Nathan Mittler

@aryan16 assigning to you since I know you've been working on security tests. Feel free to re-assign as appropriate.

@aryan16 I updated the description. The client will get 503s when sending requests a headless service, but it will work fine for non-headless.

@aryan16 headless services have sidecars ... are you thinking of "naked" services?

@aryan16 I don't think that's it (but not certain). The test framework should be setting a proper Host header, which the docs indicate should work for headless.

@stevenctl any update?

Ah, you beat me to it. Can we roll back for now?

> See the comment: TestAuthorization_Audit tests that the AUDIT action does not impact allowing or denying a request, TestAuthorization_Audit explicitly does not cover the logging part. @yangminzhu then the audit...

@yangminzhu a negative test is effectively useless. You might as well test that it also doesn't re-route traffic ... or pour you a cup of tea. Since you already are...

@yangminzhu understand ... however, do we have unit tests for this? This seems like the sort of thing better tested thoroughly by unit tests rather than an e2e test. >...

Re-opening, since I don't think the central issue here is resolved.