From b37975122436431c40703f688bfbf2a994453a21 Mon Sep 17 00:00:00 2001 From: Caleb Doxsey Date: Fri, 17 Jan 2025 11:20:16 -0700 Subject: [PATCH] routes: add description, logo_url, source_ppl --- go.mod | 2 +- pomerium/ingress_annotations.go | 4 ++++ pomerium/ingress_annotations_test.go | 5 +++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index c1695d1c..4503639a 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/iancoleman/strcase v0.3.0 github.com/martinlindhe/base36 v1.1.1 github.com/open-policy-agent/opa v1.0.0 + github.com/pomerium/csrf v1.7.0 github.com/pomerium/pomerium v0.28.1-0.20250116165306-3a2e6ce10a12 github.com/rs/zerolog v1.33.0 github.com/sergi/go-diff v1.3.1 @@ -164,7 +165,6 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/pomerium/csrf v1.7.0 // indirect github.com/pomerium/datasource v0.18.2-0.20221108160055-c6134b5ed524 // indirect github.com/pomerium/protoutil v0.0.0-20240813175624-47b7ac43ff46 // indirect github.com/pomerium/webauthn v0.0.0-20240603205124-0428df511172 // indirect diff --git a/pomerium/ingress_annotations.go b/pomerium/ingress_annotations.go index 1cbf3d7a..ecf87bf2 100644 --- a/pomerium/ingress_annotations.go +++ b/pomerium/ingress_annotations.go @@ -7,6 +7,7 @@ import ( envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" "github.com/open-policy-agent/opa/ast" + "google.golang.org/protobuf/proto" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" @@ -24,11 +25,13 @@ var ( "allow_spdy", "allow_websockets", "cors_allow_preflight", + "description", "host_path_regex_rewrite_pattern", "host_path_regex_rewrite_substitution", "host_rewrite_header", "host_rewrite", "idle_timeout", + "logo_url", "pass_identity_headers", "prefix_rewrite", "preserve_host_header", @@ -195,6 +198,7 @@ func unmarshalPolicyAnnotations(p *pomerium.Policy, kvs map[string]string) error return fmt.Errorf("invalid custom rego: %w", err) } + p.SourcePpl = proto.String(ppl) p.Rego = []string{src} return nil } diff --git a/pomerium/ingress_annotations_test.go b/pomerium/ingress_annotations_test.go index 1574bdaa..11d52313 100644 --- a/pomerium/ingress_annotations_test.go +++ b/pomerium/ingress_annotations_test.go @@ -46,6 +46,7 @@ func TestAnnotations(t *testing.T) { "a/allowed_idp_claims": `key: ["val1", "val2"]`, "a/allowed_users": `["a"]`, "a/cors_allow_preflight": "true", + "a/description": "DESCRIPTION", "a/health_checks": `[{"timeout": "10s", "interval": "1m", "healthy_threshold": 1, "unhealthy_threshold": 2, "http_health_check": {"path": "/"}}]`, "a/host_path_regex_rewrite_pattern": "rewrite-pattern", "a/host_path_regex_rewrite_substitution": "rewrite-sub", @@ -54,6 +55,7 @@ func TestAnnotations(t *testing.T) { "a/idle_timeout": `60s`, "a/kubernetes_service_account_token_secret": "k8s_token", "a/lb_policy": "LEAST_REQUEST", + "a/logo_url": "LOGO_URL", "a/least_request_lb_config": `{"choice_count":3,"active_request_bias":{"default_value":4,"runtime_key":"key"},"slow_start_config":{"slow_start_window":"3s","aggression":{"runtime_key":"key"}}}`, "a/pass_identity_headers": "true", "a/policy": testPPL, @@ -187,9 +189,12 @@ func TestAnnotations(t *testing.T) { AllowedIdpClaims: map[string]*structpb.ListValue{ "key": {Values: []*structpb.Value{structpb.NewStringValue("val1"), structpb.NewStringValue("val2")}}, }, + SourcePpl: proto.String(`{"allow":{"or":[{"domain":{"is":"pomerium.com"}}]}}`), }}, TlsSkipVerify: true, TlsServerName: "my.server.name", + Description: "DESCRIPTION", + LogoUrl: "LOGO_URL", }, cmpopts.IgnoreUnexported( pb.Route{}, pb.RouteRewriteHeader{},