http: add new early header mutation extension and simple implementation (#23949)

* complete extension except HCM update and test Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * complete HCM and just waiting test Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * complete almost all test except unit test of HCM Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * add unit test for HCM Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * add release note Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix format Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix mock Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix another mock Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix mock Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix clang tidy and compile options Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * injectable regex engine Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * Update api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto Co-authored-by: Matt Klein <mattklein123@gmail.com> Signed-off-by: code <wangbaiping@corp.netease.com> * used header value options Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * remove unnecessary update Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix docs Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix test Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix test Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * avoid deprecated configuration Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * make mutation order sensitive Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * add death test Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * fix proto Signed-off-by: wbpcode <wangbaiping@corp.netease.com> * address all comments Signed-off-by: wbpcode <wangbaiping@corp.netease.com> Signed-off-by: wbpcode <wangbaiping@corp.netease.com> Signed-off-by: code <wangbaiping@corp.netease.com> Co-authored-by: Matt Klein <mattklein123@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 48687d1a81ab3567abb768f9e7f40b47dcf04e71
2 years ago · 000b551baa
parent 6ed9cdca7d
commit 000b551baa
7 changed files with 65 additions and 1 deletions
--- a/1
+++ b/1
@ -234,6 +234,7 @@ proto_library(
        "//envoy/extensions/http/cache/simple_http_cache/v3:pkg",
        "//envoy/extensions/http/custom_response/local_response_policy/v3:pkg",
        "//envoy/extensions/http/custom_response/redirect_policy/v3:pkg",
+        "//envoy/extensions/http/early_header_mutation/header_mutation/v3:pkg",
        "//envoy/extensions/http/header_formatters/preserve_case/v3:pkg",
        "//envoy/extensions/http/header_validators/envoy_default/v3:pkg",
        "//envoy/extensions/http/original_ip_detection/custom_header/v3:pkg",
--- a/envoy/config/common/mutation_rules/v3/BUILD
+++ b/envoy/config/common/mutation_rules/v3/BUILD
@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2

 api_proto_package(
    deps = [
+        "//envoy/config/core/v3:pkg",
        "//envoy/type/matcher/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
--- a/envoy/config/common/mutation_rules/v3/mutation_rules.proto
+++ b/envoy/config/common/mutation_rules/v3/mutation_rules.proto
@ -2,11 +2,13 @@ syntax = "proto3";

 package envoy.config.common.mutation_rules.v3;

+import "envoy/config/core/v3/base.proto";
 import "envoy/type/matcher/v3/regex.proto";

 import "google/protobuf/wrappers.proto";

 import "udpa/annotations/status.proto";
+import "validate/validate.proto";

 option java_package = "io.envoyproxy.envoy.config.common.mutation_rules.v3";
 option java_outer_classname = "MutationRulesProto";
@ -84,3 +86,18 @@ message HeaderMutationRules {
  // Default is false.
  google.protobuf.BoolValue disallow_is_error = 7;
 }
+
+// The HeaderMutation structure specifies an action that may be taken on HTTP
+// headers.
+message HeaderMutation {
+  oneof action {
+    option (validate.required) = true;
+
+    // Remove the specified header if it exists.
+    string remove = 1
+        [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
+
+    // Append new header by the specified HeaderValueOption.
+    core.v3.HeaderValueOption append = 2;
+  }
+}
--- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@ -36,7 +36,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
 // [#extension: envoy.filters.network.http_connection_manager]

-// [#next-free-field: 52]
+// [#next-free-field: 53]
 message HttpConnectionManager {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@ -579,6 +579,15 @@ message HttpConnectionManager {
  // [#extension-category: envoy.http.original_ip_detection]
  repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46;

+  // The configuration for the early header mutation extensions.
+  //
+  // When configured the extensions will be called before any routing, tracing, or any filter processing.
+  // Each extension will be applied in the order they are configured.
+  // If the same header is mutated by multiple extensions, then the last extension will win.
+  //
+  // [#extension-category: envoy.http.early_header_mutation]
+  repeated config.core.v3.TypedExtensionConfig early_header_mutation_extensions = 52;
+
  // Configures what network addresses are considered internal for stats and header sanitation
  // purposes. If unspecified, only RFC1918 IP addresses will be considered internal.
  // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more
--- a/envoy/extensions/http/early_header_mutation/header_mutation/v3/BUILD
+++ b/envoy/extensions/http/early_header_mutation/header_mutation/v3/BUILD
@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/config/common/mutation_rules/v3:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)
--- a/envoy/extensions/http/early_header_mutation/header_mutation/v3/header_mutation.proto
+++ b/envoy/extensions/http/early_header_mutation/header_mutation/v3/header_mutation.proto
@ -0,0 +1,23 @@
+syntax = "proto3";
+
+package envoy.extensions.http.early_header_mutation.header_mutation.v3;
+
+import "envoy/config/common/mutation_rules/v3/mutation_rules.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.http.early_header_mutation.header_mutation.v3";
+option java_outer_classname = "HeaderMutationProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/http/early_header_mutation/header_mutation/v3;header_mutationv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Default early header mutation extension]
+// [#extension: envoy.http.early_header_mutation.header_mutation]
+
+// This extension allows for early header mutation by the substitution formatter.
+message HeaderMutation {
+  repeated config.common.mutation_rules.v3.HeaderMutation mutations = 1
+      [(validate.rules).repeated = {min_items: 1}];
+}
--- a/versioning/BUILD
+++ b/versioning/BUILD
@ -172,6 +172,7 @@ proto_library(
        "//envoy/extensions/http/cache/simple_http_cache/v3:pkg",
        "//envoy/extensions/http/custom_response/local_response_policy/v3:pkg",
        "//envoy/extensions/http/custom_response/redirect_policy/v3:pkg",
+        "//envoy/extensions/http/early_header_mutation/header_mutation/v3:pkg",
        "//envoy/extensions/http/header_formatters/preserve_case/v3:pkg",
        "//envoy/extensions/http/header_validators/envoy_default/v3:pkg",
        "//envoy/extensions/http/original_ip_detection/custom_header/v3:pkg",