Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filter: http: jwt: implement matching for HTTP CONNECT #13064

Merged
merged 1 commit into from
Sep 11, 2020
Merged

filter: http: jwt: implement matching for HTTP CONNECT #13064

merged 1 commit into from
Sep 11, 2020

Conversation

nicktrav
Copy link
Contributor

Remove an existing TODO and implement the matcher, which mirrors the
behavior of the HTTP router, using the RouteMatch configuration to
determine whether the matcher should run for a given request.

This change allows JWT-based authentication for HTTP CONNECT requests.

Clean up a TODO in uber_per_filter.cc and remove some obsolete cleanup
code.

Additional Description: This is a follow-on from #13056.
Risk Level: Medium (minor extension to an existing feature).
Testing: Unit test cases added for matching.
Docs Changes: n/a
Release Notes: n/a

@nicktrav
filter: http: jwt: implement matching for HTTP CONNECT
244aefd 
Remove an existing TODO and implement the matcher, which mirrors the
behavior of the HTTP router, using the `RouteMatch` configuration to
determine whether the matcher should run for a given request.

This change allows JWT-based authentication for HTTP CONNECT requests.

Clean up a TODO in `uber_per_filter.cc` and remove some obsolete cleanup
code.

Signed-off-by: Nick Travers <[email protected]>
@nicktrav nicktrav requested a review from lizan as a code owner September 11, 2020 18:18
@nicktrav
Copy link
Contributor Author

cc: @alyssawilk

mattklein123
mattklein123 approved these changes Sep 11, 2020
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It kills me that we have this stuff duplicated all over the place, but thanks for cleaning this up. cc @snowp @yangminzhu for another place to unify.

@mattklein123 mattklein123 merged commit c05f022 into envoyproxy:master Sep 11, 2020
@nicktrav nicktrav deleted the nickt.jwt-authn-http-connect branch September 11, 2020 22:53
lhluo pushed a commit to lhluo/envoy that referenced this pull request Sep 11, 2020
Merge remote-tracking branch 'upstream/master' into binary-lua-b64-en…
808c8f7 
…code

* upstream/master:
  lint: add more linters for using absl:: over std:: (envoyproxy#13043)
  udpa: filesystem list collection support for inline entries. (envoyproxy#13028)
  filter: http: jwt: implement matching for HTTP CONNECT (envoyproxy#13064)
  [fuzz] split http filter logic into a fuzzing class (envoyproxy#13016)
  xds: allow empty delta update (envoyproxy#12699)
  CacheFilter: parses the allowed_vary_headers from the cache config. (envoyproxy#12928)
  router: extend HTTP CONNECT route matching criteria (envoyproxy#13056)
  docs: clarify use of Extended CONNECT for h/2 (envoyproxy#13051)
  build: shellcheck tools/ (envoyproxy#13007)
  [fuzz] Refactored Health Checker Impl Tests (envoyproxy#13017)

Signed-off-by: Lihao Luo <[email protected]>
@ShotaKitazawa ShotaKitazawa mentioned this pull request Jul 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

@qiwzhang qiwzhang qiwzhang approved these changes

@lizan lizan Awaiting requested review from lizan

Assignees

@lizan lizan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nicktrav @mattklein123 @qiwzhang @lizan