go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-03-21 21:47:11 +02:00
Code Issues Releases Activity

Make the Upstreams mux configurable

Browse Source 
This commit changes Upstreams from []Upstream to a struct{}
moving the previous []Upstream into .Configs and adjusts all uses of it.
This commit is contained in:
Fabian Stelzer 2021-08-09 13:32:15 +00:00
parent ae72beb24e
commit 12ab4ef529
No known key found for this signature in database
11 changed files with 283 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
main_test.go
View File

@ -25,6 +25,7 @@ client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
const testAlphaConfig = `
upstreams:
configs:
- id: /
path: /
uri: http://httpbin
@ -101,6 +102,7 @@ redirect_url="http://localhost:4180/oauth2/callback"
opts.RawRedirectURL = "http://localhost:4180/oauth2/callback"
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: "/",
Path: "/",
@ -109,6 +111,7 @@ redirect_url="http://localhost:4180/oauth2/callback"
PassHostHeader: boolPtr(true),
ProxyWebSockets: boolPtr(true),
},
},
}
authHeader := options.Header{
@ -130,7 +133,7 @@ redirect_url="http://localhost:4180/oauth2/callback"
opts.InjectResponseHeaders = append(opts.InjectResponseHeaders, authHeader)
opts.Providers = options.Providers{
{
options.Provider{
ID: "google=oauth2-proxy",
Type: "google",
ClientSecret: "b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK",
@ -230,7 +233,7 @@ redirect_url="http://localhost:4180/oauth2/callback"
configContent: testCoreConfig,
alphaConfigContent: testAlphaConfig + ":",
expectedOptions: func() *options.Options { return nil },
expectedErr: errors.New("failed to load alpha options: error unmarshalling config: error converting YAML to JSON: yaml: line 49: did not find expected key"),
expectedErr: errors.New("failed to load alpha options: error unmarshalling config: error converting YAML to JSON: yaml: line 50: did not find expected key"),
}),
Entry("with alpha configuration and bad core configuration", loadConfigurationTableInput{
configContent: testCoreConfig + "unknown_field=\"something\"",

18
oauthproxy_test.go
View File

@ -198,11 +198,13 @@ func TestBasicAuthPassword(t *testing.T) {
basicAuthPassword := "This is a secure password"
opts := baseTestOptions()
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: providerServer.URL,
Path: "/",
URI: providerServer.URL,
},
},
}
opts.Cookie.Secure = false
@ -347,14 +349,16 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) (*PassAccessTokenTe
patt.opts = baseTestOptions()
patt.opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: patt.providerServer.URL,
Path: "/",
URI: patt.providerServer.URL,
},
},
}
if opts.ProxyUpstream.ID != "" {
patt.opts.UpstreamServers = append(patt.opts.UpstreamServers, opts.ProxyUpstream)
patt.opts.UpstreamServers.Configs = append(patt.opts.UpstreamServers.Configs, opts.ProxyUpstream)
}
patt.opts.Cookie.Secure = false
@ -1270,11 +1274,13 @@ func TestAuthSkippedForPreflightRequests(t *testing.T) {
opts := baseTestOptions()
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: upstreamServer.URL,
Path: "/",
URI: upstreamServer.URL,
},
},
}
opts.SkipAuthPreflight = true
err := validation.Validate(opts)
@ -1345,11 +1351,13 @@ func NewSignatureTest() (*SignatureTest, error) {
return nil, err
}
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: upstreamServer.URL,
Path: "/",
URI: upstreamServer.URL,
},
},
}
providerHandler := func(w http.ResponseWriter, r *http.Request) {
@ -1781,11 +1789,13 @@ func Test_noCacheHeaders(t *testing.T) {
opts := baseTestOptions()
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: upstreamServer.URL,
Path: "/",
URI: upstreamServer.URL,
},
},
}
opts.SkipAuthRegex = []string{".*"}
err := validation.Validate(opts)
@ -2051,11 +2061,13 @@ func TestTrustedIPs(t *testing.T) {
t.Run(tt.name, func(t *testing.T) {
opts := baseTestOptions()
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: "static",
Path: "/",
Static: true,
},
},
}
opts.TrustedIPs = tt.trustedIPs
opts.ReverseProxy = tt.reverseProxy
@ -2244,11 +2256,13 @@ func TestAllowedRequest(t *testing.T) {
opts := baseTestOptions()
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: upstreamServer.URL,
Path: "/",
URI: upstreamServer.URL,
},
},
}
opts.SkipAuthRegex = []string{
"^/skip/auth/regex$",
@ -2359,11 +2373,13 @@ func TestProxyAllowedGroups(t *testing.T) {
test, err := NewProcessCookieTestWithOptionsModifiers(func(opts *options.Options) {
opts.Providers[0].AllowedGroups = tt.allowedGroups
opts.UpstreamServers = options.Upstreams{
Configs: []options.Upstream{
{
ID: upstreamServer.URL,
Path: "/",
URI: upstreamServer.URL,
},
},
}
})
if err != nil {

4
pkg/apis/options/legacy_options.go
View File

@ -120,7 +120,7 @@ func (l *LegacyUpstreams) convert() (Upstreams, error) {
for _, upstreamString := range l.Upstreams {
u, err := url.Parse(upstreamString)
if err != nil {
return nil, fmt.Errorf("could not parse upstream %q: %v", upstreamString, err)
return Upstreams{}, fmt.Errorf("could not parse upstream %q: %v", upstreamString, err)
}
if u.Path == "" {
@ -169,7 +169,7 @@ func (l *LegacyUpstreams) convert() (Upstreams, error) {
upstream.FlushInterval = nil
}
upstreams = append(upstreams, upstream)
upstreams.Configs = append(upstreams.Configs, upstream)
}
return upstreams, nil

24
pkg/apis/options/legacy_options_test.go
View File

@ -27,6 +27,7 @@ var _ = Describe("Legacy Options", func() {
truth := true
staticCode := 204
opts.UpstreamServers = Upstreams{
Configs: []Upstream{
{
ID: "/baz",
Path: "/baz",
@ -56,6 +57,7 @@ var _ = Describe("Legacy Options", func() {
PassHostHeader: nil,
ProxyWebSockets: nil,
},
},
}
opts.InjectRequestHeaders = []Header{
@ -124,7 +126,7 @@ var _ = Describe("Legacy Options", func() {
Context("Legacy Upstreams", func() {
type convertUpstreamsTableInput struct {
upstreamStrings []string
expectedUpstreams Upstreams
expectedUpstreams []Upstream
errMsg string
}
@ -219,51 +221,51 @@ var _ = Describe("Legacy Options", func() {
Expect(err).ToNot(HaveOccurred())
}
Expect(upstreams).To(ConsistOf(in.expectedUpstreams))
Expect(upstreams.Configs).To(ConsistOf(in.expectedUpstreams))
},
Entry("with no upstreams", &convertUpstreamsTableInput{
upstreamStrings: []string{},
expectedUpstreams: Upstreams{},
expectedUpstreams: []Upstream{},
errMsg: "",
}),
Entry("with a valid HTTP upstream", &convertUpstreamsTableInput{
upstreamStrings: []string{validHTTP},
expectedUpstreams: Upstreams{validHTTPUpstream},
expectedUpstreams: []Upstream{validHTTPUpstream},
errMsg: "",
}),
Entry("with a HTTP upstream with an empty path", &convertUpstreamsTableInput{
upstreamStrings: []string{emptyPathHTTP},
expectedUpstreams: Upstreams{emptyPathHTTPUpstream},
expectedUpstreams: []Upstream{emptyPathHTTPUpstream},
errMsg: "",
}),
Entry("with a valid File upstream with a fragment", &convertUpstreamsTableInput{
upstreamStrings: []string{validFileWithFragment},
expectedUpstreams: Upstreams{validFileWithFragmentUpstream},
expectedUpstreams: []Upstream{validFileWithFragmentUpstream},
errMsg: "",
}),
Entry("with a valid static upstream", &convertUpstreamsTableInput{
upstreamStrings: []string{validStatic},
expectedUpstreams: Upstreams{validStaticUpstream},
expectedUpstreams: []Upstream{validStaticUpstream},
errMsg: "",
}),
Entry("with an invalid static upstream, code is 200", &convertUpstreamsTableInput{
upstreamStrings: []string{invalidStatic},
expectedUpstreams: Upstreams{invalidStaticUpstream},
expectedUpstreams: []Upstream{invalidStaticUpstream},
errMsg: "",
}),
Entry("with an invalid HTTP upstream", &convertUpstreamsTableInput{
upstreamStrings: []string{invalidHTTP},
expectedUpstreams: Upstreams{},
expectedUpstreams: []Upstream{},
errMsg: invalidHTTPErrMsg,
}),
Entry("with an invalid HTTP upstream and other upstreams", &convertUpstreamsTableInput{
upstreamStrings: []string{validHTTP, invalidHTTP},
expectedUpstreams: Upstreams{},
expectedUpstreams: []Upstream{},
errMsg: invalidHTTPErrMsg,
}),
Entry("with multiple valid upstreams", &convertUpstreamsTableInput{
upstreamStrings: []string{validHTTP, validFileWithFragment, validStatic},
expectedUpstreams: Upstreams{validHTTPUpstream, validFileWithFragmentUpstream, validStaticUpstream},
expectedUpstreams: []Upstream{validHTTPUpstream, validFileWithFragmentUpstream, validStaticUpstream},
errMsg: "",
}),
)

5
pkg/apis/options/load_test.go
View File

@ -470,6 +470,7 @@ sub:
It("should load a full example AlphaOptions", func() {
config := []byte(`
upstreams:
configs:
- id: httpbin
path: /
uri: http://httpbin
@ -502,7 +503,8 @@ injectResponseHeaders:
flushInterval := Duration(500 * time.Millisecond)
Expect(into).To(Equal(&AlphaOptions{
Upstreams: []Upstream{
Upstreams: Upstreams{
Configs: []Upstream{
{
ID: "httpbin",
Path: "/",
@ -510,6 +512,7 @@ injectResponseHeaders:
FlushInterval: &flushInterval,
},
},
},
InjectRequestHeaders: []Header{
{
Name: "X-Forwarded-User",

6
pkg/apis/options/upstreams.go
View File

@ -8,7 +8,11 @@ const (
)
// Upstreams is a collection of definitions for upstream servers.
type Upstreams []Upstream
type Upstreams struct {
// Upstream represents the configuration for an upstream server.
// Requests will be proxied to this upstream if the path matches the request path.
Configs []Upstream `json:"configs,omitempty"`
}
// Upstream represents the configuration for an upstream server.
// Requests will be proxied to this upstream if the path matches the request path.

4
pkg/upstream/proxy.go
View File

@ -27,7 +27,7 @@ func NewProxy(upstreams options.Upstreams, sigData *options.SignatureData, write
serveMux: mux.NewRouter(),
}
for _, upstream := range sortByPathLongest(upstreams) {
for _, upstream := range sortByPathLongest(upstreams.Configs) {
if upstream.Static {
if err := m.registerStaticResponseHandler(upstream, writer); err != nil {
return nil, fmt.Errorf("could not register static upstream %q: %v", upstream.ID, err)
@ -153,7 +153,7 @@ func registerTrailingSlashHandler(serveMux *mux.Router) {
// precedence (note this is the input to the rewrite logic).
// This does not account for when a rewrite would actually make the path shorter.
// This should maintain the sorting behaviour of the standard go serve mux.
func sortByPathLongest(in options.Upstreams) options.Upstreams {
func sortByPathLongest(in []options.Upstream) []options.Upstream {
sort.Slice(in, func(i, j int) bool {
iRW := in[i].RewriteTarget
jRW := in[j].RewriteTarget

42
pkg/upstream/proxy_test.go
View File

@ -33,6 +33,7 @@ var _ = Describe("Proxy Suite", func() {
accepted := http.StatusAccepted
upstreams := options.Upstreams{
Configs: []options.Upstream{
{
ID: "http-backend",
Path: "/http/",
@ -89,6 +90,7 @@ var _ = Describe("Proxy Suite", func() {
RewriteTarget: "/double-match/rewrite/$1",
URI: serverAddr,
},
},
}
var err error
@ -315,8 +317,8 @@ var _ = Describe("Proxy Suite", func() {
Context("sortByPathLongest", func() {
type sortByPathLongestTableInput struct {
input options.Upstreams
expectedOutput options.Upstreams
input []options.Upstream
expectedOutput []options.Upstream
}
var httpPath = options.Upstream{
@ -346,40 +348,40 @@ var _ = Describe("Proxy Suite", func() {
Expect(sortByPathLongest(in.input)).To(Equal(in.expectedOutput))
},
Entry("with a mix of paths registered", sortByPathLongestTableInput{
input: options.Upstreams{httpPath, httpSubPath, shortSubPathWithRewrite, longerPath, shortPathWithRewrite},
expectedOutput: options.Upstreams{shortSubPathWithRewrite, shortPathWithRewrite, longerPath, httpSubPath, httpPath},
input: []options.Upstream{httpPath, httpSubPath, shortSubPathWithRewrite, longerPath, shortPathWithRewrite},
expectedOutput: []options.Upstream{shortSubPathWithRewrite, shortPathWithRewrite, longerPath, httpSubPath, httpPath},
}),
Entry("when a subpath is registered (in order)", sortByPathLongestTableInput{
input: options.Upstreams{httpSubPath, httpPath},
expectedOutput: options.Upstreams{httpSubPath, httpPath},
input: []options.Upstream{httpSubPath, httpPath},
expectedOutput: []options.Upstream{httpSubPath, httpPath},
}),
Entry("when a subpath is registered (out of order)", sortByPathLongestTableInput{
input: options.Upstreams{httpPath, httpSubPath},
expectedOutput: options.Upstreams{httpSubPath, httpPath},
input: []options.Upstream{httpPath, httpSubPath},
expectedOutput: []options.Upstream{httpSubPath, httpPath},
}),
Entry("when longer paths are registered (in order)", sortByPathLongestTableInput{
input: options.Upstreams{longerPath, httpPath},
expectedOutput: options.Upstreams{longerPath, httpPath},
input: []options.Upstream{longerPath, httpPath},
expectedOutput: []options.Upstream{longerPath, httpPath},
}),
Entry("when longer paths are registered (out of order)", sortByPathLongestTableInput{
input: options.Upstreams{httpPath, longerPath},
expectedOutput: options.Upstreams{longerPath, httpPath},
input: []options.Upstream{httpPath, longerPath},
expectedOutput: []options.Upstream{longerPath, httpPath},
}),
Entry("when a rewrite target is registered (in order)", sortByPathLongestTableInput{
input: options.Upstreams{shortPathWithRewrite, longerPath},
expectedOutput: options.Upstreams{shortPathWithRewrite, longerPath},
input: []options.Upstream{shortPathWithRewrite, longerPath},
expectedOutput: []options.Upstream{shortPathWithRewrite, longerPath},
}),
Entry("when a rewrite target is registered (out of order)", sortByPathLongestTableInput{
input: options.Upstreams{longerPath, shortPathWithRewrite},
expectedOutput: options.Upstreams{shortPathWithRewrite, longerPath},
input: []options.Upstream{longerPath, shortPathWithRewrite},
expectedOutput: []options.Upstream{shortPathWithRewrite, longerPath},
}),
Entry("with multiple rewrite targets registered (in order)", sortByPathLongestTableInput{
input: options.Upstreams{shortSubPathWithRewrite, shortPathWithRewrite},
expectedOutput: options.Upstreams{shortSubPathWithRewrite, shortPathWithRewrite},
input: []options.Upstream{shortSubPathWithRewrite, shortPathWithRewrite},
expectedOutput: []options.Upstream{shortSubPathWithRewrite, shortPathWithRewrite},
}),
Entry("with multiple rewrite targets registered (out of order)", sortByPathLongestTableInput{
input: options.Upstreams{shortPathWithRewrite, shortSubPathWithRewrite},
expectedOutput: options.Upstreams{shortSubPathWithRewrite, shortPathWithRewrite},
input: []options.Upstream{shortPathWithRewrite, shortSubPathWithRewrite},
expectedOutput: []options.Upstream{shortSubPathWithRewrite, shortPathWithRewrite},
}),
)
})

2
pkg/validation/options_test.go
View File

@ -22,7 +22,7 @@ const (
func testOptions() *options.Options {
o := options.NewOptions()
o.UpstreamServers = append(o.UpstreamServers, options.Upstream{
o.UpstreamServers.Configs = append(o.UpstreamServers.Configs, options.Upstream{
ID: "upstream",
Path: "/",
URI: "http://127.0.0.1:8080/",

2
pkg/validation/upstreams.go
View File

@ -12,7 +12,7 @@ func validateUpstreams(upstreams options.Upstreams) []string {
ids := make(map[string]struct{})
paths := make(map[string]struct{})
for _, upstream := range upstreams {
for _, upstream := range upstreams.Configs {
msgs = append(msgs, validateUpstream(upstream, ids, paths)...)
}

22
pkg/validation/upstreams_test.go
View File

@ -59,74 +59,89 @@ var _ = Describe("Upstreams", func() {
}),
Entry("with valid upstreams", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
validHTTPUpstream,
validStaticUpstream,
validFileUpstream,
},
},
errStrings: []string{},
}),
Entry("with an empty ID", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "",
Path: "/foo",
URI: "http://localhost:8080",
},
},
},
errStrings: []string{emptyIDMsg},
}),
Entry("with an empty Path", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "",
URI: "http://localhost:8080",
},
},
},
errStrings: []string{emptyPathMsg},
}),
Entry("with an empty Path", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "",
URI: "http://localhost:8080",
},
},
},
errStrings: []string{emptyPathMsg},
}),
Entry("with an empty URI", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "/foo",
URI: "",
},
},
},
errStrings: []string{emptyURIMsg},
}),
Entry("with an invalid URI", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "/foo",
URI: ":",
},
},
},
errStrings: []string{invalidURIMsg},
}),
Entry("with an invalid URI scheme", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "/foo",
URI: "ftp://foo",
},
},
},
errStrings: []string{invalidURISchemeMsg},
}),
Entry("with a static upstream and invalid optons", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "/foo",
@ -138,6 +153,7 @@ var _ = Describe("Upstreams", func() {
InsecureSkipTLSVerify: true,
},
},
},
errStrings: []string{
staticWithURIMsg,
staticWithInsecureMsg,
@ -148,6 +164,7 @@ var _ = Describe("Upstreams", func() {
}),
Entry("with duplicate IDs", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "/foo1",
@ -159,10 +176,12 @@ var _ = Describe("Upstreams", func() {
URI: "http://foo",
},
},
},
errStrings: []string{multipleIDsMsg},
}),
Entry("with duplicate Paths", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo1",
Path: "/foo",
@ -174,16 +193,19 @@ var _ = Describe("Upstreams", func() {
URI: "http://foo",
},
},
},
errStrings: []string{multiplePathsMsg},
}),
Entry("when a static code is supplied without static", &validateUpstreamTableInput{
upstreams: options.Upstreams{
Configs: []options.Upstream{
{
ID: "foo",
Path: "/foo",
StaticCode: &staticCode200,
},
},
},
errStrings: []string{emptyURIMsg, staticCodeMsg},
}),
)