Skip to content

policy: Fix proxy listener and priority with auth rules #35381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 18, 2024
Merged

policy: Fix proxy listener and priority with auth rules #35381

merged 1 commit into from
Oct 18, 2024

Conversation

jrajahalme
Copy link
Member

Properly inherit listener name and priority from the L3-wildcard rule to L3 rule when auth types are different between them.

Fixes: #26331

Policy properly propagates proxy listener name and priority from a L3 wildcard rule with policies requiring authentication.

@jrajahalme jrajahalme added release-note/bug This PR fixes an issue in a previous release of Cilium. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies. needs-backport/1.16 This PR / issue needs backporting to the v1.16 branch labels Oct 13, 2024
@jrajahalme jrajahalme requested a review from a team as a code owner October 13, 2024 07:45
@jrajahalme jrajahalme requested a review from derailed October 13, 2024 07:45
@jrajahalme
Copy link
Member Author

/test

doniacld
doniacld approved these changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@doniacld doniacld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm!

@jrajahalme
policy: Fix proxy listener and priority with auth rules
6c7fa44 
Properly inherit listener name and priority from the L3-wildcard rule to
L3 rule when auth types are different between them.

Fixes: cilium#26331

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme jrajahalme force-pushed the policy-compute-wildcard-once branch from 805b6a5 to 6c7fa44 Compare October 15, 2024 17:28
@jrajahalme
Copy link
Member Author

/test

@jrajahalme jrajahalme enabled auto-merge October 15, 2024 17:40
derailed
derailed approved these changes Oct 16, 2024
View reviewed changes
Copy link
Contributor

@derailed derailed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jrajahalme Nice catch!

@jrajahalme jrajahalme added this pull request to the merge queue Oct 16, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Oct 16, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 16, 2024
@squeed squeed added this pull request to the merge queue Oct 18, 2024
Merged via the queue into cilium:main with commit 8549f07 Oct 18, 2024
63 checks passed
@tklauser tklauser mentioned this pull request Oct 22, 2024
Merged
10 tasks
@tklauser tklauser added backport-pending/1.16 The backport for Cilium 1.16.x for this PR is in progress. and removed needs-backport/1.16 This PR / issue needs backporting to the v1.16 branch labels Oct 22, 2024
@github-actions github-actions bot added backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. and removed backport-pending/1.16 The backport for Cilium 1.16.x for this PR is in progress. labels Oct 22, 2024
@cilium-release-bot cilium-release-bot bot mentioned this pull request Nov 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derailed derailed derailed approved these changes

@squeed squeed squeed approved these changes

+1 more reviewer

@doniacld doniacld doniacld approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
backport-done/1.16 The backport for Cilium 1.16.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jrajahalme @derailed @squeed @doniacld @tklauser