-
Notifications
You must be signed in to change notification settings - Fork 208
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This adds a test for the L7 policy to add/replace a HTTP header in a request. It does this by sending a request to a new endpoint that required an auth header, which will succeed if injected from a secret Signed-off-by: Maartje Eyskens <[email protected]>
- Loading branch information
Showing
6 changed files
with
93 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
connectivity/manifests/client-egress-l7-http-matchheader-secret.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
# client2 is allowed to contact the echo Pod | ||
# on port 8080 via POST method. HTTP introspection is enabled for client2. | ||
# The request to /auth-header-required will be injected with an auth header to work | ||
apiVersion: "cilium.io/v2" | ||
kind: CiliumNetworkPolicy | ||
metadata: | ||
name: client-egress-l7-http-matchheader-secret | ||
spec: | ||
description: "Allow POST <echo>:8080/auth-header-required and set the header from client2" | ||
endpointSelector: | ||
matchLabels: | ||
other: client | ||
egress: | ||
# Allow POST /auth-header-required requests towards echo pods with added header. | ||
- toEndpoints: | ||
- matchLabels: | ||
kind: echo | ||
toPorts: | ||
- ports: | ||
- port: "8080" | ||
protocol: TCP | ||
rules: | ||
http: | ||
- method: "POST" | ||
path: "/auth-header-required$" | ||
headerMatches: | ||
- name: Authorization | ||
mismatch: REPLACE | ||
secret: | ||
namespace: "{{.TestNamespace}}" | ||
name: header-match |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters