Description of problem: 4.6 adds the Forwarded header policy API. This feature has E2E tests in cluster-ingress-operator to verify that the expected headers are set. The tests use a case-sensitive comparison and scan for the headers using their lower-cased names. https://github.com/openshift/router/pull/194 turns off HAProxy's HTX option when HTTP/2 is not enabled. As a result, HAProxy does not down-case HTTP header names. The E2E tests need to ignore case when comparing the expected response and the actual response because some cloud load balancers use mixed-case header names (e.g., an ELB sets "X-Forwarded-For", and the test looks for "x-forwarded-for"). Version-Release number of selected component (if applicable): The E2E tests were added in 4.6. https://github.com/openshift/router/pull/194 turns off HTX in 4.7. How reproducible: This was reliably causing failures in CI. Steps to Reproduce: 1. Go to a recent cluster-ingress-operator CI run. 2. Check for failures. Actual results: The build log reports the following failures: --- FAIL: TestForwardedHeaderPolicyAppend (259.87s) --- FAIL: TestForwardedHeaderPolicyReplace (262.63s) --- FAIL: TestForwardedHeaderPolicyIfNone (263.60s) Expected results: The build log should not show these failures. Additional info: I already fixed the tests in cluster-ingress-operator but am reporting the issue in Bugzilla in order to facility a backport of the test fix to 4.6 because https://github.com/openshift/router/pull/199 (not merged) turns off HTX in 4.6.
Verified in subsequent CI runs after the fix, the failure is no more seen.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633