config: Listener v1 JSON -> proto translation.

bazel/repositories.bzl

@@ -108,7 +108,7 @@ def envoy_api_deps(skip_targets):
  native.git_repository(
  name = "envoy_api",
  remote = REPO_LOCATIONS["envoy_api"],
- commit = "43e63201717bd6498660600d4898f5da7627ad8a",
+ commit = "86de1f257534b931232629b855a3ddbabda7bdc5",
  )
  api_bind_targets = [
  "address",
@@ -117,6 +117,7 @@ def envoy_api_deps(skip_targets):
  "cds",
  "eds",
  "health_check",
+ "lds",
  "protocol",
  "rds",
  "tls_context",

include/envoy/server/BUILD

@@ -119,13 +119,14 @@ envoy_cc_library(
 envoy_cc_library(
  name = "listener_manager_interface",
  hdrs = ["listener_manager.h"],
+ external_deps = ["envoy_lds"],
  deps = [
  ":drain_manager_interface",
  ":filter_config_interface",
  ":guarddog_interface",
- "//include/envoy/json:json_object_interface",
  "//include/envoy/network:filter_interface",
  "//include/envoy/network:listen_socket_interface",
  "//include/envoy/ssl:context_interface",
+ "//source/common/protobuf",
  ],
 )

include/envoy/server/listener_manager.h

@@ -1,13 +1,16 @@
 #pragma once
 
-#include "envoy/json/json_object.h"
 #include "envoy/network/filter.h"
 #include "envoy/network/listen_socket.h"
 #include "envoy/server/drain_manager.h"
 #include "envoy/server/filter_config.h"
 #include "envoy/server/guarddog.h"
 #include "envoy/ssl/context.h"
 
+#include "common/protobuf/protobuf.h"
+
+#include "api/lds.pb.h"
+
 namespace Envoy {
 namespace Server {
 
@@ -29,12 +32,12 @@ class ListenerComponentFactory {
 
  /**
  * Creates a list of filter factories.
- * @param filters supplies the JSON configuration.
+ * @param filters supplies the proto configuration.
  * @param context supplies the factory creation context.
  * @return std::vector<Configuration::NetworkFilterFactoryCb> the list of filter factories.
  */
  virtual std::vector<Configuration::NetworkFilterFactoryCb>
- createFilterFactoryList(const std::vector<Json::ObjectSharedPtr>& filters,
+ createFilterFactoryList(const Protobuf::RepeatedPtrField<envoy::api::v2::Filter>& filters,
  Configuration::FactoryContext& context) PURE;
 
  /**
@@ -127,12 +130,12 @@ class ListenerManager {
  * should be updated. The new listener must have the same configured address. The old listener
  * will be gracefully drained once the new listener is ready to take traffic (e.g. when RDS has
  * been initialized).
- * @param json supplies the configuration JSON.
+ * @param config supplies the configuration proto.
  * @return TRUE if a listener was added or FALSE if the listener was not updated because it is
  * a duplicate of the existing listener. This routine will throw an EnvoyException if
  * there is a fundamental error preventing the listener from being added or updated.
  */
- virtual bool addOrUpdateListener(const Json::Object& json) PURE;
+ virtual bool addOrUpdateListener(const envoy::api::v2::Listener& config) PURE;
 
  /**
  * @return std::vector<std::reference_wrapper<Listener>> a list of the currently loaded listeners.

source/common/config/BUILD

@@ -124,6 +124,21 @@ envoy_cc_library(
  ],
 )
 
+envoy_cc_library(
+ name = "lds_json_lib",
+ srcs = ["lds_json.cc"],
+ hdrs = ["lds_json.h"],
+ external_deps = ["envoy_lds"],
+ deps = [
+ ":json_utility_lib",
+ ":tls_context_json_lib",
+ "//include/envoy/json:json_object_interface",
+ "//source/common/common:assert_lib",
+ "//source/common/json:config_schemas_lib",
+ "//source/common/network:utility_lib",
+ ],
+)
+
 envoy_cc_library(
  name = "metadata_lib",
  srcs = ["metadata.cc"],
@@ -181,6 +196,7 @@ envoy_cc_library(
  hdrs = ["tls_context_json.h"],
  external_deps = ["envoy_tls_context"],
  deps = [
+ ":json_utility_lib",
  "//include/envoy/json:json_object_interface",
  "//source/common/common:utility_lib",
  ],

source/common/config/lds_json.cc

@@ -0,0 +1,51 @@
+#include "common/config/lds_json.h"
+
+#include "common/common/assert.h"
+#include "common/config/json_utility.h"
+#include "common/config/tls_context_json.h"
+#include "common/json/config_schemas.h"
+#include "common/network/utility.h"
+
+namespace Envoy {
+namespace Config {
+
+void LdsJson::translateListener(const Json::Object& json_listener,
+ envoy::api::v2::Listener& listener) {
+ json_listener.validateSchema(Json::Schema::LISTENER_SCHEMA);
+
+ // TODO(htuch): Figure out if we really want UnresolvedAddress here...
+ Network::Address::InstanceConstSharedPtr listener_address =
+ Network::Utility::resolveUrl(json_listener.getString("address"));
+ auto* named_address = listener.mutable_address()->mutable_named_address();
+ named_address->set_address(listener_address->ip()->addressAsString());
+ named_address->mutable_port()->set_value(listener_address->ip()->port());
+
+ auto* filter_chain = listener.mutable_filter_chains()->Add();
+ if (json_listener.hasObject("ssl_context")) {
+ TlsContextJson::translateDownstreamTlsContext(*json_listener.getObject("ssl_context"),
+ *filter_chain->mutable_tls_context());
+ }
+
+ for (const auto& json_filter : json_listener.getObjectArray("filters", true)) {
+ auto* filter = filter_chain->mutable_filters()->Add();
+ JSON_UTIL_SET_STRING(*json_filter, *filter, name);
+ JSON_UTIL_SET_STRING(*json_filter, *filter->mutable_deprecated_v1(), type);
+
+ const auto status = Protobuf::util::JsonStringToMessage(
+ json_filter->getObject("config")->asJsonString(), filter->mutable_config());
+ // JSON schema has already validated that this is a valid JSON object.
+ ASSERT(status.ok());
+ UNREFERENCED_PARAMETER(status);
+ }
+
+ JSON_UTIL_SET_BOOL(json_listener, *filter_chain, use_proxy_proto);
+
+ JSON_UTIL_SET_BOOL(json_listener, listener, use_original_dst);
+ JSON_UTIL_SET_INTEGER(json_listener, listener, per_connection_buffer_limit_bytes);
+ JSON_UTIL_SET_STRING(json_listener, listener, name);
+
+ JSON_UTIL_SET_BOOL(json_listener, *listener.mutable_deprecated_v1(), bind_to_port);
+}
+
+} // namespace Config
+} // namespace Envoy

source/common/config/lds_json.h

@@ -0,0 +1,22 @@
+#pragma once
+
+#include "envoy/json/json_object.h"
+
+#include "api/lds.pb.h"
+
+namespace Envoy {
+namespace Config {
+
+class LdsJson {
+public:
+ /**
+ * Translate a v1 JSON Listener to v2 envoy::api::v2::Listener.
+ * @param json_listener source v1 JSON Listener object.
+ * @param listener destination v2 envoy::api::v2::Listener.
+ */
+ static void translateListener(const Json::Object& json_listener,
+ envoy::api::v2::Listener& listener);
+};
+
+} // namespace Config
+} // namespace Envoy

source/common/config/tls_context_json.cc

@@ -1,10 +1,20 @@
 #include "common/config/tls_context_json.h"
 
 #include "common/common/utility.h"
+#include "common/config/json_utility.h"
 
 namespace Envoy {
 namespace Config {
 
+void TlsContextJson::translateDownstreamTlsContext(
+ const Json::Object& json_tls_context,
+ envoy::api::v2::DownstreamTlsContext& downstream_tls_context) {
+ translateCommonTlsContext(json_tls_context, *downstream_tls_context.mutable_common_tls_context());
+ translateTlsCertificate(json_tls_context,
+ *downstream_tls_context.mutable_tls_certificates()->Add());
+ JSON_UTIL_SET_BOOL(json_tls_context, downstream_tls_context, require_client_certificate);
+}
+
 void TlsContextJson::translateUpstreamTlsContext(
  const Json::Object& json_tls_context,
  envoy::api::v2::UpstreamTlsContext& upstream_tls_context) {

source/common/config/tls_context_json.h

@@ -9,6 +9,15 @@ namespace Config {
 
 class TlsContextJson {
 public:
+ /**
+ * Translate a v1 JSON TLS context to v2 envoy::api::v2::DownstreamTlsContext.
+ * @param json_tls_context source v1 JSON TLS context object.
+ * @param downstream_tls_context destination v2 envoy::api::v2::Cluster.
+ */
+ static void
+ translateDownstreamTlsContext(const Json::Object& json_tls_context,
+ envoy::api::v2::DownstreamTlsContext& downstream_tls_context);
+
  /**
  * Translate a v1 JSON TLS context to v2 envoy::api::v2::UpstreamTlsContext.
  * @param json_tls_context source v1 JSON TLS context object.

source/common/ssl/context_config_impl.cc

@@ -65,19 +65,21 @@ ClientContextConfigImpl::ClientContextConfigImpl(const Json::Object& config)
  return upstream_tls_context;
  }()) {}
 
+ServerContextConfigImpl::ServerContextConfigImpl(const envoy::api::v2::DownstreamTlsContext& config)
+ : ContextConfigImpl(config.common_tls_context(), config.tls_certificates()[0]),
+ require_client_certificate_(
+ PROTOBUF_GET_WRAPPED_OR_DEFAULT(config, require_client_certificate, false)) {
+ // TODO(htuch): Handle multiple certs #1319, add constraint for now to ensure we have at least one
+ // cert #1308.
+ ASSERT(config.tls_certificates().size() == 1);
+}
+
 ServerContextConfigImpl::ServerContextConfigImpl(const Json::Object& config)
- : ContextConfigImpl(
- [&config] {
- envoy::api::v2::CommonTlsContext common_tls_context;
- Config::TlsContextJson::translateCommonTlsContext(config, common_tls_context);
- return common_tls_context;
- }(),
- [&config] {
- envoy::api::v2::TlsCertificate tls_certificate;
- Config::TlsContextJson::translateTlsCertificate(config, tls_certificate);
- return tls_certificate;
- }()),
- require_client_certificate_(config.getBoolean("require_client_certificate", false)) {}
+ : ServerContextConfigImpl([&config] {
+ envoy::api::v2::DownstreamTlsContext downstream_tls_context;
+ Config::TlsContextJson::translateDownstreamTlsContext(config, downstream_tls_context);
+ return downstream_tls_context;
+ }()) {}
 
 } // namespace Ssl
 } // namespace Envoy

source/common/ssl/context_config_impl.h

@@ -60,6 +60,7 @@ class ClientContextConfigImpl : public ContextConfigImpl, public ClientContextCo
 
 class ServerContextConfigImpl : public ContextConfigImpl, public ServerContextConfig {
 public:
+ ServerContextConfigImpl(const envoy::api::v2::DownstreamTlsContext& config);
  ServerContextConfigImpl(const Json::Object& config);
 
  // Ssl::ServerContextConfig

source/server/BUILD

@@ -21,7 +21,10 @@ envoy_cc_library(
  name = "configuration_lib",
  srcs = ["configuration_impl.cc"],
  hdrs = ["configuration_impl.h"],
- external_deps = ["envoy_bootstrap"],
+ external_deps = [
+ "envoy_bootstrap",
+ "envoy_lds",
+ ],
  deps = [
  ":lds_api_lib",
  "//include/envoy/http:filter_interface",
@@ -36,6 +39,7 @@ envoy_cc_library(
  "//source/common/common:assert_lib",
  "//source/common/common:logger_lib",
  "//source/common/common:utility_lib",
+ "//source/common/config:lds_json_lib",
  "//source/common/json:config_schemas_lib",
  "//source/common/network:utility_lib",
  "//source/common/ratelimit:ratelimit_lib",
@@ -148,10 +152,12 @@ envoy_cc_library(
  name = "lds_api_lib",
  srcs = ["lds_api.cc"],
  hdrs = ["lds_api.h"],
+ external_deps = ["envoy_lds"],
  deps = [
  "//include/envoy/init:init_interface",
  "//include/envoy/server:listener_manager_interface",
  "//include/envoy/stats:stats_macros",
+ "//source/common/config:lds_json_lib",
  "//source/common/config:utility_lib",
  "//source/common/http:rest_api_fetcher_lib",
  "//source/common/json:config_schemas_lib",
@@ -163,6 +169,7 @@ envoy_cc_library(
  name = "listener_manager_lib",
  srcs = ["listener_manager_impl.cc"],
  hdrs = ["listener_manager_impl.h"],
+ external_deps = ["envoy_lds"],
  deps = [
  ":configuration_lib",
  ":drain_manager_lib",
@@ -171,10 +178,9 @@ envoy_cc_library(
  "//include/envoy/server:filter_config_interface",
  "//include/envoy/server:listener_manager_interface",
  "//include/envoy/server:worker_interface",
- "//source/common/json:config_schemas_lib",
- "//source/common/json:json_validator_lib",
  "//source/common/network:listen_socket_lib",
  "//source/common/network:utility_lib",
+ "//source/common/protobuf:utility_lib",
  "//source/common/ssl:context_config_lib",
  ],
 )

source/server/config_validation/server.h

@@ -92,7 +92,7 @@ class ValidationInstance : Logger::Loggable<Logger::Id::main>,
 
  // Server::ListenerComponentFactory
  std::vector<Configuration::NetworkFilterFactoryCb>
- createFilterFactoryList(const std::vector<Json::ObjectSharedPtr>& filters,
+ createFilterFactoryList(const Protobuf::RepeatedPtrField<envoy::api::v2::Filter>& filters,
  Configuration::FactoryContext& context) override {
  return ProdListenerComponentFactory::createFilterFactoryList_(filters, *this, context);
  }

source/server/configuration_impl.cc

@@ -14,10 +14,12 @@
 
 #include "common/common/assert.h"
 #include "common/common/utility.h"
+#include "common/config/lds_json.h"
 #include "common/json/config_schemas.h"
 #include "common/ratelimit/ratelimit_impl.h"
 #include "common/tracing/http_tracer_impl.h"
 
+#include "api/lds.pb.h"
 #include "spdlog/spdlog.h"
 
 namespace Envoy {
@@ -44,7 +46,9 @@ void MainImpl::initialize(const Json::Object& json, const envoy::api::v2::Bootst
  ENVOY_LOG(info, "loading {} listener(s)", listeners.size());
  for (size_t i = 0; i < listeners.size(); i++) {
  ENVOY_LOG(info, "listener #{}:", i);
- server.listenerManager().addOrUpdateListener(*listeners[i]);
+ envoy::api::v2::Listener listener;
+ Config::LdsJson::translateListener(*listeners[i], listener);
+ server.listenerManager().addOrUpdateListener(listener);
  }
 
  if (json.hasObject("lds")) {

source/server/lds_api.cc

@@ -2,11 +2,14 @@
 
 #include <functional>
 
+#include "common/config/lds_json.h"
 #include "common/config/utility.h"
 #include "common/http/headers.h"
 #include "common/json/config_schemas.h"
 #include "common/json/json_loader.h"
 
+#include "api/lds.pb.h"
+
 namespace Envoy {
 namespace Server {
 
@@ -49,10 +52,12 @@ void LdsApi::parseResponse(const Http::Message& response) {
  listeners_to_remove.emplace(listener.get().name(), listener);
  }
 
- for (const auto& listener : json_listeners) {
- const std::string listener_name = listener->getString("name");
+ for (const auto& json_listener : json_listeners) {
+ const std::string listener_name = json_listener->getString("name");
  listeners_to_remove.erase(listener_name);
- if (listener_manager_.addOrUpdateListener(*listener)) {
+ envoy::api::v2::Listener listener;
+ Config::LdsJson::translateListener(*json_listener, listener);
+ if (listener_manager_.addOrUpdateListener(listener)) {
  ENVOY_LOG(info, "lds: add/update listener '{}'", listener_name);
  } else {
  ENVOY_LOG(debug, "lds: add/update listener '{}' skipped", listener_name);