From 2f2238f2e5c635d52df7b8b0ce135b82639203d9 Mon Sep 17 00:00:00 2001 From: Rory Shanks <6383578+rorylshanks@users.noreply.github.com> Date: Thu, 7 Mar 2024 07:05:13 +0100 Subject: [PATCH] Added inline header mapping for cimplicity in deployment and config (#18) --- example-config.yaml | 5 ++++- lib/authz.js | 9 +++++++-- test/e2e/configs/veriflow.yaml | 16 ++++++++++++++++ test/e2e/tests/basic_test.js | 8 ++++++++ 4 files changed, 35 insertions(+), 3 deletions(-) diff --git a/example-config.yaml b/example-config.yaml index 237c6e2..9690ca7 100644 --- a/example-config.yaml +++ b/example-config.yaml @@ -53,9 +53,12 @@ policy: token_auth_header_prefix: "Basic " token_auth_is_base64_encoded: true request_header_map_file: request_header_map.json - jwt_override_audience: httpbin-test.localhost + request_header_map_inline: + group-name: + Authorization: fake request_header_map_headers: - Authorization - X-Test-Header + jwt_override_audience: httpbin-test.localhost tls_client_cert_file: path/to/cert.pem tls_client_key_file: path/to/key.pem diff --git a/lib/authz.js b/lib/authz.js index 9b67035..b696547 100644 --- a/lib/authz.js +++ b/lib/authz.js @@ -65,7 +65,7 @@ async function addRequestedHeaders(req, res, route, user, discoveredGroups) { } } } - if (route.request_header_map_headers && route.request_header_map_file) { + if (route.request_header_map_headers && (route.request_header_map_file || route.request_header_map_inline)) { var requestHeaderMap = await getRequestHeaderMapConfig(user, route) if (requestHeaderMap) { for (var header of route.request_header_map_headers) { @@ -88,7 +88,12 @@ async function getRequestHeaderMapConfig(user, route) { var result = {} try { log.debug("Cache miss, returning requestHeaderMap from file " + route.request_header_map_file) - var requestHeaderMap = JSON.parse(await fs.readFile(route.request_header_map_file)) + if (route.request_header_map_file) { + var requestHeaderMap = JSON.parse(await fs.readFile(route.request_header_map_file)) + } else { + var requestHeaderMap = route.request_header_map_inline + } + for (var group of userGroups) { if (requestHeaderMap[group]) { result = { diff --git a/test/e2e/configs/veriflow.yaml b/test/e2e/configs/veriflow.yaml index 888594c..854dac9 100644 --- a/test/e2e/configs/veriflow.yaml +++ b/test/e2e/configs/veriflow.yaml @@ -71,6 +71,22 @@ policy: allowed_groups: - All Users +- from: http://test-header-mapping-inline.localtest.me + to: http://localhost:8080 + request_header_map_inline: + test@veriflow.dev: + Authorization: ThisIsATestHeaderFromTheHeaderMapping + X-test-Header: another test + test-header-group: + TestHeaderFromGroup: TestHeaderFromGroup + test-header-group-absent: + TestAbsentHeaderFromGroup: TestAbsentHeaderFromGroup + request_header_map_headers: + - Authorization + - TestHeaderFromGroup + allowed_groups: + - All Users + - from: http://test-token-auth.localtest.me to: http://localhost:8080 token_auth_config_file: "/configs/token-auth-test.json" diff --git a/test/e2e/tests/basic_test.js b/test/e2e/tests/basic_test.js index 8d51116..f27e405 100644 --- a/test/e2e/tests/basic_test.js +++ b/test/e2e/tests/basic_test.js @@ -40,6 +40,14 @@ Scenario('Testing Header Mapping', async ({ I }) => { I.dontSee("TestAbsentHeaderFromGroup") }); +Scenario('Testing Header Mapping Inline', async ({ I }) => { + I.amOnPage('http://test-header-mapping-inline.localtest.me:2080/'); + I.login(); + I.see("ThisIsATestHeaderFromTheHeaderMapping") + I.see("TestHeaderFromGroup") + I.dontSee("TestAbsentHeaderFromGroup") +}); + Scenario('Testing Token Auth', async ({ I }) => { I.setPuppeteerRequestHeaders({ 'Authorization': 'Bearer ThisIsATestToken',