From 5b67453ed5535fac132f9b3c3cfef4fcdb123db1 Mon Sep 17 00:00:00 2001 From: "jan.kozlowski" Date: Thu, 4 Jul 2024 12:42:19 +0200 Subject: [PATCH] feature flag --- .../envoycontrol/snapshot/SnapshotProperties.kt | 1 + .../resource/listeners/filters/JwtFilterFactory.kt | 11 ++++++++--- .../envoycontrol/config/envoy/EnvoyContainer.kt | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt index 550acfd9a..b9142db8f 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt @@ -392,6 +392,7 @@ class JwtFilterProperties { var forwardPayloadHeader = "x-oauth-token-validated" var payloadInMetadata = "jwt" var failedStatusInMetadata = "jwt_failure_reason" + var failedStatusInMetadataEnabled = true var fieldRequiredInToken = "exp" var defaultVerificationType = OAuth.Verification.OFFLINE var defaultOAuthPolicy = OAuth.Policy.STRICT diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/JwtFilterFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/JwtFilterFactory.kt index c47c55650..26d674002 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/JwtFilterFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/JwtFilterFactory.kt @@ -64,7 +64,8 @@ class JwtFilterFactory( it.key to createProvider(it.value) } - private fun createProvider(provider: OAuthProvider) = JwtProvider.newBuilder() + private fun createProvider(provider: OAuthProvider): JwtProvider { + val jwtProvider = JwtProvider.newBuilder() .setRemoteJwks( RemoteJwks.newBuilder().setHttpUri( HttpUri.newBuilder() @@ -79,8 +80,12 @@ class JwtFilterFactory( .setForward(properties.forwardJwt) .setForwardPayloadHeader(properties.forwardPayloadHeader) .setPayloadInMetadata(properties.payloadInMetadata) - .setFailedStatusInMetadata(properties.failedStatusInMetadata) - .build() + + if (properties.failedStatusInMetadataEnabled) + jwtProvider.setFailedStatusInMetadata(properties.failedStatusInMetadata) + + return jwtProvider.build() + } private fun createRules(endpoints: List): Set { return endpoints.mapNotNull(this::createRuleForEndpoint).toSet() diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt index 59f2eb2df..92466b0c5 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt @@ -39,7 +39,7 @@ class EnvoyContainer( private const val ADMIN_PORT = 10000 private const val MIN_SUPPORTED_ENVOY_VERSION = "v1.22.7" - private const val MAX_SUPPORTED_ENVOY_VERSION = "v1.30.2" // todo: v1.28.0+ - OutlierDetectionTest breaks + private const val MAX_SUPPORTED_ENVOY_VERSION = "v1.30.4" val DEFAULT_IMAGE = run { val version =