Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict policies to non-duplicate routes #2318

Merged
merged 5 commits into from
Aug 7, 2024
Merged

Restrict policies to non-duplicate routes #2318

merged 5 commits into from
Aug 7, 2024

Commits on Aug 7, 2024

  1. Restrict policies to non-duplicate routes 

    Problem: Some NGINX directives are not applied or enforced when configured in an internal location. This occurs when redirecting or rewriting a request from an external location to an internal location.

Solution: Only accept a policy if the Route it targets is the only Route that matches the hostname, port, and path combination. If other Routes overlap, the policy will be rejected.

This allows us to apply policy configuration to the external location instead of the internal locations. We would limit the policies we accept rather than limiting which Routes we accept.

This is possible because, with the policy restriction, a policy cannot be applied to a Route that shares an external location with another Route.

However, for the otel module, we still require some internal location directives to be specified, so the policy generator has been refactored to account for this.

Finally, revert named locations back to internal locations. As part of this process, we've learned that named locations do not behave as expected.

Co-authored-by: Kate Osborn <[email protected]>
    @sjberman @kate-osborn
    sjberman and kate-osborn committed Aug 7, 2024
    Configuration menu
    Copy the full SHA
    ae7b69e View commit details
    Browse the repository at this point in the history

  2. Code review

    @sjberman
    sjberman committed Aug 7, 2024
    Configuration menu
    Copy the full SHA
    1312b3b View commit details
    Browse the repository at this point in the history

  3. Fix flaky test

    @sjberman
    sjberman committed Aug 7, 2024
    Configuration menu
    Copy the full SHA
    ce229e2 View commit details
    Browse the repository at this point in the history

  4. Language fixups

    @sjberman
    sjberman committed Aug 7, 2024
    Configuration menu
    Copy the full SHA
    8fdf3a4 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'main' into fix/policy-restriction

    @sjberman
    sjberman authored Aug 7, 2024
    Configuration menu
    Copy the full SHA
    a269f71 View commit details
    Browse the repository at this point in the history