diff --git a/go.mod b/go.mod index b10f43ea42..be3593a33f 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/ory/oathkeeper require ( + github.com/Masterminds/goutils v1.1.0 // indirect + github.com/Masterminds/sprig v2.20.0+incompatible github.com/Microsoft/go-winio v0.4.12 // indirect github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7 @@ -28,6 +30,8 @@ require ( github.com/google/uuid v1.1.1 github.com/gorilla/handlers v1.4.0 // indirect github.com/gorilla/mux v1.7.1 // indirect + github.com/huandu/xstrings v1.2.0 // indirect + github.com/imdario/mergo v0.3.7 // indirect github.com/jessevdk/go-flags v1.4.0 // indirect github.com/julienschmidt/httprouter v1.2.0 github.com/lib/pq v1.0.0 diff --git a/go.sum b/go.sum index be695799c7..c852b31951 100644 --- a/go.sum +++ b/go.sum @@ -8,7 +8,12 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= +github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/Masterminds/sprig v2.20.0+incompatible h1:dJTKKuUkYW3RMFdQFXPU/s6hg10RgctmTjRcbZ98Ap8= +github.com/Masterminds/sprig v2.20.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.12 h1:xAfWHN1IrQ0NJ9TBC0KBZoqLjzDTr1ML+4MywiUOryc= github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= @@ -374,6 +379,10 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0= +github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= +github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= +github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= diff --git a/pipeline/mutate/mutator_cookie_test.go b/pipeline/mutate/mutator_cookie_test.go index 4cc5e61b57..8d86c41ccc 100644 --- a/pipeline/mutate/mutator_cookie_test.go +++ b/pipeline/mutate/mutator_cookie_test.go @@ -135,6 +135,26 @@ func TestCredentialsIssuerCookies(t *testing.T) { }, Err: nil, }, + "Advanced template with sprig function": { + Session: &authn.AuthenticationSession{ + Subject: "foo", + Extra: map[string]interface{}{ + "example.com/some-claims": []string{"Foo", "Bar"}, + }, + }, + Rule: &rule.Rule{ID: "test-rule9"}, + Config: json.RawMessage([]byte(`{"cookies":{ + "example-claims": "{{- (index .Extra \"example.com/some-claims\") | join \",\" -}}" + }}`)), + Request: &http.Request{Header: http.Header{}}, + Match: []*http.Cookie{ + { + Name: "example-claims", + Value: "Foo,Bar", + }, + }, + Err: nil, + }, } t.Run("caching=off", func(t *testing.T) { diff --git a/pipeline/mutate/mutator_header_test.go b/pipeline/mutate/mutator_header_test.go index 622cd96951..cab7767165 100644 --- a/pipeline/mutate/mutator_header_test.go +++ b/pipeline/mutate/mutator_header_test.go @@ -123,6 +123,23 @@ func TestCredentialsIssuerHeaders(t *testing.T) { Match: http.Header{}, Err: errors.New(`json: unknown field "bar"`), }, + "Advanced template with sprig function": { + Session: &authn.AuthenticationSession{ + Subject: "foo", + Extra: map[string]interface{}{ + "example.com/some-claims": []string{"Foo", "Bar"}, + }, + }, + Rule: &rule.Rule{ID: "test-rule9"}, + Config: json.RawMessage([]byte(`{"headers":{ + "Example-Claims": "{{- (index .Extra \"example.com/some-claims\") | join \",\" -}}" + }}`)), + Request: &http.Request{Header: http.Header{}}, + Match: http.Header{ + "Example-Claims": []string{"Foo,Bar"}, + }, + Err: nil, + }, } t.Run("cache=disabled", func(t *testing.T) { diff --git a/pipeline/mutate/template.go b/pipeline/mutate/template.go index 5f7bd110d6..b44be63821 100644 --- a/pipeline/mutate/template.go +++ b/pipeline/mutate/template.go @@ -3,6 +3,8 @@ package mutate import ( "fmt" "text/template" + + "github.com/Masterminds/sprig" ) func newTemplate(id string) *template.Template { @@ -16,5 +18,6 @@ func newTemplate(id string) *template.Template { } return fmt.Sprintf("%v", i) }, - }) + }). + Funcs(sprig.TxtFuncMap()) }