Merge pull request #410 from Miciah/implement-HTTP-Forwarded-header-p…

…olicy-API

Implement HTTP Forwarded header policy API

Makefile

@@ -49,7 +49,7 @@ release-local:
 
 .PHONY: test-e2e
 test-e2e:
-	$(GO) test -count 1 -v -tags e2e -run "$(TEST)" ./test/e2e
+	$(GO) test -timeout 1h -count 1 -v -tags e2e -run "$(TEST)" ./test/e2e
 
 .PHONY: clean
 clean:

pkg/operator/controller/ingress/deployment.go

@@ -35,6 +35,8 @@ import (
 const (
 	WildcardRouteAdmissionPolicy = "ROUTER_ALLOW_WILDCARD_ROUTES"
 
+	RouterForwardedHeadersPolicy = "ROUTER_SET_FORWARDED_HEADERS"
+
 	RouterLogLevelEnvName       = "ROUTER_LOG_LEVEL"
 	RouterSyslogAddressEnvName  = "ROUTER_SYSLOG_ADDRESS"
 	RouterSyslogFormatEnvName   = "ROUTER_SYSLOG_FORMAT"
@@ -565,6 +567,23 @@ func desiredRouterDeployment(ci *operatorv1.IngressController, ingressController
 		env = append(env, corev1.EnvVar{Name: WildcardRouteAdmissionPolicy, Value: "false"})
 	}
 
+	forwardedHeaderPolicy := operatorv1.AppendHTTPHeaderPolicy
+	if ci.Spec.HTTPHeaders != nil && len(ci.Spec.HTTPHeaders.ForwardedHeaderPolicy) != 0 {
+		forwardedHeaderPolicy = ci.Spec.HTTPHeaders.ForwardedHeaderPolicy
+	}
+	routerForwardedHeadersPolicyValue := "append"
+	switch forwardedHeaderPolicy {
+	case operatorv1.AppendHTTPHeaderPolicy:
+		// Nothing to do.
+	case operatorv1.ReplaceHTTPHeaderPolicy:
+		routerForwardedHeadersPolicyValue = "replace"
+	case operatorv1.IfNoneHTTPHeaderPolicy:
+		routerForwardedHeadersPolicyValue = "if-none"
+	case operatorv1.NeverHTTPHeaderPolicy:
+		routerForwardedHeadersPolicyValue = "never"
+	}
+	env = append(env, corev1.EnvVar{Name: RouterForwardedHeadersPolicy, Value: routerForwardedHeadersPolicyValue})
+
 	if HTTP2IsEnabled(ci, ingressConfig) {
 		env = append(env, corev1.EnvVar{Name: RouterDisableHTTP2EnvName, Value: "false"})
 	} else {

pkg/operator/controller/ingress/deployment_test.go

@@ -288,6 +288,8 @@ func TestDesiredRouterDeployment(t *testing.T) {
 	checkDeploymentHasEnvVar(t, deployment, "ROUTER_SYSLOG_FORMAT", true, `"%ci:%cp [%t] %ft %b/%s %B %bq %HM %HU %HV"`)
 	checkDeploymentHasEnvVar(t, deployment, "ROUTER_CAPTURE_HTTP_COOKIE", true, "foo:256")
 
+	checkDeploymentHasEnvVar(t, deployment, "ROUTER_SET_FORWARDED_HEADERS", true, "append")
+
 	checkDeploymentHasEnvVar(t, deployment, "ROUTER_CIPHERS", true, "quux")
 
 	// TODO: Update when haproxy is built with an openssl version that supports tls v1.3.
@@ -324,6 +326,9 @@ func TestDesiredRouterDeployment(t *testing.T) {
 			},
 		},
 	}
+	ci.Spec.HTTPHeaders = &operatorv1.IngressControllerHTTPHeaders{
+		ForwardedHeaderPolicy: operatorv1.NeverHTTPHeaderPolicy,
+	}
 	ci.Spec.NodePlacement = &operatorv1.NodePlacement{
 		NodeSelector: &metav1.LabelSelector{
 			MatchLabels: map[string]string{
@@ -394,6 +399,8 @@ func TestDesiredRouterDeployment(t *testing.T) {
 	checkDeploymentHasEnvVar(t, deployment, "ROUTER_CAPTURE_HTTP_RESPONSE_HEADERS", true, "Content-length:9,Location:15")
 	checkDeploymentHasEnvVar(t, deployment, "ROUTER_CAPTURE_HTTP_COOKIE", true, "foo=:15")
 
+	checkDeploymentHasEnvVar(t, deployment, "ROUTER_SET_FORWARDED_HEADERS", true, "never")
+
 	checkDeploymentHasEnvVar(t, deployment, "ROUTER_IP_V4_V6_MODE", true, "v6")
 	checkDeploymentHasEnvVar(t, deployment, RouterDisableHTTP2EnvName, true, "true")
 }