Headers Credentials Issuer #100
Conversation
There was a problem hiding this comment.
This is awesome, very clean and short and tests look good too. Only two things from my side. And a third one: docs!
Could you please make a PR and add this CI to the rules documentation?
Thank you!
| } | ||
|
|
||
| var cfg CredentialsHeadersConfig | ||
| d := json.NewDecoder(bytes.NewBuffer(config)) |
There was a problem hiding this comment.
I think it would make sense here to have d.DisallowUnknownFields() to complain on potential typos.
There was a problem hiding this comment.
The CredentialsHeadersConfig is just a map[string]string so there are no unknown fields, the map keys correspond to HTTP headers so they have to remain freeform. Thinking about it now, though, I realize that may constrain future configuration options. I could turn it into a struct with a Headers map[string]string field instead, which would go from
"credentials_issuer": {
"handler": "headers",
"config": {
"X-User": "{{ print .Subject }}",
"X-Audience": "{{ print .Extra.aud }}"
}
}to
"credentials_issuer": {
"handler": "headers",
"config": {
"headers": {
"X-User": "{{ print .Subject }}",
"X-Audience": "{{ print .Extra.aud }}"
}
}
}But that may end up being an unnecessary change if we never introduce any new configuration options for that issuer. I can't think of anything I could add, though. I'll let you decide which you prefer and implement as directed.
There was a problem hiding this comment.
Hm, it could be possible that we want to configure the headers handler further (maybe add a filter:true/false option which removes unused X- headers?). I think it's a good idea to separate the template from potential future updates to the config. It will improve BC as well!
| var err error | ||
|
|
||
| templateId := fmt.Sprintf("%s:%s", rl.ID, hdr) | ||
| tmpl = a.RulesCache.Lookup(templateId) |
There was a problem hiding this comment.
Yep, it's a text.Template and they have a RWMutex guarding parsing and executing: https://github.com/golang/go/blob/master/src/text/template/template.go#L20
Signed-off-by: Jason Hutchinson <[email protected]>
…handling Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
Signed-off-by: Jason Hutchinson <[email protected]>
|
Thank you for your hard work! |
Implemented as discussed in #96
Usage:
{ "id": "some-id", "upstream": {"url": "http://my-backend-service"}, "match": { }, "authenticators": [ ], "authorizer": { }, "credentials_issuer": { "handler": "headers", "config": { "X-User": "{{ print .Subject }}", "X-Audience": "{{ print .Extra.aud }}", "X-Issuer": "{{ print .Extra.iss }}", "X-Arbitrary": "{{ print .Extra.some.deeply.nested.value }}" } } }