oathkeeper icon indicating copy to clipboard operation
oathkeeper copied to clipboard

Published 20 hours ago verified publisher icon ory

feat: Add support for header in rule matching

Open m-guesnon-pvotal opened this issue 2 years ago • 9 comments

This pull request aims at extending the matching rules of ory oathkeeper with support for header matching. Header-based routing pattern are a very common when in comes to versioned APIs. However, we should also consider that new versions of an API may result in a need for different authorization rules.

As such, support for header based decision making is relevant. We used to solve this issue with a proxy between our gateway and authService (oathkeeper) but figured it would be a welcome addition to oathkeeper rule definitions.

This change should NOT be a breaking change since defining headers in the rule is not required.

Related issue(s)

Documentation pull request can be found here

Related design document: https://github.com/ory/docs/issues/820

Checklist

  • [x] I have read the contributing guidelines.
  • [x] I have referenced an issue containing the design document if my change introduces a new feature.
  • [x] I am following the contributing code guidelines.
  • [x] I have read the security policy.
  • [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security. vulnerability, I confirm that I got green light (please contact [email protected]) from the maintainers to push the changes.
  • [x] I have added tests that prove my fix is effective or that my feature works.
  • [x] I have added or changed the documentation.

Further Comments

I'm not quite positive on which files in the repository are generated through your CI. Should I update the schema definitions?

m-guesnon-pvotal avatar May 18 '22 17:05 m-guesnon-pvotal

Codecov Report

Merging #967 (bec0e7e) into master (af5ce29) will increase coverage by 0.13%. The diff coverage is 89.47%.

:exclamation: Current head bec0e7e differs from pull request most recent head 2290ce1. Consider uploading reports for the commit 2290ce1 to get more accurate results

@@            Coverage Diff             @@
##           master     #967      +/-   ##
==========================================
+ Coverage   77.65%   77.78%   +0.13%     
==========================================
  Files          80       80              
  Lines        3965     3980      +15     
==========================================
+ Hits         3079     3096      +17     
+ Misses        607      606       -1     
+ Partials      279      278       -1
Impacted Files Coverage Δ
rule/repository_memory.go 85.52% <33.33%> (ø)
rule/rule.go 84.40% <93.54%> (+4.17%) :arrow_up:
api/decision.go 95.55% <100.00%> (ø)
middleware/grpc_middleware.go 72.41% <100.00%> (ø)
proxy/proxy.go 71.84% <100.00%> (ø)

... and 1 file with indirect coverage changes

codecov[bot] avatar May 18 '22 18:05 codecov[bot]

Formatting with npm run format to please the CI modified all the *.md file. This can be reverted if needed.

m-guesnon-pvotal avatar May 18 '22 21:05 m-guesnon-pvotal

Done. However, this brought back the linter fail for CI. (I suspect current master could not pass the CI)

m-guesnon-pvotal avatar May 31 '22 09:05 m-guesnon-pvotal

@aeneasr any news for linter and the content of the PR itself ?

a-manraj-pvotal avatar Jun 07 '22 12:06 a-manraj-pvotal

Outside linting @aeneasr any changes required or discussion to alter ?

a-manraj-pvotal avatar Jun 15 '22 13:06 a-manraj-pvotal

If you rebase on master, I think that the CI should pass!

aeneasr avatar Sep 10 '22 08:09 aeneasr

I'm unfortunately not allowed to do so :(

aeneasr avatar Sep 10 '22 08:09 aeneasr

@m-guesnon-pvotal @a-manraj-pvotal Apologies for the ping, but can you take another look at this so we can move it forward please?

vinckr avatar May 03 '23 09:05 vinckr

@vinckr Done. Sorry, I missed @aeneasr message and never followed up.

m-guesnon-pvotal avatar May 03 '23 18:05 m-guesnon-pvotal