Fix forwarding of auth-response-headers to gRPC backends (#7331)
* add e2e test for auth-response-headers annotation * add e2e test for grpc with auth-response-headers * fix forwarding of auth header to GRPC backends * add test case for proxySetHeader(nil)
This commit is contained in:
Tom Hayward
Kubernetes Prow Robot
parent
c9d5b21a65
commit
9a9ad47857
5 changed files with 136 additions and 22 deletions
|
|
@ -563,7 +563,7 @@ func shouldApplyGlobalAuth(input interface{}, globalExternalAuthURL string) bool
|
|||
return false
|
||||
}
|
||||
|
||||
func buildAuthResponseHeaders(headers []string) []string {
|
||||
func buildAuthResponseHeaders(proxySetHeader string, headers []string) []string {
|
||||
res := []string{}
|
||||
|
||||
if len(headers) == 0 {
|
||||
|
|
@ -574,7 +574,7 @@ func buildAuthResponseHeaders(headers []string) []string {
|
|||
hvar := strings.ToLower(h)
|
||||
hvar = strings.NewReplacer("-", "_").Replace(hvar)
|
||||
res = append(res, fmt.Sprintf("auth_request_set $authHeader%v $upstream_http_%v;", i, hvar))
|
||||
res = append(res, fmt.Sprintf("proxy_set_header '%v' $authHeader%v;", h, i))
|
||||
res = append(res, fmt.Sprintf("%s '%v' $authHeader%v;", proxySetHeader, h, i))
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
|
@ -668,7 +668,7 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
|
|||
var xForwardedPrefix string
|
||||
|
||||
if len(location.XForwardedPrefix) > 0 {
|
||||
xForwardedPrefix = fmt.Sprintf("proxy_set_header X-Forwarded-Prefix \"%s\";\n", location.XForwardedPrefix)
|
||||
xForwardedPrefix = fmt.Sprintf("%s X-Forwarded-Prefix \"%s\";\n", proxySetHeader(location), location.XForwardedPrefix)
|
||||
}
|
||||
|
||||
return fmt.Sprintf(`
|
||||
|
|
|
|||
|
|
@ -506,7 +506,7 @@ func TestBuildAuthResponseHeaders(t *testing.T) {
|
|||
"proxy_set_header 'H-With-Caps-And-Dashes' $authHeader1;",
|
||||
}
|
||||
|
||||
headers := buildAuthResponseHeaders(externalAuthResponseHeaders)
|
||||
headers := buildAuthResponseHeaders(proxySetHeader(nil), externalAuthResponseHeaders)
|
||||
|
||||
if !reflect.DeepEqual(expected, headers) {
|
||||
t.Errorf("Expected \n'%v'\nbut returned \n'%v'", expected, headers)
|
||||
|
|
@ -1182,23 +1182,40 @@ func TestBuildCustomErrorLocationsPerServer(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestProxySetHeader(t *testing.T) {
|
||||
invalidType := &ingress.Ingress{}
|
||||
expected := "proxy_set_header"
|
||||
actual := proxySetHeader(invalidType)
|
||||
|
||||
if expected != actual {
|
||||
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
|
||||
tests := []struct {
|
||||
name string
|
||||
loc interface{}
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
name: "nil",
|
||||
loc: nil,
|
||||
expected: "proxy_set_header",
|
||||
},
|
||||
{
|
||||
name: "invalid type",
|
||||
loc: &ingress.Ingress{},
|
||||
expected: "proxy_set_header",
|
||||
},
|
||||
{
|
||||
name: "http backend",
|
||||
loc: &ingress.Location{},
|
||||
expected: "proxy_set_header",
|
||||
},
|
||||
{
|
||||
name: "gRPC backend",
|
||||
loc: &ingress.Location{
|
||||
BackendProtocol: "GRPC",
|
||||
},
|
||||
expected: "grpc_set_header",
|
||||
},
|
||||
}
|
||||
|
||||
grpcBackend := &ingress.Location{
|
||||
BackendProtocol: "GRPC",
|
||||
}
|
||||
|
||||
expected = "grpc_set_header"
|
||||
actual = proxySetHeader(grpcBackend)
|
||||
|
||||
if expected != actual {
|
||||
t.Errorf("Expected '%v' but returned '%v'", expected, actual)
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if got := proxySetHeader(tt.loc); got != tt.expected {
|
||||
t.Errorf("proxySetHeader() = %v, expected %v", got, tt.expected)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue