Filter ForwardAuth request headers

2020-10-07 17:36:04 +03:00 · 2020-10-07 17:36:04 +03:00 · 326be29568
commit 326be29568
parent f2e53a3569
16 changed files with 171 additions and 3 deletions
--- a/pkg/provider/kubernetes/crd/kubernetes.go
+++ b/pkg/provider/kubernetes/crd/kubernetes.go
@ -376,6 +376,7 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *v1alp
 		Address:             auth.Address,
 		TrustForwardHeader:  auth.TrustForwardHeader,
 		AuthResponseHeaders: auth.AuthResponseHeaders,
+		AuthRequestHeaders:  auth.AuthRequestHeaders,
 	}

 	if auth.TLS == nil {
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
@ -88,6 +88,7 @@ type ForwardAuth struct {
 	Address             string     `json:"address,omitempty"`
 	TrustForwardHeader  bool       `json:"trustForwardHeader,omitempty"`
 	AuthResponseHeaders []string   `json:"authResponseHeaders,omitempty"`
+	AuthRequestHeaders  []string   `json:"authRequestHeaders,omitempty"`
 	TLS                 *ClientTLS `json:"tls,omitempty"`
 }

--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
@ -171,6 +171,11 @@ func (in *ForwardAuth) DeepCopyInto(out *ForwardAuth) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.AuthRequestHeaders != nil {
+		in, out := &in.AuthRequestHeaders, &out.AuthRequestHeaders
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.TLS != nil {
 		in, out := &in.TLS, &out.TLS
 		*out = new(ClientTLS)
--- a/pkg/provider/kv/kv_test.go
+++ b/pkg/provider/kv/kv_test.go
@ -71,6 +71,8 @@ func Test_buildConfiguration(t *testing.T) {
 		"traefik/http/services/Service03/weighted/services/1/weight":                                 "42",
 		"traefik/http/middlewares/Middleware08/forwardAuth/authResponseHeaders/0":                    "foobar",
 		"traefik/http/middlewares/Middleware08/forwardAuth/authResponseHeaders/1":                    "foobar",
+		"traefik/http/middlewares/Middleware08/forwardAuth/authRequestHeaders/0":                     "foobar",
+		"traefik/http/middlewares/Middleware08/forwardAuth/authRequestHeaders/1":                     "foobar",
 		"traefik/http/middlewares/Middleware08/forwardAuth/tls/key":                                  "foobar",
 		"traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify":                   "true",
 		"traefik/http/middlewares/Middleware08/forwardAuth/tls/ca":                                   "foobar",
@ -407,6 +409,10 @@ func Test_buildConfiguration(t *testing.T) {
 							"foobar",
 							"foobar",
 						},
+						AuthRequestHeaders: []string{
+							"foobar",
+							"foobar",
+						},
 					},
 				},
 				"Middleware06": {