Skip to content

Commit

Permalink
Implement HTTP Forwarded header policy API
Browse files Browse the repository at this point in the history 
This commit resolves NE-318.

https://issues.redhat.com/browse/NE-318

* pkg/operator/controller/ingress/deployment.go
(RouterForwardedHeadersPolicy): New constant with the name of the related
environment variable.
(desiredRouterDeployment): Set the ROUTER_SET_FORWARDED_HEADERS environment
variable as appropriate.
* pkg/operator/controller/ingress/deployment_test.go
(TestDesiredRouterDeployment): Verify that
spec.httpHeaders.forwarded.policy has the expected effect.
* test/e2e/operator_test.go (TestForwardedHeaderPolicy): New test.
  • Loading branch information
@Miciah
Miciah committed Jun 19, 2020
1 parent b2b40cc commit 4a228a9
Show file tree
Hide file tree
Showing 3 changed files with 367 additions and 0 deletions.
6 changes: 6 additions & 0 deletions pkg/operator/controller/ingress/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ import (
const (
WildcardRouteAdmissionPolicy = "ROUTER_ALLOW_WILDCARD_ROUTES"

RouterForwardedHeadersPolicy = "ROUTER_SET_FORWARDED_HEADERS"

RouterLogLevelEnvName = "ROUTER_LOG_LEVEL"
RouterSyslogAddressEnvName = "ROUTER_SYSLOG_ADDRESS"
RouterSyslogFormatEnvName = "ROUTER_SYSLOG_FORMAT"
Expand Down Expand Up @@ -530,6 +532,10 @@ func desiredRouterDeployment(ci *operatorv1.IngressController, ingressController
env = append(env, corev1.EnvVar{Name: WildcardRouteAdmissionPolicy, Value: "false"})
}

if ci.Spec.HTTPHeaders != nil && ci.Spec.HTTPHeaders.Forwarded != nil {
env = append(env, corev1.EnvVar{Name: RouterForwardedHeadersPolicy, Value: string(ci.Spec.HTTPHeaders.Forwarded.Policy)})
}

if HTTP2IsDisabled(ci, ingressConfig) {
env = append(env, corev1.EnvVar{Name: RouterDisableHTTP2EnvName, Value: "true"})
}
Expand Down
9 changes: 9 additions & 0 deletions pkg/operator/controller/ingress/deployment_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,8 @@ func TestDesiredRouterDeployment(t *testing.T) {
checkDeploymentHasEnvVar(t, deployment, "ROUTER_SYSLOG_ADDRESS", true, "/var/lib/rsyslog/rsyslog.sock")
checkDeploymentHasEnvVar(t, deployment, "ROUTER_SYSLOG_FORMAT", true, `"%ci:%cp [%t] %ft %b/%s %B %bq %HM %HU %HV"`)

checkDeploymentHasEnvVar(t, deployment, "ROUTER_SET_FORWARDED_HEADERS", false, "")

checkDeploymentHasEnvVar(t, deployment, "ROUTER_CIPHERS", true, "quux")

// TODO: Update when haproxy is built with an openssl version that supports tls v1.3.
Expand All @@ -304,6 +306,11 @@ func TestDesiredRouterDeployment(t *testing.T) {
},
},
}
ci.Spec.HTTPHeaders = &operatorv1.IngressControllerHTTPHeaders{
Forwarded: &operatorv1.IngressControllerHTTPForwardedHeaderPolicy{
Policy: operatorv1.NeverHTTPHeaderPolicy,
},
}
ci.Spec.NodePlacement = &operatorv1.NodePlacement{
NodeSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
Expand Down Expand Up @@ -371,6 +378,8 @@ func TestDesiredRouterDeployment(t *testing.T) {
checkDeploymentHasEnvVar(t, deployment, "ROUTER_SYSLOG_ADDRESS", true, "1.2.3.4:12345")
checkDeploymentHasEnvVar(t, deployment, "ROUTER_SYSLOG_FORMAT", false, "")

checkDeploymentHasEnvVar(t, deployment, "ROUTER_SET_FORWARDED_HEADERS", true, "never")

checkDeploymentHasEnvVar(t, deployment, "ROUTER_IP_V4_V6_MODE", true, "v6")
checkDeploymentHasEnvVar(t, deployment, RouterDisableHTTP2EnvName, false, "")
}
Expand Down

0 comments on commit 4a228a9

Please sign in to comment.