From b0859555b8f08e3113054345db7e07b15e2f98b5 Mon Sep 17 00:00:00 2001 From: Tianyu Xia Date: Thu, 1 Sep 2022 03:01:40 +0000 Subject: [PATCH 1/3] Overide any existing value in the request header with authn: Bearer id token Signed-off-by: Tianyu Xia --- source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc index 6c5adbad6d966..8276350ce2753 100644 --- a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc +++ b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc @@ -15,7 +15,7 @@ namespace GcpAuthn { namespace { void addTokenToRequest(Http::RequestHeaderMap& hdrs, absl::string_view token_str) { std::string id_token = absl::StrCat("Bearer ", token_str); - hdrs.addCopy(authorizationHeaderKey(), id_token); + hdrs.setCopy(authorizationHeaderKey(), id_token); } } // namespace From aec68ad8ca7ec0bfe4476b5be17d35abd827c899 Mon Sep 17 00:00:00 2001 From: Tianyu Xia Date: Thu, 15 Sep 2022 23:49:43 +0000 Subject: [PATCH 2/3] add the ttest coverage Signed-off-by: Tianyu Xia --- .../gcp_authn_filter_integration_test.cc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc index c871931f7986d..58e9a4438dd41 100644 --- a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc +++ b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc @@ -89,8 +89,14 @@ class GcpAuthnFilterIntegrationTest : public testing::TestWithParammakeHeaderOnlyRequest(Http::TestRequestHeaderMapImpl{ - {":method", "GET"}, {":path", "/"}, {":scheme", "http"}, {":authority", "host"}}); + response_ = codec_client_->makeHeaderOnlyRequest( + Http::TestRequestHeaderMapImpl{{":method", "GET"}, + {":path", "/"}, + {":scheme", "http"}, + {":authority", "host"}, + // Add a pair with `Authorization` as the key for + // verification of header map overriden behavior. + {"Authorization", "test"}}); } } @@ -145,8 +151,12 @@ class GcpAuthnFilterIntegrationTest : public testing::TestWithParamheaders().get(authorizationHeaderKey()).empty()); // The expected ID token is in format of `Bearer ID_TOKEN` std::string id_token = absl::StrCat("Bearer ", MockTokenString); - // Verify the request header modification: the token returned from authentication server - // has been added to the request header that is sent to destination upstream. + // Verify the request header modification: + // 1) Only one entry with authorization header key. i.e., Any existing values should be + // overriden by response from authentication server. + EXPECT_EQ(upstream_request_->headers().get(authorizationHeaderKey()).size(), 1); + // 2) the token returned from authentication server has been added to the request header that + // is sent to destination upstream. EXPECT_EQ( upstream_request_->headers().get(authorizationHeaderKey())[0]->value().getStringView(), id_token); From fc6ce912a9dd4d02156e021dfbf94fe2601554a7 Mon Sep 17 00:00:00 2001 From: Tianyu Xia Date: Fri, 16 Sep 2022 00:46:49 +0000 Subject: [PATCH 3/3] fix typo Signed-off-by: Tianyu Xia --- .../http/gcp_authn/gcp_authn_filter_integration_test.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc index 58e9a4438dd41..551e6ed82fbe2 100644 --- a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc +++ b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc @@ -95,7 +95,7 @@ class GcpAuthnFilterIntegrationTest : public testing::TestWithParamheaders().get(authorizationHeaderKey()).size(), 1); // 2) the token returned from authentication server has been added to the request header that // is sent to destination upstream.