From b333f4513e2ddb37d2b9095f2a9ace46e2514df9 Mon Sep 17 00:00:00 2001 From: Shashank Ram Date: Thu, 15 Jul 2021 15:25:30 -0700 Subject: [PATCH] envoy/lds: refactor http connection manager + wasm filter The existing code to build the HTTP connection manager is unnecessarily complex and complicated to test. This change refactor the code such that it is easier to comprehend and test. Additionally, removes the WASM stats headers for ingress so that internal mesh details (pod name, namespace, deployments etc.) are not leaked as a part of the HTTP response headers. - Removes mesh WASM config for ingress - WASM, external auth, tracing related code have been consolidated into their respective files. - HTTP connection manager is now built from its input config as opposed to passing the Configurator interface around multiple times. - Fixes incorrect test expectations when registering mock expectations for function calls. - Only adds the necessary WASM filters when `statsHeaders` are configured on the `lisenerBuilder` type. - Renames tests to match the function names and moves updated tests to their corresponding test files. Signed-off-by: Shashank Ram --- pkg/envoy/lds/auth.go | 10 +- pkg/envoy/lds/auth_test.go | 66 +++++++++ pkg/envoy/lds/connection_manager.go | 168 --------------------- pkg/envoy/lds/egress_test.go | 2 + pkg/envoy/lds/http_connection.go | 135 +++++++++++++++++ pkg/envoy/lds/http_connection_test.go | 125 ++++++++++++++++ pkg/envoy/lds/ingress.go | 21 ++- pkg/envoy/lds/ingress_test.go | 1 + pkg/envoy/lds/inmesh.go | 47 ++++-- pkg/envoy/lds/inmesh_test.go | 25 ++++ pkg/envoy/lds/listener_test.go | 205 -------------------------- pkg/envoy/lds/response_test.go | 1 + pkg/envoy/lds/tracing.go | 7 +- pkg/envoy/lds/wasm.go | 59 ++++++++ pkg/envoy/lds/wasm_test.go | 53 +++++++ pkg/errcode/errcode.go | 26 +--- 16 files changed, 540 insertions(+), 411 deletions(-) create mode 100644 pkg/envoy/lds/auth_test.go delete mode 100644 pkg/envoy/lds/connection_manager.go create mode 100644 pkg/envoy/lds/http_connection.go create mode 100644 pkg/envoy/lds/http_connection_test.go create mode 100644 pkg/envoy/lds/wasm_test.go diff --git a/pkg/envoy/lds/auth.go b/pkg/envoy/lds/auth.go index 2d41dd39a2..08252f27d3 100644 --- a/pkg/envoy/lds/auth.go +++ b/pkg/envoy/lds/auth.go @@ -13,8 +13,16 @@ import ( "github.com/openservicemesh/osm/pkg/errcode" ) +func (lb *listenerBuilder) getExtAuthConfig() *auth.ExtAuthConfig { + extAuthConfig := lb.cfg.GetInboundExternalAuthConfig() + if extAuthConfig.Enable { + return &extAuthConfig + } + return nil +} + // getExtAuthzHTTPFilter returns an envoy HttpFilter given an ExternAuthConfig configuration -func getExtAuthzHTTPFilter(extAuthConfig auth.ExtAuthConfig) *xds_hcm.HttpFilter { +func getExtAuthzHTTPFilter(extAuthConfig *auth.ExtAuthConfig) *xds_hcm.HttpFilter { extAuth := &xds_ext_authz.ExtAuthz{ Services: &xds_ext_authz.ExtAuthz_GrpcService{ GrpcService: &envoy_config_core_v3.GrpcService{ diff --git a/pkg/envoy/lds/auth_test.go b/pkg/envoy/lds/auth_test.go new file mode 100644 index 0000000000..39f14603a2 --- /dev/null +++ b/pkg/envoy/lds/auth_test.go @@ -0,0 +1,66 @@ +package lds + +import ( + "testing" + + "github.com/golang/mock/gomock" + "github.com/stretchr/testify/assert" + + "github.com/openservicemesh/osm/pkg/auth" + "github.com/openservicemesh/osm/pkg/configurator" +) + +func TestGetExtAuthConfig(t *testing.T) { + testCases := []struct { + name string + authConfig *auth.ExtAuthConfig + expected *auth.ExtAuthConfig + }{ + { + name: "Ext Auth feature is disabled", + authConfig: &auth.ExtAuthConfig{ + Enable: false, + Address: "test.xyz", + Port: 123, + StatPrefix: "pref", + FailureModeAllow: false, + }, + expected: nil, + }, + { + name: "Ext Auth feature is enabled", + authConfig: &auth.ExtAuthConfig{ + Enable: true, + Address: "test.xyz", + Port: 123, + StatPrefix: "pref", + FailureModeAllow: false, + }, + expected: &auth.ExtAuthConfig{ + Enable: true, + Address: "test.xyz", + Port: 123, + StatPrefix: "pref", + FailureModeAllow: false, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + a := assert.New(t) + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfigurator := configurator.NewMockConfigurator(mockCtrl) + lb := &listenerBuilder{ + cfg: mockConfigurator, + } + + mockConfigurator.EXPECT().GetInboundExternalAuthConfig().Return(*tc.authConfig).Times(1) + + actual := lb.getExtAuthConfig() + a.Equal(tc.expected, actual) + }) + } +} diff --git a/pkg/envoy/lds/connection_manager.go b/pkg/envoy/lds/connection_manager.go deleted file mode 100644 index 289c7147f1..0000000000 --- a/pkg/envoy/lds/connection_manager.go +++ /dev/null @@ -1,168 +0,0 @@ -package lds - -import ( - "fmt" - - envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" - envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - xds_route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" - - "github.com/golang/protobuf/ptypes/wrappers" - - "github.com/openservicemesh/osm/pkg/configurator" - "github.com/openservicemesh/osm/pkg/constants" - "github.com/openservicemesh/osm/pkg/envoy" - "github.com/openservicemesh/osm/pkg/errcode" -) - -// trafficDirection defines, for filter terms, the direction of the traffic from an application -// perspective, in which the connection manager filters will be applied -type trafficDirection string - -const ( - meshHTTPConnManagerStatPrefix = "mesh-http-conn-manager" - prometheusHTTPConnManagerStatPrefix = "prometheus-http-conn-manager" - prometheusInboundVirtualHostName = "prometheus-inbound-virtual-host" - - // inbound defines in-mesh inbound or ingress traffic driections - inbound = "inbound" - // outbound defines in-mesh outbound or egress traffic directions - outbound = "outbound" -) - -func getHTTPConnectionManager(routeName string, cfg configurator.Configurator, headers map[string]string, direction trafficDirection) *xds_hcm.HttpConnectionManager { - connManager := &xds_hcm.HttpConnectionManager{ - StatPrefix: fmt.Sprintf("%s.%s", meshHTTPConnManagerStatPrefix, routeName), - CodecType: xds_hcm.HttpConnectionManager_AUTO, - HttpFilters: []*xds_hcm.HttpFilter{ - { - // HTTP RBAC filter - Name: wellknown.HTTPRoleBasedAccessControl, - }, - }, - RouteSpecifier: &xds_hcm.HttpConnectionManager_Rds{ - Rds: &xds_hcm.Rds{ - ConfigSource: envoy.GetADSConfigSource(), - RouteConfigName: routeName, - }, - }, - AccessLog: envoy.GetAccessLog(), - } - - if direction == inbound { - incomingExtAuthCfg := cfg.GetInboundExternalAuthConfig() - if incomingExtAuthCfg.Enable { - connManager.HttpFilters = append(connManager.HttpFilters, getExtAuthzHTTPFilter(incomingExtAuthCfg)) - } - } - - connManager.HttpFilters = append(connManager.HttpFilters, &xds_hcm.HttpFilter{ - // HTTP Router filter - Name: wellknown.Router, - }) - - if cfg.IsTracingEnabled() { - connManager.GenerateRequestId = &wrappers.BoolValue{ - Value: true, - } - - tracing, err := GetTracingConfig(cfg) - if err != nil { - log.Error().Err(err).Msg("Error getting tracing config") - return connManager - } - - connManager.Tracing = tracing - } - - if cfg.GetFeatureFlags().EnableWASMStats { - statsFilter, err := getStatsWASMFilter() - if err != nil { - log.Error().Err(err).Str(errcode.Kind, errcode.ErrGettingWASMFilter.String()). - Msg("Failed to get stats WASM filter") - return connManager - } - - headerFilter, err := getAddHeadersFilter(headers) - if err != nil { - log.Error().Err(err).Str(errcode.Kind, errcode.ErrGettingLuaFilter.String()). - Msg("Could not get Lua filter definition") - return connManager - } - - // wellknown.Router filter must be last - var filters []*xds_hcm.HttpFilter - if statsFilter != nil { - if headerFilter != nil { - filters = append(filters, headerFilter) - } - filters = append(filters, statsFilter) - - // When Envoy responds to an outgoing HTTP request with a local reply, - // destination_* tags for WASM metrics are missing. This configures - // Envoy's local replies to add the same headers that are expected from - // HTTP responses with the "unknown" value hardcoded because we don't - // know the intended destination of the request. - var localReplyHeaders []*envoy_config_core_v3.HeaderValueOption - for k := range headers { - localReplyHeaders = append(localReplyHeaders, &envoy_config_core_v3.HeaderValueOption{ - Header: &envoy_config_core_v3.HeaderValue{ - Key: k, - Value: "unknown", - }, - }) - } - if localReplyHeaders != nil { - connManager.LocalReplyConfig = &xds_hcm.LocalReplyConfig{ - Mappers: []*xds_hcm.ResponseMapper{ - { - Filter: &envoy_config_accesslog_v3.AccessLogFilter{ - FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_NotHealthCheckFilter{}, - }, - HeadersToAdd: localReplyHeaders, - }, - }, - } - } - } - connManager.HttpFilters = append(filters, connManager.HttpFilters...) - } - - return connManager -} - -func getPrometheusConnectionManager() *xds_hcm.HttpConnectionManager { - return &xds_hcm.HttpConnectionManager{ - StatPrefix: prometheusHTTPConnManagerStatPrefix, - CodecType: xds_hcm.HttpConnectionManager_AUTO, - HttpFilters: []*xds_hcm.HttpFilter{{ - Name: wellknown.Router, - }}, - RouteSpecifier: &xds_hcm.HttpConnectionManager_RouteConfig{ - RouteConfig: &xds_route.RouteConfiguration{ - VirtualHosts: []*xds_route.VirtualHost{{ - Name: prometheusInboundVirtualHostName, - Domains: []string{"*"}, // Match all domains - Routes: []*xds_route.Route{{ - Match: &xds_route.RouteMatch{ - PathSpecifier: &xds_route.RouteMatch_Prefix{ - Prefix: constants.PrometheusScrapePath, - }, - }, - Action: &xds_route.Route_Route{ - Route: &xds_route.RouteAction{ - ClusterSpecifier: &xds_route.RouteAction_Cluster{ - Cluster: constants.EnvoyMetricsCluster, - }, - PrefixRewrite: constants.PrometheusScrapePath, - }, - }, - }}, - }}, - }, - }, - AccessLog: envoy.GetAccessLog(), - } -} diff --git a/pkg/envoy/lds/egress_test.go b/pkg/envoy/lds/egress_test.go index 49bc7240b9..2525d9a251 100644 --- a/pkg/envoy/lds/egress_test.go +++ b/pkg/envoy/lds/egress_test.go @@ -55,6 +55,7 @@ func TestGetEgressHTTPFilterChain(t *testing.T) { cfg: mockConfigurator, } mockConfigurator.EXPECT().IsTracingEnabled().Return(false).AnyTimes() + mockConfigurator.EXPECT().GetTracingEndpoint().Return("some-endpoint").AnyTimes() mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ EnableEgressPolicy: true, EnableWASMStats: false}).AnyTimes() @@ -226,6 +227,7 @@ func TestGetEgressFilterChainsForMatches(t *testing.T) { cfg: mockConfigurator, } mockConfigurator.EXPECT().IsTracingEnabled().Return(false).AnyTimes() + mockConfigurator.EXPECT().GetTracingEndpoint().Return("some-endpoint").AnyTimes() mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ EnableEgressPolicy: true, EnableWASMStats: false, diff --git a/pkg/envoy/lds/http_connection.go b/pkg/envoy/lds/http_connection.go new file mode 100644 index 0000000000..41f204b1e3 --- /dev/null +++ b/pkg/envoy/lds/http_connection.go @@ -0,0 +1,135 @@ +package lds + +import ( + "fmt" + + xds_route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + "github.com/envoyproxy/go-control-plane/pkg/wellknown" + "github.com/golang/protobuf/ptypes/wrappers" + "github.com/pkg/errors" + + "github.com/openservicemesh/osm/pkg/auth" + "github.com/openservicemesh/osm/pkg/constants" + "github.com/openservicemesh/osm/pkg/envoy" +) + +// connectionDirection defines, for filter terms, the direction of a connection from +// the proxy's perspective while originating/terminating connections to/from other +// proxies. +type connectionDirection string + +const ( + meshHTTPConnManagerStatPrefix = "mesh-http-conn-manager" + prometheusHTTPConnManagerStatPrefix = "prometheus-http-conn-manager" + prometheusInboundVirtualHostName = "prometheus-inbound-virtual-host" + + // inbound defines in-mesh inbound or ingress traffic driections + inbound connectionDirection = "inbound" + + // outbound defines in-mesh outbound or egress traffic directions + outbound connectionDirection = "outbound" +) + +type httpConnManagerOptions struct { + direction connectionDirection + rdsRoutConfigName string + + // Additional filters + wasmStatsHeaders map[string]string + extAuthConfig *auth.ExtAuthConfig + + // Tracing options + enableTracing bool + tracingAPIEndpoint string +} + +func (options httpConnManagerOptions) build() (*xds_hcm.HttpConnectionManager, error) { + connManager := &xds_hcm.HttpConnectionManager{ + StatPrefix: fmt.Sprintf("%s.%s", meshHTTPConnManagerStatPrefix, options.rdsRoutConfigName), + CodecType: xds_hcm.HttpConnectionManager_AUTO, + HttpFilters: []*xds_hcm.HttpFilter{ + // *IMPORTANT NOTE*: The order of filters specified is important. + // The wellknown.Router filter should be the last filter in the chain. + // 1. HTTP RBAC + { + // HTTP RBAC filter - required to perform HTTP based RBAC on routes + Name: wellknown.HTTPRoleBasedAccessControl, + }, + }, + RouteSpecifier: &xds_hcm.HttpConnectionManager_Rds{ + Rds: &xds_hcm.Rds{ + ConfigSource: envoy.GetADSConfigSource(), + RouteConfigName: options.rdsRoutConfigName, + }, + }, + AccessLog: envoy.GetAccessLog(), + } + + // For inbound connections, add the Authz filter + if options.direction == inbound && options.extAuthConfig != nil { + connManager.HttpFilters = append(connManager.HttpFilters, getExtAuthzHTTPFilter(options.extAuthConfig)) + } + + // Enable tracing if requested + if options.enableTracing { + tracing, err := getHTTPTracingConfig(options.tracingAPIEndpoint) + if err != nil { + return nil, errors.Wrap(err, "Error getting tracing config for HTTP connection manager") + } + + connManager.GenerateRequestId = &wrappers.BoolValue{ + Value: true, + } + connManager.Tracing = tracing + } + + // Configure WASM stats headers if provided + if options.wasmStatsHeaders != nil { + wasmFilters, wasmLocalReplyConfig, err := getWASMStatsConfig(options.wasmStatsHeaders) + if err != nil { + return nil, errors.Wrap(err, "Error getting WASM filters for HTTP connection manager") + } + connManager.HttpFilters = append(connManager.HttpFilters, wasmFilters...) + connManager.LocalReplyConfig = wasmLocalReplyConfig + } + + // *IMPORTANT NOTE*: The Router filter must always be the last filter + connManager.HttpFilters = append(connManager.HttpFilters, &xds_hcm.HttpFilter{Name: wellknown.Router}) + + return connManager, nil +} + +func getPrometheusConnectionManager() *xds_hcm.HttpConnectionManager { + return &xds_hcm.HttpConnectionManager{ + StatPrefix: prometheusHTTPConnManagerStatPrefix, + CodecType: xds_hcm.HttpConnectionManager_AUTO, + HttpFilters: []*xds_hcm.HttpFilter{{ + Name: wellknown.Router, + }}, + RouteSpecifier: &xds_hcm.HttpConnectionManager_RouteConfig{ + RouteConfig: &xds_route.RouteConfiguration{ + VirtualHosts: []*xds_route.VirtualHost{{ + Name: prometheusInboundVirtualHostName, + Domains: []string{"*"}, // Match all domains + Routes: []*xds_route.Route{{ + Match: &xds_route.RouteMatch{ + PathSpecifier: &xds_route.RouteMatch_Prefix{ + Prefix: constants.PrometheusScrapePath, + }, + }, + Action: &xds_route.Route_Route{ + Route: &xds_route.RouteAction{ + ClusterSpecifier: &xds_route.RouteAction_Cluster{ + Cluster: constants.EnvoyMetricsCluster, + }, + PrefixRewrite: constants.PrometheusScrapePath, + }, + }, + }}, + }}, + }, + }, + AccessLog: envoy.GetAccessLog(), + } +} diff --git a/pkg/envoy/lds/http_connection_test.go b/pkg/envoy/lds/http_connection_test.go new file mode 100644 index 0000000000..d1b5e6b8e9 --- /dev/null +++ b/pkg/envoy/lds/http_connection_test.go @@ -0,0 +1,125 @@ +package lds + +import ( + "testing" + "time" + + xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + "github.com/envoyproxy/go-control-plane/pkg/wellknown" + "github.com/stretchr/testify/assert" + + "github.com/openservicemesh/osm/pkg/auth" +) + +func TestHTTPConnbuild(t *testing.T) { + notContains := func(filters []*xds_hcm.HttpFilter, filterName string) bool { + for _, f := range filters { + if f.Name == filterName { + return false + } + } + return true + } + contains := func(filters []*xds_hcm.HttpFilter, filterName string) bool { + return !notContains(filters, filterName) + } + + testCases := []struct { + name string + option httpConnManagerOptions + assertFunc func(*assert.Assertions, *xds_hcm.HttpConnectionManager) + }{ + { + name: "stat prefix", + option: httpConnManagerOptions{ + rdsRoutConfigName: "something", + }, + assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { + a.Equal("mesh-http-conn-manager.something", connManager.StatPrefix) + }, + }, + { + name: "tracing config when tracing is enabled", + option: httpConnManagerOptions{ + enableTracing: true, + tracingAPIEndpoint: "/api/v1/trace", + }, + assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { + a.NotNil(connManager.Tracing) + a.True(connManager.Tracing.Verbose) + a.Equal("envoy.tracers.zipkin", connManager.Tracing.Provider.Name) + }, + }, + { + name: "tracing config when tracing is disabled", + option: httpConnManagerOptions{ + enableTracing: false, + }, + assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { + a.Nil(connManager.Tracing) + }, + }, + { + name: "WASM config when WASM stats headers are unset", + option: httpConnManagerOptions{ + wasmStatsHeaders: nil, + }, + assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { + a.Nil(connManager.LocalReplyConfig) + a.True(notContains(connManager.HttpFilters, wellknown.Lua)) + a.True(notContains(connManager.HttpFilters, "envoy.filters.http.wasm")) + }, + }, + { + name: "WASM config when WASM stats headers are set", + option: httpConnManagerOptions{ + wasmStatsHeaders: map[string]string{"k1": "v1"}, + }, + assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { + a.NotNil(connManager.LocalReplyConfig) + a.Equal("unknown", connManager.GetLocalReplyConfig().GetMappers()[0].HeadersToAdd[0].Header.Value) + a.True(contains(connManager.HttpFilters, wellknown.Lua)) + a.True(contains(connManager.HttpFilters, "envoy.filters.http.wasm")) + }, + }, + { + name: "External auth config when set is enabled for inbound", + option: httpConnManagerOptions{ + direction: inbound, + extAuthConfig: &auth.ExtAuthConfig{ + Enable: true, + Address: "test.xyz", + Port: 123, + StatPrefix: "pref", + AuthzTimeout: 3 * time.Second, + FailureModeAllow: false, + }, + }, + assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { + a.True(contains(connManager.HttpFilters, wellknown.HTTPExternalAuthorization)) + }, + }, + { + name: "External auth config when set is disabled for outbound", + option: httpConnManagerOptions{ + direction: outbound, + extAuthConfig: &auth.ExtAuthConfig{ + Enable: true, + }, + }, + assertFunc: func(a *assert.Assertions, connManager *xds_hcm.HttpConnectionManager) { + a.True(notContains(connManager.HttpFilters, wellknown.HTTPExternalAuthorization)) + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + actual, err := tc.option.build() + a := assert.New(t) + a.Nil(err) + tc.assertFunc(a, actual) + a.Equal(wellknown.Router, actual.HttpFilters[len(actual.HttpFilters)-1].Name) // Router must be last + }) + } +} diff --git a/pkg/envoy/lds/ingress.go b/pkg/envoy/lds/ingress.go index 8326ac82f9..d5b6c83ca7 100644 --- a/pkg/envoy/lds/ingress.go +++ b/pkg/envoy/lds/ingress.go @@ -41,11 +41,28 @@ func (lb *listenerBuilder) newIngressHTTPFilterChain(cfg configurator.Configurat return nil } - ingressConnManager := getHTTPConnectionManager(route.IngressRouteConfigName, cfg, nil, inbound) + // Build the HTTP Connection Manager filter from its options + ingressConnManager, err := httpConnManagerOptions{ + direction: inbound, + rdsRoutConfigName: route.IngressRouteConfigName, + + // Additional filters + wasmStatsHeaders: nil, // no WASM Stats for ingress traffic + extAuthConfig: lb.getExtAuthConfig(), + + // Tracing options + enableTracing: lb.cfg.IsTracingEnabled(), + tracingAPIEndpoint: lb.cfg.GetTracingEndpoint(), + }.build() + if err != nil { + log.Error().Err(err).Msgf("Error building inbound HTTP connection manager for proxy with identity %s and service %s", lb.serviceIdentity, svc) + return nil + } + marshalledIngressConnManager, err := ptypes.MarshalAny(ingressConnManager) if err != nil { log.Error().Err(err).Str(errcode.Kind, errcode.ErrMarshallingXDSResource.String()). - Msgf("Error marshalling ingress HttpConnectionManager object for proxy %s", svc) + Msgf("Error marshalling inbound HTTP connection manager for proxy with identity %s and service %s", lb.serviceIdentity, svc) return nil } diff --git a/pkg/envoy/lds/ingress_test.go b/pkg/envoy/lds/ingress_test.go index 7b27068ab6..58263b94b4 100644 --- a/pkg/envoy/lds/ingress_test.go +++ b/pkg/envoy/lds/ingress_test.go @@ -106,6 +106,7 @@ func TestGetIngressFilterChains(t *testing.T) { mockConfigurator.EXPECT().UseHTTPSIngress().Return(tc.httpsIngress).AnyTimes() // Mock calls used to build the HTTP connection manager mockConfigurator.EXPECT().IsTracingEnabled().Return(false).AnyTimes() + mockConfigurator.EXPECT().GetTracingEndpoint().Return("some-endpoint").AnyTimes() // Expect no External Auth config mockConfigurator.EXPECT().GetInboundExternalAuthConfig().Return(auth.ExtAuthConfig{ Enable: false, diff --git a/pkg/envoy/lds/inmesh.go b/pkg/envoy/lds/inmesh.go index 5f74bba685..d61c413a09 100644 --- a/pkg/envoy/lds/inmesh.go +++ b/pkg/envoy/lds/inmesh.go @@ -84,13 +84,26 @@ func (lb *listenerBuilder) getInboundHTTPFilters(proxyService service.MeshServic filters = append(filters, rbacFilter) } - // Apply the HTTP Connection Manager Filter - inboundConnManager := getHTTPConnectionManager(route.InboundRouteConfigName, lb.cfg, lb.statsHeaders, inbound) + // Build the HTTP Connection Manager filter from its options + inboundConnManager, err := httpConnManagerOptions{ + direction: inbound, + rdsRoutConfigName: route.InboundRouteConfigName, + + // Additional filters + wasmStatsHeaders: lb.getWASMStatsHeaders(), + extAuthConfig: lb.getExtAuthConfig(), + + // Tracing options + enableTracing: lb.cfg.IsTracingEnabled(), + tracingAPIEndpoint: lb.cfg.GetTracingEndpoint(), + }.build() + if err != nil { + return nil, errors.Wrapf(err, "Error building inbound HTTP connection manager for proxy with identity %s and service %s", lb.serviceIdentity, proxyService) + } + marshalledInboundConnManager, err := ptypes.MarshalAny(inboundConnManager) if err != nil { - log.Error().Err(err).Str(errcode.Kind, errcode.ErrMarshallingXDSResource.String()). - Msgf("Error marshalling inbound HttpConnectionManager for proxy service %s", proxyService) - return nil, err + return nil, errors.Wrapf(err, "Error marshalling inbound HTTP connection manager for proxy with identity %s and service %s", lb.serviceIdentity, proxyService) } httpConnectionManagerFilter := &xds_listener.Filter{ Name: wellknown.HTTPConnectionManager, @@ -262,12 +275,26 @@ func (lb *listenerBuilder) getOutboundHTTPFilter(routeConfigName string) (*xds_l var marshalledFilter *any.Any var err error - marshalledFilter, err = ptypes.MarshalAny( - getHTTPConnectionManager(routeConfigName, lb.cfg, lb.statsHeaders, outbound)) + // Build the HTTP connection manager filter from its options + outboundConnManager, err := httpConnManagerOptions{ + direction: outbound, + rdsRoutConfigName: routeConfigName, + + // Additional filters + wasmStatsHeaders: lb.statsHeaders, + extAuthConfig: nil, // Ext auth is not configured for outbound connections + + // Tracing options + enableTracing: lb.cfg.IsTracingEnabled(), + tracingAPIEndpoint: lb.cfg.GetTracingEndpoint(), + }.build() if err != nil { - log.Error().Err(err).Str(errcode.Kind, errcode.ErrMarshallingXDSResource.String()). - Msgf("Error marshalling HTTP connection manager object") - return nil, err + return nil, errors.Wrapf(err, "Error building outbound HTTP connection manager for proxy identity %s", lb.serviceIdentity) + } + + marshalledFilter, err = ptypes.MarshalAny(outboundConnManager) + if err != nil { + return nil, errors.Wrapf(err, "Error marshalling outbound HTTP connection manager for proxy identity %s", lb.serviceIdentity) } return &xds_listener.Filter{ diff --git a/pkg/envoy/lds/inmesh_test.go b/pkg/envoy/lds/inmesh_test.go index 1fb6fcc4d2..be42c38e2b 100644 --- a/pkg/envoy/lds/inmesh_test.go +++ b/pkg/envoy/lds/inmesh_test.go @@ -20,6 +20,7 @@ import ( "github.com/openservicemesh/osm/pkg/configurator" "github.com/openservicemesh/osm/pkg/constants" "github.com/openservicemesh/osm/pkg/endpoint" + "github.com/openservicemesh/osm/pkg/envoy/rds/route" "github.com/openservicemesh/osm/pkg/identity" "github.com/openservicemesh/osm/pkg/service" "github.com/openservicemesh/osm/pkg/tests" @@ -625,3 +626,27 @@ func TestGetOutboundTCPFilter(t *testing.T) { }) } } + +func TestGetOutboundHTTPFilter(t *testing.T) { + assert := tassert.New(t) + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfigurator := configurator.NewMockConfigurator(mockCtrl) + lb := &listenerBuilder{ + cfg: mockConfigurator, + } + + mockConfigurator.EXPECT().IsTracingEnabled() + mockConfigurator.EXPECT().GetTracingEndpoint() + mockConfigurator.EXPECT().GetInboundExternalAuthConfig().Return(auth.ExtAuthConfig{ + Enable: false, + }).AnyTimes() + mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ + EnableWASMStats: false, + }).AnyTimes() + + filter, err := lb.getOutboundHTTPFilter(route.OutboundRouteConfigName) + assert.NoError(err) + assert.Equal(filter.Name, wellknown.HTTPConnectionManager) +} diff --git a/pkg/envoy/lds/listener_test.go b/pkg/envoy/lds/listener_test.go index 1805ef5ccd..597f3d8f97 100644 --- a/pkg/envoy/lds/listener_test.go +++ b/pkg/envoy/lds/listener_test.go @@ -2,11 +2,9 @@ package lds import ( "testing" - "time" xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" xds_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/mock/gomock" @@ -14,53 +12,14 @@ import ( . "github.com/onsi/gomega" tassert "github.com/stretchr/testify/assert" - "github.com/openservicemesh/osm/pkg/apis/config/v1alpha1" - "github.com/openservicemesh/osm/pkg/auth" "github.com/openservicemesh/osm/pkg/configurator" "github.com/openservicemesh/osm/pkg/constants" "github.com/openservicemesh/osm/pkg/envoy" - "github.com/openservicemesh/osm/pkg/envoy/rds/route" "github.com/openservicemesh/osm/pkg/trafficpolicy" ) -var testWASM = []byte("some bytes") - // Tests TestGetFilterForService checks that a proper filter type is properly returned // for given config parameters and service -func TestGetFilterForService(t *testing.T) { - assert := tassert.New(t) - mockCtrl := gomock.NewController(t) - - mockConfigurator := configurator.NewMockConfigurator(mockCtrl) - lb := &listenerBuilder{ - cfg: mockConfigurator, - } - - mockConfigurator.EXPECT().IsPermissiveTrafficPolicyMode().Return(false) - mockConfigurator.EXPECT().IsTracingEnabled().Return(true) - mockConfigurator.EXPECT().GetTracingEndpoint().Return("test-endpoint") - mockConfigurator.EXPECT().GetInboundExternalAuthConfig().Return(auth.ExtAuthConfig{ - Enable: false, - }).AnyTimes() - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: false, - }).AnyTimes() - - // Check we get HTTP connection manager filter without Permissive mode - filter, err := lb.getOutboundHTTPFilter(route.OutboundRouteConfigName) - - assert.NoError(err) - assert.Equal(filter.Name, wellknown.HTTPConnectionManager) - - // Check we get HTTP connection manager filter with Permissive mode - mockConfigurator.EXPECT().IsPermissiveTrafficPolicyMode().Return(true) - mockConfigurator.EXPECT().IsTracingEnabled().Return(true) - mockConfigurator.EXPECT().GetTracingEndpoint().Return("test-endpoint") - - filter, err = lb.getOutboundHTTPFilter(route.OutboundRouteConfigName) - assert.NoError(err) - assert.Equal(filter.Name, wellknown.HTTPConnectionManager) -} var _ = Describe("Construct inbound listeners", func() { var ( @@ -96,170 +55,6 @@ var _ = Describe("Construct inbound listeners", func() { }) }) -var _ = Describe("Test getHTTPConnectionManager", func() { - var ( - mockCtrl *gomock.Controller - mockConfigurator *configurator.MockConfigurator - ) - - Context("Test creation of HTTP connection manager", func() { - - BeforeEach(func() { - mockCtrl = gomock.NewController(GinkgoT()) - mockConfigurator = configurator.NewMockConfigurator(mockCtrl) - }) - - It("Should have the correct StatPrefix", func() { - mockConfigurator.EXPECT().IsTracingEnabled().Return(false).Times(1) - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: false, - }).Times(1) - connManager := getHTTPConnectionManager("foo", mockConfigurator, nil, outbound) - Expect(connManager.StatPrefix).To(Equal("mesh-http-conn-manager.foo")) - - mockConfigurator.EXPECT().IsTracingEnabled().Return(false).Times(1) - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: false, - }).Times(1) - connManager = getHTTPConnectionManager("bar", mockConfigurator, nil, outbound) - Expect(connManager.StatPrefix).To(Equal("mesh-http-conn-manager.bar")) - }) - - It("Returns proper Zipkin config given when tracing is enabled", func() { - mockConfigurator.EXPECT().GetTracingHost().Return(constants.DefaultTracingHost).Times(1) - mockConfigurator.EXPECT().GetTracingPort().Return(constants.DefaultTracingPort).Times(1) - mockConfigurator.EXPECT().GetTracingEndpoint().Return(constants.DefaultTracingEndpoint).Times(1) - mockConfigurator.EXPECT().IsTracingEnabled().Return(true).Times(1) - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: false, - }).Times(1) - - connManager := getHTTPConnectionManager(route.InboundRouteConfigName, mockConfigurator, nil, outbound) - - Expect(connManager.Tracing.Verbose).To(Equal(true)) - Expect(connManager.Tracing.Provider.Name).To(Equal("envoy.tracers.zipkin")) - }) - - It("Returns proper Zipkin config given when tracing is disabled", func() { - mockConfigurator.EXPECT().IsTracingEnabled().Return(false).Times(1) - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: false, - }).Times(1) - - connManager := getHTTPConnectionManager(route.InboundRouteConfigName, mockConfigurator, nil, outbound) - var nilHcmTrace *xds_hcm.HttpConnectionManager_Tracing = nil - - Expect(connManager.Tracing).To(Equal(nilHcmTrace)) - }) - - It("Returns no stats config when WASM is disabled", func() { - mockConfigurator.EXPECT().IsTracingEnabled().AnyTimes() - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: false, - }).Times(1) - - oldStatsWASMBytes := statsWASMBytes - statsWASMBytes = testWASM - - connManager := getHTTPConnectionManager(route.InboundRouteConfigName, mockConfigurator, map[string]string{"k1": "v1"}, outbound) - - Expect(connManager.HttpFilters).To(HaveLen(2)) - Expect(connManager.HttpFilters[0].GetName()).To(Equal(wellknown.HTTPRoleBasedAccessControl)) - Expect(connManager.HttpFilters[1].GetName()).To(Equal(wellknown.Router)) - Expect(connManager.LocalReplyConfig).To(BeNil()) - - // reset global state - statsWASMBytes = oldStatsWASMBytes - }) - - It("Returns no stats config when WASM is disabled and no WASM is defined", func() { - mockConfigurator.EXPECT().IsTracingEnabled().AnyTimes() - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: true, - }).Times(1) - - oldStatsWASMBytes := statsWASMBytes - statsWASMBytes = []byte("") - - connManager := getHTTPConnectionManager(route.InboundRouteConfigName, mockConfigurator, map[string]string{"k1": "v1"}, outbound) - - Expect(connManager.HttpFilters).To(HaveLen(2)) - Expect(connManager.HttpFilters[0].GetName()).To(Equal(wellknown.HTTPRoleBasedAccessControl)) - Expect(connManager.HttpFilters[1].GetName()).To(Equal(wellknown.Router)) - Expect(connManager.LocalReplyConfig).To(BeNil()) - - // reset global state - statsWASMBytes = oldStatsWASMBytes - }) - - It("Returns no Lua headers filter config when there are no headers to add", func() { - mockConfigurator.EXPECT().IsTracingEnabled().AnyTimes() - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: true, - }).Times(1) - - oldStatsWASMBytes := statsWASMBytes - statsWASMBytes = testWASM - - connManager := getHTTPConnectionManager(route.InboundRouteConfigName, mockConfigurator, nil, outbound) - - Expect(connManager.HttpFilters).To(HaveLen(3)) - Expect(connManager.HttpFilters[0].GetName()).To(Equal("envoy.filters.http.wasm")) - Expect(connManager.HttpFilters[1].GetName()).To(Equal(wellknown.HTTPRoleBasedAccessControl)) - Expect(connManager.HttpFilters[2].GetName()).To(Equal(wellknown.Router)) - Expect(connManager.LocalReplyConfig).To(BeNil()) - - // reset global state - statsWASMBytes = oldStatsWASMBytes - }) - - It("Returns proper stats config when WASM is enabled", func() { - mockConfigurator.EXPECT().IsTracingEnabled().AnyTimes() - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: true, - }).Times(1) - - oldStatsWASMBytes := statsWASMBytes - statsWASMBytes = testWASM - - connManager := getHTTPConnectionManager(route.InboundRouteConfigName, mockConfigurator, map[string]string{"k1": "v1"}, outbound) - - Expect(connManager.GetHttpFilters()).To(HaveLen(4)) - Expect(connManager.GetHttpFilters()[0].GetName()).To(Equal(wellknown.Lua)) - Expect(connManager.GetHttpFilters()[1].GetName()).To(Equal("envoy.filters.http.wasm")) - Expect(connManager.GetHttpFilters()[2].GetName()).To(Equal(wellknown.HTTPRoleBasedAccessControl)) - Expect(connManager.GetHttpFilters()[3].GetName()).To(Equal(wellknown.Router)) - - Expect(connManager.GetLocalReplyConfig().GetMappers()[0].HeadersToAdd[0].Header.Value).To(Equal("unknown")) - - // reset global state - statsWASMBytes = oldStatsWASMBytes - }) - - It("Returns inbound external authorization enabled connection manager when enabled by config", func() { - mockConfigurator.EXPECT().IsTracingEnabled().AnyTimes() - mockConfigurator.EXPECT().GetInboundExternalAuthConfig().Return(auth.ExtAuthConfig{ - Enable: true, - Address: "test.xyz", - Port: 123, - StatPrefix: "pref", - AuthzTimeout: 3 * time.Second, - FailureModeAllow: false, - }).Times(1) - mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{ - EnableWASMStats: false, - }).Times(1) - - connManager := getHTTPConnectionManager(route.InboundRouteConfigName, mockConfigurator, nil, inbound) - - Expect(connManager.GetHttpFilters()).To(HaveLen(3)) - Expect(connManager.GetHttpFilters()[0].GetName()).To(Equal(wellknown.HTTPRoleBasedAccessControl)) - Expect(connManager.GetHttpFilters()[1].GetName()).To(Equal(wellknown.HTTPExternalAuthorization)) - Expect(connManager.GetHttpFilters()[2].GetName()).To(Equal(wellknown.Router)) - }) - }) -}) - func TestGetFilterMatchPredicateForPorts(t *testing.T) { testCases := []struct { name string diff --git a/pkg/envoy/lds/response_test.go b/pkg/envoy/lds/response_test.go index 87e921c956..94c76cd481 100644 --- a/pkg/envoy/lds/response_test.go +++ b/pkg/envoy/lds/response_test.go @@ -73,6 +73,7 @@ func TestNewResponse(t *testing.T) { mockConfigurator.EXPECT().IsPermissiveTrafficPolicyMode().Return(false).AnyTimes() mockConfigurator.EXPECT().IsTracingEnabled().Return(false).AnyTimes() + mockConfigurator.EXPECT().GetTracingEndpoint().Return("some-endpoint").AnyTimes() mockConfigurator.EXPECT().IsEgressEnabled().Return(true).AnyTimes() mockConfigurator.EXPECT().GetInboundExternalAuthConfig().Return(auth.ExtAuthConfig{ Enable: false, diff --git a/pkg/envoy/lds/tracing.go b/pkg/envoy/lds/tracing.go index b9e187fe85..01fd15be45 100644 --- a/pkg/envoy/lds/tracing.go +++ b/pkg/envoy/lds/tracing.go @@ -5,16 +5,15 @@ import ( xds_hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" "github.com/golang/protobuf/ptypes" - "github.com/openservicemesh/osm/pkg/configurator" "github.com/openservicemesh/osm/pkg/constants" "github.com/openservicemesh/osm/pkg/errcode" ) -// GetTracingConfig returns a configuration tracing struct for a connection manager to use -func GetTracingConfig(cfg configurator.Configurator) (*xds_hcm.HttpConnectionManager_Tracing, error) { +// getHTTPTracingConfig returns an HTTP configuration tracing config for the HTTP connection manager to use +func getHTTPTracingConfig(apiEndpoint string) (*xds_hcm.HttpConnectionManager_Tracing, error) { zipkinTracingConf := &xds_tracing.ZipkinConfig{ CollectorCluster: constants.EnvoyTracingCluster, - CollectorEndpoint: cfg.GetTracingEndpoint(), + CollectorEndpoint: apiEndpoint, CollectorEndpointVersion: xds_tracing.ZipkinConfig_HTTP_JSON, } diff --git a/pkg/envoy/lds/wasm.go b/pkg/envoy/lds/wasm.go index 631ee20688..71d8728946 100644 --- a/pkg/envoy/lds/wasm.go +++ b/pkg/envoy/lds/wasm.go @@ -5,6 +5,7 @@ import ( "fmt" "strings" + envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" xds_lua "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" xds_wasm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3" @@ -19,6 +20,64 @@ import ( //go:embed stats.wasm var statsWASMBytes []byte +func (lb *listenerBuilder) getWASMStatsHeaders() map[string]string { + if lb.cfg.GetFeatureFlags().EnableWASMStats { + return lb.statsHeaders + } + + return nil +} + +func getWASMStatsConfig(statsHeaders map[string]string) ([]*xds_hcm.HttpFilter, *xds_hcm.LocalReplyConfig, error) { + statsFilter, err := getStatsWASMFilter() + if err != nil { + return nil, nil, errors.Wrap(err, "Error gettings WASM Stats filter") + } + + headerFilter, err := getAddHeadersFilter(statsHeaders) + if err != nil { + return nil, nil, errors.Wrap(err, "Error getting WASM stats Header filter") + } + + var filters []*xds_hcm.HttpFilter + var localReplyConfig *xds_hcm.LocalReplyConfig + if statsFilter != nil { + if headerFilter != nil { + filters = append(filters, headerFilter) + } + filters = append(filters, statsFilter) + + // When Envoy responds to an outgoing HTTP request with a local reply, + // destination_* tags for WASM metrics are missing. This configures + // Envoy's local replies to add the same headers that are expected from + // HTTP responses with the "unknown" value hardcoded because we don't + // know the intended destination of the request. + var localReplyHeaders []*envoy_config_core_v3.HeaderValueOption + for k := range statsHeaders { + localReplyHeaders = append(localReplyHeaders, &envoy_config_core_v3.HeaderValueOption{ + Header: &envoy_config_core_v3.HeaderValue{ + Key: k, + Value: "unknown", + }, + }) + } + if localReplyHeaders != nil { + localReplyConfig = &xds_hcm.LocalReplyConfig{ + Mappers: []*xds_hcm.ResponseMapper{ + { + Filter: &envoy_config_accesslog_v3.AccessLogFilter{ + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_NotHealthCheckFilter{}, + }, + HeadersToAdd: localReplyHeaders, + }, + }, + } + } + } + + return filters, localReplyConfig, nil +} + func getAddHeadersFilter(headers map[string]string) (*xds_hcm.HttpFilter, error) { if len(headers) == 0 { return nil, nil diff --git a/pkg/envoy/lds/wasm_test.go b/pkg/envoy/lds/wasm_test.go new file mode 100644 index 0000000000..573815ebc8 --- /dev/null +++ b/pkg/envoy/lds/wasm_test.go @@ -0,0 +1,53 @@ +package lds + +import ( + "testing" + + "github.com/golang/mock/gomock" + "github.com/stretchr/testify/assert" + + "github.com/openservicemesh/osm/pkg/apis/config/v1alpha1" + + "github.com/openservicemesh/osm/pkg/configurator" +) + +func TestGetWASMStatsHeaders(t *testing.T) { + testCases := []struct { + name string + enabled bool + statsHeaders map[string]string + expected map[string]string + }{ + { + name: "WASM feature is disabled", + enabled: false, + statsHeaders: map[string]string{"k1": "v1"}, + expected: nil, + }, + { + name: "WASM feature is enabled", + enabled: true, + statsHeaders: map[string]string{"k1": "v1"}, + expected: map[string]string{"k1": "v1"}, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + a := assert.New(t) + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfigurator := configurator.NewMockConfigurator(mockCtrl) + lb := &listenerBuilder{ + cfg: mockConfigurator, + statsHeaders: tc.statsHeaders, + } + + mockConfigurator.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{EnableWASMStats: tc.enabled}).Times(1) + + actual := lb.getWASMStatsHeaders() + a.Equal(tc.expected, actual) + }) + } +} diff --git a/pkg/errcode/errcode.go b/pkg/errcode/errcode.go index d70e13dadc..5e9d5d7c70 100644 --- a/pkg/errcode/errcode.go +++ b/pkg/errcode/errcode.go @@ -255,12 +255,6 @@ const ( // ErrBuildingRBACPolicy indicates the XDS RBAC policy could not be created from a given traffic target policy ErrBuildingRBACPolicy - - // ErrGettingLuaFilter indicates the Lua XDS HttpFilter could not be configured - ErrGettingLuaFilter - - // ErrGettingWASMFilter indicates the WASM XDS HttpFilter could not be configured - ErrGettingWASMFilter ) // String returns the error code as a string, ex. E1000 @@ -523,7 +517,7 @@ A XDS resource could not be marshalled. `, ErrParsingXDSCertCN: ` -The XDS certificate common name could not be parsed. The CN should be of the form +The XDS certificate common name could not be parsed. The CN should be of the form ... `, @@ -542,7 +536,7 @@ more than one service XDS will not program the Envoy proxy, leaving it out of th ErrGettingProxyFromPod: ` The Envoy proxy data structure created by ADS to reference an Envoy proxy sidecar from -a pod's osm-proxy-uuid label could not be configured. +a pod's osm-proxy-uuid label could not be configured. `, ErrGRPCConnectionFailed: ` @@ -585,7 +579,7 @@ part of the mesh. `, ErrGRPCStreamClosedByProxy: ` -The gRPC stream is closed by the proxy and no DiscoveryRequests can be received. +The gRPC stream is closed by the proxy and no DiscoveryRequests can be received. The Stream Agreggated Resource server is terminated for the specified proxy `, @@ -606,7 +600,7 @@ The version of the DiscoveryRequest could not be parsed by ADS. ErrGettingOrgDstEgressCluster: ` An Envoy egress cluster which routes traffic to its original destination could not -be configured. When a Host is not specified in the cluster config, the original +be configured. When a Host is not specified in the cluster config, the original destination is used. `, @@ -617,7 +611,7 @@ using DNS could not be configured. ErrObtainingUpstreamServiceCluster: ` An Envoy cluster that corresponds to a specified upstream service could not be -configured. +configured. `, ErrFetchingServiceList: ` @@ -641,15 +635,5 @@ traffic. The XDS filter chain for ingress traffic to the port is not created. ErrBuildingRBACPolicy: ` A XDS RBAC policy could not be generated from the specified traffic target policy. -`, - - // ErrGettingLuaFilter indicates the Lua XDS HttpFilter could not be configured - ErrGettingLuaFilter: ` -The Lua XDS HttpFilter could not be configured. -`, - - // ErrGettingWASMFilter indicates the WASM XDS HttpFilter could not be configured - ErrGettingWASMFilter: ` -The WASM XDS HttpFilter could not be configured. `, }