From ff7ac50f7861c99620bfca6a324bfa89f50d5ccc Mon Sep 17 00:00:00 2001 From: Stephen Touset Date: Fri, 17 Dec 2021 11:28:17 -0800 Subject: [PATCH] RFD 47 and 48 --- rfd/0047-environment-proxies.md | 34 +++++++++++++++++++++++++ rfd/0048-environment-headers.md | 44 +++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 rfd/0047-environment-proxies.md create mode 100644 rfd/0048-environment-headers.md diff --git a/rfd/0047-environment-proxies.md b/rfd/0047-environment-proxies.md new file mode 100644 index 0000000000000..226c61e776707 --- /dev/null +++ b/rfd/0047-environment-proxies.md @@ -0,0 +1,34 @@ +--- +authors: Stephen Touset (stephen@squareup.com) +state: draft +--- + +# RFD 47 - Environment-Configured Proxies + +## What + +This RFD proposes that all HTTP clients should be configurable to perform +requests through intermediate proxies, using the standard `HTTP_PROXY`, +`HTTPS_PROXY`, and `NOPROXY` enviroment variables. + +## Why + +Client environments sometimes need to issue requests through proxy servers, +either to get out of restricted corporate networks or to get into +[BeyondCorp][https://cloud.google.com/beyondcorp] production environments. + +## Scope + +The changes should be relatively limited in scope, requiring only that HTTP +clients are initialized with a transport that respects these environment +variables. The golang `http` library ships a feature that transparently enables +this behavior. + +## UX + +Teleport gains the power to be invoked with environment variables specifying the +locations of HTTP proxies. + +```bash +env HTTPS_PROXY=http://proxy.example.com:80 tsh login --proxy teleport-proxy.example.com +``` \ No newline at end of file diff --git a/rfd/0048-environment-headers.md b/rfd/0048-environment-headers.md new file mode 100644 index 0000000000000..2f9b16f52ea0e --- /dev/null +++ b/rfd/0048-environment-headers.md @@ -0,0 +1,44 @@ +--- +authors: Stephen Touset (stephen@squareup.com) +state: draft +--- + +# RFD 48 - Environment-Configured Custom HTTP Headers + +## What + +This RFD proposes that all HTTP clients should be configurable to add custom, +opaque HTTP headers to their requests using an environment variable. + +## Why + +At Square, we connect from corporate laptops to services inside of our cloud and +datacenter enviornments through a [BeyondCorp][https://cloud.google.com/beyondcorp] +proxy. Clients authenticate to the proxy by providing a specially-crafted HTTP +header that contains an opaque authentication token. + +As such, we need a way to inject this header into requests made by the +webclient. + +## Scope + +These changes only affect the webclient (and roundtrip library), causing them to +look for user-provided headers in an environment variable and inserting those +headers into HTTP requests. + +## UX + +Teleport gains the power to be invoked with environment variables specifying +custom HTTP headers. Multiple headers may be separated with + +```bash +env TELEPORT_WEBCLIENT_HEADERS="Authorization: Basic xxxx\nCookie: some_cookie=yyy" \ + tsh login --proxy teleport-proxy.example.com +``` + +## Security + +If an attacker can control a user's environment when invoking the `tsh` command, +the user has already lost (e.g., `env LD_PRELOAD=/path/to/evil.so tsh`). So I do +not believe we need to whitelist or blacklist headers that we allow to be +provided with this mechanism. \ No newline at end of file