Skip to content

Commit 1e71fc1

Browse files
erikburterikburt
authored
fix: (setup-gap) missing host headers (#1013)
* fix: setup-gap missing host header * chore: add changeset
1 parent 762c8e2 commit 1e71fc1

File tree

3 files changed

+32
-18
lines changed

3 files changed

+32
-18
lines changed

.changeset/purple-spiders-fly.md

+5
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
"setup-gap": patch
3+
---
4+
5+
fix: respect host header authz rewrites for all listeners

actions/setup-gap/authz/main.go

+6-10
Original file line numberDiff line numberDiff line change
@@ -186,12 +186,8 @@ func sanitizeStr(value string) string {
186186
return sanitizedValue
187187
}
188188

189-
func addHeader(w http.ResponseWriter, authResp AuthResponse, headerName, headerValue string, logValue bool) {
190-
if logValue {
191-
logDebug(" Adding header: %s=%s", headerName, sanitizeStr(headerValue))
192-
} else {
193-
logDebug(" Adding header: %s", headerName)
194-
}
189+
func addHeader(w http.ResponseWriter, authResp AuthResponse, headerName, headerValue string) {
190+
logDebug(" Adding header: %s=%s", headerName, sanitizeStr(headerValue))
195191

196192
// Set both the header in the HTTP response and the HTTP Body
197193
w.Header().Set(headerName, headerValue)
@@ -241,12 +237,12 @@ func handleCheck(w http.ResponseWriter, r *http.Request) {
241237
authResp.Status.Code = 200
242238
authResp.HttpResponse.Headers = make(map[string]string)
243239

244-
addHeader(w, authResp, config.GithubOidcTokenHeaderName, "Bearer "+token, false)
245-
addHeader(w, authResp, "x-repository", config.GithubRepository, true)
240+
addHeader(w, authResp, config.GithubOidcTokenHeaderName, "Bearer "+token)
241+
addHeader(w, authResp, "x-repository", config.GithubRepository)
246242

247243
if authority != "" {
248-
addHeader(w, authResp, ":authority", authority, true)
249-
addHeader(w, authResp, "host", authority, true)
244+
addHeader(w, authResp, ":authority", authority)
245+
addHeader(w, authResp, "host", authority)
250246
}
251247

252248
w.Header().Set("Content-Type", "application/json")

actions/setup-gap/envoy.yaml.gotmpl

+21-8
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ static_resources:
4545
patterns:
4646
- exact: "x-repository"
4747
- exact: "{{ getenv "GITHUB_OIDC_TOKEN_HEADER_NAME" }}"
48-
- exact: ":authority"
48+
- exact: "host"
4949
failure_mode_allow: false
5050
- name: envoy.filters.http.router
5151
typed_config:
@@ -129,7 +129,9 @@ static_resources:
129129
route_config:
130130
virtual_hosts:
131131
- name: dynamic_forward_host
132-
domains: ["*.{{ getenv "MAIN_DNS_ZONE" }}", "*.{{ getenv "MAIN_DNS_ZONE" }}:{{ getenv "DYNAMIC_PROXY_PORT" }}"]
132+
domains:
133+
- "*.{{ getenv "MAIN_DNS_ZONE" }}"
134+
- "*.{{ getenv "MAIN_DNS_ZONE" }}:{{ getenv "DYNAMIC_PROXY_PORT" }}"
133135
routes:
134136
- match:
135137
prefix: /
@@ -146,7 +148,11 @@ static_resources:
146148
envoy.filters.http.dynamic_forward_proxy:
147149
'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
148150
- name: localhost_host
149-
domains: ["localhost", "127.0.0.1", "localhost:{{ getenv "DYNAMIC_PROXY_PORT" }}", "127.0.0.1:{{ getenv "DYNAMIC_PROXY_PORT" }}"]
151+
domains:
152+
- "localhost"
153+
- "127.0.0.1"
154+
- "localhost:{{ getenv "DYNAMIC_PROXY_PORT" }}"
155+
- "127.0.0.1:{{ getenv "DYNAMIC_PROXY_PORT" }}"
150156
routes:
151157
- match:
152158
prefix: '/'
@@ -169,7 +175,6 @@ static_resources:
169175
patterns:
170176
- exact: "x-repository"
171177
- exact: "{{ getenv "GITHUB_OIDC_TOKEN_HEADER_NAME" }}"
172-
- exact: ":authority"
173178
- exact: "host"
174179
failure_mode_allow: false
175180
- name: envoy.filters.http.dynamic_forward_proxy
@@ -244,7 +249,7 @@ static_resources:
244249
patterns:
245250
- exact: "x-repository"
246251
- exact: "{{ getenv "GITHUB_OIDC_TOKEN_HEADER_NAME" }}"
247-
- exact: ":authority"
252+
- exact: "host"
248253
failure_mode_allow: false
249254
- name: envoy.filters.http.router
250255
typed_config:
@@ -253,7 +258,9 @@ static_resources:
253258
name: local_route
254259
virtual_hosts:
255260
- name: gap_ws_echo
256-
domains: ["gap-ws-echo.{{ getenv "MAIN_DNS_ZONE" }}", "gap-ws-echo.{{ getenv "MAIN_DNS_ZONE" }}:{{ getenv "WEBSOCKETS_PROXY_PORT" }}"]
261+
domains:
262+
- "gap-ws-echo.{{ getenv "MAIN_DNS_ZONE" }}"
263+
- "gap-ws-echo.{{ getenv "MAIN_DNS_ZONE" }}:{{ getenv "WEBSOCKETS_PROXY_PORT" }}"
257264
routes:
258265
- match:
259266
prefix: "/"
@@ -267,7 +274,11 @@ static_resources:
267274
base_interval: "1s"
268275
max_interval: "5s"
269276
- name: localhost_host
270-
domains: [ "localhost", "127.0.0.1", "localhost:{{ getenv "WEBSOCKETS_PROXY_PORT" }}", "127.0.0.1:{{ getenv "WEBSOCKETS_PROXY_PORT" }}"]
277+
domains:
278+
- "localhost"
279+
- "127.0.0.1"
280+
- "localhost:{{ getenv "WEBSOCKETS_PROXY_PORT" }}"
281+
- "127.0.0.1:{{ getenv "WEBSOCKETS_PROXY_PORT" }}"
271282
routes:
272283
- match:
273284
prefix: '/'
@@ -279,7 +290,9 @@ static_resources:
279290
{{- $services := getenv "WEBSOCKETS_SERVICES" | strings.Split "," }}
280291
{{- range $services }}
281292
- name: {{ replaceAll "-" "_" . }}
282-
domains: ["{{ . }}.{{ getenv "MAIN_DNS_ZONE" }}", "{{ . }}.{{ getenv "MAIN_DNS_ZONE" }}:{{ getenv "WEBSOCKETS_PROXY_PORT" }}"]
293+
domains:
294+
- "{{ . }}.{{ getenv "MAIN_DNS_ZONE" }}"
295+
- "{{ . }}.{{ getenv "MAIN_DNS_ZONE" }}:{{ getenv "WEBSOCKETS_PROXY_PORT" }}"
283296
routes:
284297
- match:
285298
prefix: "/"

0 commit comments

Comments
 (0)