-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ip-tagging filter: add support for an optional ip-tag-header field #36434
base: main
Are you sure you want to change the base?
Changes from all commits
49b77ae
7febf6a
0da4790
131ee4d
68bb688
e59ea3a
5ea7f0f
ab02a10
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,7 +20,7 @@ IpTaggingFilterConfig::IpTaggingFilterConfig( | |
stat_name_set_(scope.symbolTable().makeSet("IpTagging")), | ||
stats_prefix_(stat_name_set_->add(stat_prefix + "ip_tagging")), | ||
no_hit_(stat_name_set_->add("no_hit")), total_(stat_name_set_->add("total")), | ||
unknown_tag_(stat_name_set_->add("unknown_tag.hit")) { | ||
unknown_tag_(stat_name_set_->add("unknown_tag.hit")), header_(config.ip_tag_header()) { | ||
|
||
// Once loading IP tags from a file system is supported, the restriction on the size | ||
// of the set should be removed and observability into what tags are loaded needs | ||
|
@@ -82,7 +82,13 @@ Http::FilterHeadersStatus IpTaggingFilter::decodeHeaders(Http::RequestHeaderMap& | |
|
||
if (!tags.empty()) { | ||
const std::string tags_join = absl::StrJoin(tags, ","); | ||
headers.appendEnvoyIpTags(tags_join, ","); | ||
|
||
// use the optional header instead of the default if it's provided. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. style-nit: start comment with capital letter. |
||
if (!config_->ip_tag_header().get().empty()) { | ||
headers.appendCopy(config_->ip_tag_header(), tags_join); | ||
} else { | ||
headers.appendEnvoyIpTags(tags_join, ","); | ||
} | ||
|
||
// We must clear the route cache or else we can't match on x-envoy-ip-tags. | ||
callbacks_->downstreamCallbacks()->clearRouteCache(); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,6 +39,8 @@ class IpTaggingFilterConfig { | |
FilterRequestType requestType() const { return request_type_; } | ||
const Network::LcTrie::LcTrie<std::string>& trie() const { return *trie_; } | ||
|
||
const Http::LowerCaseString& ip_tag_header() const { return header_; } | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add a comment here, stating that empty string implies that no I do wonder if it just makes more sense to return the correct |
||
|
||
void incHit(absl::string_view tag) { | ||
incCounter(stat_name_set_->getBuiltin(absl::StrCat(tag, ".hit"), unknown_tag_)); | ||
} | ||
|
@@ -71,6 +73,7 @@ class IpTaggingFilterConfig { | |
const Stats::StatName total_; | ||
const Stats::StatName unknown_tag_; | ||
std::unique_ptr<Network::LcTrie::LcTrie<std::string>> trie_; | ||
const Http::LowerCaseString header_; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: rename to |
||
}; | ||
|
||
using IpTaggingFilterConfigSharedPtr = std::shared_ptr<IpTaggingFilterConfig>; | ||
|
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -192,6 +192,34 @@ TEST_F(IpTaggingFilterTest, AppendEntry) { | |||||
EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->decodeTrailers(request_trailers)); | ||||||
} | ||||||
|
||||||
TEST_F(IpTaggingFilterTest, AppendEntryOptionalHeader) { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
const std::string internal_request_yaml = R"EOF( | ||||||
request_type: internal | ||||||
ip_tag_header: x-envoy-optional-header | ||||||
ip_tags: | ||||||
- ip_tag_name: internal_request_with_optional_header | ||||||
ip_list: | ||||||
- {address_prefix: 1.2.3.4, prefix_len: 32} | ||||||
)EOF"; | ||||||
|
||||||
initializeFilter(internal_request_yaml); | ||||||
|
||||||
Http::TestRequestHeaderMapImpl request_headers{{"x-envoy-internal", "true"}, | ||||||
{"x-envoy-optional-header", "foo"}}; | ||||||
Network::Address::InstanceConstSharedPtr remote_address = | ||||||
Network::Utility::parseInternetAddressNoThrow("1.2.3.4"); | ||||||
filter_callbacks_.stream_info_.downstream_connection_info_provider_->setRemoteAddress( | ||||||
remote_address); | ||||||
|
||||||
EXPECT_EQ(Http::FilterHeadersStatus::Continue, filter_->decodeHeaders(request_headers, false)); | ||||||
EXPECT_EQ("foo,internal_request_with_optional_header", | ||||||
request_headers.get_("x-envoy-optional-header")); | ||||||
|
||||||
EXPECT_EQ(Http::FilterDataStatus::Continue, filter_->decodeData(data_, false)); | ||||||
Http::TestRequestTrailerMapImpl request_trailers; | ||||||
EXPECT_EQ(Http::FilterTrailersStatus::Continue, filter_->decodeTrailers(request_trailers)); | ||||||
} | ||||||
|
||||||
TEST_F(IpTaggingFilterTest, NestedPrefixes) { | ||||||
const std::string duplicate_request_yaml = R"EOF( | ||||||
request_type: both | ||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style-nit: sentence starts with capital letter and ends with '.'.
I suggest explicitly writing the name of the default header name.