From 5b02b613cd83ad4a2194f0fe4df550ac14996656 Mon Sep 17 00:00:00 2001
From: "data-plane-api(Azure Pipelines)"
 <data-plane-api@users.noreply.github.com>
Date: Tue, 9 Nov 2021 04:11:31 +0000
Subject: [PATCH] thrift_proxy: Add thrift header to metadata filter (#18637)

Signed-off-by: James Fish <jfish@pinterest.com>

Mirrored from https://github.com/envoyproxy/envoy @ 6acc5d20cba6706cdba1c9ade2303f06061c88d9
---
 BUILD                                         |   1 +
 .../filters/header_to_metadata/v3/BUILD       |  12 ++
 .../v3/header_to_metadata.proto               | 109 ++++++++++++++++++
 versioning/BUILD                              |   1 +
 4 files changed, 123 insertions(+)
 create mode 100644 envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/BUILD
 create mode 100644 envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/header_to_metadata.proto

diff --git a/BUILD b/BUILD
index 11eb3d4b..ddd1f98b 100644
--- a/BUILD
+++ b/BUILD
@@ -193,6 +193,7 @@ proto_library(
         "//envoy/extensions/filters/network/sni_cluster/v3:pkg",
         "//envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3:pkg",
         "//envoy/extensions/filters/network/tcp_proxy/v3:pkg",
+        "//envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/router/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/v3:pkg",
diff --git a/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/BUILD b/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/BUILD
new file mode 100644
index 00000000..693f0b92
--- /dev/null
+++ b/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/BUILD
@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/type/matcher/v3:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)
diff --git a/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/header_to_metadata.proto b/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/header_to_metadata.proto
new file mode 100644
index 00000000..f0b0ec96
--- /dev/null
+++ b/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/header_to_metadata.proto
@@ -0,0 +1,109 @@
+syntax = "proto3";
+
+package envoy.extensions.filters.network.thrift_proxy.filters.header_to_metadata.v3;
+
+import "envoy/type/matcher/v3/regex.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.header_to_metadata.v3";
+option java_outer_classname = "HeaderToMetadataProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Header-To-Metadata Filter]
+//
+// The configuration for transforming headers into metadata. This is useful
+// for matching load balancer subsets, logging, etc.
+//
+// Header to Metadata :ref:`configuration overview <config_thrift_filters_header_to_metadata>`.
+// [#extension: envoy.filters.thrift.header_to_metadata]
+
+message HeaderToMetadata {
+  enum ValueType {
+    STRING = 0;
+
+    NUMBER = 1;
+
+    // The value is a serialized `protobuf.Value
+    // <https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/struct.proto#L62>`_.
+    PROTOBUF_VALUE = 2;
+  }
+
+  // ValueEncode defines the encoding algorithm.
+  enum ValueEncode {
+    // The value is not encoded.
+    NONE = 0;
+
+    // The value is encoded in `Base64 <https://tools.ietf.org/html/rfc4648#section-4>`_.
+    // Note: this is mostly used for STRING and PROTOBUF_VALUE to escape the
+    // non-ASCII characters in the header.
+    BASE64 = 1;
+  }
+
+  // [#next-free-field: 7]
+  message KeyValuePair {
+    // The namespace — if this is empty, the filter's namespace will be used.
+    string metadata_namespace = 1;
+
+    // The key to use within the namespace.
+    string key = 2 [(validate.rules).string = {min_len: 1}];
+
+    oneof value_type {
+      // The value to pair with the given key.
+      //
+      // When used for on_present case, if value is non-empty it'll be used instead
+      // of the header value. If both are empty, no metadata is added.
+      //
+      // When used for on_missing case, a non-empty value must be provided otherwise
+      // no metadata is added.
+      string value = 3;
+
+      // If present, the header's value will be matched and substituted with this.
+      // If there is no match or substitution, the header value
+      // is used as-is.
+      //
+      // This is only used for on_present.
+      //
+      // Note: if the `value` field is non-empty this field should be empty.
+      type.matcher.v3.RegexMatchAndSubstitute regex_value_rewrite = 4;
+    }
+
+    // The value's type — defaults to string.
+    ValueType type = 5 [(validate.rules).enum = {defined_only: true}];
+
+    // How is the value encoded, default is NONE (not encoded).
+    // The value will be decoded accordingly before storing to metadata.
+    ValueEncode encode = 6;
+  }
+
+  // A Rule defines what metadata to apply when a header is present or missing.
+  message Rule {
+    // Specifies that a match will be performed on the value of a header.
+    //
+    // The header to be extracted.
+    string header = 1
+        [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
+
+    // If the header is present, apply this metadata KeyValuePair.
+    //
+    // If the value in the KeyValuePair is non-empty, it'll be used instead
+    // of the header value.
+    KeyValuePair on_present = 2;
+
+    // If the header is not present, apply this metadata KeyValuePair.
+    //
+    // The value in the KeyValuePair must be set, since it'll be used in lieu
+    // of the missing header value.
+    KeyValuePair on_missing = 3;
+
+    // Whether or not to remove the header after a rule is applied.
+    //
+    // This prevents headers from leaking.
+    bool remove = 4;
+  }
+
+  // The list of rules to apply to requests.
+  repeated Rule request_rules = 1 [(validate.rules).repeated = {min_items: 1}];
+}
diff --git a/versioning/BUILD b/versioning/BUILD
index 8eeb536f..24195d8d 100644
--- a/versioning/BUILD
+++ b/versioning/BUILD
@@ -130,6 +130,7 @@ proto_library(
         "//envoy/extensions/filters/network/sni_cluster/v3:pkg",
         "//envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3:pkg",
         "//envoy/extensions/filters/network/tcp_proxy/v3:pkg",
+        "//envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/router/v3:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/v3:pkg",