Skip to content

Commit 70df39b

Browse files
authored
Merge pull request #1136 from jnevelson/invalid_header_attribute
Add ALB attribute to configure dropping invalid headers
2 parents 2560c81 + f83567d commit 70df39b

File tree

2 files changed

+55
-25
lines changed

2 files changed

+55
-25
lines changed

internal/alb/lb/attributes.go

Lines changed: 35 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -13,19 +13,21 @@ import (
1313
)
1414

1515
const (
16-
DeletionProtectionEnabledKey = "deletion_protection.enabled"
17-
AccessLogsS3EnabledKey = "access_logs.s3.enabled"
18-
AccessLogsS3BucketKey = "access_logs.s3.bucket"
19-
AccessLogsS3PrefixKey = "access_logs.s3.prefix"
20-
IdleTimeoutTimeoutSecondsKey = "idle_timeout.timeout_seconds"
21-
RoutingHTTP2EnabledKey = "routing.http2.enabled"
22-
23-
DeletionProtectionEnabled = false
24-
AccessLogsS3Enabled = false
25-
AccessLogsS3Bucket = ""
26-
AccessLogsS3Prefix = ""
27-
IdleTimeoutTimeoutSeconds = 60
28-
RoutingHTTP2Enabled = true
16+
DeletionProtectionEnabledKey = "deletion_protection.enabled"
17+
AccessLogsS3EnabledKey = "access_logs.s3.enabled"
18+
AccessLogsS3BucketKey = "access_logs.s3.bucket"
19+
AccessLogsS3PrefixKey = "access_logs.s3.prefix"
20+
IdleTimeoutTimeoutSecondsKey = "idle_timeout.timeout_seconds"
21+
RoutingHTTP2EnabledKey = "routing.http2.enabled"
22+
DropInvalidHeaderFieldsEnabledKey = "routing.http.drop_invalid_header_fields.enabled"
23+
24+
DeletionProtectionEnabled = false
25+
AccessLogsS3Enabled = false
26+
AccessLogsS3Bucket = ""
27+
AccessLogsS3Prefix = ""
28+
IdleTimeoutTimeoutSeconds = 60
29+
RoutingHTTP2Enabled = true
30+
DropInvalidHeaderFieldsEnabled = false
2931
)
3032

3133
// Attributes represents the desired state of attributes for a load balancer.
@@ -55,16 +57,21 @@ type Attributes struct {
5557
// RoutingHTTP2Enabled: routing.http2.enabled - Indicates whether HTTP/2 is enabled. The value
5658
// is true or false. The default is true.
5759
RoutingHTTP2Enabled bool
60+
61+
// DropInvalidHeaderFieldsEnabled: routing.http.drop_invalid_header_fields.enabled - Indicates if
62+
// invalid headers will be dropped. The default is false.
63+
DropInvalidHeaderFieldsEnabled bool
5864
}
5965

6066
func NewAttributes(attrs []*elbv2.LoadBalancerAttribute) (a *Attributes, err error) {
6167
a = &Attributes{
62-
DeletionProtectionEnabled: DeletionProtectionEnabled,
63-
AccessLogsS3Enabled: AccessLogsS3Enabled,
64-
AccessLogsS3Bucket: AccessLogsS3Bucket,
65-
AccessLogsS3Prefix: AccessLogsS3Prefix,
66-
IdleTimeoutTimeoutSeconds: IdleTimeoutTimeoutSeconds,
67-
RoutingHTTP2Enabled: RoutingHTTP2Enabled,
68+
DeletionProtectionEnabled: DeletionProtectionEnabled,
69+
AccessLogsS3Enabled: AccessLogsS3Enabled,
70+
AccessLogsS3Bucket: AccessLogsS3Bucket,
71+
AccessLogsS3Prefix: AccessLogsS3Prefix,
72+
IdleTimeoutTimeoutSeconds: IdleTimeoutTimeoutSeconds,
73+
RoutingHTTP2Enabled: RoutingHTTP2Enabled,
74+
DropInvalidHeaderFieldsEnabled: DropInvalidHeaderFieldsEnabled,
6875
}
6976
var e error
7077
for _, attr := range attrs {
@@ -97,6 +104,11 @@ func NewAttributes(attrs []*elbv2.LoadBalancerAttribute) (a *Attributes, err err
97104
if err != nil {
98105
return a, fmt.Errorf("invalid load balancer attribute value %s=%s", attrKey, attrValue)
99106
}
107+
case DropInvalidHeaderFieldsEnabledKey:
108+
a.DropInvalidHeaderFieldsEnabled, err = strconv.ParseBool(attrValue)
109+
if err != nil {
110+
return a, fmt.Errorf("invalid load balancer attribute value %s=%s", attrKey, attrValue)
111+
}
100112
default:
101113
e = NewInvalidAttribute(attrKey)
102114
}
@@ -184,6 +196,10 @@ func attributesChangeSet(current, desired *Attributes) (changeSet []*elbv2.LoadB
184196
changeSet = append(changeSet, lbAttribute(RoutingHTTP2EnabledKey, fmt.Sprintf("%v", desired.RoutingHTTP2Enabled)))
185197
}
186198

199+
if current.DropInvalidHeaderFieldsEnabled != desired.DropInvalidHeaderFieldsEnabled {
200+
changeSet = append(changeSet, lbAttribute(DropInvalidHeaderFieldsEnabledKey, fmt.Sprintf("%v", desired.DropInvalidHeaderFieldsEnabled)))
201+
}
202+
187203
return
188204
}
189205

internal/alb/lb/attributes_test.go

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,11 @@ func Test_NewAttributes(t *testing.T) {
6363
ok: false,
6464
attributes: []*elbv2.LoadBalancerAttribute{lbAttribute(RoutingHTTP2EnabledKey, "falfadssdfdsse")},
6565
},
66+
{
67+
name: fmt.Sprintf("%v is invalid", DropInvalidHeaderFieldsEnabledKey),
68+
ok: false,
69+
attributes: []*elbv2.LoadBalancerAttribute{lbAttribute(DropInvalidHeaderFieldsEnabledKey, "falfadssdfdsse")},
70+
},
6671
{
6772
name: fmt.Sprintf("undefined attribute"),
6873
ok: false,
@@ -78,14 +83,16 @@ func Test_NewAttributes(t *testing.T) {
7883
lbAttribute(AccessLogsS3PrefixKey, "prefix"),
7984
lbAttribute(IdleTimeoutTimeoutSecondsKey, "45"),
8085
lbAttribute(RoutingHTTP2EnabledKey, "false"),
86+
lbAttribute(DropInvalidHeaderFieldsEnabledKey, "true"),
8187
},
8288
output: &Attributes{
83-
DeletionProtectionEnabled: true,
84-
AccessLogsS3Enabled: true,
85-
AccessLogsS3Bucket: "bucket name",
86-
AccessLogsS3Prefix: "prefix",
87-
IdleTimeoutTimeoutSeconds: 45,
88-
RoutingHTTP2Enabled: false,
89+
DeletionProtectionEnabled: true,
90+
AccessLogsS3Enabled: true,
91+
AccessLogsS3Bucket: "bucket name",
92+
AccessLogsS3Prefix: "prefix",
93+
IdleTimeoutTimeoutSeconds: 45,
94+
RoutingHTTP2Enabled: false,
95+
DropInvalidHeaderFieldsEnabled: true,
8996
},
9097
},
9198
} {
@@ -155,6 +162,12 @@ func Test_attributesChangeSet(t *testing.T) {
155162
b: MustNewAttributes([]*elbv2.LoadBalancerAttribute{lbAttribute(RoutingHTTP2EnabledKey, "false")}),
156163
changeSet: []*elbv2.LoadBalancerAttribute{lbAttribute(RoutingHTTP2EnabledKey, "false")},
157164
},
165+
{
166+
name: fmt.Sprintf("a contains default, b contains non-default DropInvalidHeaderFieldsEnabledKey, make a change"),
167+
a: MustNewAttributes(nil),
168+
b: MustNewAttributes([]*elbv2.LoadBalancerAttribute{lbAttribute(DropInvalidHeaderFieldsEnabledKey, "true")}),
169+
changeSet: []*elbv2.LoadBalancerAttribute{lbAttribute(DropInvalidHeaderFieldsEnabledKey, "true")},
170+
},
158171
} {
159172
t.Run(tc.name, func(t *testing.T) {
160173
changeSet := attributesChangeSet(tc.a, tc.b)
@@ -188,6 +201,7 @@ func defaultAttributes() []*elbv2.LoadBalancerAttribute {
188201
lbAttribute(AccessLogsS3PrefixKey, ""),
189202
lbAttribute(IdleTimeoutTimeoutSecondsKey, "60"),
190203
lbAttribute(RoutingHTTP2EnabledKey, "true"),
204+
lbAttribute(DropInvalidHeaderFieldsEnabledKey, "false"),
191205
}
192206
}
193207

0 commit comments

Comments
 (0)