mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-19 17:50:17 +02:00
8d38e6b47d
Disable the /.pomerium/jwt endpoint by default. Add a runtime flag to temporarily opt out of the deprecation.
44 lines
1.6 KiB
Go
44 lines
1.6 KiB
Go
package config
|
|
|
|
import "maps"
|
|
|
|
var (
|
|
// RuntimeFlagGRPCDatabrokerKeepalive enables gRPC keepalive to the databroker service
|
|
RuntimeFlagGRPCDatabrokerKeepalive = runtimeFlag("grpc_databroker_keepalive", false)
|
|
|
|
// RuntimeFlagMatchAnyIncomingPort enables ignoring the incoming port when matching routes
|
|
RuntimeFlagMatchAnyIncomingPort = runtimeFlag("match_any_incoming_port", true)
|
|
|
|
// RuntimeFlagLegacyIdentityManager enables the legacy identity manager
|
|
RuntimeFlagLegacyIdentityManager = runtimeFlag("legacy_identity_manager", false)
|
|
|
|
// RuntimeFlagConfigHotReload enables the hot-reloading mechanism for the config file
|
|
// and any other files referenced within it
|
|
RuntimeFlagConfigHotReload = runtimeFlag("config_hot_reload", true)
|
|
|
|
RuntimeFlagEnvoyResourceManagerEnabled = runtimeFlag("envoy_resource_manager_enabled", true)
|
|
|
|
// RuntimeFlagPomeriumJWTEndpoint enables the /.pomerium/jwt endpoint, for retrieving
|
|
// signed user info claims from an upstream single-page web application. This endpoint
|
|
// is deprecated pending removal in a future release, but this flag allows a temporary
|
|
// opt-out from the deprecation.
|
|
RuntimeFlagPomeriumJWTEndpoint = runtimeFlag("pomerium_jwt_endpoint", false)
|
|
)
|
|
|
|
// RuntimeFlag is a runtime flag that can flip on/off certain features
|
|
type RuntimeFlag string
|
|
|
|
// RuntimeFlags is a map of runtime flags
|
|
type RuntimeFlags map[RuntimeFlag]bool
|
|
|
|
func runtimeFlag(txt string, def bool) RuntimeFlag {
|
|
key := RuntimeFlag(txt)
|
|
defaultRuntimeFlags[key] = def
|
|
return key
|
|
}
|
|
|
|
var defaultRuntimeFlags = map[RuntimeFlag]bool{}
|
|
|
|
func DefaultRuntimeFlags() RuntimeFlags {
|
|
return maps.Clone(defaultRuntimeFlags)
|
|
}
|