Skip to content

Commit

Permalink
runtime: removing ext_authz_http_send_original_xff (envoyproxy#34690)
Browse files Browse the repository at this point in the history 
Signed-off-by: Alyssa Wilk <[email protected]>
  • Loading branch information
@alyssawilk
alyssawilk authored Jun 12, 2024
1 parent ceb7d07 commit 62038c0
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 19 deletions.
3 changes: 3 additions & 0 deletions changelogs/current.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,9 @@ removed_config_or_runtime:
- area: http2
change: |
Removed ``envoy.reloadable_features.http2_decode_metadata_with_quiche`` runtime flag and legacy code paths.
- area: ext_authz
change: |
Removed ``envoy.reloadable_features.ext_authz_http_send_original_xff`` runtime flag and legacy code paths.
- area: jwt
change: |
Removed ``envoy.reloadable_features.token_passed_entirely`` runtime flag and legacy code paths.
Expand Down
1 change: 0 additions & 1 deletion source/common/runtime/runtime_features.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ RUNTIME_GUARD(envoy_reloadable_features_enable_connect_udp_support);
RUNTIME_GUARD(envoy_reloadable_features_enable_include_histograms);
RUNTIME_GUARD(envoy_reloadable_features_enable_zone_routing_different_zone_counts);
RUNTIME_GUARD(envoy_reloadable_features_exclude_host_in_eds_status_draining);
RUNTIME_GUARD(envoy_reloadable_features_ext_authz_http_send_original_xff);
RUNTIME_GUARD(envoy_reloadable_features_grpc_http1_reverse_bridge_change_http_status);
RUNTIME_GUARD(envoy_reloadable_features_grpc_http1_reverse_bridge_handle_empty_response);
RUNTIME_GUARD(envoy_reloadable_features_hmac_base64_encoding_only);
Expand Down
5 changes: 1 addition & 4 deletions source/extensions/filters/common/ext_authz/ext_authz_http_impl.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,10 +275,7 @@ void RawHttpClientImpl::check(RequestCallbacks& callbacks,
.setChildSpanName(config_->tracingName())
.setSampled(absl::nullopt);

if (Runtime::runtimeFeatureEnabled(
"envoy.reloadable_features.ext_authz_http_send_original_xff")) {
options.setSendXff(false);
}
options.setSendXff(false);

request_ = thread_local_cluster->httpAsyncClient().send(std::move(message), *this, options);
}
Expand Down
14 changes: 0 additions & 14 deletions test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1299,20 +1299,6 @@ TEST_P(ExtAuthzHttpIntegrationTest, UnmodifiedForwardedForHeader) {
EXPECT_THAT(ext_authz_request_->headers(), Http::HeaderValueOf("x-forwarded-for", "1.2.3.4"));
}

// Verifies that local address is appended to "X-Forwarded-For" header
// if "envoy.reloadable_features.ext_authz_http_send_original_xff" runtime guard is disabled.
TEST_P(ExtAuthzHttpIntegrationTest, LegacyAppendLocalAddressToForwardedForHeader) {
TestScopedRuntime scoped_runtime_;
scoped_runtime_.mergeValues(
{{"envoy.reloadable_features.ext_authz_http_send_original_xff", "false"}});

setup(false);

const auto local_address = test_server_->server().localInfo().address()->ip()->addressAsString();
EXPECT_THAT(ext_authz_request_->headers(),
Http::HeaderValueOf("x-forwarded-for", absl::StrCat("1.2.3.4", ",", local_address)));
}

// Verifies that by default HTTP service uses the case-sensitive string matcher
// (uses new config for allowed_headers).
TEST_P(ExtAuthzHttpIntegrationTest, Body) {
Expand Down

0 comments on commit 62038c0

Please sign in to comment.