Set ExtAuthz Cluster name to URL Host (#1132)

2025-08-06 10:21:05 +02:00 · 2020-07-23 14:10:16 -04:00 · 2020-07-23 14:10:16 -04:00 · 90d95b8c10
commit 90d95b8c10
parent 1867feb5b9
3 changed files with 3 additions and 3 deletions
--- a/internal/controlplane/xds_clusters.go
+++ b/internal/controlplane/xds_clusters.go
@ -38,7 +38,7 @@ func (srv *Server) buildClusters(options *config.Options) []*envoy_config_cluste
 		buildInternalCluster(options, "pomerium-control-plane-http", httpURL, false),
 	}
-	clusters = append(clusters, buildInternalCluster(options, "pomerium-authz", authzURL, true))
+	clusters = append(clusters, buildInternalCluster(options, authzURL.Host, authzURL, true))
 	if config.IsProxy(options.Services) {
 		for _, policy := range options.Policies {
--- a/internal/controlplane/xds_listeners.go
+++ b/internal/controlplane/xds_listeners.go
@ -166,7 +166,7 @@ func buildMainHTTPConnectionManagerFilter(options *config.Options, domains []str
 				Timeout: grpcClientTimeout,
 				TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{
 					EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{
-						ClusterName: "pomerium-authz",
+						ClusterName: options.GetAuthorizeURL().Host,
 					},
 				},
 			},
--- a/internal/controlplane/xds_listeners_test.go
+++ b/internal/controlplane/xds_listeners_test.go
@ -50,7 +50,7 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
 						"@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz",
 						"grpcService": {
 							"envoyGrpc": {
-								"clusterName": "pomerium-authz"
+								"clusterName": "127.0.0.1:5443"
 							},
 							"timeout": "10s"
 						},