Skip to content

Commit

Permalink
Make optional
Browse files Browse the repository at this point in the history
Signed-off-by: David Alger <davidmalger@gmail.com>
  • Loading branch information
davidalger committed Feb 2, 2024
1 parent 957aef3 commit 518157d
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 12 deletions.
8 changes: 6 additions & 2 deletions api/v1alpha1/clienttrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,9 @@ type ClientTrafficPolicySpec struct {
// ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.
type ClientIPDetectionSettings struct {
// XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
XForwardedFor XForwardedForSettings `json:"xForwardedFor,omitempty"`
//
// +optional
XForwardedFor *XForwardedForSettings `json:"xForwardedFor,omitempty"`
}

// XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
Expand All @@ -100,7 +102,9 @@ type XForwardedForSettings struct {
// headers to trust when determining the origin client's IP address.
// Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
// for more details.
NumTrustedHops uint32 `json:"numTrustedHops"`
//
// +optional
NumTrustedHops *uint32 `json:"numTrustedHops,omitempty"`
}

// HTTP3Settings provides HTTP/3 configuration on the listener.
Expand Down
13 changes: 11 additions & 2 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,6 @@ spec:
for more details.
format: int32
type: integer
required:
- numTrustedHops
type: object
type: object
enableProxyProtocol:
Expand Down
8 changes: 6 additions & 2 deletions internal/ir/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions internal/xds/translator/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/golang/protobuf/ptypes/wrappers"
"google.golang.org/protobuf/types/known/anypb"
"google.golang.org/protobuf/types/known/wrapperspb"
"k8s.io/utils/ptr"

"github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/utils/protocov"
Expand Down Expand Up @@ -149,8 +150,8 @@ func (t *Translator) addXdsHTTPFilterChain(xdsListener *listenerv3.Listener, irL

// Client IP detection
var xffNumTrustedHops uint32
if irListener.ClientIPDetection != nil {
xffNumTrustedHops = irListener.ClientIPDetection.XForwardedFor.NumTrustedHops
if irListener.ClientIPDetection != nil && irListener.ClientIPDetection.XForwardedFor != nil {
xffNumTrustedHops = ptr.Deref(irListener.ClientIPDetection.XForwardedFor.NumTrustedHops, 0)
}

mgr := &hcmv3.HttpConnectionManager{
Expand Down
4 changes: 2 additions & 2 deletions site/content/en/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ _Appears in:_

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `xForwardedFor` | _[XForwardedForSettings](#xforwardedforsettings)_ | true | XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. |
| `xForwardedFor` | _[XForwardedForSettings](#xforwardedforsettings)_ | false | XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. |


#### ClientTrafficPolicy
Expand Down Expand Up @@ -2351,6 +2351,6 @@ _Appears in:_

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `numTrustedHops` | _integer_ | true | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP headers to trust when determining the origin client's IP address. Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for for more details. |
| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP headers to trust when determining the origin client's IP address. Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for for more details. |


0 comments on commit 518157d

Please sign in to comment.