From 16c4f91a1f0819ca1e04671118b5fd3e3b84c05b Mon Sep 17 00:00:00 2001 From: "radoslaw.chrzanowski" Date: Fri, 22 Dec 2023 13:13:48 +0100 Subject: [PATCH 1/3] normalize path --- .../resource/listeners/filters/HttpConnectionManagerFactory.kt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt index 336ecc73d..260114ff4 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt @@ -66,6 +66,8 @@ class HttpConnectionManagerFactory( .setUseRemoteAddress(BoolValue.newBuilder().setValue(listenersConfig.useRemoteAddress).build()) .setDelayedCloseTimeout(Duration.newBuilder().setSeconds(0).build()) .setCommonHttpProtocolOptions(httpProtocolOptions) + .setNormalizePath(BoolValue.newBuilder().setValue(true).build()) + .setMergeSlashes(true) .setCodecType(HttpConnectionManager.CodecType.AUTO) .setHttpProtocolOptions(ingressHttp1ProtocolOptions(group.serviceName)) if (listenersConfig.useRemoteAddress) { From e883a8ef44df5aa085fe16ec40d7ea79a5204cab Mon Sep 17 00:00:00 2001 From: "radoslaw.chrzanowski" Date: Fri, 22 Dec 2023 13:40:38 +0100 Subject: [PATCH 2/3] only merge --- .../resource/listeners/filters/HttpConnectionManagerFactory.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt index 260114ff4..eaa70638f 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/HttpConnectionManagerFactory.kt @@ -66,7 +66,6 @@ class HttpConnectionManagerFactory( .setUseRemoteAddress(BoolValue.newBuilder().setValue(listenersConfig.useRemoteAddress).build()) .setDelayedCloseTimeout(Duration.newBuilder().setSeconds(0).build()) .setCommonHttpProtocolOptions(httpProtocolOptions) - .setNormalizePath(BoolValue.newBuilder().setValue(true).build()) .setMergeSlashes(true) .setCodecType(HttpConnectionManager.CodecType.AUTO) .setHttpProtocolOptions(ingressHttp1ProtocolOptions(group.serviceName)) From efd92f861486e379bd8b1735520556912685337e Mon Sep 17 00:00:00 2001 From: "radoslaw.chrzanowski" Date: Fri, 22 Dec 2023 13:43:02 +0100 Subject: [PATCH 3/3] Revert "block some status endpoints (#403)" This reverts commit 7558272d90ae548ece61860978ce7d871d30ce52. --- .../envoycontrol/snapshot/SnapshotProperties.kt | 1 - .../listeners/filters/RBACFilterFactory.kt | 16 ++-------------- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt index 5839041c9..0a2c76202 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt @@ -214,7 +214,6 @@ class AdminRouteProperties { class StatusRouteProperties { var enabled = false var endpoints: MutableList = mutableListOf() - var blockedStatusEndpoints: MutableList = mutableListOf() var createVirtualCluster = false } diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/RBACFilterFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/RBACFilterFactory.kt index df93f9140..572d7ad0c 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/RBACFilterFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/RBACFilterFactory.kt @@ -275,22 +275,13 @@ class RBACFilterFactory( private fun createStatusRoutePolicy(statusRouteProperties: StatusRouteProperties): Map { return if (statusRouteProperties.enabled) { - val notRules = statusRouteProperties.blockedStatusEndpoints.map { - rBACFilterPermissions.createPathPermission( - path = it.path, - matchingType = it.matchingType - ).build() - } val permissions = statusRouteProperties.endpoints .map { - val permission = rBACFilterPermissions.createPathPermission( + rBACFilterPermissions.createPathPermission( path = it.path, matchingType = it.matchingType - ) - notRules.forEach { permission.setNotRule(it) } - permission.build() + ).build() } - val policy = Policy.newBuilder() .addPrincipals(anyPrincipal) .addPermissions(anyOf(permissions)) @@ -377,18 +368,15 @@ class RBACFilterFactory( principal ) ) - OAuth.Policy.STRICT -> mergePrincipals( listOf( strictPolicyPrincipal, principal ) ) - OAuth.Policy.ALLOW_MISSING_OR_FAILED -> { principal } - null -> { principal }