From a559d6d8a5f8f9fa2f56d87d0f0525cc71578846 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Mon, 4 Oct 2021 16:47:51 -0600 Subject: [PATCH 1/5] ambassador-rbac-prometheus.yaml wasn't getting updated Signed-off-by: Luke Shumaker --- build-aux-local/generate.mk | 5 + .../ambassador-rbac-prometheus.yaml | 335 +++++++++--------- .../ambassador-rbac-prometheus.yaml.m4 | 2 +- 3 files changed, 171 insertions(+), 171 deletions(-) diff --git a/build-aux-local/generate.mk b/build-aux-local/generate.mk index 202c8f0ddd..1607611a90 100644 --- a/build-aux-local/generate.mk +++ b/build-aux-local/generate.mk @@ -64,6 +64,7 @@ generate-fast/files += $(OSS_HOME)/manifests/emissary/emissary-crds.yaml generate-fast/files += $(OSS_HOME)/manifests/emissary/emissary-ingress.yaml generate-fast/files += $(OSS_HOME)/manifests/emissary/ambassador.yaml generate-fast/files += $(OSS_HOME)/manifests/emissary/ambassador-crds.yaml +generate-fast/files += $(OSS_HOME)/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml generate: ## Update generated sources that get committed to Git generate: @@ -295,6 +296,10 @@ $(OSS_HOME)/manifests/emissary/ambassador-crds.yaml: $(OSS_HOME)/charts/emissary @printf ' $(CYN)$@$(END)\n' $(tools/fix-crds) oss 1.11 $(sort $(wildcard $ $@ +$(OSS_HOME)/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml: %: %.m4 $(OSS_HOME)/manifests/emissary/ambassador-crds.yaml + @printf ' $(CYN)$@$(END)\n' + cd $(@D) && m4 < $( $(@F) + $(OSS_HOME)/python/schemas/v3alpha1: $(OSS_HOME)/manifests/emissary/emissary-crds.yaml $(tools/crds2schemas) rm -rf $@ $(tools/crds2schemas) $< $@ diff --git a/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml b/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml index 0a9adbdda2..d87216c669 100644 --- a/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml +++ b/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml @@ -118,12 +118,10 @@ spec: type: string type: array ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array auth_service: type: string failure_mode_allow: @@ -151,6 +149,8 @@ spec: - v2 - v3 type: string + stats_name: + type: string status_on_error: description: Why isn't this just an int?? properties: @@ -168,14 +168,11 @@ spec: - auth_service type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -214,24 +211,19 @@ spec: address: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array datacenter: type: string type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -268,12 +260,10 @@ spec: description: DevPortalSpec defines the desired state of DevPortal properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array content: description: Content specifies where the content shown in the DevPortal come from properties: @@ -337,9 +327,9 @@ spec: type: object type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true --- @@ -418,19 +408,45 @@ spec: description: Common to all Ambassador objects (and optional). items: type: string - oneOf: - - type: string - - type: array + type: array ambassadorId: description: A compatibility alias for "ambassador_id"; because Host used to be specified with protobuf, and jsonpb allowed either "ambassador_id" or "ambassadorId", and even though we didn't tell people about "ambassadorId" it's what the web policy console generated because of jsonpb. So Hosts with 'ambassadorId' exist in the wild. items: type: string - oneOf: - - type: string - - type: array + type: array hostname: description: Hostname by which the Ambassador can be reached. type: string + mapping_selector: + description: Selector for Mappings we'll associate with this Host. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object previewUrl: description: Configuration for the Preview URL feature of Service Preview. Defaults to preview URLs not enabled. properties: @@ -459,7 +475,7 @@ spec: type: object type: object selector: - description: Selector by which we can find further configuration. Defaults to hostname=$hostname + description: 'DEPRECATED: Selector by which we can find further configuration. Use MappingSelector instead.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -581,9 +597,9 @@ spec: type: string type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true --- @@ -622,22 +638,17 @@ spec: description: KubernetesEndpointResolver tells Ambassador to use Kubernetes Endpoints resources to resolve services. It actually has no spec other than the AmbassadorID. properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -674,22 +685,17 @@ spec: description: KubernetesServiceResolver tells Ambassador to use Kubernetes Service resources to resolve services. It actually has no spec other than the AmbassadorID. properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -711,6 +717,9 @@ spec: - JSONPath: .spec.protocolStack name: Stack type: string + - JSONPath: .spec.statsPrefix + name: StatsPrefix + type: string - JSONPath: .spec.securityModel name: Security type: string @@ -743,40 +752,53 @@ spec: description: ListenerSpec defines the desired state of this Port properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array - hostSelector: - description: HostSelector allows restricting which Hosts will be used for this Listener. + type: array + hostBinding: + description: HostBinding allows restricting which Hosts will be used for this Listener. properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + namespace: + description: NamespaceBindingType defines we we specify which namespaces to look for Hosts in. + properties: + from: + description: NamespaceFromType defines how we evaluate a NamespaceBindingType. + enum: + - SELF + - ALL + - SELECTOR + type: string + type: object + selector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object type: object l7Depth: @@ -819,11 +841,18 @@ spec: - SECURE - INSECURE type: string + statsPrefix: + description: 'StatsPrefix specifies the prefix for statistics sent by Envoy about this Listener. The default depends on the protocol: "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".' + type: string + required: + - hostBinding + - port + - securityModel type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true --- @@ -862,12 +891,10 @@ spec: description: LogServiceSpec defines the desired state of LogService properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array driver: enum: - tcp @@ -897,16 +924,15 @@ spec: type: boolean service: type: string + stats_name: + type: string type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -982,12 +1008,10 @@ spec: type: string type: array ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array auth_context_extensions: additionalProperties: type: string @@ -1032,38 +1056,28 @@ spec: credentials: type: boolean exposed_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. items: type: string - oneOf: - - type: string - - type: array + type: array headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. items: type: string - oneOf: - - type: string - - type: array + type: array max_age: type: string methods: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. items: type: string - oneOf: - - type: string - - type: array + type: array origins: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. items: type: string - oneOf: - - type: string - - type: array + type: array type: object + dns_type: + type: string docs: - description: DocsInfo provides some extra information about the docs for the Mapping (used by the Dev Portal) + description: DocsInfo provides some extra information about the docs for the Mapping. Docs is used by both the agent and the DevPortal. properties: display_name: type: string @@ -1129,13 +1143,18 @@ spec: - type: boolean type: object host: + description: "Exact match for the hostname of a request if HostRegex is false; regex match for the hostname if HostRegex is true. \n Host specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Host will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used. \n DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead." type: string host_redirect: type: boolean host_regex: + description: 'DEPRECATED: Host is either an exact match or a regex, depending on HostRegex. Use HostName instead.' type: boolean host_rewrite: type: string + hostname: + description: "Hostname is a DNS glob specifying the hosts to which this Mapping applies. \n Hostname specifies both a match for the ':authority' header of a request, as well as a match criterion for Host CRDs: a Mapping that specifies Hostname will not associate with a Host that doesn't have a matching Hostname. \n If both Host and Hostname are set, an error is logged, Host is ignored, and Hostname is used." + type: string idle_timeout_ms: type: integer keepalive: @@ -1261,19 +1280,13 @@ spec: - type: boolean type: object remove_request_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. items: type: string - oneOf: - - type: string - - type: array + type: array remove_response_headers: - description: StringOrStringList is just what it says on the tin, but note that it will always marshal as a list of strings right now. items: type: string - oneOf: - - type: string - - type: array + type: array resolver: type: string retry_policy: @@ -1298,6 +1311,8 @@ spec: type: string shadow: type: boolean + stats_name: + type: string timeout_ms: description: The timeout for requests that use this Mapping. Overrides `cluster_request_timeout_ms` set on the Ambassador Module, if it exists. type: integer @@ -1328,14 +1343,11 @@ spec: type: string type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -1371,25 +1383,22 @@ spec: spec: properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array config: description: UntypedDict is relatively opaque as a Go type, but it preserves its contents in a roundtrippable way. type: object + required: + - config type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -1429,9 +1438,7 @@ spec: description: Common to all Ambassador objects. items: type: string - oneOf: - - type: string - - type: array + type: array domain: type: string protocol_version: @@ -1441,6 +1448,8 @@ spec: type: string service: type: string + stats_name: + type: string timeout_ms: type: integer tls: @@ -1452,14 +1461,11 @@ spec: - service type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -1498,12 +1504,10 @@ spec: address: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array circuit_breakers: items: properties: @@ -1540,6 +1544,8 @@ spec: type: string service: type: string + stats_name: + type: string tls: description: BoolOrString is a type that can hold a Boolean or a string. oneOf: @@ -1552,14 +1558,11 @@ spec: - service type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -1598,12 +1601,10 @@ spec: alpn_protocols: type: string ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array ca_secret: type: string cacert_chain_file: @@ -1650,14 +1651,11 @@ spec: type: string type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -1694,12 +1692,10 @@ spec: description: TracingServiceSpec defines the desired state of TracingService properties: ambassador_id: - description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. May either be a string or a list of strings. If no value is provided, the default is: \n ambassador_id: - \"default\"" + description: "AmbassadorID declares which Ambassador instances should pay attention to this resource. If no value is provided, the default is: \n ambassador_id: - \"default\"" items: type: string - oneOf: - - type: string - - type: array + type: array config: properties: access_token_file: @@ -1740,6 +1736,8 @@ spec: type: object service: type: string + stats_name: + type: string tag_headers: items: type: string @@ -1749,14 +1747,11 @@ spec: - service type: object type: object - version: null + version: v3alpha1 versions: - - name: v2 + - name: v3alpha1 served: true storage: true - - name: v1 - served: true - storage: false --- apiVersion: v1 diff --git a/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml.m4 b/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml.m4 index cfcf87eff4..fe71f40b32 100644 --- a/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml.m4 +++ b/docs/yaml/ambassador/ambassador-rbac-prometheus.yaml.m4 @@ -62,7 +62,7 @@ subjects: - kind: ServiceAccount name: ambassador namespace: default -include(ambassador-crds.yaml) +include(../../../manifests/emissary/ambassador-crds.yaml) --- apiVersion: v1 kind: ConfigMap From 7dde6ee4b05fcada0df7b288ea77bcbd8e272ade Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 28 Sep 2021 00:34:32 -0600 Subject: [PATCH 2/5] git grep -l '\s$' :python/**.py|xargs sed -E -i 's/\s+$//' Signed-off-by: Luke Shumaker --- python/ambassador/ambscout.py | 2 +- python/ambassador/cache.py | 24 +++---- python/ambassador/config/config.py | 14 ++-- python/ambassador/diagnostics/envoy_stats.py | 2 +- python/ambassador/envoy/v2/v2cidrrange.py | 2 +- python/ambassador/envoy/v2/v2listener.py | 64 +++++++++---------- python/ambassador/envoy/v2/v2route.py | 12 ++-- python/ambassador/envoy/v3/v3listener.py | 62 +++++++++--------- python/ambassador/envoy/v3/v3route.py | 12 ++-- python/ambassador/fetch/ingress.py | 2 +- python/ambassador/ir/irbasemapping.py | 2 +- python/ambassador/ir/irbuffer.py | 2 +- python/ambassador/ir/irgzip.py | 4 +- python/ambassador/ir/irhost.py | 18 +++--- python/ambassador/ir/irhttpmapping.py | 6 +- python/ambassador/ir/iripallowdeny.py | 8 +-- python/ambassador/ir/irlistener.py | 26 ++++---- python/ambassador/ir/irlogservice.py | 4 +- python/ambassador/ir/irmappingfactory.py | 2 +- python/ambassador/ir/irresource.py | 6 +- python/ambassador/ir/irtcpmappinggroup.py | 4 +- python/ambassador/ir/irutils.py | 2 +- python/ambassador/reconfig_stats.py | 26 ++++---- python/ambassador/scout.py | 8 +-- python/ambassador/utils.py | 2 +- python/ambassador_cli/grab_snapshots.py | 2 +- python/ambassador_cli/madness.py | 18 +++--- python/ambassador_cli/mockery.py | 4 +- python/ambassador_diag/diagd.py | 2 +- python/setup.py | 4 +- .../test_ambassadorlistener_statsprefix.py | 6 +- python/tests/unit/test_cluster_options.py | 4 +- python/tests/unit/test_envoy_stats.py | 4 +- python/tests/unit/test_reconfig_stats.py | 2 +- 34 files changed, 181 insertions(+), 181 deletions(-) diff --git a/python/ambassador/ambscout.py b/python/ambassador/ambscout.py index b0d3faa74f..e430025354 100644 --- a/python/ambassador/ambscout.py +++ b/python/ambassador/ambscout.py @@ -124,7 +124,7 @@ def reset_events(self) -> None: typecast(LocalScout, self._scout).reset_events() def __str__(self) -> str: - return ("%s: %s" % ("OK" if self._scout else "??", + return ("%s: %s" % ("OK" if self._scout else "??", self._scout_error if self._scout_error else "OK")) @property diff --git a/python/ambassador/cache.py b/python/ambassador/cache.py index aea45953ae..642d3fb8af 100644 --- a/python/ambassador/cache.py +++ b/python/ambassador/cache.py @@ -4,7 +4,7 @@ class Cacheable(dict): """ - A dictionary that is specifically cacheable, by way of its added + A dictionary that is specifically cacheable, by way of its added cache_key property. """ @@ -35,7 +35,7 @@ class Cache(): HAPPENS IN ONE DIRECTION at present, so deleting a Cacheable in the middle of the ownership tree can leave dangling pointers. """ - + def __init__(self, logger: logging.Logger) -> None: self.cache: Dict[str, CacheEntry] = {} self.links: Dict[str, CacheLink] = {} @@ -55,10 +55,10 @@ def reset_stats(self) -> None: def fn_name(fn: Optional[Callable]) -> str: return fn.__name__ if (fn and fn.__name__) else "-none-" - def add(self, rsrc: Cacheable, + def add(self, rsrc: Cacheable, on_delete: Optional[DeletionHandler]=None) -> None: """ - Adds an entry to the cache, if it's not already present. If + Adds an entry to the cache, if it's not already present. If on_delete is not None, it will called when rsrc is removed from the cache. """ @@ -88,7 +88,7 @@ def link(self, owner: Cacheable, owned: Cacheable) -> None: if not owner_key: self.logger.info(f"CACHE: cannot link, owner has no key: {owner}") - return + return if not owned_key: self.logger.info(f"CACHE: cannot link, owned has no key: {owned}") @@ -113,14 +113,14 @@ def invalidate(self, key: str) -> None: is linked. """ - # We use worklist to keep track of things to consider: for starters, + # We use worklist to keep track of things to consider: for starters, # it just has our key in it, and as we find owned things, we add them # to the worklist to consider. # - # Note that word "consider". If you want to invalidate something from + # Note that word "consider". If you want to invalidate something from # the cache that isn't in the cache, that's not an error -- it'll be # silently ignored. That helps with dangling links (e.g. if two Mappings - # both link to the same Group, and you invalidate the first Mapping, the + # both link to the same Group, and you invalidate the first Mapping, the # second will have a dangling link to the now-invalidated Group, and that # needs to not break anything). @@ -230,8 +230,8 @@ class NullCache(Cache): """ A Cache that doesn't actually cache anything -- basically, a no-op implementation of the Cache interface. - - Giving consumers of the Cache class a way to make their cache + + Giving consumers of the Cache class a way to make their cache instance non-Optional, without actually requiring the use of the cache, makes the consumer code simpler. """ @@ -242,7 +242,7 @@ def __init__(self, logger: logging.Logger) -> None: self.reset_stats() pass - def add(self, rsrc: Cacheable, + def add(self, rsrc: Cacheable, on_delete: Optional[DeletionHandler]=None) -> None: pass @@ -256,6 +256,6 @@ def invalidate(self, key: str) -> None: def __getitem__(self, key: str) -> Any: self.misses += 1 return None - + def dump(self) -> None: self.logger.info("NullCache: empty") diff --git a/python/ambassador/config/config.py b/python/ambassador/config/config.py index 3e323ff0f6..21313d6285 100644 --- a/python/ambassador/config/config.py +++ b/python/ambassador/config/config.py @@ -499,11 +499,11 @@ def validate_object(self, resource: ACResource) -> RichStatus: # If we're not running in legacy mode, though... if not Config.legacy_mode: - # ...then entrypoint.go will have already done validation, and we'll + # ...then entrypoint.go will have already done validation, and we'll # trust that its validation is good _UNLESS THIS IS A MODULE_. Why? - # Well, at present entrypoint.go can't actually validate Modules _at all_ + # Well, at present entrypoint.go can't actually validate Modules _at all_ # (because Module.spec.config is just a dict of anything, pretty much), - # and that means it can't check for Modules with missing configs, and + # and that means it can't check for Modules with missing configs, and # Modules with missing configs will crash Ambassador. if resource.kind.lower() != "module": @@ -516,11 +516,11 @@ def validate_object(self, resource: ACResource) -> RichStatus: need_validation = True del(resource['_force_validation']) - # Did entrypoint.go flag errors here? (This can only happen if we're not in - # legacy mode -- in a later version we'll short-circuit earlier, but for now + # Did entrypoint.go flag errors here? (This can only happen if we're not in + # legacy mode -- in a later version we'll short-circuit earlier, but for now # we're going to re-validate as a sanity check.) # - # (It's still called watt_errors because our other docs talk about "watt + # (It's still called watt_errors because our other docs talk about "watt # snapshots", and I'm OK with retaining that name for the format.) watt_errors = None @@ -544,7 +544,7 @@ def validate_object(self, resource: ACResource) -> RichStatus: # ...then, let's see whether reality matches our assumption. if need_validation: - # Aha, we need to do validation -- either we're in legacy mode, or + # Aha, we need to do validation -- either we're in legacy mode, or # entrypoint.go reported errors. So if we can do validation, do it. # Do we have a validator that can work on this object? diff --git a/python/ambassador/diagnostics/envoy_stats.py b/python/ambassador/diagnostics/envoy_stats.py index acece8888a..902275b12e 100644 --- a/python/ambassador/diagnostics/envoy_stats.py +++ b/python/ambassador/diagnostics/envoy_stats.py @@ -387,7 +387,7 @@ def update_envoy_stats(self, last_attempt: float) -> None: # self.logger.info("cluster %s stats: %s" % (cluster_name, cluster)) healthy_percent: Optional[int] - + healthy_members = cluster['membership_healthy'] total_members = cluster['membership_total'] healthy_percent = percentage(healthy_members, total_members) diff --git a/python/ambassador/envoy/v2/v2cidrrange.py b/python/ambassador/envoy/v2/v2cidrrange.py index cb1f747a77..b59d95ebea 100644 --- a/python/ambassador/envoy/v2/v2cidrrange.py +++ b/python/ambassador/envoy/v2/v2cidrrange.py @@ -4,7 +4,7 @@ class CIDRRange: """ - A CIDRRange is an IP address (either v4 or v6) plus a prefix length. It + A CIDRRange is an IP address (either v4 or v6) plus a prefix length. It corresponds to an envoy.api.v2.core.CidrRange. """ diff --git a/python/ambassador/envoy/v2/v2listener.py b/python/ambassador/envoy/v2/v2listener.py index ca759db8b2..95b9c4ff56 100644 --- a/python/ambassador/envoy/v2/v2listener.py +++ b/python/ambassador/envoy/v2/v2listener.py @@ -114,7 +114,7 @@ def __str__(self) -> str: # Model an Envoy listener. # -# In Envoy, Listeners are the top-level configuration element defining a port on which we'll +# In Envoy, Listeners are the top-level configuration element defining a port on which we'll # listen; in turn, they contain filter chains which define what will be done with a connection. # # There is a one-to-one correspondence between an IRListener and an Envoy listener: the logic @@ -185,20 +185,20 @@ def __init__(self, config: 'V2Config', irlistener: IRListener) -> None: # Only look at TCPMappingGroups here... if not isinstance(irgroup, IRTCPMappingGroup): continue - + # ...and make sure the group in question wants the same bind # address that we do. - if irgroup.bind_to() != self.bind_to: + if irgroup.bind_to() != self.bind_to: # self.config.ir.logger.debug("V2Listener %s: skip TCPMappingGroup on %s", self.bind_to, irgroup.bind_to()) continue - + self.add_tcp_group(irgroup) def add_chain(self, chain_type: str, host: Optional[IRHost]) -> V2Chain: # Add a chain for a specific Host to this listener, while dealing with the fundamental # asymmetry that filter_chain_match can - and should - use SNI whenever the chain has - # TLS available, but that's simply not available for chains without TLS. - # + # TLS available, but that's simply not available for chains without TLS. + # # The pratical upshot is that we can generate _only one_ HTTP chain, but we can have # HTTPS and TCP chains for specfic hostnames. HOWEVER, we still track HTTP chains by # hostname, because we can - and do - separate HTTP chains into specific domains. @@ -240,7 +240,7 @@ def add_tcp_group(self, irgroup: IRTCPMappingGroup) -> None: group_host = irgroup.get('host', None) if self._log_debug: - self.config.ir.logger.debug("V2Listener %s on %s: take TCPMappingGroup on %s (%s)", + self.config.ir.logger.debug("V2Listener %s on %s: take TCPMappingGroup on %s (%s)", self.name, self.bind_to, irgroup.bind_to(), group_host or "i'*'") if not group_host: @@ -256,12 +256,12 @@ def add_tcp_group(self, irgroup: IRTCPMappingGroup) -> None: if not host.context: if self._log_debug: - self.config.ir.logger.debug("V2Listener %s @ %s TCP %s: skip %s", + self.config.ir.logger.debug("V2Listener %s @ %s TCP %s: skip %s", self.name, self.bind_to, group_host, host) continue - + if self._log_debug: - self.config.ir.logger.debug("V2Listener %s @ %s TCP %s: consider %s", + self.config.ir.logger.debug("V2Listener %s @ %s TCP %s: consider %s", self.name, self.bind_to, group_host, host) if hostglob_matches(host.hostname, group_host): @@ -579,7 +579,7 @@ def finalize_tcp(self) -> None: ] } - # The chain as a whole has a single matcher. + # The chain as a whole has a single matcher. filter_chain_match: Dict[str, Any] = {} chain_hosts = chain.hostglobs() @@ -589,7 +589,7 @@ def finalize_tcp(self) -> None: # ...then we can ask for TLS. filter_chain_match["transport_protocol"] = "tls" - # Note that we're modifying the filter_chain itself here, not + # Note that we're modifying the filter_chain itself here, not # filter_chain_match. filter_chain["tls_context"] = V2TLSContext(chain.context) @@ -602,7 +602,7 @@ def finalize_tcp(self) -> None: # Once all of that is done, hook in the match... filter_chain['filter_chain_match'] = filter_chain_match - + # ...and stick this chain into our filter. self._filter_chains.append(filter_chain) @@ -623,10 +623,10 @@ def compute_chains(self) -> None: # OK, if we're still here, then it's a question of matching the Listener's # SecurityModel with the Host's requestPolicy. It happens that it's actually - # pretty hard to reject things at this level. + # pretty hard to reject things at this level. # # First up, if the Listener is marked insecure-only, but the Listener's port - # doesn't match the Host's insecure_addl_port, don't take this Host: this + # doesn't match the Host's insecure_addl_port, don't take this Host: this # Listener was synthesized to handle some other Host. (This is a corner case that # will become less and less likely as more people hop on the Listener bandwagon. # Also, remember that Hosts don't specify bind addresses, so only the port matters @@ -645,7 +645,7 @@ def compute_chains(self) -> None: insecure_action = host.insecure_action # If the Listener's securityModel is SECURE, but this host has a secure_action - # of Reject (or empty), we'll skip this host, because the only requests this + # of Reject (or empty), we'll skip this host, because the only requests this # Listener can ever produce will be rejected. In any other case, we'll set up an # HTTPS chain for this Host, as long as we think TLS is OK. @@ -667,11 +667,11 @@ def compute_chains(self) -> None: def compute_routes(self) -> None: # Compute the set of valid HTTP routes for _each chain_ in this Listener. - # + # # Note that a route using XFP can match _any_ chain, whether HTTP or HTTPS. logger = self.config.ir.logger - + for chain_key, chain in self._chains.items(): # Only look at HTTP(S) chains. if (chain.type != "http") and (chain.type != "https"): @@ -704,7 +704,7 @@ def compute_routes(self) -> None: # For each host, we need to look at things for the secure world as well # as the insecure world, depending on what the action is exactly (and note # that, yes, we can have an action of None for an insecure_only listener). - # + # # "candidates" is host, matcher, action, V2RouteVariants candidates: List[Tuple[IRHost, str, str, V2RouteVariants]] = [] hostname = host.hostname @@ -715,7 +715,7 @@ def compute_routes(self) -> None: matcher = 'always' if (self._security_model == 'SECURE') else 'xfp-https' candidates.append(( host, matcher, 'Route', rv )) - + if (host.insecure_action is not None) and (self._security_model != "SECURE"): # We have an insecure action, and we're willing to believe that at least some of # our requests will be insecure. @@ -808,7 +808,7 @@ def finalize_http(self) -> None: if chain.type == "http": # All HTTP chains get collapsed into one here, using domains to separate them. - # This works because we don't need to offer TLS certs (we can't anyway), and + # This works because we don't need to offer TLS certs (we can't anyway), and # because of that, SNI (and thus filter server_names matches) aren't things. chain_key = "http" @@ -839,13 +839,13 @@ def finalize_http(self) -> None: # Set up the server_names part of the match, if we have any names. # - # Note that "*" is _not allowed_ in server_names, though e.g. "*.example.com" - # is. So we need to filter out the "*" itself... which is ugly, because - # - # server_names: [ "*", "foo.example.com" ] + # Note that "*" is _not allowed_ in server_names, though e.g. "*.example.com" + # is. So we need to filter out the "*" itself... which is ugly, because + # + # server_names: [ "*", "foo.example.com" ] + # + # is very different from # - # is very different from - # # server_names: [ "foo.example.com" ] # # So, if "*" is present at all in our chain_hosts, we can't match server_names @@ -859,10 +859,10 @@ def finalize_http(self) -> None: if chain.context: # ...uh. How could we not have a context if we're doing TLS? - # Note that we're modifying the filter_chain itself here, not + # Note that we're modifying the filter_chain itself here, not # filter_chain_match. filter_chain["tls_context"] = V2TLSContext(chain.context) - + # Finally, stash the match in the chain... filter_chain["filter_chain_match"] = filter_chain_match @@ -875,10 +875,10 @@ def finalize_http(self) -> None: # OK, we have the filter_chain variable set -- build the Envoy virtual_hosts for it. for host in chain.hosts.values(): - # Make certain that no internal keys from the route make it into the Envoy + # Make certain that no internal keys from the route make it into the Envoy # configuration. routes = [] - + for r in chain.routes: routes.append({ k: v for k, v in r.items() if k[0] != '_' }) @@ -945,7 +945,7 @@ def as_dict(self) -> dict: if self.listener_filters: odict["listener_filters"] = self.listener_filters - return odict + return odict def pretty(self) -> dict: return { diff --git a/python/ambassador/envoy/v2/v2route.py b/python/ambassador/envoy/v2/v2route.py index 2199f14575..7284a3a105 100644 --- a/python/ambassador/envoy/v2/v2route.py +++ b/python/ambassador/envoy/v2/v2route.py @@ -28,7 +28,7 @@ # This is the root of a certain amount of ugliness in this file -- it's a V2Route -# that's been turned into a plain old dict, so it can be easily JSONified. The +# that's been turned into a plain old dict, so it can be easily JSONified. The # problem is that that currently happens earlier than it should; I'm hoping to fix # that shortly. DictifiedV2Route = Dict[str, Any] @@ -217,15 +217,15 @@ def get_variant(self, matcher: str, action: str) -> DictifiedV2Route: def matcher_always(self, variant: DictifiedV2Route) -> None: pass - # Match XFP=https. + # Match XFP=https. def matcher_xfp_https(self, variant: DictifiedV2Route) -> None: self.matcher_xfp(variant, "https") # Match XFP=http... but we turn that into "don't match XFP at all" - # because if XFP isn't set (somehow?), we want that case to match + # because if XFP isn't set (somehow?), we want that case to match # here. It's really "not https" as opposed to "equals http". # - # (We could also have done this as "invert XFP=https" but this is a + # (We could also have done this as "invert XFP=https" but this is a # better fit for what we'e done historically.) def matcher_xfp_http(self, variant: DictifiedV2Route) -> None: self.matcher_xfp(variant, None) @@ -275,8 +275,8 @@ def action_redirect(self, variant) -> None: # This is where the magic happens to actually route an HTTP request. There's a # lot going on here because the Envoy route element is actually pretty complex. # -# Of particular note is the ["_host_constraints"] element: the Mapping can -# either specify a single host glob, or nothing (which means "*"). All the +# Of particular note is the ["_host_constraints"] element: the Mapping can +# either specify a single host glob, or nothing (which means "*"). All the # context-matching madness happens up at the chain level, so we only need to # mess with the one host glob at this point. diff --git a/python/ambassador/envoy/v3/v3listener.py b/python/ambassador/envoy/v3/v3listener.py index 0fd163deda..148638cf1c 100644 --- a/python/ambassador/envoy/v3/v3listener.py +++ b/python/ambassador/envoy/v3/v3listener.py @@ -114,7 +114,7 @@ def __str__(self) -> str: # Model an Envoy listener. # -# In Envoy, Listeners are the top-level configuration element defining a port on which we'll +# In Envoy, Listeners are the top-level configuration element defining a port on which we'll # listen; in turn, they contain filter chains which define what will be done with a connection. # # There is a one-to-one correspondence between an IRListener and an Envoy listener: the logic @@ -185,20 +185,20 @@ def __init__(self, config: 'V3Config', irlistener: IRListener) -> None: # Only look at TCPMappingGroups here... if not isinstance(irgroup, IRTCPMappingGroup): continue - + # ...and make sure the group in question wants the same bind # address that we do. - if irgroup.bind_to() != self.bind_to: + if irgroup.bind_to() != self.bind_to: # self.config.ir.logger.debug("V3Listener %s: skip TCPMappingGroup on %s", self.bind_to, irgroup.bind_to()) continue - + self.add_tcp_group(irgroup) def add_chain(self, chain_type: str, host: Optional[IRHost]) -> V3Chain: # Add a chain for a specific Host to this listener, while dealing with the fundamental # asymmetry that filter_chain_match can - and should - use SNI whenever the chain has - # TLS available, but that's simply not available for chains without TLS. - # + # TLS available, but that's simply not available for chains without TLS. + # # The pratical upshot is that we can generate _only one_ HTTP chain, but we can have # HTTPS and TCP chains for specfic hostnames. HOWEVER, we still track HTTP chains by # hostname, because we can - and do - separate HTTP chains into specific domains. @@ -240,7 +240,7 @@ def add_tcp_group(self, irgroup: IRTCPMappingGroup) -> None: group_host = irgroup.get('host', None) if self._log_debug: - self.config.ir.logger.debug("V3Listener %s on %s: take TCPMappingGroup on %s (%s)", + self.config.ir.logger.debug("V3Listener %s on %s: take TCPMappingGroup on %s (%s)", self.name, self.bind_to, irgroup.bind_to(), group_host or "i'*'") if not group_host: @@ -256,12 +256,12 @@ def add_tcp_group(self, irgroup: IRTCPMappingGroup) -> None: if not host.context: if self._log_debug: - self.config.ir.logger.debug("V3Listener %s @ %s TCP %s: skip %s", + self.config.ir.logger.debug("V3Listener %s @ %s TCP %s: skip %s", self.name, self.bind_to, group_host, host) continue - + if self._log_debug: - self.config.ir.logger.debug("V3Listener %s @ %s TCP %s: consider %s", + self.config.ir.logger.debug("V3Listener %s @ %s TCP %s: consider %s", self.name, self.bind_to, group_host, host) if hostglob_matches(host.hostname, group_host): @@ -593,7 +593,7 @@ def finalize_tcp(self) -> None: ] } - # The chain as a whole has a single matcher. + # The chain as a whole has a single matcher. filter_chain_match: Dict[str, Any] = {} chain_hosts = chain.hostglobs() @@ -603,7 +603,7 @@ def finalize_tcp(self) -> None: # ...then we can ask for TLS. filter_chain_match["transport_protocol"] = "tls" - # Note that we're modifying the filter_chain itself here, not + # Note that we're modifying the filter_chain itself here, not # filter_chain_match. envoy_ctx = V3TLSContext(chain.context) @@ -624,7 +624,7 @@ def finalize_tcp(self) -> None: # Once all of that is done, hook in the match... filter_chain['filter_chain_match'] = filter_chain_match - + # ...and stick this chain into our filter. self._filter_chains.append(filter_chain) @@ -645,10 +645,10 @@ def compute_chains(self) -> None: # OK, if we're still here, then it's a question of matching the Listener's # SecurityModel with the Host's requestPolicy. It happens that it's actually - # pretty hard to reject things at this level. + # pretty hard to reject things at this level. # # First up, if the Listener is marked insecure-only, but the Listener's port - # doesn't match the Host's insecure_addl_port, don't take this Host: this + # doesn't match the Host's insecure_addl_port, don't take this Host: this # Listener was synthesized to handle some other Host. (This is a corner case that # will become less and less likely as more people hop on the Listener bandwagon. # Also, remember that Hosts don't specify bind addresses, so only the port matters @@ -667,7 +667,7 @@ def compute_chains(self) -> None: insecure_action = host.insecure_action # If the Listener's securityModel is SECURE, but this host has a secure_action - # of Reject (or empty), we'll skip this host, because the only requests this + # of Reject (or empty), we'll skip this host, because the only requests this # Listener can ever produce will be rejected. In any other case, we'll set up an # HTTPS chain for this Host, as long as we think TLS is OK. @@ -689,11 +689,11 @@ def compute_chains(self) -> None: def compute_routes(self) -> None: # Compute the set of valid HTTP routes for _each chain_ in this Listener. - # + # # Note that a route using XFP can match _any_ chain, whether HTTP or HTTPS. logger = self.config.ir.logger - + for chain_key, chain in self._chains.items(): # Only look at HTTP(S) chains. if (chain.type != "http") and (chain.type != "https"): @@ -726,7 +726,7 @@ def compute_routes(self) -> None: # For each host, we need to look at things for the secure world as well # as the insecure world, depending on what the action is exactly (and note # that, yes, we can have an action of None for an insecure_only listener). - # + # # "candidates" is host, matcher, action, V3RouteVariants candidates: List[Tuple[IRHost, str, str, V3RouteVariants]] = [] hostname = host.hostname @@ -737,7 +737,7 @@ def compute_routes(self) -> None: matcher = 'always' if (self._security_model == 'SECURE') else 'xfp-https' candidates.append(( host, matcher, 'Route', rv )) - + if (host.insecure_action is not None) and (self._security_model != "SECURE"): # We have an insecure action, and we're willing to believe that at least some of # our requests will be insecure. @@ -830,7 +830,7 @@ def finalize_http(self) -> None: if chain.type == "http": # All HTTP chains get collapsed into one here, using domains to separate them. - # This works because we don't need to offer TLS certs (we can't anyway), and + # This works because we don't need to offer TLS certs (we can't anyway), and # because of that, SNI (and thus filter server_names matches) aren't things. chain_key = "http" @@ -861,13 +861,13 @@ def finalize_http(self) -> None: # Set up the server_names part of the match, if we have any names. # - # Note that "*" is _not allowed_ in server_names, though e.g. "*.example.com" - # is. So we need to filter out the "*" itself... which is ugly, because - # - # server_names: [ "*", "foo.example.com" ] + # Note that "*" is _not allowed_ in server_names, though e.g. "*.example.com" + # is. So we need to filter out the "*" itself... which is ugly, because + # + # server_names: [ "*", "foo.example.com" ] + # + # is very different from # - # is very different from - # # server_names: [ "foo.example.com" ] # # So, if "*" is present at all in our chain_hosts, we can't match server_names @@ -881,7 +881,7 @@ def finalize_http(self) -> None: if chain.context: # ...uh. How could we not have a context if we're doing TLS? - # Note that we're modifying the filter_chain itself here, not + # Note that we're modifying the filter_chain itself here, not # filter_chain_match. envoy_ctx = V3TLSContext(chain.context) @@ -905,10 +905,10 @@ def finalize_http(self) -> None: # OK, we have the filter_chain variable set -- build the Envoy virtual_hosts for it. for host in chain.hosts.values(): - # Make certain that no internal keys from the route make it into the Envoy + # Make certain that no internal keys from the route make it into the Envoy # configuration. routes = [] - + for r in chain.routes: routes.append({ k: v for k, v in r.items() if k[0] != '_' }) @@ -975,7 +975,7 @@ def as_dict(self) -> dict: if self.listener_filters: odict["listener_filters"] = self.listener_filters - return odict + return odict def pretty(self) -> dict: return { diff --git a/python/ambassador/envoy/v3/v3route.py b/python/ambassador/envoy/v3/v3route.py index 0ad647ce09..d099a4c82e 100644 --- a/python/ambassador/envoy/v3/v3route.py +++ b/python/ambassador/envoy/v3/v3route.py @@ -28,7 +28,7 @@ # This is the root of a certain amount of ugliness in this file -- it's a V3Route -# that's been turned into a plain old dict, so it can be easily JSONified. The +# that's been turned into a plain old dict, so it can be easily JSONified. The # problem is that that currently happens earlier than it should; I'm hoping to fix # that shortly. DictifiedV3Route = Dict[str, Any] @@ -205,15 +205,15 @@ def get_variant(self, matcher: str, action: str) -> DictifiedV3Route: def matcher_always(self, variant: DictifiedV3Route) -> None: pass - # Match XFP=https. + # Match XFP=https. def matcher_xfp_https(self, variant: DictifiedV3Route) -> None: self.matcher_xfp(variant, "https") # Match XFP=http... but we turn that into "don't match XFP at all" - # because if XFP isn't set (somehow?), we want that case to match + # because if XFP isn't set (somehow?), we want that case to match # here. It's really "not https" as opposed to "equals http". # - # (We could also have done this as "invert XFP=https" but this is a + # (We could also have done this as "invert XFP=https" but this is a # better fit for what we'e done historically.) def matcher_xfp_http(self, variant: DictifiedV3Route) -> None: self.matcher_xfp(variant, None) @@ -263,8 +263,8 @@ def action_redirect(self, variant) -> None: # This is where the magic happens to actually route an HTTP request. There's a # lot going on here because the Envoy route element is actually pretty complex. # -# Of particular note is the ["_host_constraints"] element: the Mapping can -# either specify a single host glob, or nothing (which means "*"). All the +# Of particular note is the ["_host_constraints"] element: the Mapping can +# either specify a single host glob, or nothing (which means "*"). All the # context-matching madness happens up at the chain level, so we only need to # mess with the one host glob at this point. diff --git a/python/ambassador/fetch/ingress.py b/python/ambassador/fetch/ingress.py index ad747d27e2..041ba19e38 100644 --- a/python/ambassador/fetch/ingress.py +++ b/python/ambassador/fetch/ingress.py @@ -247,7 +247,7 @@ def _process(self, obj: KubernetesObject) -> None: # of "*" so that the Mapping we generate doesn't get dropped. if not ingress_id: spec['hostname'] = "*" - + mapping_labels = dict(obj.labels) if ingress_id: diff --git a/python/ambassador/ir/irbasemapping.py b/python/ambassador/ir/irbasemapping.py index 70bf05f1fc..95186c5bbb 100644 --- a/python/ambassador/ir/irbasemapping.py +++ b/python/ambassador/ir/irbasemapping.py @@ -72,7 +72,7 @@ def normalize_service_name(ir: 'IR', in_service: str, mapping_namespace: Optiona is_qualified, out_service )) - + return out_service class IRBaseMapping (IRResource): diff --git a/python/ambassador/ir/irbuffer.py b/python/ambassador/ir/irbuffer.py index 044649a0e8..0adcb611ef 100644 --- a/python/ambassador/ir/irbuffer.py +++ b/python/ambassador/ir/irbuffer.py @@ -12,7 +12,7 @@ from .ir import IR # pragma: no cover class IRBuffer (IRFilter): - + def __init__(self, ir: 'IR', aconf: Config, rkey: str="ir.buffer", name: str="ir.buffer", diff --git a/python/ambassador/ir/irgzip.py b/python/ambassador/ir/irgzip.py index cd9923be8a..a83655eccb 100644 --- a/python/ambassador/ir/irgzip.py +++ b/python/ambassador/ir/irgzip.py @@ -12,7 +12,7 @@ from .ir import IR # pragma: no cover class IRGzip (IRFilter): - + def __init__(self, ir: 'IR', aconf: Config, rkey: str="ir.gzip", name: str="ir.gzip", @@ -31,5 +31,5 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: self["content_type"] = self.pop('content_type', []) self["disable_on_etag_header"] = self.pop('disable_on_etag_header', None) self["remove_accept_encoding_header"] = self.pop('remove_accept_encoding_header', None) - + return True diff --git a/python/ambassador/ir/irhost.py b/python/ambassador/ir/irhost.py index 7868967792..22d3501756 100644 --- a/python/ambassador/ir/irhost.py +++ b/python/ambassador/ir/irhost.py @@ -25,7 +25,7 @@ class IRHost(IRResource): 'tlsContext', 'tls', } - + hostname: str secure_action: str insecure_action: str @@ -244,7 +244,7 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: # Override noisily, since they tried to explicitly disable it. self.post_error("ACME requires insecure.additionalPort to function; forcing to 8080") override_insecure = True - + if override_insecure: # Force self.insecure_addl_port... self.insecure_addl_port = 8080 @@ -294,14 +294,14 @@ def save_context(self, ir: 'IR', ctx_name: str, tls_ss: SavedSecret, tls_name: s assert(secret_name) # For mypy -- if has_secret() is true, secret_name() will be there. # This is a little weird. Basically we're going to resolve the secret (which should just - # be a cache lookup here) so that we can use SavedSecret.__str__() as a serializer to + # be a cache lookup here) so that we can use SavedSecret.__str__() as a serializer to # compare the configurations. context_ss = self.resolve(ir, secret_name) self.logger.debug(f"Host {self.name}, ctx {ctx.name}, secret {secret_name}, resolved {context_ss}") if str(context_ss) != str(tls_ss): - self.post_error("Secret info mismatch between Host %s (secret: %s) and TLSContext %s: (secret: %s)" % + self.post_error("Secret info mismatch between Host %s (secret: %s) and TLSContext %s: (secret: %s)" % (self.name, tls_name, ctx_name, secret_name)) return False else: @@ -321,7 +321,7 @@ def save_context(self, ir: 'IR', ctx_name: str, tls_ss: SavedSecret, tls_name: s if context_hosts: is_valid_hosts = False - # XXX Should we be doing a glob check here? + # XXX Should we be doing a glob check here? for host_tc in context_hosts: if host_tc in host_hosts: is_valid_hosts = True @@ -373,7 +373,7 @@ def matches_httpgroup(self, group: 'IRHTTPMappingGroup') -> bool: if selector: sel_match = selector_matches(self.logger, selector, group.get('metadata_labels', {})) - self.logger.debug("-- host sel %s group labels %s => %s", + self.logger.debug("-- host sel %s group labels %s => %s", dump_json(selector), dump_json(group.get('metadata_labels')), sel_match) return host_match or sel_match @@ -448,14 +448,14 @@ def finalize(cls, ir: 'IR', aconf: Config) -> None: if found_termination_context: ir.post_error("No Hosts defined, but TLSContexts exist that terminate TLS. The TLSContexts are being ignored.") - # If we don't have a fallback secret, don't try to use it. + # If we don't have a fallback secret, don't try to use it. # - # We use the Ambassador's namespace here because we'll be creating the + # We use the Ambassador's namespace here because we'll be creating the # fallback Host in the Ambassador's namespace. fallback_ss = ir.resolve_secret(ir.ambassador_module, "fallback-self-signed-cert", ir.ambassador_namespace) host: IRHost - + if not fallback_ss: ir.aconf.post_notice("No TLS termination and no fallback cert -- defaulting to cleartext-only.") ir.logger.debug("HostFactory: creating cleartext-only default host") diff --git a/python/ambassador/ir/irhttpmapping.py b/python/ambassador/ir/irhttpmapping.py index 5ddd668999..93dd7b086c 100644 --- a/python/ambassador/ir/irhttpmapping.py +++ b/python/ambassador/ir/irhttpmapping.py @@ -245,14 +245,14 @@ def __init__(self, ir: 'IR', aconf: Config, ir.logger.debug("IRHTTPMapping %s: self.host contains * (%s, host)", name, host) else: ir.logger.debug("IRHTTPMapping %s: self.host == %s (host)", name, self.host) - + # Finally, check for 'hostname'. if 'hostname' in kwargs: # It's deliberate that we allow kwargs['hostname'] to override anything else -- even a regex host. # Yell about it, though. if host: ir.logger.warning("Mapping %s in namespace %s: both host and hostname are set, using hostname and ignoring host", name, namespace) - + # No need to be so careful about "*" here, since hostname is defined to be a glob. host = kwargs['hostname'] host_regex = False @@ -474,7 +474,7 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: self._enforce_mutual_exclusion('path_redirect', 'regex_redirect') self._enforce_mutual_exclusion('prefix_redirect', 'regex_redirect') - ir.logger.debug("Mapping %s: setup OK: host %s hostname %s regex %s", + ir.logger.debug("Mapping %s: setup OK: host %s hostname %s regex %s", self.name, self.get('host'), self.get('hostname'), self.get('host_regex')) return True diff --git a/python/ambassador/ir/iripallowdeny.py b/python/ambassador/ir/iripallowdeny.py index 7e8cdb581f..919f4dd344 100644 --- a/python/ambassador/ir/iripallowdeny.py +++ b/python/ambassador/ir/iripallowdeny.py @@ -49,7 +49,7 @@ def __init__(self, ir: 'IR', aconf: Config, assert action is not None super().__init__( - ir=ir, aconf=aconf, rkey=rkey, kind=kind, name=name, + ir=ir, aconf=aconf, rkey=rkey, kind=kind, name=name, parent=parent, action=action, **kwargs) def setup(self, ir: 'IR', aconf: Config) -> bool: @@ -80,13 +80,13 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: # principals looks like # - # [ + # [ # { 'peer': '127.0.0.1' }, # { 'remote': '192.68.0.0/24' }, # { 'remote': '::1' } # ] # - # or the like, where the key in the dict specifies how Envoy will handle the + # or the like, where the key in the dict specifies how Envoy will handle the # IP match, and the value is a CIDRRange spec. for pdict in principals: @@ -108,7 +108,7 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: continue cidrrange = CIDRRange(spec) - + if cidrrange: self.principals.append((envoy_kind, cidrrange)) else: diff --git a/python/ambassador/ir/irlistener.py b/python/ambassador/ir/irlistener.py index ecc7fb0f02..2dcd0b2217 100644 --- a/python/ambassador/ir/irlistener.py +++ b/python/ambassador/ir/irlistener.py @@ -88,7 +88,7 @@ def __init__(self, ir: 'IR', aconf: Config, super().__init__( ir=ir, aconf=aconf, rkey=rkey, location=location, kind=kind, name=name, namespace=namespace, apiVersion=apiVersion, - insecure_only=insecure_only, + insecure_only=insecure_only, **new_args ) @@ -103,7 +103,7 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: # Was a bind address specified? if not self.get('bind_address', None): # Nope, use the default. - self.bind_address = Config.envoy_bind_address + self.bind_address = Config.envoy_bind_address ir.logger.debug(f"Listener {self.name} setting up on {self.bind_address}:{self.port}") @@ -129,10 +129,10 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: if not pstack: self.post_error(f"protocol %s is not valid", protocol) return False - + ir.logger.debug(f"Listener {self.name} forcing pstack {';'.join(pstack)}") self.protocolStack = pstack - + if not securityModel: self.post_error("securityModel is required") return False @@ -159,10 +159,10 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: if not hostbinding: self.post_error("hostBinding is required") return False - + # We don't want self.hostBinding any more: the relevant stuff will be stored elsewhere # for ease of use. - # + # # XXX You can't do del(self.hostBinding) here, because underneath everything, an # IRListener is a Resource, and Resources are really much more like dicts than we # like to admit. @@ -206,7 +206,7 @@ def setup(self, ir: 'IR', aconf: Config) -> bool: # if not nsselector: # self.post_error("hostBinding.namespace.selector is required when hostBinding.namespace.from is SELECTOR") # return False - + # match: Optional[Dict[str, str]] = nsselector.get("matchLabels", None) # if not match: @@ -310,7 +310,7 @@ def finalize(cls, ir: 'IR', aconf: Config) -> None: # ir.logger.debug("ListenerFactory: synthesizing default listeners (TLS)") # # Add the default HTTP listener. - # # + # # # # We use protocol HTTPS here so that the TLS inspector is active; that # # lets us make better decisions about the security of a given request. # ir.save_listener(IRListener( @@ -341,7 +341,7 @@ def finalize(cls, ir: 'IR', aconf: Config) -> None: # ir.logger.debug("ListenerFactory: synthesizing default listener (cleartext)") # # Add the default HTTP listener. - # # + # # # # We use protocol HTTP here because no, we don't want TLS active. # ir.save_listener(IRListener( # ir, aconf, "-internal-", "ambassador-listener-8080", "-internal-", @@ -355,18 +355,18 @@ def finalize(cls, ir: 'IR', aconf: Config) -> None: # } # )) - # # After that, cycle over our Hosts and see if any refer to + # # After that, cycle over our Hosts and see if any refer to # # insecure.additionalPorts that don't already have Listeners. # for host in ir.get_hosts(): # # Hosts don't choose bind addresses, so if we see an insecure_addl_port, # # look for it on Config.envoy_bind_address. # if (host.insecure_addl_port is not None) and (host.insecure_addl_port > 0): # listener_key = f"{Config.envoy_bind_address}-{host.insecure_addl_port}" - + # if listener_key not in ir.listeners: - # ir.logger.debug("ListenerFactory: synthesizing listener for Host %s insecure.additionalPort %d", + # ir.logger.debug("ListenerFactory: synthesizing listener for Host %s insecure.additionalPort %d", # host.hostname, host.insecure_addl_port) - + # name = "insecure-for-%d" % host.insecure_addl_port # # Note that we don't specify the bind address here, so that it diff --git a/python/ambassador/ir/irlogservice.py b/python/ambassador/ir/irlogservice.py index 88ec6f21bb..646401e6fe 100644 --- a/python/ambassador/ir/irlogservice.py +++ b/python/ambassador/ir/irlogservice.py @@ -80,8 +80,8 @@ def add_mappings(self, ir: 'IR', aconf: Config): self.cluster.referenced_by(self) def get_common_config(self) -> dict: - # get_common_config isn't allowed to be called before add_mappings - # is called (by ir.walk_saved_resources). So we can assert that + # get_common_config isn't allowed to be called before add_mappings + # is called (by ir.walk_saved_resources). So we can assert that # self.cluster isn't None here, both to make mypy happier and out # of paranoia. assert(self.cluster) diff --git a/python/ambassador/ir/irmappingfactory.py b/python/ambassador/ir/irmappingfactory.py index 06b3088622..9a0ac46b54 100644 --- a/python/ambassador/ir/irmappingfactory.py +++ b/python/ambassador/ir/irmappingfactory.py @@ -58,7 +58,7 @@ def load_config(cls, ir: 'IR', aconf: Config, # key must be an IRBaseMapping, but let's assert that rather than casting. assert(isinstance(cached_mapping, IRBaseMapping)) mapping = cached_mapping - + ir.logger.debug(f"IR: adding Mapping for {config.name}") ir.add_mapping(aconf, mapping) diff --git a/python/ambassador/ir/irresource.py b/python/ambassador/ir/irresource.py index 0bdab1e7ce..fa70593d5f 100644 --- a/python/ambassador/ir/irresource.py +++ b/python/ambassador/ir/irresource.py @@ -37,7 +37,7 @@ def helper_list(res: 'IRResource', k: str) -> Tuple[str, list]: _active: bool _errored: bool _cache_key: Optional[str] - + def __init__(self, ir: 'IR', aconf: Config, rkey: str, kind: str, @@ -89,7 +89,7 @@ def lookup_default(self, key: str, default_value: Optional[Any]=None, lookup_cla """ Look up a key in the Ambassador module's "defaults" element. - The "lookup class" is + The "lookup class" is - the lookup_class parameter if one was passed, else - self.default_class if that's set, else - None. @@ -110,7 +110,7 @@ def lookup_default(self, key: str, default_value: Optional[Any]=None, lookup_cla :param lookup_class: the lookup class, see above :return: Any """ - + defaults = self.ir.ambassador_module.get('defaults', {}) lclass = lookup_class diff --git a/python/ambassador/ir/irtcpmappinggroup.py b/python/ambassador/ir/irtcpmappinggroup.py index cf4eb2dc49..3eb1e3655f 100644 --- a/python/ambassador/ir/irtcpmappinggroup.py +++ b/python/ambassador/ir/irtcpmappinggroup.py @@ -152,12 +152,12 @@ def add_cluster_for_mapping(self, mapping: IRBaseMapping, # ...and link the Group to the cluster. # - # Right now, I'm going for maximum safety, which means a single chain linking + # Right now, I'm going for maximum safety, which means a single chain linking # Mapping -> Group -> Cluster. That means that deleting a single Mapping deletes # the Group to which that Mapping is attached, which in turn deletes all the # Clusters for that Group. # - # Performance might dictate linking Mapping -> Group and Mapping -> Cluster, so + # Performance might dictate linking Mapping -> Group and Mapping -> Cluster, so # that deleting a Mapping deletes the Group but only the single Cluster. Needs # testing. diff --git a/python/ambassador/ir/irutils.py b/python/ambassador/ir/irutils.py index f45478767b..d9c6a3e8f9 100644 --- a/python/ambassador/ir/irutils.py +++ b/python/ambassador/ir/irutils.py @@ -55,7 +55,7 @@ def selector_matches(logger: logging.Logger, selector: Dict[str, Any], labels: D logger.debug(" no matchLabels in selector => True") return True - # If we have stuff to match on, but no labels to actually match them, we + # If we have stuff to match on, but no labels to actually match them, we # can short-circuit (and skip a weirder conditional down in the loop). if not labels: logger.debug(" no incoming labels => False") diff --git a/python/ambassador/reconfig_stats.py b/python/ambassador/reconfig_stats.py index de3b3d4fdc..7a7d8c3984 100644 --- a/python/ambassador/reconfig_stats.py +++ b/python/ambassador/reconfig_stats.py @@ -53,7 +53,7 @@ def __init__(self, logger: logging.Logger, # logic around the last reconfigure and for logging. self.reconfigures: List[Tuple[str, PerfCounter]] = [] - # self.counts tracks how many of each kind of reconfiguration have + # self.counts tracks how many of each kind of reconfiguration have # happened, for metrics. self.counts = { "incremental": 0, @@ -107,7 +107,7 @@ def mark(self, what: str, when: Optional[PerfCounter]=None) -> None: update_counters = True if what == 'complete': - # For a complete reconfigure, we need to clear all the outstanding + # For a complete reconfigure, we need to clear all the outstanding # incrementals, and also remember when it happened. self.incrementals_outstanding = 0 self.last_complete = when @@ -152,7 +152,7 @@ def needs_check(self, when: Optional[PerfCounter]=None) -> bool: :param when: Override the effective time of the check. Primarily useful for testing. :return: True if a check is needed, False if not """ - + if not when: when = time.perf_counter() @@ -160,7 +160,7 @@ def needs_check(self, when: Optional[PerfCounter]=None) -> bool: # No reconfigures, so no need to check. # self.logger.debug(f"NEEDS_CHECK @ {when}: no reconfigures, skip") return False - + # Grab information about our last reconfiguration. what, _ = self.reconfigures[-1] @@ -197,20 +197,20 @@ def needs_check(self, when: Optional[PerfCounter]=None) -> bool: # Yup, it's been long enough. # self.logger.debug(f"NEEDS_CHECK @ {when}: delta {delta}, check") return True - + # self.logger.debug(f"NEEDS_CHECK @ {when}: delta {delta}, skip") return False def needs_timers(self, when: Optional[PerfCounter]=None) -> bool: """ - Determine if we need to log the timers or not. The logic here is that + Determine if we need to log the timers or not. The logic here is that we need to log every max_configs_between_timers incrementals or every or every max_time_between_timers seconds, whichever comes first. :param when: Override the effective time of the check. Primarily useful for testing. :return: True if we need to log timers, False if not """ - + if not when: when = time.perf_counter() @@ -218,7 +218,7 @@ def needs_timers(self, when: Optional[PerfCounter]=None) -> bool: # No reconfigures, so no need to check. # self.logger.debug(f"NEEDS_TIMERS @ {when}: no reconfigures, skip") return False - + # If we have no configurations outstanding, we're done. if self.configs_outstanding == 0: # self.logger.debug(f"NEEDS_TIMERS @ {when}: outstanding 0, skip") @@ -233,8 +233,8 @@ def needs_timers(self, when: Optional[PerfCounter]=None) -> bool: # self.logger.debug(f"NEEDS_TIMERS @ {when}: outstanding {self.configs_outstanding}") # We're good for outstanding incrementals. How about the max time between timers? - # Note that we may _never_ have logged timers before -- if that's the case, use - # the time of our last complete reconfigure, which must always be set, as a + # Note that we may _never_ have logged timers before -- if that's the case, use + # the time of our last complete reconfigure, which must always be set, as a # baseline. assert(self.last_complete is not None) @@ -246,7 +246,7 @@ def needs_timers(self, when: Optional[PerfCounter]=None) -> bool: # Yup, it's been long enough. # self.logger.debug(f"NEEDS_TIMERS @ {when}: delta {delta}, check") return True - + # self.logger.debug(f"NEEDS_TIMERS @ {when}: delta {delta}, skip") return False @@ -266,7 +266,7 @@ def mark_checked(self, result: bool, when: Optional[PerfCounter]=None) -> None: if not result: self.errors += 1 - + self.last_check = when or time.perf_counter() def mark_timers_logged(self, when: Optional[PerfCounter]=None) -> None: @@ -301,7 +301,7 @@ def dump(self) -> None: for what in [ "incremental", "complete" ]: self.logger.info(f"CACHE: {what} count: {self.counts[what]}") - + self.logger.info(f"CACHE: incrementals outstanding: {self.incrementals_outstanding}") self.logger.info(f"CACHE: incremental checks: {self.checks}, errors {self.errors}") self.logger.info(f"CACHE: last_complete {self.isofmt(self.last_complete, now_pc, now_dt)}") diff --git a/python/ambassador/scout.py b/python/ambassador/scout.py index 45c0fe3e5d..6d0b3e6b38 100644 --- a/python/ambassador/scout.py +++ b/python/ambassador/scout.py @@ -26,7 +26,7 @@ def __init__(self, app, version, install_id=None, :param id_plugin_args: Optional arguments to id_plugin. See below. :param kwargs: Any other keyword arguments will be merged into Scout's metadata. - If an id_plugin is present, it is called with the following parameters: + If an id_plugin is present, it is called with the following parameters: - this Scout instance - the passed-in app name @@ -46,7 +46,7 @@ def __init__(self, app, version, install_id=None, ID. See also Scout.configmap_install_id_plugin, which is an id_plugin that knows how - to use a Kubernetes configmap (scout.config.$app) to store the install ID. + to use a Kubernetes configmap (scout.config.$app) to store the install ID. Scout logs to the datawire.scout logger. It assumes that the logging system is configured to a sane default level, but you can change Scout's debug level with e.g. @@ -271,7 +271,7 @@ def configmap_install_id_plugin(scout, app, map_name=None, namespace="default"): scout.logger.debug("Scout: got install_id %s from map" % install_id) plugin_response = { "install_id": install_id } except OSError as e: - scout.logger.debug("Scout: could not read configmap (map %s, namespace %s): %s" % + scout.logger.debug("Scout: could not read configmap (map %s, namespace %s): %s" % (map_name, namespace, e)) if not install_id: @@ -307,7 +307,7 @@ def configmap_install_id_plugin(scout, app, map_name=None, namespace="default"): else: scout.logger.error("Scout: could not save install_id: {0}, {1}".format(r.status_code, r.text)) except OSError as e: - logging.debug("Scout: could not write configmap (map %s, namespace %s): %s" % + logging.debug("Scout: could not write configmap (map %s, namespace %s): %s" % (map_name, namespace, e)) scout.logger.debug("Scout: plugin_response %s" % json.dumps(plugin_response)) diff --git a/python/ambassador/utils.py b/python/ambassador/utils.py index 199b56b736..3ff0d7cce3 100644 --- a/python/ambassador/utils.py +++ b/python/ambassador/utils.py @@ -151,7 +151,7 @@ def load_url_contents(logger: logging.Logger, url: str, stream2: Optional[TextIO def parse_bool(s: Optional[Union[str, bool]]) -> bool: - """ + """ Parse a boolean value from a string. T, True, Y, y, 1 return True; other things return False. """ diff --git a/python/ambassador_cli/grab_snapshots.py b/python/ambassador_cli/grab_snapshots.py index a4e237ac7a..063104c0f3 100644 --- a/python/ambassador_cli/grab_snapshots.py +++ b/python/ambassador_cli/grab_snapshots.py @@ -56,7 +56,7 @@ def sanitize_snapshot(snapshot: dict): for key in [ 'Deltas', 'Invalid' ]: if key in snapshot: sanitized[key] = snapshot[key] - + # Kube is harder because we need to sanitize Kube secrets. kube_elements = snapshot.get('Kubernetes') diff --git a/python/ambassador_cli/madness.py b/python/ambassador_cli/madness.py index a159920b8b..0caf830e7c 100644 --- a/python/ambassador_cli/madness.py +++ b/python/ambassador_cli/madness.py @@ -16,7 +16,7 @@ class Profiler: def __init__(self): self.pr = cProfile.Profile() - + def __enter__(self) -> None: self.pr.enable() @@ -24,13 +24,13 @@ def __exit__(self, *args) -> None: self.pr.disable() def stats(self) -> OptionalStats: - return pstats.Stats(self.pr).sort_stats("tottime") + return pstats.Stats(self.pr).sort_stats("tottime") class NullProfiler(Profiler): def __init__(self): pass - + def __enter__(self) -> None: pass @@ -39,14 +39,14 @@ def __exit__(self, *args) -> None: def stats(self) -> OptionalStats: return None - + class Madness: def __init__(self, watt_path: Optional[str]=None, yaml_path: Optional[str]=None, logger: Optional[logging.Logger]=None, - secret_handler: Optional[SecretHandler]=None, + secret_handler: Optional[SecretHandler]=None, file_checker: Optional[IRFileChecker]=None) -> None: if not logger: logging.basicConfig( @@ -56,7 +56,7 @@ def __init__(self, ) logger = logging.getLogger('mockery') - + self.logger = logger if not secret_handler: @@ -69,7 +69,7 @@ def __init__(self, self.file_checker = file_checker self.reset_cache() - + self.aconf_timer = Timer("aconf") self.fetcher_timer = Timer("fetcher") self.ir_timer = Timer("ir") @@ -80,7 +80,7 @@ def __init__(self, with self.fetcher_timer: self.fetcher = ResourceFetcher(self.logger, self.aconf) - if watt_path: + if watt_path: self.fetcher.parse_watt(open(watt_path, "r").read()) elif yaml_path: self.fetcher.parse_yaml(open(yaml_path, "r").read(), k8s=True) @@ -109,7 +109,7 @@ def build_ir(self, _cache = self.cache if cache else None _pr = Profiler() if profile else NullProfiler() - + with self.ir_timer: with _pr: ir = IR(self.aconf, cache=_cache, diff --git a/python/ambassador_cli/mockery.py b/python/ambassador_cli/mockery.py index 35ad4ae4eb..f65c07c767 100644 --- a/python/ambassador_cli/mockery.py +++ b/python/ambassador_cli/mockery.py @@ -429,10 +429,10 @@ def main(k8s_yaml_paths: List[str], debug: bool, force_pod_labels: bool, update: logger.info(f"WATT_K8S: {w.snapshot}") hook_ok, any_changes = w.run_hook() - + if not hook_ok: raise Exception("hook failed") - + if any_changes: logger.info(f"======== END ITERATION {iteration}: watches changed!") else: diff --git a/python/ambassador_diag/diagd.py b/python/ambassador_diag/diagd.py index 4ee66b3596..4fab7e541a 100644 --- a/python/ambassador_diag/diagd.py +++ b/python/ambassador_diag/diagd.py @@ -98,7 +98,7 @@ # Check for env var log level if level_name := os.getenv("AES_LOG_LEVEL"): level_number = logging.getLevelName(level_name.upper()) - + if isinstance(level_number, int): level = level_number diff --git a/python/setup.py b/python/setup.py index 89cd723020..cf6a5f191b 100644 --- a/python/setup.py +++ b/python/setup.py @@ -25,7 +25,7 @@ def collect_data_files(dirpath): return [ (subdirpath, - [ os.path.join(subdirpath, filename) + [ os.path.join(subdirpath, filename) for filename in filenames ]) for subdirpath, folders, filenames in os.walk(dirpath) ] @@ -34,7 +34,7 @@ def collect_data_files(dirpath): schema_files = collect_data_files("schemas") kat_files = [ (subdirpath, - [ os.path.join(subdirpath, filename) + [ os.path.join(subdirpath, filename) for filename in filenames if filename.endswith("go") ]) for subdirpath, folders, filenames in os.walk("kat") ] diff --git a/python/tests/test_ambassadorlistener_statsprefix.py b/python/tests/test_ambassadorlistener_statsprefix.py index 08eb8bfebb..2b300b6194 100644 --- a/python/tests/test_ambassadorlistener_statsprefix.py +++ b/python/tests/test_ambassadorlistener_statsprefix.py @@ -136,9 +136,9 @@ def check_listener(listener, envoy_version): print(f"---- Listener @ {port}, {got_count} chain{got_plural}:") - # In this test, we can derive chain counts, protocols, and expected stat_prefix from + # In this test, we can derive chain counts, protocols, and expected stat_prefix from # the port number. Ports 8443 and 8888 do HTTP and HTTPS, so they need two chains. - # Ports < 9000 use HTTP, not TCP. + # Ports < 9000 use HTTP, not TCP. check_info = { 8080: ( "HCM", 1, EnvoyHCMInfo, "ingress_http" ), @@ -156,7 +156,7 @@ def checker(typed_config): econf_foreach_listener_chain( listener, checker, chain_count=chain_count, - need_name=filter_info[envoy_version].name, + need_name=filter_info[envoy_version].name, need_type=filter_info[envoy_version].type) @pytest.mark.compilertest diff --git a/python/tests/unit/test_cluster_options.py b/python/tests/unit/test_cluster_options.py index 84e51c255a..a82ccaa83d 100644 --- a/python/tests/unit/test_cluster_options.py +++ b/python/tests/unit/test_cluster_options.py @@ -57,7 +57,7 @@ def test_logical_dns_type_wrong(): yaml = module_and_mapping_manifests(None, ["dns_type: something_new"]) for v in SUPPORTED_ENVOY_VERSIONS: # The dns type is listed as just "type" - _test_cluster_setting(yaml, setting="type", + _test_cluster_setting(yaml, setting="type", expected="STRICT_DNS", exists=True, envoy_version=v) @pytest.mark.compilertest @@ -66,5 +66,5 @@ def test_logical_dns_type_wrong(): yaml = module_and_mapping_manifests(None, ["dns_type: logical_dns", "resolver: endpoint"]) for v in SUPPORTED_ENVOY_VERSIONS: # The dns type is listed as just "type" - _test_cluster_setting(yaml, setting="type", + _test_cluster_setting(yaml, setting="type", expected="EDS", exists=True, envoy_version=v) diff --git a/python/tests/unit/test_envoy_stats.py b/python/tests/unit/test_envoy_stats.py index 11418d3d7e..ecaa020e0a 100644 --- a/python/tests/unit/test_envoy_stats.py +++ b/python/tests/unit/test_envoy_stats.py @@ -66,8 +66,8 @@ def test_levels(): # This one may be a bit more fragile than we'd like. esm.update() assert esm.loginfo == { - 'error': [ 'admin', 'aws', 'assert', 'backtrace', 'cache_filter', - 'client', 'config', 'connection', 'conn_handler', + 'error': [ 'admin', 'aws', 'assert', 'backtrace', 'cache_filter', + 'client', 'config', 'connection', 'conn_handler', 'decompression', 'envoy_bug', 'ext_authz', 'rocketmq', 'file', 'filter', 'forward_proxy', 'grpc', 'hc', 'health_checker', 'http', 'http2', 'hystrix', 'init', 'io', 'jwt', 'kafka', diff --git a/python/tests/unit/test_reconfig_stats.py b/python/tests/unit/test_reconfig_stats.py index 93dc36a3fd..78cd45ff09 100644 --- a/python/tests/unit/test_reconfig_stats.py +++ b/python/tests/unit/test_reconfig_stats.py @@ -24,7 +24,7 @@ def test_reconfig_stats(): logger.setLevel(logging.DEBUG) r = ReconfigStats( - logger, + logger, max_incr_between_checks=5, max_time_between_checks=20, max_config_between_timers=2, From e4703a2872164d3e7b175b0d2b5f89dc2df0252e Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Mon, 4 Oct 2021 16:53:14 -0600 Subject: [PATCH 3/5] CHANGELOG.tpl: Add a comment to make the function clearer Signed-off-by: Luke Shumaker --- CHANGELOG.md | 2 +- docs/CHANGELOG.tpl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b5f831a9c..f5d9c67df0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,7 +55,7 @@ the default for all 1.X releases of Emissary-ingress. This change is being made the original Envay `regex` matcher was [deprecated in favor of safe_regex] in Envoy v1.12.0, then removed entirely from the Envoy V3 APIs. Additionally, setting -[max_program_size was deprecated] in Envoy v1.15.0. As such, `regex_type: unsafe` and setting +[max_program_size was deprecated] in Envoy v1.15.0. As such, `regex_type: unsafe` and setting `regex_max_size` are no longer supported unless `AMBASSADOR_ENVOY_API_VERSION` is set to `V2`. Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto.html) for more information. diff --git a/docs/CHANGELOG.tpl b/docs/CHANGELOG.tpl index 5ec21ab7ab..17fd9499b9 100644 --- a/docs/CHANGELOG.tpl +++ b/docs/CHANGELOG.tpl @@ -1,4 +1,4 @@ -# CHANGELOG -- this is a GENERATED FILE, edit docs/releaseNotes.yml and "make generate" to change. +# CHANGELOG -- this is {{/* NOT */}}a GENERATED FILE, edit docs/releaseNotes.yml and "make generate" to change. ## EMISSARY-INGRESS and AMBASSADOR EDGE STACK @@ -55,7 +55,7 @@ the default for all 1.X releases of Emissary-ingress. This change is being made the original Envay `regex` matcher was [deprecated in favor of safe_regex] in Envoy v1.12.0, then removed entirely from the Envoy V3 APIs. Additionally, setting -[max_program_size was deprecated] in Envoy v1.15.0. As such, `regex_type: unsafe` and setting +[max_program_size was deprecated] in Envoy v1.15.0. As such, `regex_type: unsafe` and setting `regex_max_size` are no longer supported unless `AMBASSADOR_ENVOY_API_VERSION` is set to `V2`. Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto.html) for more information. From dbb456a148f02b805efac298776eb4f92300ab51 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Mon, 4 Oct 2021 18:26:41 -0600 Subject: [PATCH 4/5] CHANGELOG.tpl: Fix the header levels Signed-off-by: Luke Shumaker --- CHANGELOG.md | 30 +++++++++++++++--------------- docs/CHANGELOG.tpl | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f5d9c67df0..012368142b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -88,7 +88,7 @@ larger installations, reduce global configuration to better handle multitenant o multiorganizational installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on Slack and let us know what you think. -## Emissary-ingress +### Emissary-ingress - Change: The `x.getambassador.io/v3alpha1` API version has become the `getambassador.io/v3alpha1` API version. The `Ambassador-` prefixes from `x.getambassador.io/v3alpha1` resources have been removed @@ -113,7 +113,7 @@ installations, reduce global configuration to better handle multitenant or multi installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on Slack and let us know what you think. -## Emissary-ingress +### Emissary-ingress - Feature: The environment variable `AES_LOG_LEVEL` now also sets the log level for the `diagd` logger. ([#3686]) ([#3666]) @@ -136,7 +136,7 @@ installations, reduce global configuration to better handle multitenant or multi installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on Slack and let us know what you think. -## Emissary-ingress +### Emissary-ingress - Bugfix: Upgraded envoy to 1.17.4 to address security vulnerabilities CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, and CVE-2021-32781. @@ -157,7 +157,7 @@ installations, reduce global configuration to better handle multitenant or multi installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on Slack and let us know what you think. -## Emissary-ingress +### Emissary-ingress - Feature: Ambassador Agent reports sidecar process information and `AmbassadorMapping` OpenAPI documentation to Ambassador Cloud to provide more visibility into services and clusters. @@ -188,7 +188,7 @@ installations, reduce global configuration to better handle multitenant or multi installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on Slack and let us know what you think. -## Emissary-ingress +### Emissary-ingress - Feature: Emissary-ingress 2.0.0 introduces API version `x.getambassador.io/v3alpha1` for configuration changes that are not backwards compatible with the 1.X family. API versions @@ -260,7 +260,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.14.2] 2021-09-27 [1.14.2]: https://github.com/emissary-ingress/emissary/releases/v1.14.2 -## Emissary-ingress +### Emissary-ingress - Feature: You can now set `respect_dns_ttl` to `true` to force the DNS refresh rate for a `Mapping` to be set to the record's TTL obtained from DNS resolution. @@ -274,7 +274,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.14.1] 2021-08-24 [1.14.1]: https://github.com/emissary-ingress/emissary/releases/v1.14.1 -## Emissary-ingress +### Emissary-ingress - Change: Upgraded envoy to 1.17.4 to address security vulnerabilities CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, and CVE-2021-32781. @@ -282,7 +282,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.14.0] 2021-08-19 [1.14.0]: https://github.com/emissary-ingress/emissary/releases/v1.14.0 -## Emissary-ingress +### Emissary-ingress - Change: Upgraded Envoy from 1.15 to 1.17.3, see the Envoy @@ -299,7 +299,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.13.10] 2021-07-27 [1.13.10]: https://github.com/emissary-ingress/emissary/releases/v1.13.10 -## Emissary-ingress +### Emissary-ingress - Bugfix: Fixed a regression when specifying a comma separated string for `cors.origins` on the `Mapping` resource @@ -315,7 +315,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.13.9] 2021-06-30 [1.13.9]: https://github.com/emissary-ingress/emissary/releases/v1.13.9 -## Emissary-ingress +### Emissary-ingress - Bugfix: Fixed a bug which caused Emissary-ingress to generate invalid Envoy configuration when two TCPMappings were deployed with the same port, but different host. @@ -323,7 +323,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.13.8] 2021-06-08 [1.13.8]: https://github.com/emissary-ingress/emissary/releases/v1.13.8 -## Emissary-ingress +### Emissary-ingress - Bugfix: Fixed a bug that occasionally caused missing version information for a service in the Ambassador Service Catalog, especially in clusters with high pod churn. @@ -334,7 +334,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.13.7] 2021-06-03 [1.13.7]: https://github.com/emissary-ingress/emissary/releases/v1.13.7 -## Emissary-ingress +### Emissary-ingress - Feature: An `AMBASSADOR_JSON_LOGGING` environment variable has been added. When set to `true` JSON format will be used for most of the control plane logs. Some (but few) logs from `gunicorn` and the @@ -351,7 +351,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.13.6] 2021-05-24 [1.13.6]: https://github.com/emissary-ingress/emissary/releases/v1.13.6 -## Emissary-ingress +### Emissary-ingress - Bugfix: Fixed a regression where Ambassador snapshot data was logged at the INFO label when using `AMBASSADOR_LEGACY_MODE=true`. @@ -359,7 +359,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.13.5] 2021-05-13 [1.13.5]: https://github.com/emissary-ingress/emissary/releases/v1.13.5 -## Emissary-ingress +### Emissary-ingress - Bugfix: Fix a regression from 1.8.0 that prevented `ambassador` `Module` config keys `proper_case` and `preserve_external_request_id` from working correctly. @@ -370,7 +370,7 @@ installations, reduce memory footprint, and improve performance. We welcome feed ## [1.13.4] 2021-05-13 [1.13.4]: https://github.com/emissary-ingress/emissary/releases/v1.13.4 -## Emissary-ingress +### Emissary-ingress - Security: Emissary-ingress has been updated to Envoy 1.15.5, which addresses a high severity security vulnerability (CVE-2021-29492). Emissary-ingress can now be configured to reject client requests diff --git a/docs/CHANGELOG.tpl b/docs/CHANGELOG.tpl index 17fd9499b9..91ce3b6277 100644 --- a/docs/CHANGELOG.tpl +++ b/docs/CHANGELOG.tpl @@ -87,7 +87,7 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest {{ .body | strings.ReplaceAll "$productName$" "Emissary-ingress" | strings.ReplaceAll "" "_" | strings.ReplaceAll "" "_" | strings.ReplaceAll "" "`" | strings.ReplaceAll "" "`" | strings.WordWrap 98 }} {{- end }}{{ end }}{{ end }} -## Emissary-ingress +### Emissary-ingress {{ range .notes -}}{{ if not (index . "isHeadline") }} - {{ .type | strings.Title }}: {{ .body | strings.ReplaceAll "$productName$" "Emissary-ingress" | strings.ReplaceAll "" "_" | strings.ReplaceAll "" "_" | strings.ReplaceAll "" "`" | strings.ReplaceAll "" "`" | strings.WordWrap 98 "\n " }}{{ if index . "github" }}{{ range .github }} ([{{.title}}]){{ end }}{{ end }} {{ end }}{{ end }}{{ $anyGitLinks := false }}{{ range .notes -}}{{- if index . "github" -}}{{- range .github }}{{ $anyGitLinks = true }} From 8bf81961179cb359088ce9e4a0967948de9fff66 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Mon, 4 Oct 2021 17:03:39 -0600 Subject: [PATCH 5/5] Fix the change in how we handle case-insensitive headers This was originally done in the commit pair 7aa61e09d (yank deprecated config option, 2021-08-18) and 38c7f8fa0 (v3 api needs ignore_case specified for ext_authz headers, 2021-08-18) by Aidan in release/v1.14, and rebased/cherry-picked on to release/v2.0 as 041f44e7d and bd39b6daf by Flynn. However, as discussed with Flynn earlier today, there are two things wrong: 1. It missed a few cases where it needed to add ignore_case. 2. It left in a comment about a line of code that no longer exists; we've removed the code, let's remove the comment. I did not run with KAT_RUN_MODE=envoy to update the gold files, I simply ran git grep -l '"exact"' python/tests/gold/ | \ xargs sed -ri 's/^(\s*)"exact": ".*"$/&,\n\1"ignore_case": true/' and then rolled back the 'globalcorstest' and 'plain' econf.jsons. Signed-off-by: Luke Shumaker --- python/ambassador/envoy/v2/v2httpfilter.py | 4 +- python/ambassador/envoy/v3/v3bootstrap.py | 5 - python/ambassador/envoy/v3/v3config.py | 5 - python/ambassador/envoy/v3/v3httpfilter.py | 4 +- .../snapshots/econf.json | 264 ++++++++----- .../snapshots/econf.json | 312 ++++++++++------ .../snapshots/econf.json | 240 ++++++++---- .../snapshots/econf.json | 264 ++++++++----- .../authenticationtest/snapshots/econf.json | 348 ++++++++++++------ .../authenticationtestv1/snapshots/econf.json | 324 ++++++++++------ .../snapshots/econf.json | 228 ++++++++---- .../snapshots/econf.json | 240 ++++++++---- 12 files changed, 1484 insertions(+), 754 deletions(-) diff --git a/python/ambassador/envoy/v2/v2httpfilter.py b/python/ambassador/envoy/v2/v2httpfilter.py index ed6bf83d94..fcfefa5cb0 100644 --- a/python/ambassador/envoy/v2/v2httpfilter.py +++ b/python/ambassador/envoy/v2/v2httpfilter.py @@ -275,12 +275,12 @@ def V2HTTPFilter_authv1(auth: IRAuth, v2config: 'V2Config'): }) for key in list(set(auth.allowed_authorization_headers).union(AllowedAuthorizationHeaders)): - allowed_authorization_headers.append({"exact": key}) + allowed_authorization_headers.append({"exact": key, "ignore_case": True}) allowed_request_headers = [] for key in list(set(auth.allowed_request_headers).union(AllowedRequestHeaders)): - allowed_request_headers.append({"exact": key}) + allowed_request_headers.append({"exact": key, "ignore_case": True}) if auth.get('add_linkerd_headers', False): svc = Service(auth.ir.logger, auth_cluster_uri(auth, cluster)) diff --git a/python/ambassador/envoy/v3/v3bootstrap.py b/python/ambassador/envoy/v3/v3bootstrap.py index 8cd6c25ef9..4933a3c8de 100644 --- a/python/ambassador/envoy/v3/v3bootstrap.py +++ b/python/ambassador/envoy/v3/v3bootstrap.py @@ -48,11 +48,6 @@ def __init__(self, config: 'V3Config') -> None: { 'name': 'static_layer', 'static_layer': { - # Envoy 1.14.1 disabled the use of lowercase string matcher for headers matching in HTTP-based. - # Following setting toggled it to be consistent with old behavior. - # AuthenticationTest (v0) is a good example that expects the old behavior. - # UPDATE: removed when migrating to envoy 1.17 as the config option deprecated - 'envoy.reloadable_features.enable_deprecated_v2_api': True, 're2.max_program_size.error_level': 200, } diff --git a/python/ambassador/envoy/v3/v3config.py b/python/ambassador/envoy/v3/v3config.py index 47ad444f10..9d48dfdab9 100644 --- a/python/ambassador/envoy/v3/v3config.py +++ b/python/ambassador/envoy/v3/v3config.py @@ -91,11 +91,6 @@ def split_config(self) -> Tuple[Dict[str, Any], Dict[str, Any], Dict[str, 'Clust { 'name': 'static_layer', 'static_layer': { - # Envoy 1.14.1 disabled the use of lowercase string matcher for headers matching in HTTP-based. - # Following setting toggled it to be consistent with old behavior. - # AuthenticationTest (v0) is a good example that expects the old behavior. - # UPDATE: removed when migrating to envoy 1.17 as the config option was deprecated - 'envoy.reloadable_features.enable_deprecated_v2_api': True, 're2.max_program_size.error_level': 200, } diff --git a/python/ambassador/envoy/v3/v3httpfilter.py b/python/ambassador/envoy/v3/v3httpfilter.py index e960fd6974..79120dee5a 100644 --- a/python/ambassador/envoy/v3/v3httpfilter.py +++ b/python/ambassador/envoy/v3/v3httpfilter.py @@ -293,12 +293,12 @@ def V3HTTPFilter_authv1(auth: IRAuth, v3config: 'V3Config'): }) for key in list(set(auth.allowed_authorization_headers).union(AllowedAuthorizationHeaders)): - allowed_authorization_headers.append({"exact": key}) + allowed_authorization_headers.append({"exact": key, "ignore_case": True}) allowed_request_headers = [] for key in list(set(auth.allowed_request_headers).union(AllowedRequestHeaders)): - allowed_request_headers.append({"exact": key}) + allowed_request_headers.append({"exact": key, "ignore_case": True}) if auth.get('add_linkerd_headers', False): svc = Service(auth.ir.logger, auth_cluster_uri(auth, cluster)) diff --git a/python/tests/gold/authenticationheaderrouting/snapshots/econf.json b/python/tests/gold/authenticationheaderrouting/snapshots/econf.json index eb94fc8be9..da7b54819a 100644 --- a/python/tests/gold/authenticationheaderrouting/snapshots/econf.json +++ b/python/tests/gold/authenticationheaderrouting/snapshots/econf.json @@ -165,28 +165,36 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -196,50 +204,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] } @@ -543,28 +565,36 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -574,50 +604,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] } @@ -941,28 +985,36 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -972,50 +1024,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] } @@ -1319,28 +1385,36 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1350,50 +1424,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-auth-route" + "exact": "x-auth-route", + "ignore_case": true } ] } diff --git a/python/tests/gold/authenticationhttpbufferedtest/snapshots/econf.json b/python/tests/gold/authenticationhttpbufferedtest/snapshots/econf.json index f5a9531963..2750f1359e 100644 --- a/python/tests/gold/authenticationhttpbufferedtest/snapshots/econf.json +++ b/python/tests/gold/authenticationhttpbufferedtest/snapshots/econf.json @@ -162,46 +162,60 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-cookie" + "exact": "requested-cookie", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -216,44 +230,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -586,46 +612,60 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-cookie" + "exact": "requested-cookie", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -640,44 +680,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -1030,46 +1082,60 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-cookie" + "exact": "requested-cookie", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1084,44 +1150,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -1454,46 +1532,60 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-cookie" + "exact": "requested-cookie", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1508,44 +1600,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } diff --git a/python/tests/gold/authenticationhttpfailuremodeallowtest/snapshots/econf.json b/python/tests/gold/authenticationhttpfailuremodeallowtest/snapshots/econf.json index 0ea129ed29..d90872dc36 100644 --- a/python/tests/gold/authenticationhttpfailuremodeallowtest/snapshots/econf.json +++ b/python/tests/gold/authenticationhttpfailuremodeallowtest/snapshots/econf.json @@ -156,34 +156,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -193,38 +203,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -475,34 +495,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -512,38 +542,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -814,34 +854,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -851,38 +901,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -1133,34 +1193,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1170,38 +1240,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } diff --git a/python/tests/gold/authenticationhttppartialbuffertest/snapshots/econf.json b/python/tests/gold/authenticationhttppartialbuffertest/snapshots/econf.json index 507387526c..30280fd315 100644 --- a/python/tests/gold/authenticationhttppartialbuffertest/snapshots/econf.json +++ b/python/tests/gold/authenticationhttppartialbuffertest/snapshots/econf.json @@ -155,34 +155,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -197,44 +207,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -488,34 +510,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -530,44 +562,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -841,34 +885,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -883,44 +937,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -1174,34 +1240,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1216,44 +1292,56 @@ "allowed_client_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "auth-request-body" + "exact": "auth-request-body", + "ignore_case": true }, { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } diff --git a/python/tests/gold/authenticationtest/snapshots/econf.json b/python/tests/gold/authenticationtest/snapshots/econf.json index a7f12cf876..bb017c1963 100644 --- a/python/tests/gold/authenticationtest/snapshots/econf.json +++ b/python/tests/gold/authenticationtest/snapshots/econf.json @@ -137,43 +137,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-location" + "exact": "requested-location", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -183,56 +196,72 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -482,43 +511,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-location" + "exact": "requested-location", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -528,56 +570,72 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -847,43 +905,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-location" + "exact": "requested-location", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -893,56 +964,72 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -1192,43 +1279,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-location" + "exact": "requested-location", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1238,56 +1338,72 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } diff --git a/python/tests/gold/authenticationtestv1/snapshots/econf.json b/python/tests/gold/authenticationtestv1/snapshots/econf.json index f93ce24940..6b978299bd 100644 --- a/python/tests/gold/authenticationtestv1/snapshots/econf.json +++ b/python/tests/gold/authenticationtestv1/snapshots/econf.json @@ -148,43 +148,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -199,50 +212,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -551,43 +578,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -602,50 +642,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -974,43 +1028,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1025,50 +1092,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } @@ -1377,43 +1458,56 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-bar" + "exact": "x-bar", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1428,50 +1522,64 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "extauth" + "exact": "extauth", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true }, { - "exact": "x-foo" + "exact": "x-foo", + "ignore_case": true } ] } diff --git a/python/tests/gold/authenticationwebsockettest/snapshots/econf.json b/python/tests/gold/authenticationwebsockettest/snapshots/econf.json index 05d75a220b..0b0eafb95e 100644 --- a/python/tests/gold/authenticationwebsockettest/snapshots/econf.json +++ b/python/tests/gold/authenticationwebsockettest/snapshots/econf.json @@ -137,31 +137,40 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -171,38 +180,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -466,31 +485,40 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -500,38 +528,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -815,31 +853,40 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -849,38 +896,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -1144,31 +1201,40 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1178,38 +1244,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } diff --git a/python/tests/gold/tracingexternalauthtest/snapshots/econf.json b/python/tests/gold/tracingexternalauthtest/snapshots/econf.json index ada11238fd..b10bc37233 100644 --- a/python/tests/gold/tracingexternalauthtest/snapshots/econf.json +++ b/python/tests/gold/tracingexternalauthtest/snapshots/econf.json @@ -166,34 +166,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -203,38 +213,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -490,34 +510,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -527,38 +557,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -834,34 +874,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -871,38 +921,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] } @@ -1158,34 +1218,44 @@ "allowed_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "cookie" + "exact": "cookie", + "ignore_case": true }, { - "exact": "from" + "exact": "from", + "ignore_case": true }, { - "exact": "proxy-authorization" + "exact": "proxy-authorization", + "ignore_case": true }, { - "exact": "requested-header" + "exact": "requested-header", + "ignore_case": true }, { - "exact": "requested-status" + "exact": "requested-status", + "ignore_case": true }, { - "exact": "user-agent" + "exact": "user-agent", + "ignore_case": true }, { - "exact": "x-forwarded-for" + "exact": "x-forwarded-for", + "ignore_case": true }, { - "exact": "x-forwarded-host" + "exact": "x-forwarded-host", + "ignore_case": true }, { - "exact": "x-forwarded-proto" + "exact": "x-forwarded-proto", + "ignore_case": true } ] }, @@ -1195,38 +1265,48 @@ "allowed_client_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }, "allowed_upstream_headers": { "patterns": [ { - "exact": "authorization" + "exact": "authorization", + "ignore_case": true }, { - "exact": "location" + "exact": "location", + "ignore_case": true }, { - "exact": "proxy-authenticate" + "exact": "proxy-authenticate", + "ignore_case": true }, { - "exact": "set-cookie" + "exact": "set-cookie", + "ignore_case": true }, { - "exact": "www-authenticate" + "exact": "www-authenticate", + "ignore_case": true } ] }