Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for XFF/TLS headers #284

Merged
merged 1 commit into from
Mar 24, 2023
Merged

feat: Add support for XFF/TLS headers #284

merged 1 commit into from
Mar 24, 2023

Conversation

Jarodiv
Copy link
Contributor

@Jarodiv Jarodiv commented Mar 20, 2023
edited by antonbabenko
Loading

Description

hashicorp/terraform-provider-aws/pull/29792

Motivation and Context

hashicorp/terraform-provider-aws/pull/29792
Fixes #283

Breaking Changes

none

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

@antonbabenko antonbabenko merged commit 2d7fcb9 into terraform-aws-modules:master Mar 24, 2023
antonbabenko pushed a commit that referenced this pull request Mar 24, 2023
@semantic-release-bot
chore(release): version 8.6.0 [skip ci]
b8b73cc 
## [8.6.0](v8.5.0...v8.6.0) (2023-03-24)

### Features

* Add support for XFF/TLS headers ([#284](#284)) ([2d7fcb9](2d7fcb9))
@antonbabenko
Copy link
Member

This PR is included in version 8.6.0 🎉

@antonbabenko antonbabenko mentioned this pull request Mar 24, 2023
Closed
@Prasad1826
Copy link

Prasad1826 commented Mar 29, 2023
edited
Loading

enable_xff_client_port default to true is a breaking change for apps that rely on x-forwarded-for as its now including port by default

@Prasad1826 Prasad1826 mentioned this pull request Mar 29, 2023
Closed
@falc410
Copy link

falc410 commented Mar 29, 2023

While I like to see new features begin added to the module, I don't like that with each version the default values changes. Until now enable_xff_client_port was not set / set to false but now it is automatically set to true which will make changes to our existing, production environment. If you add new features, can you please set the default to disabled so that there are no changes for existing users. If someone needs this setting, they can manually enable it then.

@antonbabenko
Copy link
Member

@falc410 enable_xff_client_port has true by default in the Terraform AWS provider, so you will have to specify the changes in your IaC configuration or pin version of this module to accept only patches (not minor releases, like this one was).

@falc410
Copy link

falc410 commented Mar 31, 2023

@antonbabenko Thanks for the reply. That is interesting to know, because according to the AWS documentation it should default to false, see https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_LoadBalancerAttribute.html

routing.http.xff_client_port.enabled - Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false

@nunofernandes
Copy link

@falc410 , that's the AWS API.. On the terraform-aws-provider it's set to true. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb:

enable_xff_client_port - (Optional) Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to true.

@bryantbiggs
Copy link
Member

@falc410 raise an issue on the AWS provider - they could add this to v5 to have it set to false by default. In general, the provider should match the underlying API and its default settings (unless there are strong reasons to deviate)

@Jarodiv
Copy link
Contributor Author

Jarodiv commented Mar 31, 2023

To add my two cents, as the contributor of that change:

@antonbabenko already pointed it out, I indeed did follow the Terraform implementation. I'm aware that they changed the default but since this module basically is a wrapper for the Terraform resources, I decided that it should behave the same way in the interest of transparency.

@github-actions
Copy link

github-actions bot commented May 1, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 1, 2023
@Jarodiv Jarodiv deleted the feat/support_xff_tls_headers branch May 1, 2023 21:36
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ALB attributes. Add XFF/TLS headers support
6 participants
@Jarodiv @antonbabenko @Prasad1826 @falc410 @nunofernandes @bryantbiggs