose whether to include these headers
per=policy basis.
Fixes#702
* config: add RemoveRequestHeaders
Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.
This is also a preparation for future PRs to implement disable user
identity in request headers feature.
* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
* integration-tests: switch to go for backends to support TLS scenarios
* fix apply order
* generate additional tls certs
* integration-tests: tls_skip_verify option
* integration-tests: wait for openid to come up before starting authenticate
* add tls_server_name test
* add test for tls_custom_ca
* increase setup timeout to 15 minutes
* fix secret name reference
* mtls wip
* mtls wip
* add test for client_cert
