* pkg/storage/redis: use SANs cert
Since go1.15, X.509 CommonName is deprecated, switch to a SANs
certificate for test redis TLS.
While at it, add instruction to genearte cert and build test image.
See: https://golang.org/doc/go1.15#commonname
* config: do not test for exact route id
Different go version can genearte different route id, due to the fact
that we are relying on xxhash.
* internal/controlplane: mocking policy name in test
We don't have to test for exact policy name, as it does not make sense
and force us to change test every new go release.
Co-authored-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Currently, user's identity headers are always inserted to downstream
request. For privacy reason, it would be better to not insert these
headers by default, and let user chose whether to include these headers
per=policy basis.
Fixes#702
When switching to envoy, we forgot to adopt the middleware to set
response headers with options.Headers, which causes HSTS header is
missing in v0.9.0 release.
Fixes#901
* config: add RemoveRequestHeaders
Currently, we have "set_request_headers" config, which reflects envoy
route.Route.RequestHeadersToAdd. This commit add new config
"remove_request_headers", which reflects envoy RequestHeadersToRemove.
This is also a preparation for future PRs to implement disable user
identity in request headers feature.
* integration: add test for remove_request_headers
* docs: add documentation/changelog for remove_request_headers
* xds: use plain functions, add unit tests for control plane routes
* xds: add test for grpc routes
* xds: add test for pomerium http routes
* xds: add test for policy routes
* xds: use plain functions
* xds: test get all routeable domains
* xds: add build downstream tls context test
* more tests
* test for client cert
* more tests
