Skip to content

Set extra proxy headers in all tsh HTTP requests#19766

Merged
vitorenesduarte merged 30 commits into
masterfrom
vitor/extra-proxy-headers
Jan 11, 2023
Merged

Set extra proxy headers in all tsh HTTP requests#19766
vitorenesduarte merged 30 commits into
masterfrom
vitor/extra-proxy-headers

Conversation

@vitorenesduarte
Copy link
Copy Markdown
Contributor

@vitorenesduarte vitorenesduarte commented Jan 2, 2023

Fixes #16541.

Before this commit, the tsh HTTP requests that had the extra headers were those that did not use roundtrip.
This commit leverages http.RoundTripper.RoundTrip to ensure that all requests have the the extra headers.

Set extra proxy headers in all tsh HTTP requests
b1c9acb 
Before this commit, the `tsh` HTTP requests that had the extra headers
were those that did not use `roundtrip`.
This commit leverages `http.RoundTripper.RoundTrip` to ensure that all
requests have the the extra headers.
@vitorenesduarte vitorenesduarte self-assigned this Jan 2, 2023
ibeckermayer
ibeckermayer suggested changes Jan 4, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@ibeckermayer ibeckermayer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some tests testing the logic of whether requests get downgraded or not would be nice.

Also try a grep -rn NewInsecureWebClient\(\), there seem to be some stragglers left over.

Comment thread api/client/proxy/proxy.go
Comment thread api/client/proxy/proxy.go Outdated
Comment thread lib/client/weblogin.go Outdated
Comment thread lib/client/weblogin.go Outdated
Vitor Enes and others added 3 commits January 4, 2023 19:07
Update http round tripper docs
8606338 
Co-authored-by: Isaiah Becker-Mayer <isaiah@goteleport.com>
Inline config definition
ff9c6a7
Add NewInsecureWebClient back
0107a14
@vitorenesduarte vitorenesduarte force-pushed the vitor/extra-proxy-headers branch from 9f71114 to 0107a14 Compare January 4, 2023 21:56
@vitorenesduarte
Copy link
Copy Markdown
Contributor Author

vitorenesduarte commented Jan 6, 2023

Thanks for the review @ibeckermayer. Could you please take another look?

Some tests testing the logic of whether requests get downgraded or not would be nice.

I improved existing tests and added new ones in 9641dd1.

Also try a grep -rn NewInsecureWebClient\(\), there seem to be some stragglers left over.

Thanks. I've added NewInsecureWebClient back.

ibeckermayer
ibeckermayer suggested changes Jan 7, 2023
View reviewed changes
Comment thread api/client/proxy/proxy.go Outdated
Comment thread lib/client/weblogin_test.go Outdated
Comment thread lib/client/weblogin_test.go Outdated
defer httpSvr.Close()
// TestHttpRoundTripperDowngrade tests that the round tripper downgrades https requests to http
// when HTTP_PROXY is set to "http://localhost:*" (i.e. there's an http proxy running on localhost).
func TestHttpRoundTripperDowngrade(t *testing.T) {
Copy link
Copy Markdown
Contributor

@ibeckermayer ibeckermayer Jan 7, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get that this is testing the HttpRoundTripper under the hood, however its bad practice to write tests for one package in another. For example, consider if we swap out the underlying transport mechanism in SSHAgentLogin. Now this test is bunk, and might just get deleted. At the very least, we would need to rewrite it to test HTTPRoundTripper in its own package at that point.

Another reason this is bad practice is that tests are a form of documentation. If somebody wants to use HTTPRoundTripper for something else, it's best that the tests testing its core behavior are close by so they can see how it works.

I would say move these comprehensive tests of HTTPRoundTripper's behavior close to TestProxyAwareRoundTripper. And if you think its worthwhile to also have unit tests ensuring this behavior for client.SSHAgentLogin and client.HostCredentials, then add those to the client package.

Copy link
Copy Markdown
Contributor Author

@vitorenesduarte vitorenesduarte Jan 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the suggestion. Moved the tests in 451646b.

@vitorenesduarte vitorenesduarte enabled auto-merge (squash) January 11, 2023 10:16
@vitorenesduarte vitorenesduarte merged commit d72ac18 into master Jan 11, 2023
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 11, 2023

@vitorenesduarte See the table below for backport results.

Branch Result
branch/v10 Failed
branch/v11 Failed
branch/v9 Failed

@vitorenesduarte vitorenesduarte deleted the vitor/extra-proxy-headers branch January 11, 2023 10:49
@vitorenesduarte vitorenesduarte mentioned this pull request Jan 11, 2023
Merged
@vitorenesduarte
Copy link
Copy Markdown
Contributor Author

vitorenesduarte commented Jan 11, 2023
edited
Loading

Manually backported to v11: #20071
Manually backporting to < v11 resulted in conflicts due to #15874 not being on those branches.

UPDATE:
Manually backported to v10: #20111

@vitorenesduarte vitorenesduarte mentioned this pull request Jan 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fspmarshall fspmarshall fspmarshall approved these changes

+1 more reviewer

@ibeckermayer ibeckermayer ibeckermayer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@vitorenesduarte vitorenesduarte

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Custom header is not added in http2

3 participants

@vitorenesduarte @ibeckermayer @fspmarshall