-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add AcceptResponseHandler to modify accepted responses #196
Conversation
Pull Request Test Coverage Report for Build 5671825655Warning: This coverage report may be inaccurate.We've detected an issue with your CI configuration that might affect the accuracy of this pull request's coverage report.
💛 - Coveralls |
pkg/smokescreen/config.go
Outdated
@@ -82,6 +82,9 @@ type Config struct { | |||
// Customer handler to allow clients to modify reject responses | |||
RejectResponseHandler func(*http.Response) | |||
|
|||
// Customer handler to allow clients to modify accept responses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading this I'm wondering if the comment was supposed to say "custom" 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably!
@@ -541,10 +541,13 @@ func BuildProxy(config *Config) *goproxy.ProxyHttpServer { | |||
proxy.OnResponse().DoFunc(func(resp *http.Response, pctx *goproxy.ProxyCtx) *http.Response { | |||
sctx := pctx.UserData.(*smokescreenContext) | |||
|
|||
if resp != nil && resp.Header.Get(errorHeader) != "" { | |||
if pctx.Error == nil && sctx.decision.allow { | |||
if resp != nil && pctx.Error == nil && sctx.decision.allow { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we actually want to keep these conditionals the same, or hoist up the error header check outside of this if
.
We're trying to delete any response headers that we didn't set (e.g. the upstream server could set a fake X-Smokescreen-Error
header), but I think we'll miss that deletion with this change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I see how the deletion logic changes? We're replacing
if a && b {
if c && d {
<delete>
}
}
with
if a && c && d {
if b {
<delete>
}
}
Either way, all four conditionals have to be true for the header to be deleted
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh whoops you're right! it's too early 🥲
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:awake-but-at-what-cost:
* add a custom interface for the resolver instead of forcing *net.Resolver (stripe#187) * feature/add prometheus metrics (stripe#179) * STORY-25143 - Add prometheus metrics to smokescreen * STORY-25143 - Cleanup * STORY-25143 - Fix tests to compare new metric labels * STORY-25143 - Host prometheus endpoint on separate port * STORY-25143 - Use value provided via command line flag * STORY-25143 - Add prometheus timing metrics * STORY-25143 - Fix nil map assignment and prometheus metric name sanitisation * STORY-25143 - Cleanup comments * STORY-25143 - Remove some repetition + add further unit testing * STORY-25143 - Document new prometheus features in README + add port flag to prometheus config * STORY-25143 - Make PR requested changes: * Don't export metrics list * Follow project sytlistic choices * STORY-25143 - Rename only one receiver * STORY-25143 - Add new `--expose-prometheus-metrics` flag to CLI to toggle exposing prometheus metrics * Small cleanup of timer metrics * Fix go module vendoring * Use ElementsMatch to ignore order * Just use require * Move the custom request handler call after the main acl check * Use local server instead of httpbin (stripe#192) * Do not return a denyError for DNS resolution failures (stripe#194) * dont return denial errors for dns resolution failures * fix test * move DNSError check into net.Error assertion, extend test * fix integration test * add AcceptResponseHandler to modify accepted responses (stripe#196) * add AcceptResponseHandler to modify accepted responses * customer->custom * Update docs to clarify global_deny_list (stripe#197) * update docs to clarify global_deny_list behavior * consistent example domain * be more concise * Use AcceptResponseHandler in goproxy https CONNECT hook (stripe#199) * pipe AcceptResponseHandler into new goproxy hook * update comment * go mod vendor * unit test * use smokescreenctx in acceptresponsehandler * fix unit tests * Export SmokescreenContext type (stripe#200) * export SmokescreenContext type * also export AclDecision * ResolvedAddr too * consistent caps * Update pkg/smokescreen/smokescreen.go Co-authored-by: jjiang-stripe <55402658+jjiang-stripe@users.noreply.github.com> * export Decision --------- Co-authored-by: jjiang-stripe <55402658+jjiang-stripe@users.noreply.github.com> * generate new test pki (stripe#206) * allow listen address specification for prom (stripe#203) * Bump golang.org/x/net from 0.7.0 to 0.17.0 (stripe#204) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.7.0 to 0.17.0. - [Commits](golang/net@v0.7.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * bump go versions (stripe#207) * update dependency * configure addr in smokescreen and add unit test * use fmt * try this workaround * variable name change * Update docs to disambiguate ACL vs --deny-address behavior (stripe#210) * update docs to clarify how IP filtering works --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: JulesD <JulesDT@users.noreply.github.com> Co-authored-by: Josh McConnell <josh.mcconnell465@gmail.com> Co-authored-by: Kevin Vincent <kevinv@stripe.com> Co-authored-by: kevinv-stripe <102822342+kevinv-stripe@users.noreply.github.com> Co-authored-by: Sergey Rud <sergeyrud@stripe.com> Co-authored-by: cmoresco-stripe <106690468+cmoresco-stripe@users.noreply.github.com> Co-authored-by: Craig Shannon <cds@stripe.com> Co-authored-by: jjiang-stripe <55402658+jjiang-stripe@users.noreply.github.com> Co-authored-by: Timofey Bakunin <36561672+ne-bknn@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuxi Xie <xieyuxi@stripe.com> Co-authored-by: xieyuxi-stripe <141708814+xieyuxi-stripe@users.noreply.github.com>
* add AcceptResponseHandler to modify accepted responses * customer->custom
This change adds an AcceptReponseHandler to the config, which provides a hook to modify an accepted CONNECT response before it is returned to the client. This complements the existing RejectResponseHandler.