Affected by GO-2024-2965 and 1 other vulnerabilities

GO-2024-2965: Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium

GO-2024-3179: Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium

envoyconfig

package

v0.18.1 Latest Latest Go to latest Published: May 26, 2023 License: Apache-2.0 Imports: 62 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pomerium/pomerium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package envoyconfig contains a Builder for building Envoy configuration from Pomerium configuration.

Index ¶

Constants
func ExtAuthzContextExtensionsIsInternal(extAuthzContextExtensions map[string]string) bool
func MakeExtAuthzContextExtensions(internal bool, routeID uint64) map[string]string
func PerFilterConfigExtAuthzContextExtensions(authzContextExtensions map[string]string) *any.Any
func PerFilterConfigExtAuthzDisabled() *any.Any
type Builder
- func New(localGRPCAddress string, localHTTPAddress string, localMetricsAddress string, ...) *Builder
type Endpoint
- func NewEndpoint(u *url.URL, ts *envoy_config_core_v3.TransportSocket, weight uint32) Endpoint
- func (e Endpoint) TransportSocketName() string

Constants ¶

View Source

const PerFilterConfigExtAuthzName = "envoy.filters.http.ext_authz"

PerFilterConfigExtAuthzName is the name of the ext authz filter to apply config to

Variables ¶

This section is empty.

Functions ¶

func ExtAuthzContextExtensionsIsInternal ¶ added in v0.17.4

func ExtAuthzContextExtensionsIsInternal(extAuthzContextExtensions map[string]string) bool

ExtAuthzContextExtensionsIsInternal returns true if the context extensions indicates the route is internal.

func MakeExtAuthzContextExtensions ¶ added in v0.17.4

func MakeExtAuthzContextExtensions(internal bool, routeID uint64) map[string]string

MakeExtAuthzContextExtensions makes the ext authz context extensions.

func PerFilterConfigExtAuthzContextExtensions ¶ added in v0.17.4

func PerFilterConfigExtAuthzContextExtensions(authzContextExtensions map[string]string) *any.Any

PerFilterConfigExtAuthzContextExtensions returns a per-filter config for ext authz that disables ext-authz.

func PerFilterConfigExtAuthzDisabled ¶ added in v0.17.4

func PerFilterConfigExtAuthzDisabled() *any.Any

PerFilterConfigExtAuthzDisabled returns a per-filter config for ext authz that disables ext-authz.

Types ¶

type Builder ¶

type Builder struct {
	// contains filtered or unexported fields
}

A Builder builds envoy config from pomerium config.

func New ¶

func New(
	localGRPCAddress string,
	localHTTPAddress string,
	localMetricsAddress string,
	fileManager *filemgr.Manager,
	reproxyHandler *reproxy.Handler,
) *Builder

New creates a new Builder.

func (*Builder) BuildBootstrapAdmin ¶

func (b *Builder) BuildBootstrapAdmin(cfg *config.Config) (admin *envoy_config_bootstrap_v3.Admin, err error)

BuildBootstrapAdmin builds the admin config for the envoy bootstrap.

func (*Builder) BuildBootstrapLayeredRuntime ¶ added in v0.15.0

func (b *Builder) BuildBootstrapLayeredRuntime() (*envoy_config_bootstrap_v3.LayeredRuntime, error)

BuildBootstrapLayeredRuntime builds the layered runtime for the envoy bootstrap.

func (*Builder) BuildBootstrapStaticResources ¶

func (b *Builder) BuildBootstrapStaticResources() (*envoy_config_bootstrap_v3.Bootstrap_StaticResources, error)

BuildBootstrapStaticResources builds the static resources for the envoy bootstrap. It includes the control plane cluster.

func (*Builder) BuildBootstrapStatsConfig ¶

func (b *Builder) BuildBootstrapStatsConfig(cfg *config.Config) (*envoy_config_metrics_v3.StatsConfig, error)

BuildBootstrapStatsConfig builds a the stats config the envoy bootstrap.

func (*Builder) BuildClusters ¶

func (b *Builder) BuildClusters(ctx context.Context, cfg *config.Config) ([]*envoy_config_cluster_v3.Cluster, error)

BuildClusters builds envoy clusters from the given config.

func (*Builder) BuildListeners ¶

func (b *Builder) BuildListeners(ctx context.Context, cfg *config.Config) ([]*envoy_config_listener_v3.Listener, error)

BuildListeners builds envoy listeners from the given config.

type Endpoint ¶

type Endpoint struct {
	// contains filtered or unexported fields
}

An Endpoint is a URL with its corresponding Transport Socket.

func NewEndpoint ¶

func NewEndpoint(u *url.URL, ts *envoy_config_core_v3.TransportSocket, weight uint32) Endpoint

NewEndpoint creates a new Endpoint.

func (Endpoint) TransportSocketName ¶

func (e Endpoint) TransportSocketName() string

TransportSocketName return the name for this endpoint.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
filemgr Package filemgr defines a Manager for managing files for the controlplane.	Package filemgr defines a Manager for managing files for the controlplane.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL