From 08c646bec77a56c466ca6a942bcad7aff717769e Mon Sep 17 00:00:00 2001 From: Shashank Ram <21697719+shashankram@users.noreply.github.com> Date: Wed, 22 Jun 2022 12:48:29 -0700 Subject: [PATCH] envoy: update to latest version and fix typed proto usage (#4834) - Updates Envoy to its latest available version (v1.22.2 for Linux, v1.22.1 for Windows). The latest version includes the latest released security fix. We could not update Envoy previously due to a blocking bug: https://github.com/envoyproxy/envoy/issues/20113 - Updates filter names to custom names as wellknown names are deprecated in Envoy (with 1 exception for the http.rbac filter). Envoy will use the TypeURL in the proto to determine which filter to use instead. Wellknown names are not required and using them is confusing because not all filters are defined in the legacy wellknown pkg (e.g. http.local_ratelimit). See: https://github.com/envoyproxy/envoy/issues/21759 https://github.com/envoyproxy/envoy/pull/21763 https://github.com/envoyproxy/go-control-plane/issues/293 https://github.com/envoyproxy/go-control-plane/issues/552 - Uses the distroless image as the alpine image has been discontinued: https://github.com/envoyproxy/envoy/issues/21758 - Updates tests to use custom filter names - Adds `proto_types.go` to aid dynamic proto resolution for typed configs using `any.Any()`. This helps resolve protos where dynamic resolution is necessary. - Updated Prometheus' ConfigMap to reflect changes to Envoy metrics prefixes Signed-off-by: Shashank Ram --- charts/osm/README.md | 8 +- .../osm/templates/prometheus-configmap.yaml | 36 +- charts/osm/values.schema.json | 9 +- charts/osm/values.yaml | 10 +- docs/how_osm_uses_envoy.md | 2 +- docs/release_notes.md | 3 +- pkg/cli/verifier/envoy_config.go | 6 +- pkg/cli/verifier/testdata/curl_egress.json | 20 +- .../verifier/testdata/curl_permissive.json | 11 +- .../testdata/httpbin1_permissive.json | 18 +- .../testdata/httpbin2_permissive.json | 18 +- .../sample-envoy-config-dump-bookbuyer.json | 4 +- .../sample-envoy-config-dump-bookstore.json | 20 +- pkg/envoy/cds/cluster.go | 3 +- pkg/envoy/cds/response_test.go | 5 +- pkg/envoy/lds/auth.go | 4 +- pkg/envoy/lds/egress.go | 3 +- pkg/envoy/lds/egress_test.go | 6 +- pkg/envoy/lds/healthcheck.go | 3 +- pkg/envoy/lds/http_connection.go | 52 ++- pkg/envoy/lds/http_connection_test.go | 16 +- pkg/envoy/lds/ingress.go | 5 +- pkg/envoy/lds/ingress_test.go | 10 +- pkg/envoy/lds/inmesh.go | 15 +- pkg/envoy/lds/inmesh_test.go | 22 +- pkg/envoy/lds/listener.go | 41 ++- pkg/envoy/lds/listener_test.go | 7 +- pkg/envoy/lds/rbac.go | 4 +- pkg/envoy/lds/rbac_test.go | 4 +- pkg/envoy/lds/response_test.go | 9 +- pkg/envoy/lds/wasm.go | 6 +- pkg/envoy/proto_types.go | 317 ++++++++++++++++++ pkg/envoy/rds/route/rbac.go | 4 +- pkg/envoy/rds/route/rbac_test.go | 4 +- pkg/envoy/types.go | 35 ++ pkg/injector/envoy_config_health_probes.go | 28 +- .../expected_envoy_bootstrap_config.yaml | 18 +- pkg/protobuf/util.go | 17 + .../expected_output_getLivenessListener.yaml | 6 +- ...ted_output_getLivenessListenerNonHTTP.yaml | 2 +- .../expected_output_getProbeListener.yaml | 6 +- .../expected_output_getReadinessListener.yaml | 6 +- .../expected_output_getStartupListener.yaml | 6 +- 43 files changed, 646 insertions(+), 183 deletions(-) create mode 100644 pkg/envoy/proto_types.go create mode 100644 pkg/protobuf/util.go diff --git a/charts/osm/README.md b/charts/osm/README.md index 7c18026ad3..b320d342b4 100644 --- a/charts/osm/README.md +++ b/charts/osm/README.md @@ -59,9 +59,9 @@ The following table lists the configurable parameters of the osm chart and their | Key | Type | Default | Description | |-----|------|---------|-------------| -| contour.contour | object | `{"image":{"registry":"docker.io","repository":"projectcontour/contour","tag":"v1.18.0"}}` | Contour controller configuration | +| contour.contour | object | `{"image":{"registry":"docker.io","repository":"projectcontour/contour","tag":"v1.21.1"}}` | Contour controller configuration | | contour.enabled | bool | `false` | Enables deployment of Contour control plane and gateway | -| contour.envoy | object | `{"image":{"registry":"docker.io","repository":"envoyproxy/envoy-alpine","tag":"v1.19.3"}}` | Contour envoy edge proxy configuration | +| contour.envoy | object | `{"image":{"registry":"docker.io","repository":"envoyproxy/envoy-distroless","tag":"v1.22.2"}}` | Contour envoy edge proxy configuration | | osm.caBundleSecretName | string | `"osm-ca-bundle"` | The Kubernetes secret name to store CA bundle for the root CA used in OSM | | osm.certificateProvider.certKeyBitSize | int | `2048` | Certificate key bit size for data plane certificates issued to workloads to communicate over mTLS | | osm.certificateProvider.kind | string | `"tresor"` | The Certificate manager type: `tresor`, `vault` or `cert-manager` | @@ -163,8 +163,8 @@ The following table lists the configurable parameters of the osm chart and their | osm.prometheus.resources | object | `{"limits":{"cpu":"1","memory":"2G"},"requests":{"cpu":"0.5","memory":"512M"}}` | Prometheus's container resource parameters | | osm.prometheus.retention | object | `{"time":"15d"}` | Prometheus data rentention configuration | | osm.prometheus.retention.time | string | `"15d"` | Prometheus data retention time | -| osm.sidecarImage | string | `"envoyproxy/envoy-alpine:v1.19.3@sha256:874e699857e023d9234b10ffc5af39ccfc9011feab89638e56ac4042ecd4b0f3"` | Envoy sidecar image for Linux workloads | -| osm.sidecarWindowsImage | string | `"envoyproxy/envoy-windows:v1.19.3@sha256:f990f024e7e95f07b6c0d416684734607761e382c35d1ba9414c7e3fbf23969c"` | Envoy sidecar image for Windows workloads | +| osm.sidecarImage | string | `"envoyproxy/envoy-distroless:v1.22.2@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a"` | Envoy sidecar image for Linux workloads | +| osm.sidecarWindowsImage | string | `"envoyproxy/envoy-windows:v1.22.1@sha256:92733f8e5beae5c45df204a0e13edbd29e99adf962d1b1c7869b197d85c64bd0"` | Envoy sidecar image for Windows workloads | | osm.tracing.address | string | `""` | Address of the tracing collector service (must contain the namespace). When left empty, this is computed in helper template to "jaeger..svc.cluster.local". Please override for BYO-tracing as documented in tracing.md | | osm.tracing.enable | bool | `false` | Toggles Envoy's tracing functionality on/off for all sidecar proxies in the mesh | | osm.tracing.endpoint | string | `"/api/v2/spans"` | Tracing collector's API path where the spans will be sent to | diff --git a/charts/osm/templates/prometheus-configmap.yaml b/charts/osm/templates/prometheus-configmap.yaml index 8f8446a6aa..01edd4542b 100644 --- a/charts/osm/templates/prometheus-configmap.yaml +++ b/charts/osm/templates/prometheus-configmap.yaml @@ -130,43 +130,43 @@ data: target_label: __address__ metric_relabel_configs: - source_labels: [__name__] - regex: 'envoy_.*osm_request_(total|duration_ms_(bucket|count|sum))' + regex: '.*osm_request_(total|duration_ms_(bucket|count|sum))' action: keep - source_labels: [__name__] action: replace - regex: envoy_response_code_(\d{3})_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total + regex: response_code_(\d{3})_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total target_label: response_code - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_(.*)_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total + regex: response_code_\d{3}_source_namespace_(.*)_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total target_label: source_namespace - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_.*_source_kind_(.*)_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total + regex: response_code_\d{3}_source_namespace_.*_source_kind_(.*)_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total target_label: source_kind - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_(.*)_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total + regex: response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_(.*)_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total target_label: source_name - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_(.*)_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total + regex: response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_(.*)_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total target_label: source_pod - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_(.*)_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total + regex: response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_(.*)_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_total target_label: destination_namespace - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_(.*)_destination_name_.*_destination_pod_.*_osm_request_total + regex: response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_(.*)_destination_name_.*_destination_pod_.*_osm_request_total target_label: destination_kind - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_(.*)_destination_pod_.*_osm_request_total + regex: response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_(.*)_destination_pod_.*_osm_request_total target_label: destination_name - source_labels: [__name__] action: replace - regex: envoy_response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_(.*)_osm_request_total + regex: response_code_\d{3}_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_(.*)_osm_request_total target_label: destination_pod - source_labels: [__name__] action: replace @@ -175,35 +175,35 @@ data: - source_labels: [__name__] action: replace - regex: envoy_source_namespace_(.*)_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_(.*)_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) target_label: source_namespace - source_labels: [__name__] action: replace - regex: envoy_source_namespace_.*_source_kind_(.*)_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_.*_source_kind_(.*)_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) target_label: source_kind - source_labels: [__name__] action: replace - regex: envoy_source_namespace_.*_source_kind_.*_source_name_(.*)_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_.*_source_kind_.*_source_name_(.*)_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) target_label: source_name - source_labels: [__name__] action: replace - regex: envoy_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_(.*)_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_.*_source_kind_.*_source_name_.*_source_pod_(.*)_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) target_label: source_pod - source_labels: [__name__] action: replace - regex: envoy_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_(.*)_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_(.*)_destination_kind_.*_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) target_label: destination_namespace - source_labels: [__name__] action: replace - regex: envoy_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_(.*)_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_(.*)_destination_name_.*_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) target_label: destination_kind - source_labels: [__name__] action: replace - regex: envoy_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_(.*)_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_(.*)_destination_pod_.*_osm_request_duration_ms_(bucket|sum|count) target_label: destination_name - source_labels: [__name__] action: replace - regex: envoy_source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_(.*)_osm_request_duration_ms_(bucket|sum|count) + regex: source_namespace_.*_source_kind_.*_source_name_.*_source_pod_.*_destination_namespace_.*_destination_kind_.*_destination_name_.*_destination_pod_(.*)_osm_request_duration_ms_(bucket|sum|count) target_label: destination_pod - source_labels: [__name__] action: replace diff --git a/charts/osm/values.schema.json b/charts/osm/values.schema.json index 7334557475..ccab415706 100644 --- a/charts/osm/values.schema.json +++ b/charts/osm/values.schema.json @@ -411,7 +411,7 @@ "title": "The sidecarImage schema", "description": "The proxy side car image to run.", "examples": [ - "envoyproxy/envoy-alpine:v1.19.3@sha256:874e699857e023d9234b10ffc5af39ccfc9011feab89638e56ac4042ecd4b0f3" + "envoyproxy/envoy-distroless:v1.22.2@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a" ] }, "curlImage": { @@ -429,7 +429,7 @@ "title": "The sidecarWindowsImage schema", "description": "The proxy side car image to run on Windows payloads.", "examples": [ - "envoyproxy/envoy-windows:v1.19.3@sha256:f990f024e7e95f07b6c0d416684734607761e382c35d1ba9414c7e3fbf23969c" + "envoyproxy/envoy-windows:v1.22.1@sha256:92733f8e5beae5c45df204a0e13edbd29e99adf962d1b1c7869b197d85c64bd0" ] }, "trustDomain": { @@ -716,7 +716,10 @@ "type": "string", "title": "The localProxyMode schema", "description": "Proxy mode for the Envoy proxy sidecar. Acceptable values are ['Localhost', 'PodIP'].", - "enum": ["Localhost","PodIP"], + "enum": [ + "Localhost", + "PodIP" + ], "examples": [ "Localhost" ] diff --git a/charts/osm/values.yaml b/charts/osm/values.yaml index b688320b93..00cb5b645e 100644 --- a/charts/osm/values.yaml +++ b/charts/osm/values.yaml @@ -50,9 +50,9 @@ osm: # -- `osm-controller` image pull secret imagePullSecrets: [] # -- Envoy sidecar image for Linux workloads - sidecarImage: envoyproxy/envoy-alpine:v1.19.3@sha256:874e699857e023d9234b10ffc5af39ccfc9011feab89638e56ac4042ecd4b0f3 + sidecarImage: envoyproxy/envoy-distroless:v1.22.2@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a # -- Envoy sidecar image for Windows workloads - sidecarWindowsImage: envoyproxy/envoy-windows:v1.19.3@sha256:f990f024e7e95f07b6c0d416684734607761e382c35d1ba9414c7e3fbf23969c + sidecarWindowsImage: envoyproxy/envoy-windows:v1.22.1@sha256:92733f8e5beae5c45df204a0e13edbd29e99adf962d1b1c7869b197d85c64bd0 # -- Curl image for control plane init container curlImage: curlimages/curl @@ -369,13 +369,13 @@ contour: image: registry: docker.io repository: projectcontour/contour - tag: v1.18.0 + tag: v1.21.1 # -- Contour envoy edge proxy configuration envoy: image: registry: docker.io - repository: envoyproxy/envoy-alpine - tag: v1.19.3 + repository: envoyproxy/envoy-distroless + tag: v1.22.2 # # -- SMI configuration diff --git a/docs/how_osm_uses_envoy.md b/docs/how_osm_uses_envoy.md index 9d9e6b461f..645fe52b2c 100644 --- a/docs/how_osm_uses_envoy.md +++ b/docs/how_osm_uses_envoy.md @@ -74,7 +74,7 @@ Below is a significantly paired down Listener configuration, which depicts the r }, "filters":[ { - "name":"envoy.filters.network.http_connection_manager", + "name":"http_connection_manager", "typed_config":{ "@type":"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "rds":{ diff --git a/docs/release_notes.md b/docs/release_notes.md index 4dba173265..60ab20c29d 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -6,6 +6,7 @@ - Root certificate rotation is now supported through the new CRD, MeshRootCertificate. - Along with root certificate rotation we support custom trust domains, as well as rotating to new trust domains with no downtime. +- Envoy has been updated to v1.22 and uses the `envoyproxy/envoy-distroless` image instead of the deprecated `envoyproxy/envoy-alpine` image. ### Breaking Changes @@ -13,7 +14,7 @@ - `osm_proxy_response_send_success_count` - `osm_proxy_response_send_error_count` - `osm_proxy_xds_request_count` - + ## Release v1.1.0 ### Notable changes diff --git a/pkg/cli/verifier/envoy_config.go b/pkg/cli/verifier/envoy_config.go index b83aa33a38..6830d70fb6 100644 --- a/pkg/cli/verifier/envoy_config.go +++ b/pkg/cli/verifier/envoy_config.go @@ -11,7 +11,6 @@ import ( xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" xds_route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" xds_secret "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -19,6 +18,7 @@ import ( "k8s.io/utils/pointer" configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/trafficpolicy" "github.com/openservicemesh/osm/pkg/constants" @@ -332,10 +332,10 @@ func findOutboundFilterChainForServicePort(meshSvc service.MeshService, dstIPRan func getFilterForProtocol(protocol string) string { switch protocol { case constants.ProtocolHTTP: - return wellknown.HTTPConnectionManager + return envoy.HTTPConnectionManagerFilterName case constants.ProtocolTCP, constants.ProtocolHTTPS: - return wellknown.TCPProxy + return envoy.TCPProxyFilterName default: return "" diff --git a/pkg/cli/verifier/testdata/curl_egress.json b/pkg/cli/verifier/testdata/curl_egress.json index bdd38a05d7..bfb2c99f33 100644 --- a/pkg/cli/verifier/testdata/curl_egress.json +++ b/pkg/cli/verifier/testdata/curl_egress.json @@ -731,7 +731,7 @@ "category": "envoy.filters.network" }, { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "category": "envoy.filters.network" }, { @@ -1271,7 +1271,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-outbound.14001", @@ -1312,7 +1312,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "http_router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "access_log": [ @@ -1397,7 +1400,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-egress.80", @@ -1438,7 +1441,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "http_router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "access_log": [ @@ -1521,7 +1527,7 @@ }, "filters": [ { - "name": "envoy.filters.network.tcp_proxy", + "name": "tcp_proxy", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "stat_prefix": "egress-tcp-proxy.443", @@ -1765,4 +1771,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/pkg/cli/verifier/testdata/curl_permissive.json b/pkg/cli/verifier/testdata/curl_permissive.json index c736ead0f3..ef946c210c 100644 --- a/pkg/cli/verifier/testdata/curl_permissive.json +++ b/pkg/cli/verifier/testdata/curl_permissive.json @@ -151,7 +151,7 @@ "category": "envoy.filters.network" }, { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "category": "envoy.filters.network" }, { @@ -1195,7 +1195,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-outbound.14001", @@ -1236,7 +1236,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "http_router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "access_log": [ @@ -1466,4 +1469,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/pkg/cli/verifier/testdata/httpbin1_permissive.json b/pkg/cli/verifier/testdata/httpbin1_permissive.json index ef03aa6883..06ada9df3c 100644 --- a/pkg/cli/verifier/testdata/httpbin1_permissive.json +++ b/pkg/cli/verifier/testdata/httpbin1_permissive.json @@ -63,7 +63,7 @@ "category": "envoy.filters.network" }, { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "category": "envoy.filters.network" }, { @@ -1239,7 +1239,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-inbound.14001", @@ -1280,7 +1280,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "http_router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "access_log": [ @@ -1454,7 +1457,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-outbound.14001", @@ -1495,7 +1498,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "http_router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "access_log": [ @@ -1847,4 +1853,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/pkg/cli/verifier/testdata/httpbin2_permissive.json b/pkg/cli/verifier/testdata/httpbin2_permissive.json index e452208c78..e6fad97aa7 100644 --- a/pkg/cli/verifier/testdata/httpbin2_permissive.json +++ b/pkg/cli/verifier/testdata/httpbin2_permissive.json @@ -443,7 +443,7 @@ "category": "envoy.filters.network" }, { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "category": "envoy.filters.network" }, { @@ -1239,7 +1239,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-inbound.14001", @@ -1280,7 +1280,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "http_router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "access_log": [ @@ -1454,7 +1457,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-outbound.14001", @@ -1495,7 +1498,10 @@ } }, { - "name": "envoy.filters.http.router" + "name": "http_router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } } ], "access_log": [ @@ -1847,4 +1853,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookbuyer.json b/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookbuyer.json index 04278db634..4938ffe518 100644 --- a/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookbuyer.json +++ b/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookbuyer.json @@ -289,7 +289,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-outbound", @@ -528,4 +528,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookstore.json b/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookstore.json index 4572a09184..ef22de405b 100644 --- a/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookstore.json +++ b/pkg/cli/verifier/testdata/sample-envoy-config-dump-bookstore.json @@ -36,7 +36,7 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "health_probes_http", @@ -116,7 +116,7 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "health_probes_http", @@ -196,7 +196,7 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "health_probes_http", @@ -987,7 +987,7 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "health_probes_http", @@ -1071,7 +1071,7 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "health_probes_http", @@ -1155,7 +1155,7 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "health_probes_http", @@ -1253,7 +1253,7 @@ }, "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-outbound", @@ -1446,7 +1446,7 @@ } }, { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "mesh-http-conn-manager.rds-inbound", @@ -1638,7 +1638,7 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "stat_prefix": "prometheus-http-conn-manager", @@ -2326,4 +2326,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/pkg/envoy/cds/cluster.go b/pkg/envoy/cds/cluster.go index 7416724d83..8dec7fbaf9 100644 --- a/pkg/envoy/cds/cluster.go +++ b/pkg/envoy/cds/cluster.go @@ -9,7 +9,6 @@ import ( xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_endpoint "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" extensions_upstream_http "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/wrappers" "github.com/pkg/errors" @@ -46,7 +45,7 @@ func getUpstreamServiceCluster(downstreamIdentity identity.ServiceIdentity, conf upstreamCluster := &xds_cluster.Cluster{ Name: config.Name, TransportSocket: &xds_core.TransportSocket{ - Name: wellknown.TransportSocketTls, + Name: config.Name, ConfigType: &xds_core.TransportSocket_TypedConfig{ TypedConfig: marshalledUpstreamTLSContext, }, diff --git a/pkg/envoy/cds/response_test.go b/pkg/envoy/cds/response_test.go index fb333214a8..2fc4a2a976 100644 --- a/pkg/envoy/cds/response_test.go +++ b/pkg/envoy/cds/response_test.go @@ -10,7 +10,6 @@ import ( xds_endpoint "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" xds_auth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/cache/types" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/mock/gomock" "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/wrappers" @@ -203,7 +202,7 @@ func TestNewResponse(t *testing.T) { ServiceName: "", }, TransportSocket: &xds_core.TransportSocket{ - Name: wellknown.TransportSocketTls, + Name: "default/bookstore-v1|80", ConfigType: &xds_core.TransportSocket_TypedConfig{ TypedConfig: &any.Any{ TypeUrl: string(envoy.TypeUpstreamTLSContext), @@ -234,7 +233,7 @@ func TestNewResponse(t *testing.T) { ServiceName: "", }, TransportSocket: &xds_core.TransportSocket{ - Name: wellknown.TransportSocketTls, + Name: "default/bookstore-v2|80", ConfigType: &xds_core.TransportSocket_TypedConfig{ TypedConfig: &any.Any{ TypeUrl: string(envoy.TypeUpstreamTLSContext), diff --git a/pkg/envoy/lds/auth.go b/pkg/envoy/lds/auth.go index 67df38411e..ffea4b4a5b 100644 --- a/pkg/envoy/lds/auth.go +++ b/pkg/envoy/lds/auth.go @@ -6,11 +6,11 @@ import ( envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_ext_authz "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "github.com/openservicemesh/osm/pkg/auth" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/errcode" ) @@ -53,7 +53,7 @@ func getExtAuthzHTTPFilter(extAuthConfig *auth.ExtAuthConfig) *xds_hcm.HttpFilte } return &xds_hcm.HttpFilter{ - Name: wellknown.HTTPExternalAuthorization, + Name: envoy.HTTPExtAuthzFilterName, ConfigType: &xds_hcm.HttpFilter_TypedConfig{ TypedConfig: extAuthMarshalled, }, diff --git a/pkg/envoy/lds/egress.go b/pkg/envoy/lds/egress.go index 2d33ac7f3d..0d77b25b5b 100644 --- a/pkg/envoy/lds/egress.go +++ b/pkg/envoy/lds/egress.go @@ -6,7 +6,6 @@ import ( xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" xds_tcp_proxy "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -85,7 +84,7 @@ func (lb *listenerBuilder) getEgressTCPFilterChain(match trafficpolicy.TrafficMa } tcpFilter := &xds_listener.Filter{ - Name: wellknown.TCPProxy, + Name: envoy.TCPProxyFilterName, ConfigType: &xds_listener.Filter_TypedConfig{TypedConfig: marshalledTCPProxy}, } diff --git a/pkg/envoy/lds/egress_test.go b/pkg/envoy/lds/egress_test.go index b5e72b9b50..c168746000 100644 --- a/pkg/envoy/lds/egress_test.go +++ b/pkg/envoy/lds/egress_test.go @@ -5,12 +5,12 @@ import ( xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/mock/gomock" tassert "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/wrapperspb" configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/configurator" "github.com/openservicemesh/osm/pkg/trafficpolicy" @@ -68,7 +68,7 @@ func TestGetEgressHTTPFilterChain(t *testing.T) { assert.Equal(tc.expectError, err != nil) assert.Equal(tc.expectedFilterChainMatch, actual.FilterChainMatch) assert.Len(actual.Filters, 1) // Single HTTPConnectionManager filter - assert.Equal(wellknown.HTTPConnectionManager, actual.Filters[0].Name) + assert.Equal(envoy.HTTPConnectionManagerFilterName, actual.Filters[0].Name) }) } } @@ -168,7 +168,7 @@ func TestGetEgressTCPFilterChain(t *testing.T) { assert.Equal(tc.expectError, err != nil) assert.Equal(tc.expectedFilterChainMatch, actual.FilterChainMatch) assert.Len(actual.Filters, 1) // Single TCPProxy filter - assert.Equal(wellknown.TCPProxy, actual.Filters[0].Name) + assert.Equal(envoy.TCPProxyFilterName, actual.Filters[0].Name) }) } } diff --git a/pkg/envoy/lds/healthcheck.go b/pkg/envoy/lds/healthcheck.go index c6d15b938a..692ab093f3 100644 --- a/pkg/envoy/lds/healthcheck.go +++ b/pkg/envoy/lds/healthcheck.go @@ -4,7 +4,6 @@ import ( xds_route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" xds_health_check "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v3" xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/pkg/errors" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -37,7 +36,7 @@ func getHealthCheckFilter() (*xds_hcm.HttpFilter, error) { } return &xds_hcm.HttpFilter{ - Name: wellknown.HealthCheck, + Name: envoy.HTTPHealthCheckFilterName, ConfigType: &xds_hcm.HttpFilter_TypedConfig{ TypedConfig: hcAny, }, diff --git a/pkg/envoy/lds/http_connection.go b/pkg/envoy/lds/http_connection.go index 091939e70e..5c4422c1f0 100644 --- a/pkg/envoy/lds/http_connection.go +++ b/pkg/envoy/lds/http_connection.go @@ -4,14 +4,16 @@ import ( "fmt" xds_route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + xds_local_ratelimit "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" + "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/wrappers" "github.com/pkg/errors" "github.com/openservicemesh/osm/pkg/auth" "github.com/openservicemesh/osm/pkg/constants" "github.com/openservicemesh/osm/pkg/envoy" + "github.com/openservicemesh/osm/pkg/protobuf" ) // connectionDirection defines, for filter terms, the direction of a connection from @@ -52,11 +54,29 @@ func (options httpConnManagerOptions) build() (*xds_hcm.HttpConnectionManager, e CodecType: xds_hcm.HttpConnectionManager_AUTO, HttpFilters: []*xds_hcm.HttpFilter{ // *IMPORTANT NOTE*: The order of filters specified is important. - // The wellknown.Router filter should be the last filter in the chain. - // 1. HTTP RBAC + // The http_router filter should be the last filter in the chain. { - // HTTP RBAC filter - required to perform HTTP based RBAC on routes - Name: wellknown.HTTPRoleBasedAccessControl, + // HTTP RBAC filter - required to perform HTTP based RBAC per route + Name: envoy.HTTPRBACFilterName, + ConfigType: &xds_hcm.HttpFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.HTTPRBACFilterTypeURL, + }, + }, + }, + { + Name: envoy.HTTPLocalRateLimitFilterName, + ConfigType: &xds_hcm.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny( + &xds_local_ratelimit.LocalRateLimit{ + StatPrefix: fmt.Sprintf("%s.%s", meshHTTPConnManagerStatPrefix, options.rdsRoutConfigName), + // Since no token bucket is defined here, the filter is disabled + // at the listener level. For HTTP traffic, the rate limiting + // config is applied at the VirtualHost/Route level. + // Ref: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter#using-rate-limit-descriptors-for-local-rate-limiting + }, + ), + }, }, }, RouteSpecifier: &xds_hcm.HttpConnectionManager_Rds{ @@ -110,7 +130,14 @@ func (options httpConnManagerOptions) build() (*xds_hcm.HttpConnectionManager, e } // *IMPORTANT NOTE*: The Router filter must always be the last filter - connManager.HttpFilters = append(connManager.HttpFilters, &xds_hcm.HttpFilter{Name: wellknown.Router}) + connManager.HttpFilters = append(connManager.HttpFilters, &xds_hcm.HttpFilter{ + Name: envoy.HTTPRouterFilterName, + ConfigType: &xds_hcm.HttpFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.HTTPRouterFilterTypeURL, + }, + }, + }) return connManager, nil } @@ -119,9 +146,16 @@ func getPrometheusConnectionManager() *xds_hcm.HttpConnectionManager { return &xds_hcm.HttpConnectionManager{ StatPrefix: prometheusHTTPConnManagerStatPrefix, CodecType: xds_hcm.HttpConnectionManager_AUTO, - HttpFilters: []*xds_hcm.HttpFilter{{ - Name: wellknown.Router, - }}, + HttpFilters: []*xds_hcm.HttpFilter{ + { + Name: envoy.HTTPRouterFilterName, + ConfigType: &xds_hcm.HttpFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.HTTPRouterFilterTypeURL, + }, + }, + }, + }, RouteSpecifier: &xds_hcm.HttpConnectionManager_RouteConfig{ RouteConfig: &xds_route.RouteConfiguration{ VirtualHosts: []*xds_route.VirtualHost{{ diff --git a/pkg/envoy/lds/http_connection_test.go b/pkg/envoy/lds/http_connection_test.go index 177107b2fd..a42c9e87b9 100644 --- a/pkg/envoy/lds/http_connection_test.go +++ b/pkg/envoy/lds/http_connection_test.go @@ -5,10 +5,10 @@ import ( "time" xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/stretchr/testify/assert" "github.com/openservicemesh/osm/pkg/auth" + "github.com/openservicemesh/osm/pkg/envoy" ) func TestHTTPConnbuild(t *testing.T) { @@ -74,7 +74,7 @@ func TestHTTPConnbuild(t *testing.T) { }, assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { a.Nil(connManager.LocalReplyConfig) - a.True(notContains(connManager.HttpFilters, wellknown.Lua)) + a.True(notContains(connManager.HttpFilters, envoy.HTTPLuaFilterName)) a.True(notContains(connManager.HttpFilters, "envoy.filters.http.wasm")) }, }, @@ -86,7 +86,7 @@ func TestHTTPConnbuild(t *testing.T) { assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { a.NotNil(connManager.LocalReplyConfig) a.Equal("unknown", connManager.GetLocalReplyConfig().GetMappers()[0].HeadersToAdd[0].Header.Value) - a.True(contains(connManager.HttpFilters, wellknown.Lua)) + a.True(contains(connManager.HttpFilters, envoy.HTTPLuaFilterName)) a.True(contains(connManager.HttpFilters, "envoy.filters.http.wasm")) }, }, @@ -104,7 +104,7 @@ func TestHTTPConnbuild(t *testing.T) { }, }, assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { - a.True(contains(connManager.HttpFilters, wellknown.HTTPExternalAuthorization)) + a.True(contains(connManager.HttpFilters, envoy.HTTPExtAuthzFilterName)) }, }, { @@ -116,7 +116,7 @@ func TestHTTPConnbuild(t *testing.T) { }, }, assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { - a.True(notContains(connManager.HttpFilters, wellknown.HTTPExternalAuthorization)) + a.True(notContains(connManager.HttpFilters, envoy.HTTPExtAuthzFilterName)) }, }, { @@ -125,7 +125,7 @@ func TestHTTPConnbuild(t *testing.T) { enableActiveHealthChecks: true, }, assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { - a.True(contains(connManager.HttpFilters, wellknown.HealthCheck)) + a.True(contains(connManager.HttpFilters, envoy.HTTPHealthCheckFilterName)) }, }, { @@ -134,7 +134,7 @@ func TestHTTPConnbuild(t *testing.T) { enableActiveHealthChecks: false, }, assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { - a.True(notContains(connManager.HttpFilters, wellknown.HealthCheck)) + a.True(notContains(connManager.HttpFilters, envoy.HTTPHealthCheckFilterName)) }, }, { @@ -152,7 +152,7 @@ func TestHTTPConnbuild(t *testing.T) { a := assert.New(t) a.Nil(err) tc.assertFunc(a, actual) - a.Equal(wellknown.Router, actual.HttpFilters[len(actual.HttpFilters)-1].Name) // Router must be last + a.Equal(envoy.HTTPRouterFilterName, actual.HttpFilters[len(actual.HttpFilters)-1].Name) // Router must be last }) } } diff --git a/pkg/envoy/lds/ingress.go b/pkg/envoy/lds/ingress.go index 78557e9da5..c9fd14ec65 100644 --- a/pkg/envoy/lds/ingress.go +++ b/pkg/envoy/lds/ingress.go @@ -5,7 +5,6 @@ import ( xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/pkg/errors" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -92,7 +91,7 @@ func (lb *listenerBuilder) getIngressFilterChainFromTrafficMatch(trafficMatch *t }, Filters: []*xds_listener.Filter{ { - Name: wellknown.HTTPConnectionManager, + Name: envoy.HTTPConnectionManagerFilterName, ConfigType: &xds_listener.Filter_TypedConfig{ TypedConfig: marshalledIngressConnManager, }, @@ -121,7 +120,7 @@ func (lb *listenerBuilder) getIngressFilterChainFromTrafficMatch(trafficMatch *t } filterChain.TransportSocket = &xds_core.TransportSocket{ - Name: wellknown.TransportSocketTls, + Name: trafficMatch.Name, ConfigType: &xds_core.TransportSocket_TypedConfig{ TypedConfig: marshalledDownstreamTLSContext, }, diff --git a/pkg/envoy/lds/ingress_test.go b/pkg/envoy/lds/ingress_test.go index bd77c9185b..c5be649a02 100644 --- a/pkg/envoy/lds/ingress_test.go +++ b/pkg/envoy/lds/ingress_test.go @@ -5,12 +5,12 @@ import ( "testing" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/mock/gomock" tassert "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/wrapperspb" configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/auth" "github.com/openservicemesh/osm/pkg/catalog" @@ -110,7 +110,7 @@ func TestGetIngressFilterChainFromTrafficMatch(t *testing.T) { Port: 80, Protocol: "http", }, - expectedEnvoyFilters: []string{wellknown.HTTPConnectionManager}, + expectedEnvoyFilters: []string{envoy.HTTPConnectionManagerFilterName}, expectedFilterChainMatch: &xds_listener.FilterChainMatch{ DestinationPort: &wrapperspb.UInt32Value{Value: 80}, TransportProtocol: "", @@ -125,7 +125,7 @@ func TestGetIngressFilterChainFromTrafficMatch(t *testing.T) { Protocol: "https", ServerNames: []string{"foo.bar.svc.cluster.local"}, }, - expectedEnvoyFilters: []string{wellknown.HTTPConnectionManager}, + expectedEnvoyFilters: []string{envoy.HTTPConnectionManagerFilterName}, expectedFilterChainMatch: &xds_listener.FilterChainMatch{ DestinationPort: &wrapperspb.UInt32Value{Value: 80}, TransportProtocol: "tls", @@ -140,7 +140,7 @@ func TestGetIngressFilterChainFromTrafficMatch(t *testing.T) { Port: 80, Protocol: "https", }, - expectedEnvoyFilters: []string{wellknown.HTTPConnectionManager}, + expectedEnvoyFilters: []string{envoy.HTTPConnectionManagerFilterName}, expectedFilterChainMatch: &xds_listener.FilterChainMatch{ DestinationPort: &wrapperspb.UInt32Value{Value: 80}, TransportProtocol: "tls", @@ -185,7 +185,7 @@ func TestGetIngressFilterChainFromTrafficMatch(t *testing.T) { if err == nil { assert.Equal(tc.expectedFilterChainMatch, actual.FilterChainMatch) assert.Len(actual.Filters, 1) // Single HTTPConnectionManager filter - assert.Equal(wellknown.HTTPConnectionManager, actual.Filters[0].Name) + assert.Equal(envoy.HTTPConnectionManagerFilterName, actual.Filters[0].Name) } }) } diff --git a/pkg/envoy/lds/inmesh.go b/pkg/envoy/lds/inmesh.go index 82f82abe3d..b2a9cbc3f6 100644 --- a/pkg/envoy/lds/inmesh.go +++ b/pkg/envoy/lds/inmesh.go @@ -10,7 +10,6 @@ import ( xds_local_ratelimit "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/local_ratelimit/v3" xds_tcp_proxy "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" xds_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/protobuf/ptypes/any" "github.com/pkg/errors" "google.golang.org/protobuf/types/known/anypb" @@ -113,7 +112,7 @@ func (lb *listenerBuilder) getInboundHTTPFilters(trafficMatch *trafficpolicy.Tra return nil, errors.Wrapf(err, "Error marshalling inbound HTTP connection manager for proxy with identity %s and traffic match %s", lb.serviceIdentity, trafficMatch.Name) } httpConnectionManagerFilter := &xds_listener.Filter{ - Name: wellknown.HTTPConnectionManager, + Name: envoy.HTTPConnectionManagerFilterName, ConfigType: &xds_listener.Filter_TypedConfig{ TypedConfig: marshalledInboundConnManager, }, @@ -166,7 +165,7 @@ func (lb *listenerBuilder) getInboundMeshHTTPFilterChain(trafficMatch *trafficpo }, TransportSocket: &xds_core.TransportSocket{ - Name: wellknown.TransportSocketTls, + Name: trafficMatch.Name, ConfigType: &xds_core.TransportSocket_TypedConfig{ TypedConfig: marshalledDownstreamTLSContext, }, @@ -216,7 +215,7 @@ func (lb *listenerBuilder) getInboundMeshTCPFilterChain(trafficMatch *trafficpol }, Filters: filters, TransportSocket: &xds_core.TransportSocket{ - Name: wellknown.TransportSocketTls, + Name: trafficMatch.Name, ConfigType: &xds_core.TransportSocket_TypedConfig{ TypedConfig: marshalledDownstreamTLSContext, }, @@ -264,7 +263,7 @@ func (lb *listenerBuilder) getInboundTCPFilters(trafficMatch *trafficpolicy.Traf return nil, err } tcpProxyFilter := &xds_listener.Filter{ - Name: wellknown.TCPProxy, + Name: envoy.TCPProxyFilterName, ConfigType: &xds_listener.Filter_TypedConfig{TypedConfig: marshalledTCPProxy}, } filters = append(filters, tcpProxyFilter) @@ -304,7 +303,7 @@ func buildTCPLocalRateLimitFilter(config *policyv1alpha1.TCPLocalRateLimitSpec, } filter := &xds_listener.Filter{ - Name: wellknown.RateLimit, + Name: envoy.L4LocalRateLimitFilterName, ConfigType: &xds_listener.Filter_TypedConfig{TypedConfig: marshalledConfig}, } @@ -339,7 +338,7 @@ func (lb *listenerBuilder) getOutboundHTTPFilter(routeConfigName string) (*xds_l } return &xds_listener.Filter{ - Name: wellknown.HTTPConnectionManager, + Name: envoy.HTTPConnectionManagerFilterName, ConfigType: &xds_listener.Filter_TypedConfig{TypedConfig: marshalledFilter}, }, nil } @@ -449,7 +448,7 @@ func (lb *listenerBuilder) getOutboundTCPFilter(trafficMatch trafficpolicy.Traff } return &xds_listener.Filter{ - Name: wellknown.TCPProxy, + Name: envoy.TCPProxyFilterName, ConfigType: &xds_listener.Filter_TypedConfig{TypedConfig: marshalledTCPProxy}, }, nil } diff --git a/pkg/envoy/lds/inmesh_test.go b/pkg/envoy/lds/inmesh_test.go index 90102aeba3..e1aedf52c2 100644 --- a/pkg/envoy/lds/inmesh_test.go +++ b/pkg/envoy/lds/inmesh_test.go @@ -7,13 +7,13 @@ import ( xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" xds_tcp_proxy "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/mock/gomock" tassert "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/wrapperspb" configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2" policyv1alpha1 "github.com/openservicemesh/osm/pkg/apis/policy/v1alpha1" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/auth" "github.com/openservicemesh/osm/pkg/catalog" @@ -111,7 +111,7 @@ func TestGetOutboundHTTPFilterChainForService(t *testing.T) { assert.Len(httpFilterChain.FilterChainMatch.PrefixRanges, len(tc.trafficMatch.DestinationIPRanges)) for _, filter := range httpFilterChain.Filters { - assert.Equal(wellknown.HTTPConnectionManager, filter.Name) + assert.Equal(envoy.HTTPConnectionManagerFilterName, filter.Name) } } }) @@ -195,7 +195,7 @@ func TestGetOutboundTCPFilterChainForService(t *testing.T) { assert.Len(tcpFilterChain.FilterChainMatch.PrefixRanges, len(tc.destinationIPRanges)) for _, filter := range tcpFilterChain.Filters { - assert.Equal(wellknown.TCPProxy, filter.Name) + assert.Equal(envoy.TCPProxyFilterName, filter.Name) } } }) @@ -250,7 +250,7 @@ func TestGetInboundMeshHTTPFilterChain(t *testing.T) { TransportProtocol: "tls", ApplicationProtocols: []string{"osm"}, }, - expectedFilterNames: []string{wellknown.RoleBasedAccessControl, wellknown.HTTPConnectionManager}, + expectedFilterNames: []string{envoy.L4RBACFilterName, envoy.HTTPConnectionManagerFilterName}, expectError: false, }, { @@ -268,7 +268,7 @@ func TestGetInboundMeshHTTPFilterChain(t *testing.T) { TransportProtocol: "tls", ApplicationProtocols: []string{"osm"}, }, - expectedFilterNames: []string{wellknown.HTTPConnectionManager}, + expectedFilterNames: []string{envoy.HTTPConnectionManagerFilterName}, expectError: false, }, { @@ -294,7 +294,7 @@ func TestGetInboundMeshHTTPFilterChain(t *testing.T) { TransportProtocol: "tls", ApplicationProtocols: []string{"osm"}, }, - expectedFilterNames: []string{wellknown.RateLimit, wellknown.HTTPConnectionManager}, + expectedFilterNames: []string{envoy.L4LocalRateLimitFilterName, envoy.HTTPConnectionManagerFilterName}, expectError: false, }, } @@ -378,7 +378,7 @@ func TestGetInboundMeshTCPFilterChain(t *testing.T) { TransportProtocol: "tls", ApplicationProtocols: []string{"osm"}, }, - expectedFilterNames: []string{wellknown.RoleBasedAccessControl, wellknown.TCPProxy}, + expectedFilterNames: []string{envoy.L4RBACFilterName, envoy.TCPProxyFilterName}, expectError: false, }, { @@ -396,7 +396,7 @@ func TestGetInboundMeshTCPFilterChain(t *testing.T) { TransportProtocol: "tls", ApplicationProtocols: []string{"osm"}, }, - expectedFilterNames: []string{wellknown.TCPProxy}, + expectedFilterNames: []string{envoy.TCPProxyFilterName}, expectError: false, }, { @@ -422,7 +422,7 @@ func TestGetInboundMeshTCPFilterChain(t *testing.T) { TransportProtocol: "tls", ApplicationProtocols: []string{"osm"}, }, - expectedFilterNames: []string{wellknown.RateLimit, wellknown.TCPProxy}, + expectedFilterNames: []string{envoy.L4LocalRateLimitFilterName, envoy.TCPProxyFilterName}, expectError: false, }, } @@ -652,7 +652,7 @@ func TestGetOutboundTCPFilter(t *testing.T) { actualConfig := &xds_tcp_proxy.TcpProxy{} err = filter.GetTypedConfig().UnmarshalTo(actualConfig) assert.Nil(err) - assert.Equal(wellknown.TCPProxy, filter.Name) + assert.Equal(envoy.TCPProxyFilterName, filter.Name) assert.Equal(tc.expectedTCPProxyConfig.ClusterSpecifier, actualConfig.ClusterSpecifier) @@ -682,5 +682,5 @@ func TestGetOutboundHTTPFilter(t *testing.T) { filter, err := lb.getOutboundHTTPFilter(route.OutboundRouteConfigName) assert.NoError(err) - assert.Equal(filter.Name, wellknown.HTTPConnectionManager) + assert.Equal(filter.Name, envoy.HTTPConnectionManagerFilterName) } diff --git a/pkg/envoy/lds/listener.go b/pkg/envoy/lds/listener.go index c3c595fd74..e5329b6bb0 100644 --- a/pkg/envoy/lds/listener.go +++ b/pkg/envoy/lds/listener.go @@ -9,7 +9,7 @@ import ( xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" xds_tcp_proxy "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" xds_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" + "github.com/golang/protobuf/ptypes/any" "google.golang.org/protobuf/types/known/anypb" "github.com/openservicemesh/osm/pkg/constants" @@ -42,7 +42,12 @@ func (lb *listenerBuilder) newOutboundListener() (*xds_listener.Listener, error) { // The OriginalDestination ListenerFilter is used to redirect traffic // to its original destination. - Name: wellknown.OriginalDestination, + Name: envoy.OriginalDstFilterName, + ConfigType: &xds_listener.ListenerFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.OriginalDstFilterTypeURL, + }, + }, }, }, AccessLog: envoy.GetAccessLog(), @@ -82,12 +87,22 @@ func (lb *listenerBuilder) newOutboundListener() (*xds_listener.Listener, error) // The 'FilterDisabled' field configures the match predicate. { // To inspect TLS metadata, such as the transport protocol and SNI - Name: wellknown.TlsInspector, + Name: envoy.TLSInspectorFilterName, + ConfigType: &xds_listener.ListenerFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.TLSInspectorFilterTypeURL, + }, + }, FilterDisabled: filterDisableMatchPredicate, }, { // To inspect if the application protocol is HTTP based - Name: wellknown.HttpInspector, + Name: envoy.HTTPInspectorFilterName, + ConfigType: &xds_listener.ListenerFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.HTTPInspectorFilterTypeURL, + }, + }, FilterDisabled: filterDisableMatchPredicate, }, } @@ -117,13 +132,23 @@ func newInboundListener() *xds_listener.Listener { FilterChains: []*xds_listener.FilterChain{}, ListenerFilters: []*xds_listener.ListenerFilter{ { - Name: wellknown.TlsInspector, + Name: envoy.TLSInspectorFilterName, + ConfigType: &xds_listener.ListenerFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.TLSInspectorFilterTypeURL, + }, + }, }, { // The OriginalDestination ListenerFilter is used to restore the original destination address // as opposed to the listener's address upon iptables redirection. // This enables inbound filter chain matching on the original destination address (ip, port). - Name: wellknown.OriginalDestination, + Name: envoy.OriginalDstFilterName, + ConfigType: &xds_listener.ListenerFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.OriginalDstFilterTypeURL, + }, + }, }, }, AccessLog: envoy.GetAccessLog(), @@ -146,7 +171,7 @@ func buildPrometheusListener(connManager *xds_hcm.HttpConnectionManager) (*xds_l { Filters: []*xds_listener.Filter{ { - Name: wellknown.HTTPConnectionManager, + Name: envoy.HTTPConnectionManagerFilterName, ConfigType: &xds_listener.Filter_TypedConfig{ TypedConfig: marshalledConnManager, }, @@ -175,7 +200,7 @@ func getDefaultPassthroughFilterChain() (*xds_listener.FilterChain, error) { Name: outboundEgressFilterChainName, Filters: []*xds_listener.Filter{ { - Name: wellknown.TCPProxy, + Name: envoy.TCPProxyFilterName, ConfigType: &xds_listener.Filter_TypedConfig{TypedConfig: marshalledTCPProxy}, }, }, diff --git a/pkg/envoy/lds/listener_test.go b/pkg/envoy/lds/listener_test.go index 36a0b9bcf2..2878b098d6 100644 --- a/pkg/envoy/lds/listener_test.go +++ b/pkg/envoy/lds/listener_test.go @@ -6,7 +6,6 @@ import ( xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" xds_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/mock/gomock" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -45,7 +44,7 @@ var _ = Describe("Construct inbound listeners", func() { Expect(listener.Address).To(Equal(envoy.GetAddress(constants.WildcardIPAddr, constants.EnvoyInboundListenerPort))) Expect(listener.AccessLog).NotTo(BeEmpty()) Expect(len(listener.ListenerFilters)).To(Equal(2)) // TlsInspector, OriginalDestination listener filter - Expect(listener.ListenerFilters[0].Name).To(Equal(wellknown.TlsInspector)) + Expect(listener.ListenerFilters[0].Name).To(Equal(envoy.TLSInspectorFilterName)) Expect(listener.TrafficDirection).To(Equal(xds_core.TrafficDirection_INBOUND)) }) }) @@ -204,7 +203,7 @@ func TestNewOutboundListener(t *testing.T) { assert.Len(listener.ListenerFilters, 3) // OriginalDst, TlsInspector, HttpInspector assert.NotEmpty(listener.AccessLog) - assert.Equal(wellknown.TlsInspector, listener.ListenerFilters[1].Name) + assert.Equal(envoy.TLSInspectorFilterName, listener.ListenerFilters[1].Name) assert.Equal(&xds_listener.ListenerFilterChainMatchPredicate{ Rule: &xds_listener.ListenerFilterChainMatchPredicate_DestinationPortRange{ DestinationPortRange: &xds_type.Int32Range{ @@ -213,6 +212,6 @@ func TestNewOutboundListener(t *testing.T) { }, }, }, listener.ListenerFilters[1].FilterDisabled) - assert.Equal(wellknown.HttpInspector, listener.ListenerFilters[2].Name) + assert.Equal(envoy.HTTPInspectorFilterName, listener.ListenerFilters[2].Name) assert.Equal(listener.ListenerFilters[1].FilterDisabled, listener.ListenerFilters[2].FilterDisabled) } diff --git a/pkg/envoy/lds/rbac.go b/pkg/envoy/lds/rbac.go index 560406cb35..2cef95e81b 100644 --- a/pkg/envoy/lds/rbac.go +++ b/pkg/envoy/lds/rbac.go @@ -4,9 +4,9 @@ import ( xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" xds_rbac "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" xds_network_rbac "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "google.golang.org/protobuf/types/known/anypb" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/envoy/rbac" "github.com/openservicemesh/osm/pkg/errcode" "github.com/openservicemesh/osm/pkg/identity" @@ -30,7 +30,7 @@ func (lb *listenerBuilder) buildRBACFilter() (*xds_listener.Filter, error) { } rbacFilter := &xds_listener.Filter{ - Name: wellknown.RoleBasedAccessControl, + Name: envoy.L4RBACFilterName, ConfigType: &xds_listener.Filter_TypedConfig{TypedConfig: marshalledNetworkRBACPolicy}, } diff --git a/pkg/envoy/lds/rbac_test.go b/pkg/envoy/lds/rbac_test.go index 84c77f85f1..93a57fec4f 100644 --- a/pkg/envoy/lds/rbac_test.go +++ b/pkg/envoy/lds/rbac_test.go @@ -8,9 +8,9 @@ import ( tassert "github.com/stretchr/testify/assert" xds_rbac "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/openservicemesh/osm/pkg/catalog" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/envoy/rbac" "github.com/openservicemesh/osm/pkg/identity" @@ -255,7 +255,7 @@ func TestBuildRBACFilter(t *testing.T) { rbacFilter, err := lb.buildRBACFilter() assert.Equal(err != nil, tc.expectErr) - assert.Equal(rbacFilter.Name, wellknown.RoleBasedAccessControl) + assert.Equal(envoy.L4RBACFilterName, rbacFilter.Name) }) } } diff --git a/pkg/envoy/lds/response_test.go b/pkg/envoy/lds/response_test.go index 7a927f04f8..55d1c59830 100644 --- a/pkg/envoy/lds/response_test.go +++ b/pkg/envoy/lds/response_test.go @@ -8,7 +8,6 @@ import ( xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/mock/gomock" "github.com/google/uuid" tassert "github.com/stretchr/testify/assert" @@ -126,7 +125,7 @@ func TestNewResponse(t *testing.T) { assert.Equal(listener.Name, OutboundListenerName) assert.Equal(listener.TrafficDirection, xds_core.TrafficDirection_OUTBOUND) assert.Len(listener.ListenerFilters, 3) // Test has egress policy feature enabled, so 3 filters are expected: OriginalDst, TlsInspector, HttpInspector - assert.Equal(listener.ListenerFilters[0].Name, wellknown.OriginalDestination) + assert.Equal(envoy.OriginalDstFilterName, listener.ListenerFilters[0].Name) assert.NotNil(listener.FilterChains) // There are 3 filter chains configured on the outbound-listener based on the configuration: // 1. Filter chain for bookstore-v1 @@ -141,7 +140,7 @@ func TestNewResponse(t *testing.T) { assert.Len(listener.FilterChains, 3) assert.NotNil(listener.DefaultFilterChain) assert.Equal(listener.DefaultFilterChain.Name, outboundEgressFilterChainName) - assert.Equal(listener.DefaultFilterChain.Filters[0].Name, wellknown.TCPProxy) + assert.Equal(listener.DefaultFilterChain.Filters[0].Name, envoy.TCPProxyFilterName) // validating inbound listener listener, ok = resources[1].(*xds_listener.Listener) @@ -149,8 +148,8 @@ func TestNewResponse(t *testing.T) { assert.Equal(listener.Name, InboundListenerName) assert.Equal(listener.TrafficDirection, xds_core.TrafficDirection_INBOUND) assert.Len(listener.ListenerFilters, 2) - assert.Equal(listener.ListenerFilters[0].Name, wellknown.TlsInspector) - assert.Equal(listener.ListenerFilters[1].Name, wellknown.OriginalDestination) + assert.Equal(listener.ListenerFilters[0].Name, envoy.TLSInspectorFilterName) + assert.Equal(listener.ListenerFilters[1].Name, envoy.OriginalDstFilterName) assert.NotNil(listener.FilterChains) // There is 1 filter chains configured on the inbound-listner based on the configuration: // 1. Filter chanin for bookbuyer diff --git a/pkg/envoy/lds/wasm.go b/pkg/envoy/lds/wasm.go index 4c11dc1a36..77ee293d1a 100644 --- a/pkg/envoy/lds/wasm.go +++ b/pkg/envoy/lds/wasm.go @@ -11,10 +11,10 @@ import ( xds_wasm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3" xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" xds_wasm_ext "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/pkg/errors" - "google.golang.org/protobuf/types/known/anypb" + + "github.com/openservicemesh/osm/pkg/envoy" ) //go:embed stats.wasm @@ -99,7 +99,7 @@ func getAddHeadersFilter(headers map[string]string) (*xds_hcm.HttpFilter, error) } return &xds_hcm.HttpFilter{ - Name: wellknown.Lua, + Name: envoy.HTTPLuaFilterName, ConfigType: &xds_hcm.HttpFilter_TypedConfig{ TypedConfig: luaAny, }, diff --git a/pkg/envoy/proto_types.go b/pkg/envoy/proto_types.go new file mode 100644 index 0000000000..4df40e6bb9 --- /dev/null +++ b/pkg/envoy/proto_types.go @@ -0,0 +1,317 @@ +package envoy + +import ( + // These imports are required for dynamic proto resolution + // so that pkgs using `Any`proto type don't see issues when + // marshalling errors of the form: + // unable to resolve "type.googleapis.com/envoy...": "not found". + // + // Generated using the command: + // go list -mod=readonly github.com/envoyproxy/go-control-plane/envoy/... | sort | awk '{printf "_ \"%s\"\n", $1}' + _ "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/admin/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/annotations" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/cluster" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/ratelimit" + _ "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" + _ "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/aggregate/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/dynamic_forward_proxy/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/redis" + _ "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/common/dynamic_forward_proxy/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/common/key_value/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/common/matcher/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/common/tap/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/dubbo/router/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/fault/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/adaptive_concurrency/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/aws_lambda/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/aws_request_signing/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/buffer/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/cache/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/compressor/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/cors/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/csrf/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/dynamic_forward_proxy/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/dynamo/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/ext_authz/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/fault/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/grpc_http1_bridge/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/grpc_stats/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/grpc_web/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/gzip/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/header_to_metadata/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/health_check/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/ip_tagging/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/jwt_authn/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/lua/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/on_demand/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/original_src/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/rate_limit/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/rbac/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/router/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/squash/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/tap/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/transcoder/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/listener/http_inspector/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/listener/original_dst/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/listener/original_src/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/listener/proxy_protocol/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/listener/tls_inspector/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/client_ssl_auth/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/direct_response/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/dubbo_proxy/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/echo/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/ext_authz/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/kafka_broker/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/local_rate_limit/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/mongo_proxy/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/mysql_proxy/v1alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/rate_limit/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/rbac/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/redis_proxy/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/sni_cluster/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/tcp_proxy/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/thrift_proxy/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/zookeeper_proxy/v1alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/thrift/rate_limit/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/thrift/router/v2alpha1" + _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/udp/udp_proxy/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/grpc_credential/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/grpc_credential/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/health_checker/redis/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/listener/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/overload/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/overload/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/resource_monitor/fixed_heap/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/resource_monitor/injected_resource/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/retry/omit_canary_hosts/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/retry/omit_host_metadata/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/retry/previous_hosts/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/retry/previous_priorities" + _ "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/trace/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/trace/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/config/transport_socket/alts/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/config/transport_socket/raw_buffer/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/config/transport_socket/tap/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/data/accesslog/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/data/accesslog/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/data/cluster/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/data/cluster/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/data/core/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/data/core/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/data/dns/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/data/dns/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/data/tap/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/data/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/filters/cel/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/stream/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/cache/simple_http_cache/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/dynamic_forward_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/redis/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/dynamic_forward_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/matching/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/brotli/compressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/brotli/decompressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/decompressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/config/validators/minimum_clusters/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/dependency/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/fault/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/matcher/action/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/adaptive_concurrency/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/admission_control/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/alternate_protocols_cache/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_lambda/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_request_signing/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/bandwidth_limit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/buffer/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cache/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cdn_loop/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/composite/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/csrf/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/decompressor/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/dynamic_forward_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/dynamo/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_proc/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/fault/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_bridge/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_json_transcoder/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/gzip/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_to_metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ip_tagging/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/kill_request/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/oauth2/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/on_demand/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/original_src/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/set_metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/stateful_session/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_src/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/proxy_protocol/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/client_ssl_auth/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/connection_limit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/direct_response/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/dubbo_proxy/router/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/dubbo_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/echo/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ext_authz/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/local_ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/meta_protocol_proxy/matcher/action/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/meta_protocol_proxy/matcher/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/meta_protocol_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/mongo_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/redis_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/router/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/zookeeper_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/dns_filter/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/udp_proxy/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/req_without_query/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/health_checkers/redis/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/header_formatters/preserve_case/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/custom_header/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/xff/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/stateful_session/cookie/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/allow_listed_routes/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/previous_routes/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/safe_cross_scheme/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/key_value/file_based/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/ring_hash/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/round_robin/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/wrr_locality/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/common_inputs/environment_variable/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/common_inputs/network/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/input_matchers/consistent_hashing/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/input_matchers/ip/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/dns_resolver/apple/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/dns_resolver/cares/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/socket_interface/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/quic/crypto_stream/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/quic/proof_source/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/rate_limit_descriptors/expr/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/rbac/matchers/upstream_ip_port/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/request_id/uuid/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/fixed_heap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/injected_resource/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/omit_canary_hosts/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/omit_host_metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/priority/previous_priorities/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/graphite_statsd/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/alts/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/proxy_protocol/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/raw_buffer/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/s2a/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/starttls/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tcp_stats/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/generic/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/http/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/tcp/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/tcp/generic/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/watchdog/profile_action/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/cluster/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/endpoint/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/event_reporting/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/service/event_reporting/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/ext_proc/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/extension/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/health/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/listener/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/metrics/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/metrics/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/ratelimit/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/ratelimit/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/runtime/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/secret/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/status/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/status/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/tap/v2alpha" + _ "github.com/envoyproxy/go-control-plane/envoy/service/tap/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/service/trace/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/service/trace/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/type" + _ "github.com/envoyproxy/go-control-plane/envoy/type/http/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + _ "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/type/metadata/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/type/metadata/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v2" + _ "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/type/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/watchdog/v3" +) diff --git a/pkg/envoy/rds/route/rbac.go b/pkg/envoy/rds/route/rbac.go index ca9a5bf018..ef144bc797 100644 --- a/pkg/envoy/rds/route/rbac.go +++ b/pkg/envoy/rds/route/rbac.go @@ -3,11 +3,11 @@ package route import ( xds_rbac "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" xds_http_rbac "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/protobuf/ptypes/any" "github.com/pkg/errors" "google.golang.org/protobuf/types/known/anypb" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/envoy/rbac" "github.com/openservicemesh/osm/pkg/identity" @@ -54,5 +54,5 @@ func buildInboundRBACFilterForRule(rule *trafficpolicy.Rule, trustDomain string) return nil, err } - return map[string]*any.Any{wellknown.HTTPRoleBasedAccessControl: marshalled}, nil + return map[string]*any.Any{envoy.HTTPRBACFilterName: marshalled}, nil } diff --git a/pkg/envoy/rds/route/rbac_test.go b/pkg/envoy/rds/route/rbac_test.go index 88c765c1f7..56f98e0dc7 100644 --- a/pkg/envoy/rds/route/rbac_test.go +++ b/pkg/envoy/rds/route/rbac_test.go @@ -7,9 +7,9 @@ import ( mapset "github.com/deckarep/golang-set" xds_rbac "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" xds_http_rbac "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" tassert "github.com/stretchr/testify/assert" + "github.com/openservicemesh/osm/pkg/envoy" "github.com/openservicemesh/osm/pkg/envoy/rbac" "github.com/openservicemesh/osm/pkg/identity" "github.com/openservicemesh/osm/pkg/tests" @@ -99,7 +99,7 @@ func TestBuildInboundRBACFilterForRule(t *testing.T) { return } - marshalled := rbacFilter[wellknown.HTTPRoleBasedAccessControl] + marshalled := rbacFilter[envoy.HTTPRBACFilterName] httpRBACPerRoute := &xds_http_rbac.RBACPerRoute{} err = marshalled.UnmarshalTo(httpRBACPerRoute) assert.Nil(err) diff --git a/pkg/envoy/types.go b/pkg/envoy/types.go index b4f888d688..e403e562c2 100644 --- a/pkg/envoy/types.go +++ b/pkg/envoy/types.go @@ -86,6 +86,41 @@ const ( TypeADS TypeURI = "ADS" ) +// Filter names - can be any name (not used by Envoy to determine the filter to use) +// *Note: HTTP RBAC filter still requires a wellknown name +const ( + // HTTP filters + HTTPConnectionManagerFilterName = "http_connection_manager" + HTTPRouterFilterName = "http_router" + HTTPLuaFilterName = "http_lua" + HTTPLocalRateLimitFilterName = "http_local_rate_limit" + HTTPExtAuthzFilterName = "http_external_authz" + HTTPHealthCheckFilterName = "http_health_check" + + // The HTTP RBAC filter still requires a wellknown name + // See https://github.com/envoyproxy/envoy/issues/21759#issuecomment-1159243250 + HTTPRBACFilterName = "envoy.filters.http.rbac" + + // Network (L4) filters + TCPProxyFilterName = "tcp_proxy" + L4LocalRateLimitFilterName = "l4_local_rate_limit" + L4RBACFilterName = "l4_rbac" + + // Listener filters + OriginalDstFilterName = "original_dst" + TLSInspectorFilterName = "tls_inspector" + HTTPInspectorFilterName = "http_inspector" +) + +// Filter TypeURLs - used by Envoy to determine the filter to use +const ( + HTTPRouterFilterTypeURL = "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + HTTPRBACFilterTypeURL = "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC" + OriginalDstFilterTypeURL = "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + TLSInspectorFilterTypeURL = "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + HTTPInspectorFilterTypeURL = "type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector" +) + const ( // EnvoyActiveHealthCheckPath is the HTTP endpoint to be used to receive // active health checks. diff --git a/pkg/injector/envoy_config_health_probes.go b/pkg/injector/envoy_config_health_probes.go index a26da46d5c..8f49fc26dd 100644 --- a/pkg/injector/envoy_config_health_probes.go +++ b/pkg/injector/envoy_config_health_probes.go @@ -3,15 +3,6 @@ package injector import ( "time" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "google.golang.org/protobuf/types/known/anypb" - "google.golang.org/protobuf/types/known/durationpb" - "google.golang.org/protobuf/types/known/structpb" - - "github.com/openservicemesh/osm/pkg/constants" - "github.com/openservicemesh/osm/pkg/envoy" - "github.com/openservicemesh/osm/pkg/errcode" - xds_accesslog_filter "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" xds_cluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" @@ -21,6 +12,14 @@ import ( xds_accesslog "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/stream/v3" xds_http_connection_manager "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" xds_tcp_proxy "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + "github.com/golang/protobuf/ptypes/any" + "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/durationpb" + "google.golang.org/protobuf/types/known/structpb" + + "github.com/openservicemesh/osm/pkg/constants" + "github.com/openservicemesh/osm/pkg/envoy" + "github.com/openservicemesh/osm/pkg/errcode" ) const ( @@ -133,7 +132,12 @@ func getProbeListener(listenerName, clusterName, newPath string, port int32, ori }, HttpFilters: []*xds_http_connection_manager.HttpFilter{ { - Name: "envoy.filters.http.router", + Name: envoy.HTTPRouterFilterName, + ConfigType: &xds_http_connection_manager.HttpFilter_TypedConfig{ + TypedConfig: &any.Any{ + TypeUrl: envoy.HTTPRouterFilterTypeURL, + }, + }, }, }, } @@ -146,7 +150,7 @@ func getProbeListener(listenerName, clusterName, newPath string, port int32, ori filterChain = &xds_listener.FilterChain{ Filters: []*xds_listener.Filter{ { - Name: "envoy.filters.network.http_connection_manager", + Name: envoy.HTTPConnectionManagerFilterName, ConfigType: &xds_listener.Filter_TypedConfig{ TypedConfig: pbHTTPConnectionManager, }, @@ -176,7 +180,7 @@ func getProbeListener(listenerName, clusterName, newPath string, port int32, ori filterChain = &xds_listener.FilterChain{ Filters: []*xds_listener.Filter{ { - Name: wellknown.TCPProxy, + Name: envoy.TCPProxyFilterName, ConfigType: &xds_listener.Filter_TypedConfig{ TypedConfig: pbTCPProxy, }, diff --git a/pkg/injector/test_fixtures/expected_envoy_bootstrap_config.yaml b/pkg/injector/test_fixtures/expected_envoy_bootstrap_config.yaml index 88111f99ff..f1123ee363 100644 --- a/pkg/injector/test_fixtures/expected_envoy_bootstrap_config.yaml +++ b/pkg/injector/test_fixtures/expected_envoy_bootstrap_config.yaml @@ -99,7 +99,7 @@ static_resources: port_value: 15901 filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager + - name: http_connection_manager typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: @@ -128,7 +128,9 @@ static_resources: user_agent: '%REQ(USER-AGENT)%' x_forwarded_for: '%REQ(X-FORWARDED-FOR)%' http_filters: - - name: envoy.filters.http.router + - name: http_router + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: @@ -150,7 +152,7 @@ static_resources: port_value: 15902 filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager + - name: http_connection_manager typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: @@ -179,7 +181,9 @@ static_resources: user_agent: '%REQ(USER-AGENT)%' x_forwarded_for: '%REQ(X-FORWARDED-FOR)%' http_filters: - - name: envoy.filters.http.router + - name: http_router + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: @@ -201,7 +205,7 @@ static_resources: port_value: 15903 filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager + - name: http_connection_manager typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: @@ -230,7 +234,9 @@ static_resources: user_agent: '%REQ(USER-AGENT)%' x_forwarded_for: '%REQ(X-FORWARDED-FOR)%' http_filters: - - name: envoy.filters.http.router + - name: http_router + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: diff --git a/pkg/protobuf/util.go b/pkg/protobuf/util.go new file mode 100644 index 0000000000..8b6999da97 --- /dev/null +++ b/pkg/protobuf/util.go @@ -0,0 +1,17 @@ +package protobuf + +import ( + "github.com/golang/protobuf/proto" + "github.com/golang/protobuf/ptypes/any" + "google.golang.org/protobuf/types/known/anypb" +) + +// MustMarshalAny marshals a protobuf Message into an Any type. It panics if that operation fails. +func MustMarshalAny(pb proto.Message) *any.Any { + msg, err := anypb.New(proto.MessageV2(pb)) + if err != nil { + panic(err.Error()) + } + + return msg +} diff --git a/tests/envoy_xds_expectations/expected_output_getLivenessListener.yaml b/tests/envoy_xds_expectations/expected_output_getLivenessListener.yaml index 07f3cab37e..4fc8b657ee 100644 --- a/tests/envoy_xds_expectations/expected_output_getLivenessListener.yaml +++ b/tests/envoy_xds_expectations/expected_output_getLivenessListener.yaml @@ -4,7 +4,7 @@ address: port_value: 15901 filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager + - name: http_connection_manager typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: @@ -33,7 +33,9 @@ filter_chains: user_agent: '%REQ(USER-AGENT)%' x_forwarded_for: '%REQ(X-FORWARDED-FOR)%' http_filters: - - name: envoy.filters.http.router + - name: http_router + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: diff --git a/tests/envoy_xds_expectations/expected_output_getLivenessListenerNonHTTP.yaml b/tests/envoy_xds_expectations/expected_output_getLivenessListenerNonHTTP.yaml index bc35a7743d..8c8d4ba61d 100644 --- a/tests/envoy_xds_expectations/expected_output_getLivenessListenerNonHTTP.yaml +++ b/tests/envoy_xds_expectations/expected_output_getLivenessListenerNonHTTP.yaml @@ -4,7 +4,7 @@ address: port_value: 15901 filter_chains: - filters: - - name: envoy.filters.network.tcp_proxy + - name: tcp_proxy typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy access_log: diff --git a/tests/envoy_xds_expectations/expected_output_getProbeListener.yaml b/tests/envoy_xds_expectations/expected_output_getProbeListener.yaml index 27dd18e7f4..7af81b3637 100644 --- a/tests/envoy_xds_expectations/expected_output_getProbeListener.yaml +++ b/tests/envoy_xds_expectations/expected_output_getProbeListener.yaml @@ -4,7 +4,7 @@ address: port_value: 9 filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager + - name: http_connection_manager typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: @@ -33,7 +33,9 @@ filter_chains: user_agent: '%REQ(USER-AGENT)%' x_forwarded_for: '%REQ(X-FORWARDED-FOR)%' http_filters: - - name: envoy.filters.http.router + - name: http_router + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: diff --git a/tests/envoy_xds_expectations/expected_output_getReadinessListener.yaml b/tests/envoy_xds_expectations/expected_output_getReadinessListener.yaml index 025b774ae9..3d224f0eb8 100644 --- a/tests/envoy_xds_expectations/expected_output_getReadinessListener.yaml +++ b/tests/envoy_xds_expectations/expected_output_getReadinessListener.yaml @@ -4,7 +4,7 @@ address: port_value: 15902 filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager + - name: http_connection_manager typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: @@ -33,7 +33,9 @@ filter_chains: user_agent: '%REQ(USER-AGENT)%' x_forwarded_for: '%REQ(X-FORWARDED-FOR)%' http_filters: - - name: envoy.filters.http.router + - name: http_router + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: diff --git a/tests/envoy_xds_expectations/expected_output_getStartupListener.yaml b/tests/envoy_xds_expectations/expected_output_getStartupListener.yaml index 046611de52..4cbc4146f8 100644 --- a/tests/envoy_xds_expectations/expected_output_getStartupListener.yaml +++ b/tests/envoy_xds_expectations/expected_output_getStartupListener.yaml @@ -4,7 +4,7 @@ address: port_value: 15903 filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager + - name: http_connection_manager typed_config: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: @@ -33,7 +33,9 @@ filter_chains: user_agent: '%REQ(USER-AGENT)%' x_forwarded_for: '%REQ(X-FORWARDED-FOR)%' http_filters: - - name: envoy.filters.http.router + - name: http_router + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: