Skip to content

Commit

Permalink
add jwt claim headers option (pomerium#426)
Browse files Browse the repository at this point in the history
  • Loading branch information
wasaga authored Nov 10, 2022
1 parent 777a532 commit c38efee
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 0 deletions.
7 changes: 7 additions & 0 deletions apis/ingress/v1/pomerium_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,13 @@ type PomeriumSpec struct {
// Cookie defines Pomerium cookie options
// +optional
Cookie *Cookie `json:"cookie,omitempty"`

// JWTClaimHeaders convert claims from the assertion token
// into HTTP headers. We recommend you only use it for compatibility
// with legacy applications, and use JWT assertion header directly
// for new applications, read more at https://www.pomerium.com/docs/topics/getting-users-identity
// +optional
JWTClaimHeaders map[string]string `json:"jwtClaimHeaders,omitempty"`
}

// ResourceStatus represents the outcome of the latest attempt to reconcile it with Pomerium.
Expand Down
7 changes: 7 additions & 0 deletions apis/ingress/v1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions config/crd/bases/ingress.pomerium.io_pomerium.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,14 @@ spec:
- provider
- secret
type: object
jwtClaimHeaders:
additionalProperties:
type: string
description: JWTClaimHeaders convert claims from the assertion token
into HTTP headers. We recommend you only use it for compatibility
with legacy applications, and use JWT assertion header directly
for new applications, read more at https://www.pomerium.com/docs/topics/getting-users-identity
type: object
secrets:
description: Secrets references a Secret that must have the following
keys - shared_secret - cookie_secret - signing_key
Expand Down
8 changes: 8 additions & 0 deletions deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,14 @@ spec:
- provider
- secret
type: object
jwtClaimHeaders:
additionalProperties:
type: string
description: JWTClaimHeaders convert claims from the assertion token
into HTTP headers. We recommend you only use it for compatibility
with legacy applications, and use JWT assertion header directly
for new applications, read more at https://www.pomerium.com/docs/topics/getting-users-identity
type: object
secrets:
description: Secrets references a Secret that must have the following
keys - shared_secret - cookie_secret - signing_key
Expand Down
6 changes: 6 additions & 0 deletions pomerium/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ func applyConfig(ctx context.Context, p *pb.Config, c *model.Config) error {
{"idp secret", applyIDPSecret},
{"idp request params", applyIDPRequestParams},
{"cookie", applyCookie},
{"jwt claim headers", applyJWTClaimHeaders},
} {
if err := apply.fn(ctx, p, c); err != nil {
return fmt.Errorf("%s: %w", apply.name, err)
Expand All @@ -44,6 +45,11 @@ func applyConfig(ctx context.Context, p *pb.Config, c *model.Config) error {
return nil
}

func applyJWTClaimHeaders(_ context.Context, p *pb.Config, c *model.Config) error {
p.Settings.JwtClaimsHeaders = c.Spec.JWTClaimHeaders
return nil
}

func applyCookie(_ context.Context, p *pb.Config, c *model.Config) error {
if c.Spec.Cookie == nil {
return nil
Expand Down

0 comments on commit c38efee

Please sign in to comment.