Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

546 lines
20 KiB

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package xdsv2
import (
"fmt"
"strings"
envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
"google.golang.org/protobuf/types/known/wrapperspb"
"github.com/hashicorp/consul/agent/xds/response"
"github.com/hashicorp/consul/envoyextensions/xdscommon"
"github.com/hashicorp/consul/proto-public/pbmesh/v2beta1/pbproxystate"
envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
)
func (pr *ProxyResources) makeEnvoyRoute(name string) (*envoy_route_v3.RouteConfiguration, error) {
var route *envoy_route_v3.RouteConfiguration
// TODO(proxystate): This will make routes in the future. This function should distinguish between static routes
// inlined into listeners and non-static routes that should be added as top level Envoy resources.
_, ok := pr.proxyState.Routes[name]
if !ok {
// This should not happen with a valid proxy state.
return nil, fmt.Errorf("could not find route in ProxyState: %s", name)
}
return route, nil
}
// makeEnvoyRouteConfigFromProxystateRoute converts the proxystate representation of a Route into Envoy proto message
// form. We don't throw any errors here, since the proxystate has already been validated.
func (pr *ProxyResources) makeEnvoyRouteConfigFromProxystateRoute(name string, psRoute *pbproxystate.Route) *envoy_route_v3.RouteConfiguration {
envoyRouteConfig := &envoy_route_v3.RouteConfiguration{
Name: name,
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
for _, vh := range psRoute.GetVirtualHosts() {
envoyRouteConfig.VirtualHosts = append(envoyRouteConfig.VirtualHosts, pr.makeEnvoyVHFromProxystateVH(vh))
}
return envoyRouteConfig
}
func (pr *ProxyResources) makeEnvoyVHFromProxystateVH(psVirtualHost *pbproxystate.VirtualHost) *envoy_route_v3.VirtualHost {
envoyVirtualHost := &envoy_route_v3.VirtualHost{
Name: psVirtualHost.Name,
Domains: psVirtualHost.GetDomains(),
}
for _, rr := range psVirtualHost.GetRouteRules() {
envoyVirtualHost.Routes = append(envoyVirtualHost.Routes, pr.makeEnvoyRouteFromProxystateRouteRule(rr))
}
for _, hm := range psVirtualHost.GetHeaderMutations() {
injectEnvoyVirtualHostWithProxystateHeaderMutation(envoyVirtualHost, hm)
}
return envoyVirtualHost
}
func (pr *ProxyResources) makeEnvoyRouteFromProxystateRouteRule(psRouteRule *pbproxystate.RouteRule) *envoy_route_v3.Route {
envoyRouteRule := &envoy_route_v3.Route{
Match: makeEnvoyRouteMatchFromProxystateRouteMatch(psRouteRule.GetMatch()),
Action: pr.makeEnvoyRouteActionFromProxystateRouteDestination(psRouteRule.GetDestination()),
}
for _, hm := range psRouteRule.GetHeaderMutations() {
injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule, hm)
}
return envoyRouteRule
}
func makeEnvoyRouteMatchFromProxystateRouteMatch(psRouteMatch *pbproxystate.RouteMatch) *envoy_route_v3.RouteMatch {
envoyRouteMatch := &envoy_route_v3.RouteMatch{}
switch psRouteMatch.PathMatch.GetPathMatch().(type) {
case *pbproxystate.PathMatch_Exact:
envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_Path{
Path: psRouteMatch.PathMatch.GetExact(),
}
case *pbproxystate.PathMatch_Prefix:
envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_Prefix{
Prefix: psRouteMatch.PathMatch.GetPrefix(),
}
case *pbproxystate.PathMatch_Regex:
envoyRouteMatch.PathSpecifier = &envoy_route_v3.RouteMatch_SafeRegex{
SafeRegex: makeEnvoyRegexMatch(psRouteMatch.PathMatch.GetRegex()),
}
default:
// This shouldn't be possible considering the types of PathMatch
return nil
}
if len(psRouteMatch.GetHeaderMatches()) > 0 {
envoyRouteMatch.Headers = make([]*envoy_route_v3.HeaderMatcher, 0, len(psRouteMatch.GetHeaderMatches()))
}
for _, psHM := range psRouteMatch.GetHeaderMatches() {
envoyRouteMatch.Headers = append(envoyRouteMatch.Headers, makeEnvoyHeaderMatcherFromProxystateHeaderMatch(psHM))
}
if len(psRouteMatch.MethodMatches) > 0 {
methodHeaderRegex := strings.Join(psRouteMatch.MethodMatches, "|")
eh := &envoy_route_v3.HeaderMatcher{
Name: ":method",
HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{
StringMatch: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
SafeRegex: response.MakeEnvoyRegexMatch(methodHeaderRegex),
},
},
},
}
envoyRouteMatch.Headers = append(envoyRouteMatch.Headers, eh)
}
if len(psRouteMatch.GetQueryParameterMatches()) > 0 {
envoyRouteMatch.QueryParameters = make([]*envoy_route_v3.QueryParameterMatcher, 0, len(psRouteMatch.GetQueryParameterMatches()))
}
for _, psQM := range psRouteMatch.GetQueryParameterMatches() {
envoyRouteMatch.QueryParameters = append(envoyRouteMatch.QueryParameters, makeEnvoyQueryParamFromProxystateQueryMatch(psQM))
}
return envoyRouteMatch
}
func makeEnvoyRegexMatch(pattern string) *envoy_matcher_v3.RegexMatcher {
return &envoy_matcher_v3.RegexMatcher{
Regex: pattern,
}
}
func makeEnvoyHeaderMatcherFromProxystateHeaderMatch(psMatch *pbproxystate.HeaderMatch) *envoy_route_v3.HeaderMatcher {
envoyHeaderMatcher := &envoy_route_v3.HeaderMatcher{
Name: psMatch.Name,
}
switch psMatch.Match.(type) {
case *pbproxystate.HeaderMatch_Exact:
envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{
StringMatch: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
Exact: psMatch.GetExact(),
},
IgnoreCase: false,
},
}
case *pbproxystate.HeaderMatch_Regex:
envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{
StringMatch: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
SafeRegex: response.MakeEnvoyRegexMatch(psMatch.GetRegex()),
},
IgnoreCase: false,
},
}
case *pbproxystate.HeaderMatch_Prefix:
envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{
StringMatch: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_Prefix{
Prefix: psMatch.GetPrefix(),
},
IgnoreCase: false,
},
}
case *pbproxystate.HeaderMatch_Suffix:
envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{
StringMatch: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_Suffix{
Suffix: psMatch.GetSuffix(),
},
IgnoreCase: false,
},
}
case *pbproxystate.HeaderMatch_Present:
envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{
PresentMatch: true,
}
default:
// This shouldn't be possible considering the types of HeaderMatch
return nil
}
if psMatch.GetInvertMatch() {
envoyHeaderMatcher.InvertMatch = true
}
return envoyHeaderMatcher
}
func makeEnvoyQueryParamFromProxystateQueryMatch(psMatch *pbproxystate.QueryParameterMatch) *envoy_route_v3.QueryParameterMatcher {
envoyQueryParamMatcher := &envoy_route_v3.QueryParameterMatcher{
Name: psMatch.Name,
}
switch psMatch.Match.(type) {
case *pbproxystate.QueryParameterMatch_Exact:
envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
StringMatch: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
Exact: psMatch.GetExact(),
},
},
}
case *pbproxystate.QueryParameterMatch_Regex:
envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{
StringMatch: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{
SafeRegex: makeEnvoyRegexMatch(psMatch.GetRegex()),
},
},
}
case *pbproxystate.QueryParameterMatch_Present:
envoyQueryParamMatcher.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_PresentMatch{
PresentMatch: true,
}
default:
// This shouldn't be possible considering the types of QueryMatch
return nil
}
return envoyQueryParamMatcher
}
func (pr *ProxyResources) addEnvoyClustersAndEndpointsToEnvoyResources(clusterName string) {
clusters, endpoints, _ := pr.makeClustersAndEndpoints(clusterName)
for name, cluster := range clusters {
pr.envoyResources[xdscommon.ClusterType][name] = cluster
}
for name, ep := range endpoints {
pr.envoyResources[xdscommon.EndpointType][name] = ep
}
}
// TODO (dans): Will this always be envoy_route_v3.Route_Route?
// Definitely for connect proxies this is the only option.
func (pr *ProxyResources) makeEnvoyRouteActionFromProxystateRouteDestination(psRouteDestination *pbproxystate.RouteDestination) *envoy_route_v3.Route_Route {
envoyRouteRoute := &envoy_route_v3.Route_Route{
Route: &envoy_route_v3.RouteAction{},
}
switch psRouteDestination.Destination.(type) {
case *pbproxystate.RouteDestination_Cluster:
psCluster := psRouteDestination.GetCluster()
envoyRouteRoute.Route.ClusterSpecifier = &envoy_route_v3.RouteAction_Cluster{
Cluster: psCluster.GetName(),
}
pr.addEnvoyClustersAndEndpointsToEnvoyResources(psCluster.Name)
case *pbproxystate.RouteDestination_WeightedClusters:
psWeightedClusters := psRouteDestination.GetWeightedClusters()
envoyClusters := make([]*envoy_route_v3.WeightedCluster_ClusterWeight, 0, len(psWeightedClusters.GetClusters()))
for _, psCluster := range psWeightedClusters.GetClusters() {
pr.addEnvoyClustersAndEndpointsToEnvoyResources(psCluster.Name)
envoyClusters = append(envoyClusters, makeEnvoyClusterWeightFromProxystateWeightedCluster(psCluster))
}
envoyRouteRoute.Route.ClusterSpecifier = &envoy_route_v3.RouteAction_WeightedClusters{
WeightedClusters: &envoy_route_v3.WeightedCluster{
Clusters: envoyClusters,
},
}
default:
// This shouldn't be possible considering the types of Destination
return nil
}
injectEnvoyRouteActionWithProxystateDestinationConfig(envoyRouteRoute.Route, psRouteDestination.GetDestinationConfiguration())
if psRouteDestination.GetDestinationConfiguration() != nil {
config := psRouteDestination.GetDestinationConfiguration()
action := envoyRouteRoute.Route
action.PrefixRewrite = config.GetPrefixRewrite()
if config.GetTimeoutConfig().GetTimeout() != nil {
action.Timeout = config.GetTimeoutConfig().GetTimeout()
}
if config.GetTimeoutConfig().GetTimeout() != nil {
action.Timeout = config.GetTimeoutConfig().GetTimeout()
}
if config.GetTimeoutConfig().GetIdleTimeout() != nil {
action.IdleTimeout = config.GetTimeoutConfig().GetIdleTimeout()
}
if config.GetRetryPolicy() != nil {
action.RetryPolicy = makeEnvoyRetryPolicyFromProxystateRetryPolicy(config.GetRetryPolicy())
}
}
return envoyRouteRoute
}
func makeEnvoyClusterWeightFromProxystateWeightedCluster(cluster *pbproxystate.L7WeightedDestinationCluster) *envoy_route_v3.WeightedCluster_ClusterWeight {
envoyClusterWeight := makeEnvoyClusterWeightFromNameAndWeight(cluster.GetName(), cluster.GetWeight())
for _, hm := range cluster.GetHeaderMutations() {
injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight, hm)
}
return envoyClusterWeight
}
func makeEnvoyClusterWeightFromNameAndWeight(name string, weight *wrapperspb.UInt32Value) *envoy_route_v3.WeightedCluster_ClusterWeight {
envoyClusterWeight := &envoy_route_v3.WeightedCluster_ClusterWeight{
Name: name,
Weight: weight,
}
return envoyClusterWeight
}
func getXDSAppendActionFromProxyStateAppendAction(action pbproxystate.AppendAction) envoy_core_v3.HeaderValueOption_HeaderAppendAction {
if action == pbproxystate.AppendAction_APPEND_ACTION_OVERWRITE_IF_EXISTS_OR_ADD {
return envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD
} else if action == pbproxystate.AppendAction_APPEND_ACTION_ADD_IF_ABSENT {
return envoy_core_v3.HeaderValueOption_ADD_IF_ABSENT
}
// XDS default
return envoy_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD
}
func injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight *envoy_route_v3.WeightedCluster_ClusterWeight, mutation *pbproxystate.HeaderMutation) {
mutation.GetAction()
switch mutation.GetAction().(type) {
case *pbproxystate.HeaderMutation_RequestHeaderAdd:
action := mutation.GetRequestHeaderAdd()
header := action.GetHeader()
hvo := &envoy_core_v3.HeaderValueOption{
Header: &envoy_core_v3.HeaderValue{
Key: header.GetKey(),
Value: header.GetValue(),
},
AppendAction: getXDSAppendActionFromProxyStateAppendAction(action.GetAppendAction()),
}
envoyClusterWeight.RequestHeadersToAdd = append(envoyClusterWeight.RequestHeadersToAdd, hvo)
case *pbproxystate.HeaderMutation_RequestHeaderRemove:
action := mutation.GetRequestHeaderRemove()
envoyClusterWeight.RequestHeadersToRemove = append(envoyClusterWeight.RequestHeadersToRemove, action.GetHeaderKeys()...)
case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
action := mutation.GetResponseHeaderAdd()
header := action.GetHeader()
hvo := &envoy_core_v3.HeaderValueOption{
Header: &envoy_core_v3.HeaderValue{
Key: header.GetKey(),
Value: header.GetValue(),
},
AppendAction: getXDSAppendActionFromProxyStateAppendAction(action.GetAppendAction()),
}
envoyClusterWeight.ResponseHeadersToAdd = append(envoyClusterWeight.ResponseHeadersToAdd, hvo)
case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
action := mutation.GetResponseHeaderRemove()
envoyClusterWeight.ResponseHeadersToRemove = append(envoyClusterWeight.ResponseHeadersToRemove, action.GetHeaderKeys()...)
default:
// This shouldn't be possible considering the types of Destination
return
}
}
func injectEnvoyRouteActionWithProxystateDestinationConfig(envoyAction *envoy_route_v3.RouteAction, config *pbproxystate.DestinationConfiguration) {
if config == nil {
return
}
if len(config.GetHashPolicies()) > 0 {
envoyAction.HashPolicy = make([]*envoy_route_v3.RouteAction_HashPolicy, 0, len(config.GetHashPolicies()))
}
for _, policy := range config.GetHashPolicies() {
envoyPolicy := makeEnvoyHashPolicyFromProxystateLBHashPolicy(policy)
envoyAction.HashPolicy = append(envoyAction.HashPolicy, envoyPolicy)
}
if config.AutoHostRewrite != nil {
envoyAction.HostRewriteSpecifier = &envoy_route_v3.RouteAction_AutoHostRewrite{
AutoHostRewrite: config.AutoHostRewrite,
}
}
}
func makeEnvoyHashPolicyFromProxystateLBHashPolicy(psPolicy *pbproxystate.LoadBalancerHashPolicy) *envoy_route_v3.RouteAction_HashPolicy {
switch psPolicy.GetPolicy().(type) {
case *pbproxystate.LoadBalancerHashPolicy_ConnectionProperties:
return &envoy_route_v3.RouteAction_HashPolicy{
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{
ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{
SourceIp: true, // always true
},
},
Terminal: psPolicy.GetConnectionProperties().GetTerminal(),
}
case *pbproxystate.LoadBalancerHashPolicy_Header:
return &envoy_route_v3.RouteAction_HashPolicy{
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{
Header: &envoy_route_v3.RouteAction_HashPolicy_Header{
HeaderName: psPolicy.GetHeader().GetName(),
},
},
Terminal: psPolicy.GetHeader().GetTerminal(),
}
case *pbproxystate.LoadBalancerHashPolicy_Cookie:
cookie := &envoy_route_v3.RouteAction_HashPolicy_Cookie{
Name: psPolicy.GetCookie().GetName(),
Path: psPolicy.GetCookie().GetPath(),
Ttl: psPolicy.GetCookie().GetTtl(),
}
return &envoy_route_v3.RouteAction_HashPolicy{
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{
Cookie: cookie,
},
Terminal: psPolicy.GetCookie().GetTerminal(),
}
case *pbproxystate.LoadBalancerHashPolicy_QueryParameter:
return &envoy_route_v3.RouteAction_HashPolicy{
PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{
QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{
Name: psPolicy.GetQueryParameter().GetName(),
},
},
Terminal: psPolicy.GetQueryParameter().GetTerminal(),
}
}
// This shouldn't be possible considering the types of LoadBalancerPolicy
return nil
}
func makeEnvoyRetryPolicyFromProxystateRetryPolicy(psRetryPolicy *pbproxystate.RetryPolicy) *envoy_route_v3.RetryPolicy {
return &envoy_route_v3.RetryPolicy{
NumRetries: psRetryPolicy.GetNumRetries(),
RetriableStatusCodes: psRetryPolicy.GetRetriableStatusCodes(),
RetryOn: psRetryPolicy.GetRetryOn(),
}
}
func injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule *envoy_route_v3.Route, mutation *pbproxystate.HeaderMutation) {
mutation.GetAction()
switch mutation.GetAction().(type) {
case *pbproxystate.HeaderMutation_RequestHeaderAdd:
action := mutation.GetRequestHeaderAdd()
header := action.GetHeader()
hvo := &envoy_core_v3.HeaderValueOption{
Header: &envoy_core_v3.HeaderValue{
Key: header.GetKey(),
Value: header.GetValue(),
},
AppendAction: getXDSAppendActionFromProxyStateAppendAction(action.GetAppendAction()),
}
envoyRouteRule.RequestHeadersToAdd = append(envoyRouteRule.RequestHeadersToAdd, hvo)
case *pbproxystate.HeaderMutation_RequestHeaderRemove:
action := mutation.GetRequestHeaderRemove()
envoyRouteRule.RequestHeadersToRemove = append(envoyRouteRule.RequestHeadersToRemove, action.GetHeaderKeys()...)
case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
action := mutation.GetResponseHeaderAdd()
header := action.GetHeader()
hvo := &envoy_core_v3.HeaderValueOption{
Header: &envoy_core_v3.HeaderValue{
Key: header.GetKey(),
Value: header.GetValue(),
},
AppendAction: getXDSAppendActionFromProxyStateAppendAction(action.GetAppendAction()),
}
envoyRouteRule.ResponseHeadersToAdd = append(envoyRouteRule.ResponseHeadersToAdd, hvo)
case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
action := mutation.GetResponseHeaderRemove()
envoyRouteRule.ResponseHeadersToRemove = append(envoyRouteRule.ResponseHeadersToRemove, action.GetHeaderKeys()...)
default:
// This shouldn't be possible considering the types of Destination
return
}
}
func injectEnvoyVirtualHostWithProxystateHeaderMutation(envoyVirtualHost *envoy_route_v3.VirtualHost, mutation *pbproxystate.HeaderMutation) {
mutation.GetAction()
switch mutation.GetAction().(type) {
case *pbproxystate.HeaderMutation_RequestHeaderAdd:
action := mutation.GetRequestHeaderAdd()
header := action.GetHeader()
hvo := &envoy_core_v3.HeaderValueOption{
Header: &envoy_core_v3.HeaderValue{
Key: header.GetKey(),
Value: header.GetValue(),
},
AppendAction: getXDSAppendActionFromProxyStateAppendAction(action.GetAppendAction()),
}
envoyVirtualHost.RequestHeadersToAdd = append(envoyVirtualHost.RequestHeadersToAdd, hvo)
case *pbproxystate.HeaderMutation_RequestHeaderRemove:
action := mutation.GetRequestHeaderRemove()
envoyVirtualHost.RequestHeadersToRemove = append(envoyVirtualHost.RequestHeadersToRemove, action.GetHeaderKeys()...)
case *pbproxystate.HeaderMutation_ResponseHeaderAdd:
action := mutation.GetResponseHeaderAdd()
header := action.GetHeader()
hvo := &envoy_core_v3.HeaderValueOption{
Header: &envoy_core_v3.HeaderValue{
Key: header.GetKey(),
Value: header.GetValue(),
},
AppendAction: getXDSAppendActionFromProxyStateAppendAction(action.GetAppendAction()),
}
envoyVirtualHost.ResponseHeadersToAdd = append(envoyVirtualHost.ResponseHeadersToAdd, hvo)
case *pbproxystate.HeaderMutation_ResponseHeaderRemove:
action := mutation.GetResponseHeaderRemove()
envoyVirtualHost.ResponseHeadersToRemove = append(envoyVirtualHost.ResponseHeadersToRemove, action.GetHeaderKeys()...)
default:
// This shouldn't be possible considering the types of Destination
return
}
}