diff --git a/src/istio/control/http/attributes_builder.cc b/src/istio/control/http/attributes_builder.cc index d7e326eff61..91835c7df67 100644 --- a/src/istio/control/http/attributes_builder.cc +++ b/src/istio/control/http/attributes_builder.cc @@ -113,6 +113,14 @@ void AttributesBuilder::ExtractAuthAttributes(CheckData *check_data) { builder.AddProtoStructStringMap(utils::AttributeName::kRequestAuthClaims, claims->second.struct_value()); } + return; + } + + // Fallback to source.principal extracted from mTLS if no authentication + // filter is installed + std::string source_user; + if (check_data->GetPrincipal(true, &source_user)) { + builder.AddString(utils::AttributeName::kSourcePrincipal, source_user); } } diff --git a/src/istio/control/http/attributes_builder_test.cc b/src/istio/control/http/attributes_builder_test.cc index 236731b86c4..305fac3b44b 100644 --- a/src/istio/control/http/attributes_builder_test.cc +++ b/src/istio/control/http/attributes_builder_test.cc @@ -136,6 +136,12 @@ attributes { string_value: "/books" } } +attributes { + key: "source.principal" + value { + string_value: "test_user" + } +} )"; const char kCheckAttributes[] = R"( diff --git a/src/istio/control/http/request_handler_impl_test.cc b/src/istio/control/http/request_handler_impl_test.cc index a541666d00e..dcbbaf3d49f 100644 --- a/src/istio/control/http/request_handler_impl_test.cc +++ b/src/istio/control/http/request_handler_impl_test.cc @@ -173,7 +173,7 @@ TEST_F(RequestHandlerImplTest, TestHandlerDisabledCheck) { ::testing::NiceMock mock_header; // Report is enabled so Attributes are extracted. EXPECT_CALL(mock_data, GetSourceIpPort(_, _)).Times(1); - EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(1); + EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(2); // Check should NOT be called. EXPECT_CALL(*mock_client_, Check(_, _, _, _)).Times(0); @@ -194,7 +194,7 @@ TEST_F(RequestHandlerImplTest, TestPerRouteAttributes) { ::testing::NiceMock mock_data; ::testing::NiceMock mock_header; EXPECT_CALL(mock_data, GetSourceIpPort(_, _)).Times(1); - EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(1); + EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(2); // Check should be called. EXPECT_CALL(*mock_client_, Check(_, _, _, _)) @@ -222,7 +222,7 @@ TEST_F(RequestHandlerImplTest, TestDefaultRouteAttributes) { ::testing::NiceMock mock_data; ::testing::NiceMock mock_header; EXPECT_CALL(mock_data, GetSourceIpPort(_, _)).Times(1); - EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(1); + EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(2); // Check should be called. EXPECT_CALL(*mock_client_, Check(_, _, _, _)) @@ -255,7 +255,7 @@ TEST_F(RequestHandlerImplTest, TestRouteAttributes) { ::testing::NiceMock mock_data; ::testing::NiceMock mock_header; EXPECT_CALL(mock_data, GetSourceIpPort(_, _)).Times(1); - EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(1); + EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(2); ServiceConfig route_config; auto map3 = route_config.mutable_mixer_attributes()->mutable_attributes(); @@ -370,7 +370,7 @@ TEST_F(RequestHandlerImplTest, TestHandlerCheck) { ::testing::NiceMock mock_data; ::testing::NiceMock mock_header; EXPECT_CALL(mock_data, GetSourceIpPort(_, _)).Times(1); - EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(1); + EXPECT_CALL(mock_data, GetPrincipal(_, _)).Times(2); // Check should be called. EXPECT_CALL(*mock_client_, Check(_, _, _, _)).Times(1);