From b672363a37e5199049c5428fdc06b7b0ed9cc754 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Renato=20Vass=C3=A3o?= Date: Tue, 14 Oct 2025 16:00:07 -0300 Subject: [PATCH] Add cookie attributes to SessionAffinity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Renato Vassão --- pkg/apis/flagger/v1beta1/canary.go | 54 +++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/pkg/apis/flagger/v1beta1/canary.go b/pkg/apis/flagger/v1beta1/canary.go index aae9ccd8..e8628f6a 100644 --- a/pkg/apis/flagger/v1beta1/canary.go +++ b/pkg/apis/flagger/v1beta1/canary.go @@ -297,11 +297,30 @@ type CanaryAnalysis struct { type SessionAffinity struct { // CookieName is the key that will be used for the session affinity cookie. CookieName string `json:"cookieName,omitempty"` - // MaxAge indicates the number of seconds until the session affinity cookie will expire. // ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes + // Domain defines the host to which the cookie will be sent. + // +optional + Domain string `json:"domain,omitempty"` + // HttpOnly forbids JavaScript from accessing the cookie, for example, through the Document.cookie property. + // +optional + HttpOnly bool `json:"httpOnly,omitempty"` + // MaxAge indicates the number of seconds until the session affinity cookie will expire. // The default value is 86,400 seconds, i.e. a day. // +optional MaxAge int `json:"maxAge,omitempty"` + // Partitioned indicates that the cookie should be stored using partitioned storage. + // +optional + Partitioned bool `json:"partitioned,omitempty"` + // Path indicates the path that must exist in the requested URL for the browser to send the Cookie header. + // +optional + Path string `json:"path,omitempty"` + // SameSite controls whether or not a cookie is sent with cross-site requests. + // +optional + // +kubebuilder:validation:Enum=Strict;Lax;None + SameSite string `json:"sameSite,omitempty"` + // Secure indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost) + // +optional + Secure bool `json:"secure,omitempty"` // PrimaryCookieName is the key that will be used for the primary session affinity cookie. // +optional PrimaryCookieName string `json:"primaryCookieName,omitempty"` @@ -668,3 +687,36 @@ func (c *Canary) DeploymentStrategy() string { // Canary Release: default (has maxWeight, stepWeight, or stepWeights) return DeploymentStrategyCanary } + +// BuildCookie returns the cookie that should be used as the value of a Set-Cookie header +func (s *SessionAffinity) BuildCookie(cookieName string) string { + cookie := fmt.Sprintf("%s; %s=%d", cookieName, "Max-Age", + s.GetMaxAge(), + ) + + if s.Domain != "" { + cookie += fmt.Sprintf("; %s=%s", "Domain", s.Domain) + } + + if s.HttpOnly { + cookie += fmt.Sprintf("; %s", "HttpOnly") + } + + if s.Partitioned { + cookie += fmt.Sprintf("; %s", "Partitioned") + } + + if s.Path != "" { + cookie += fmt.Sprintf("; %s=%s", "Path", s.Path) + } + + if s.SameSite != "" { + cookie += fmt.Sprintf("; %s=%s", "SameSite", s.SameSite) + } + + if s.Secure { + cookie += fmt.Sprintf("; %s", "Secure") + } + + return cookie +}