Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix tls with jwt authn usecase #1856

Merged
merged 5 commits into from
Sep 13, 2023
Merged

Conversation

tanujd11
Copy link
Member

@tanujd11 tanujd11 commented Aug 31, 2023

What type of PR is this?

Bug Fix

What this PR does / why we need it:

HTTPS and JWT authentication was not working in tandem because for some reason we were getting the information for JWTRequirement from HCM in DefaultFilterChain. DefaultFilterChain is not populated in case of HTTPS.

The question is irRoute already have all the information about JWT Requirement as the HCM of listener is also populated from route only which only checks if the listener has JWT Filter on the route and patch listener. Then why reverse check is done if httpfilter has the JWT requirements?

Which issue(s) this PR fixes:

Fixes #1768

@tanujd11 tanujd11 requested a review from a team as a code owner August 31, 2023 15:53
@codecov
Copy link

codecov bot commented Aug 31, 2023

Codecov Report

Merging #1856 (9c78dfd) into main (ff33343) will increase coverage by 0.26%.
The diff coverage is 83.33%.

@@            Coverage Diff             @@
##             main    #1856      +/-   ##
==========================================
+ Coverage   65.87%   66.14%   +0.26%     
==========================================
  Files          86       86              
  Lines       12924    12867      -57     
==========================================
- Hits         8514     8511       -3     
+ Misses       3866     3827      -39     
+ Partials      544      529      -15     
Files Changed Coverage Δ
internal/xds/translator/route.go 90.76% <50.00%> (ø)
internal/xds/translator/authentication.go 73.14% <100.00%> (+7.92%) ⬆️
internal/xds/translator/translator.go 79.85% <100.00%> (ø)

... and 1 file with indirect coverage changes

@tanujd11 tanujd11 force-pushed the fix/tls-with-jwt-authn branch from f9d8c61 to 61cfb8b Compare August 31, 2023 16:08
Xunzhuo
Xunzhuo previously approved these changes Sep 1, 2023
@zirain
Copy link
Member

zirain commented Sep 1, 2023

can you add test case for this?

@tanujd11 tanujd11 force-pushed the fix/tls-with-jwt-authn branch 2 times, most recently from 9f52017 to c39ccc5 Compare September 1, 2023 17:20
@tanujd11
Copy link
Member Author

tanujd11 commented Sep 1, 2023

/retest

1 similar comment
@tanujd11
Copy link
Member Author

tanujd11 commented Sep 1, 2023

/retest

@tanujd11 tanujd11 force-pushed the fix/tls-with-jwt-authn branch from 27de98e to df38ab4 Compare September 1, 2023 19:01
@zirain
Copy link
Member

zirain commented Sep 2, 2023

/retest

@tanujd11
Copy link
Member Author

tanujd11 commented Sep 2, 2023

@zirain somehow make testdata generated test file is failing in go.test.coverage. Default make test is working. This is due to some unicode sequence. I am not sure why is this happening with this PR only. Any ideas?

@zirain
Copy link
Member

zirain commented Sep 2, 2023

seems related to #1859

@tanujd11
Copy link
Member Author

tanujd11 commented Sep 6, 2023

/retest

@tanujd11 tanujd11 requested a review from Xunzhuo September 12, 2023 06:51
@tanujd11
Copy link
Member Author

/retest

Signed-off-by: tanujd11 <[email protected]>
Signed-off-by: tanujd11 <[email protected]>
Signed-off-by: tanujd11 <[email protected]>
@tanujd11 tanujd11 force-pushed the fix/tls-with-jwt-authn branch from 58a8c76 to 8a61129 Compare September 13, 2023 09:54
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks !

@arkodg arkodg merged commit c23d7a8 into envoyproxy:main Sep 13, 2023
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

TLS termination breaks jwt authenticaton
4 participants