NET-6821 Disable Terminating Gateway Auto Host Header Rewrite (#20802)

* disable terminating gateway auto host rewrite

* add changelog

* clean up unneeded additional snapshot fields

* add new field to docs

* squash

* fix test
This commit is contained in:
sarahalsmiller 2024-03-12 15:37:20 -05:00 committed by GitHub
parent 08bfca0193
commit 262f435800
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 226 additions and 143 deletions

3
.changelog/20802.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
connect: Add ability to disable Auto Host Header Rewrite on Terminating Gateway at the service level
```

View File

@ -1943,6 +1943,7 @@ func TestCatalog_GatewayServices_Terminating(t *testing.T) {
CertFile: "client.crt", CertFile: "client.crt",
KeyFile: "client.key", KeyFile: "client.key",
SNI: "my-alt-domain", SNI: "my-alt-domain",
DisableAutoHostRewrite: true,
}, },
}, },
}, },
@ -1972,6 +1973,7 @@ func TestCatalog_GatewayServices_Terminating(t *testing.T) {
CertFile: "api/client.crt", CertFile: "api/client.crt",
KeyFile: "api/client.key", KeyFile: "api/client.key",
SNI: "my-domain", SNI: "my-domain",
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("redis", nil), Service: structs.NewServiceName("redis", nil),
@ -1982,6 +1984,7 @@ func TestCatalog_GatewayServices_Terminating(t *testing.T) {
KeyFile: "client.key", KeyFile: "client.key",
SNI: "my-alt-domain", SNI: "my-alt-domain",
FromWildcard: true, FromWildcard: true,
AutoHostRewrite: false,
}, },
} }

View File

@ -3195,6 +3195,7 @@ func TestCatalog_GatewayServices_TerminatingGateway(t *testing.T) {
KeyFile: "api/client.key", KeyFile: "api/client.key",
SNI: "my-domain", SNI: "my-domain",
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -3204,6 +3205,7 @@ func TestCatalog_GatewayServices_TerminatingGateway(t *testing.T) {
CertFile: "", CertFile: "",
KeyFile: "", KeyFile: "",
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("redis", nil), Service: structs.NewServiceName("redis", nil),
@ -3214,6 +3216,7 @@ func TestCatalog_GatewayServices_TerminatingGateway(t *testing.T) {
KeyFile: "client.key", KeyFile: "client.key",
SNI: "my-alt-domain", SNI: "my-alt-domain",
FromWildcard: true, FromWildcard: true,
AutoHostRewrite: true,
}, },
} }
@ -3349,6 +3352,7 @@ func TestCatalog_GatewayServices_BothGateways(t *testing.T) {
Gateway: structs.NewServiceName("gateway", nil), Gateway: structs.NewServiceName("gateway", nil),
GatewayKind: structs.ServiceKindTerminatingGateway, GatewayKind: structs.ServiceKindTerminatingGateway,
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
@ -3572,12 +3576,14 @@ service "gateway" {
Gateway: structs.NewServiceName("gateway", nil), Gateway: structs.NewServiceName("gateway", nil),
GatewayKind: structs.ServiceKindTerminatingGateway, GatewayKind: structs.ServiceKindTerminatingGateway,
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db_replica", nil), Service: structs.NewServiceName("db_replica", nil),
Gateway: structs.NewServiceName("gateway", nil), Gateway: structs.NewServiceName("gateway", nil),
GatewayKind: structs.ServiceKindTerminatingGateway, GatewayKind: structs.ServiceKindTerminatingGateway,
ServiceKind: structs.GatewayServiceKindUnknown, ServiceKind: structs.GatewayServiceKindUnknown,
AutoHostRewrite: true,
}, },
} }

View File

@ -1221,6 +1221,7 @@ func TestInternal_GatewayServiceDump_Terminating(t *testing.T) {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
GatewayKind: "terminating-gateway", GatewayKind: "terminating-gateway",
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
}, },
{ {
@ -1255,6 +1256,7 @@ func TestInternal_GatewayServiceDump_Terminating(t *testing.T) {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
GatewayKind: "terminating-gateway", GatewayKind: "terminating-gateway",
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
}, },
{ {
@ -1266,6 +1268,7 @@ func TestInternal_GatewayServiceDump_Terminating(t *testing.T) {
CAFile: "/etc/certs/ca.pem", CAFile: "/etc/certs/ca.pem",
CertFile: "/etc/certs/cert.pem", CertFile: "/etc/certs/cert.pem",
KeyFile: "/etc/certs/key.pem", KeyFile: "/etc/certs/key.pem",
AutoHostRewrite: true,
}, },
}, },
} }

View File

@ -3765,6 +3765,7 @@ func terminatingConfigGatewayServices(
CAFile: svc.CAFile, CAFile: svc.CAFile,
SNI: svc.SNI, SNI: svc.SNI,
ServiceKind: kind, ServiceKind: kind,
AutoHostRewrite: !svc.DisableAutoHostRewrite,
} }
gatewayServices = append(gatewayServices, mapping) gatewayServices = append(gatewayServices, mapping)

View File

@ -5198,6 +5198,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -5208,6 +5209,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -5242,6 +5244,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -5252,6 +5255,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -5303,6 +5307,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 22, ModifyIndex: 22,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -5313,6 +5318,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 22, ModifyIndex: 22,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -5341,6 +5347,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 22, ModifyIndex: 22,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -5351,6 +5358,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 22, ModifyIndex: 22,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("redis", nil), Service: structs.NewServiceName("redis", nil),
@ -5366,6 +5374,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 23, ModifyIndex: 23,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -5394,6 +5403,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 22, ModifyIndex: 22,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -5404,6 +5414,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 22, ModifyIndex: 22,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -5436,6 +5447,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
ModifyIndex: 25, ModifyIndex: 25,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -5467,6 +5479,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
CreateIndex: 26, CreateIndex: 26,
ModifyIndex: 26, ModifyIndex: 26,
}, },
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -5477,6 +5490,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
CreateIndex: 26, CreateIndex: 26,
ModifyIndex: 26, ModifyIndex: 26,
}, },
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -5504,6 +5518,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
CreateIndex: 26, CreateIndex: 26,
ModifyIndex: 26, ModifyIndex: 26,
}, },
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -5514,6 +5529,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
CreateIndex: 26, CreateIndex: 26,
ModifyIndex: 26, ModifyIndex: 26,
}, },
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("destination1", nil), Service: structs.NewServiceName("destination1", nil),
@ -5525,6 +5541,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) {
CreateIndex: 27, CreateIndex: 27,
ModifyIndex: 27, ModifyIndex: 27,
}, },
AutoHostRewrite: true,
}, },
} }
assert.ElementsMatch(t, expectWildcardIncludesDest, out) assert.ElementsMatch(t, expectWildcardIncludesDest, out)
@ -6019,6 +6036,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) {
ModifyIndex: 19, ModifyIndex: 19,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -6040,6 +6058,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) {
CreateIndex: 20, CreateIndex: 20,
ModifyIndex: 20, ModifyIndex: 20,
}, },
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -6050,6 +6069,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) {
CreateIndex: 20, CreateIndex: 20,
ModifyIndex: 20, ModifyIndex: 20,
}, },
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -6077,6 +6097,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) {
CreateIndex: 19, CreateIndex: 19,
ModifyIndex: 20, ModifyIndex: 20,
}, },
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -6097,6 +6118,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) {
CreateIndex: 20, CreateIndex: 20,
ModifyIndex: 20, ModifyIndex: 20,
}, },
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -7016,6 +7038,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
// Read everything back. // Read everything back.
ws = memdb.NewWatchSet() ws = memdb.NewWatchSet()
idx, out, err := s.DumpGatewayServices(ws) idx, out, err := s.DumpGatewayServices(ws)
fmt.Println(out)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, idx, uint64(21)) assert.Equal(t, idx, uint64(21))
assert.Len(t, out, 2) assert.Len(t, out, 2)
@ -7034,6 +7057,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -7044,6 +7068,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -7077,6 +7102,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
assert.False(t, watchFired(ws)) assert.False(t, watchFired(ws))
idx, out, err := s.DumpGatewayServices(ws) idx, out, err := s.DumpGatewayServices(ws)
fmt.Println(out)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, idx, uint64(21)) assert.Equal(t, idx, uint64(21))
assert.Len(t, out, 2) assert.Len(t, out, 2)
@ -7095,6 +7121,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -7105,6 +7132,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -7135,6 +7163,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -7145,6 +7174,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("redis", nil), Service: structs.NewServiceName("redis", nil),
@ -7160,6 +7190,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 22, ModifyIndex: 22,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -7190,6 +7221,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("db", nil), Service: structs.NewServiceName("db", nil),
@ -7200,6 +7232,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 21, ModifyIndex: 21,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -7234,6 +7267,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 24, ModifyIndex: 24,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
} }
assert.Equal(t, expect, out) assert.Equal(t, expect, out)
@ -7292,6 +7326,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) {
ModifyIndex: 24, ModifyIndex: 24,
}, },
ServiceKind: structs.GatewayServiceKindService, ServiceKind: structs.GatewayServiceKindService,
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("api", nil), Service: structs.NewServiceName("api", nil),

View File

@ -772,6 +772,7 @@ func TestStore_ServiceDefaults_Kind_Destination_Wildcard(t *testing.T) {
CreateIndex: 8, CreateIndex: 8,
ModifyIndex: 8, ModifyIndex: 8,
}, },
AutoHostRewrite: true,
}, },
} }
require.Equal(t, expected, gatewayServices) require.Equal(t, expected, gatewayServices)
@ -819,6 +820,7 @@ func TestStore_ServiceDefaults_Kind_Destination_Wildcard(t *testing.T) {
CreateIndex: 7, CreateIndex: 7,
ModifyIndex: 7, ModifyIndex: 7,
}, },
AutoHostRewrite: true,
}, },
} }
require.Equal(t, expected, gatewayServices) require.Equal(t, expected, gatewayServices)
@ -843,6 +845,7 @@ func TestStore_ServiceDefaults_Kind_Destination_Wildcard(t *testing.T) {
CreateIndex: 7, CreateIndex: 7,
ModifyIndex: 9, ModifyIndex: 9,
}, },
AutoHostRewrite: true,
}, },
} }
require.Equal(t, expected, gatewayServices) require.Equal(t, expected, gatewayServices)

View File

@ -162,18 +162,22 @@ func TestConfigSnapshotTerminatingGateway(t testing.T, populateServices bool, ns
&structs.GatewayService{ &structs.GatewayService{
Service: web, Service: web,
CAFile: "ca.cert.pem", CAFile: "ca.cert.pem",
AutoHostRewrite: true,
}, },
&structs.GatewayService{ &structs.GatewayService{
Service: api, Service: api,
CAFile: "ca.cert.pem", CAFile: "ca.cert.pem",
CertFile: "api.cert.pem", CertFile: "api.cert.pem",
KeyFile: "api.key.pem", KeyFile: "api.key.pem",
AutoHostRewrite: true,
}, },
&structs.GatewayService{ &structs.GatewayService{
Service: db, Service: db,
AutoHostRewrite: true,
}, },
&structs.GatewayService{ &structs.GatewayService{
Service: cache, Service: cache,
AutoHostRewrite: true,
}, },
) )
@ -361,24 +365,29 @@ func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDesti
&structs.GatewayService{ &structs.GatewayService{
Service: externalIPTCP, Service: externalIPTCP,
ServiceKind: structs.GatewayServiceKindDestination, ServiceKind: structs.GatewayServiceKindDestination,
AutoHostRewrite: true,
}, },
&structs.GatewayService{ &structs.GatewayService{
Service: externalHostnameTCP, Service: externalHostnameTCP,
ServiceKind: structs.GatewayServiceKindDestination, ServiceKind: structs.GatewayServiceKindDestination,
AutoHostRewrite: true,
}, },
&structs.GatewayService{ &structs.GatewayService{
Service: externalIPHTTP, Service: externalIPHTTP,
ServiceKind: structs.GatewayServiceKindDestination, ServiceKind: structs.GatewayServiceKindDestination,
AutoHostRewrite: true,
}, },
&structs.GatewayService{ &structs.GatewayService{
Service: externalHostnameHTTP, Service: externalHostnameHTTP,
ServiceKind: structs.GatewayServiceKindDestination, ServiceKind: structs.GatewayServiceKindDestination,
AutoHostRewrite: true,
}, },
&structs.GatewayService{ &structs.GatewayService{
Service: externalHostnameWithSNI, Service: externalHostnameWithSNI,
ServiceKind: structs.GatewayServiceKindDestination, ServiceKind: structs.GatewayServiceKindDestination,
CAFile: "cert.pem", CAFile: "cert.pem",
SNI: "api.test.com", SNI: "api.test.com",
AutoHostRewrite: true,
}, },
) )
@ -716,6 +725,7 @@ func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot {
Service: structs.NewServiceName("web", nil), Service: structs.NewServiceName("web", nil),
CAFile: "ca.cert.pem", CAFile: "ca.cert.pem",
SNI: "foo.com", SNI: "foo.com",
AutoHostRewrite: true,
}, },
{ {
Service: structs.NewServiceName("api", nil), Service: structs.NewServiceName("api", nil),
@ -723,6 +733,7 @@ func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot {
CertFile: "api.cert.pem", CertFile: "api.cert.pem",
KeyFile: "api.key.pem", KeyFile: "api.key.pem",
SNI: "bar.com", SNI: "bar.com",
AutoHostRewrite: true,
}, },
}, },
}, },
@ -741,6 +752,7 @@ func TestConfigSnapshotTerminatingGatewayHTTP2(t testing.T) *ConfigSnapshot {
{ {
Service: web, Service: web,
CAFile: "ca.cert.pem", CAFile: "ca.cert.pem",
AutoHostRewrite: true,
}, },
}, },
}, },
@ -801,6 +813,7 @@ func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2(t testing.T) *ConfigSnapsh
{ {
Service: web, Service: web,
CAFile: "ca.cert.pem", CAFile: "ca.cert.pem",
AutoHostRewrite: true,
}, },
}, },
}, },

View File

@ -518,6 +518,9 @@ type LinkedService struct {
// SNI is the optional name to specify during the TLS handshake with a linked service // SNI is the optional name to specify during the TLS handshake with a linked service
SNI string `json:",omitempty"` SNI string `json:",omitempty"`
//DisableAutoHostRewrite disables terminating gateways auto host rewrite feature when set to true.
DisableAutoHostRewrite bool `json:",omitempty"`
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
} }
@ -668,6 +671,7 @@ type GatewayService struct {
FromWildcard bool `json:",omitempty"` FromWildcard bool `json:",omitempty"`
ServiceKind GatewayServiceKind `json:",omitempty"` ServiceKind GatewayServiceKind `json:",omitempty"`
RaftIndex RaftIndex
AutoHostRewrite bool `json:",omitempty"`
} }
type GatewayServices []*GatewayService type GatewayServices []*GatewayService
@ -723,6 +727,7 @@ func (g *GatewayService) Clone() *GatewayService {
FromWildcard: g.FromWildcard, FromWildcard: g.FromWildcard,
RaftIndex: g.RaftIndex, RaftIndex: g.RaftIndex,
ServiceKind: g.ServiceKind, ServiceKind: g.ServiceKind,
AutoHostRewrite: g.AutoHostRewrite,
} }
} }

View File

@ -158,11 +158,13 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config
"error", err, "error", err,
) )
} }
service := cfgSnap.TerminatingGateway.GatewayServices[svc]
autoHostRewrite := service.AutoHostRewrite
if !structs.IsProtocolHTTPLike(cfg.Protocol) { if !structs.IsProtocolHTTPLike(cfg.Protocol) {
// Routes can only be defined for HTTP services // Routes can only be defined for HTTP services
continue continue
} }
routes, err := s.makeRoutes(cfgSnap, svc, clusterName, true) routes, err := s.makeRoutes(cfgSnap, svc, clusterName, autoHostRewrite)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -231,7 +233,7 @@ func (s *ResourceGenerator) makeRoutes(
// If there is a service-resolver for this service then also setup routes for each subset // If there is a service-resolver for this service then also setup routes for each subset
for name := range resolver.Subsets { for name := range resolver.Subsets {
clusterName = connect.ServiceSNI(svc.Name, name, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) clusterName = connect.ServiceSNI(svc.Name, name, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, true) route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, autoHostRewrite)
if err != nil { if err != nil {
s.Logger.Error("failed to make route", "cluster", clusterName, "error", err) s.Logger.Error("failed to make route", "cluster", clusterName, "error", err)
return nil, err return nil, err

View File

@ -195,6 +195,9 @@ type TerminatingGatewayConfigEntry struct {
type LinkedService struct { type LinkedService struct {
// Referencing other partitions is not supported. // Referencing other partitions is not supported.
//DisableAutoHostRewrite disables terminating gateways auto host rewrite feature when set to true.
DisableAutoHostRewrite bool `json:",omitempty"`
// Namespace is where the service is registered. // Namespace is where the service is registered.
Namespace string `json:",omitempty"` Namespace string `json:",omitempty"`

View File

@ -679,6 +679,12 @@ spec:
`An optional hostname or domain name to specify during the TLS handshake. This option will also configure [strict SAN matching](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-certificatevalidationcontext-match-typed-subject-alt-names), which requires `An optional hostname or domain name to specify during the TLS handshake. This option will also configure [strict SAN matching](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-certificatevalidationcontext-match-typed-subject-alt-names), which requires
the external services to have certificates with SANs, not having which will result in \`CERTIFICATE_VERIFY_FAILED\` error.`, the external services to have certificates with SANs, not having which will result in \`CERTIFICATE_VERIFY_FAILED\` error.`,
}, },
{
name: 'DisableAutoHostRewrite',
type: 'bool: ""',
description:
'When set to true, Terminating Gateway will not modify the incoming requests host header for this service.',
},
], ],
}, },
]} ]}