Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add decoder header mutation rules #34182

Merged
merged 18 commits into from
Jun 7, 2024
Merged

Add decoder header mutation rules #34182

merged 18 commits into from
Jun 7, 2024

Conversation

antoniovleonti
Copy link
Contributor

Commit Message: Add decoder header mutation rules
Additional Description: Currently the ext_authz filter has no mechanism to restrict what header mutations are allowed from the authz server. This is necessary if you want to use the filter with untrusted authz servers.
Risk Level: low
Testing: unit & integration tested
Docs Changes: added to proto
Release Notes: updated changelog
Platform Specific Features: n/a

@antoniovleonti
add header mutation rules
231c73a 
Signed-off-by: antoniovleonti <[email protected]>
@repokitteh-read-only RepoKitteh - Read Only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @wbpcode
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #34182 was opened by antoniovleonti.

see: more, trace.

@antoniovleonti
fix spelling errors
f8f0736 
Signed-off-by: antoniovleonti <[email protected]>
@wbpcode
Copy link
Member

wbpcode commented May 22, 2024

/wait

@antoniovleonti
use proto field link in proto doc string
5a80993 
Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
Merge branch 'mutation-rules' of https://github.com/antoniovleonti/envoy
2301303 
 into mutation-rules

Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
Fix proto link
b0f6e4c 
Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
fix changelog proto link too
e378fea 
Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
use correct link in changelog
2825044 
Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
fix integration test
f4085c4 
Signed-off-by: antoniovleonti <[email protected]>
wbpcode
wbpcode requested changes May 29, 2024
View reviewed changes
Copy link
Member

@wbpcode wbpcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update and sorry for the delay. Some comments are added.

wbpcode
wbpcode reviewed Jun 3, 2024
View reviewed changes
Copy link
Member

@wbpcode wbpcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

Thanks for the quick update :). LGTM to the API. And one comment to the implementation.

source/extensions/filters/http/ext_authz/ext_authz.cc Outdated Show resolved Hide resolved
@repokitteh-read-only repokitteh-read-only bot removed the api label Jun 3, 2024
@wbpcode
Copy link
Member

wbpcode commented Jun 4, 2024

/wait

@antoniovleonti
remove lambda from check header func
c791cf4 
Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
fix doc reference/link
c4599aa 
Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
Merge branch 'mutation-rules' of https://github.com/antoniovleonti/envoy
372d74e 
 into mutation-rules

Signed-off-by: antoniovleonti <[email protected]>
@antoniovleonti
formatting fixes
5b4c54b 
Signed-off-by: antoniovleonti <[email protected]>
@repokitteh-read-only repokitteh-read-only bot added api and removed waiting labels Jun 4, 2024
@antoniovleonti
Copy link
Contributor Author

/retest

@antoniovleonti
Copy link
Contributor Author

/retest

1 similar comment
@wbpcode
Copy link
Member

wbpcode commented Jun 5, 2024

/retest

wbpcode
wbpcode approved these changes Jun 5, 2024
View reviewed changes
Copy link
Member

@wbpcode wbpcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks. It's a little different with idea in my mind. But we stop here for a long time, let's go ahead first.

@repokitteh-read-only repokitteh-read-only bot removed the api label Jun 5, 2024
@wbpcode
Copy link
Member

wbpcode commented Jun 6, 2024
edited

hah, CI. Could you merge the main and kick the CI? It's weird I cannot re-run it. cc @antoniovleonti

@wbpcode wbpcode enabled auto-merge (squash) June 6, 2024 14:15
@wbpcode wbpcode disabled auto-merge June 6, 2024 14:16
@wbpcode wbpcode merged commit 74f327d into envoyproxy:main Jun 7, 2024
52 checks passed
@antoniovleonti antoniovleonti deleted the mutation-rules branch June 7, 2024 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wbpcode wbpcode wbpcode approved these changes

@ggreenway ggreenway Awaiting requested review from ggreenway ggreenway is a code owner

Assignees

@wbpcode wbpcode

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@antoniovleonti @wbpcode