address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
envoyproxy · May 1, 2024 · 4324772 · 4324772
1 parent f8017db
commit 4324772
Show file tree

Hide file tree

Showing 13 changed files with 28 additions and 28 deletions.
diff --git a/api/v1alpha1/basic_auth_types.go b/api/v1alpha1/basic_auth_types.go
@@ -30,5 +30,5 @@ type BasicAuth struct {
 
 	// The name of the HTTP header that will be used to forward the username to the upstream server.
 	// +optional
-	ForwardUsernameHeader *gwapiv1.HeaderName `json:"forwardUsernameHeader,omitempty"`
+	UserNameToHeader *gwapiv1.HeaderName `json:"userNameToHeader,omitempty"`
 }
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -53,7 +53,7 @@ spec:
                 description: BasicAuth defines the configuration for the HTTP Basic
                   Authentication.
                 properties:
-                  forwardUsernameHeader:
+                  userNameToHeader:
                     description: The name of the HTTP header that will be used to
                       forward the username to the upstream server.
                     maxLength: 256

diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go
@@ -735,10 +735,10 @@ func (t *Translator) buildBasicAuth(
 	resources *Resources,
 ) (*ir.BasicAuth, error) {
 	var (
-		basicAuth             = policy.Spec.BasicAuth
-		usersSecret           *v1.Secret
-		forwardUsernameHeader *string
-		err                   error
+		basicAuth        = policy.Spec.BasicAuth
+		usersSecret      *v1.Secret
+		userNameToHeader *string
+		err              error
 	)
 
 	from := crossNamespaceFrom{
@@ -758,14 +758,14 @@ func (t *Translator) buildBasicAuth(
 			usersSecret.Namespace, usersSecret.Name)
 	}
 
-	if basicAuth.ForwardUsernameHeader != nil {
-		forwardUsernameHeader = (*string)(ptr.To(*basicAuth.ForwardUsernameHeader))
+	if basicAuth.UserNameToHeader != nil {
+		userNameToHeader = (*string)(ptr.To(*basicAuth.UserNameToHeader))
 	}
 
 	return &ir.BasicAuth{
-		Name:                  irConfigName(policy),
-		Users:                 usersSecretBytes,
-		ForwardUsernameHeader: forwardUsernameHeader,
+		Name:             irConfigName(policy),
+		Users:            usersSecretBytes,
+		UserNameToHeader: userNameToHeader,
 	}, nil
 }
 

diff --git a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.in.yaml
@@ -88,7 +88,7 @@ securityPolicies:
       basicAuth:
         users:
           name: "users-secret1"
-        forwardUsernameHeader: x-basic-auth-user
+        userNameToHeader: x-basic-auth-user
   - apiVersion: gateway.envoyproxy.io/v1alpha1
     kind: SecurityPolicy
     metadata:

diff --git a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml
@@ -147,7 +147,7 @@ securityPolicies:
     namespace: default
   spec:
     basicAuth:
-      forwardUsernameHeader: x-basic-auth-user
+      userNameToHeader: x-basic-auth-user
       users:
         group: null
         kind: null
@@ -246,7 +246,7 @@ xdsIR:
           prefix: /foo1
         security:
           basicAuth:
-            forwardUsernameHeader: x-basic-auth-user
+            userNameToHeader: x-basic-auth-user
             name: securitypolicy/default/policy-for-http-route-1
             users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
       - backendWeights:
@@ -270,7 +270,7 @@ xdsIR:
           prefix: /foo2
         security:
           basicAuth:
-            forwardUsernameHeader: x-basic-auth-user
+            userNameToHeader: x-basic-auth-user
             name: securitypolicy/default/policy-for-http-route-1
             users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
       - backendWeights:

diff --git a/internal/ir/xds.go b/internal/ir/xds.go
@@ -668,7 +668,7 @@ type BasicAuth struct {
 	Users []byte `json:"users,omitempty" yaml:"users,omitempty"`
 
 	// The HTTP header field that will be used to send the extracted username to the backend.
-	ForwardUsernameHeader *string `json:"forwardUsernameHeader,omitempty" yaml:"forwardUsernameHeader,omitempty"`
+	UserNameToHeader *string `json:"userNameToHeader,omitempty" yaml:"userNameToHeader,omitempty"`
 }
 
 // ExtAuth defines the schema for the external authorization.

diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
diff --git a/internal/xds/translator/basicauth.go b/internal/xds/translator/basicauth.go
@@ -54,9 +54,9 @@ func (*basicAuth) patchHCM(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTTP
 	for _, route := range irListener.Routes {
 		if route.Security != nil && route.Security.BasicAuth != nil {
 			irBasicAuth = route.Security.BasicAuth
-			// if any route has a ForwardUsernameHeader set, forward it.
-			if irBasicAuth.ForwardUsernameHeader != nil {
-				userNameToHeader = irBasicAuth.ForwardUsernameHeader
+			// if any route has a UserNameToHeader set, forward it.
+			if irBasicAuth.UserNameToHeader != nil {
+				userNameToHeader = irBasicAuth.UserNameToHeader
 			}
 		}
 	}

diff --git a/internal/xds/translator/testdata/in/xds-ir/basic-auth.yaml b/internal/xds/translator/testdata/in/xds-ir/basic-auth.yaml
@@ -32,7 +32,7 @@ http:
       basicAuth:
         name: securitypolicy/default/policy-for-http-route-1
         users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
-        forwardUsernameHeader: x-basic-auth-user
+        userNameToHeader: x-basic-auth-user
   - name: httproute/default/httproute-1/rule/1/match/0/www_foo_com
     backendWeights:
     hostname: www.foo.com
@@ -56,7 +56,7 @@ http:
       basicAuth:
         name: securitypolicy/default/policy-for-http-route-1
         users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
-        forwardUsernameHeader: x-basic-auth-user
+        userNameToHeader: x-basic-auth-user
   - name: httproute/default/httproute-2/rule/0/match/0/www_bar_com
     hostname: www.bar.com
     isHTTP2: false

diff --git a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
@@ -20,7 +20,7 @@
             '@type': type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuth
             forwardUsernameHeader: x-basic-auth-user
             users:
-              inlineBytes: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
+              inlineBytes: Zm9vOntTSEF9WXMyM0FnLzVJT1dxWkN3OVFHYVZEZEh3SDAwPQpmb28xOntTSEF9ZGpaMTFxSFkwS09pamV5bUs3YUt2WXV2aHZNPQo=
         - name: envoy.filters.http.router
           typedConfig:
             '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router

diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
@@ -298,7 +298,7 @@ _Appears in:_
 | Field | Type | Required | Description |
 | ---   | ---  | ---      | ---         |
 | `users` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ |  true  | The Kubernetes secret which contains the username-password pairs in<br />htpasswd format, used to verify user credentials in the "Authorization"<br />header.<br /><br />This is an Opaque secret. The username-password pairs should be stored in<br />the key ".htpasswd". As the key name indicates, the value needs to be the<br />htpasswd format, for example: "user1:{SHA}hashed_user1_password".<br />Right now, only SHA hash algorithm is supported.<br />Reference to https://httpd.apache.org/docs/2.4/programs/htpasswd.html<br />for more details.<br /><br />Note: The secret must be in the same namespace as the SecurityPolicy. |
-| `forwardUsernameHeader` | _[HeaderName](#headername)_ |  false  | The name of the HTTP header that will be used to forward the username to the upstream server. |
+| `userNameToHeader` | _[HeaderName](#headername)_ |  false  | The name of the HTTP header that will be used to forward the username to the upstream server. |
 
 
 #### BootstrapType

diff --git a/test/e2e/testdata/basic-auth.yaml b/test/e2e/testdata/basic-auth.yaml
@@ -63,7 +63,7 @@ spec:
   basicAuth:
     users:
       name: "basic-auth-users-secret-1"
-    forwardUsernameHeader: x-basic-auth-user
+    userNameToHeader: x-basic-auth-user
 ---
 apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: SecurityPolicy