ext_proc: Use the new mutation rules and new proto (#19622)

Replace code in mutation_utils.cc with code that calls into the new mutation_rules library. Add the ability to keep a counter of failed header mutations, and also add the ability for an invalid mutation to cause the HTTP request to fail. Signed-off-by: Gregory Brail <gregbrail@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 1bea8aea1590ffab5bb185d32232f9bf265e6b1e
3 years ago · 065fc34c44
parent 863f431e56
commit 065fc34c44
4 changed files with 14 additions and 3 deletions
--- a/1
+++ b/1
@ -90,6 +90,7 @@ proto_library(
        "//envoy/config/cluster/v3:pkg",
        "//envoy/config/common/key_value/v3:pkg",
        "//envoy/config/common/matcher/v3:pkg",
+        "//envoy/config/common/mutation_rules/v3:pkg",
        "//envoy/config/core/v3:pkg",
        "//envoy/config/endpoint/v3:pkg",
        "//envoy/config/filter/thrift/router/v2alpha1:pkg",
--- a/envoy/config/common/mutation_rules/v3/mutation_rules.proto
+++ b/envoy/config/common/mutation_rules/v3/mutation_rules.proto
@ -14,6 +14,8 @@ option java_multiple_files = true;
 option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3;mutation_rulesv3";
 option (udpa.annotations.file_status).package_version_status = ACTIVE;

+// [#protodoc-title: Header Mutation Rules]
+
 // The HeaderMutationRules structure specifies what headers may be
 // manipulated by a processing filter. This set of rules makes it
 // possible to control which modifications a filter may make.
@ -40,7 +42,6 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // rejected. In the ext_proc filter, that counter is named
 // "rejected_header_mutations".
 // [#next-free-field: 8]
-// [#not-implemented-hide:]
 message HeaderMutationRules {
  // By default, certain headers that could affect processing of subsequent
  // filters or request routing cannot be modified. These headers are
--- a/envoy/extensions/filters/http/ext_proc/v3/BUILD
+++ b/envoy/extensions/filters/http/ext_proc/v3/BUILD
@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2

 api_proto_package(
    deps = [
+        "//envoy/config/common/mutation_rules/v3:pkg",
        "//envoy/config/core/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
        "@com_github_cncf_udpa//xds/annotations/v3:pkg",
--- a/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto
+++ b/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto
@ -2,6 +2,7 @@ syntax = "proto3";

 package envoy.extensions.filters.http.ext_proc.v3;

+import "envoy/config/common/mutation_rules/v3/mutation_rules.proto";
 import "envoy/config/core/v3/grpc_service.proto";
 import "envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto";

@ -31,7 +32,6 @@ option (xds.annotations.v3.file_status).work_in_progress = true;
 // * Request and response attributes are not sent and not processed.
 // * Dynamic metadata in responses from the external processor is ignored.
 // * "async mode" is not implemented
-// * Per-route configuration is not implemented

 // The filter communicates with an external gRPC service called an "external processor"
 // that can do a variety of things with the request and response:
@ -95,7 +95,7 @@ option (xds.annotations.v3.file_status).work_in_progress = true;
 // messages, and the server must reply with
 // :ref:`ProcessingResponse <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>`.

-// [#next-free-field: 9]
+// [#next-free-field: 10]
 message ExternalProcessor {
  // Configuration for the gRPC service that the filter will communicate with.
  // The filter supports both the "Envoy" and "Google" gRPC clients.
@ -151,6 +151,14 @@ message ExternalProcessor {
  // Optional additional prefix to use when emitting statistics. This allows to distinguish
  // emitted statistics between configured *ext_proc* filters in an HTTP filter chain.
  string stat_prefix = 8;
+
+  // Rules that determine what modifications an external processing server may
+  // make to message headers. If not set, all headers may be modified except
+  // for "host", ":authority", ":scheme", ":method", and headers that start
+  // with the header prefix set via
+  // :ref:`header_prefix <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.header_prefix>`
+  // (which is usually "x-envoy").
+  config.common.mutation_rules.v3.HeaderMutationRules mutation_rules = 9;
 }

 // Extra settings that may be added to per-route configuration for a