From f99ace64c9d83ad95acf0d9ea42034374c51cd58 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Tue, 16 Jul 2024 18:39:02 -0700 Subject: [PATCH] rm gateway-api translation error message from direct response * Responding back with an error message around translation errors may leak info to internet facing external clients around ingress internals Signed-off-by: Arko Dasgupta --- internal/gatewayapi/filters.go | 3 --- internal/ir/xds.go | 3 --- internal/ir/xds_test.go | 2 -- internal/ir/zz_generated.deepcopy.go | 7 +------ internal/xds/translator/route.go | 9 --------- .../testdata/out/xds-ir/accesslog-cel.routes.yaml | 2 -- .../out/xds-ir/accesslog-endpoint-stats.routes.yaml | 2 -- .../testdata/out/xds-ir/accesslog-formatters.routes.yaml | 2 -- .../testdata/out/xds-ir/accesslog-multi-cel.routes.yaml | 2 -- .../out/xds-ir/accesslog-without-format.routes.yaml | 2 -- .../translator/testdata/out/xds-ir/accesslog.routes.yaml | 2 -- .../out/xds-ir/http-route-direct-response.routes.yaml | 2 -- .../out/xds-ir/tracing-endpoint-stats.routes.yaml | 2 -- .../testdata/out/xds-ir/tracing-zipkin.routes.yaml | 2 -- .../translator/testdata/out/xds-ir/tracing.routes.yaml | 2 -- 15 files changed, 1 insertion(+), 43 deletions(-) diff --git a/internal/gatewayapi/filters.go b/internal/gatewayapi/filters.go index 2630ed1cf84..b3d2ddb4074 100644 --- a/internal/gatewayapi/filters.go +++ b/internal/gatewayapi/filters.go @@ -825,7 +825,6 @@ func (t *Translator) processUnresolvedHTTPFilter(errMsg string, filterContext *H errMsg, ) filterContext.DirectResponse = &ir.DirectResponse{ - Body: &errMsg, StatusCode: 500, } } @@ -842,7 +841,6 @@ func (t *Translator) processUnsupportedHTTPFilter(filterType string, filterConte errMsg, ) filterContext.DirectResponse = &ir.DirectResponse{ - Body: &errMsg, StatusCode: 500, } } @@ -859,7 +857,6 @@ func (t *Translator) processInvalidHTTPFilter(filterType string, filterContext * errMsg, ) filterContext.DirectResponse = &ir.DirectResponse{ - Body: &errMsg, StatusCode: 500, } } diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 8dc95e783cf..9b5d4d070dd 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -1190,9 +1190,6 @@ func (h AddHeader) Validate() error { // DirectResponse holds the details for returning a body and status code for a route. // +k8s:deepcopy-gen=true type DirectResponse struct { - // Body configures the body of the direct response. Currently only a string response - // is supported, but in the future a config.core.v3.DataSource may replace it. - Body *string `json:"body,omitempty" yaml:"body,omitempty"` // StatusCode will be used for the direct response's status code. StatusCode uint32 `json:"statusCode" yaml:"statusCode"` } diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go index aa16a614a8c..9492c378344 100644 --- a/internal/ir/xds_test.go +++ b/internal/ir/xds_test.go @@ -254,7 +254,6 @@ var ( Exact: ptr.To("filter-error"), }, DirectResponse: &DirectResponse{ - Body: ptr.To("invalid filter type"), StatusCode: uint32(500), }, } @@ -297,7 +296,6 @@ var ( Exact: ptr.To("redirect"), }, DirectResponse: &DirectResponse{ - Body: ptr.To("invalid filter type"), StatusCode: uint32(799), }, } diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index d76ea363c28..98c0a43131d 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -666,11 +666,6 @@ func (in *DestinationSetting) DeepCopy() *DestinationSetting { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DirectResponse) DeepCopyInto(out *DirectResponse) { *out = *in - if in.Body != nil { - in, out := &in.Body, &out.Body - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DirectResponse. @@ -1230,7 +1225,7 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { if in.DirectResponse != nil { in, out := &in.DirectResponse, &out.DirectResponse *out = new(DirectResponse) - (*in).DeepCopyInto(*out) + **out = **in } if in.Redirect != nil { in, out := &in.Redirect, &out.Redirect diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go index 139b359a15a..600f7fed96b 100644 --- a/internal/xds/translator/route.go +++ b/internal/xds/translator/route.go @@ -419,15 +419,6 @@ func buildXdsURLRewriteAction(destName string, urlRewrite *ir.URLRewrite, pathMa func buildXdsDirectResponseAction(res *ir.DirectResponse) *routev3.DirectResponseAction { routeAction := &routev3.DirectResponseAction{Status: res.StatusCode} - - if res.Body != nil { - routeAction.Body = &corev3.DataSource{ - Specifier: &corev3.DataSource_InlineString{ - InlineString: *res.Body, - }, - } - } - return routeAction } diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: / diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.routes.yaml index d4a7fa5ae20..b214e8b05a3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing.routes.yaml @@ -6,8 +6,6 @@ name: first-listener/* routes: - directResponse: - body: - inlineString: 'Unknown custom filter type: UnsupportedType' status: 500 match: prefix: /