-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add CheckResponse to ext_authz grpc fuzzer input (#34045)
Signed-off-by: antoniovleonti <leonti@google.com>
- Loading branch information
1 parent
c9fb521
commit 9b2725d
Showing
33 changed files
with
795 additions
and
306 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 0 additions & 34 deletions
34
test/extensions/filters/http/ext_authz/ext_authz_corpus/bad_config
This file was deleted.
Oops, something went wrong.
22 changes: 0 additions & 22 deletions
22
test/extensions/filters/http/ext_authz/ext_authz_corpus/custom_status
This file was deleted.
Oops, something went wrong.
29 changes: 0 additions & 29 deletions
29
test/extensions/filters/http/ext_authz/ext_authz_corpus/error_fail_close
This file was deleted.
Oops, something went wrong.
7 changes: 0 additions & 7 deletions
7
test/extensions/filters/http/ext_authz/ext_authz_corpus/example
This file was deleted.
Oops, something went wrong.
84 changes: 0 additions & 84 deletions
84
test/extensions/filters/http/ext_authz/ext_authz_corpus/metadata_context
This file was deleted.
Oops, something went wrong.
21 changes: 0 additions & 21 deletions
21
test/extensions/filters/http/ext_authz/ext_authz_corpus/no_regex_engine
This file was deleted.
Oops, something went wrong.
33 changes: 0 additions & 33 deletions
33
test/extensions/filters/http/ext_authz/ext_authz_corpus/request_data
This file was deleted.
Oops, something went wrong.
37 changes: 26 additions & 11 deletions
37
test/extensions/filters/http/ext_authz/ext_authz_fuzz.proto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,29 +1,44 @@ | ||
syntax = "proto3"; | ||
package envoy.extensions.filters.http.ext_authz; | ||
|
||
import "envoy/config/core/v3/base.proto"; | ||
import "envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto"; | ||
import "envoy/service/auth/v3/external_auth.proto"; | ||
import "test/fuzz/common.proto"; | ||
import "envoy/config/core/v3/base.proto"; | ||
import "validate/validate.proto"; | ||
|
||
// We only fuzz a single request per iteration. | ||
message ExtAuthzTestCase { | ||
message ExtAuthzTestCaseBase { | ||
envoy.extensions.filters.http.ext_authz.v3.ExtAuthz config = 1 | ||
[(validate.rules).message = {required: true}]; | ||
// HTTP request data. | ||
test.fuzz.HttpData request_data = 2 [(validate.rules).message = {required: true}]; | ||
// Filter metadata. | ||
envoy.config.core.v3.Metadata filter_metadata = 4; | ||
} | ||
|
||
message ExtAuthzTestCaseGrpc { | ||
ExtAuthzTestCaseBase base = 1 [(validate.rules).message = {required: true}]; | ||
|
||
oneof response_or_failure_reason { | ||
// Full auth check result. Note it is not validated to simulate an untrusted authz server (i.e. | ||
// it can contain garbage mutations). | ||
envoy.service.auth.v3.CheckResponse response = 2 [(validate.rules).message.skip = true]; | ||
// If this is set onFailure will be called instead of onSuccess. | ||
string failure_reason = 3; | ||
} | ||
} | ||
|
||
message ExtAuthzTestCaseHttp { | ||
ExtAuthzTestCaseBase base = 1 [(validate.rules).message = {required: true}]; | ||
|
||
enum AuthResult { | ||
// Possible results for a check call. Taken from | ||
// https://github.com/envoyproxy/envoy/blob/945b5833f094dee31d2971cee8d40553bb0fe714/source/extensions/filters/common/ext_authz/ext_authz.h#L65 | ||
OK = 0; | ||
DENIED = 1; | ||
ERROR = 2; | ||
} | ||
|
||
envoy.extensions.filters.http.ext_authz.v3.ExtAuthz config = 1 | ||
[(validate.rules).message = {required: true}]; | ||
// HTTP request data. | ||
test.fuzz.HttpData request_data = 2 [(validate.rules).message = {required: true}]; | ||
// Set default auth check result. | ||
AuthResult result = 3 [(validate.rules).enum.defined_only = true]; | ||
// Filter metadata. | ||
envoy.config.core.v3.Metadata filter_metadata = 4; | ||
// TODO: Add headers and data to ExtAuthz::Response and check that the request headers and data | ||
// were updated. | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.