bump envoy to v1.24.0 (#3767)

This commit is contained in:
Denis Mishin 2022-11-28 11:32:31 -05:00 committed by GitHub
parent 1d252f43ee
commit fa0ba60aee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 23 deletions

View file

@ -13,7 +13,6 @@ import (
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_service_auth_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" envoy_service_auth_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
"github.com/golang/protobuf/ptypes/wrappers"
"github.com/tniswong/go.rfcx/rfc7231" "github.com/tniswong/go.rfcx/rfc7231"
"google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/genproto/googleapis/rpc/status"
"google.golang.org/grpc/codes" "google.golang.org/grpc/codes"
@ -99,7 +98,7 @@ func (a *Authorize) handleResultDenied(
func (a *Authorize) okResponse(headers http.Header) *envoy_service_auth_v3.CheckResponse { func (a *Authorize) okResponse(headers http.Header) *envoy_service_auth_v3.CheckResponse {
var requestHeaders []*envoy_config_core_v3.HeaderValueOption var requestHeaders []*envoy_config_core_v3.HeaderValueOption
for k, vs := range headers { for k, vs := range headers {
requestHeaders = append(requestHeaders, mkHeader(k, strings.Join(vs, ","), false)) requestHeaders = append(requestHeaders, mkHeader(k, strings.Join(vs, ",")))
} }
// ensure request headers are sorted by key for deterministic output // ensure request headers are sorted by key for deterministic output
sort.Slice(requestHeaders, func(i, j int) bool { sort.Slice(requestHeaders, func(i, j int) bool {
@ -153,7 +152,7 @@ func (a *Authorize) deniedResponse(
// add any additional headers // add any additional headers
for k, v := range headers { for k, v := range headers {
respHeader = append(respHeader, mkHeader(k, v, false)) respHeader = append(respHeader, mkHeader(k, v))
} }
return &envoy_service_auth_v3.CheckResponse{ return &envoy_service_auth_v3.CheckResponse{
@ -256,15 +255,13 @@ func (a *Authorize) requireWebAuthnResponse(
}) })
} }
func mkHeader(k, v string, shouldAppend bool) *envoy_config_core_v3.HeaderValueOption { func mkHeader(k, v string) *envoy_config_core_v3.HeaderValueOption {
return &envoy_config_core_v3.HeaderValueOption{ return &envoy_config_core_v3.HeaderValueOption{
Header: &envoy_config_core_v3.HeaderValue{ Header: &envoy_config_core_v3.HeaderValue{
Key: k, Key: k,
Value: v, Value: v,
}, },
Append: &wrappers.BoolValue{ AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
Value: shouldAppend,
},
} }
} }
@ -277,7 +274,7 @@ func toEnvoyHeaders(headers http.Header) []*envoy_config_core_v3.HeaderValueOpti
envoyHeaders := make([]*envoy_config_core_v3.HeaderValueOption, 0, len(headers)) envoyHeaders := make([]*envoy_config_core_v3.HeaderValueOption, 0, len(headers))
for _, k := range ks { for _, k := range ks {
envoyHeaders = append(envoyHeaders, mkHeader(k, headers.Get(k), false)) envoyHeaders = append(envoyHeaders, mkHeader(k, headers.Get(k)))
} }
return envoyHeaders return envoyHeaders
} }

View file

@ -150,8 +150,8 @@ func TestAuthorize_deniedResponse(t *testing.T) {
Code: envoy_type_v3.StatusCode(codes.InvalidArgument), Code: envoy_type_v3.StatusCode(codes.InvalidArgument),
}, },
Headers: []*envoy_config_core_v3.HeaderValueOption{ Headers: []*envoy_config_core_v3.HeaderValueOption{
mkHeader("Content-Type", "text/html; charset=UTF-8", false), mkHeader("Content-Type", "text/html; charset=UTF-8"),
mkHeader("X-Pomerium-Intercepted-Response", "true", false), mkHeader("X-Pomerium-Intercepted-Response", "true"),
}, },
Body: "Access Denied", Body: "Access Denied",
}, },

View file

@ -223,21 +223,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
"name": "example.com", "name": "example.com",
"domains": ["example.com"], "domains": ["example.com"],
"responseHeadersToAdd": [{ "responseHeadersToAdd": [{
"append": false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": { "header": {
"key": "Strict-Transport-Security", "key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains; preload" "value": "max-age=31536000; includeSubDomains; preload"
} }
}, },
{ {
"append": false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": { "header": {
"key": "X-Frame-Options", "key": "X-Frame-Options",
"value": "SAMEORIGIN" "value": "SAMEORIGIN"
} }
}, },
{ {
"append": false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": { "header": {
"key": "X-XSS-Protection", "key": "X-XSS-Protection",
"value": "1; mode=block" "value": "1; mode=block"
@ -364,21 +364,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
"name": "catch-all", "name": "catch-all",
"domains": ["*"], "domains": ["*"],
"responseHeadersToAdd": [{ "responseHeadersToAdd": [{
"append": false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": { "header": {
"key": "Strict-Transport-Security", "key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains; preload" "value": "max-age=31536000; includeSubDomains; preload"
} }
}, },
{ {
"append": false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": { "header": {
"key": "X-Frame-Options", "key": "X-Frame-Options",
"value": "SAMEORIGIN" "value": "SAMEORIGIN"
} }
}, },
{ {
"append": false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": { "header": {
"key": "X-XSS-Protection", "key": "X-XSS-Protection",
"value": "1; mode=block" "value": "1; mode=block"
@ -521,21 +521,21 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
}, },
"headersToAdd":[ "headersToAdd":[
{ {
"append":false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header":{ "header":{
"key":"Strict-Transport-Security", "key":"Strict-Transport-Security",
"value":"max-age=31536000; includeSubDomains; preload" "value":"max-age=31536000; includeSubDomains; preload"
} }
}, },
{ {
"append":false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header":{ "header":{
"key":"X-Frame-Options", "key":"X-Frame-Options",
"value":"SAMEORIGIN" "value":"SAMEORIGIN"
} }
}, },
{ {
"append":false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header":{ "header":{
"key":"X-XSS-Protection", "key":"X-XSS-Protection",
"value":"1; mode=block" "value":"1; mode=block"

View file

@ -222,7 +222,7 @@ func (b *Builder) buildPolicyRoutes(options *config.Options, domain string) ([]*
Key: hdr[0], Key: hdr[0],
Value: hdr[1], Value: hdr[1],
}, },
Append: wrapperspb.Bool(false), AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
}) })
} }
} }
@ -343,7 +343,7 @@ func mkEnvoyHeader(k, v string) *envoy_config_core_v3.HeaderValueOption {
Key: k, Key: k,
Value: v, Value: v,
}, },
Append: &wrappers.BoolValue{Value: false}, AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD,
} }
} }

View file

@ -485,7 +485,7 @@ func Test_buildPolicyRoutes(t *testing.T) {
] ]
}, },
"requestHeadersToAdd": [{ "requestHeadersToAdd": [{
"append": false, "appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": { "header": {
"key": "HEADER-KEY", "key": "HEADER-KEY",
"value": "HEADER-VALUE" "value": "HEADER-VALUE"

View file

@ -5,7 +5,7 @@ PATH="$PATH:$(go env GOPATH)/bin"
export PATH export PATH
_project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.." _project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
_envoy_version=1.23.2 _envoy_version=1.24.0
_dir="$_project_root/pkg/envoy/files" _dir="$_project_root/pkg/envoy/files"
_target="${TARGET:-"$(go env GOOS)-$(go env GOARCH)"}" _target="${TARGET:-"$(go env GOOS)-$(go env GOARCH)"}"