mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 16:59:22 +02:00
b0c2e2dede
Bumps the go group with 24 updates: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.53.0` | `1.55.0` | | [github.com/VictoriaMetrics/fastcache](https://github.com/VictoriaMetrics/fastcache) | `1.12.2` | `1.12.4` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.79.3` | `1.80.0` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.1.1+incompatible` | `28.2.2+incompatible` | | [github.com/exaring/otelpgx](https://github.com/exaring/otelpgx) | `0.9.1` | `0.9.3` | | [github.com/google/go-jsonnet](https://github.com/google/go-jsonnet) | `0.20.0` | `0.21.0` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.4` | `5.7.5` | | [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.65` | `1.1.66` | | [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.91` | `7.0.92` | | [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.4.2` | `1.5.0` | | [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) | `0.8.0` | `0.8.1` | | [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.51.0` | `0.52.0` | | [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.60.0` | `0.61.0` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.60.0` | `0.61.0` | | [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.60.0` | `0.61.0` | | [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go) | `1.35.0` | `1.36.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.35.0` | `1.36.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.35.0` | `1.36.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.35.0` | `1.36.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.35.0` | `1.36.0` | | [go.opentelemetry.io/proto/otlp](https://github.com/open-telemetry/opentelemetry-proto-go) | `1.6.0` | `1.7.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.230.0` | `0.235.0` | | [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20250428153025-10db94c68c34` | `0.0.0-20250528174236-200df99c418a` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.72.0` | `1.72.2` | Updates `cloud.google.com/go/storage` from 1.53.0 to 1.55.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@spanner/v1.53.0...spanner/v1.55.0) Updates `github.com/VictoriaMetrics/fastcache` from 1.12.2 to 1.12.4 - [Release notes](https://github.com/VictoriaMetrics/fastcache/releases) - [Commits](VictoriaMetrics/fastcache@v1.12.2...v1.12.4) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.79.3 to 1.80.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.79.3...service/s3/v1.80.0) Updates `github.com/docker/docker` from 28.1.1+incompatible to 28.2.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.1.1...v28.2.2) Updates `github.com/exaring/otelpgx` from 0.9.1 to 0.9.3 - [Release notes](https://github.com/exaring/otelpgx/releases) - [Commits](exaring/otelpgx@v0.9.1...v0.9.3) Updates `github.com/google/go-jsonnet` from 0.20.0 to 0.21.0 - [Release notes](https://github.com/google/go-jsonnet/releases) - [Changelog](https://github.com/google/go-jsonnet/blob/master/.goreleaser.yml) - [Commits](google/go-jsonnet@v0.20.0...v0.21.0) Updates `github.com/jackc/pgx/v5` from 5.7.4 to 5.7.5 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.4...v5.7.5) Updates `github.com/miekg/dns` from 1.1.65 to 1.1.66 - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](miekg/dns@v1.1.65...v1.1.66) Updates `github.com/minio/minio-go/v7` from 7.0.91 to 7.0.92 - [Release notes](https://github.com/minio/minio-go/releases) - [Commits](minio/minio-go@v7.0.91...v7.0.92) Updates `github.com/open-policy-agent/opa` from 1.4.2 to 1.5.0 - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.4.2...v1.5.0) Updates `github.com/pires/go-proxyproto` from 0.8.0 to 0.8.1 - [Release notes](https://github.com/pires/go-proxyproto/releases) - [Commits](pires/go-proxyproto@v0.8.0...v0.8.1) Updates `github.com/quic-go/quic-go` from 0.51.0 to 0.52.0 - [Release notes](https://github.com/quic-go/quic-go/releases) - [Commits](quic-go/quic-go@v0.51.0...v0.52.0) Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.60.0 to 0.61.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.60.0...zpages/v0.61.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.60.0 to 0.61.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.60.0...zpages/v0.61.0) Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.60.0 to 0.61.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.60.0...zpages/v0.61.0) Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.35.0...v1.36.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.35.0...v1.36.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.35.0...v1.36.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.35.0...v1.36.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.35.0...v1.36.0) Updates `go.opentelemetry.io/proto/otlp` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-proto-go/releases) - [Commits](open-telemetry/opentelemetry-proto-go@v1.6.0...v1.7.0) Updates `google.golang.org/api` from 0.230.0 to 0.235.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.230.0...v0.235.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250428153025-10db94c68c34 to 0.0.0-20250528174236-200df99c418a - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/grpc` from 1.72.0 to 1.72.2 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.72.0...v1.72.2) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-version: 1.55.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/VictoriaMetrics/fastcache dependency-version: 1.12.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.80.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/docker/docker dependency-version: 28.2.2+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/exaring/otelpgx dependency-version: 0.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/google/go-jsonnet dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.7.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/miekg/dns dependency-version: 1.1.66 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/minio/minio-go/v7 dependency-version: 7.0.92 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/pires/go-proxyproto dependency-version: 0.8.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/quic-go/quic-go dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc dependency-version: 0.61.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.61.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/contrib/propagators/autoprop dependency-version: 0.61.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/otel/bridge/opencensus dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/proto/otlp dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: google.golang.org/api dependency-version: 0.235.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-version: 0.0.0-20250528174236-200df99c418a dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: google.golang.org/grpc dependency-version: 1.72.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com>
286 lines
9.1 KiB
Go
286 lines
9.1 KiB
Go
package envoyconfig
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"google.golang.org/protobuf/encoding/protojson"
|
|
|
|
"github.com/pomerium/pomerium/config"
|
|
"github.com/pomerium/pomerium/config/envoyconfig/filemgr"
|
|
"github.com/pomerium/pomerium/internal/testutil"
|
|
"github.com/pomerium/pomerium/pkg/cryptutil"
|
|
)
|
|
|
|
func TestBuilder_buildMainRouteConfiguration(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
ctx := t.Context()
|
|
cfg := &config.Config{Options: &config.Options{
|
|
CookieName: "pomerium",
|
|
DefaultUpstreamTimeout: time.Second * 3,
|
|
SharedKey: cryptutil.NewBase64Key(),
|
|
Services: "proxy",
|
|
Policies: []config.Policy{
|
|
{
|
|
From: "https://*.example.com",
|
|
To: mustParseWeightedURLs(t, "https://www.example.com"),
|
|
},
|
|
},
|
|
}}
|
|
b := New("grpc", "http", "metrics", filemgr.NewManager(), nil, true)
|
|
routeConfiguration, err := b.buildMainRouteConfiguration(ctx, cfg)
|
|
assert.NoError(t, err)
|
|
testutil.AssertProtoJSONEqual(t, `{
|
|
"name": "main",
|
|
"validateClusters": false,
|
|
"virtualHosts": [
|
|
{
|
|
"name": "catch-all",
|
|
"domains": ["*"],
|
|
"routes": [
|
|
`+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, "/ping"))+`,
|
|
`+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, "/healthz"))+`,
|
|
`+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, "/.pomerium"))+`,
|
|
`+protojson.Format(b.buildControlPlanePrefixRoute(cfg.Options, "/.pomerium/"))+`,
|
|
`+protojson.Format(b.buildControlPlanePathRoute(cfg.Options, "/.well-known/pomerium"))+`,
|
|
`+protojson.Format(b.buildControlPlanePrefixRoute(cfg.Options, "/.well-known/pomerium/"))+`,
|
|
{
|
|
"name": "policy-0",
|
|
"decorator": {
|
|
"operation": "ingress: ${method} ${host}${path}",
|
|
"propagate": false
|
|
},
|
|
"match": {
|
|
"headers": [
|
|
{ "name": ":authority", "stringMatch": { "safeRegex": { "regex": "^(.*)\\.example\\.com$" } }}
|
|
],
|
|
"prefix": "/"
|
|
},
|
|
"metadata": {
|
|
"filterMetadata": {
|
|
"envoy.filters.http.lua": {
|
|
"remove_impersonate_headers": false,
|
|
"remove_pomerium_authorization": true,
|
|
"remove_pomerium_cookie": "pomerium",
|
|
"rewrite_response_headers": []
|
|
}
|
|
}
|
|
},
|
|
"requestHeadersToRemove": [
|
|
"x-pomerium-jwt-assertion",
|
|
"x-pomerium-jwt-assertion-for",
|
|
"x-pomerium-reproxy-policy",
|
|
"x-pomerium-reproxy-policy-hmac"
|
|
],
|
|
"responseHeadersToAdd": [
|
|
{ "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD", "header": { "key": "X-Frame-Options", "value": "SAMEORIGIN" } },
|
|
{ "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD", "header": { "key": "X-XSS-Protection", "value": "1; mode=block" } }
|
|
],
|
|
"route": {
|
|
"autoHostRewrite": true,
|
|
"cluster": "route-5fbd81d8f19363f4",
|
|
"hashPolicy": [
|
|
{ "header": { "headerName": "x-pomerium-routing-key" }, "terminal": true },
|
|
{ "connectionProperties": { "sourceIp": true }, "terminal": true }
|
|
],
|
|
"timeout": "3s",
|
|
"upgradeConfigs": [
|
|
{ "enabled": false, "upgradeType": "websocket" },
|
|
{ "enabled": false, "upgradeType": "spdy/3.1" }
|
|
]
|
|
},
|
|
"typedPerFilterConfig": {
|
|
"envoy.filters.http.ext_authz": {
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute",
|
|
"checkSettings": {
|
|
"contextExtensions": {
|
|
"internal": "false",
|
|
"route_checksum": "3842393772597897044",
|
|
"route_id": "5fbd81d8f19363f4"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "policy-0",
|
|
"decorator": {
|
|
"operation": "ingress: ${method} ${host}${path}",
|
|
"propagate": false
|
|
},
|
|
"match": {
|
|
"headers": [
|
|
{ "name": ":authority", "stringMatch": { "safeRegex": { "regex": "^(.*)\\.example\\.com:443$" } }}
|
|
],
|
|
"prefix": "/"
|
|
},
|
|
"metadata": {
|
|
"filterMetadata": {
|
|
"envoy.filters.http.lua": {
|
|
"remove_impersonate_headers": false,
|
|
"remove_pomerium_authorization": true,
|
|
"remove_pomerium_cookie": "pomerium",
|
|
"rewrite_response_headers": []
|
|
}
|
|
}
|
|
},
|
|
"requestHeadersToRemove": [
|
|
"x-pomerium-jwt-assertion",
|
|
"x-pomerium-jwt-assertion-for",
|
|
"x-pomerium-reproxy-policy",
|
|
"x-pomerium-reproxy-policy-hmac"
|
|
],
|
|
"responseHeadersToAdd": [
|
|
{ "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD", "header": { "key": "X-Frame-Options", "value": "SAMEORIGIN" } },
|
|
{ "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD", "header": { "key": "X-XSS-Protection", "value": "1; mode=block" } }
|
|
],
|
|
"route": {
|
|
"autoHostRewrite": true,
|
|
"cluster": "route-5fbd81d8f19363f4",
|
|
"hashPolicy": [
|
|
{ "header": { "headerName": "x-pomerium-routing-key" }, "terminal": true },
|
|
{ "connectionProperties": { "sourceIp": true }, "terminal": true }
|
|
],
|
|
"timeout": "3s",
|
|
"upgradeConfigs": [
|
|
{ "enabled": false, "upgradeType": "websocket" },
|
|
{ "enabled": false, "upgradeType": "spdy/3.1" }
|
|
]
|
|
},
|
|
"typedPerFilterConfig": {
|
|
"envoy.filters.http.ext_authz": {
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute",
|
|
"checkSettings": {
|
|
"contextExtensions": {
|
|
"internal": "false",
|
|
"route_checksum": "3842393772597897044",
|
|
"route_id": "5fbd81d8f19363f4"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
|
|
}`, routeConfiguration)
|
|
}
|
|
|
|
func Test_getAllDomains(t *testing.T) {
|
|
cert, err := cryptutil.GenerateCertificate(nil, "*.unknown.example.com")
|
|
require.NoError(t, err)
|
|
certPEM, keyPEM, err := cryptutil.EncodeCertificate(cert)
|
|
require.NoError(t, err)
|
|
|
|
options := &config.Options{
|
|
Addr: "127.0.0.1:9000",
|
|
GRPCAddr: "127.0.0.1:9001",
|
|
Services: "all",
|
|
AuthenticateURLString: "https://authenticate.example.com",
|
|
AuthenticateInternalURLString: "https://authenticate.int.example.com",
|
|
AuthorizeURLString: "https://authorize.example.com:9001",
|
|
DataBrokerURLString: "https://cache.example.com:9001",
|
|
Policies: []config.Policy{
|
|
{From: "http://a.example.com"},
|
|
{From: "https://b.example.com"},
|
|
{From: "https://c.example.com"},
|
|
{From: "https://d.unknown.example.com"},
|
|
},
|
|
Cert: base64.StdEncoding.EncodeToString(certPEM),
|
|
Key: base64.StdEncoding.EncodeToString(keyPEM),
|
|
}
|
|
t.Run("routable", func(t *testing.T) {
|
|
t.Run("http", func(t *testing.T) {
|
|
actual, _, err := getAllRouteableHosts(options, "127.0.0.1:9000")
|
|
require.NoError(t, err)
|
|
expect := []string{
|
|
"a.example.com",
|
|
"a.example.com:80",
|
|
"authenticate.example.com",
|
|
"authenticate.example.com:443",
|
|
"authenticate.int.example.com",
|
|
"authenticate.int.example.com:443",
|
|
"b.example.com",
|
|
"b.example.com:443",
|
|
"c.example.com",
|
|
"c.example.com:443",
|
|
"d.unknown.example.com",
|
|
"d.unknown.example.com:443",
|
|
}
|
|
assert.Equal(t, expect, actual)
|
|
})
|
|
t.Run("grpc", func(t *testing.T) {
|
|
actual, _, err := getAllRouteableHosts(options, "127.0.0.1:9001")
|
|
require.NoError(t, err)
|
|
expect := []string{
|
|
"authorize.example.com:9001",
|
|
"cache.example.com:9001",
|
|
}
|
|
assert.Equal(t, expect, actual)
|
|
})
|
|
t.Run("both", func(t *testing.T) {
|
|
newOptions := *options
|
|
newOptions.GRPCAddr = newOptions.Addr
|
|
actual, _, err := getAllRouteableHosts(&newOptions, "127.0.0.1:9000")
|
|
require.NoError(t, err)
|
|
expect := []string{
|
|
"a.example.com",
|
|
"a.example.com:80",
|
|
"authenticate.example.com",
|
|
"authenticate.example.com:443",
|
|
"authenticate.int.example.com",
|
|
"authenticate.int.example.com:443",
|
|
"authorize.example.com:9001",
|
|
"b.example.com",
|
|
"b.example.com:443",
|
|
"c.example.com",
|
|
"c.example.com:443",
|
|
"cache.example.com:9001",
|
|
"d.unknown.example.com",
|
|
"d.unknown.example.com:443",
|
|
}
|
|
assert.Equal(t, expect, actual)
|
|
})
|
|
})
|
|
|
|
t.Run("exclude default authenticate", func(t *testing.T) {
|
|
options := config.NewDefaultOptions()
|
|
options.Policies = []config.Policy{
|
|
{From: "https://a.example.com"},
|
|
}
|
|
actual, _, err := getAllRouteableHosts(options, ":443")
|
|
require.NoError(t, err)
|
|
assert.Equal(t, []string{"a.example.com"}, actual)
|
|
})
|
|
}
|
|
|
|
func Test_urlMatchesHost(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
for _, tc := range []struct {
|
|
name string
|
|
sourceURL string
|
|
host string
|
|
matches bool
|
|
}{
|
|
{"no port", "http://example.com", "example.com", true},
|
|
{"host http port", "http://example.com", "example.com:80", true},
|
|
{"host https port", "https://example.com", "example.com:443", true},
|
|
{"with port", "https://example.com:443", "example.com:443", true},
|
|
{"url port", "https://example.com:443", "example.com", true},
|
|
{"non standard port", "http://example.com:81", "example.com", false},
|
|
{"non standard host port", "http://example.com:81", "example.com:80", false},
|
|
} {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
assert.Equal(t, tc.matches, urlMatchesHost(mustParseURL(t, tc.sourceURL), tc.host),
|
|
"urlMatchesHost(%s,%s)", tc.sourceURL, tc.host)
|
|
})
|
|
}
|
|
}
|