feat: Support GAT request_header_rewrites for Web App traffic#365
feat: Support GAT request_header_rewrites for Web App traffic#365clement0010 wants to merge 2 commits into
request_header_rewrites for Web App traffic#365Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #365 +/- ##
==========================================
- Coverage 86.17% 85.96% -0.21%
==========================================
Files 40 40
Lines 2828 2836 +8
==========================================
+ Hits 2437 2438 +1
- Misses 265 271 +6
- Partials 126 127 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
c0e803b to
0a8401f
Compare
request_header_rewrites for Web App traffic
| for headerName, value := range conn.GATClaims().Resource.GatewayMetadata.RequestHeaderRewrites { | ||
| tmpl, err := template.New(value) | ||
| if err != nil { | ||
| return fmt.Errorf("header %q: %w", headerName, err) |
There was a problem hiding this comment.
This has the same error as above in line 77. We could set the panic message to something like header from token ... but not sure if it'd be useful 🤔
There was a problem hiding this comment.
Pull request overview
This PR adds support for Web App–specific request_header_rewrites carried in the GAT token (resource.gateway_metadata), applying those rewrites to outbound Web App HTTP requests before proxying upstream.
Changes:
- Extend GAT claims schema to include
request_header_rewritesunderresource.gateway_metadata. - Apply per-resource (GAT-provided) header rewrites after gateway-configured rewrites so GAT rewrites take precedence.
- Update fake client + integration test harness to mint GATs containing request header rewrites and assert behavior end-to-end.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| test/integration/web_app_test.go | Updates Web App integration test to inject GAT header rewrites and assert overridden/added headers. |
| test/integration/testutil/user.go | Extends NewWebAppUser to accept request header rewrite data for test setup. |
| test/fake/client.go | Adds client options and includes RequestHeaderRewrites in the fake controller request payload for GAT minting. |
| internal/webapphandler/handler.go | Applies GAT-provided request header rewrites after config headers in the reverse proxy rewrite hook. |
| internal/webapphandler/handler_test.go | Adds unit tests asserting that GAT header rewrites are applied and override config headers. |
| internal/token/gat_claims.go | Adds RequestHeaderRewrites to GatewayMetadata JSON schema (request_header_rewrites). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Introduce the minimal token.GatewayMetadata (request_header_rewrites only)
on Resource, and apply per-resource header rewrites from the GAT in the
Web App handler. Rewrites are applied after config headers, so they
override config headers on conflict, and support the {{...}} template
syntax.
Add a WithRequestHeaderRewrites option to the fake test client and
end-to-end integration coverage.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019PboRSndVw7e3tQP8xoSuJ
87737a1 to
8026c76
Compare
Related Tickets & Documents
upstreamanddownstreamresource configuration in GAT token #342Changes
For Web App resources, the controller can specify per-resource
request_header_rewritesin the GAT underresource.gateway_metadata. This PR makes the Gateway apply those header rewrites to Web App requests before forwarding them upstream.