Create ambassador-egress #3194
Open
Create ambassador-egress #3194
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ster [master] Scaling doc
…ctor setup yaml (emissary-ingress#2102) * be opinionated about namespace in ambassador-consul-connector * update changelog * update documentation to clean up resources in the default namespace * doc fixups
[master] KOPS link
…et/dev/master/kat-timeout circleci: increase KAT_REQ_LIMIT to 900 in CI
…nn/dev/dtime Switch pkg/acp to use dtime.FakeTime
…eshu/doc-fixes rate-limits.md: Fix some typos
…eshu/m/changelog [master] Fixup CHANGELOG
…/retries-doc [master] Update auto retries doc
…et/dev/master/regex-rewrite-redirect Support regex_redirect on Mappings.
…d-vs-replace
Max was hitting this bug in System A.
TL;DR of how he was hitting it:
1. He was submitting a request with `Authorization: Basic ...`
2. Envoy hands that off to amb-sidecar as `authorization: Basic ...`
3. An OAuth2 Filter issued
`filterapi.HTTPHeaderReplaceValue{"authorization", "Bearer ..."}`
4. (bug part 1) `filterutil.ApplyRequestModification()` applied
`http.CanonicalHeaderKey()` on the incoming modification, but not
the existing request headers. So it resulted in the header being
set to
map[string]string{
"authorization": "Basic ...",
"Authorization": "Bearer ...",
}
5. That modified request then gets handed off to the resource-server
part of the OAuth2 Filter, which calls `filterutil.GetHeader(req)`
to get the header to work with it.
6. (bug part 2) `filterutil.GetHeader()` doesn't correctly handle the
possiblitiy of multiple values for a key, because it assumes that
the key case is already fully normalized. (Now, that *should* be
true (bug part 1), but it *should* also be robust to it not being
true). So, because map iteration order in Go is randomized, it
either ends up with
http.Header{
"Authorization": "Basic ...",
}
or
http.Header{
"Authorization": "Bearer ...",
}
In one case, everything appears to work, and in the other case you
get an error.
…#2129) * expose max_request_headers_kb * tests, but weird 503 shit happening * add unit tests and weirdness test * fix tests * small tests updates * doc updates * test update
* quick doc fix * pass id token through to oauth resource server * changelog and docs * add a few e2e tests * unit test regression oops * oops, dont validate if defering to a JWT Filter * unit tests for resourceserver * add unit tests for oauth lib things * add more idp tests * document and test how conflicting JWT and oauth headers work * fix gotest oops * unit test typo * code review feedback and moar tests
…grpc_web Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](npm/ini@v1.3.5...v1.3.7) Signed-off-by: dependabot[bot] <[email protected]>
…eshu/fix-case filterutil: Fix a bug with header capitalization and append-vs-replace
…te-1.10 Publish new docs from Ambassador Labs
…nn/dev/deprecations-1.11 Update deprecation notes for 1.11.
…nner_link Fix link and use consistent banner
Ambassador 1.11.0
…1/repatriate Repatriate 1.11
…tention (emissary-ingress#2284) * fix some upstream timeouts in devportal caused by lock contention * also dont lock when fetching devportal content * use diff muxes for service + devportal data * changelog additions for PR emissary-ingress#2284 (emissary-ingress#2286)
…nn/dev/node Use Node 14 in CI.
…-14-master Upgrade to node 14 + tweak Python test harness
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
A few sentences describing the overall goals of the pull request's commits.
Related Issues
List related issues.
Testing
A few sentences describing what testing you've done, e.g., manual tests, automated tests, deployed in production, etc.
Tasks That Must Be Done
Other