From 000b551baafd3164891a80f6a2c08edbf6411a9f Mon Sep 17 00:00:00 2001 From: "data-plane-api(Azure Pipelines)" Date: Thu, 15 Dec 2022 16:25:27 +0000 Subject: [PATCH] http: add new early header mutation extension and simple implementation (#23949) * complete extension except HCM update and test Signed-off-by: wbpcode * complete HCM and just waiting test Signed-off-by: wbpcode * complete almost all test except unit test of HCM Signed-off-by: wbpcode * add unit test for HCM Signed-off-by: wbpcode * add release note Signed-off-by: wbpcode * fix format Signed-off-by: wbpcode * fix mock Signed-off-by: wbpcode * fix another mock Signed-off-by: wbpcode * fix mock Signed-off-by: wbpcode * fix clang tidy and compile options Signed-off-by: wbpcode * injectable regex engine Signed-off-by: wbpcode * Update api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto Co-authored-by: Matt Klein Signed-off-by: code * used header value options Signed-off-by: wbpcode * remove unnecessary update Signed-off-by: wbpcode * fix docs Signed-off-by: wbpcode * fix test Signed-off-by: wbpcode * fix test Signed-off-by: wbpcode * avoid deprecated configuration Signed-off-by: wbpcode * make mutation order sensitive Signed-off-by: wbpcode * add death test Signed-off-by: wbpcode * fix proto Signed-off-by: wbpcode * address all comments Signed-off-by: wbpcode Signed-off-by: wbpcode Signed-off-by: code Co-authored-by: Matt Klein Mirrored from https://github.com/envoyproxy/envoy @ 48687d1a81ab3567abb768f9e7f40b47dcf04e71 --- BUILD | 1 + envoy/config/common/mutation_rules/v3/BUILD | 1 + .../mutation_rules/v3/mutation_rules.proto | 17 ++++++++++++++ .../v3/http_connection_manager.proto | 11 ++++++++- .../header_mutation/v3/BUILD | 12 ++++++++++ .../header_mutation/v3/header_mutation.proto | 23 +++++++++++++++++++ versioning/BUILD | 1 + 7 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 envoy/extensions/http/early_header_mutation/header_mutation/v3/BUILD create mode 100644 envoy/extensions/http/early_header_mutation/header_mutation/v3/header_mutation.proto diff --git a/BUILD b/BUILD index 90bc3f56..679641fe 100644 --- a/BUILD +++ b/BUILD @@ -234,6 +234,7 @@ proto_library( "//envoy/extensions/http/cache/simple_http_cache/v3:pkg", "//envoy/extensions/http/custom_response/local_response_policy/v3:pkg", "//envoy/extensions/http/custom_response/redirect_policy/v3:pkg", + "//envoy/extensions/http/early_header_mutation/header_mutation/v3:pkg", "//envoy/extensions/http/header_formatters/preserve_case/v3:pkg", "//envoy/extensions/http/header_validators/envoy_default/v3:pkg", "//envoy/extensions/http/original_ip_detection/custom_header/v3:pkg", diff --git a/envoy/config/common/mutation_rules/v3/BUILD b/envoy/config/common/mutation_rules/v3/BUILD index 693f0b92..3f3a5395 100644 --- a/envoy/config/common/mutation_rules/v3/BUILD +++ b/envoy/config/common/mutation_rules/v3/BUILD @@ -6,6 +6,7 @@ licenses(["notice"]) # Apache 2 api_proto_package( deps = [ + "//envoy/config/core/v3:pkg", "//envoy/type/matcher/v3:pkg", "@com_github_cncf_udpa//udpa/annotations:pkg", ], diff --git a/envoy/config/common/mutation_rules/v3/mutation_rules.proto b/envoy/config/common/mutation_rules/v3/mutation_rules.proto index e728925d..d129ef1e 100644 --- a/envoy/config/common/mutation_rules/v3/mutation_rules.proto +++ b/envoy/config/common/mutation_rules/v3/mutation_rules.proto @@ -2,11 +2,13 @@ syntax = "proto3"; package envoy.config.common.mutation_rules.v3; +import "envoy/config/core/v3/base.proto"; import "envoy/type/matcher/v3/regex.proto"; import "google/protobuf/wrappers.proto"; import "udpa/annotations/status.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.common.mutation_rules.v3"; option java_outer_classname = "MutationRulesProto"; @@ -84,3 +86,18 @@ message HeaderMutationRules { // Default is false. google.protobuf.BoolValue disallow_is_error = 7; } + +// The HeaderMutation structure specifies an action that may be taken on HTTP +// headers. +message HeaderMutation { + oneof action { + option (validate.required) = true; + + // Remove the specified header if it exists. + string remove = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Append new header by the specified HeaderValueOption. + core.v3.HeaderValueOption append = 2; + } +} diff --git a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 9073b55f..65ac3e0a 100644 --- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -36,7 +36,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 52] +// [#next-free-field: 53] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"; @@ -579,6 +579,15 @@ message HttpConnectionManager { // [#extension-category: envoy.http.original_ip_detection] repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46; + // The configuration for the early header mutation extensions. + // + // When configured the extensions will be called before any routing, tracing, or any filter processing. + // Each extension will be applied in the order they are configured. + // If the same header is mutated by multiple extensions, then the last extension will win. + // + // [#extension-category: envoy.http.early_header_mutation] + repeated config.core.v3.TypedExtensionConfig early_header_mutation_extensions = 52; + // Configures what network addresses are considered internal for stats and header sanitation // purposes. If unspecified, only RFC1918 IP addresses will be considered internal. // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more diff --git a/envoy/extensions/http/early_header_mutation/header_mutation/v3/BUILD b/envoy/extensions/http/early_header_mutation/header_mutation/v3/BUILD new file mode 100644 index 00000000..7af7ae04 --- /dev/null +++ b/envoy/extensions/http/early_header_mutation/header_mutation/v3/BUILD @@ -0,0 +1,12 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/common/mutation_rules/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/envoy/extensions/http/early_header_mutation/header_mutation/v3/header_mutation.proto b/envoy/extensions/http/early_header_mutation/header_mutation/v3/header_mutation.proto new file mode 100644 index 00000000..8cad541e --- /dev/null +++ b/envoy/extensions/http/early_header_mutation/header_mutation/v3/header_mutation.proto @@ -0,0 +1,23 @@ +syntax = "proto3"; + +package envoy.extensions.http.early_header_mutation.header_mutation.v3; + +import "envoy/config/common/mutation_rules/v3/mutation_rules.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.http.early_header_mutation.header_mutation.v3"; +option java_outer_classname = "HeaderMutationProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/http/early_header_mutation/header_mutation/v3;header_mutationv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Default early header mutation extension] +// [#extension: envoy.http.early_header_mutation.header_mutation] + +// This extension allows for early header mutation by the substitution formatter. +message HeaderMutation { + repeated config.common.mutation_rules.v3.HeaderMutation mutations = 1 + [(validate.rules).repeated = {min_items: 1}]; +} diff --git a/versioning/BUILD b/versioning/BUILD index ff07909f..4a23ae33 100644 --- a/versioning/BUILD +++ b/versioning/BUILD @@ -172,6 +172,7 @@ proto_library( "//envoy/extensions/http/cache/simple_http_cache/v3:pkg", "//envoy/extensions/http/custom_response/local_response_policy/v3:pkg", "//envoy/extensions/http/custom_response/redirect_policy/v3:pkg", + "//envoy/extensions/http/early_header_mutation/header_mutation/v3:pkg", "//envoy/extensions/http/header_formatters/preserve_case/v3:pkg", "//envoy/extensions/http/header_validators/envoy_default/v3:pkg", "//envoy/extensions/http/original_ip_detection/custom_header/v3:pkg",