From 62ca1e88ca98fa03706d30a5c001159fbf9eeedb Mon Sep 17 00:00:00 2001 From: Arne Luenser Date: Wed, 11 Sep 2024 15:50:57 +0200 Subject: [PATCH] fix: remote authorizers with request body (#1185) --- pipeline/authz/remote.go | 5 ++--- pipeline/authz/remote_test.go | 5 +++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/pipeline/authz/remote.go b/pipeline/authz/remote.go index 37dad4f0bc..8a49376c24 100644 --- a/pipeline/authz/remote.go +++ b/pipeline/authz/remote.go @@ -67,7 +67,6 @@ func (a *AuthorizerRemote) GetID() string { func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rl pipeline.Rule) (err error) { ctx, span := a.tracer.Start(r.Context(), "pipeline.authz.AuthorizerRemote.Authorize") defer otelx.End(span, &err) - r = r.WithContext(ctx) c, err := a.Config(config) if err != nil { @@ -80,7 +79,7 @@ func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.Authenticat write.CloseWithError(errors.Wrapf(err, `could not pipe request body in rule "%s"`, rl.GetID())) }() - req, err := http.NewRequest("POST", c.Remote, read) + req, err := http.NewRequestWithContext(ctx, "POST", c.Remote, read) if err != nil { return errors.WithStack(err) } @@ -116,7 +115,7 @@ func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.Authenticat req.Header.Set(hdr, headerValue.String()) } - res, err := a.client.Do(req.WithContext(r.Context())) + res, err := a.client.Do(req) if err != nil { return errors.WithStack(err) diff --git a/pipeline/authz/remote_test.go b/pipeline/authz/remote_test.go index f8b5d09722..788fbf6341 100644 --- a/pipeline/authz/remote_test.go +++ b/pipeline/authz/remote_test.go @@ -203,6 +203,11 @@ func TestAuthorizerRemoteAuthorize(t *testing.T) { if err := a.Authorize(r, tt.session, tt.config, &rule.Rule{}); (err != nil) != tt.wantErr { t.Errorf("Authorize() error = %v, wantErr %v", err, tt.wantErr) } + if tt.body != "" { + body, err := io.ReadAll(r.Body) + require.NoError(t, err) + require.Equal(t, tt.body, string(body), "body must stay intact") + } if tt.sessionHeaderMatch != nil { assert.Equal(t, tt.sessionHeaderMatch, &tt.session.Header)