Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allowing the usage of authenticated http proxies for https #6371

Merged
merged 2 commits into from
Sep 25, 2024
Merged

fix: allowing the usage of authenticated http proxies for https #6371

merged 2 commits into from
Sep 25, 2024

Conversation

manusa
Copy link
Member

@manusa manusa commented Sep 24, 2024
edited
Loading

Description

Precedes (or supersedes) #6352
Fixes #6350

This is an adaptation of #6352 with no breaking changes.

We can go forward with the changes in the HttpClient interfaces for proxy authorization credentials once this one is merged.

Please @shawkins, check everything aligns with the expected fix.

/cc @cescoffier

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • Feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change
  • Chore (non-breaking change which doesn't affect codebase;
    test, version modification, documentation, etc.)

Checklist

  • Code contributed by me aligns with current project license: Apache 2.0
  • I Added CHANGELOG entry regarding this change
  • I have implemented unit tests to cover my changes
  • I have added/updated the javadocs and other documentation accordingly
  • No new bugs, code smells, etc. in SonarCloud report
  • I tested my code in Kubernetes
  • I tested my code in OpenShift

@manusa manusa added this to the 7.0.0 milestone Sep 24, 2024 — with automated-tasks
@manusa manusa mentioned this pull request Sep 24, 2024
Closed
9 tasks
@shawkins
Copy link
Contributor

Please @shawkins, check everything aligns with the expected fix.

Just a couple of thoughts - if anyone is using non-basic proxy authorization with Jetty or vert.x these changes will break that - you'll have to add back the usage of the built-in header interceptor for that to work. It would also be good to document the difference in support that Jetty and vert.x don't support non-basic http proxy authorization with https endpoints.

I'm also looking at the vertx implementation to see how easy of a fix it would be for it to consider the current header values when making the connect request. It is possible, but without changes in Netty it will report the wrong auth scheme in logging / exceptions.

Beyond the scope of the http proxy case, the header based strategy doesn't work for socks4/5 (socks5 is talked about in the kube docs https://kubernetes.io/docs/tasks/extend-kubernetes/socks5-proxy-access-api/). For username/password authentication to work there for okhttp and jdk, we'll need to utilize their respective built-in support for authentication.

@manusa manusa force-pushed the fix/authenticated-https-proxy branch from 8cdfb77 to 96076fa Compare September 24, 2024 14:28
@shawkins shawkins mentioned this pull request Sep 24, 2024
Open
@manusa
Copy link
Member Author

manusa commented Sep 24, 2024

This should be good to go now.
It preserves the previous behavior for non-basic proxy authorization headers, in addition to including the fix for Jetty and Vert.x to be able to use basic authorization within the proxy.

Further changes in the 7.x.x release are covered in the scope of #6373 and #6372.

shawkins
shawkins requested changes Sep 24, 2024
View reviewed changes
Copy link
Contributor

@shawkins shawkins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just one small clean up.

httpclient-jetty/src/main/java/io/fabric8/kubernetes/client/jetty/JettyHttpClientBuilder.java Outdated Show resolved Hide resolved
@shawkins shawkins mentioned this pull request Sep 24, 2024
Closed
11 tasks
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
48.6% Coverage on New Code (required ≥ 80%)

See analysis details on SonarCloud

@manusa manusa merged commit 7672708 into fabric8io:main Sep 25, 2024
20 of 21 checks passed
@manusa manusa deleted the fix/authenticated-https-proxy branch September 25, 2024 05:26
@cescoffier
Copy link

Awesome! Thanks!

@manusa manusa modified the milestones: 7.0.0, 6.13.4 Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shawkins shawkins shawkins requested changes

@oscerd oscerd oscerd approved these changes

@rohanKanojia rohanKanojia Awaiting requested review from rohanKanojia rohanKanojia is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
6.13.4
Development

Successfully merging this pull request may close these issues.

Proxy authentication does not work with vertx client and https endpoint
4 participants
@manusa @shawkins @cescoffier @oscerd