BackendConfig cdn: enable: true uses scary defaults

[ConradIrwin]

I created a backend config like this:

apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: mediaproxy-backend-config
spec:
  timeoutSec: 120
  cdn:
    enabled: true

Expecting it to be equivalent to the default CDN policy, which is more explicitly written like this:

apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: mediaproxy-backend-config
spec:
  timeoutSec: 120
  cdn:
    enabled: true
    cachePolicy:
      includeHost: true
      includeProtocol: true
      includeQueryString: true

Unfortunately the default if cachePolicy is omitted is actually equivalent to:

apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: mediaproxy-backend-config
spec:
  timeoutSec: 120
  cdn:
    enabled: true
    cachePolicy:
      includeHost: false
      includeProtocol: false
      includeQueryString: false

This is a very unsafe default, in our case query parameters are essential to prevent data leakage between users, and I would like to ask that the default be the same as the Google Cloud CDN default.

For now I can work around the problem by explicitly setting the policy, but it was a nasty surprise.

[rramkumar1]

@ConradIrwin Thanks for pointing this out, this appears to be a bug.

/kind bug

[rramkumar1]

/assign @rramkumar1

[ConradIrwin]

Thanks! Sent via Superhuman ( https://sprh.mn/?vip=conrad.irwin@gmail.com )

…

On Wed, Jan 16, 2019 at 10:15 AM, Rohit Ramkumar < ***@***.*** > wrote: Closed #599 ( #599 ) via #611 ( #611 ). — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub ( #599 (comment) ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AAFwQG68GSgAL-hVv02I8tmt3PgPlv5aks5vD2wkgaJpZM4Z0nyx ).