envoy/lds: refactor http connection manager + wasm filter

The existing code to build the HTTP connection manager is unnecessarily complex and complicated to test. This change refactor the code such that it is easier to comprehend and test. Additionally, removes the WASM stats headers for ingress so that internal mesh details (pod name, namespace, deployments etc.) are not leaked as a part of the HTTP response headers. - Removes mesh WASM config for ingress - WASM, external auth, tracing related code have been consolidated into their respective files. - HTTP connection manager is now built from its input config as opposed to passing the Configurator interface around multiple times. - Fixes incorrect test expectations when registering mock expectations for function calls. - Only adds the necessary WASM filters when `statsHeaders` are configured on the `lisenerBuilder` type. - Renames tests to match the function names and moves updated tests to their corresponding test files. Signed-off-by: Shashank Ram <[email protected]>
openservicemesh · Jul 16, 2021 · b333f45 · b333f45
1 parent 3fd5cd6
commit b333f45
Show file tree

Hide file tree

Showing 16 changed files with 540 additions and 411 deletions.
diff --git a/pkg/envoy/lds/auth.go b/pkg/envoy/lds/auth.go
@@ -13,8 +13,16 @@ import (
 	"github.com/openservicemesh/osm/pkg/errcode"
 )
 
+func (lb *listenerBuilder) getExtAuthConfig() *auth.ExtAuthConfig {
+	extAuthConfig := lb.cfg.GetInboundExternalAuthConfig()
+	if extAuthConfig.Enable {
+		return &extAuthConfig
+	}
+	return nil
+}
+
 // getExtAuthzHTTPFilter returns an envoy HttpFilter given an ExternAuthConfig configuration
-func getExtAuthzHTTPFilter(extAuthConfig auth.ExtAuthConfig) *xds_hcm.HttpFilter {
+func getExtAuthzHTTPFilter(extAuthConfig *auth.ExtAuthConfig) *xds_hcm.HttpFilter {
 	extAuth := &xds_ext_authz.ExtAuthz{
 		Services: &xds_ext_authz.ExtAuthz_GrpcService{
 			GrpcService: &envoy_config_core_v3.GrpcService{

diff --git a/pkg/envoy/lds/auth_test.go b/pkg/envoy/lds/auth_test.go
@@ -0,0 +1,66 @@
+package lds
+
+import (
+	"testing"
+
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/openservicemesh/osm/pkg/auth"
+	"github.com/openservicemesh/osm/pkg/configurator"
+)
+
+func TestGetExtAuthConfig(t *testing.T) {
+	testCases := []struct {
+		name       string
+		authConfig *auth.ExtAuthConfig
+		expected   *auth.ExtAuthConfig
+	}{
+		{
+			name: "Ext Auth feature is disabled",
+			authConfig: &auth.ExtAuthConfig{
+				Enable:           false,
+				Address:          "test.xyz",
+				Port:             123,
+				StatPrefix:       "pref",
+				FailureModeAllow: false,
+			},
+			expected: nil,
+		},
+		{
+			name: "Ext Auth feature is enabled",
+			authConfig: &auth.ExtAuthConfig{
+				Enable:           true,
+				Address:          "test.xyz",
+				Port:             123,
+				StatPrefix:       "pref",
+				FailureModeAllow: false,
+			},
+			expected: &auth.ExtAuthConfig{
+				Enable:           true,
+				Address:          "test.xyz",
+				Port:             123,
+				StatPrefix:       "pref",
+				FailureModeAllow: false,
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			a := assert.New(t)
+			mockCtrl := gomock.NewController(t)
+			defer mockCtrl.Finish()
+
+			mockConfigurator := configurator.NewMockConfigurator(mockCtrl)
+			lb := &listenerBuilder{
+				cfg: mockConfigurator,
+			}
+
+			mockConfigurator.EXPECT().GetInboundExternalAuthConfig().Return(*tc.authConfig).Times(1)
+
+			actual := lb.getExtAuthConfig()
+			a.Equal(tc.expected, actual)
+		})
+	}
+}
diff --git a/pkg/envoy/lds/connection_manager.go b/pkg/envoy/lds/connection_manager.go
diff --git a/pkg/envoy/lds/egress_test.go b/pkg/envoy/lds/egress_test.go
@@ -55,6 +55,7 @@ func TestGetEgressHTTPFilterChain(t *testing.T) {
 				cfg: mockConfigurator,
 			}
 			mockConfigurator.EXPECT().IsTracingEnabled().Return(false).AnyTimes()
+			mockConfigurator.EXPECT().GetTracingEndpoint().Return("some-endpoint").AnyTimes()
 			mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{
 				EnableEgressPolicy: true,
 				EnableWASMStats:    false}).AnyTimes()
@@ -226,6 +227,7 @@ func TestGetEgressFilterChainsForMatches(t *testing.T) {
 				cfg: mockConfigurator,
 			}
 			mockConfigurator.EXPECT().IsTracingEnabled().Return(false).AnyTimes()
+			mockConfigurator.EXPECT().GetTracingEndpoint().Return("some-endpoint").AnyTimes()
 			mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{
 				EnableEgressPolicy: true,
 				EnableWASMStats:    false,