fix: add validation for duplicated API keys #5955
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #5955 +/- ##
==========================================
+ Coverage 65.80% 65.89% +0.08%
==========================================
Files 217 217
Lines 36020 36027 +7
==========================================
+ Hits 23703 23740 +37
+ Misses 10836 10808 -28
+ Partials 1481 1479 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
arkodg
reviewed
May 8, 2025
arkodg
reviewed
May 8, 2025
arkodg
previously approved these changes
May 8, 2025
rudrakhp
reviewed
May 9, 2025
* reject duplicated API keys * enhance api-key-auth e2e test to cover duplicated client IDs Signed-off-by: Gavin Lam <[email protected]>
gavinkflam
commented
May 9, 2025
Comment on lines
+13
to
+21
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| namespace: gateway-conformance-infra | ||
| name: api-key-auth-users-secret-2 | ||
| data: | ||
| # key2 - duplicate client id should be ignored | ||
| client1: "a2V5Mg==" | ||
| --- |
There was a problem hiding this comment.
Enhanced APIKeyAuth e2e test to cover duplicate client IDs. Only the first API key should be retained. For instance, in {client1: "key1"} + {client1: "key2"}, key2 is dropped.
This behavior is documented in the APIKeyAuth documentation.
rudrakhp
approved these changes
May 9, 2025
arkodg
approved these changes
May 9, 2025
melsal13
referenced
this pull request
in melsal13/gatewayPersonal
May 9, 2025
* reject duplicated API keys * enhance api-key-auth e2e test to cover duplicated client IDs Signed-off-by: Gavin Lam <[email protected]> Signed-off-by: melsal13 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
Bug fix
What this PR does / why we need it:
Duplicate API keys in apiKeyAuth can cause the entire controller to stall.
The proposed changes address this by rejecting the affected SecurityPolicy and reporting the error through a status message.
Which issue(s) this PR fixes:
Fixes #5729
Release Notes: Yes