Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

ip-tagging filter: add support for an optional ip-tag-header field (#36434)

Browse Source 
# Description

This change adds support for specifying an optional header to ip-tagging
filter instead of the default header that it uses (`x-envoy-ip-tags`).

example
```
   http_filters
     - name: ip.tagging
       typed_config:
         "@type": type.googleapis.com/envoy.extensions.filters.http.ip_tagging.v3.IPTagging
         request_type: BOTH
         ip_tag_header: "x-slack-foo-bar"
         ip_tags: []
```

# Why

Currently, the ip-tagging filter always writes its output into the
`x-envoy-ip-tags` header. When this filter is used for more than one
purpose in the same filter chain which we do at Slack in our production
environment, we do need to take care of cleaning up the header in
between which has been proven a bit tricky sometimes. Leaking the values
in between the filter chain is bad so we try to avoid that.

We would like this to be configurable. This way we can use the optional
header instead of trying the use the same header however many times the
same filter is used on the same filter chain in a listener.

# Risk Level
this is a new feature, doesn't affect the existing functionality so
guessing low but open to changing if I'm wrong.

# Testing
added test

Docs Changes: Added, alongside release notes

Co-authored-by: Ariane van der Steldt
[avandersteldt@slack-corp.com](mailto:avandersteldt@slack-corp.com)
Signed-off-by: Radha Kumari
[rkumari@slack-corp.com](mailto:rkumari@slack-corp.com)

---------

Signed-off-by: Radha Kumari <rkumari@slack-corp.com>
Signed-off-by: Radha <kumari.radha3@gmail.com>
Signed-off-by: Radha <rkumari@slack-corp.com>
Signed-off-by: Ariane van der Steldt <avandersteldt@slack-corp.com>
Co-authored-by: Adi (Suissa) Peleg <adip@google.com>
Co-authored-by: Ariane van der Steldt <avandersteldt@slack-corp.com>

Mirrored from https://github.com/envoyproxy/envoy @ 414ad34fb35ea90e50c04d6ed85f884dd3921de7
main
update-envoy[bot] 3 weeks ago
parent 51ab040126
commit 4ace91458e
1 changed files with 38 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 38
      envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto

38
envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto
Unescape View File

@ -18,6 +18,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// IP tagging :ref:`configuration overview <config_http_filters_ip_tagging>`. // IP tagging :ref:`configuration overview <config_http_filters_ip_tagging>`.
// [#extension: envoy.filters.http.ip_tagging] // [#extension: envoy.filters.http.ip_tagging]
// [#next-free-field: 6]
message IPTagging { message IPTagging {
option (udpa.annotations.versioning).previous_message_type = option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.ip_tagging.v2.IPTagging"; "envoy.config.filter.http.ip_tagging.v2.IPTagging";
@ -52,6 +53,38 @@ message IPTagging {
repeated config.core.v3.CidrRange ip_list = 2; repeated config.core.v3.CidrRange ip_list = 2;
} }
// Specify to which header the tags will be written.
message IpTagHeader {
// Describes how to apply the tags to the headers.
enum HeaderAction {
// (DEFAULT) The header specified in :ref:`ip_tag_header <envoy_v3_api_field_extensions.filters.http.ip_tagging.v3.IPTagging.ip_tag_header>`
// will be dropped, before the tags are applied. The incoming header will be "sanitized" regardless of whether the request is internal or external.
//
// Note that the header will be visible unsanitized to any filters that are invoked before the ip-tag-header filter, unless it has an *x-envoy* prefix.
SANITIZE = 0;
// Tags will be appended to the header specified in
// :ref:`ip_tag_header <envoy_v3_api_field_extensions.filters.http.ip_tagging.v3.IPTagging.ip_tag_header>`.
//
// Please note that this could cause the header to retain values set by the http client regardless of whether the request is internal or external.
APPEND_IF_EXISTS_OR_ADD = 1;
}
// Header to use for ip-tagging.
//
// This header will be sanitized based on the config in
// :ref:`action <envoy_v3_api_field_extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.action>`
// rather than the defaults for x-envoy prefixed headers.
string header = 1
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// Control if the :ref:`header <envoy_v3_api_field_extensions.filters.http.ip_tagging.v3.IPTagging.IpTagHeader.header>`
// will be sanitized, or be appended to.
//
// Default: *SANITIZE*.
HeaderAction action = 2;
}
// The type of request the filter should apply to. // The type of request the filter should apply to.
RequestType request_type = 1 [(validate.rules).enum = {defined_only: true}]; RequestType request_type = 1 [(validate.rules).enum = {defined_only: true}];
@ -59,4 +92,9 @@ message IPTagging {
// Tracked by issue https://github.com/envoyproxy/envoy/issues/2695] // Tracked by issue https://github.com/envoyproxy/envoy/issues/2695]
// The set of IP tags for the filter. // The set of IP tags for the filter.
repeated IPTag ip_tags = 4 [(validate.rules).repeated = {min_items: 1}]; repeated IPTag ip_tags = 4 [(validate.rules).repeated = {min_items: 1}];
// Specify to which header the tags will be written.
//
// If left unspecified, the tags will be appended to the ``x-envoy-ip-tags`` header.
IpTagHeader ip_tag_header = 5;
} }

Write Preview
Loading…
Cancel
Save