Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zalimeni/feature/net 1151 l7 intentions security fixes archive #21821

Closed
wants to merge 10 commits into from
Closed

Zalimeni/feature/net 1151 l7 intentions security fixes archive #21821

wants to merge 10 commits into from

Conversation

zalimeni
Copy link
Member

Description

Testing & Reproduction steps

Links

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

zalimeni and others added 10 commits October 11, 2024 10:14
@zalimeni
mesh: add options for HTTP incoming request normalization
bc988a3 
Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.
@zalimeni
mesh: enable inbound URL path normalization by default
3cf889f
@zalimeni
mesh: add support for L7 header match contains and ignore_case
b3dd745 
Enable partial string and case-insensitive matching in L7 intentions
header match rules.
@zalimeni @philrenaud
ui: support L7 header match contains and ignore_case
dc5f657 
Co-authored-by: Phil Renaud <[email protected]>
@zalimeni
test: add request normalization integration bats tests
54bc8bb 
Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.
@zalimeni
fix imports
c370935
@zalimeni
test cleanup: protos
6804028
@zalimeni
test cleanup: bats
65d7754
@zalimeni
add changelog
d7e7492
@zalimeni
docs: update security and reference docs for L7 intentions bypass pre…
e0cd2c4 
…vention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
@github-actions github-actions bot added type/docs Documentation needs to be created/updated/clarified theme/api Relating to the HTTP API interface theme/cli Flags and documentation for the CLI interface theme/ui Anything related to the UI theme/envoy/xds Related to Envoy support labels Oct 14, 2024
@zalimeni zalimeni closed this Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
theme/api Relating to the HTTP API interface theme/cli Flags and documentation for the CLI interface theme/envoy/xds Related to Envoy support theme/ui Anything related to the UI type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zalimeni