Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filters: install network filters on upstream connections #173 #6173

Closed
wants to merge 1 commit into from

Conversation

alanconway
Copy link

Allow network filters to be installed via cluster configuration,
uses the same configuration syntax as listener filters.

Added cluster filter config: api/envoy/api/v2/cluster/filter.proto

Tests to verify filters are aplied test/common/upstream/cluster_manager_impl_test.cc

Implementation in source/common/upstream:

  • Create filter factory and apply to new upstream connnections.
  • Implement Server::Configuration::FactoryContext.

NEEDS MINOR WORK: Some FactoryContext functions throw NOT_IMPLEMENTED, because
some context objects are not obviously available in the upstream code.
Needs attention from someone better versed in the architecture, see TODO(aconway)

Does not prevent use of the feature, all the contexts available from
TransportSocketFactoryContext are available which covers many use cases.

This feature is used by project: https://github.com/alanconway/envoy-amqp.

Signed-off-by: Alan Conway aconway@redhat.com

For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md

Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Fixes #Issue]
[Optional Deprecated:]

Allow network filters to be installed via cluster configuration,
uses the same configuration syntax as listener filters.

Added the following:
- Cluster filter config: api/envoy/api/v2/cluster/filter.proto
- Test to verify filters are applied: test/common/upstream/cluster_manager_impl_test.cc
- Create filter factory and apply to new upstream connnections
- Implement Server::Configuration::FactoryContext using contexts from TransportSocketFactoryContext

NEEDS MINOR WORK: Some FactoryContext functions throw NOT_IMPLEMENTED, because
some context objects are not obviously available to the upstream code.  Needs
attention from someone better versed in the architecture, see TODO(aconway)

This does not prevent use of the feature, most contexts are available.

This feature is used by project: https://github.com/alanconway/envoy-amqp.

Signed-off-by: Alan Conway <aconway@redhat.com>
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow I'm actually surprised at how simple this change is. Very cool. It makes me think it might not be too bad to do an HTTP version also if we factored some of the filter handling code out of the HCM. I do think this change would be worthy of an integration test. Would you be willing to do one? Also I think we should have some additional docs on this (release notes, arch docs, etc.). Thank you!

/wait

// Filter specific configuration which depends on the filter being
// instantiated. See the supported filters for further documentation.
oneof config_type {
google.protobuf.Struct config = 2 [deprecated = true];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for this new feature we can have only typed_config

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, but I need more guidance. This pattern is used by most every .proto file under api/v2. Is there an example I can follow?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take a look at #6118 which is adding a new extension and includes only typed config.

@alanconway
Copy link
Author

alanconway commented Mar 7, 2019 via email

@mattklein123
Copy link
Member

@alanconway I will mark this so the stalebot doesn't close it and we can pick it up when you are back.

@mattklein123 mattklein123 added the no stalebot Disables stalebot from closing an issue label Mar 8, 2019
factory.createFilterFactory(*filter_config->getObject("value", true), *factory_context_);
} else {
auto message = Config::Utility::translateToFactoryConfig(proto_config, factory);
callback = factory.createFilterFactoryFromProto(*message, *factory_context_);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you don't need this. deprecated_v1 was only for listener filters (mostly tcp) that needed old functionality. In your case, its all new..

// Create upstream filter factories
auto filters = config.filters();
for (ssize_t i = 0; i < filters.size(); i++) {
const auto& proto_config = filters[i];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you want to run a sanity check of disallowed filters? Like tcp proxy/redis?

EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _))
.WillOnce(Return(connection));
auto conn_data = cluster_manager_->tcpConnForCluster("cluster_1", nullptr, nullptr);
EXPECT_EQ(connection, conn_data.connection_.get());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you add a test here to check if filter gets invoked when data passes through?


class FactoryContextImpl;
std::unique_ptr<Server::Configuration::FactoryContext> factory_context_;
std::vector<Network::FilterFactoryCb> filter_factories_;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how does filter get called onData?

Copy link
Member

@rshriram rshriram left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the goal of these filters? is it to perform endpoint specific mutation on the data before sending it out?

@alanconway
Copy link
Author

alanconway commented Mar 12, 2019 via email

@alanconway alanconway closed this Apr 24, 2019
@alanconway alanconway deleted the upstream-filter branch April 24, 2019 21:13
@gargnupur
Copy link
Contributor

@alanconway : why was this closed and not pursued further?

@alanconway alanconway restored the upstream-filter branch July 4, 2019 14:25
@alanconway alanconway reopened this Jul 4, 2019
@alanconway
Copy link
Author

The branch was deleted by mistake. Unfortunately I've changed roles in my organization so I don't have much time to work on this. It is code complete, but needs to be rebased on the latest envoy.

@kyessenov
Copy link
Contributor

@alanconway If you're OK with it, we can take over and re-base this PR as long as we're all OK with the API changes.

@mattklein123
Copy link
Member

Closing as this is now covered by #7503

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
no stalebot Disables stalebot from closing an issue waiting
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants