Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: JWT extractFrom headers and params #2434

Merged
merged 3 commits into from
Jan 16, 2024
Merged

feat: JWT extractFrom headers and params #2434

merged 3 commits into from
Jan 16, 2024

Conversation

ardikabs
Copy link
Contributor

@ardikabs ardikabs commented Jan 11, 2024
edited
Loading

What type of PR is this?
Add other fields on extractFrom to support JWT extraction from custom headers or params.

What this PR does / why we need it:

Which issue(s) this PR fixes:
Closes #2429

@ardikabs ardikabs requested a review from a team as a code owner January 11, 2024 16:30
@ardikabs ardikabs force-pushed the feat/jwt-extractor-from-headers-and-params branch 2 times, most recently from 7843a58 to 185cfc2 Compare January 11, 2024 16:34
@codecov Codecov
Copy link

codecov bot commented Jan 11, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5c98592) 64.74% compared to head (79ab0f4) 64.78%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2434      +/-   ##
==========================================
+ Coverage   64.74%   64.78%   +0.03%     
==========================================
  Files         115      115              
  Lines       17415    17429      +14     
==========================================
+ Hits        11275    11291      +16     
+ Misses       5427     5424       -3     
- Partials      713      714       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

arkodg
arkodg reviewed Jan 11, 2024
View reviewed changes
api/v1alpha1/jwt_types.go Outdated
//
// +optional
Headers []JWTHeaderExtractor `json:"headers,omitempty"`

// Cookies represents a list of cookie names to extract the JWT token from.
// If specified, Envoy will extract the JWT token from the listed cookies and validate each of them.
// If any cookie is found to be an invalid JWT, a 401 error will be returned.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we move this invalid JWT string to top level JWTExtractor, since its valid for all fields now ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's right, will move it to the top

@ardikabs ardikabs force-pushed the feat/jwt-extractor-from-headers-and-params branch from 185cfc2 to 586038d Compare January 12, 2024 07:24
@ardikabs
Copy link
Contributor Author

/retest

@ardikabs
Copy link
Contributor Author

it seems the job encountered an error that appears unrelated to the changes. Could you help here @arkodg?

--- FAIL: TestProvider (69.71s)
    --- FAIL: TestProvider/gatewayclass_with_parameters_ref (60.04s)
        kubernetes_test.go:199: 
            	Error Trace:	/home/runner/work/gateway/gateway/internal/provider/kubernetes/kubernetes_test.go:199
            	            				/home/runner/work/gateway/gateway/internal/provider/kubernetes/kubernetes_test.go:80
            	Error:      	Condition never satisfied
            	Test:       	TestProvider/gatewayclass_with_parameters_ref

@shawnh2
Copy link
Contributor

shawnh2 commented Jan 14, 2024

/retest

@shawnh2
Copy link
Contributor

shawnh2 commented Jan 14, 2024

it seems the job encountered an error that appears unrelated to the changes. Could you help here @arkodg?

--- FAIL: TestProvider (69.71s)
    --- FAIL: TestProvider/gatewayclass_with_parameters_ref (60.04s)
        kubernetes_test.go:199: 
            	Error Trace:	/home/runner/work/gateway/gateway/internal/provider/kubernetes/kubernetes_test.go:199
            	            				/home/runner/work/gateway/gateway/internal/provider/kubernetes/kubernetes_test.go:80
            	Error:      	Condition never satisfied
            	Test:       	TestProvider/gatewayclass_with_parameters_ref

seems like a flaky test

@ardikabs ardikabs force-pushed the feat/jwt-extractor-from-headers-and-params branch from 586038d to 68f23ec Compare January 14, 2024 11:47
zhaohuabing
zhaohuabing approved these changes Jan 16, 2024
View reviewed changes
Copy link
Member

@zhaohuabing zhaohuabing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@ardikabs
Copy link
Contributor Author

/retest

@arkodg arkodg merged commit 9081d82 into envoyproxy:main Jan 16, 2024
20 checks passed
zesiar0 pushed a commit to zesiar0/gateway that referenced this pull request Jan 22, 2024
@ardikabs @zirain @zesiar0
feat: JWT extractFrom headers and params (envoyproxy#2434)
1dbc742 
* feat: JWT extractFrom headers and params

Signed-off-by: Ardika Bagus <[email protected]>

* chore: update comment to the top

Signed-off-by: Ardika Bagus <[email protected]>

---------

Signed-off-by: Ardika Bagus <[email protected]>
Co-authored-by: zirain <[email protected]>
Signed-off-by: A3bz <[email protected]>
@ardikabs ardikabs deleted the feat/jwt-extractor-from-headers-and-params branch April 2, 2024 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arkodg arkodg arkodg approved these changes

@zirain zirain zirain approved these changes

@zhaohuabing zhaohuabing zhaohuabing approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support JWT extraction from headers and params
5 participants
@ardikabs @shawnh2 @zhaohuabing @zirain @arkodg