fix: drop path normalization to MERGE_SLASHES to allow apps to handle encoded slashes

.eslintrc.json

@@ -14,5 +14,13 @@
   "root": true,
   "rules": {
     "@typescript-eslint/no-floating-promises": ["error"]
-  }
+  },
+  "overrides": [
+    {
+      "files": [ "src/pepr/operator/crd/generated/**/*.ts", "src/pepr/operator/crd/generated/*.ts" ],
+      "rules": {
+        "@typescript-eslint/no-explicit-any": "off"
+      }
+    }
+  ]
 }

src/istio/values/values.yaml

@@ -1,7 +1,7 @@
 meshConfig:
   accessLogFile: /dev/stdout
   pathNormalization:
-    normalization: DECODE_AND_MERGE_SLASHES
+    normalization: MERGE_SLASHES
   defaultConfig:
     holdApplicationUntilProxyStarts: true
     gatewayTopology:

src/pepr/operator/controllers/istio/envoy-filter.ts

@@ -0,0 +1,85 @@
+import { K8s, Log } from "pepr";
+
+import { IstioEnvoyFilter, UDSPackage } from "../../crd";
+import { getOwnerRef, sanitizeResourceName } from "../utils";
+
+/**
+ * Creates an EnvoyFilter for the package namespace
+ *
+ * @param pkg
+ * @param namespace
+ */
+export async function envoyFilter(pkg: UDSPackage, namespace: string) {
+  const pkgName = pkg.metadata!.name!;
+  const generation = (pkg.metadata?.generation ?? 0).toString();
+
+  // Get the list of exposed services
+  const retainEncodedSlashes = pkg.spec?.network?.retainEncodedSlashes ?? false;
+
+  // Create an EnvoyFilter if retain encoded slashes is false
+  if (!retainEncodedSlashes) {
+    const name = sanitizeResourceName(`${pkgName}-decode-slashes`);
+
+    const payload: IstioEnvoyFilter.EnvoyFilter = {
+      metadata: {
+        name,
+        namespace,
+        labels: {
+          "uds/package": pkgName,
+          "uds/generation": generation,
+        },
+        // Use the CR as the owner ref for each EnvoyFilter
+        ownerReferences: getOwnerRef(pkg),
+      },
+      spec: {
+        configPatches: [
+          {
+            applyTo: IstioEnvoyFilter.ApplyTo.NetworkFilter,
+            match: {
+              context: IstioEnvoyFilter.Context.Any,
+              listener: {
+                filterChain: {
+                  filter: {
+                    name: "envoy.filters.network.http_connection_manager",
+                  },
+                },
+              },
+            },
+            patch: {
+              operation: IstioEnvoyFilter.Operation.Merge,
+              value: {
+                typed_config: {
+                  "@type":
+                    "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                  path_with_escaped_slashes_action: "UNESCAPE_AND_FORWARD",
+                },
+              },
+            },
+          },
+        ],
+      },
+    };
+
+    Log.debug(payload, `Applying EnvoyFilter ${name}`);
+
+    // Apply the EnvoyFilter and force overwrite any existing policy
+    await K8s(IstioEnvoyFilter.EnvoyFilter).Apply(payload, { force: true });
+  }
+
+  // Get all related EnvoyFilters in the namespace
+  const envoyFilters = await K8s(IstioEnvoyFilter.EnvoyFilter)
+    .InNamespace(namespace)
+    .WithLabel("uds/package", pkgName)
+    .Get();
+
+  // Find any orphaned EnvoyFilters (not matching the current generation)
+  const orphanedEF = envoyFilters.items.filter(
+    vs => vs.metadata?.labels?.["uds/generation"] !== generation,
+  );
+
+  // Delete any orphaned EnvoyFilters
+  for (const vs of orphanedEF) {
+    Log.debug(vs, `Deleting orphaned EnvoyFilter ${vs.metadata!.name}`);
+    await K8s(IstioEnvoyFilter.EnvoyFilter).Delete(vs);
+  }
+}

src/pepr/operator/controllers/istio/injection.ts

@@ -20,9 +20,9 @@ export async function enableInjection(pkg: UDSPackage) {
   const annotations = sourceNS.metadata?.annotations || {};
   const pkgKey = `uds.dev/pkg-${pkg.metadata.name}`;
 
-  // Save the original value of the istio-injection label only if it's not already set
-  if (!annotations[injectionLabel]) {
-    annotations[injectionAnnotation] = labels[injectionLabel] || "non-existent";
+  // If the original namespace injectionLabel did not exist, mark it as non-existent in the annotations
+  if (!labels[injectionLabel]) {
+    annotations[injectionAnnotation] = "non-existent";
   }
 
   // Ensure the namespace is configured

src/pepr/operator/controllers/istio/virtual-service.ts

@@ -1,7 +1,7 @@
 import { K8s, Log } from "pepr";
 
 import { UDSConfig } from "../../../config";
-import { Expose, Gateway, Istio, UDSPackage } from "../../crd";
+import { Expose, Gateway, IstioVirtualService, UDSPackage } from "../../crd";
 import { getOwnerRef, sanitizeResourceName } from "../utils";
 
 /**
@@ -18,7 +18,7 @@ export async function virtualService(pkg: UDSPackage, namespace: string) {
   const exposeList = pkg.spec?.network?.expose ?? [];
 
   // Create a list of generated VirtualServices
-  const payloads: Istio.VirtualService[] = [];
+  const payloads: IstioVirtualService.VirtualService[] = [];
 
   // Iterate over each exposed service
   for (const expose of exposeList) {
@@ -32,10 +32,10 @@ export async function virtualService(pkg: UDSPackage, namespace: string) {
     // Append the domain to the host
     const fqdn = `${host}.${domain}`;
 
-    const http: Istio.HTTP = { ...advancedHTTP };
+    const http: IstioVirtualService.HTTP = { ...advancedHTTP };
 
     // Create the route to the service
-    const route: Istio.HTTPRoute[] = [
+    const route: IstioVirtualService.HTTPRoute[] = [
       {
         destination: {
           // Use the service name as the host
@@ -51,7 +51,7 @@ export async function virtualService(pkg: UDSPackage, namespace: string) {
       http.route = route;
     }
 
-    const payload: Istio.VirtualService = {
+    const payload: IstioVirtualService.VirtualService = {
       metadata: {
         name,
         namespace,
@@ -85,13 +85,13 @@ export async function virtualService(pkg: UDSPackage, namespace: string) {
     Log.debug(payload, `Applying VirtualService ${name}`);
 
     // Apply the VirtualService and force overwrite any existing policy
-    await K8s(Istio.VirtualService).Apply(payload, { force: true });
+    await K8s(IstioVirtualService.VirtualService).Apply(payload, { force: true });
 
     payloads.push(payload);
   }
 
   // Get all related VirtualServices in the namespace
-  const virtualServices = await K8s(Istio.VirtualService)
+  const virtualServices = await K8s(IstioVirtualService.VirtualService)
     .InNamespace(namespace)
     .WithLabel("uds/package", pkgName)
     .Get();
@@ -104,7 +104,7 @@ export async function virtualService(pkg: UDSPackage, namespace: string) {
   // Delete any orphaned VirtualServices
   for (const vs of orphanedVS) {
     Log.debug(vs, `Deleting orphaned VirtualService ${vs.metadata!.name}`);
-    await K8s(Istio.VirtualService).Delete(vs);
+    await K8s(IstioVirtualService.VirtualService).Delete(vs);
   }
 
   // Return the list of unique hostnames