routes: add description, logo_url, source_ppl (#1089)

Author: calebdoxsey

go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/iancoleman/strcase v0.3.0
 	github.com/martinlindhe/base36 v1.1.1
 	github.com/open-policy-agent/opa v1.0.0
+	github.com/pomerium/csrf v1.7.0
 	github.com/pomerium/pomerium v0.28.1-0.20250127214108-332d3dc3345e
 	github.com/rs/zerolog v1.33.0
 	github.com/sergi/go-diff v1.3.1
@@ -158,7 +159,6 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/pomerium/csrf v1.7.0 // indirect
 	github.com/pomerium/datasource v0.18.2-0.20221108160055-c6134b5ed524 // indirect
 	github.com/pomerium/envoy-custom v1.32.4-0.20250114182541-6f6d2147bea6 // indirect
 	github.com/pomerium/protoutil v0.0.0-20240813175624-47b7ac43ff46 // indirect

pomerium/ingress_annotations.go

@@ -7,6 +7,7 @@ import (
 
 	envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	"github.com/open-policy-agent/opa/ast"
+	"google.golang.org/protobuf/proto"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 
@@ -24,11 +25,13 @@ var (
 		"allow_spdy",
 		"allow_websockets",
 		"cors_allow_preflight",
+		"description",
 		"host_path_regex_rewrite_pattern",
 		"host_path_regex_rewrite_substitution",
 		"host_rewrite_header",
 		"host_rewrite",
 		"idle_timeout",
+		"logo_url",
 		"pass_identity_headers",
 		"prefix_rewrite",
 		"preserve_host_header",
@@ -195,6 +198,7 @@ func unmarshalPolicyAnnotations(p *pomerium.Policy, kvs map[string]string) error
 		return fmt.Errorf("invalid custom rego: %w", err)
 	}
 
+	p.SourcePpl = proto.String(ppl)
 	p.Rego = []string{src}
 	return nil
 }

pomerium/ingress_annotations_test.go

@@ -46,6 +46,7 @@ func TestAnnotations(t *testing.T) {
 					"a/allowed_idp_claims":                      `key: ["val1", "val2"]`,
 					"a/allowed_users":                           `["a"]`,
 					"a/cors_allow_preflight":                    "true",
+					"a/description":                             "DESCRIPTION",
 					"a/health_checks":                           `[{"timeout": "10s", "interval": "1m", "healthy_threshold": 1, "unhealthy_threshold": 2, "http_health_check": {"path": "/"}}]`,
 					"a/host_path_regex_rewrite_pattern":         "rewrite-pattern",
 					"a/host_path_regex_rewrite_substitution":    "rewrite-sub",
@@ -54,6 +55,7 @@ func TestAnnotations(t *testing.T) {
 					"a/idle_timeout":                            `60s`,
 					"a/kubernetes_service_account_token_secret": "k8s_token",
 					"a/lb_policy":                               "LEAST_REQUEST",
+					"a/logo_url":                                "LOGO_URL",
 					"a/least_request_lb_config":                 `{"choice_count":3,"active_request_bias":{"default_value":4,"runtime_key":"key"},"slow_start_config":{"slow_start_window":"3s","aggression":{"runtime_key":"key"}}}`,
 					"a/pass_identity_headers":                   "true",
 					"a/policy":                                  testPPL,
@@ -187,9 +189,12 @@ func TestAnnotations(t *testing.T) {
 			AllowedIdpClaims: map[string]*structpb.ListValue{
 				"key": {Values: []*structpb.Value{structpb.NewStringValue("val1"), structpb.NewStringValue("val2")}},
 			},
+			SourcePpl: proto.String(`{"allow":{"or":[{"domain":{"is":"pomerium.com"}}]}}`),
 		}},
 		TlsSkipVerify: true,
 		TlsServerName: "my.server.name",
+		Description:   "DESCRIPTION",
+		LogoUrl:       "LOGO_URL",
 	}, cmpopts.IgnoreUnexported(
 		pb.Route{},
 		pb.RouteRewriteHeader{},