diff --git a/pkg/apis/options/alpha_options.go b/pkg/apis/options/alpha_options.go new file mode 100644 index 00000000..1086ee2a --- /dev/null +++ b/pkg/apis/options/alpha_options.go @@ -0,0 +1,31 @@ +package options + +// AlphaOptions contains alpha structured configuration options. +// Usage of these options allows users to access alpha features that are not +// available as part of the primary configuration structure for OAuth2 Proxy. +// +// :::warning +// The options within this structure are considered alpha. +// They may change between releases without notice. +// ::: +type AlphaOptions struct { + // Upstreams is used to configure upstream servers. + // Once a user is authenticated, requests to the server will be proxied to + // these upstream servers based on the path mappings defined in this list. + Upstreams Upstreams `json:"upstreams,omitempty"` + + // InjectRequestHeaders is used to configure headers that should be added + // to requests to upstream servers. + // Headers may source values from either the authenticated user's session + // or from a static secret value. + InjectRequestHeaders []Header `json:"injectRequestHeaders,omitempty"` + + // InjectResponseHeaders is used to configure headers that should be added + // to responses from the proxy. + // This is typically used when using the proxy as an external authentication + // provider in conjunction with another proxy such as NGINX and its + // auth_request module. + // Headers may source values from either the authenticated user's session + // or from a static secret value. + InjectResponseHeaders []Header `json:"injectResponseHeaders,omitempty"` +} diff --git a/pkg/apis/options/common.go b/pkg/apis/options/common.go index d62d6f9d..b08bfa6d 100644 --- a/pkg/apis/options/common.go +++ b/pkg/apis/options/common.go @@ -10,13 +10,13 @@ import ( // Only one source within the struct should be defined at any time. type SecretSource struct { // Value expects a base64 encoded string value. - Value []byte + Value []byte `json:"value,omitempty"` // FromEnv expects the name of an environment variable. - FromEnv string + FromEnv string `json:"fromEnv,omitempty"` // FromFile expects a path to a file containing the secret value. - FromFile string + FromFile string `json:"fromFile,omitempty"` } // Duration is an alias for time.Duration so that we can ensure the marshalling diff --git a/pkg/apis/options/header.go b/pkg/apis/options/header.go index 0b2e1b69..4b41eff9 100644 --- a/pkg/apis/options/header.go +++ b/pkg/apis/options/header.go @@ -5,26 +5,26 @@ package options type Header struct { // Name is the header name to be used for this set of values. // Names should be unique within a list of Headers. - Name string `json:"name"` + Name string `json:"name,omitempty"` // PreserveRequestValue determines whether any values for this header // should be preserved for the request to the upstream server. // This option only takes effet on injected request headers. // Defaults to false (headers that match this header will be stripped). - PreserveRequestValue bool `json:"preserveRequestValue"` + PreserveRequestValue bool `json:"preserveRequestValue,omitempty"` // Values contains the desired values for this header - Values []HeaderValue `json:"values"` + Values []HeaderValue `json:"values,omitempty"` } // HeaderValue represents a single header value and the sources that can // make up the header value type HeaderValue struct { // Allow users to load the value from a secret source - *SecretSource + *SecretSource `json:",omitempty"` // Allow users to load the value from a session claim - *ClaimSource + *ClaimSource `json:",omitempty"` } // ClaimSource allows loading a header value from a claim within the session @@ -40,5 +40,5 @@ type ClaimSource struct { // BasicAuthPassword converts this claim into a basic auth header. // Note the value of claim will become the basic auth username and the // basicAuthPassword will be used as the password value. - BasicAuthPassword *SecretSource + BasicAuthPassword *SecretSource `json:"basicAuthPassword,omitempty"` } diff --git a/pkg/apis/options/upstreams.go b/pkg/apis/options/upstreams.go index ab6543c6..6536498d 100644 --- a/pkg/apis/options/upstreams.go +++ b/pkg/apis/options/upstreams.go @@ -8,11 +8,11 @@ type Upstreams []Upstream type Upstream struct { // ID should be a unique identifier for the upstream. // This value is required for all upstreams. - ID string `json:"id"` + ID string `json:"id,omitempty"` // Path is used to map requests to the upstream server. // The closest match will take precedence and all Paths must be unique. - Path string `json:"path"` + Path string `json:"path,omitempty"` // The URI of the upstream server. This may be an HTTP(S) server of a File // based URL. It may include a path, in which case all requests will be served @@ -24,19 +24,19 @@ type Upstream struct { // - file://host/path // If the URI's path is "/base" and the incoming request was for "/dir", // the upstream request will be for "/base/dir". - URI string `json:"uri"` + URI string `json:"uri,omitempty"` // InsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts. // This option is insecure and will allow potential Man-In-The-Middle attacks // betweem OAuth2 Proxy and the usptream server. // Defaults to false. - InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify"` + InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty"` // Static will make all requests to this upstream have a static response. // The response will have a body of "Authenticated" and a response code // matching StaticCode. // If StaticCode is not set, the response will return a 200 response. - Static bool `json:"static"` + Static bool `json:"static,omitempty"` // StaticCode determines the response code for the Static response. // This option can only be used with Static enabled. @@ -50,9 +50,9 @@ type Upstream struct { // PassHostHeader determines whether the request host header should be proxied // to the upstream server. // Defaults to true. - PassHostHeader *bool `json:"passHostHeader"` + PassHostHeader *bool `json:"passHostHeader,omitempty"` // ProxyWebSockets enables proxying of websockets to upstream servers // Defaults to true. - ProxyWebSockets *bool `json:"proxyWebSockets"` + ProxyWebSockets *bool `json:"proxyWebSockets,omitempty"` }