diff --git a/internal/mode/static/nginx/config/servers.go b/internal/mode/static/nginx/config/servers.go index 6884007630..c256124f9c 100644 --- a/internal/mode/static/nginx/config/servers.go +++ b/internal/mode/static/nginx/config/servers.go @@ -30,15 +30,25 @@ var baseHeaders = []http.Header{ Name: "X-Forwarded-For", Value: "$proxy_add_x_forwarded_for", }, - { +} + +// httpBaseHeaders contains the constant headers set in each HTTP server block +var httpBaseHeaders = append(baseHeaders, + http.Header{ Name: "Upgrade", Value: "$http_upgrade", }, - { + http.Header{ Name: "Connection", Value: "$connection_upgrade", - }, -} + }) + +// grpcBaseHeaders contains the constant headers set in each gRPC server block +var grpcBaseHeaders = append(baseHeaders, + http.Header{ + Name: "Authority", + Value: "$gw_api_compliant_host", + }) func executeServers(conf dataplane.Configuration) []executeResult { servers, httpMatchPairs := createServers(conf.HTTPServers, conf.SSLServers) @@ -556,8 +566,11 @@ func createMatchLocation(path string) http.Location { func generateProxySetHeaders(filters *dataplane.HTTPFilters, grpc bool) []http.Header { var headers []http.Header if !grpc { - headers = make([]http.Header, len(baseHeaders)) - copy(headers, baseHeaders) + headers = make([]http.Header, len(httpBaseHeaders)) + copy(headers, httpBaseHeaders) + } else { + headers = make([]http.Header, len(grpcBaseHeaders)) + copy(headers, grpcBaseHeaders) } if filters != nil && filters.RequestURLRewrite != nil && filters.RequestURLRewrite.Hostname != nil { diff --git a/internal/mode/static/nginx/config/servers_test.go b/internal/mode/static/nginx/config/servers_test.go index 990a3a4c52..678de2c932 100644 --- a/internal/mode/static/nginx/config/servers_test.go +++ b/internal/mode/static/nginx/config/servers_test.go @@ -614,17 +614,17 @@ func TestCreateServers(t *testing.T) { { Path: "@rule0-route0", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "@rule0-route1", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "@rule0-route2", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/", @@ -633,7 +633,7 @@ func TestCreateServers(t *testing.T) { { Path: "@rule1-route0", ProxyPass: "http://$test__route1_rule1$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/test/", @@ -642,17 +642,17 @@ func TestCreateServers(t *testing.T) { { Path: "/path-only/", ProxyPass: "http://invalid-backend-ref$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "= /path-only", ProxyPass: "http://invalid-backend-ref$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/backend-tls-policy/", ProxyPass: "https://test_btp_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, ProxySSLVerify: &http.ProxySSLVerify{ Name: "test-btp.example.com", TrustedCertificate: "/etc/nginx/secrets/test-btp.crt", @@ -661,7 +661,7 @@ func TestCreateServers(t *testing.T) { { Path: "= /backend-tls-policy", ProxyPass: "https://test_btp_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, ProxySSLVerify: &http.ProxySSLVerify{ Name: "test-btp.example.com", TrustedCertificate: "/etc/nginx/secrets/test-btp.crt", @@ -765,12 +765,12 @@ func TestCreateServers(t *testing.T) { { Path: "= /exact", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "@rule12-route0", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "= /test", @@ -832,7 +832,7 @@ func TestCreateServers(t *testing.T) { Path: "= /grpc/method", ProxyPass: "grpc://test_foo_80", GRPC: true, - ProxySetHeaders: nil, + ProxySetHeaders: grpcBaseHeaders, }, { Path: "= /grpc-with-backend-tls-policy/method", @@ -842,7 +842,7 @@ func TestCreateServers(t *testing.T) { TrustedCertificate: "/etc/nginx/secrets/test-btp.crt", }, GRPC: true, - ProxySetHeaders: nil, + ProxySetHeaders: grpcBaseHeaders, }, } } @@ -962,12 +962,12 @@ func TestCreateServersConflicts(t *testing.T) { { Path: "/coffee/", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "= /coffee", ProxyPass: "http://test_bar_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, createDefaultRootLocation(), }, @@ -1000,12 +1000,12 @@ func TestCreateServersConflicts(t *testing.T) { { Path: "= /coffee", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/coffee/", ProxyPass: "http://test_bar_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, createDefaultRootLocation(), }, @@ -1048,12 +1048,12 @@ func TestCreateServersConflicts(t *testing.T) { { Path: "/coffee/", ProxyPass: "http://test_bar_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "= /coffee", ProxyPass: "http://test_baz_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, createDefaultRootLocation(), }, @@ -1171,12 +1171,12 @@ func TestCreateLocationsRootPath(t *testing.T) { { Path: "/path-1", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/path-2", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/", @@ -1194,17 +1194,18 @@ func TestCreateLocationsRootPath(t *testing.T) { { Path: "/path-1", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/path-2", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { - Path: "/grpc", - ProxyPass: "grpc://test_foo_80", - GRPC: true, + Path: "/grpc", + ProxyPass: "grpc://test_foo_80", + GRPC: true, + ProxySetHeaders: grpcBaseHeaders, }, { Path: "/", @@ -1221,17 +1222,17 @@ func TestCreateLocationsRootPath(t *testing.T) { { Path: "/path-1", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/path-2", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, { Path: "/", ProxyPass: "http://test_foo_80$request_uri", - ProxySetHeaders: baseHeaders, + ProxySetHeaders: httpBaseHeaders, }, }, }, @@ -1950,9 +1951,51 @@ func TestGenerateProxySetHeaders(t *testing.T) { }, }, { - msg: "grpc", - expectedHeaders: nil, - GRPC: true, + msg: "header filter with gRPC", + GRPC: true, + filters: &dataplane.HTTPFilters{ + RequestHeaderModifiers: &dataplane.HTTPHeaderFilter{ + Add: []dataplane.HTTPHeader{ + { + Name: "Authorization", + Value: "my-auth", + }, + }, + Set: []dataplane.HTTPHeader{ + { + Name: "Accept-Encoding", + Value: "gzip", + }, + }, + Remove: []string{"my-header"}, + }, + }, + expectedHeaders: []http.Header{ + { + Name: "Authorization", + Value: "${authorization_header_var}my-auth", + }, + { + Name: "Accept-Encoding", + Value: "gzip", + }, + { + Name: "my-header", + Value: "", + }, + { + Name: "Host", + Value: "$gw_api_compliant_host", + }, + { + Name: "X-Forwarded-For", + Value: "$proxy_add_x_forwarded_for", + }, + { + Name: "Authority", + Value: "$gw_api_compliant_host", + }, + }, }, }