Don't pass the Authorization header to the backends
This commit is contained in:
Jean-Baptiste Doumenjou
Traefiker Bot
parent
ae8be89767
commit
9ce444b91a
40 changed files with 445 additions and 130 deletions
|
|
@ -161,6 +161,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
appID("/app"),
|
||||
appPorts(80),
|
||||
withLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User"),
|
||||
withLabel(label.TraefikFrontendAuthBasicRemoveHeader, "true"),
|
||||
withLabel(label.TraefikFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withLabel(label.TraefikFrontendAuthBasicUsersFile, ".htpasswd"),
|
||||
withTasks(localhostTask(taskPorts(80))),
|
||||
|
|
@ -176,6 +177,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
|
|
@ -245,6 +247,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
appID("/app"),
|
||||
appPorts(80),
|
||||
withLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User"),
|
||||
withLabel(label.TraefikFrontendAuthDigestRemoveHeader, "true"),
|
||||
withLabel(label.TraefikFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withLabel(label.TraefikFrontendAuthDigestUsersFile, ".htpasswd"),
|
||||
withTasks(localhostTask(taskPorts(80))),
|
||||
|
|
@ -260,6 +263,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Digest: &types.Digest{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
|
|
@ -371,8 +375,10 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
withLabel(label.TraefikBackendBufferingRetryExpression, "IsNetworkError() && Attempts() <= 2"),
|
||||
|
||||
withLabel(label.TraefikFrontendAuthBasic, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withLabel(label.TraefikFrontendAuthBasicRemoveHeader, "true"),
|
||||
withLabel(label.TraefikFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withLabel(label.TraefikFrontendAuthBasicUsersFile, ".htpasswd"),
|
||||
withLabel(label.TraefikFrontendAuthDigestRemoveHeader, "true"),
|
||||
withLabel(label.TraefikFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withLabel(label.TraefikFrontendAuthDigestUsersFile, ".htpasswd"),
|
||||
withLabel(label.TraefikFrontendAuthForwardAddress, "auth.server"),
|
||||
|
|
@ -452,6 +458,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
|
|
@ -760,6 +767,21 @@ func TestBuildConfigurationSegments(t *testing.T) {
|
|||
withSegmentLabel(label.TraefikWeight, "12", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasic, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthBasicUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestRemoveHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthDigestUsersFile, ".htpasswd", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardAddress, "auth.server", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTrustForwardHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCa, "ca.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCaOptional, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSCert, "server.crt", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSKey, "server.key", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthForwardTLSInsecureSkipVerify, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAuthHeaderField, "X-WebAuth-User", "containous"),
|
||||
|
||||
withSegmentLabel(label.TraefikFrontendEntryPoints, "http,https", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassHostHeader, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendPassTLSCert, "true", "containous"),
|
||||
|
|
@ -826,9 +848,12 @@ func TestBuildConfigurationSegments(t *testing.T) {
|
|||
PassTLSCert: true,
|
||||
Priority: 666,
|
||||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
},
|
||||
},
|
||||
WhiteList: &types.WhiteList{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue