Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for initial_metadata to AuthService #3639

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Add support for initial_metadata to AuthService #3639

wants to merge 10 commits into from

Conversation

rnburn
Copy link

@rnburn rnburn commented Jul 27, 2021

Description

Support specifying initial_metadata in AuthService.

When specified, envoy will add the initial_metadata to its ext auth request.

From Envoy's docs:

initial_metadata
(repeated config.core.v3.HeaderValue) Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. x-foo-bar: baz-key) are to be injected. For more information, including details on header value syntax, see the documentation on custom request headers.

Testing

Added a kat test case to verify the auth service receives the metadata.

Checklist

  • [ x] I made sure to update CHANGELOG.md.

    Remember, the CHANGELOG needs to mention:

    • Any new features
    • Any changes to our included version of Envoy
    • Any non-backward-compatible changes
    • Any deprecations

  • [ x] This is unlikely to impact how Ambassador performs at scale.

    Remember, things that might have an impact at scale include:

    • Any significant changes in memory use that might require adjusting the memory limits
    • Any significant changes in CPU use that might require adjusting the CPU limits
    • Anything that might change how many replicas users should use
    • Changes that impact data-plane latency/scalability

  • My change is adequately tested.

    Remember when considering testing:

    • LEGACY MODE TESTS DO NOT RUN FOR EVERY PR. If your change is affected by legacy mode, you need
      to run legacy-mode tests manually (set AMBASSADOR_LEGACY_MODE=true and run the tests).
      (This will be fixed soon.)
    • Your change needs to be specifically covered by tests.
      • Tests need to cover all the states where your change is relevant: for example, if you add a behavior that can be enabled or disabled, you'll need tests that cover the enabled case and tests that cover the disabled case. It's not sufficient just to test with the behavior enabled.
    • You also need to make sure that the entire area being changed has adequate test coverage.
      • If existing tests don't actually cover the entire area being changed, add tests.
      • This applies even for aspects of the area that you're not changing – check the test coverage, and improve it if needed!
    • We should lean on the bulk of code being covered by unit tests, but...
    • ... an end-to-end test should cover the integration points

  • I updated DEVELOPING.md with any any special dev tricks I had to use to work on this code efficiently.

rnburn added 8 commits July 26, 2021 19:08
@rnburn
add initial_metadata
cdf267b 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn
rename
68e4ef8 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn
add initial_metadata to schemas
86ce925 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn
add initial_metadata test
6825297 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn
expand metadata testing
a661e6f 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn
reformat
92cb682 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn
update generated files
eafe7eb 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn
update changelog
6d22280 
Signed-off-by: Ryan Burn <[email protected]>
@rnburn rnburn force-pushed the initial-metadata branch from 812619c to 6d22280 Compare July 27, 2021 02:08
kflynn
kflynn requested changes Aug 3, 2021
View reviewed changes
Copy link
Member

@kflynn kflynn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One quick change, if you could -- thanks very much!! 🙂

pkg/api/getambassador.io/v2/authservice_types.go Outdated
@@ -51,6 +51,7 @@ type AuthServiceSpec struct {
AllowedRequestHeaders []string `json:"allowed_request_headers,omitempty"`
AllowedAuthorizationHeaders []string `json:"allowed_authorization_headers,omitempty"`
AddAuthHeaders map[string]BoolOrString `json:"add_auth_headers,omitempty"`
InitialMetadata map[string]BoolOrString `json:"initial_metadata,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to just make this a map[string]string? AddAuthHeaders uses the bool option in a very specific way, and we generally would rather not add more of those...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kflynn - were there any other changes you wanted?

@rnburn rnburn force-pushed the initial-metadata branch from 2b79046 to c0c61cd Compare August 3, 2021 23:54
@rnburn rnburn requested a review from kflynn August 10, 2021 18:42
@cortopy
Copy link

cortopy commented Sep 12, 2021

I also need to add initial_metadata. Any chance of getting this merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kflynn kflynn Awaiting requested review from kflynn

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rnburn @cortopy @kflynn