3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-21 20:18:06 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/integration/tpl/backends/routes.libsonnet
Caleb Doxsey 5a858f5d48
config: add internal service URLs (#2801) 
* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
2021-12-10 14:04:37 -05:00

232 lines
7.9 KiB
Jsonnet
Raw Blame History

local Routes(mode, idp, dns_suffix) =
[
{
from: 'https://mock-idp.localhost.pomerium.io',
to: 'http://mock-idp' + dns_suffix + ':8024',
allow_public_unauthenticated_access: true,
preserve_host_header: true,
},
{
from: 'https://envoy.localhost.pomerium.io',
to: 'http://localhost:9901',
allow_public_unauthenticated_access: true,
},
{
from: 'https://verify.localhost.pomerium.io',
to: 'http://verify' + dns_suffix + ':80',
allow_any_authenticated_user: true,
pass_identity_headers: true,
},
{
from: 'https://websocket-echo.localhost.pomerium.io',
to: 'http://websocket-echo' + dns_suffix + ':80',
allow_public_unauthenticated_access: true,
allow_websockets: true,
},
{
from: 'https://fortio-ui.localhost.pomerium.io',
to: 'https://fortio' + dns_suffix + ':8080',
allow_any_authenticated_user: true,
},
{
from: 'https://fortio-ping.localhost.pomerium.io',
to: 'https://fortio' + dns_suffix + ':8079',
allow_public_unauthenticated_access: true,
tls_custom_ca: std.base64(importstr '../files/ca.pem'),
tls_server_name: 'fortio-ping.localhost.pomerium.io',
},
{
from: 'tcp+https://redis.localhost.pomerium.io:6379',
to: 'tcp://redis' + dns_suffix + ':6379',
allow_any_authenticated_user: true,
},
// tls_skip_verify
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'https://trusted-httpdetails' + dns_suffix + ':8443',
path: '/tls-skip-verify-enabled',
tls_skip_verify: true,
allow_public_unauthenticated_access: true,
},
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'https://trusted-httpdetails' + dns_suffix + ':8443',
path: '/tls-skip-verify-disabled',
tls_skip_verify: false,
allow_public_unauthenticated_access: true,
},
// tls_server_name
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'https://wrongly-named-httpdetails' + dns_suffix + ':8443',
path: '/tls-server-name-enabled',
tls_server_name: 'httpdetails.localhost.notpomerium.io',
allow_public_unauthenticated_access: true,
},
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'https://wrongly-named-httpdetails' + dns_suffix + ':8443',
path: '/tls-server-name-disabled',
allow_public_unauthenticated_access: true,
},
// tls_custom_certificate_authority
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'https://untrusted-httpdetails' + dns_suffix + ':8443',
path: '/tls-custom-ca-enabled',
tls_custom_ca: std.base64(importstr '../files/untrusted-ca.pem'),
tls_server_name: 'httpdetails.localhost.pomerium.io',
allow_public_unauthenticated_access: true,
},
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'https://untrusted-httpdetails' + dns_suffix + ':8443',
path: '/tls-custom-ca-disabled',
allow_public_unauthenticated_access: true,
},
// tls_client_cert
// {
// from: 'http://httpdetails.localhost.pomerium.io',
// to: 'https://mtls-http-details' + dns_suffix + ':8443',
// path: '/tls-client-cert-enabled',
// tls_client_cert: std.base64(tls.trusted.client.cert),
// tls_client_key: std.base64(tls.trusted.client.key),
// tls_server_name: 'httpdetails.localhost.pomerium.io',
// allow_public_unauthenticated_access: true,
// },
// {
// from: 'http://httpdetails.localhost.pomerium.io',
// to: 'https://mtls-http-details' + dns_suffix + ':8443',
// path: '/tls-client-cert-disabled',
// allow_public_unauthenticated_access: true,
// },
// cors_allow_preflight option
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
prefix: '/cors-enabled',
cors_allow_preflight: true,
},
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
prefix: '/cors-disabled',
cors_allow_preflight: false,
},
// preserve_host_header option
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
prefix: '/preserve-host-header-enabled',
allow_public_unauthenticated_access: true,
preserve_host_header: true,
},
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
prefix: '/preserve-host-header-disabled',
allow_public_unauthenticated_access: true,
preserve_host_header: false,
},
// authorization policy
{
from: 'https://restricted-httpdetails.localhost.pomerium.io',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
allow_any_authenticated_user: true,
pass_identity_headers: true,
},
{
from: 'https://httpdetails.localhost.pomerium.io',
prefix: '/by-domain',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
allowed_domains: ['dogs.test'],
pass_identity_headers: true,
},
{
from: 'https://httpdetails.localhost.pomerium.io',
prefix: '/by-user',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
allowed_users: ['user1@dogs.test'],
pass_identity_headers: true,
},
// round robin load balancer
{
from: 'https://httpdetails.localhost.pomerium.io',
to: [
'http://trusted-1-httpdetails' + dns_suffix + ':8080',
'http://trusted-2-httpdetails' + dns_suffix + ':8080',
'http://trusted-3-httpdetails' + dns_suffix + ':8080',
],
prefix: '/round-robin',
allow_any_authenticated_user: true,
lb_policy: 'ROUND_ROBIN',
},
// ring hash load balancer
{
from: 'https://httpdetails.localhost.pomerium.io',
to: [
'http://trusted-1-httpdetails' + dns_suffix + ':8080',
'http://trusted-2-httpdetails' + dns_suffix + ':8080',
'http://trusted-3-httpdetails' + dns_suffix + ':8080',
],
prefix: '/ring-hash',
allow_any_authenticated_user: true,
lb_policy: 'RING_HASH',
},
// maglev load balancer
{
from: 'https://httpdetails.localhost.pomerium.io',
to: [
'http://trusted-1-httpdetails' + dns_suffix + ':8080',
'http://trusted-2-httpdetails' + dns_suffix + ':8080',
'http://trusted-3-httpdetails' + dns_suffix + ':8080',
],
prefix: '/maglev',
allow_any_authenticated_user: true,
lb_policy: 'MAGLEV',
},
// catch-all
{
from: 'https://httpdetails.localhost.pomerium.io',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
allow_public_unauthenticated_access: true,
pass_identity_headers: true,
set_request_headers: {
'X-Custom-Request-Header': 'custom-request-header-value',
},
},
// websockets
{
from: 'https://enabled-ws-echo.localhost.pomerium.io',
to: 'http://websocket-echo' + dns_suffix + ':80',
allow_public_unauthenticated_access: true,
allow_websockets: true,
},
{
from: 'https://disabled-ws-echo.localhost.pomerium.io',
to: 'http://websocket-echo' + dns_suffix + ':80',
allow_public_unauthenticated_access: true,
},
// cloudrun
{
from: 'https://cloudrun.localhost.pomerium.io',
to: 'http://trusted-httpdetails' + dns_suffix + ':8080',
allow_public_unauthenticated_access: true,
pass_identity_headers: true,
enable_google_cloud_serverless_authentication: true,
set_request_headers: {
'x-idp': idp,
},
},
] + if mode == 'multi' then [
{
from: 'https://authenticate.localhost.pomerium.io',
to: 'https://pomerium-authenticate',
allow_public_unauthenticated_access: true,
tls_skip_verify: true,
},
] else [];
{
Routes: Routes,
}
Reference in a new issue View git blame Copy permalink