New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement HTTP Forwarded header policy API #410
Implement HTTP Forwarded header policy API #410
Conversation
39485ea
to
d22ca21
Compare
Failed on |
test/e2e/operator_test.go
Outdated
// Verify that we get the expected behavior if we set the policy to | ||
// "if-none". We should always receive at least 1 X-Forwarded-For | ||
// header, and if the request specifies more than 1, we should receive | ||
// the number that are in the request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// the number that are in the request. | |
// the number of headers specified in the request. |
Does that make more sense, or am I missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated the wording to be more explicit.
d22ca21
to
4a228a9
Compare
4a228a9
to
4704203
Compare
Rebased. |
4704203
to
2e2a75e
Compare
2e2a75e
to
2e46cd2
Compare
2e46cd2
to
47dee8f
Compare
test/e2e/operator_test.go
Outdated
} | ||
} | ||
} | ||
return numMatches == expectedMatches, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Line 1263 checks for the case where numMatches > expectedMatches
. Perhaps before the return on line 1268, we should check for numMatches > 0 && numMatches < expectedMatches
and return an error if that condition is true. This way, for example, the polling loop would halt if only 1 x-forwarded-for header was found in the curl response when 2 were expected, and the test failure message would be more verbose. Thoughts? I may be overthinking this, but since you're calling testRoute
several times I figured it would be worth mentioning.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That makes sense. It is unlikely that the logs will have partial headers, so returning an error if 0 < numMatches
< expectedMatches
should safe to do.
This PR depends on openshift/router#134 for CI to pass, correct? |
You're right; I mixed up my PRs. I have one PR that depends on an unmerged API change and another PR that depends on an unmerged router change... |
c76af8c
to
d2155f0
Compare
openshift/router#134 merged, so tests now should pass. |
/test e2e-aws-operator |
306788c
to
8ece45c
Compare
/retest Please review the full test history for this PR and help us cut down flakes. |
5 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
e520d8d
to
43b3d1a
Compare
/test e2e-aws-operator |
1 similar comment
/test e2e-aws-operator |
Provisioning failure. |
This commit resolves NE-318. https://issues.redhat.com/browse/NE-318 * pkg/operator/controller/ingress/deployment.go (RouterForwardedHeadersPolicy): New constant with the name of the related environment variable. (desiredRouterDeployment): Set the ROUTER_SET_FORWARDED_HEADERS environment variable as appropriate. * pkg/operator/controller/ingress/deployment_test.go (TestDesiredRouterDeployment): Verify that spec.httpHeaders.forwardedHeaderPolicy has the expected effect. * test/e2e/forwarded_header_policy_test.go: New file. (buildEchoPod, buildEchoService, buildRoute, testRouteHeaders): New helper functions. (testPodCount): New helper variable for testRouteHeaders. (TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace) (TestForwardedHeaderPolicyNever, TestForwardedHeaderPolicyIfNone): New tests.
43b3d1a
to
167bcc2
Compare
Both |
No build log output?! |
/retest |
/test e2e-aws-operator |
* Makefile (test-e2e): Increase timeout to 1 hour.
Last e2e-aws failure looks related to BZ1857928 – [sig-operator] an end user use OLM can subscribe to the cockroachdb operator. e2e-aws-operator is reaching the 10-minute timeout. I'll try pushing a change to increase that timeout value. |
Seeing "an end user can use OLM can subscribe to the operator" fail again in e2e-aws, and seeing numerous timeouts in e2e-aws-operator that look like a generally unstable cluster. |
Test container setup failed on an API failure. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: frobware, Miciah, sgreene570 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This commit resolves NE-318.
pkg/operator/controller/ingress/deployment.go
(RouterForwardedHeadersPolicy
): New constant with the name of the related environment variable.(
desiredRouterDeployment
): Set theROUTER_SET_FORWARDED_HEADERS
environment variable as appropriate.pkg/operator/controller/ingress/deployment_test.go
(TestDesiredRouterDeployment
): Verify thatspec.httpHeaders.forwardedHeaderPolicy
has the expected effect.test/e2e/forwarded_header_policy_test.go
: New file.(
buildEchoPod
,buildEchoService
,buildRoute
,testRouteHeaders
): New helper functions.(
testPodCount
): New helper variable fortestRouteHeaders
.(
TestForwardedHeaderPolicyAppend
,TestForwardedHeaderPolicyReplace
,TestForwardedHeaderPolicyNever
,TestForwardedHeaderPolicyIfNone
): New tests.Implements the following enhancement: openshift/enhancements#371
Corresponding router changes: openshift/router#134
Corresponding API changes: openshift/api#688