Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for EventPolicy filters #4086

Merged
merged 12 commits into from
Aug 28, 2024
Merged

Support for EventPolicy filters #4086

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
e9fd03e
Move filters from dispatcher to core module
creydr Aug 22, 2024
0916b52
Move contract filter converter from ConsumerVerticleBuilder to filter…
creydr Aug 22, 2024
30977b4
Update benchmark module to reflect filter package movements
creydr Aug 26, 2024
214a881
Run update-codegen
creydr Aug 26, 2024
0de7f51
AuthenticationHandler -> AuthHandler
creydr Aug 26, 2024
069b447
Move OIDC discovery from Receiver to TokenVerifierImpl
creydr Aug 27, 2024
e9ace8f
Rework tokenVerifier AuthZ to read the cloudevent only once from the …
creydr Aug 27, 2024
3db7d91
Rename TokenVerifier to AuthVerifier
creydr Aug 27, 2024
eee141c
Provision EventPolicy filters in contract
creydr Aug 27, 2024
99f3b33
Add e2e test
creydr Aug 27, 2024
e264796
Run hack/update-codegen.sh
creydr Aug 27, 2024
39fb741
Fix: Always pass cloudevent (can be null) to ingresshandler
creydr Aug 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions control-plane/pkg/core/config/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,10 @@ func EventPoliciesFromAppliedEventPoliciesStatus(status duck.AppliedEventPolicie
}
}

for _, filter := range policy.Spec.Filters {
contractPolicy.Filters = append(contractPolicy.Filters, contract.FromSubscriptionFilter(filter))
}

eventPolicies = append(eventPolicies, contractPolicy)
}

Expand Down
76 changes: 76 additions & 0 deletions control-plane/pkg/core/config/utils_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ import (
"testing"
"time"

eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"

"google.golang.org/protobuf/encoding/protojson"
eventingv1alpha1 "knative.dev/eventing/pkg/apis/eventing/v1alpha1"
"knative.dev/eventing/pkg/apis/feature"
Expand Down Expand Up @@ -618,6 +620,80 @@ func TestEventPoliciesFromAppliedEventPoliciesStatus(t *testing.T) {
},
},
},
}, {
name: "Multiple policies with filters",
applyingPolicies: []string{
"policy-1",
"policy-2",
},
existingEventPolicies: []*eventingv1alpha1.EventPolicy{
{
ObjectMeta: metav1.ObjectMeta{
Name: "policy-1",
Namespace: "my-ns",
},
Spec: eventingv1alpha1.EventPolicySpec{
Filters: []eventingv1.SubscriptionsAPIFilter{
{
CESQL: "true",
},
},
},
Status: eventingv1alpha1.EventPolicyStatus{
From: []string{
"from-1",
},
},
}, {
ObjectMeta: metav1.ObjectMeta{
Name: "policy-2",
Namespace: "my-ns",
},
Spec: eventingv1alpha1.EventPolicySpec{
Filters: []eventingv1.SubscriptionsAPIFilter{
{
CESQL: "false",
},
},
},
Status: eventingv1alpha1.EventPolicyStatus{
From: []string{
"from-2-*",
},
},
},
},
namespace: "my-ns",
defaultAuthorizationMode: feature.AuthorizationDenyAll,
expected: []*contract.EventPolicy{
{
TokenMatchers: []*contract.TokenMatcher{
exactTokenMatcher("from-1"),
},
Filters: []*contract.DialectedFilter{
{
Filter: &contract.DialectedFilter_Cesql{
Cesql: &contract.CESQL{
Expression: "true",
},
},
},
},
}, {
TokenMatchers: []*contract.TokenMatcher{
prefixTokenMatcher("from-2-"),
},
Filters: []*contract.DialectedFilter{
{
Filter: &contract.DialectedFilter_Cesql{
Cesql: &contract.CESQL{
Expression: "false",
},
},
},
},
},
},
}, {
name: "No applying policies - allow-same-namespace default mode",
applyingPolicies: []string{},
Expand Down
6 changes: 6 additions & 0 deletions data-plane/benchmarks/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@
<artifactId>dispatcher</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>dev.knative.eventing.kafka.broker</groupId>
<artifactId>core</artifactId>
<version>${project.version}</version>
</dependency>

</dependencies>

<build>
Expand Down
11 changes: 5 additions & 6 deletions ...tcher/impl/filter/AllFilterBenchmark.java → ...roker/core/filter/AllFilterBenchmark.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,12 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.AllFilter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.ExactFilter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.PrefixFilter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.SuffixFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.AllFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.ExactFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.PrefixFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.SuffixFilter;
import io.cloudevents.CloudEvent;
import java.util.List;
import java.util.Map;
Expand Down
8 changes: 5 additions & 3 deletions ...tcher/impl/filter/AnyFilterBenchmark.java → ...roker/core/filter/AnyFilterBenchmark.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,12 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.*;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.AnyFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.ExactFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.PrefixFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.SuffixFilter;
import io.cloudevents.CloudEvent;
import java.util.List;
import java.util.Map;
Expand Down
5 changes: 2 additions & 3 deletions ...her/impl/filter/ExactFilterBenchmark.java → ...ker/core/filter/ExactFilterBenchmark.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,9 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.ExactFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.ExactFilter;
import io.cloudevents.CloudEvent;
import io.cloudevents.core.builder.CloudEventBuilder;
import io.cloudevents.core.v1.CloudEventV1;
Expand Down
3 changes: 1 addition & 2 deletions ...spatcher/impl/filter/FilterBenchmark.java → ...a/broker/core/filter/FilterBenchmark.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,8 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import io.cloudevents.CloudEvent;
import java.util.concurrent.TimeUnit;
import org.openjdk.jmh.annotations.*;
Expand Down
11 changes: 5 additions & 6 deletions ...tcher/impl/filter/NotFilterBenchmark.java → ...roker/core/filter/NotFilterBenchmark.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,12 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.ExactFilter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.NotFilter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.PrefixFilter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.SuffixFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.ExactFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.NotFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.PrefixFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.SuffixFilter;
import io.cloudevents.CloudEvent;
import io.cloudevents.core.v1.CloudEventV1;
import java.util.Map;
Expand Down
5 changes: 2 additions & 3 deletions ...er/impl/filter/PrefixFilterBenchmark.java → ...er/core/filter/PrefixFilterBenchmark.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,9 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.PrefixFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.PrefixFilter;
import io.cloudevents.CloudEvent;
import io.cloudevents.core.v1.CloudEventV1;
import java.util.Map;
Expand Down
2 changes: 1 addition & 1 deletion ...r/dispatcher/impl/filter/SampleEvent.java → ...kafka/broker/core/filter/SampleEvent.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import io.cloudevents.CloudEvent;
import io.cloudevents.core.builder.CloudEventBuilder;
Expand Down
5 changes: 2 additions & 3 deletions ...er/impl/filter/SuffixFilterBenchmark.java → ...er/core/filter/SuffixFilterBenchmark.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,9 @@
* limitations under the License.
*/

package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi.SuffixFilter;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.SuffixFilter;
import io.cloudevents.CloudEvent;
import io.cloudevents.core.v1.CloudEventV1;
import java.util.Map;
Expand Down
4 changes: 4 additions & 0 deletions data-plane/core/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,10 @@
<artifactId>vertx-opentelemetry</artifactId>
</dependency>

<dependency>
<groupId>io.cloudevents</groupId>
<artifactId>cloudevents-sql</artifactId>
</dependency>
<dependency>
<groupId>io.cloudevents</groupId>
<artifactId>cloudevents-kafka</artifactId>
Expand Down
3 changes: 1 addition & 2 deletions ...patcher/impl/filter/AttributesFilter.java → .../broker/core/filter/AttributesFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,10 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter;
package dev.knative.eventing.kafka.broker.core.filter;

import static java.time.format.DateTimeFormatter.ISO_INSTANT;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import io.cloudevents.CloudEvent;
import io.cloudevents.core.v03.CloudEventV03;
import io.cloudevents.core.v1.CloudEventV1;
Expand Down
58 changes: 58 additions & 0 deletions data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/filter/Filter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
/*
* Copyright © 2018 Knative Authors (knative-dev@googlegroups.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.core.filter;

import dev.knative.eventing.kafka.broker.contract.DataPlaneContract;
import dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi.*;
import io.cloudevents.CloudEvent;
import java.util.List;
import java.util.function.Predicate;
import java.util.stream.Collectors;

/**
* This interface provides an abstraction for filtering {@link CloudEvent} instances.
*/
@FunctionalInterface
public interface Filter extends Predicate<CloudEvent> {

/**
* @return noop implementation that always returns true
*/
static Filter noop() {
return ce -> true;
}

static Filter fromContract(DataPlaneContract.DialectedFilter filter) {
return switch (filter.getFilterCase()) {
case EXACT -> new ExactFilter(filter.getExact().getAttributesMap());
case PREFIX -> new PrefixFilter(filter.getPrefix().getAttributesMap());
case SUFFIX -> new SuffixFilter(filter.getSuffix().getAttributesMap());
case NOT -> new NotFilter(fromContract(filter.getNot().getFilter()));
case ANY -> new AnyFilter(filter.getAny().getFiltersList().stream()
.map(Filter::fromContract)
.collect(Collectors.toList()));
case ALL -> new AllFilter(filter.getAll().getFiltersList().stream()
.map(Filter::fromContract)
.collect(Collectors.toList()));
case CESQL -> new CeSqlFilter(filter.getCesql().getExpression());
default -> Filter.noop();
};
}

static Filter fromContract(List<DataPlaneContract.DialectedFilter> filters) {
return new AllFilter(filters.stream().map(Filter::fromContract).collect(Collectors.toList()));
}
}
4 changes: 2 additions & 2 deletions ...pl/filter/subscriptionsapi/AllFilter.java → ...re/filter/subscriptionsapi/AllFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi;
package dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.core.filter.Filter;
import io.cloudevents.CloudEvent;
import java.util.List;
import org.slf4j.Logger;
Expand Down
4 changes: 2 additions & 2 deletions ...pl/filter/subscriptionsapi/AnyFilter.java → ...re/filter/subscriptionsapi/AnyFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi;
package dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.core.filter.Filter;
import io.cloudevents.CloudEvent;
import java.util.List;
import org.slf4j.Logger;
Expand Down
4 changes: 2 additions & 2 deletions .../filter/subscriptionsapi/CeSqlFilter.java → .../filter/subscriptionsapi/CeSqlFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi;
package dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.core.filter.Filter;
import io.cloudevents.CloudEvent;
import io.cloudevents.sql.EvaluationContext;
import io.cloudevents.sql.EvaluationException;
Expand Down
4 changes: 2 additions & 2 deletions .../filter/subscriptionsapi/ExactFilter.java → .../filter/subscriptionsapi/ExactFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi;
package dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi;

import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.AttributesFilter;
import dev.knative.eventing.kafka.broker.core.filter.AttributesFilter;
import java.util.Map;

public class ExactFilter extends AttributesFilter {
Expand Down
4 changes: 2 additions & 2 deletions ...pl/filter/subscriptionsapi/NotFilter.java → ...re/filter/subscriptionsapi/NotFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi;
package dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi;

import dev.knative.eventing.kafka.broker.dispatcher.Filter;
import dev.knative.eventing.kafka.broker.core.filter.Filter;
import io.cloudevents.CloudEvent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down
4 changes: 2 additions & 2 deletions ...filter/subscriptionsapi/PrefixFilter.java → ...filter/subscriptionsapi/PrefixFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi;
package dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi;

import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.AttributesFilter;
import dev.knative.eventing.kafka.broker.core.filter.AttributesFilter;
import java.util.Map;

public class PrefixFilter extends AttributesFilter {
Expand Down
4 changes: 2 additions & 2 deletions ...filter/subscriptionsapi/SuffixFilter.java → ...filter/subscriptionsapi/SuffixFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package dev.knative.eventing.kafka.broker.dispatcher.impl.filter.subscriptionsapi;
package dev.knative.eventing.kafka.broker.core.filter.subscriptionsapi;

import dev.knative.eventing.kafka.broker.dispatcher.impl.filter.AttributesFilter;
import dev.knative.eventing.kafka.broker.core.filter.AttributesFilter;
import java.util.Map;

public class SuffixFilter extends AttributesFilter {
Expand Down
Loading
Loading