Skip to content

Commit 1273c41

Browse files
hfhf
authored
feat: update envoy lds config with auth jwks, oidc URLs, strip sb-opk header (#1296)
1 parent 21d3823 commit 1273c41

File tree

2 files changed

+23
-2
lines changed

2 files changed

+23
-2
lines changed

ansible/files/envoy_config/lds.yaml

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -254,8 +254,13 @@ resources:
254254
type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute
255255
- match:
256256
safe_regex:
257+
google_re2:
258+
max_program_size: 150
257259
regex: >-
258-
/auth/v1/(verify|callback|authorize|sso/saml/(acs|metadata|slo))
260+
/auth/v1/(verify|callback|authorize|sso/saml/(acs|metadata|slo)|\.well-known/(openid-configuration|jwks\.json))
261+
request_headers_to_remove:
262+
- apikey
263+
- sb-opk
259264
route:
260265
cluster: gotrue
261266
regex_rewrite:
@@ -269,6 +274,9 @@ resources:
269274
typed_per_filter_config: *ref_0
270275
- match:
271276
prefix: /auth/v1/
277+
request_headers_to_remove:
278+
- apikey
279+
- sb-opk
272280
route:
273281
cluster: gotrue
274282
prefix_rewrite: /
@@ -280,6 +288,7 @@ resources:
280288
present_match: true
281289
request_headers_to_remove:
282290
- apikey
291+
- sb-opk
283292
route:
284293
cluster: postgrest
285294
prefix_rewrite: /
@@ -293,6 +302,7 @@ resources:
293302
prefix: /rest/v1/
294303
request_headers_to_remove:
295304
- apikey
305+
- sb-opk
296306
route:
297307
cluster: postgrest
298308
prefix_rewrite: /
@@ -309,6 +319,7 @@ resources:
309319
present_match: true
310320
request_headers_to_remove:
311321
- apikey
322+
- sb-opk
312323
route:
313324
cluster: postgrest_admin
314325
prefix_rewrite: /
@@ -321,6 +332,7 @@ resources:
321332
prefix: /rest-admin/v1/
322333
request_headers_to_remove:
323334
- apikey
335+
- sb-opk
324336
route:
325337
cluster: postgrest_admin
326338
prefix_rewrite: /
@@ -330,18 +342,25 @@ resources:
330342
header:
331343
key: Content-Profile
332344
value: graphql_public
345+
request_headers_to_remove:
346+
- apikey
347+
- sb-opk
333348
route:
334349
cluster: postgrest
335350
prefix_rewrite: /rpc/graphql
336351
timeout: 125s
337352
- match:
338353
prefix: /admin/v1/
354+
request_headers_to_remove:
355+
- sb-opk
339356
route:
340357
cluster: admin_api
341358
prefix_rewrite: /
342359
timeout: 600s
343360
- match:
344361
prefix: /customer/v1/privileged/
362+
request_headers_to_remove:
363+
- sb-opk
345364
route:
346365
cluster: admin_api
347366
prefix_rewrite: /privileged/
@@ -365,6 +384,8 @@ resources:
365384
treat_missing_header_as_empty: true
366385
- match:
367386
prefix: /metrics/aggregated
387+
request_headers_to_remove:
388+
- sb-opk
368389
route:
369390
cluster: admin_api
370391
prefix_rewrite: /supabase-internal/metrics

common-nix.vars.pkr.hcl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
postgres-version = "15.6.1.137"
1+
postgres-version = "15.6.1.138"

0 commit comments

Comments
 (0)