Merge 'v1.7.3' into master

2018-10-15 12:34:52 +02:00 · 2018-10-15 12:34:52 +02:00 · 6dcb51a4bd
commit 6dcb51a4bd
parent 94a6f8426b c875819a2e
187 changed files with 26637 additions and 2091 deletions
--- a/provider/kv/keynames.go
+++ b/provider/kv/keynames.go
@ -49,6 +49,7 @@ const (
 	pathFrontendWhiteListIPStrategyExcludedIPs            = pathFrontendWhiteListIPStrategy + "/excludedips"

 	pathFrontendAuth                             = "/auth/"
+	pathFrontendAuthHeaderField                  = pathFrontendAuth + "headerfield"
 	pathFrontendAuthBasic                        = pathFrontendAuth + "basic/"
 	pathFrontendAuthBasicRemoveHeader            = pathFrontendAuthBasic + "removeheader"
 	pathFrontendAuthBasicUsers                   = pathFrontendAuthBasic + "users"
@ -59,6 +60,7 @@ const (
 	pathFrontendAuthDigestUsersFile              = pathFrontendAuthDigest + "usersfile"
 	pathFrontendAuthForward                      = pathFrontendAuth + "forward/"
 	pathFrontendAuthForwardAddress               = pathFrontendAuthForward + "address"
+	pathFrontendAuthForwardAuthResponseHeaders   = pathFrontendAuthForward + ".authresponseheaders"
 	pathFrontendAuthForwardTLS                   = pathFrontendAuthForward + "tls/"
 	pathFrontendAuthForwardTLSCa                 = pathFrontendAuthForwardTLS + "ca"
 	pathFrontendAuthForwardTLSCaOptional         = pathFrontendAuthForwardTLS + "caoptional"
@ -66,7 +68,6 @@ const (
 	pathFrontendAuthForwardTLSInsecureSkipVerify = pathFrontendAuthForwardTLS + "insecureskipverify"
 	pathFrontendAuthForwardTLSKey                = pathFrontendAuthForwardTLS + "key"
 	pathFrontendAuthForwardTrustForwardHeader    = pathFrontendAuthForward + "trustforwardheader"
-	pathFrontendAuthHeaderField                  = pathFrontendAuth + "headerfield"

 	pathFrontendEntryPoints            = "/entrypoints"
 	pathFrontendRedirectEntryPoint     = "/redirect/entrypoint"
--- a/provider/kv/kv_config.go
+++ b/provider/kv/kv_config.go
@ -411,8 +411,9 @@ func (p *Provider) getAuthDigest(rootPath string) *types.Digest {
 // getAuthForward Create Forward Auth from path
 func (p *Provider) getAuthForward(rootPath string) *types.Forward {
 	forwardAuth := &types.Forward{
-		Address:            p.get("", rootPath, pathFrontendAuthForwardAddress),
-		TrustForwardHeader: p.getBool(false, rootPath, pathFrontendAuthForwardTrustForwardHeader),
+		Address:             p.get("", rootPath, pathFrontendAuthForwardAddress),
+		TrustForwardHeader:  p.getBool(false, rootPath, pathFrontendAuthForwardTrustForwardHeader),
+		AuthResponseHeaders: p.getList(rootPath, pathFrontendAuthForwardAuthResponseHeaders),
 	}

 	// TLS configuration
--- a/provider/kv/kv_config_test.go
+++ b/provider/kv/kv_config_test.go
@ -181,6 +181,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
 					withPair(pathFrontendAuthForwardTLSCert, "server.crt"),
 					withPair(pathFrontendAuthForwardTLSKey, "server.key"),
 					withPair(pathFrontendAuthForwardTLSInsecureSkipVerify, "true"),
+					withPair(pathFrontendAuthForwardAuthResponseHeaders, "X-Auth-User,X-Auth-Token"),
 				),
 				backend("backend"),
 			),
@ -200,8 +201,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
 						Auth: &types.Auth{
 							HeaderField: "X-WebAuth-User",
 							Forward: &types.Forward{
-								Address:            "auth.server",
-								TrustForwardHeader: true,
+								Address: "auth.server",
 								TLS: &types.ClientTLS{
 									CA:                 "ca.crt",
 									CAOptional:         true,
@ -209,6 +209,8 @@ func TestProviderBuildConfiguration(t *testing.T) {
 									Cert:               "server.crt",
 									Key:                "server.key",
 								},
+								TrustForwardHeader:  true,
+								AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Token"},
 							},
 						},
 					},