Middlewares: add forwardAuth.authResponseHeadersRegex

2020-10-29 17:10:04 +03:00
parent b5198e63c4
commit 49cdb67ddc
12 changed files with 116 additions and 24 deletions
--- a/docs/content/middlewares/forwardauth.md
+++ b/docs/content/middlewares/forwardauth.md
@@ -164,7 +164,7 @@ http:

 ### `authResponseHeaders`

-The `authResponseHeaders` option is the list of the headers to copy from the authentication server to the request.
+The `authResponseHeaders` option is the list of the headers to copy from the authentication server to the request. All incoming request's headers in this list are deleted from the request before any copy happens.

 ```yaml tab="Docker"
 labels:
@@ -217,6 +217,59 @@ http:
          - "X-Secret"
 ```

+### `authResponseHeadersRegex`
+
+The `authResponseHeadersRegex` option is the regex to match the headers that should be copied from the authentication server to the request. All incoming request's headers matching this regex are deleted from the request before any copy happens.
+It allows partial matching of the regular expression against the header's key.
+You should use start of string (`^`) and end of string (`$`) anchors to ensure a full match against the header's key.
+
+```yaml tab="Docker"
+labels:
+  - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: test-auth
+spec:
+  forwardAuth:
+    address: https://example.com/auth
+    authResponseHeadersRegex: ^X-
+```
+
+```yaml tab="Consul Catalog"
+- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex": "^X-"
+}
+```
+
+```yaml tab="Rancher"
+labels:
+  - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
+```
+
+```toml tab="File (TOML)"
+[http.middlewares]
+  [http.middlewares.test-auth.forwardAuth]
+    address = "https://example.com/auth"
+    authResponseHeadersRegex = "^X-"
+```
+
+```yaml tab="File (YAML)"
+http:
+  middlewares:
+    test-auth:
+      forwardAuth:
+        address: "https://example.com/auth"
+        authResponseHeadersRegex: "^X-"
+```
+
 ### `authRequestHeaders`

 The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server.
--- a/docs/content/reference/dynamic-configuration/docker-labels.yml
+++ b/docs/content/reference/dynamic-configuration/docker-labels.yml
@@ -24,6 +24,7 @@
 - "traefik.http.middlewares.middleware08.errors.status=foobar, foobar"
 - "traefik.http.middlewares.middleware09.forwardauth.address=foobar"
 - "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
 - "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
 - "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
 - "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
--- a/docs/content/reference/dynamic-configuration/file.toml
+++ b/docs/content/reference/dynamic-configuration/file.toml
@@ -139,6 +139,7 @@
        address = "foobar"
        trustForwardHeader = true
        authResponseHeaders = ["foobar", "foobar"]
+        authResponseHeadersRegex = "foobar"
        authRequestHeaders = ["foobar", "foobar"]
        [http.middlewares.Middleware09.forwardAuth.tls]
          ca = "foobar"
--- a/docs/content/reference/dynamic-configuration/file.yaml
+++ b/docs/content/reference/dynamic-configuration/file.yaml
@@ -158,6 +158,7 @@ http:
        authResponseHeaders:
        - foobar
        - foobar
+        authResponseHeadersRegex: foobar
        authRequestHeaders:
        - foobar
        - foobar
--- a/docs/content/reference/dynamic-configuration/kv-ref.md
+++ b/docs/content/reference/dynamic-configuration/kv-ref.md
@@ -31,6 +31,7 @@
 | `traefik/http/middlewares/Middleware09/forwardAuth/authRequestHeaders/1` | `foobar` |
 | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/0` | `foobar` |
 | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
 | `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
 | `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
 | `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
--- a/docs/content/reference/dynamic-configuration/marathon-labels.json
+++ b/docs/content/reference/dynamic-configuration/marathon-labels.json
@@ -24,6 +24,7 @@
 "traefik.http.middlewares.middleware08.errors.status": "foobar, foobar",
 "traefik.http.middlewares.middleware09.forwardauth.address": "foobar",
 "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
 "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders": "foobar, foobar",
 "traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
 "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",