Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v14] Use cluster name from ServerIdentity for Auth multiplexer #32352

Merged
merged 1 commit into from Sep 26, 2023
Merged

[v14] Use cluster name from ServerIdentity for Auth multiplexer #32352

merged 1 commit into from Sep 26, 2023

Conversation

AntonAM
Copy link
Contributor

@AntonAM AntonAM commented Sep 21, 2023
edited

This PR makes sure cluster name on Auth listener is always correct from signed PROXY headers point of view (all other multiplexer listeners already use cluster name from ServerIdentity) and removes skipping ErrNonLocalCluster error in multiplexer. Proxy sends signed PROXY headers using cluster name from ServerIdentity. If cluster name in file config was changed it didn't match with original cluster name and auth service couldn't verify Proxy's signed headers.

This is follow up for #32068

Fixes #32066

@AntonAM AntonAM added networking Network connectivity features/problems ip-pinning labels Sep 21, 2023
@AntonAM AntonAM force-pushed the anton/fix-auth-multiplexer-cluster-name branch from 0250469 to 377d750 Compare September 21, 2023 22:30
@AntonAM
Use cluster name from ServerIdentity for Auth multiplexer
47752b2 
Proxy sends signed PROXY headers using cluster name from ServerIdentity.
If cluster name in file config was changed it didn't match with original cluster name and
auth service couldn't verify Proxy's signed headers.
@AntonAM AntonAM force-pushed the anton/fix-auth-multiplexer-cluster-name branch from 377d750 to 47752b2 Compare September 21, 2023 22:32
@AntonAM AntonAM marked this pull request as ready for review September 21, 2023 22:33
@AntonAM AntonAM added this pull request to the merge queue Sep 26, 2023
Merged via the queue into branch/v14 with commit d27d6f0 Sep 26, 2023
23 checks passed
@AntonAM AntonAM deleted the anton/fix-auth-multiplexer-cluster-name branch September 26, 2023 16:11
@AntonAM AntonAM mentioned this pull request Sep 26, 2023
Merged
@fheinecke fheinecke mentioned this pull request Sep 26, 2023
Merged
@BrewTestBot BrewTestBot mentioned this pull request Sep 27, 2023
Merged
@AntonAM AntonAM mentioned this pull request Sep 29, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jentfoo jentfoo jentfoo approved these changes

@tigrato tigrato tigrato approved these changes

@capnspacehook capnspacehook capnspacehook approved these changes

Assignees
No one assigned
Labels
backport ip-pinning networking Network connectivity features/problems size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@AntonAM @jentfoo @tigrato @capnspacehook