Added: support for http header passing from external authentication service response
This commit is contained in:
rsafronov
parent
e86d32dbd1
commit
302fa5f4bb
6 changed files with 122 additions and 7 deletions
|
|
@ -19,6 +19,7 @@ package authreq
|
|||
import (
|
||||
"net/url"
|
||||
"strings"
|
||||
"regexp"
|
||||
|
||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||
|
||||
|
|
@ -28,20 +29,23 @@ import (
|
|||
|
||||
const (
|
||||
// external URL that provides the authentication
|
||||
authURL = "ingress.kubernetes.io/auth-url"
|
||||
authMethod = "ingress.kubernetes.io/auth-method"
|
||||
authBody = "ingress.kubernetes.io/auth-send-body"
|
||||
authURL = "ingress.kubernetes.io/auth-url"
|
||||
authMethod = "ingress.kubernetes.io/auth-method"
|
||||
authBody = "ingress.kubernetes.io/auth-send-body"
|
||||
authHeaders = "ingress.kubernetes.io/auth-response-headers"
|
||||
)
|
||||
|
||||
// External returns external authentication configuration for an Ingress rule
|
||||
type External struct {
|
||||
URL string `json:"url"`
|
||||
Method string `json:"method"`
|
||||
SendBody bool `json:"sendBody"`
|
||||
URL string `json:"url"`
|
||||
Method string `json:"method"`
|
||||
SendBody bool `json:"sendBody"`
|
||||
ResponseHeaders []string `json:"responseHeaders"`
|
||||
}
|
||||
|
||||
var (
|
||||
methods = []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "CONNECT", "OPTIONS", "TRACE"}
|
||||
headerRegexp = regexp.MustCompile(`^[a-zA-Z\d\-_]+$`)
|
||||
)
|
||||
|
||||
func validMethod(method string) bool {
|
||||
|
|
@ -57,6 +61,10 @@ func validMethod(method string) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func validHeader(header string) bool {
|
||||
return headerRegexp.Match([]byte(header))
|
||||
}
|
||||
|
||||
type authReq struct {
|
||||
}
|
||||
|
||||
|
|
@ -97,11 +105,28 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
|
|||
return nil, ing_errors.NewLocationDenied("invalid HTTP method")
|
||||
}
|
||||
|
||||
h := []string{}
|
||||
hstr, _ := parser.GetStringAnnotation(authHeaders, ing)
|
||||
if len(hstr) != 0 {
|
||||
|
||||
harr := strings.Split(hstr, ",")
|
||||
for _, header := range harr {
|
||||
header := strings.TrimSpace(header)
|
||||
if len(header) > 0 {
|
||||
if !validHeader(header) {
|
||||
return nil, ing_errors.NewLocationDenied("invalid headers list")
|
||||
}
|
||||
h = append(h, header)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sb, _ := parser.GetBoolAnnotation(authBody, ing)
|
||||
|
||||
return &External{
|
||||
URL: str,
|
||||
Method: m,
|
||||
SendBody: sb,
|
||||
ResponseHeaders: h,
|
||||
}, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue