Skip to content

Commit

Permalink
generate hash with policy UID
Browse files Browse the repository at this point in the history
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
  • Loading branch information
zhaohuabing committed Feb 22, 2024
1 parent b84c92e commit e83b3bf
Show file tree
Hide file tree
Showing 7 changed files with 12 additions and 9 deletions.
9 changes: 2 additions & 7 deletions internal/gatewayapi/securitypolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -495,16 +495,11 @@ func (t *Translator) buildOIDC(
logoutPath = *oidc.LogoutPath
}

nsName := types.NamespacedName{
Namespace: policy.GetNamespace(),
Name: policy.GetName(),
}
h := fnv.New32a()
_, err = h.Write([]byte(nsName.String()))
if err != nil {
if _, err = h.Write([]byte(policy.UID)); err != nil {
return nil, fmt.Errorf("error generating oauth cookie suffix: %w", err)
}
suffix := strconv.Itoa(int(h.Sum32()))
suffix := fmt.Sprintf("%X", h.Sum32())

return &ir.OIDC{
Provider: *provider,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ securityPolicies:
metadata:
namespace: default
name: policy-non-exist-secretRef
uid: b8284d0f-de82-4c65-b204-96a0d3f258a1
spec:
targetRef:
group: gateway.networking.k8s.io
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ securityPolicies:
creationTimestamp: null
name: policy-non-exist-secretRef
namespace: default
uid: b8284d0f-de82-4c65-b204-96a0d3f258a1
spec:
oidc:
clientID: client1.apps.foo.bar.com
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ securityPolicies:
metadata:
namespace: default
name: policy-non-exist-secretRef
uid: b8284d0f-de82-4c65-b204-96a0d3f258a1
spec:
targetRef:
group: gateway.networking.k8s.io
Expand All @@ -81,6 +82,7 @@ securityPolicies:
metadata:
namespace: default
name: policy-no-referenceGrant
uid: 08335a80-83ba-4592-888f-6ac0bba44ce4
spec:
targetRef:
group: gateway.networking.k8s.io
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ securityPolicies:
creationTimestamp: null
name: policy-non-exist-secretRef
namespace: default
uid: b8284d0f-de82-4c65-b204-96a0d3f258a1
spec:
oidc:
clientID: client1.apps.googleusercontent.com
Expand Down Expand Up @@ -200,6 +201,7 @@ securityPolicies:
creationTimestamp: null
name: policy-no-referenceGrant
namespace: default
uid: 08335a80-83ba-4592-888f-6ac0bba44ce4
spec:
oidc:
clientID: client1.apps.googleusercontent.com
Expand Down
2 changes: 2 additions & 0 deletions internal/gatewayapi/testdata/securitypolicy-with-oidc.in.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ securityPolicies:
metadata:
namespace: envoy-gateway
name: policy-for-gateway-discover-endpoints # This policy should attach httproute-2
uid: b8284d0f-de82-4c65-b204-96a0d3f258a1
spec:
targetRef:
group: gateway.networking.k8s.io
Expand All @@ -99,6 +100,7 @@ securityPolicies:
metadata:
namespace: default
name: policy-for-http-route # This policy should attach httproute-1
uid: 08335a80-83ba-4592-888f-6ac0bba44ce4
spec:
targetRef:
group: gateway.networking.k8s.io
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ xdsIR:
oidc:
clientID: client2.oauth.foo.com
clientSecret: Y2xpZW50MTpzZWNyZXQK
cookieSuffix: "1667669650"
cookieSuffix: 5F93C2E4
logoutPath: /foo/logout
provider:
authorizationEndpoint: https://oauth.foo.com/oauth2/v2/auth
Expand Down Expand Up @@ -262,7 +262,7 @@ xdsIR:
oidc:
clientID: client1.apps.googleusercontent.com
clientSecret: Y2xpZW50MTpzZWNyZXQK
cookieSuffix: "2003913538"
cookieSuffix: B0A1B740
logoutPath: /bar/logout
provider:
authorizationEndpoint: https://accounts.google.com/o/oauth2/v2/auth
Expand Down

0 comments on commit e83b3bf

Please sign in to comment.