Added Global External Authentication settings to configmap parameters incl. addons
This commit is contained in:
okryvoshapka-connyun
parent
b4f2880ee6
commit
8cc9afe8ee
20 changed files with 819 additions and 72 deletions
45
internal/ingress/annotations/authreq/main.go
Normal file → Executable file
45
internal/ingress/annotations/authreq/main.go
Normal file → Executable file
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
package authreq
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/url"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
|
@ -84,7 +85,8 @@ var (
|
|||
headerRegexp = regexp.MustCompile(`^[a-zA-Z\d\-_]+$`)
|
||||
)
|
||||
|
||||
func validMethod(method string) bool {
|
||||
// ValidMethod checks is the provided string a valid HTTP method
|
||||
func ValidMethod(method string) bool {
|
||||
if len(method) == 0 {
|
||||
return false
|
||||
}
|
||||
|
|
@ -97,7 +99,8 @@ func validMethod(method string) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func validHeader(header string) bool {
|
||||
// ValidHeader checks is the provided string satisfies the header's name regex
|
||||
func ValidHeader(header string) bool {
|
||||
return headerRegexp.Match([]byte(header))
|
||||
}
|
||||
|
||||
|
|
@ -119,22 +122,13 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
authURL, err := url.Parse(urlString)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if authURL.Scheme == "" {
|
||||
return nil, ing_errors.NewLocationDenied("url scheme is empty")
|
||||
}
|
||||
if authURL.Host == "" {
|
||||
return nil, ing_errors.NewLocationDenied("url host is empty")
|
||||
}
|
||||
if strings.Contains(authURL.Host, "..") {
|
||||
return nil, ing_errors.NewLocationDenied("invalid url host")
|
||||
authURL, message := ParseStringToURL(urlString)
|
||||
if authURL == nil {
|
||||
return nil, ing_errors.NewLocationDenied(message)
|
||||
}
|
||||
|
||||
authMethod, _ := parser.GetStringAnnotation("auth-method", ing)
|
||||
if len(authMethod) != 0 && !validMethod(authMethod) {
|
||||
if len(authMethod) != 0 && !ValidMethod(authMethod) {
|
||||
return nil, ing_errors.NewLocationDenied("invalid HTTP method")
|
||||
}
|
||||
|
||||
|
|
@ -156,7 +150,7 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
|
|||
for _, header := range harr {
|
||||
header = strings.TrimSpace(header)
|
||||
if len(header) > 0 {
|
||||
if !validHeader(header) {
|
||||
if !ValidHeader(header) {
|
||||
return nil, ing_errors.NewLocationDenied("invalid headers list")
|
||||
}
|
||||
responseHeaders = append(responseHeaders, header)
|
||||
|
|
@ -176,3 +170,22 @@ func (a authReq) Parse(ing *extensions.Ingress) (interface{}, error) {
|
|||
AuthSnippet: authSnippet,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// ParseStringToURL parses the provided string into URL and returns error
|
||||
// message in case of failure
|
||||
func ParseStringToURL(input string) (*url.URL, string) {
|
||||
|
||||
parsedURL, err := url.Parse(input)
|
||||
if err != nil {
|
||||
return nil, fmt.Sprintf("%v is not a valid URL: %v", input, err)
|
||||
}
|
||||
if parsedURL.Scheme == "" {
|
||||
return nil, "url scheme is empty."
|
||||
} else if parsedURL.Host == "" {
|
||||
return nil, "url host is empty."
|
||||
} else if strings.Contains(parsedURL.Host, "..") {
|
||||
return nil, "invalid url host."
|
||||
}
|
||||
return parsedURL, ""
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue