Added inline header mapping for cimplicity in deployment and config (#18

)
rorylshanks · Mar 7, 2024 · 2f2238f · 2f2238f
1 parent fe7d049
commit 2f2238f
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 3 deletions.
diff --git a/example-config.yaml b/example-config.yaml
@@ -53,9 +53,12 @@ policy:
   token_auth_header_prefix: "Basic "
   token_auth_is_base64_encoded: true
   request_header_map_file: request_header_map.json
-  jwt_override_audience: httpbin-test.localhost
+  request_header_map_inline:
+    group-name:
+      Authorization: fake
   request_header_map_headers:
     - Authorization
     - X-Test-Header
+  jwt_override_audience: httpbin-test.localhost
   tls_client_cert_file: path/to/cert.pem
   tls_client_key_file: path/to/key.pem
diff --git a/lib/authz.js b/lib/authz.js
@@ -65,7 +65,7 @@ async function addRequestedHeaders(req, res, route, user, discoveredGroups) {
             }
         }
     }
-    if (route.request_header_map_headers && route.request_header_map_file) {
+    if (route.request_header_map_headers && (route.request_header_map_file || route.request_header_map_inline)) {
         var requestHeaderMap = await getRequestHeaderMapConfig(user, route)
         if (requestHeaderMap) {
             for (var header of route.request_header_map_headers) {
@@ -88,7 +88,12 @@ async function getRequestHeaderMapConfig(user, route) {
         var result = {}
         try {
             log.debug("Cache miss, returning requestHeaderMap from file " + route.request_header_map_file)
-            var requestHeaderMap = JSON.parse(await fs.readFile(route.request_header_map_file))
+            if (route.request_header_map_file) {
+                var requestHeaderMap = JSON.parse(await fs.readFile(route.request_header_map_file))
+            } else {
+                var requestHeaderMap = route.request_header_map_inline
+            }
+
             for (var group of userGroups) {
                 if (requestHeaderMap[group]) {
                     result = {

diff --git a/test/e2e/configs/veriflow.yaml b/test/e2e/configs/veriflow.yaml
@@ -71,6 +71,22 @@ policy:
   allowed_groups:
   - All Users
 
+- from: http://test-header-mapping-inline.localtest.me
+  to: http://localhost:8080
+  request_header_map_inline: 
+    [email protected]:
+      Authorization: ThisIsATestHeaderFromTheHeaderMapping
+      X-test-Header: another test
+    test-header-group:
+      TestHeaderFromGroup: TestHeaderFromGroup
+    test-header-group-absent:
+      TestAbsentHeaderFromGroup: TestAbsentHeaderFromGroup
+  request_header_map_headers:
+    - Authorization
+    - TestHeaderFromGroup
+  allowed_groups:
+  - All Users
+
 - from: http://test-token-auth.localtest.me
   to: http://localhost:8080
   token_auth_config_file: "/configs/token-auth-test.json"

diff --git a/test/e2e/tests/basic_test.js b/test/e2e/tests/basic_test.js
@@ -40,6 +40,14 @@ Scenario('Testing Header Mapping', async ({ I }) => {
     I.dontSee("TestAbsentHeaderFromGroup")
 });
 
+Scenario('Testing Header Mapping Inline', async ({ I }) => {
+    I.amOnPage('http://test-header-mapping-inline.localtest.me:2080/');
+    I.login();
+    I.see("ThisIsATestHeaderFromTheHeaderMapping")
+    I.see("TestHeaderFromGroup")
+    I.dontSee("TestAbsentHeaderFromGroup")
+});
+
 Scenario('Testing Token Auth', async ({ I }) => {
     I.setPuppeteerRequestHeaders({
         'Authorization': 'Bearer ThisIsATestToken',