From 62038c06b36fddf661e3b78f20c6c7da97b080a5 Mon Sep 17 00:00:00 2001 From: alyssawilk Date: Wed, 12 Jun 2024 08:12:29 -0400 Subject: [PATCH] runtime: removing ext_authz_http_send_original_xff (#34690) Signed-off-by: Alyssa Wilk --- changelogs/current.yaml | 3 +++ source/common/runtime/runtime_features.cc | 1 - .../common/ext_authz/ext_authz_http_impl.cc | 5 +---- .../http/ext_authz/ext_authz_integration_test.cc | 14 -------------- 4 files changed, 4 insertions(+), 19 deletions(-) diff --git a/changelogs/current.yaml b/changelogs/current.yaml index d166925d25f9..9eb60589c804 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -216,6 +216,9 @@ removed_config_or_runtime: - area: http2 change: | Removed ``envoy.reloadable_features.http2_decode_metadata_with_quiche`` runtime flag and legacy code paths. +- area: ext_authz + change: | + Removed ``envoy.reloadable_features.ext_authz_http_send_original_xff`` runtime flag and legacy code paths. - area: jwt change: | Removed ``envoy.reloadable_features.token_passed_entirely`` runtime flag and legacy code paths. diff --git a/source/common/runtime/runtime_features.cc b/source/common/runtime/runtime_features.cc index 9b5c7e301108..82f6cd2f950a 100644 --- a/source/common/runtime/runtime_features.cc +++ b/source/common/runtime/runtime_features.cc @@ -48,7 +48,6 @@ RUNTIME_GUARD(envoy_reloadable_features_enable_connect_udp_support); RUNTIME_GUARD(envoy_reloadable_features_enable_include_histograms); RUNTIME_GUARD(envoy_reloadable_features_enable_zone_routing_different_zone_counts); RUNTIME_GUARD(envoy_reloadable_features_exclude_host_in_eds_status_draining); -RUNTIME_GUARD(envoy_reloadable_features_ext_authz_http_send_original_xff); RUNTIME_GUARD(envoy_reloadable_features_grpc_http1_reverse_bridge_change_http_status); RUNTIME_GUARD(envoy_reloadable_features_grpc_http1_reverse_bridge_handle_empty_response); RUNTIME_GUARD(envoy_reloadable_features_hmac_base64_encoding_only); diff --git a/source/extensions/filters/common/ext_authz/ext_authz_http_impl.cc b/source/extensions/filters/common/ext_authz/ext_authz_http_impl.cc index d35ef0840dcb..b00e3d2cca8a 100644 --- a/source/extensions/filters/common/ext_authz/ext_authz_http_impl.cc +++ b/source/extensions/filters/common/ext_authz/ext_authz_http_impl.cc @@ -275,10 +275,7 @@ void RawHttpClientImpl::check(RequestCallbacks& callbacks, .setChildSpanName(config_->tracingName()) .setSampled(absl::nullopt); - if (Runtime::runtimeFeatureEnabled( - "envoy.reloadable_features.ext_authz_http_send_original_xff")) { - options.setSendXff(false); - } + options.setSendXff(false); request_ = thread_local_cluster->httpAsyncClient().send(std::move(message), *this, options); } diff --git a/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc b/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc index a31789636957..afc957cae354 100644 --- a/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc +++ b/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc @@ -1299,20 +1299,6 @@ TEST_P(ExtAuthzHttpIntegrationTest, UnmodifiedForwardedForHeader) { EXPECT_THAT(ext_authz_request_->headers(), Http::HeaderValueOf("x-forwarded-for", "1.2.3.4")); } -// Verifies that local address is appended to "X-Forwarded-For" header -// if "envoy.reloadable_features.ext_authz_http_send_original_xff" runtime guard is disabled. -TEST_P(ExtAuthzHttpIntegrationTest, LegacyAppendLocalAddressToForwardedForHeader) { - TestScopedRuntime scoped_runtime_; - scoped_runtime_.mergeValues( - {{"envoy.reloadable_features.ext_authz_http_send_original_xff", "false"}}); - - setup(false); - - const auto local_address = test_server_->server().localInfo().address()->ip()->addressAsString(); - EXPECT_THAT(ext_authz_request_->headers(), - Http::HeaderValueOf("x-forwarded-for", absl::StrCat("1.2.3.4", ",", local_address))); -} - // Verifies that by default HTTP service uses the case-sensitive string matcher // (uses new config for allowed_headers). TEST_P(ExtAuthzHttpIntegrationTest, Body) {