Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: basic auth impl #2224

Merged
merged 2 commits into from
Nov 28, 2023
Merged

feat: basic auth impl #2224

merged 2 commits into from
Nov 28, 2023

Conversation

zhaohuabing
Copy link
Member

@zhaohuabing zhaohuabing commented Nov 20, 2023
edited
Loading

Related to: #1660

close #2226

@saltbo

@zhaohuabing zhaohuabing requested a review from a team as a code owner November 20, 2023 20:27
@codecov Codecov
Copy link

codecov bot commented Nov 20, 2023
edited
Loading

Codecov Report

Attention: 179 lines in your changes are missing coverage. Please review.

Comparison is base (571f8bf) 64.49% compared to head (237b964) 64.22%.

Files Patch % Lines
internal/provider/kubernetes/controller.go 0.00% 77 Missing ⚠️
internal/xds/translator/basicauth.go 56.31% 31 Missing and 14 partials ⚠️
internal/ir/zz_generated.deepcopy.go 0.00% 18 Missing and 1 partial ⚠️
internal/gatewayapi/securitypolicy.go 60.97% 11 Missing and 5 partials ⚠️
internal/xds/translator/utils.go 48.27% 11 Missing and 4 partials ⚠️
internal/ir/xds.go 0.00% 2 Missing and 1 partial ⚠️
internal/xds/translator/oidc.go 50.00% 0 Missing and 2 partials ⚠️
internal/xds/translator/httpfilters.go 80.00% 1 Missing ⚠️
internal/xds/translator/jwt.go 75.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2224      +/-   ##
==========================================
- Coverage   64.49%   64.22%   -0.27%     
==========================================
  Files         111      112       +1     
  Lines       15482    15668     +186     
==========================================
+ Hits         9985    10063      +78     
- Misses       4881     4964      +83     
- Partials      616      641      +25

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@zhaohuabing zhaohuabing marked this pull request as draft November 20, 2023 22:38
@zhaohuabing zhaohuabing marked this pull request as ready for review November 22, 2023 11:58
@zhaohuabing
Copy link
Member Author

/retest

arkodg
arkodg reviewed Nov 22, 2023
View reviewed changes
internal/ir/xds.go Outdated Show resolved Hide resolved
arkodg
arkodg reviewed Nov 22, 2023
View reviewed changes
internal/xds/translator/basicauth.go
return perRouteFilterName(basicAuthFilter, route.Name)
}

func basicAuthConfig(route *ir.HTTPRoute) *basicauthv3.BasicAuth {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldnt we be sending the data via SDS ?

Copy link
Member Author

@zhaohuabing zhaohuabing Nov 23, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The password is hashed and the user list is annotated as sensitive data, so it won't be exposed to Envoy config dump.

"http_filters": [
           {
            "name": "envoy.filters.http.basic_auth",
            "typed_config": {
             "@type": "type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuth",
             "users": {
              "inline_string": "[redacted]"
             }
            }
           },

message BasicAuth {
  // Username-password pairs used to verify user credentials in the "Authorization" header.
  // The value needs to be the htpasswd format.
  // Reference to https://httpd.apache.org/docs/2.4/programs/htpasswd.html
  config.core.v3.DataSource users = 1 [(udpa.annotations.sensitive) = true];
}

[(udpa.annotations.sensitive) = true] to denote sensitive fields that should be redacted in output such as logging or configuration dumps.

@zhaohuabing
basic auth impl
d7fd3fb 
Signed-off-by: huabing zhao <[email protected]>

add referenced secrets to resource

Signed-off-by: huabing zhao <[email protected]>

change string to []byte

Signed-off-by: huabing zhao <[email protected]>
@zhaohuabing zhaohuabing force-pushed the basic-auth-impl branch 7 times, most recently from 7574319 to f8258db Compare November 23, 2023 10:26
@zhaohuabing
Copy link
Member Author

/retest

@zhaohuabing zhaohuabing force-pushed the basic-auth-impl branch 2 times, most recently from 9d90711 to ccc69cb Compare November 23, 2023 11:52
@zhaohuabing
e2e test
237b964 
Signed-off-by: huabing zhao <[email protected]>
@zhaohuabing zhaohuabing requested review from arkodg and zirain November 23, 2023 12:12
arkodg
arkodg approved these changes Nov 27, 2023
View reviewed changes
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@zirain zirain merged commit f4f45be into envoyproxy:main Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zirain zirain zirain approved these changes

@arkodg arkodg arkodg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Basic Auth e2e test
3 participants
@zhaohuabing @zirain @arkodg