-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filters: install network filters on upstream connections #173 #6173
Conversation
Allow network filters to be installed via cluster configuration, uses the same configuration syntax as listener filters. Added the following: - Cluster filter config: api/envoy/api/v2/cluster/filter.proto - Test to verify filters are applied: test/common/upstream/cluster_manager_impl_test.cc - Create filter factory and apply to new upstream connnections - Implement Server::Configuration::FactoryContext using contexts from TransportSocketFactoryContext NEEDS MINOR WORK: Some FactoryContext functions throw NOT_IMPLEMENTED, because some context objects are not obviously available to the upstream code. Needs attention from someone better versed in the architecture, see TODO(aconway) This does not prevent use of the feature, most contexts are available. This feature is used by project: https://github.com/alanconway/envoy-amqp. Signed-off-by: Alan Conway <aconway@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow I'm actually surprised at how simple this change is. Very cool. It makes me think it might not be too bad to do an HTTP version also if we factored some of the filter handling code out of the HCM. I do think this change would be worthy of an integration test. Would you be willing to do one? Also I think we should have some additional docs on this (release notes, arch docs, etc.). Thank you!
/wait
// Filter specific configuration which depends on the filter being | ||
// instantiated. See the supported filters for further documentation. | ||
oneof config_type { | ||
google.protobuf.Struct config = 2 [deprecated = true]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think for this new feature we can have only typed_config
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, but I need more guidance. This pattern is used by most every .proto file under api/v2. Is there an example I can follow?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Take a look at #6118 which is adding a new extension and includes only typed config.
On Thu, Mar 7, 2019 at 1:27 PM Matt Klein ***@***.***> wrote:
***@***.**** requested changes on this pull request.
Wow I'm actually surprised at how simple this change is. Very cool. It
makes me think it might not be too bad to do an HTTP version also if we
factored some of the filter handling code out of the HCM. I do think this
change would be worthy of an integration test. Would you be willing to do
one?
Yes but it won't be for at least a month, I've got other stuff to do this
week and then going on vacation. If anyone else has time that would be
great.
Also I think we should have some additional docs on this (release notes,
arch docs, etc.). Thank you!
+1 on docs - upstream filters behave exactly the same as listener network
filters, but that should be documented in a more obvious place. I need to
figure out how the doc system works. Will also not happen till post
vacation.
My AMQP bridge https://github.com/alanconway/envoy-amqp uses the upstream
filters. Would you consider taking it on as a built-in envoy filter? It is
fairly complete but needs to be moved into the envoy repo, given some
integration tests, and the docs need to be integrated into envoy's system.
If you're agreeable I'll do that when I get back.
… /wait
------------------------------
In api/envoy/api/v2/cluster/filter.proto
<#6173 (comment)>:
> +import "google/protobuf/struct.proto";
+
+import "validate/validate.proto";
+import "gogoproto/gogo.proto";
+
+option (gogoproto.equal_all) = true;
+
+// [#protodoc-title: Upstream filters]
+message Filter {
+ // The name of the upstream filter to instantiate. The name must match a supported filter.
+ string name = 1 [(validate.rules).string.min_bytes = 1];
+
+ // Filter specific configuration which depends on the filter being
+ // instantiated. See the supported filters for further documentation.
+ oneof config_type {
+ google.protobuf.Struct config = 2 [deprecated = true];
I think for this new feature we can have only typed_config
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6173 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHa6XlxjtOxQkxHIKeOYN8je0tSlirThks5vUVoIgaJpZM4be52j>
.
|
@alanconway I will mark this so the stalebot doesn't close it and we can pick it up when you are back. |
factory.createFilterFactory(*filter_config->getObject("value", true), *factory_context_); | ||
} else { | ||
auto message = Config::Utility::translateToFactoryConfig(proto_config, factory); | ||
callback = factory.createFilterFactoryFromProto(*message, *factory_context_); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you don't need this. deprecated_v1 was only for listener filters (mostly tcp) that needed old functionality. In your case, its all new..
// Create upstream filter factories | ||
auto filters = config.filters(); | ||
for (ssize_t i = 0; i < filters.size(); i++) { | ||
const auto& proto_config = filters[i]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you want to run a sanity check of disallowed filters? Like tcp proxy/redis?
EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) | ||
.WillOnce(Return(connection)); | ||
auto conn_data = cluster_manager_->tcpConnForCluster("cluster_1", nullptr, nullptr); | ||
EXPECT_EQ(connection, conn_data.connection_.get()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you add a test here to check if filter gets invoked when data passes through?
|
||
class FactoryContextImpl; | ||
std::unique_ptr<Server::Configuration::FactoryContext> factory_context_; | ||
std::vector<Network::FilterFactoryCb> filter_factories_; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how does filter get called onData?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the goal of these filters? is it to perform endpoint specific mutation on the data before sending it out?
On Sun, Mar 10, 2019 at 11:31 AM Shriram Rajagopalan < ***@***.***> wrote:
***@***.**** commented on this pull request.
what is the goal of these filters? is it to perform endpoint specific
mutation on the data before sending it out?
Yep - it's used by https://github.com/alanconway/envoy-amqp to turn HTTP
into AMQP (there's a listener filter on the other side turning AMQP into
HTTP)
Thanks for your suggestions, I'll get to them when I return from vacation
in 2 weeks.
… —
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6173 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHa6XqU0Qtc25eJODwkLOK3QCknHfcmSks5vVSVYgaJpZM4be52j>
.
|
@alanconway : why was this closed and not pursued further? |
The branch was deleted by mistake. Unfortunately I've changed roles in my organization so I don't have much time to work on this. It is code complete, but needs to be rebased on the latest envoy. |
@alanconway If you're OK with it, we can take over and re-base this PR as long as we're all OK with the API changes. |
Closing as this is now covered by #7503 |
Allow network filters to be installed via cluster configuration,
uses the same configuration syntax as listener filters.
Added cluster filter config: api/envoy/api/v2/cluster/filter.proto
Tests to verify filters are aplied test/common/upstream/cluster_manager_impl_test.cc
Implementation in source/common/upstream:
NEEDS MINOR WORK: Some FactoryContext functions throw NOT_IMPLEMENTED, because
some context objects are not obviously available in the upstream code.
Needs attention from someone better versed in the architecture, see TODO(aconway)
Does not prevent use of the feature, all the contexts available from
TransportSocketFactoryContext are available which covers many use cases.
This feature is used by project: https://github.com/alanconway/envoy-amqp.
Signed-off-by: Alan Conway aconway@redhat.com
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Fixes #Issue]
[Optional Deprecated:]