diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go index dc71f9a91a4f..9e8940a4ceaa 100644 --- a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go @@ -2,6 +2,7 @@ package v1alpha1 import ( envoy_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/pkg/errors" mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" @@ -61,6 +62,9 @@ func (p plugin) Apply(rs *core_xds.ResourceSet, ctx xds_context.Context, proxy * if err := applyToGateway(policies.GatewayRules, listeners.Gateway, ctx.Mesh.Resources.MeshLocalResources, proxy, endpoints, accessLogSocketPath); err != nil { return err } + if err := applyToRealResources(rs, policies.ToRules.ResourceRules, ctx.Mesh, proxy.Dataplane, endpoints, accessLogSocketPath); err != nil { + return err + } if err := plugin_xds.HandleClusters(*endpoints, rs, proxy); err != nil { return errors.Wrap(err, "unable to handle clusters for policy") @@ -296,3 +300,47 @@ func configureOutbound( return nil } + +func applyToRealResources(rs *core_xds.ResourceSet, rules core_rules.ResourceRules, meshCtx xds_context.MeshContext, dataplane *core_mesh.DataplaneResource, backendsAcc *plugin_xds.EndpointAccumulator, accessLogSocketPath string) error { + for uri, resType := range rs.IndexByOrigin() { + conf := rules.Compute(uri, meshCtx.Resources) + if conf == nil { + continue + } + + for typ, resources := range resType { + switch typ { + case envoy_resource.ListenerType: + err := configureListeners(resources, conf.Conf[0].(api.Conf), dataplane, backendsAcc, accessLogSocketPath) + if err != nil { + return err + } + } + } + } + return nil +} + +func configureListeners(resources []*core_xds.Resource, conf api.Conf, dataplane *core_mesh.DataplaneResource, backendsAcc *plugin_xds.EndpointAccumulator, accessLogSocketPath string) error { + sourceService := dataplane.Spec.GetIdentifyingService() + for _, backend := range pointer.Deref(conf.Backends) { + for _, resource := range resources { + configurer := plugin_xds.Configurer{ + Mesh: dataplane.GetMeta().GetMesh(), + TrafficDirection: envoy.TrafficDirectionOutbound, + SourceService: sourceService, + DestinationService: resource.ResourceOrigin.Name, + Backend: backend, + Dataplane: dataplane, + AccessLogSocketPath: accessLogSocketPath, + } + + for _, chain := range resource.Resource.(*envoy_listener.Listener).FilterChains { + if err := configurer.Configure(chain, backendsAcc); err != nil { + return err + } + } + } + } + return nil +} diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin_test.go b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin_test.go index a7f0b42fa834..c636b34f4fca 100644 --- a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin_test.go +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin_test.go @@ -14,9 +14,9 @@ import ( mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" core_plugins "github.com/kumahq/kuma/pkg/core/plugins" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + core_model "github.com/kumahq/kuma/pkg/core/resources/model" core_xds "github.com/kumahq/kuma/pkg/core/xds" core_rules "github.com/kumahq/kuma/pkg/plugins/policies/core/rules" - policies_xds "github.com/kumahq/kuma/pkg/plugins/policies/core/xds" api "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" plugin "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1" gateway_plugin "github.com/kumahq/kuma/pkg/plugins/runtime/gateway" @@ -35,6 +35,17 @@ import ( ) var _ = Describe("MeshAccessLog", func() { + backendMeshServiceIdentifier := core_rules.UniqueResourceIdentifier{ + ResourceIdentifier: core_model.ResourceIdentifier{ + Name: "backend", + Mesh: "default", + Namespace: "backend-ns", + Zone: "zone-1", + }, + ResourceType: "MeshService", + SectionName: "", + } + type sidecarTestCase struct { resources []core_xds.Resource outbounds core_xds.Outbounds @@ -45,6 +56,7 @@ var _ = Describe("MeshAccessLog", func() { } DescribeTable("should generate proper Envoy config", func(given sidecarTestCase) { + // given resourceSet := core_xds.NewResourceSet() for _, res := range given.resources { r := res @@ -77,11 +89,18 @@ var _ = Describe("MeshAccessLog", func() { xds_builders.MatchedPolicies().WithPolicy(api.MeshAccessLogType, given.toRules, given.fromRules), ). Build() + + // when plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin) + // then Expect(plugin.Apply(resourceSet, xdsCtx, proxy)).To(Succeed()) - policies_xds.ResourceArrayShouldEqual(resourceSet.ListOf(envoy_resource.ListenerType), given.expectedListeners) - policies_xds.ResourceArrayShouldEqual(resourceSet.ListOf(envoy_resource.ClusterType), given.expectedClusters) + for i, expectedListener := range given.expectedListeners { + Expect(util_proto.ToYAML(resourceSet.ListOf(envoy_resource.ListenerType)[i].Resource)).To(matchers.MatchGoldenYAML(filepath.Join("testdata", expectedListener))) + } + for i, expectedCluster := range given.expectedClusters { + Expect(util_proto.ToYAML(resourceSet.ListOf(envoy_resource.ClusterType)[i].Resource)).To(matchers.MatchGoldenYAML(filepath.Join("testdata", expectedCluster))) + } }, Entry("basic outbound route", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -122,51 +141,50 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - textFormatSource: - inlineString: | - [%START_TIME%] default "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-B3-TRACEID?X-DATADOG-TRACEID)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "backend" "other-service" "127.0.0.1" "%UPSTREAM_HOST%" - path: /tmp/log - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: outbound:backend - validateClusters: false - requestHeadersToAdd: - - header: - key: x-kuma-tags - value: '&kuma.io/service=web&' - virtualHosts: - - domains: - - '*' - name: backend - routes: - - match: - prefix: / - route: - cluster: backend - timeout: 0s - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, + expectedListeners: []string{"basic_outbound.listener.golden.yaml"}, + }), + Entry("basic outbound route from real MeshService", sidecarTestCase{ + resources: []core_xds.Resource{{ + Name: "outbound", + Origin: generator.OriginOutbound, + Resource: NewOutboundListenerBuilder(envoy_common.APIV3, "127.0.0.1", 27777, core_xds.SocketAddressProtocolTCP). + Configure(FilterChain(NewFilterChainBuilder(envoy_common.APIV3, envoy_common.AnonymousResource). + Configure(HttpConnectionManager("127.0.0.1:27777", false)). + Configure( + HttpOutboundRoute( + "backend", + envoy_common.Routes{{ + Clusters: []envoy_common.Cluster{envoy_common.NewCluster( + envoy_common.WithService("backend"), + envoy_common.WithWeight(100), + )}, + }}, + map[string]map[string]bool{ + "kuma.io/service": { + "web": true, + }, + }, + ), + ), + )).MustBuild(), + ResourceOrigin: &backendMeshServiceIdentifier, + }}, + toRules: core_rules.ToRules{ + ResourceRules: map[core_rules.UniqueResourceIdentifier]core_rules.ResourceRule{ + backendMeshServiceIdentifier: { + Conf: []interface{}{ + api.Conf{ + Backends: &[]api.Backend{{ + File: &api.FileBackend{ + Path: "/tmp/log", + }, + }}, + }, + }, + }, + }, }, + expectedListeners: []string{"basic_outbound_real_meshservice.listener.golden.yaml"}, }), Entry("outbound tcpproxy with file backend and default format", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -197,31 +215,7 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - textFormatSource: - inlineString: | - [%START_TIME%] %RESPONSE_FLAGS% default 127.0.0.1(backend)->%UPSTREAM_HOST%(other-service) took %DURATION%ms, sent %BYTES_SENT% bytes, received: %BYTES_RECEIVED% bytes - path: /tmp/log - cluster: backend - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, - }, + expectedListeners: []string{"outbound_file_backend_default_format.listener.golden.yaml"}, }), Entry("outbound tcpproxy with file backend and plain format", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -255,31 +249,7 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - textFormatSource: - inlineString: | - custom format [%START_TIME%] %RESPONSE_FLAGS% - path: /tmp/log - cluster: backend - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, - }, + expectedListeners: []string{"outbound_file_backend_plain_format.listener.golden.yaml"}, }), Entry("outbound tcpproxy with file backend and json format", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -316,31 +286,7 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - jsonFormat: - duration: '%DURATION%' - protocol: '%PROTOCOL%' - path: /tmp/log - cluster: backend - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, - }, + expectedListeners: []string{"outbound_file_backend_json_format.listener.golden.yaml"}, }), Entry("outbound tcpproxy with tcp backend and default format", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -371,32 +317,7 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - jsonFormat: - address: logging.backend - message: | - [%START_TIME%] %RESPONSE_FLAGS% default 127.0.0.1(backend)->%UPSTREAM_HOST%(other-service) took %DURATION%ms, sent %BYTES_SENT% bytes, received: %BYTES_RECEIVED% bytes - path: /tmp/kuma-al-backend-default.sock - cluster: backend - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, - }, + expectedListeners: []string{"outbound_tcp_backend_default_format.listener.golden.yaml"}, }), Entry("outbound tcpproxy with opentelemetry backend and plain format", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -505,132 +426,13 @@ var _ = Describe("MeshAccessLog", func() { }, }, expectedClusters: []string{ - ` - altStatName: meshaccesslog_opentelemetry_0 - connectTimeout: 5s - dnsLookupFamily: V4_ONLY - loadAssignment: - clusterName: meshaccesslog:opentelemetry:0 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: otel-collector - portValue: 4317 - name: meshaccesslog:opentelemetry:0 - type: STRICT_DNS - typedExtensionProtocolOptions: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicitHttpConfig: - http2ProtocolOptions: {} - `, ` - altStatName: meshaccesslog_opentelemetry_1 - connectTimeout: 5s - dnsLookupFamily: V4_ONLY - loadAssignment: - clusterName: meshaccesslog:opentelemetry:1 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: other-otel-collector - portValue: 5317 - name: meshaccesslog:opentelemetry:1 - type: STRICT_DNS - typedExtensionProtocolOptions: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicitHttpConfig: - http2ProtocolOptions: {} - `, + "outbound_otel_backend_plain_format.cluster.golden.yaml", + "outbound_otel_backend_plain_format_1.cluster.golden.yaml", }, expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27779 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.open_telemetry - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig - body: - kvlistValue: - values: - - key: mesh - value: - stringValue: default - attributes: {} - commonConfig: - grpcService: - envoyGrpc: - clusterName: meshaccesslog:opentelemetry:1 - logName: MeshAccessLog - transportApiVersion: V3 - cluster: bar-service - statPrefix: "127_0_0_1_27779" - name: outbound:127.0.0.1:27779 - trafficDirection: OUTBOUND`, ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27778 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.open_telemetry - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig - body: - stringValue: default - attributes: {} - commonConfig: - grpcService: - envoyGrpc: - clusterName: meshaccesslog:opentelemetry:0 - logName: MeshAccessLog - transportApiVersion: V3 - cluster: foo-service - statPrefix: "127_0_0_1_27778" - name: outbound:127.0.0.1:27778 - trafficDirection: OUTBOUND`, ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.open_telemetry - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig - body: - stringValue: '[%START_TIME%] %RESPONSE_FLAGS% default 127.0.0.1(backend)->%UPSTREAM_HOST%(other-service) took %DURATION%ms, sent %BYTES_SENT% bytes, received: %BYTES_RECEIVED% bytes' - attributes: {} - commonConfig: - grpcService: - envoyGrpc: - clusterName: meshaccesslog:opentelemetry:0 - logName: MeshAccessLog - transportApiVersion: V3 - cluster: other-service - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, + "outbound_otel_backend_plain_format.listener.golden.yaml", + "outbound_otel_backend_plain_format_1.listener.golden.yaml", + "outbound_otel_backend_plain_format_2.listener.golden.yaml", }, }), Entry("outbound tcpproxy with tcp backend and plain format", sidecarTestCase{ @@ -665,32 +467,7 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - jsonFormat: - address: logging.backend - message: | - custom format [%START_TIME%] %RESPONSE_FLAGS% - path: /tmp/kuma-al-backend-default.sock - cluster: backend - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, - }, + expectedListeners: []string{"outbound_tcp_backend_plain_format.listener.golden.yaml"}, }), Entry("outbound tcpproxy with tcp backend and json format", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -727,33 +504,7 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - jsonFormat: - address: logging.backend - message: - duration: '%DURATION%' - protocol: '%PROTOCOL%' - path: /tmp/kuma-al-backend-default.sock - cluster: backend - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, - }, + expectedListeners: []string{"outbound_tcp_backend_json_format.listener.golden.yaml"}, }), Entry("basic outbound route without match", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -799,42 +550,7 @@ var _ = Describe("MeshAccessLog", func() { }, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 27777 - filterChains: - - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: outbound:backend - validateClusters: false - requestHeadersToAdd: - - header: - key: x-kuma-tags - value: '&kuma.io/service=web&' - virtualHosts: - - domains: - - '*' - name: backend - routes: - - match: - prefix: / - route: - cluster: backend - timeout: 0s - statPrefix: "127_0_0_1_27777" - name: outbound:127.0.0.1:27777 - trafficDirection: OUTBOUND`, - }, + expectedListeners: []string{"outbound_route_without_match.listener.golden.yaml"}, }), Entry("basic inbound route", sidecarTestCase{ resources: []core_xds.Resource{{ @@ -872,50 +588,7 @@ var _ = Describe("MeshAccessLog", func() { }}, }, }, - expectedListeners: []string{ - ` - address: - socketAddress: - address: 127.0.0.1 - portValue: 17777 - enableReusePort: false - filterChains: - - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - accessLog: - - name: envoy.access_loggers.file - typedConfig: - '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - logFormat: - textFormatSource: - inlineString: | - [%START_TIME%] default "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-B3-TRACEID?X-DATADOG-TRACEID)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "unknown" "backend" "127.0.0.1" "%UPSTREAM_HOST%" - path: /tmp/log - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: inbound:backend - validateClusters: false - requestHeadersToRemove: - - x-kuma-tags - virtualHosts: - - domains: - - '*' - name: backend - routes: - - match: - prefix: / - route: - cluster: backend - timeout: 0s - statPrefix: "127_0_0_1_17777" - name: inbound:127.0.0.1:17777 - trafficDirection: INBOUND`, - }, + expectedListeners: []string{"inbound_route.listener.golden.yaml"}, }), ) type gatewayTestCase struct { diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/basic_outbound.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/basic_outbound.listener.golden.yaml new file mode 100644 index 000000000000..92c0d02576d7 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/basic_outbound.listener.golden.yaml @@ -0,0 +1,42 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] default "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-B3-TRACEID?X-DATADOG-TRACEID)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "backend" "other-service" "127.0.0.1" "%UPSTREAM_HOST%" + path: /tmp/log + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: outbound:backend + requestHeadersToAdd: + - header: + key: x-kuma-tags + value: '&kuma.io/service=web&' + validateClusters: false + virtualHosts: + - domains: + - '*' + name: backend + routes: + - match: + prefix: / + route: + cluster: backend + timeout: 0s + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/basic_outbound_real_meshservice.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/basic_outbound_real_meshservice.listener.golden.yaml new file mode 100644 index 000000000000..3979519bf54b --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/basic_outbound_real_meshservice.listener.golden.yaml @@ -0,0 +1,42 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] default "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-B3-TRACEID?X-DATADOG-TRACEID)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "backend" "backend" "127.0.0.1" "%UPSTREAM_HOST%" + path: /tmp/log + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: outbound:backend + requestHeadersToAdd: + - header: + key: x-kuma-tags + value: '&kuma.io/service=web&' + validateClusters: false + virtualHosts: + - domains: + - '*' + name: backend + routes: + - match: + prefix: / + route: + cluster: backend + timeout: 0s + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/inbound_route.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/inbound_route.listener.golden.yaml new file mode 100644 index 000000000000..cf65ac7a4820 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/inbound_route.listener.golden.yaml @@ -0,0 +1,41 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 17777 +enableReusePort: false +filterChains: +- filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] default "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-B3-TRACEID?X-DATADOG-TRACEID)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "unknown" "backend" "127.0.0.1" "%UPSTREAM_HOST%" + path: /tmp/log + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: inbound:backend + requestHeadersToRemove: + - x-kuma-tags + validateClusters: false + virtualHosts: + - domains: + - '*' + name: backend + routes: + - match: + prefix: / + route: + cluster: backend + timeout: 0s + statPrefix: "127_0_0_1_17777" +name: inbound:127.0.0.1:17777 +trafficDirection: INBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_default_format.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_default_format.listener.golden.yaml new file mode 100644 index 000000000000..b62a7bad1b44 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_default_format.listener.golden.yaml @@ -0,0 +1,22 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] %RESPONSE_FLAGS% default 127.0.0.1(backend)->%UPSTREAM_HOST%(other-service) took %DURATION%ms, sent %BYTES_SENT% bytes, received: %BYTES_RECEIVED% bytes + path: /tmp/log + cluster: backend + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_json_format.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_json_format.listener.golden.yaml new file mode 100644 index 000000000000..f1172cbb9de0 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_json_format.listener.golden.yaml @@ -0,0 +1,22 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + duration: '%DURATION%' + protocol: '%PROTOCOL%' + path: /tmp/log + cluster: backend + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_plain_format.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_plain_format.listener.golden.yaml new file mode 100644 index 000000000000..805443aedd6f --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_file_backend_plain_format.listener.golden.yaml @@ -0,0 +1,22 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + custom format [%START_TIME%] %RESPONSE_FLAGS% + path: /tmp/log + cluster: backend + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format.cluster.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format.cluster.golden.yaml new file mode 100644 index 000000000000..3fe91c91646b --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format.cluster.golden.yaml @@ -0,0 +1,19 @@ +altStatName: meshaccesslog_opentelemetry_0 +connectTimeout: 5s +dnsLookupFamily: V4_ONLY +loadAssignment: + clusterName: meshaccesslog:opentelemetry:0 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: otel-collector + portValue: 4317 +name: meshaccesslog:opentelemetry:0 +type: STRICT_DNS +typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format.listener.golden.yaml new file mode 100644 index 000000000000..edbb7fa281cd --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format.listener.golden.yaml @@ -0,0 +1,30 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27779 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.open_telemetry + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig + attributes: {} + body: + kvlistValue: + values: + - key: mesh + value: + stringValue: default + commonConfig: + grpcService: + envoyGrpc: + clusterName: meshaccesslog:opentelemetry:1 + logName: MeshAccessLog + transportApiVersion: V3 + cluster: bar-service + statPrefix: "127_0_0_1_27779" +name: outbound:127.0.0.1:27779 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_1.cluster.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_1.cluster.golden.yaml new file mode 100644 index 000000000000..0f684415328f --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_1.cluster.golden.yaml @@ -0,0 +1,19 @@ +altStatName: meshaccesslog_opentelemetry_1 +connectTimeout: 5s +dnsLookupFamily: V4_ONLY +loadAssignment: + clusterName: meshaccesslog:opentelemetry:1 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: other-otel-collector + portValue: 5317 +name: meshaccesslog:opentelemetry:1 +type: STRICT_DNS +typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_1.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_1.listener.golden.yaml new file mode 100644 index 000000000000..6cf0873086ec --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_1.listener.golden.yaml @@ -0,0 +1,26 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27778 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.open_telemetry + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig + attributes: {} + body: + stringValue: default + commonConfig: + grpcService: + envoyGrpc: + clusterName: meshaccesslog:opentelemetry:0 + logName: MeshAccessLog + transportApiVersion: V3 + cluster: foo-service + statPrefix: "127_0_0_1_27778" +name: outbound:127.0.0.1:27778 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_2.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_2.listener.golden.yaml new file mode 100644 index 000000000000..f4593e47e7f3 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_otel_backend_plain_format_2.listener.golden.yaml @@ -0,0 +1,28 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.open_telemetry + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig + attributes: {} + body: + stringValue: '[%START_TIME%] %RESPONSE_FLAGS% default 127.0.0.1(backend)->%UPSTREAM_HOST%(other-service) + took %DURATION%ms, sent %BYTES_SENT% bytes, received: %BYTES_RECEIVED% + bytes' + commonConfig: + grpcService: + envoyGrpc: + clusterName: meshaccesslog:opentelemetry:0 + logName: MeshAccessLog + transportApiVersion: V3 + cluster: other-service + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_route_without_match.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_route_without_match.listener.golden.yaml new file mode 100644 index 000000000000..4dc93b15fc9c --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_route_without_match.listener.golden.yaml @@ -0,0 +1,33 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: outbound:backend + requestHeadersToAdd: + - header: + key: x-kuma-tags + value: '&kuma.io/service=web&' + validateClusters: false + virtualHosts: + - domains: + - '*' + name: backend + routes: + - match: + prefix: / + route: + cluster: backend + timeout: 0s + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_default_format.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_default_format.listener.golden.yaml new file mode 100644 index 000000000000..c2febe38fd4b --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_default_format.listener.golden.yaml @@ -0,0 +1,23 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + address: logging.backend + message: | + [%START_TIME%] %RESPONSE_FLAGS% default 127.0.0.1(backend)->%UPSTREAM_HOST%(other-service) took %DURATION%ms, sent %BYTES_SENT% bytes, received: %BYTES_RECEIVED% bytes + path: /tmp/kuma-al-backend-default.sock + cluster: backend + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_json_format.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_json_format.listener.golden.yaml new file mode 100644 index 000000000000..c618dd47b590 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_json_format.listener.golden.yaml @@ -0,0 +1,24 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + address: logging.backend + message: + duration: '%DURATION%' + protocol: '%PROTOCOL%' + path: /tmp/kuma-al-backend-default.sock + cluster: backend + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_plain_format.listener.golden.yaml b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_plain_format.listener.golden.yaml new file mode 100644 index 000000000000..38e8f3eaa528 --- /dev/null +++ b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/testdata/outbound_tcp_backend_plain_format.listener.golden.yaml @@ -0,0 +1,23 @@ +address: + socketAddress: + address: 127.0.0.1 + portValue: 27777 +filterChains: +- filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + address: logging.backend + message: | + custom format [%START_TIME%] %RESPONSE_FLAGS% + path: /tmp/kuma-al-backend-default.sock + cluster: backend + statPrefix: "127_0_0_1_27777" +name: outbound:127.0.0.1:27777 +trafficDirection: OUTBOUND diff --git a/pkg/plugins/runtime/k8s/webhooks/validation.go b/pkg/plugins/runtime/k8s/webhooks/validation.go index d3cfa5e9eaf7..2b762bc87f15 100644 --- a/pkg/plugins/runtime/k8s/webhooks/validation.go +++ b/pkg/plugins/runtime/k8s/webhooks/validation.go @@ -16,6 +16,7 @@ import ( core_registry "github.com/kumahq/kuma/pkg/core/resources/registry" "github.com/kumahq/kuma/pkg/core/validators" k8s_common "github.com/kumahq/kuma/pkg/plugins/common/k8s" + meshaccesslog "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1" meshcircuitbreaker "github.com/kumahq/kuma/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1" meshhealthcheck "github.com/kumahq/kuma/pkg/plugins/policies/meshhealthcheck/api/v1alpha1" meshhttproute "github.com/kumahq/kuma/pkg/plugins/policies/meshhttproute/api/v1alpha1" @@ -56,6 +57,7 @@ var meshServiceSupportImplemented = map[core_model.ResourceType]bool{ meshhealthcheck.MeshHealthCheckType: true, meshhttproute.MeshHTTPRouteType: true, meshtcproute.MeshTCPRouteType: true, + meshaccesslog.MeshAccessLogType: true, } func (h *validatingHandler) InjectDecoder(d admission.Decoder) { diff --git a/test/e2e_env/universal/meshaccesslog/meshaccesslog.go b/test/e2e_env/universal/meshaccesslog/meshaccesslog.go index 50deb3c36ebc..90ea05f049d1 100644 --- a/test/e2e_env/universal/meshaccesslog/meshaccesslog.go +++ b/test/e2e_env/universal/meshaccesslog/meshaccesslog.go @@ -27,6 +27,24 @@ func TestPlugin() { return net.JoinHostPort(ip, strconv.Itoa(port)) } + uniServiceYAML := fmt.Sprintf(` +type: MeshService +name: test-server +mesh: %s +labels: + kuma.io/origin: zone + kuma.io/env: universal +spec: + selector: + dataplaneTags: + kuma.io/service: test-server + ports: + - port: 80 + targetPort: 80 + appProtocol: http + name: main-port +`, meshName) + BeforeAll(func() { externalServiceDockerName = fmt.Sprintf("%s_%s-%s", universal.Cluster.Name(), meshName, "test-server") tcpSinkDockerName = fmt.Sprintf("%s_%s_%s", universal.Cluster.Name(), meshName, AppModeTcpSink) @@ -35,6 +53,17 @@ func TestPlugin() { Install(TestServerUniversal( "test-server", meshName, WithArgs([]string{"echo", "--instance", "echo-v1"}), WithDockerContainerName(externalServiceDockerName)), ). + Install(YamlUniversal(uniServiceYAML)). + Install(YamlUniversal(` +type: HostnameGenerator +name: uni-ms +spec: + template: '{{ .DisplayName }}.universal.ms' + selector: + meshService: + matchLabels: + kuma.io/origin: zone + kuma.io/env: universal`)). Install(GatewayProxyUniversal(meshName, "edge-gateway")). Install(YamlUniversal(gateway.MkGateway("edge-gateway", meshName, "edge-gateway", false, "example.kuma.io", "test-server", 8080))). Install(gateway.GatewayClientAppUniversal("gateway-client")). @@ -131,6 +160,42 @@ spec: Expect(dst).To(Equal("test-server")) }) + It("should log outgoing traffic to real MeshService", func() { + yaml := fmt.Sprintf(` +type: MeshAccessLog +name: client-outgoing-real-ms +mesh: meshaccesslog +spec: + targetRef: + kind: Mesh + to: + - targetRef: + kind: MeshService + name: test-server + sectionName: main-port + default: + backends: + - type: Tcp + tcp: + format: + type: Plain + plain: '%s' + address: "%s:9999" +`, trafficLogFormat, tcpSinkDockerName) + Expect(YamlUniversal(yaml)(universal.Cluster)).To(Succeed()) + + makeRequest := func(g Gomega) { + _, err := client.CollectEchoResponse( + universal.Cluster, AppModeDemoClient, "test-server.universal.ms", + ) + g.Expect(err).ToNot(HaveOccurred()) + } + src, dst := expectTrafficLogged(makeRequest) + + Expect(src).To(Equal(AppModeDemoClient)) + Expect(dst).To(Equal("test-server")) + }) + It("should log outgoing traffic with JSON formatting", func() { yaml := fmt.Sprintf(` type: MeshAccessLog