Remove AllowPrivateNetworkAccess since it's not a common knob

Signed-off-by: huabing zhao <[email protected]>
envoyproxy · Oct 22, 2023 · fa3b523 · fa3b523
1 parent 755b032
commit fa3b523
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 20 deletions.
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
@@ -328,10 +328,6 @@ type Cors struct {
 	ExposeHeaders []string `json:"exposeHeaders,omitempty" yaml:"exposeHeaders,omitempty"`
 	// MaxAge defines how long the results of a preflight request can be cached.
 	MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"`
-	// AllowPrivateNetwork defines whether allow whose target server’s IP address
-	// is more private than that from which the request initiator was fetched.
-	// Defaults to false.
-	AllowPrivateNetworkAccess bool `json:"allowPrivateNetwork,omitempty" yaml:"allowPrivateNetwork,omitempty"`
 }
 
 // Validate the fields within the HTTPRoute structure

diff --git a/internal/xds/translator/cors.go b/internal/xds/translator/cors.go
@@ -109,13 +109,12 @@ func patchRouteWithCorsConfig(route *routev3.Route, irRoute *ir.HTTPRoute) error
 	}
 
 	var (
-		allowOrigins              []*matcherv3.StringMatcher
-		allowMethods              string
-		allowHeaders              string
-		exposeHeaders             string
-		maxAge                    string
-		allowCredentials          *wrappers.BoolValue
-		allowPrivateNetworkAccess *wrappers.BoolValue
+		allowOrigins     []*matcherv3.StringMatcher
+		allowMethods     string
+		allowHeaders     string
+		exposeHeaders    string
+		maxAge           string
+		allowCredentials *wrappers.BoolValue
 	)
 
 	//nolint:gocritic
@@ -128,16 +127,14 @@ func patchRouteWithCorsConfig(route *routev3.Route, irRoute *ir.HTTPRoute) error
 	allowHeaders = strings.Join(irRoute.Cors.AllowHeaders, ", ")
 	exposeHeaders = strings.Join(irRoute.Cors.ExposeHeaders, ", ")
 	maxAge = strconv.Itoa(int(irRoute.Cors.MaxAge.Seconds()))
-	allowPrivateNetworkAccess = &wrappers.BoolValue{Value: irRoute.Cors.AllowPrivateNetworkAccess}
 
 	routeCfgProto := &corsv3.CorsPolicy{
-		AllowOriginStringMatch:    allowOrigins,
-		AllowMethods:              allowMethods,
-		AllowHeaders:              allowHeaders,
-		ExposeHeaders:             exposeHeaders,
-		MaxAge:                    maxAge,
-		AllowCredentials:          allowCredentials,
-		AllowPrivateNetworkAccess: allowPrivateNetworkAccess,
+		AllowOriginStringMatch: allowOrigins,
+		AllowMethods:           allowMethods,
+		AllowHeaders:           allowHeaders,
+		ExposeHeaders:          exposeHeaders,
+		MaxAge:                 maxAge,
+		AllowCredentials:       allowCredentials,
 	}
 
 	routeCfgAny, err := anypb.New(routeCfgProto)

diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.routes.yaml
@@ -19,6 +19,5 @@
           - safeRegex:
               regex: '*.example.com'
           - exact: foo.bar.com
-          allowPrivateNetworkAccess: false
           exposeHeaders: x-header-3, x-header-4
           maxAge: "1000"