Remove request headers on egress (#235)

* Remove request headers on egress * Remove unused imports * Added info to docs, changed when to if
allegro · Feb 2, 2021 · 0ea22d9 · 0ea22d9
1 parent 36f15ad
commit 0ea22d9
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 4 deletions.
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -33,7 +33,7 @@ Property
 **envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.response-format.text-format**            | Text message format with placeholders (refer to [envoy docs](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators))                                             | ""
 **envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.response-format.json-format**            | JSON message format with placeholders for matched response (refer to [envoy docs](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)).                       | ""
 **envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.response-format.content-type**           | Response content-type header value                                                                                                                                                                                    | ""
-**envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.matchers.status-code-matcher**           | Matcher which handle specific status codes formatted as string e.g.: EQ:400 - equal to status code 400                                                                                                                | ""
+**envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.matchers.status-code-matcher**           | Matcher which handles specific status codes formatted as string e.g.: EQ:400 - equal to status code 400                                                                                                               | ""
 **envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.matchers.header-matcher.name**           | Header name to match                                                                                                                                                                                                  | ""
 **envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.matchers.header-matcher.exact-match**    | Header value to match for specified header (only one of: exactMatch, regexMatch can be specified. If none is specified, header name presence matcher will be used)                                                    | ""
 **envoy-control.envoy.snapshot.dynamic-listeners.local-reply-mapper.matchers.header-matcher.regex-match**    | Header value regex to match for specified header (only one of: exactMatch, regexMatch can be specified. If none is specified, header name presence matcher will be used)                                              | ""
@@ -61,7 +61,8 @@ Property
 **envoy-control.envoy.snapshot.egress.handle-internal-redirect**                                             | Handle redirects by Envoy                                                                                                                                                                                             | false
 **envoy-control.envoy.snapshot.egress.host-header-rewriting.enabled**                                        | Enable rewriting Host header with value from specified header                                                                                                                                                         | false
 **envoy-control.envoy.snapshot.egress.host-header-rewriting.custom-host-header**                             | Header name which value will override Host header                                                                                                                                                                     | "x-envoy-original-host"
-**envoy-control.envoy.snapshot.ingress.headers-to-remove**                                                   | List of headers to sanitize                                                                                                                                                                                           | empty list
+**envoy-control.envoy.snapshot.egress.headers-to-remove**                                                    | List of headers to sanitize on egress                                                                                                                                                                                 | empty list
+**envoy-control.envoy.snapshot.ingress.headers-to-remove**                                                   | List of headers to sanitize on ingress                                                                                                                                                                                | empty list
 **envoy-control.envoy.snapshot.local-service.idle-timeout**                                                  | Idle timeout between client to envoy                                                                                                                                                                                  | 60s
 **envoy-control.envoy.snapshot.local-service.response-timeout**                                              | Response timeout for localService                                                                                                                                                                                     | 15s
 **envoy-control.envoy.snapshot.local-service.connection-idle-timeout**                                       | Connection idle timeout for localService                                                                                                                                                                              | 120s

diff --git a/...e/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt b/...e/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt
@@ -230,6 +230,7 @@ class EgressProperties {
     var commonHttp = CommonHttpProperties()
     var neverRemoveClusters = true
     var hostHeaderRewriting = HostHeaderRewritingProperties()
+    var headersToRemove = mutableListOf<String>()
 }
 
 class IngressProperties {

diff --git a/...llegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyEgressRoutesFactory.kt b/...llegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyEgressRoutesFactory.kt
@@ -106,6 +106,11 @@ class EnvoyEgressRoutesFactory(
                     )
                 }
             }
+
+        if (properties.egress.headersToRemove.isNotEmpty()) {
+            routeConfiguration.addAllRequestHeadersToRemove(properties.egress.headersToRemove)
+        }
+
         if (addUpstreamAddressHeader) {
             routeConfiguration = routeConfiguration.addResponseHeadersToAdd(upstreamAddressHeader)
         }

diff --git a/...ro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyEgressRoutesFactoryTest.kt b/...ro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyEgressRoutesFactoryTest.kt
@@ -6,11 +6,12 @@ import pl.allegro.tech.servicemesh.envoycontrol.groups.DependencySettings
 import pl.allegro.tech.servicemesh.envoycontrol.groups.Outgoing
 import pl.allegro.tech.servicemesh.envoycontrol.groups.hasCustomIdleTimeout
 import pl.allegro.tech.servicemesh.envoycontrol.groups.hasCustomRequestTimeout
-import pl.allegro.tech.servicemesh.envoycontrol.groups.hostRewriteHeaderIsEmpty
 import pl.allegro.tech.servicemesh.envoycontrol.groups.hasHostRewriteHeader
-import pl.allegro.tech.servicemesh.envoycontrol.groups.hasRequestHeaderToAdd
 import pl.allegro.tech.servicemesh.envoycontrol.groups.hasNoRequestHeaderToAdd
+import pl.allegro.tech.servicemesh.envoycontrol.groups.hasRequestHeaderToAdd
+import pl.allegro.tech.servicemesh.envoycontrol.groups.hasRequestHeadersToRemove
 import pl.allegro.tech.servicemesh.envoycontrol.groups.hasResponseHeaderToAdd
+import pl.allegro.tech.servicemesh.envoycontrol.groups.hostRewriteHeaderIsEmpty
 import pl.allegro.tech.servicemesh.envoycontrol.snapshot.RouteSpecification
 import pl.allegro.tech.servicemesh.envoycontrol.snapshot.SnapshotProperties
 
@@ -138,4 +139,18 @@ internal class EnvoyEgressRoutesFactoryTest {
             .route
             .hasHostRewriteHeader(snapshotProperties.egress.hostHeaderRewriting.customHostHeader)
     }
+
+    @Test
+    fun `should create route config with headers to remove`() {
+        // given
+        val routesFactory = EnvoyEgressRoutesFactory(SnapshotProperties().apply {
+            egress.headersToRemove = mutableListOf("x-special-case-header", "x-custom")
+        })
+
+        // when
+        val routeConfig = routesFactory.createEgressRouteConfig("client1", clusters, false)
+
+        // then
+        routeConfig.hasRequestHeadersToRemove(listOf("x-special-case-header", "x-custom"))
+    }
 }