Skip to content

Commit

Permalink
address comments
Browse files Browse the repository at this point in the history
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
  • Loading branch information
zhaohuabing committed Apr 16, 2024
1 parent e8291a0 commit d68ee22
Showing 4 changed files with 102 additions and 21 deletions.
42 changes: 32 additions & 10 deletions api/v1alpha1/envoyproxy_types.go
Original file line number Diff line number Diff line change
@@ -118,6 +118,8 @@ type EnvoyProxySpec struct {
}

// FilterPosition defines the position of an Envoy HTTP filter in the filter chain.
// +kubebuilder:validation:XValidation:rule="has(self.before) && (has(self.after)", message="only one of before or after can be set"
// +kubebuilder:validation:XValidation:rule="!has(self.before) && !has(self.after)", message="one of before or after must be set"
type FilterPosition struct {
// Name of the filter.
Name EnvoyFilter `json:"filter"`
@@ -136,17 +138,37 @@ type FilterPosition struct {
type EnvoyFilter string

const (
EnvoyFilterFault EnvoyFilter = "envoy.filters.http.fault"
EnvoyFilterCORS EnvoyFilter = "envoy.filters.http.cors"
EnvoyFilterExtAuthz EnvoyFilter = "envoy.filters.http.ext_authz"
EnvoyFilterBasicAuthn EnvoyFilter = "envoy.filters.http.basic_authn"
EnvoyFilterOAuth2 EnvoyFilter = "envoy.filters.http.oauth2"
EnvoyFilterJWTAuthn EnvoyFilter = "envoy.filters.http.jwt_authn"
EnvoyFilterExtProc EnvoyFilter = "envoy.filters.http.ext_proc"
EnvoyFilterWasm EnvoyFilter = "envoy.filters.http.wasm"
// EnvoyFilterFault defines the Envoy HTTP fault filter.
EnvoyFilterFault EnvoyFilter = "envoy.filters.http.fault"
// EnvoyFilterCORS defines the Envoy HTTP CORS filter.
EnvoyFilterCORS EnvoyFilter = "envoy.filters.http.cors"

// EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.
EnvoyFilterExtAuthz EnvoyFilter = "envoy.filters.http.ext_authz"

// EnvoyFilterBasicAuthn defines the Envoy HTTP basic authentication filter.
EnvoyFilterBasicAuthn EnvoyFilter = "envoy.filters.http.basic_authn"

// EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.
EnvoyFilterOAuth2 EnvoyFilter = "envoy.filters.http.oauth2"

// EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.
EnvoyFilterJWTAuthn EnvoyFilter = "envoy.filters.http.jwt_authn"

// EnvoyFilterExtProc defines the Envoy HTTP external process filter.
EnvoyFilterExtProc EnvoyFilter = "envoy.filters.http.ext_proc"

// EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.
EnvoyFilterWasm EnvoyFilter = "envoy.filters.http.wasm"

// EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.
EnvoyFilterLocalRateLimit EnvoyFilter = "envoy.filters.http.local_ratelimit"
EnvoyFilterRateLimit EnvoyFilter = "envoy.filters.http.ratelimit"
EnvoyFilterRouter EnvoyFilter = "envoy.filters.http.router"

// EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
EnvoyFilterRateLimit EnvoyFilter = "envoy.filters.http.ratelimit"

// EnvoyFilterRouter defines the Envoy HTTP router filter.
EnvoyFilterRouter EnvoyFilter = "envoy.filters.http.router"
)

type ProxyTelemetry struct {
Original file line number Diff line number Diff line change
@@ -176,6 +176,11 @@ spec:
required:
- filter
type: object
x-kubernetes-validations:
- message: only one of before or after can be set
rule: has(self.before) && (has(self.after)
- message: one of before or after must be set
rule: '!has(self.before) && !has(self.after)'
type: array
logging:
default:
22 changes: 11 additions & 11 deletions site/content/en/latest/api/extension_types.md
Original file line number Diff line number Diff line change
@@ -658,17 +658,17 @@ _Appears in:_

| Value | Description |
| ----- | ----------- |
| `envoy.filters.http.fault` | |
| `envoy.filters.http.cors` | |
| `envoy.filters.http.ext_authz` | |
| `envoy.filters.http.basic_authn` | |
| `envoy.filters.http.oauth2` | |
| `envoy.filters.http.jwt_authn` | |
| `envoy.filters.http.ext_proc` | |
| `envoy.filters.http.wasm` | |
| `envoy.filters.http.local_ratelimit` | |
| `envoy.filters.http.ratelimit` | |
| `envoy.filters.http.router` | |
| `envoy.filters.http.fault` | EnvoyFilterFault defines the Envoy HTTP fault filter.<br /> |
| `envoy.filters.http.cors` | EnvoyFilterCORS defines the Envoy HTTP CORS filter.<br /> |
| `envoy.filters.http.ext_authz` | EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.<br /> |
| `envoy.filters.http.basic_authn` | EnvoyFilterBasicAuthn defines the Envoy HTTP basic authentication filter.<br /> |
| `envoy.filters.http.oauth2` | EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.<br /> |
| `envoy.filters.http.jwt_authn` | EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.<br /> |
| `envoy.filters.http.ext_proc` | EnvoyFilterExtProc defines the Envoy HTTP external process filter.<br /> |
| `envoy.filters.http.wasm` | EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.<br /> |
| `envoy.filters.http.local_ratelimit` | EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.<br /> |
| `envoy.filters.http.ratelimit` | EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.<br /> |
| `envoy.filters.http.router` | EnvoyFilterRouter defines the Envoy HTTP router filter.<br /> |


#### EnvoyGateway
54 changes: 54 additions & 0 deletions test/cel-validation/envoyproxy_test.go
Original file line number Diff line number Diff line change
@@ -1219,6 +1219,60 @@ func TestEnvoyProxyProvider(t *testing.T) {
}
},
},
{
desc: "ProxyFilterOrder-with-before-and-after",
mutate: func(envoy *egv1a1.EnvoyProxy) {
envoy.Spec = egv1a1.EnvoyProxySpec{
FilterOrder: []egv1a1.FilterPosition{
{
Name: egv1a1.EnvoyFilterRateLimit,
Before: ptr.To(egv1a1.EnvoyFilterCORS),
After: ptr.To(egv1a1.EnvoyFilterBasicAuthn),
},
},
}
},
wantErrors: []string{"only one of before or after can be set"},
},
{
desc: "ProxyFilterOrder-without-before-or-after",
mutate: func(envoy *egv1a1.EnvoyProxy) {
envoy.Spec = egv1a1.EnvoyProxySpec{
FilterOrder: []egv1a1.FilterPosition{
{
Name: egv1a1.EnvoyFilterRateLimit,
},
},
}
},
wantErrors: []string{"one of before or after must be set"},
},
{
desc: "ProxyFilterOrder-with-before",
mutate: func(envoy *egv1a1.EnvoyProxy) {
envoy.Spec = egv1a1.EnvoyProxySpec{
FilterOrder: []egv1a1.FilterPosition{
{
Name: egv1a1.EnvoyFilterRateLimit,
Before: ptr.To(egv1a1.EnvoyFilterCORS),
},
},
}
},
},
{
desc: "ProxyFilterOrder-with-after",
mutate: func(envoy *egv1a1.EnvoyProxy) {
envoy.Spec = egv1a1.EnvoyProxySpec{
FilterOrder: []egv1a1.FilterPosition{
{
Name: egv1a1.EnvoyFilterRateLimit,
After: ptr.To(egv1a1.EnvoyFilterBasicAuthn),
},
},
}
},
},
}

for _, tc := range cases {

0 comments on commit d68ee22

Please sign in to comment.