Skip to content

v0.30.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 May 13:55
· 59 commits to main since this release
v0.30.0
3c1bb4f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

New: GCP Auth Stubbing

When gcp_auth is active, the proxy now intercepts requests to GCP OAuth2 token endpoints (oauth2.googleapis.com/token and the GCE/GKE metadata server) and answers them with a synthetic stub token. Clients complete the OAuth2 handshake against the proxy without needing real credentials. The proxy mints the real access token from the keyfile it holds and injects it on the upstream API call. Stubbing is always-on whenever gcp_auth is configured, independent of the transform's host rules.

This adds a new ActionStub pipeline action. It short-circuits the request pipeline similarly to ActionReject, but renders as "stub" at INFO level in audit logs (with a stubbed_by field) so you can distinguish proxy-served responses from rejections.

Changelog

  • 3c1bb4f feat(gcpauth): stub GCP OAuth2 token endpoints with a synthetic token (#119)
Assets 8
Loading