From 737219a65f59a726f8a8003fe64152952a71b0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Fri, 18 Sep 2020 20:34:00 +0200 Subject: [PATCH 01/15] ratelimit: add filter metadata to ratelimit actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Modifies ratelimit filter to be able to use information from the route's filter metadata as one of its actions Signed-off-by: András Czigány --- .../config/route/v3/route_components.proto | 25 ++- .../route/v4alpha/route_components.proto | 28 ++- docs/root/version_history/current.rst | 1 + .../config/route/v3/route_components.proto | 25 ++- .../route/v4alpha/route_components.proto | 28 ++- source/common/router/router_ratelimit.cc | 26 +++ source/common/router/router_ratelimit.h | 19 ++ test/common/router/router_ratelimit_test.cc | 181 ++++++++++++++++++ 8 files changed, 325 insertions(+), 8 deletions(-) diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index bd040ee31a7c..953dd10a0a65 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -1495,7 +1495,7 @@ message VirtualCluster { message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit"; - // [#next-free-field: 8] + // [#next-free-field: 9] message Action { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit.Action"; @@ -1617,7 +1617,7 @@ message RateLimit { // // .. code-block:: cpp // - // ("", "") + // ("", "") message DynamicMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -1631,6 +1631,24 @@ message RateLimit { string default_value = 3; } + // The following descriptor entry is appended when the filter metadata contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + message FilterMetaData { + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the filter metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if *metadata_key* is empty. If not set and + // no value is present under the metadata_key then no descriptor is generated. + string default_value = 3; + } + oneof action_specifier { option (validate.required) = true; @@ -1654,6 +1672,9 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; + + // Rate limit on filter metadata. + FilterMetaData filter_metadata = 8; } } diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index cdb615626b03..32ef516ed7c5 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -1476,7 +1476,7 @@ message VirtualCluster { message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit"; - // [#next-free-field: 8] + // [#next-free-field: 9] message Action { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action"; @@ -1598,7 +1598,7 @@ message RateLimit { // // .. code-block:: cpp // - // ("", "") + // ("", "") message DynamicMetaData { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action.DynamicMetaData"; @@ -1615,6 +1615,27 @@ message RateLimit { string default_value = 3; } + // The following descriptor entry is appended when the filter metadata contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + message FilterMetaData { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.FilterMetaData"; + + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the filter metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if *metadata_key* is empty. If not set and + // no value is present under the metadata_key then no descriptor is generated. + string default_value = 3; + } + oneof action_specifier { option (validate.required) = true; @@ -1638,6 +1659,9 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; + + // Rate limit on filter metadata. + FilterMetaData filter_metadata = 8; } } diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 561004e3e552..2ba51af198f3 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -106,6 +106,7 @@ New Features * ratelimit: added :ref:`enable_x_ratelimit_headers ` option to enable `X-RateLimit-*` headers as defined in `draft RFC `_. * ratelimit: added :ref:`per route config ` for rate limit filter. * ratelimit: added support for optional :ref:`descriptor_key ` to Generic Key action. +* ratelimit: added support for optional :ref:`descriptor_key ` to Filter Metadata action. * rbac filter: added the name of the matched policy to the response code detail when a request is rejected by the RBAC filter. * rbac filter: added a log action to the :ref:`RBAC filter ` which sets dynamic metadata to inform access loggers whether to log. * redis: added fault injection support :ref:`fault injection for redis proxy `, described further in :ref:`configuration documentation `. diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index 0bfbe2420eb3..e7a9e71f898b 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -1507,7 +1507,7 @@ message VirtualCluster { message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit"; - // [#next-free-field: 8] + // [#next-free-field: 9] message Action { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit.Action"; @@ -1629,7 +1629,7 @@ message RateLimit { // // .. code-block:: cpp // - // ("", "") + // ("", "") message DynamicMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -1643,6 +1643,24 @@ message RateLimit { string default_value = 3; } + // The following descriptor entry is appended when the filter metadata contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + message FilterMetaData { + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the filter metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if *metadata_key* is empty. If not set and + // no value is present under the metadata_key then no descriptor is generated. + string default_value = 3; + } + oneof action_specifier { option (validate.required) = true; @@ -1666,6 +1684,9 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; + + // Rate limit on filter metadata. + FilterMetaData filter_metadata = 8; } } diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index 4cedc09f7220..e39f5058a50f 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -1511,7 +1511,7 @@ message VirtualCluster { message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit"; - // [#next-free-field: 8] + // [#next-free-field: 9] message Action { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action"; @@ -1633,7 +1633,7 @@ message RateLimit { // // .. code-block:: cpp // - // ("", "") + // ("", "") message DynamicMetaData { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action.DynamicMetaData"; @@ -1650,6 +1650,27 @@ message RateLimit { string default_value = 3; } + // The following descriptor entry is appended when the filter metadata contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + message FilterMetaData { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.FilterMetaData"; + + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the filter metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if *metadata_key* is empty. If not set and + // no value is present under the metadata_key then no descriptor is generated. + string default_value = 3; + } + oneof action_specifier { option (validate.required) = true; @@ -1673,6 +1694,9 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; + + // Rate limit on filter metadata. + FilterMetaData filter_metadata = 8; } } diff --git a/source/common/router/router_ratelimit.cc b/source/common/router/router_ratelimit.cc index 615b34412e85..e607fa393d7b 100644 --- a/source/common/router/router_ratelimit.cc +++ b/source/common/router/router_ratelimit.cc @@ -124,6 +124,29 @@ bool DynamicMetaDataAction::populateDescriptor( return false; } +FilterMetaDataAction::FilterMetaDataAction( + const envoy::config::route::v3::RateLimit::Action::FilterMetaData& action) + : metadata_key_(action.metadata_key()), descriptor_key_(action.descriptor_key()), + default_value_(action.default_value()) {} + +bool FilterMetaDataAction::populateDescriptor( + const Router::RouteEntry& route, RateLimit::Descriptor& descriptor, const std::string&, + const Http::HeaderMap&, const Network::Address::Instance&, + const envoy::config::core::v3::Metadata*) const { + const ProtobufWkt::Value& metadata_value = + Envoy::Config::Metadata::metadataValue(&route.metadata(), metadata_key_); + + if (!metadata_value.string_value().empty()) { + descriptor.entries_.push_back({descriptor_key_, metadata_value.string_value()}); + return true; + } else if (metadata_value.string_value().empty() && !default_value_.empty()) { + descriptor.entries_.push_back({descriptor_key_, default_value_}); + return true; + } + + return false; +} + HeaderValueMatchAction::HeaderValueMatchAction( const envoy::config::route::v3::RateLimit::Action::HeaderValueMatch& action) : descriptor_value_(action.descriptor_value()), @@ -167,6 +190,9 @@ RateLimitPolicyEntryImpl::RateLimitPolicyEntryImpl( case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kDynamicMetadata: actions_.emplace_back(new DynamicMetaDataAction(action.dynamic_metadata())); break; + case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kFilterMetadata: + actions_.emplace_back(new FilterMetaDataAction(action.filter_metadata())); + break; case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kHeaderValueMatch: actions_.emplace_back(new HeaderValueMatchAction(action.header_value_match())); break; diff --git a/source/common/router/router_ratelimit.h b/source/common/router/router_ratelimit.h index 9ea90a5d46b0..5d7821c1afea 100644 --- a/source/common/router/router_ratelimit.h +++ b/source/common/router/router_ratelimit.h @@ -131,6 +131,25 @@ class DynamicMetaDataAction : public RateLimitAction { const std::string default_value_; }; + +/** + * Action for filter metadata rate limiting. + */ +class FilterMetaDataAction : public RateLimitAction { +public: + FilterMetaDataAction(const envoy::config::route::v3::RateLimit::Action::FilterMetaData& action); + // Router::RateLimitAction + bool populateDescriptor(const Router::RouteEntry& route, RateLimit::Descriptor& descriptor, + const std::string& local_service_cluster, const Http::HeaderMap& headers, + const Network::Address::Instance& remote_address, + const envoy::config::core::v3::Metadata* dynamic_metadata) const override; + +private: + const Envoy::Config::MetadataKey metadata_key_; + const std::string descriptor_key_; + const std::string default_value_; +}; + /** * Action for header value match rate limiting. */ diff --git a/test/common/router/router_ratelimit_test.cc b/test/common/router/router_ratelimit_test.cc index 7d5fba68835f..39b1f9cf5943 100644 --- a/test/common/router/router_ratelimit_test.cc +++ b/test/common/router/router_ratelimit_test.cc @@ -668,6 +668,187 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringMatch) { EXPECT_TRUE(descriptors_.empty()); } +TEST_F(RateLimitPolicyEntryTest, FilterMetaDataMatch) { + const std::string yaml = R"EOF( +actions: +- filter_metadata: + descriptor_key: fake_key + default_value: fake_value + metadata_key: + key: 'envoy.xxx' + path: + - key: test + - key: prop + )EOF"; + + setupTest(yaml); + + std::string metadata_yaml = R"EOF( +filter_metadata: + envoy.xxx: + test: + prop: foo + )EOF"; + + TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + + rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, + dynamic_metadata_); + + EXPECT_THAT(std::vector({{{{"fake_key", "foo"}}}}), + testing::ContainerEq(descriptors_)); +} + +// Tests that the default_value is used in the descriptor when the metadata_key is empty. +TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNoMatchWithDefaultValue) { + const std::string yaml = R"EOF( +actions: +- filter_metadata: + descriptor_key: fake_key + default_value: fake_value + metadata_key: + key: 'envoy.xxx' + path: + - key: test + - key: prop + )EOF"; + + setupTest(yaml); + + std::string metadata_yaml = R"EOF( +filter_metadata: + envoy.xxx: + another_key: + prop: foo + )EOF"; + + TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + + rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, + dynamic_metadata_); + + EXPECT_THAT(std::vector({{{{"fake_key", "fake_value"}}}}), + testing::ContainerEq(descriptors_)); +} + +TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNoMatch) { + const std::string yaml = R"EOF( +actions: +- filter_metadata: + descriptor_key: fake_key + metadata_key: + key: 'envoy.xxx' + path: + - key: test + - key: prop + )EOF"; + + setupTest(yaml); + + std::string metadata_yaml = R"EOF( +filter_metadata: + envoy.xxx: + another_key: + prop: foo + )EOF"; + + TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + + rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, + dynamic_metadata_); + + EXPECT_TRUE(descriptors_.empty()); +} + +TEST_F(RateLimitPolicyEntryTest, FilterMetaDataEmptyValue) { + const std::string yaml = R"EOF( +actions: +- filter_metadata: + descriptor_key: fake_key + metadata_key: + key: 'envoy.xxx' + path: + - key: test + - key: prop + )EOF"; + + setupTest(yaml); + + std::string metadata_yaml = R"EOF( +filter_metadata: + envoy.xxx: + test: + prop: "" + )EOF"; + + TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + + rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, + dynamic_metadata_); + + EXPECT_TRUE(descriptors_.empty()); +} +// Tests that no descriptor is generated when both the metadata_key and default_value are empty. +TEST_F(RateLimitPolicyEntryTest, FilterMetaDataAndDefaultValueEmpty) { + const std::string yaml = R"EOF( +actions: +- filter_metadata: + descriptor_key: fake_key + default_value: "" + metadata_key: + key: 'envoy.xxx' + path: + - key: test + - key: prop + )EOF"; + + setupTest(yaml); + + std::string metadata_yaml = R"EOF( +filter_metadata: + envoy.xxx: + another_key: + prop: "" + )EOF"; + + TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + + rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, + dynamic_metadata_); + + EXPECT_TRUE(descriptors_.empty()); +} + +TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNonStringMatch) { + const std::string yaml = R"EOF( +actions: +- filter_metadata: + descriptor_key: fake_key + metadata_key: + key: 'envoy.xxx' + path: + - key: test + - key: prop + )EOF"; + + setupTest(yaml); + + std::string metadata_yaml = R"EOF( +filter_metadata: + envoy.xxx: + test: + prop: + foo: bar + )EOF"; + + TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + + rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, + dynamic_metadata_); + + EXPECT_TRUE(descriptors_.empty()); +} + TEST_F(RateLimitPolicyEntryTest, HeaderValueMatch) { const std::string yaml = R"EOF( actions: From 95da873f580c9f5a53a144cfbef59948cab93924 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Fri, 25 Sep 2020 22:11:18 +0200 Subject: [PATCH 02/15] fixup! ratelimit: add filter metadata to ratelimit actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- source/common/router/router_ratelimit.cc | 9 +++++---- source/common/router/router_ratelimit.h | 1 - 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source/common/router/router_ratelimit.cc b/source/common/router/router_ratelimit.cc index e607fa393d7b..51914b2e00d9 100644 --- a/source/common/router/router_ratelimit.cc +++ b/source/common/router/router_ratelimit.cc @@ -129,10 +129,11 @@ FilterMetaDataAction::FilterMetaDataAction( : metadata_key_(action.metadata_key()), descriptor_key_(action.descriptor_key()), default_value_(action.default_value()) {} -bool FilterMetaDataAction::populateDescriptor( - const Router::RouteEntry& route, RateLimit::Descriptor& descriptor, const std::string&, - const Http::HeaderMap&, const Network::Address::Instance&, - const envoy::config::core::v3::Metadata*) const { +bool FilterMetaDataAction::populateDescriptor(const Router::RouteEntry& route, + RateLimit::Descriptor& descriptor, const std::string&, + const Http::HeaderMap&, + const Network::Address::Instance&, + const envoy::config::core::v3::Metadata*) const { const ProtobufWkt::Value& metadata_value = Envoy::Config::Metadata::metadataValue(&route.metadata(), metadata_key_); diff --git a/source/common/router/router_ratelimit.h b/source/common/router/router_ratelimit.h index 5d7821c1afea..e87d092c8d54 100644 --- a/source/common/router/router_ratelimit.h +++ b/source/common/router/router_ratelimit.h @@ -131,7 +131,6 @@ class DynamicMetaDataAction : public RateLimitAction { const std::string default_value_; }; - /** * Action for filter metadata rate limiting. */ From 3c90d406ad9ae87fb08c153257260de59c89305c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Mon, 28 Sep 2020 09:59:39 +0200 Subject: [PATCH 03/15] rename filter_metadata to route_entry_metadata MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- .../config/route/v3/route_components.proto | 10 ++++---- .../route/v4alpha/route_components.proto | 12 +++++----- docs/root/version_history/current.rst | 2 +- .../config/route/v3/route_components.proto | 10 ++++---- .../route/v4alpha/route_components.proto | 12 +++++----- source/common/router/router_ratelimit.cc | 18 +++++++------- source/common/router/router_ratelimit.h | 5 ++-- test/common/router/router_ratelimit_test.cc | 24 +++++++++---------- 8 files changed, 47 insertions(+), 46 deletions(-) diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index 953dd10a0a65..22fec0796c4a 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -1631,12 +1631,12 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the filter metadata contains a key value: + // The following descriptor entry is appended when the route entry metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message FilterMetaData { + // ("", "") + message RouteEntryMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -1673,8 +1673,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on filter metadata. - FilterMetaData filter_metadata = 8; + // Rate limit on route entry metadata. + RouteEntryMetaData route_entry_metadata = 8; } } diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index 32ef516ed7c5..8e7ac4dd8003 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -1615,14 +1615,14 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the filter metadata contains a key value: + // The following descriptor entry is appended when the route entry metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message FilterMetaData { + // ("", "") + message RouteEntryMetaData { option (udpa.annotations.versioning).previous_message_type = - "envoy.config.route.v3.RateLimit.Action.FilterMetaData"; + "envoy.config.route.v3.RateLimit.Action.RouteEntryMetaData"; // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -1660,8 +1660,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on filter metadata. - FilterMetaData filter_metadata = 8; + // Rate limit on route entry metadata. + RouteEntryMetaData route_entry_metadata = 8; } } diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 2ba51af198f3..403e39ebfa3b 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -106,7 +106,7 @@ New Features * ratelimit: added :ref:`enable_x_ratelimit_headers ` option to enable `X-RateLimit-*` headers as defined in `draft RFC `_. * ratelimit: added :ref:`per route config ` for rate limit filter. * ratelimit: added support for optional :ref:`descriptor_key ` to Generic Key action. -* ratelimit: added support for optional :ref:`descriptor_key ` to Filter Metadata action. +* ratelimit: added support for optional :ref:`descriptor_key ` to Route Entry Metadata action. * rbac filter: added the name of the matched policy to the response code detail when a request is rejected by the RBAC filter. * rbac filter: added a log action to the :ref:`RBAC filter ` which sets dynamic metadata to inform access loggers whether to log. * redis: added fault injection support :ref:`fault injection for redis proxy `, described further in :ref:`configuration documentation `. diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index e7a9e71f898b..5ad14d262bb1 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -1643,12 +1643,12 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the filter metadata contains a key value: + // The following descriptor entry is appended when the route entry metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message FilterMetaData { + // ("", "") + message RouteEntryMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -1685,8 +1685,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on filter metadata. - FilterMetaData filter_metadata = 8; + // Rate limit on route entry metadata. + RouteEntryMetaData route_entry_metadata = 8; } } diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index e39f5058a50f..08253c874011 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -1650,14 +1650,14 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the filter metadata contains a key value: + // The following descriptor entry is appended when the route entry metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message FilterMetaData { + // ("", "") + message RouteEntryMetaData { option (udpa.annotations.versioning).previous_message_type = - "envoy.config.route.v3.RateLimit.Action.FilterMetaData"; + "envoy.config.route.v3.RateLimit.Action.RouteEntryMetaData"; // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -1695,8 +1695,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on filter metadata. - FilterMetaData filter_metadata = 8; + // Rate limit on route entry metadata. + RouteEntryMetaData route_entry_metadata = 8; } } diff --git a/source/common/router/router_ratelimit.cc b/source/common/router/router_ratelimit.cc index 51914b2e00d9..ab2a1a094126 100644 --- a/source/common/router/router_ratelimit.cc +++ b/source/common/router/router_ratelimit.cc @@ -124,16 +124,16 @@ bool DynamicMetaDataAction::populateDescriptor( return false; } -FilterMetaDataAction::FilterMetaDataAction( - const envoy::config::route::v3::RateLimit::Action::FilterMetaData& action) +RouteEntryMetaDataAction::RouteEntryMetaDataAction( + const envoy::config::route::v3::RateLimit::Action::RouteEntryMetaData& action) : metadata_key_(action.metadata_key()), descriptor_key_(action.descriptor_key()), default_value_(action.default_value()) {} -bool FilterMetaDataAction::populateDescriptor(const Router::RouteEntry& route, - RateLimit::Descriptor& descriptor, const std::string&, - const Http::HeaderMap&, - const Network::Address::Instance&, - const envoy::config::core::v3::Metadata*) const { +bool RouteEntryMetaDataAction::populateDescriptor(const Router::RouteEntry& route, + RateLimit::Descriptor& descriptor, + const std::string&, const Http::HeaderMap&, + const Network::Address::Instance&, + const envoy::config::core::v3::Metadata*) const { const ProtobufWkt::Value& metadata_value = Envoy::Config::Metadata::metadataValue(&route.metadata(), metadata_key_); @@ -191,8 +191,8 @@ RateLimitPolicyEntryImpl::RateLimitPolicyEntryImpl( case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kDynamicMetadata: actions_.emplace_back(new DynamicMetaDataAction(action.dynamic_metadata())); break; - case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kFilterMetadata: - actions_.emplace_back(new FilterMetaDataAction(action.filter_metadata())); + case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kRouteEntryMetadata: + actions_.emplace_back(new RouteEntryMetaDataAction(action.route_entry_metadata())); break; case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kHeaderValueMatch: actions_.emplace_back(new HeaderValueMatchAction(action.header_value_match())); diff --git a/source/common/router/router_ratelimit.h b/source/common/router/router_ratelimit.h index e87d092c8d54..a28a71c3260c 100644 --- a/source/common/router/router_ratelimit.h +++ b/source/common/router/router_ratelimit.h @@ -134,9 +134,10 @@ class DynamicMetaDataAction : public RateLimitAction { /** * Action for filter metadata rate limiting. */ -class FilterMetaDataAction : public RateLimitAction { +class RouteEntryMetaDataAction : public RateLimitAction { public: - FilterMetaDataAction(const envoy::config::route::v3::RateLimit::Action::FilterMetaData& action); + RouteEntryMetaDataAction( + const envoy::config::route::v3::RateLimit::Action::RouteEntryMetaData& action); // Router::RateLimitAction bool populateDescriptor(const Router::RouteEntry& route, RateLimit::Descriptor& descriptor, const std::string& local_service_cluster, const Http::HeaderMap& headers, diff --git a/test/common/router/router_ratelimit_test.cc b/test/common/router/router_ratelimit_test.cc index 39b1f9cf5943..f57b798ed080 100644 --- a/test/common/router/router_ratelimit_test.cc +++ b/test/common/router/router_ratelimit_test.cc @@ -668,10 +668,10 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringMatch) { EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, FilterMetaDataMatch) { +TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataMatch) { const std::string yaml = R"EOF( actions: -- filter_metadata: +- route_entry_metadata: descriptor_key: fake_key default_value: fake_value metadata_key: @@ -700,10 +700,10 @@ TEST_F(RateLimitPolicyEntryTest, FilterMetaDataMatch) { } // Tests that the default_value is used in the descriptor when the metadata_key is empty. -TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNoMatchWithDefaultValue) { +TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNoMatchWithDefaultValue) { const std::string yaml = R"EOF( actions: -- filter_metadata: +- route_entry_metadata: descriptor_key: fake_key default_value: fake_value metadata_key: @@ -731,10 +731,10 @@ TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNoMatchWithDefaultValue) { testing::ContainerEq(descriptors_)); } -TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNoMatch) { +TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNoMatch) { const std::string yaml = R"EOF( actions: -- filter_metadata: +- route_entry_metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' @@ -760,10 +760,10 @@ TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNoMatch) { EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, FilterMetaDataEmptyValue) { +TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataEmptyValue) { const std::string yaml = R"EOF( actions: -- filter_metadata: +- route_entry_metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' @@ -789,10 +789,10 @@ TEST_F(RateLimitPolicyEntryTest, FilterMetaDataEmptyValue) { EXPECT_TRUE(descriptors_.empty()); } // Tests that no descriptor is generated when both the metadata_key and default_value are empty. -TEST_F(RateLimitPolicyEntryTest, FilterMetaDataAndDefaultValueEmpty) { +TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataAndDefaultValueEmpty) { const std::string yaml = R"EOF( actions: -- filter_metadata: +- route_entry_metadata: descriptor_key: fake_key default_value: "" metadata_key: @@ -819,10 +819,10 @@ TEST_F(RateLimitPolicyEntryTest, FilterMetaDataAndDefaultValueEmpty) { EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, FilterMetaDataNonStringMatch) { +TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNonStringMatch) { const std::string yaml = R"EOF( actions: -- filter_metadata: +- route_entry_metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' From 2550c95d0b5f0b5010717522488c9b223d7d1376 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Mon, 28 Sep 2020 11:09:52 +0200 Subject: [PATCH 04/15] route_components.proto: min_bytes -> min_len MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- api/envoy/config/route/v3/route_components.proto | 2 +- api/envoy/config/route/v4alpha/route_components.proto | 2 +- .../envoy/config/route/v3/route_components.proto | 2 +- .../envoy/config/route/v4alpha/route_components.proto | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index 336c9e1e51aa..c483f89cddb4 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -1636,7 +1636,7 @@ message RateLimit { // ("", "") message RouteEntryMetaData { // The key to use in the descriptor entry. - string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will // only happen if the value in the filter metadata is of type string. diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index a1133583df1b..3fa688b07f3a 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -1623,7 +1623,7 @@ message RateLimit { "envoy.config.route.v3.RateLimit.Action.RouteEntryMetaData"; // The key to use in the descriptor entry. - string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will // only happen if the value in the filter metadata is of type string. diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index 9085d82b8de9..201bd80c432c 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -1648,7 +1648,7 @@ message RateLimit { // ("", "") message RouteEntryMetaData { // The key to use in the descriptor entry. - string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will // only happen if the value in the filter metadata is of type string. diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index 0b62a04bf20c..3b425876fb2c 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -1658,7 +1658,7 @@ message RateLimit { "envoy.config.route.v3.RateLimit.Action.RouteEntryMetaData"; // The key to use in the descriptor entry. - string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}]; + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will // only happen if the value in the filter metadata is of type string. From 5f8ddb9d25cc6bfac79cc7e257daf7b6a7048ba9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Wed, 30 Sep 2020 09:58:07 +0200 Subject: [PATCH 05/15] fixup! rename filter_metadata to route_entry_metadata MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- api/envoy/config/route/v3/route_components.proto | 2 +- api/envoy/config/route/v4alpha/route_components.proto | 2 +- .../envoy/config/route/v3/route_components.proto | 2 +- .../envoy/config/route/v4alpha/route_components.proto | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index c483f89cddb4..07260a4401e3 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -1639,7 +1639,7 @@ message RateLimit { string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the filter metadata is of type string. + // only happen if the value in the route entry metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index 3fa688b07f3a..cc79a068207d 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -1626,7 +1626,7 @@ message RateLimit { string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the filter metadata is of type string. + // only happen if the value in the route entry metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index 201bd80c432c..7f9656e4ca17 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -1651,7 +1651,7 @@ message RateLimit { string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the filter metadata is of type string. + // only happen if the value in the route entry metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index 3b425876fb2c..500f9bceaf76 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -1661,7 +1661,7 @@ message RateLimit { string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the filter metadata is of type string. + // only happen if the value in the route entry metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and From 87d6b06439a2ff1e6d285d25d397f78307aa83c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Thu, 8 Oct 2020 12:07:18 +0200 Subject: [PATCH 06/15] router_ratelimit_test: fix test names MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- test/common/router/router_ratelimit_test.cc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/test/common/router/router_ratelimit_test.cc b/test/common/router/router_ratelimit_test.cc index f57b798ed080..f9d3ca548394 100644 --- a/test/common/router/router_ratelimit_test.cc +++ b/test/common/router/router_ratelimit_test.cc @@ -637,7 +637,7 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataAndDefaultValueEmpty) { EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringMatch) { +TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringNoMatch) { const std::string yaml = R"EOF( actions: - dynamic_metadata: @@ -668,7 +668,7 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringMatch) { EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataMatch) { +TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataMatch) { const std::string yaml = R"EOF( actions: - route_entry_metadata: @@ -700,7 +700,7 @@ TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataMatch) { } // Tests that the default_value is used in the descriptor when the metadata_key is empty. -TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNoMatchWithDefaultValue) { +TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNoMatchWithDefaultValue) { const std::string yaml = R"EOF( actions: - route_entry_metadata: @@ -731,7 +731,7 @@ TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNoMatchWithDefaultValue) { testing::ContainerEq(descriptors_)); } -TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNoMatch) { +TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNoMatch) { const std::string yaml = R"EOF( actions: - route_entry_metadata: @@ -760,7 +760,7 @@ TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNoMatch) { EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataEmptyValue) { +TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataEmptyValue) { const std::string yaml = R"EOF( actions: - route_entry_metadata: @@ -789,7 +789,7 @@ TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataEmptyValue) { EXPECT_TRUE(descriptors_.empty()); } // Tests that no descriptor is generated when both the metadata_key and default_value are empty. -TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataAndDefaultValueEmpty) { +TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataAndDefaultValueEmpty) { const std::string yaml = R"EOF( actions: - route_entry_metadata: @@ -819,7 +819,7 @@ TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataAndDefaultValueEmpty) { EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, RouteEnryMetaDataNonStringMatch) { +TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNonStringNoMatch) { const std::string yaml = R"EOF( actions: - route_entry_metadata: From 07e96d76ed3ba3ab7aede032a26a82d9d6791d3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Thu, 8 Oct 2020 12:32:02 +0200 Subject: [PATCH 07/15] route_components.proto: link to metadata docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- api/envoy/config/route/v3/route_components.proto | 6 ++++-- api/envoy/config/route/v4alpha/route_components.proto | 6 ++++-- .../envoy/config/route/v3/route_components.proto | 6 ++++-- .../envoy/config/route/v4alpha/route_components.proto | 6 ++++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index 07260a4401e3..37d5f1844f29 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -1611,7 +1611,8 @@ message RateLimit { repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; } - // The following descriptor entry is appended when the dynamic metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`dynamic metadata ` contains a key value: // // .. code-block:: cpp // @@ -1629,7 +1630,8 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the route entry metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`route entry metadata ` contains a key value: // // .. code-block:: cpp // diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index cc79a068207d..2ad198ff7fa7 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -1592,7 +1592,8 @@ message RateLimit { repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; } - // The following descriptor entry is appended when the dynamic metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`dynamic metadata ` contains a key value: // // .. code-block:: cpp // @@ -1613,7 +1614,8 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the route entry metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`route entry metadata ` contains a key value: // // .. code-block:: cpp // diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index 7f9656e4ca17..39602c23b90f 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -1623,7 +1623,8 @@ message RateLimit { repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; } - // The following descriptor entry is appended when the dynamic metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`dynamic metadata ` contains a key value: // // .. code-block:: cpp // @@ -1641,7 +1642,8 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the route entry metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`route entry metadata ` contains a key value: // // .. code-block:: cpp // diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index 500f9bceaf76..15da33696ad7 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -1627,7 +1627,8 @@ message RateLimit { repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; } - // The following descriptor entry is appended when the dynamic metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`dynamic metadata ` contains a key value: // // .. code-block:: cpp // @@ -1648,7 +1649,8 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the route entry metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`route entry metadata ` contains a key value: // // .. code-block:: cpp // From cebfd1992cb48f1120a9e54d1c0855611729fa88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Fri, 9 Oct 2020 11:50:07 +0200 Subject: [PATCH 08/15] current.rst: fix after 1.16.0 release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- docs/root/version_history/current.rst | 72 +-------------------------- 1 file changed, 1 insertion(+), 71 deletions(-) diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 9a90b61ebc60..c11432a1eb80 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -19,78 +19,8 @@ Removed Config or Runtime New Features ------------ -* access log: added a :ref:`dynamic metadata filter` for access logs, which filters whether to log based on matching dynamic metadata. -* access log: added support for :ref:`%DOWNSTREAM_PEER_FINGERPRINT_1% ` as a response flag. -* access log: added support for nested objects in :ref:`JSON logging mode `. -* access log: added :ref:`omit_empty_values` option to omit unset value from formatted log. -* admin: added :ref:`node ` information to GET /server_info :ref:`response object `. -* admin: added the ability to dump init manager unready targets information :ref:`/init_dump ` and :ref:`/init_dump?mask={} `. -* build: enable building envoy :ref:`arm64 images ` by buildx tool in x86 CI platform. -* cluster: added new :ref:`connection_pool_per_downstream_connection ` flag, which enable creation of a new connection pool for each downstream connection. -* decompressor filter: reports compressed and uncompressed bytes in trailers. -* dns_filter: added support for answering :ref:`service record` queries. -* dynamic_forward_proxy: added :ref:`use_tcp_for_dns_lookups` option to use TCP for DNS lookups in order to match the DNS options for :ref:`Clusters`. -* ext_authz filter: added support for emitting dynamic metadata for both :ref:`HTTP ` and :ref:`network ` filters. - The emitted dynamic metadata is set by :ref:`dynamic metadata ` field in a returned :ref:`CheckResponse `. -* ext_authz filter: added support for letting the authorization server instruct Envoy to remove headers from the original request by setting the new field :ref:`headers_to_remove ` before forwarding it to the upstream. -* ext_authz filter: added support for sending :ref:`raw bytes as request body ` of a gRPC check request by setting :ref:`pack_as_bytes ` to true. -* grpc-json: support specifying `response_body` field in for `google.api.HttpBody` message. -* hds: added :ref:`cluster_endpoints_health ` to HDS responses, keeping endpoints in the same groupings as they were configured in the HDS specifier by cluster and locality instead of as a flat list. -* hds: added :ref:`transport_socket_matches ` to HDS cluster health check specifier, so the existing match filter :ref:`transport_socket_match_criteria ` in the repeated field :ref:`health_checks ` has context to match against. This unblocks support for health checks over HTTPS and HTTP/2. -* hot restart: added :option:`--socket-path` and :option:`--socket-mode` to configure UDS path in the filesystem and set permission to it. -* http: added HTTP/2 support for :ref:`connection keepalive ` via PING. -* http: added support for :ref:`%DOWNSTREAM_PEER_FINGERPRINT_1% ` as custom header. -* http: added :ref:`allow_chunked_length ` configuration option for HTTP/1 codec to allow processing requests/responses with both Content-Length and Transfer-Encoding: chunked headers. If such message is served and option is enabled - per RFC Content-Length is ignored and removed. -* http: added :ref:`CDN Loop filter ` and :ref:`documentation `. -* http: introduced new HTTP/1 and HTTP/2 codec implementations that will remove the use of exceptions for control flow due to high risk factors and instead use error statuses. The old behavior is used by default, but the new codecs can be enabled for testing by setting the runtime feature `envoy.reloadable_features.new_codec_behavior` to true. The new codecs will be in development for one month, and then enabled by default while the old codecs are deprecated. -* load balancer: added :ref:`RingHashLbConfig` to configure the table size of Maglev consistent hash. -* load balancer: added a :ref:`configuration` option to specify the active request bias used by the least request load balancer. -* load balancer: added an :ref:`option ` to optimize subset load balancing when there is only one host per subset. -* load balancer: added support for bounded load per host for consistent hash load balancers via :ref:`hash_balance_factor `. -* local_reply config: added :ref:`content_type` field to set content-type. -* lua: added Lua APIs to access :ref:`SSL connection info ` object. -* lua: added Lua API for :ref:`base64 escaping a string `. -* lua: added Lua API for :ref:`setting the current buffer content `. -* lua: added new :ref:`source_code ` field to support the dispatching of inline Lua code in per route configuration of Lua filter. -* overload management: add :ref:`scaling ` trigger for OverloadManager actions. -* postgres network filter: :ref:`metadata ` is produced based on SQL query. -* ratelimit: added :ref:`enable_x_ratelimit_headers ` option to enable `X-RateLimit-*` headers as defined in `draft RFC `_. -* ratelimit: added :ref:`per route config ` for rate limit filter. -* ratelimit: added support for optional :ref:`descriptor_key ` to Generic Key action. -* ratelimit: added support for optional :ref:`descriptor_key ` to Route Entry Metadata action. -* rbac filter: added the name of the matched policy to the response code detail when a request is rejected by the RBAC filter. -* rbac filter: added a log action to the :ref:`RBAC filter ` which sets dynamic metadata to inform access loggers whether to log. -* redis: added fault injection support :ref:`fault injection for redis proxy `, described further in :ref:`configuration documentation `. -* router: added a new :ref:`rate limited retry back off ` strategy that uses headers like `Retry-After` or `X-RateLimit-Reset` to decide the back off interval. -* router: added new - :ref:`envoy-ratelimited` - retry policy, which allows retrying envoy's own rate limited responses. -* router: added new :ref:`host_rewrite_path_regex ` - option, which allows rewriting Host header based on path. -* router: added support for DYNAMIC_METADATA :ref:`header formatter `. -* router_check_tool: added support for `request_header_matches`, `response_header_matches` to :ref:`router check tool `. -* signal: added support for calling fatal error handlers without envoy's signal handler, via FatalErrorHandler::callFatalErrorHandlers(). -* stats: added optional histograms to :ref:`cluster stats ` - that track headers and body sizes of requests and responses. -* stats: allow configuring histogram buckets for stats sinks and admin endpoints that support it. -* tap: added :ref:`generic body matcher` to scan http requests and responses for text or hex patterns. -* tcp: switched the TCP connection pool to the new "shared" connection pool, sharing a common code base with HTTP and HTTP/2. Any unexpected behavioral changes can be temporarily reverted by setting `envoy.reloadable_features.new_tcp_connection_pool` to false. -* tcp_proxy: added :ref:`max_downstream_connection_duration` for downstream connection. When max duration is reached the connection will be closed. -* tcp_proxy: allow earlier network filters to set metadataMatchCriteria on the connection StreamInfo to influence load balancing. -* tls: added OCSP stapling support through the :ref:`ocsp_staple ` and :ref:`ocsp_staple_policy ` configuration options. See :ref:`OCSP Stapling ` for usage and runtime flags. -* tls: introduce new :ref:`extension point` for overriding :ref:`TLS handshaker ` behavior. -* tls: switched from using socket BIOs to using custom BIOs that know how to interact with IoHandles. The feature can be disabled by setting runtime feature `envoy.reloadable_features.tls_use_io_handle_bio` to false. -* tracing: added ability to set some :ref:`optional segment fields` in the AWS X-Ray tracer. -* udp_proxy: added :ref:`hash_policies ` to support hash based routing. -* udp_proxy: added :ref:`use_original_src_ip ` option to replicate the downstream remote address of the packets on the upstream side of Envoy. It is similar to :ref:`original source filter `. -* watchdog: support randomizing the watchdog's kill timeout to prevent synchronized kills via a maximium jitter parameter :ref:`max_kill_timeout_jitter`. -* watchdog: supports an extension point where actions can be registered to fire on watchdog events such as miss, megamiss, kill and multikill. See ref:`watchdog actions`. -* watchdog: watchdog action extension that does cpu profiling. See ref:`Profile Action `. -* watchdog: watchdog action extension that sends SIGABRT to the stuck thread to terminate the process. See ref:`Abort Action `. -* xds: added :ref:`extension config discovery` support for HTTP filters. -* xds: added support for mixed v2/v3 discovery response, which enable type url downgrade and upgrade. This feature is disabled by default and is controlled by runtime guard `envoy.reloadable_features.enable_type_url_downgrade_and_upgrade`. -* zlib: added option to use `zlib-ng `_ as zlib library. * grpc: implemented header value syntax support when defining :ref:`initial metadata ` for gRPC-based `ext_authz` :ref:`HTTP ` and :ref:`network ` filters, and :ref:`ratelimit ` filters. +* ratelimit: added support for use of route entry metadata :ref:`route_entry_metadata ` as a ratelimit action. Deprecated ---------- From e09c921fc8d0c03268ad2f4a8bbb9a4469fd59ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Fri, 9 Oct 2020 14:08:05 +0200 Subject: [PATCH 09/15] fixup! current.rst: fix after 1.16.0 release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- docs/root/version_history/current.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index c11432a1eb80..0172a7af288b 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -20,7 +20,7 @@ Removed Config or Runtime New Features ------------ * grpc: implemented header value syntax support when defining :ref:`initial metadata ` for gRPC-based `ext_authz` :ref:`HTTP ` and :ref:`network ` filters, and :ref:`ratelimit ` filters. -* ratelimit: added support for use of route entry metadata :ref:`route_entry_metadata ` as a ratelimit action. +* ratelimit: added support for use of :ref:`route entry metadata ` as a ratelimit action. Deprecated ---------- From 122dd127bb652c615ebe98ef366631df63515ce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Fri, 9 Oct 2020 15:53:44 +0200 Subject: [PATCH 10/15] fixup! rename filter_metadata to route_entry_metadata MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- source/common/router/router_ratelimit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/router/router_ratelimit.h b/source/common/router/router_ratelimit.h index a28a71c3260c..22e74499a4f3 100644 --- a/source/common/router/router_ratelimit.h +++ b/source/common/router/router_ratelimit.h @@ -132,7 +132,7 @@ class DynamicMetaDataAction : public RateLimitAction { }; /** - * Action for filter metadata rate limiting. + * Action for route entry metadata rate limiting. */ class RouteEntryMetaDataAction : public RateLimitAction { public: From e1ed2f7a93d8f521438cb41dd3c0369c2eedea7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Tue, 13 Oct 2020 11:57:52 +0200 Subject: [PATCH 11/15] current.rst: fix after pull MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- docs/root/version_history/current.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 5de292bc0716..7f7c3ce64f26 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -25,9 +25,9 @@ Removed Config or Runtime New Features ------------ * grpc: implemented header value syntax support when defining :ref:`initial metadata ` for gRPC-based `ext_authz` :ref:`HTTP ` and :ref:`network ` filters, and :ref:`ratelimit ` filters. -* ratelimit: added support for use of :ref:`route entry metadata ` as a ratelimit action. * health_check: added option to use :ref:`no_traffic_healthy_interval ` which allows a different no traffic interval when the host is healthy. * mongo_proxy: the list of commands to produce metrics for is now :ref:`configurable `. +* ratelimit: added support for use of :ref:`route entry metadata ` as a ratelimit action. Deprecated ---------- From de6857b34ca734ca704973ba5796e093f7b376a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Thu, 15 Oct 2020 11:33:02 +0200 Subject: [PATCH 12/15] ratelimit: generic metadata action MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- .../config/route/v3/route_components.proto | 24 ++- .../route/v4alpha/route_components.proto | 26 ++- docs/root/version_history/current.rst | 2 +- .../config/route/v3/route_components.proto | 24 ++- .../route/v4alpha/route_components.proto | 26 ++- source/common/router/router_ratelimit.cc | 62 +++---- source/common/router/router_ratelimit.h | 28 +-- test/common/router/router_ratelimit_test.cc | 162 +++++------------- 8 files changed, 144 insertions(+), 210 deletions(-) diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index 213bff3db078..62b239f0821f 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -1646,23 +1646,33 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the - // :ref:`route entry metadata ` contains a key value: + // The following descriptor entry is appended when the metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message RouteEntryMetaData { + // ("", "") + message MetaData { + enum Source { + // :ref:`dynamic metadata ` + DYNAMIC = 0; + + // :ref:`route entry metadata ` + ROUTE_ENTRY = 1; + } + // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the route entry metadata is of type string. + // only happen if the value in the metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and // no value is present under the metadata_key then no descriptor is generated. string default_value = 3; + + // Source of metadata + Source source = 4 [(validate.rules).enum = {defined_only: true}]; } oneof action_specifier { @@ -1689,8 +1699,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on route entry metadata. - RouteEntryMetaData route_entry_metadata = 8; + // Rate limit on metadata. + MetaData metadata = 8; } } diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index 80d92ce7c131..2d7af16d0b79 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -1598,26 +1598,36 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the - // :ref:`route entry metadata ` contains a key value: + // The following descriptor entry is appended when the metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message RouteEntryMetaData { + // ("", "") + message MetaData { option (udpa.annotations.versioning).previous_message_type = - "envoy.config.route.v3.RateLimit.Action.RouteEntryMetaData"; + "envoy.config.route.v3.RateLimit.Action.MetaData"; + + enum Source { + // :ref:`dynamic metadata ` + DYNAMIC = 0; + + // :ref:`route entry metadata ` + ROUTE_ENTRY = 1; + } // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the route entry metadata is of type string. + // only happen if the value in the metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and // no value is present under the metadata_key then no descriptor is generated. string default_value = 3; + + // Source of metadata + Source source = 4 [(validate.rules).enum = {defined_only: true}]; } oneof action_specifier { @@ -1644,8 +1654,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on route entry metadata. - RouteEntryMetaData route_entry_metadata = 8; + // Rate limit on metadata. + MetaData metadata = 8; } } diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 82c72a33eec0..132bbd1e0874 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -29,7 +29,7 @@ New Features * grpc: implemented header value syntax support when defining :ref:`initial metadata ` for gRPC-based `ext_authz` :ref:`HTTP ` and :ref:`network ` filters, and :ref:`ratelimit ` filters. * health_check: added option to use :ref:`no_traffic_healthy_interval ` which allows a different no traffic interval when the host is healthy. * mongo_proxy: the list of commands to produce metrics for is now :ref:`configurable `. -* ratelimit: added support for use of :ref:`route entry metadata ` as a ratelimit action. +* ratelimit: added support for use of various :ref:`metadata ` as a ratelimit action. * ratelimit: added :ref:`disable_x_envoy_ratelimited_header ` option to disable `X-Envoy-RateLimited` header. * tcp: added a new :ref:`envoy.overload_actions.reject_incoming_connections ` action to reject incoming TCP connections. diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index 703bc74c658d..750e6bb180a8 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -1658,23 +1658,33 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the - // :ref:`route entry metadata ` contains a key value: + // The following descriptor entry is appended when the metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message RouteEntryMetaData { + // ("", "") + message MetaData { + enum Source { + // :ref:`dynamic metadata ` + DYNAMIC = 0; + + // :ref:`route entry metadata ` + ROUTE_ENTRY = 1; + } + // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the route entry metadata is of type string. + // only happen if the value in the metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and // no value is present under the metadata_key then no descriptor is generated. string default_value = 3; + + // Source of metadata + Source source = 4 [(validate.rules).enum = {defined_only: true}]; } oneof action_specifier { @@ -1701,8 +1711,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on route entry metadata. - RouteEntryMetaData route_entry_metadata = 8; + // Rate limit on metadata. + MetaData metadata = 8; } } diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index 096d9ee00dea..54152d16b8e4 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -1665,26 +1665,36 @@ message RateLimit { string default_value = 3; } - // The following descriptor entry is appended when the - // :ref:`route entry metadata ` contains a key value: + // The following descriptor entry is appended when the metadata contains a key value: // // .. code-block:: cpp // - // ("", "") - message RouteEntryMetaData { + // ("", "") + message MetaData { option (udpa.annotations.versioning).previous_message_type = - "envoy.config.route.v3.RateLimit.Action.RouteEntryMetaData"; + "envoy.config.route.v3.RateLimit.Action.MetaData"; + + enum Source { + // :ref:`dynamic metadata ` + DYNAMIC = 0; + + // :ref:`route entry metadata ` + ROUTE_ENTRY = 1; + } // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; // Metadata struct that defines the key and path to retrieve the string value. A match will - // only happen if the value in the route entry metadata is of type string. + // only happen if the value in the metadata is of type string. type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; // An optional value to use if *metadata_key* is empty. If not set and // no value is present under the metadata_key then no descriptor is generated. string default_value = 3; + + // Source of metadata + Source source = 4 [(validate.rules).enum = {defined_only: true}]; } oneof action_specifier { @@ -1711,8 +1721,8 @@ message RateLimit { // Rate limit on dynamic metadata. DynamicMetaData dynamic_metadata = 7; - // Rate limit on route entry metadata. - RouteEntryMetaData route_entry_metadata = 8; + // Rate limit on metadata. + MetaData metadata = 8; } } diff --git a/source/common/router/router_ratelimit.cc b/source/common/router/router_ratelimit.cc index 14098a8a550b..0774f8340be5 100644 --- a/source/common/router/router_ratelimit.cc +++ b/source/common/router/router_ratelimit.cc @@ -102,46 +102,40 @@ bool GenericKeyAction::populateDescriptor(const Router::RouteEntry&, return true; } -DynamicMetaDataAction::DynamicMetaDataAction( +MetaDataAction::MetaDataAction(const envoy::config::route::v3::RateLimit::Action::MetaData& action) + : metadata_key_(action.metadata_key()), descriptor_key_(action.descriptor_key()), + default_value_(action.default_value()), source_(action.source()) {} + +MetaDataAction::MetaDataAction( const envoy::config::route::v3::RateLimit::Action::DynamicMetaData& action) : metadata_key_(action.metadata_key()), descriptor_key_(action.descriptor_key()), - default_value_(action.default_value()) {} + default_value_(action.default_value()), + source_(envoy::config::route::v3::RateLimit::Action::MetaData::DYNAMIC) {} -bool DynamicMetaDataAction::populateDescriptor( - const Router::RouteEntry&, RateLimit::Descriptor& descriptor, const std::string&, +bool MetaDataAction::populateDescriptor( + const Router::RouteEntry& route, RateLimit::Descriptor& descriptor, const std::string&, const Http::HeaderMap&, const Network::Address::Instance&, const envoy::config::core::v3::Metadata* dynamic_metadata) const { - const ProtobufWkt::Value& metadata_value = - Envoy::Config::Metadata::metadataValue(dynamic_metadata, metadata_key_); - - if (!metadata_value.string_value().empty()) { - descriptor.entries_.push_back({descriptor_key_, metadata_value.string_value()}); - return true; - } else if (metadata_value.string_value().empty() && !default_value_.empty()) { - descriptor.entries_.push_back({descriptor_key_, default_value_}); - return true; + const envoy::config::core::v3::Metadata* metadata_source; + + switch (source_) { + case envoy::config::route::v3::RateLimit::Action::MetaData::DYNAMIC: + metadata_source = dynamic_metadata; + break; + case envoy::config::route::v3::RateLimit::Action::MetaData::ROUTE_ENTRY: + metadata_source = &route.metadata(); + break; + default: + NOT_REACHED_GCOVR_EXCL_LINE; } - return false; -} - -RouteEntryMetaDataAction::RouteEntryMetaDataAction( - const envoy::config::route::v3::RateLimit::Action::RouteEntryMetaData& action) - : metadata_key_(action.metadata_key()), descriptor_key_(action.descriptor_key()), - default_value_(action.default_value()) {} - -bool RouteEntryMetaDataAction::populateDescriptor(const Router::RouteEntry& route, - RateLimit::Descriptor& descriptor, - const std::string&, const Http::HeaderMap&, - const Network::Address::Instance&, - const envoy::config::core::v3::Metadata*) const { - const ProtobufWkt::Value& metadata_value = - Envoy::Config::Metadata::metadataValue(&route.metadata(), metadata_key_); + const std::string metadata_string_value = + Envoy::Config::Metadata::metadataValue(metadata_source, metadata_key_).string_value(); - if (!metadata_value.string_value().empty()) { - descriptor.entries_.push_back({descriptor_key_, metadata_value.string_value()}); + if (!metadata_string_value.empty()) { + descriptor.entries_.push_back({descriptor_key_, metadata_string_value}); return true; - } else if (metadata_value.string_value().empty() && !default_value_.empty()) { + } else if (metadata_string_value.empty() && !default_value_.empty()) { descriptor.entries_.push_back({descriptor_key_, default_value_}); return true; } @@ -190,10 +184,10 @@ RateLimitPolicyEntryImpl::RateLimitPolicyEntryImpl( actions_.emplace_back(new GenericKeyAction(action.generic_key())); break; case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kDynamicMetadata: - actions_.emplace_back(new DynamicMetaDataAction(action.dynamic_metadata())); + actions_.emplace_back(new MetaDataAction(action.dynamic_metadata())); break; - case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kRouteEntryMetadata: - actions_.emplace_back(new RouteEntryMetaDataAction(action.route_entry_metadata())); + case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kMetadata: + actions_.emplace_back(new MetaDataAction(action.metadata())); break; case envoy::config::route::v3::RateLimit::Action::ActionSpecifierCase::kHeaderValueMatch: actions_.emplace_back(new HeaderValueMatchAction(action.header_value_match())); diff --git a/source/common/router/router_ratelimit.h b/source/common/router/router_ratelimit.h index 22e74499a4f3..912606fc0da8 100644 --- a/source/common/router/router_ratelimit.h +++ b/source/common/router/router_ratelimit.h @@ -114,30 +114,13 @@ class GenericKeyAction : public RateLimitAction { }; /** - * Action for dynamic metadata rate limiting. + * Action for metadata rate limiting. */ -class DynamicMetaDataAction : public RateLimitAction { +class MetaDataAction : public RateLimitAction { public: - DynamicMetaDataAction(const envoy::config::route::v3::RateLimit::Action::DynamicMetaData& action); - // Router::RateLimitAction - bool populateDescriptor(const Router::RouteEntry& route, RateLimit::Descriptor& descriptor, - const std::string& local_service_cluster, const Http::HeaderMap& headers, - const Network::Address::Instance& remote_address, - const envoy::config::core::v3::Metadata* dynamic_metadata) const override; - -private: - const Envoy::Config::MetadataKey metadata_key_; - const std::string descriptor_key_; - const std::string default_value_; -}; - -/** - * Action for route entry metadata rate limiting. - */ -class RouteEntryMetaDataAction : public RateLimitAction { -public: - RouteEntryMetaDataAction( - const envoy::config::route::v3::RateLimit::Action::RouteEntryMetaData& action); + MetaDataAction(const envoy::config::route::v3::RateLimit::Action::MetaData& action); + // for maintaining backward compatibility with the deprecated DynamicMetaData action + MetaDataAction(const envoy::config::route::v3::RateLimit::Action::DynamicMetaData& action); // Router::RateLimitAction bool populateDescriptor(const Router::RouteEntry& route, RateLimit::Descriptor& descriptor, const std::string& local_service_cluster, const Http::HeaderMap& headers, @@ -148,6 +131,7 @@ class RouteEntryMetaDataAction : public RateLimitAction { const Envoy::Config::MetadataKey metadata_key_; const std::string descriptor_key_; const std::string default_value_; + const envoy::config::route::v3::RateLimit::Action::MetaData::Source source_; }; /** diff --git a/test/common/router/router_ratelimit_test.cc b/test/common/router/router_ratelimit_test.cc index f9d3ca548394..779c9b9fcb2b 100644 --- a/test/common/router/router_ratelimit_test.cc +++ b/test/common/router/router_ratelimit_test.cc @@ -513,11 +513,10 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataMatch) { testing::ContainerEq(descriptors_)); } -// Tests that the default_value is used in the descriptor when the metadata_key is empty. -TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNoMatchWithDefaultValue) { +TEST_F(RateLimitPolicyEntryTest, MetaDataMatchDynamicSourceByDefault) { const std::string yaml = R"EOF( actions: -- dynamic_metadata: +- metadata: descriptor_key: fake_key default_value: fake_value metadata_key: @@ -532,7 +531,7 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNoMatchWithDefaultValue) { std::string metadata_yaml = R"EOF( filter_metadata: envoy.xxx: - another_key: + test: prop: foo )EOF"; @@ -542,111 +541,22 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNoMatchWithDefaultValue) { rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, &metadata); - EXPECT_THAT(std::vector({{{{"fake_key", "fake_value"}}}}), + EXPECT_THAT(std::vector({{{{"fake_key", "foo"}}}}), testing::ContainerEq(descriptors_)); } -TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNoMatch) { - const std::string yaml = R"EOF( -actions: -- dynamic_metadata: - descriptor_key: fake_key - metadata_key: - key: 'envoy.xxx' - path: - - key: test - - key: prop - )EOF"; - - setupTest(yaml); - - std::string metadata_yaml = R"EOF( -filter_metadata: - envoy.xxx: - another_key: - prop: foo - )EOF"; - - envoy::config::core::v3::Metadata metadata; - TestUtility::loadFromYaml(metadata_yaml, metadata); - - rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - &metadata); - - EXPECT_TRUE(descriptors_.empty()); -} - -TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataEmptyValue) { - const std::string yaml = R"EOF( -actions: -- dynamic_metadata: - descriptor_key: fake_key - metadata_key: - key: 'envoy.xxx' - path: - - key: test - - key: prop - )EOF"; - - setupTest(yaml); - - std::string metadata_yaml = R"EOF( -filter_metadata: - envoy.xxx: - test: - prop: "" - )EOF"; - - envoy::config::core::v3::Metadata metadata; - TestUtility::loadFromYaml(metadata_yaml, metadata); - - rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - &metadata); - - EXPECT_TRUE(descriptors_.empty()); -} -// Tests that no descriptor is generated when both the metadata_key and default_value are empty. -TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataAndDefaultValueEmpty) { - const std::string yaml = R"EOF( -actions: -- dynamic_metadata: - descriptor_key: fake_key - default_value: "" - metadata_key: - key: 'envoy.xxx' - path: - - key: test - - key: prop - )EOF"; - - setupTest(yaml); - - std::string metadata_yaml = R"EOF( -filter_metadata: - envoy.xxx: - another_key: - prop: "" - )EOF"; - - envoy::config::core::v3::Metadata metadata; - TestUtility::loadFromYaml(metadata_yaml, metadata); - - rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - &metadata); - - EXPECT_TRUE(descriptors_.empty()); -} - -TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringNoMatch) { +TEST_F(RateLimitPolicyEntryTest, MetaDataMatchDynamicSource) { const std::string yaml = R"EOF( actions: -- dynamic_metadata: +- metadata: descriptor_key: fake_key + default_value: fake_value metadata_key: key: 'envoy.xxx' path: - key: test - key: prop + source: DYNAMIC )EOF"; setupTest(yaml); @@ -655,8 +565,7 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringNoMatch) { filter_metadata: envoy.xxx: test: - prop: - foo: bar + prop: foo )EOF"; envoy::config::core::v3::Metadata metadata; @@ -665,13 +574,14 @@ TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataNonStringNoMatch) { rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, &metadata); - EXPECT_TRUE(descriptors_.empty()); + EXPECT_THAT(std::vector({{{{"fake_key", "foo"}}}}), + testing::ContainerEq(descriptors_)); } -TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataMatch) { +TEST_F(RateLimitPolicyEntryTest, MetaDataMatchRouteEntrySource) { const std::string yaml = R"EOF( actions: -- route_entry_metadata: +- metadata: descriptor_key: fake_key default_value: fake_value metadata_key: @@ -679,6 +589,7 @@ TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataMatch) { path: - key: test - key: prop + source: ROUTE_ENTRY )EOF"; setupTest(yaml); @@ -700,10 +611,10 @@ TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataMatch) { } // Tests that the default_value is used in the descriptor when the metadata_key is empty. -TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNoMatchWithDefaultValue) { +TEST_F(RateLimitPolicyEntryTest, MetaDataNoMatchWithDefaultValue) { const std::string yaml = R"EOF( actions: -- route_entry_metadata: +- dynamic_metadata: descriptor_key: fake_key default_value: fake_value metadata_key: @@ -722,19 +633,20 @@ TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNoMatchWithDefaultValue) { prop: foo )EOF"; - TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + envoy::config::core::v3::Metadata metadata; + TestUtility::loadFromYaml(metadata_yaml, metadata); rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - dynamic_metadata_); + &metadata); EXPECT_THAT(std::vector({{{{"fake_key", "fake_value"}}}}), testing::ContainerEq(descriptors_)); } -TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNoMatch) { +TEST_F(RateLimitPolicyEntryTest, MetaDataNoMatch) { const std::string yaml = R"EOF( actions: -- route_entry_metadata: +- dynamic_metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' @@ -752,18 +664,19 @@ TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNoMatch) { prop: foo )EOF"; - TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + envoy::config::core::v3::Metadata metadata; + TestUtility::loadFromYaml(metadata_yaml, metadata); rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - dynamic_metadata_); + &metadata); EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataEmptyValue) { +TEST_F(RateLimitPolicyEntryTest, MetaDataEmptyValue) { const std::string yaml = R"EOF( actions: -- route_entry_metadata: +- dynamic_metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' @@ -781,18 +694,19 @@ TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataEmptyValue) { prop: "" )EOF"; - TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + envoy::config::core::v3::Metadata metadata; + TestUtility::loadFromYaml(metadata_yaml, metadata); rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - dynamic_metadata_); + &metadata); EXPECT_TRUE(descriptors_.empty()); } // Tests that no descriptor is generated when both the metadata_key and default_value are empty. -TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataAndDefaultValueEmpty) { +TEST_F(RateLimitPolicyEntryTest, MetaDataAndDefaultValueEmpty) { const std::string yaml = R"EOF( actions: -- route_entry_metadata: +- dynamic_metadata: descriptor_key: fake_key default_value: "" metadata_key: @@ -811,18 +725,19 @@ TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataAndDefaultValueEmpty) { prop: "" )EOF"; - TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + envoy::config::core::v3::Metadata metadata; + TestUtility::loadFromYaml(metadata_yaml, metadata); rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - dynamic_metadata_); + &metadata); EXPECT_TRUE(descriptors_.empty()); } -TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNonStringNoMatch) { +TEST_F(RateLimitPolicyEntryTest, MetaDataNonStringNoMatch) { const std::string yaml = R"EOF( actions: -- route_entry_metadata: +- dynamic_metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' @@ -841,10 +756,11 @@ TEST_F(RateLimitPolicyEntryTest, RouteEntryMetaDataNonStringNoMatch) { foo: bar )EOF"; - TestUtility::loadFromYaml(metadata_yaml, route_.metadata_); + envoy::config::core::v3::Metadata metadata; + TestUtility::loadFromYaml(metadata_yaml, metadata); rate_limit_entry_->populateDescriptors(route_, descriptors_, "", header_, default_remote_address_, - dynamic_metadata_); + &metadata); EXPECT_TRUE(descriptors_.empty()); } From e2f7016de25bb2a5a0ab1f52e0e4d73c7054e5dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Thu, 15 Oct 2020 18:27:42 +0200 Subject: [PATCH 13/15] ratelimit: deprecate dynamic_metadata action MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- api/envoy/config/route/v3/route_components.proto | 13 ++++++++++--- .../config/route/v4alpha/route_components.proto | 14 +++++++++----- docs/root/version_history/current.rst | 1 + .../envoy/config/route/v3/route_components.proto | 13 ++++++++++--- .../config/route/v4alpha/route_components.proto | 13 ++++++++++--- 5 files changed, 40 insertions(+), 14 deletions(-) diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index 62b239f0821f..595fde141e6c 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -1633,6 +1633,9 @@ message RateLimit { // .. code-block:: cpp // // ("", "") + // + // .. attention:: + // This action has been deprecated in favor of the :ref:`metadata ` action message DynamicMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; @@ -1653,10 +1656,10 @@ message RateLimit { // ("", "") message MetaData { enum Source { - // :ref:`dynamic metadata ` + // Query :ref:`dynamic metadata ` DYNAMIC = 0; - // :ref:`route entry metadata ` + // Query :ref:`route entry metadata ` ROUTE_ENTRY = 1; } @@ -1697,7 +1700,11 @@ message RateLimit { HeaderValueMatch header_value_match = 6; // Rate limit on dynamic metadata. - DynamicMetaData dynamic_metadata = 7; + // + // .. attention:: + // This field has been deprecated in favor of the :ref:`metadata ` field + DynamicMetaData dynamic_metadata = 7 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; // Rate limit on metadata. MetaData metadata = 8; diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index 2d7af16d0b79..0bf0b493e956 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -1582,6 +1582,9 @@ message RateLimit { // .. code-block:: cpp // // ("", "") + // + // .. attention:: + // This action has been deprecated in favor of the :ref:`metadata ` action message DynamicMetaData { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action.DynamicMetaData"; @@ -1608,10 +1611,10 @@ message RateLimit { "envoy.config.route.v3.RateLimit.Action.MetaData"; enum Source { - // :ref:`dynamic metadata ` + // Query :ref:`dynamic metadata ` DYNAMIC = 0; - // :ref:`route entry metadata ` + // Query :ref:`route entry metadata ` ROUTE_ENTRY = 1; } @@ -1630,6 +1633,10 @@ message RateLimit { Source source = 4 [(validate.rules).enum = {defined_only: true}]; } + reserved 7; + + reserved "dynamic_metadata"; + oneof action_specifier { option (validate.required) = true; @@ -1651,9 +1658,6 @@ message RateLimit { // Rate limit on the existence of request headers. HeaderValueMatch header_value_match = 6; - // Rate limit on dynamic metadata. - DynamicMetaData dynamic_metadata = 7; - // Rate limit on metadata. MetaData metadata = 8; } diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 132bbd1e0874..f38cf4037f4b 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -35,3 +35,4 @@ New Features Deprecated ---------- +* ratelimit: the :ref:`dynamic metadata ` action is deprecated in favor of the more generic :ref:`metadata ` action. diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index 750e6bb180a8..e203cdcf4e84 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -1645,6 +1645,9 @@ message RateLimit { // .. code-block:: cpp // // ("", "") + // + // .. attention:: + // This action has been deprecated in favor of the :ref:`metadata ` action message DynamicMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; @@ -1665,10 +1668,10 @@ message RateLimit { // ("", "") message MetaData { enum Source { - // :ref:`dynamic metadata ` + // Query :ref:`dynamic metadata ` DYNAMIC = 0; - // :ref:`route entry metadata ` + // Query :ref:`route entry metadata ` ROUTE_ENTRY = 1; } @@ -1709,7 +1712,11 @@ message RateLimit { HeaderValueMatch header_value_match = 6; // Rate limit on dynamic metadata. - DynamicMetaData dynamic_metadata = 7; + // + // .. attention:: + // This field has been deprecated in favor of the :ref:`metadata ` field + DynamicMetaData dynamic_metadata = 7 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; // Rate limit on metadata. MetaData metadata = 8; diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index 54152d16b8e4..12c56dd834a4 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -1649,6 +1649,9 @@ message RateLimit { // .. code-block:: cpp // // ("", "") + // + // .. attention:: + // This action has been deprecated in favor of the :ref:`metadata ` action message DynamicMetaData { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action.DynamicMetaData"; @@ -1675,10 +1678,10 @@ message RateLimit { "envoy.config.route.v3.RateLimit.Action.MetaData"; enum Source { - // :ref:`dynamic metadata ` + // Query :ref:`dynamic metadata ` DYNAMIC = 0; - // :ref:`route entry metadata ` + // Query :ref:`route entry metadata ` ROUTE_ENTRY = 1; } @@ -1719,7 +1722,11 @@ message RateLimit { HeaderValueMatch header_value_match = 6; // Rate limit on dynamic metadata. - DynamicMetaData dynamic_metadata = 7; + // + // .. attention:: + // This field has been deprecated in favor of the :ref:`metadata ` field + DynamicMetaData hidden_envoy_deprecated_dynamic_metadata = 7 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; // Rate limit on metadata. MetaData metadata = 8; From edb9511bfac4015b342b2f4884e6f6d538dfed1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Thu, 15 Oct 2020 22:27:06 +0200 Subject: [PATCH 14/15] router_ratelimit_test.cc: fix metadata action tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- test/common/router/router_ratelimit_test.cc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/common/router/router_ratelimit_test.cc b/test/common/router/router_ratelimit_test.cc index 779c9b9fcb2b..1a28fd3630ba 100644 --- a/test/common/router/router_ratelimit_test.cc +++ b/test/common/router/router_ratelimit_test.cc @@ -614,7 +614,7 @@ TEST_F(RateLimitPolicyEntryTest, MetaDataMatchRouteEntrySource) { TEST_F(RateLimitPolicyEntryTest, MetaDataNoMatchWithDefaultValue) { const std::string yaml = R"EOF( actions: -- dynamic_metadata: +- metadata: descriptor_key: fake_key default_value: fake_value metadata_key: @@ -646,7 +646,7 @@ TEST_F(RateLimitPolicyEntryTest, MetaDataNoMatchWithDefaultValue) { TEST_F(RateLimitPolicyEntryTest, MetaDataNoMatch) { const std::string yaml = R"EOF( actions: -- dynamic_metadata: +- metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' @@ -676,7 +676,7 @@ TEST_F(RateLimitPolicyEntryTest, MetaDataNoMatch) { TEST_F(RateLimitPolicyEntryTest, MetaDataEmptyValue) { const std::string yaml = R"EOF( actions: -- dynamic_metadata: +- metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' @@ -706,7 +706,7 @@ TEST_F(RateLimitPolicyEntryTest, MetaDataEmptyValue) { TEST_F(RateLimitPolicyEntryTest, MetaDataAndDefaultValueEmpty) { const std::string yaml = R"EOF( actions: -- dynamic_metadata: +- metadata: descriptor_key: fake_key default_value: "" metadata_key: @@ -737,7 +737,7 @@ TEST_F(RateLimitPolicyEntryTest, MetaDataAndDefaultValueEmpty) { TEST_F(RateLimitPolicyEntryTest, MetaDataNonStringNoMatch) { const std::string yaml = R"EOF( actions: -- dynamic_metadata: +- metadata: descriptor_key: fake_key metadata_key: key: 'envoy.xxx' From 4f28c09134dbb961feca03e0a70975ab76ef77f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Czig=C3=A1ny?= Date: Fri, 16 Oct 2020 09:29:30 +0200 Subject: [PATCH 15/15] fixup! router_ratelimit_test.cc: fix metadata action tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Czigány --- test/common/router/router_ratelimit_test.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/common/router/router_ratelimit_test.cc b/test/common/router/router_ratelimit_test.cc index 1a28fd3630ba..bad535cbf100 100644 --- a/test/common/router/router_ratelimit_test.cc +++ b/test/common/router/router_ratelimit_test.cc @@ -481,7 +481,7 @@ TEST_F(RateLimitPolicyEntryTest, GenericKeyWithEmptyDescriptorKey) { testing::ContainerEq(descriptors_)); } -TEST_F(RateLimitPolicyEntryTest, DynamicMetaDataMatch) { +TEST_F(RateLimitPolicyEntryTest, DEPRECATED_FEATURE_TEST(DynamicMetaDataMatch)) { const std::string yaml = R"EOF( actions: - dynamic_metadata: