Skip to content

Commit

Permalink
Do not add ('not trusted') to untrusted client name
Browse files Browse the repository at this point in the history
  • Loading branch information
andrzejwaw committed Dec 15, 2020
1 parent 5b9ad25 commit 9704236
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@ function envoy_on_request(handle)

if client_name == "" then
client_name = first_header_value_from_list(client_identity_header_names, handle)
if trusted_header_name ~= "" and client_name ~= "" and handle:connection():ssl() ~= nil then
client_name = client_name .. " (not trusted)"
end
end

metadata:set("envoy.filters.http.lua", "request.info.path", path)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -683,7 +683,7 @@ internal class IncomingPermissionsLoggingModeTest : EnvoyControlTestConfiguratio
}

@Test
fun `echo2 should allow unlisted client with client identity header over https and log client name as untrusted`() {
fun `echo2 should allow unlisted client with client identity header over https and log client trusted as false`() {
// given
val insecureClient = ClientsFactory.createInsecureClient()

Expand All @@ -703,7 +703,7 @@ internal class IncomingPermissionsLoggingModeTest : EnvoyControlTestConfiguratio
protocol = "https",
path = "/log-unlisted-clients",
method = "GET",
clientName = "service-name-from-header (not trusted)",
clientName = "service-name-from-header",
trustedClient = false,
clientIp = echo2Envoy.gatewayIp()
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ describe("envoy_on_request:", function()

end)

it("should add not trusted to client_name if ssl available and name was not from certificate", function()
it("should set trusted client to false if ssl available and name was not from certificate", function()
-- given
local headers = {
[':path'] = '/path',
Expand All @@ -150,7 +150,7 @@ describe("envoy_on_request:", function()
envoy_on_request(handle)

-- then
assert.spy(metadata.set).was_called_with(_, "envoy.filters.http.lua", "request.info.client_name", 'lorem-service (not trusted)')
assert.spy(metadata.set).was_called_with(_, "envoy.filters.http.lua", "request.info.client_name", 'lorem-service')
assert.spy(metadata.set).was_called_with(_, "envoy.filters.http.lua", "request.info.trusted_client", false)

end)
Expand Down

0 comments on commit 9704236

Please sign in to comment.