Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: rewrite Host header in dex round tripper #13500

Merged
merged 2 commits into from
May 9, 2023

Conversation

okhaliavka
Copy link
Contributor

@okhaliavka okhaliavka commented May 9, 2023

Fixes #3975

In Istio, HTTP traffic is routed to a cluster based on Host header. Dex reverse proxy does not rewrite Host header, so traffic does not get routed to argocd-dex-server cluster and no cluster-level configuration (e.g. mTLS) is applied. Because of this, request to dex-server fails in environments where strict mTLS is enabled or where outbound traffic policy is set to REGISTRY_ONLY.

PR #6183 didn't fix the issue because I missed that we also have to rewrite host header in DexRewriteURLRoundTripper and screwed up my testing somehow. This time I tested it more thoroughly and looks like this should finally fix the problem.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • Optional. My organization is added to USERS.md.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.

Please see Contribution FAQs if you have questions about your pull-request.

okhaliavka and others added 2 commits May 9, 2023 04:31
Signed-off-by: Oleksii Khaliavka <khalyavka.alexey@gmail.com>
@codecov
Copy link

codecov bot commented May 9, 2023

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (42bdb5a) 49.19% compared to head (a968673) 49.20%.

Additional details and impacted files
@@           Coverage Diff           @@
##           master   #13500   +/-   ##
=======================================
  Coverage   49.19%   49.20%           
=======================================
  Files         248      248           
  Lines       42908    42909    +1     
=======================================
+ Hits        21109    21113    +4     
+ Misses      19684    19682    -2     
+ Partials     2115     2114    -1     
Impacted Files Coverage Δ
util/dex/dex.go 58.02% <100.00%> (+0.52%) ⬆️

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

Copy link
Collaborator

@alexmt alexmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@alexmt alexmt merged commit 4484ce8 into argoproj:master May 9, 2023
yyzxw pushed a commit to yyzxw/argo-cd that referenced this pull request Aug 9, 2023
Signed-off-by: Oleksii Khaliavka <khalyavka.alexey@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Failed to query provider "https://argocd-host/api/dex": 502 Bad Gateway:
2 participants