From d63d7d043f89e28bdbca3776468491afb6a8db55 Mon Sep 17 00:00:00 2001 From: Jae Kim Date: Mon, 3 Apr 2017 15:18:36 -0700 Subject: [PATCH] Merge latest changes from master branch (#217) * Not call report if decodeHeaders is not called. (#150) * Update mixerclient with sync-ed grpc write and fail-fast. (#155) * Update mixerclient with sync-ed write and fail-fast. * Update to latest test. * Update again * Update envoy to PR553 (#156) * Update envoy to PR553 * Update libevent to 2.1.8 * Uses a specific version of the Shared Pipeline lib (#158) * Update lyft/envoy commit Id to latest. (#161) * Update lyft/envoy commit Id to latest. * Remove the comment about pull request * Add new line - will delete in next commit. * Update repositories.bzl (#169) * Always set response latency (#172) * Update mixerclient to sync_transport change. (#178) * Use opaque config to turn on/off forward attribute and mixer filter (#179) * Modify mixer filter * Swap defaults * Make the filter decoder only * cache mixer disabled decision * Fix a bug in opaque config change and test it out (#182) * Fix a bug and test it out * Update filter type * Update README.md * Update mixer client to mixer api with gogoproto. (#184) * Move .bazelrc to tools/bazel.rc (#186) * Move .bazelrc to tools/bazel.rc * Update Jenkinsfile with latest version of pipeline * Support apikey based traffic restriction (#189) * b/36368559 support apikey based traffic restriction * Fixed code formatting * Fix crash in unreachable/overloaded RDS (#190) * Add mixer client end to end integration test. (#177) * Add mixer client end to end integration test. * Split some repositories into a separate file. * use real mixer for fake mixer_server. * Test repository * use mixer bzl file. * Use mixer repositories * Not to use mixer repository. * Add return line at the end of WORKSPACE. * Fix broken link (#193) * Make quota call (#192) * hookup quota call * Make quota call. * Update indent. * Update envoy and update configs (#195) * Update envoy and update configs * Use gcc-4.9 for travis * Use bazel 0.4.5 * Fix SHA of lightstep-tracer-common * Enable check cache and refactory mixer config loading (#197) * Refactory the mixer config loading. * fix format * Add integration test. * updated README.md * s/send/sent/ * Split into separate tests. (#201) * Update README on how to enable check cache. (#204) * Update README on how to enable check cache. * Update the comment. * build: support Envoy native Bazel build. (#210) * build: support Envoy native Bazel build. This patch switches the Envoy build from src/envoy/repositories.bzl to using the upstream native build. See https://github.com/lyft/envoy/pull/663 for the corresponding changes on the Envoy side. * Use Envoy master with BUILD.wip rename merged. * Fix clang-format issues. * Fixes bazel.rc issues (#212) * Fixes bazel rc issues * Update Jenkins to latest pipeline version --- .travis.yml | 30 +- BUILD | 4 + Jenkinsfile | 29 +- WORKSPACE | 16 ++ src/envoy/BUILD | 34 --- src/envoy/mixer/BUILD | 24 +- src/envoy/mixer/README.md | 96 +++++-- src/envoy/mixer/config.cc | 97 +++++++ src/envoy/mixer/config.h | 54 ++++ src/envoy/mixer/envoy.conf.template | 30 +- src/envoy/mixer/forward_attribute_filter.cc | 114 -------- src/envoy/mixer/http_control.cc | 57 +++- src/envoy/mixer/http_control.h | 10 +- src/envoy/mixer/http_filter.cc | 128 ++++++--- src/envoy/mixer/integration_test/BUILD | 64 +++++ .../mixer/integration_test/attributes.go | 128 +++++++++ .../integration_test/check_cache_test.go | 40 +++ .../integration_test/check_report_test.go | 154 ++++++++++ src/envoy/mixer/integration_test/envoy.go | 88 ++++++ .../mixer/integration_test/envoy_conf.go | 244 ++++++++++++++++ .../integration_test/failed_request_test.go | 161 +++++++++++ .../mixer/integration_test/http_client.go | 80 ++++++ .../mixer/integration_test/http_server.go | 111 +++++++ .../mixer/integration_test/mixer_server.go | 127 ++++++++ .../mixer/integration_test/quota_test.go | 64 +++++ .../mixer/integration_test/repositories.bzl | 272 ++++++++++++++++++ src/envoy/mixer/integration_test/setup.go | 93 ++++++ .../mixer/integration_test/test_suite.bzl | 29 ++ src/envoy/mixer/repositories.bzl | 2 +- src/envoy/mixer/utils.cc | 14 - src/envoy/mixer/utils.h | 3 - src/envoy/repositories.bzl | 245 ++-------------- .bazelrc => tools/bazel.rc | 0 .bazelrc.jenkins => tools/bazel.rc.jenkins | 0 .bazelrc.travis => tools/bazel.rc.travis | 0 35 files changed, 2130 insertions(+), 512 deletions(-) create mode 100644 src/envoy/mixer/config.cc create mode 100644 src/envoy/mixer/config.h delete mode 100644 src/envoy/mixer/forward_attribute_filter.cc create mode 100644 src/envoy/mixer/integration_test/BUILD create mode 100644 src/envoy/mixer/integration_test/attributes.go create mode 100644 src/envoy/mixer/integration_test/check_cache_test.go create mode 100644 src/envoy/mixer/integration_test/check_report_test.go create mode 100644 src/envoy/mixer/integration_test/envoy.go create mode 100644 src/envoy/mixer/integration_test/envoy_conf.go create mode 100644 src/envoy/mixer/integration_test/failed_request_test.go create mode 100644 src/envoy/mixer/integration_test/http_client.go create mode 100644 src/envoy/mixer/integration_test/http_server.go create mode 100644 src/envoy/mixer/integration_test/mixer_server.go create mode 100644 src/envoy/mixer/integration_test/quota_test.go create mode 100644 src/envoy/mixer/integration_test/repositories.bzl create mode 100644 src/envoy/mixer/integration_test/setup.go create mode 100644 src/envoy/mixer/integration_test/test_suite.bzl rename .bazelrc => tools/bazel.rc (100%) rename .bazelrc.jenkins => tools/bazel.rc.jenkins (100%) rename .bazelrc.travis => tools/bazel.rc.travis (100%) diff --git a/.travis.yml b/.travis.yml index 88be42c285b..845ac9bbd8e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,25 +1,27 @@ sudo: required -dist: xenial + +dist: trusty + +addons: + apt: + sources: + - ubuntu-toolchain-r-test + packages: + - gcc-4.9 + - g++-4.9 + - wget branches: except: - stable -lang: go - -go: - - 1.7.x +language: cpp jdk: - oraclejdk8 env: - - BAZEL_VERSION=0.4.3 - -addons: - apt: - packages: - - wget + - BAZEL_VERSION=0.4.5 cache: directories: @@ -35,12 +37,12 @@ before_install: - sudo dpkg -i bazel_${BAZEL_VERSION}-linux-x86_64.deb - sudo apt-get -f install -qqy uuid-dev - cd ${TRAVIS_BUILD_DIR} - - mv .bazelrc .bazelrc.orig - - cat .bazelrc.travis .bazelrc.orig > .bazelrc + - mv tools/bazel.rc tools/bazel.rc.orig + - cat tools/bazel.rc.travis tools/bazel.rc.orig > tools/bazel.rc script: - script/check-style - - bazel --output_base=${HOME}/bazel/outbase test //... + - CC=/usr/bin/gcc-4.9 CXX=/usr/bin/g++-4.9 bazel --output_base=${HOME}/bazel/outbase test //... notifications: slack: istio-dev:wEEEbaabdP5ieCgDOFetA9nX diff --git a/BUILD b/BUILD index ac06d245289..510620e8246 100644 --- a/BUILD +++ b/BUILD @@ -24,3 +24,7 @@ config_setting( }, visibility = ["//visibility:public"], ) + +load("@io_bazel_rules_go//go:def.bzl", "go_prefix") + +go_prefix("istio.io/proxy") diff --git a/Jenkinsfile b/Jenkinsfile index 9c59a146e50..c1aa89e3f25 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,6 @@ #!groovy -@Library('testutils') +@Library('testutils@stable-3e4d089') import org.istio.testutils.Utilities import org.istio.testutils.GitUtilities @@ -12,20 +12,17 @@ def utils = new Utilities() def bazel = new Bazel() mainFlow(utils) { - pullRequest(utils) { - node { - gitUtils.initialize() - // Proxy does build work correctly with Hazelcast. - // Must use .bazelrc.jenkins - bazel.setVars('', '') - } - - if (utils.runStage('PRESUBMIT')) { - presubmit(gitUtils, bazel) - } - if (utils.runStage('POSTSUBMIT')) { - postsubmit(gitUtils, bazel, utils) - } + node { + gitUtils.initialize() + // Proxy does build work correctly with Hazelcast. + // Must use .bazelrc.jenkins + bazel.setVars('', '') + } + if (utils.runStage('PRESUBMIT')) { + presubmit(gitUtils, bazel) + } + if (utils.runStage('POSTSUBMIT')) { + postsubmit(gitUtils, bazel, utils) } } @@ -62,4 +59,4 @@ def postsubmit(gitUtils, bazel, utils) { utils.publishDockerImages(images, tags, 'release') } } -} \ No newline at end of file +} diff --git a/WORKSPACE b/WORKSPACE index ddfa05d578b..4bc7137304c 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -96,3 +96,19 @@ http_file( url = "https://storage.googleapis.com/istio-build/manager/ubuntu_xenial_debug-" + DEBUG_BASE_IMAGE_SHA + ".tar.gz", sha256 = DEBUG_BASE_IMAGE_SHA, ) + +# Following go repositories are for building go integration test for mixer filter. +git_repository( + name = "io_bazel_rules_go", + commit = "9496d79880a7d55b8e4a96f04688d70a374eaaf4", # Mar 3, 2017 (v0.4.1) + remote = "https://github.com/bazelbuild/rules_go.git", +) + +git_repository( + name = "org_pubref_rules_protobuf", + commit = "d42e895387c658eda90276aea018056fcdcb30e4", # Mar 07 2017 (gogo* support) + remote = "https://github.com/pubref/rules_protobuf", +) + +load("//src/envoy/mixer/integration_test:repositories.bzl", "go_mixer_repositories") +go_mixer_repositories() diff --git a/src/envoy/BUILD b/src/envoy/BUILD index 1c75af50a75..e69de29bb2d 100644 --- a/src/envoy/BUILD +++ b/src/envoy/BUILD @@ -1,34 +0,0 @@ -# Copyright 2016 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -# -cc_test( - name = "envoy_test", - data = [ - "@envoy_git//:envoy-testdata", - ], - copts = [ - "-include ./external/envoy_git/test/precompiled/precompiled_test.h", - ], - deps = [ - "@envoy_git//:envoy-test-lib", - "//external:googletest_main", - ], - args = [ - #TODO: Make all test pass - "--gtest_filter=RouterTest.*", - ], - linkstatic=1, -) diff --git a/src/envoy/mixer/BUILD b/src/envoy/mixer/BUILD index 132bc364a1d..45c69b7f2d5 100644 --- a/src/envoy/mixer/BUILD +++ b/src/envoy/mixer/BUILD @@ -15,7 +15,6 @@ ################################################################################ # - load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar") load("//src/envoy/mixer:proxy_docker.bzl", "proxy_docker_build") load("@protobuf_git//:protobuf.bzl", "cc_proto_library") @@ -31,7 +30,8 @@ cc_proto_library( cc_library( name = "filter_lib", srcs = [ - "forward_attribute_filter.cc", + "config.cc", + "config.h", "http_control.cc", "http_control.h", "http_filter.cc", @@ -41,7 +41,7 @@ cc_library( deps = [ ":string_map_proto", "//external:mixer_client_lib", - "@envoy_git//:envoy-common", + "@envoy//source/exe:envoy_common_lib", ], alwayslink = 1, ) @@ -49,9 +49,11 @@ cc_library( cc_binary( name = "envoy", linkstatic = 1, + linkopts = ["-lrt"], + visibility = [":__subpackages__"], deps = [ ":filter_lib", - "@envoy_git//:envoy-main", + "@envoy//source/exe:envoy_main_lib", ], ) @@ -81,10 +83,6 @@ pkg_tar( ) proxy_docker_build( - images = [ - {"name": "proxy", "base": "@docker_ubuntu//:xenial"}, - {"name": "proxy_debug", "base": "@ubuntu_xenial_debug//file"}, - ], entrypoint = [ "/usr/local/bin/start_envoy", "-e", @@ -94,6 +92,16 @@ proxy_docker_build( "-t", "/etc/opt/proxy/envoy.conf.template", ], + images = [ + { + "name": "proxy", + "base": "@docker_ubuntu//:xenial", + }, + { + "name": "proxy_debug", + "base": "@ubuntu_xenial_debug//file", + }, + ], ports = ["9090"], repository = "istio", tags = ["manual"], diff --git a/src/envoy/mixer/README.md b/src/envoy/mixer/README.md index d7d39f30e03..48229a3631e 100644 --- a/src/envoy/mixer/README.md +++ b/src/envoy/mixer/README.md @@ -3,7 +3,7 @@ This Proxy will use Envoy and talk to Mixer server. ## Build Mixer server -* Follow https://github.com/istio/mixer/blob/master/doc/devel/development.md to set up environment, and build via: +* Follow https://github.com/istio/mixer/blob/master/doc/dev/development.md to set up environment, and build via: ``` cd $(ISTIO)/mixer @@ -46,54 +46,98 @@ This Proxy will use Envoy and talk to Mixer server. * Then issue HTTP request to proxy. ``` + # request to server-side proxy curl http://localhost:9090/echo -d "hello world" + # request to client-side proxy that gets sent to server-side proxy + curl http://localhost:7070/echo -d "hello world" ``` -## How to configurate HTTP filters - -This module has two HTTP filters: -1. mixer filter: intercept all HTTP requests, call the mixer. -2. forward_attribute filter: Forward attributes to the upstream istio/proxy. - -### *mixer* filter: +## How to configurate HTTP Mixer filters This filter will intercept all HTTP requests and call Mixer. Here is its config: ``` "filters": [ - "type": "both", + "type": "decoder", "name": "mixer", "config": { "mixer_server": "${MIXER_SERVER}", - "attributes" : { + "mixer_attributes" : { + "attribute_name1": "attribute_value1", + "attribute_name2": "attribute_value2", + "quota.name": "RequestCount" + }, + "forward_attributes" : { "attribute_name1": "attribute_value1", "attribute_name2": "attribute_value2" - } + }, + "quota_name": "RequestCount", + "quota_amount": "1", + "check_cache_expiration_in_seconds": "600", + "check_cache_keys": [ + "request.host", + "request.path", + "origin.user" + ] } ``` Notes: * mixer_server is required -* attributes: these attributes will be send to the mixer - -### *forward_attribute* HTTP filter: +* mixer_attributes: these attributes will be sent to the mixer in both Check and Report calls. +* forward_attributes: these attributes will be forwarded to the upstream istio/proxy. It will send them to mixer in Check and Report calls. +* quota_name, quota_amount are used for making quota call. quota_amount defaults to 1. +* check_cache_keys is to cache check calls. If missing or empty, check calls are not cached. -This filer will forward attributes to the upstream istio/proxy. +## HTTP Route opaque config +By default, the mixer filter only forwards attributes and does not call mixer server. This behavior can be changed per HTTP route by supplying an opaque config: ``` - "filters": [ - "type": "decoder", - "name": "forward_attribute", - "config": { - "attributes": { - "attribute_name1": "attribute_value1", - "attribute_name2": "attribute_value2" - } - } + "routes": [ + { + "timeout_ms": 0, + "prefix": "/", + "cluster": "service1", + "opaque_config": { + "mixer_control": "on", + "mixer_forward": "off" + } + } ``` -Notes: -* attributes: these attributes will be forwarded to the upstream istio/proxy. +This route opaque config reverts the behavior by sending requests to mixer server but not forwarding any attributes. +## How to enable quota (rate limiting) + +Quota (rate limiting) is enforced by the mixer. Mixer needs to be configured with Quota in its global config and service config. Its quota config will have +"quota name", its limit within a window. If "Quota" is added but param is missing, the default config is: quota name is "RequestCount", the limit is 10 with 1 second window. Essentially, it is imposing 10 qps rate limiting. + +Mixer client can be configured to make Quota call for all requests. If "quota_name" is specified in the mixer filter config, mixer client will call Quota with the specified quota name. If "quota_amount" is specified, it will call with that amount, otherwise the used amount is 1. + + +## How to pass some attributes from client proxy to mixer. + +Usually client proxy is not configured to call mixer (it can be enabled in the route opaque_config). Client proxy can pass some attributes to mixer by using "forward_attributes" field. Its attributes will be sent to the upstream proxy (the server proxy). If the server proxy is calling mixer, these attributes will be sent to the mixer. + + +## How to enable cache for Check calls + +Check calls can be cached. By default, it is not enabled. It can be enabled by supplying non-empty "check_cache_keys" string list in the mixer filter config. Only these attributes in the Check request, their keys and values, are used to calculate the key for the cache lookup. If it is a cache hit, the cached response will be used. +The cached response will be expired in 5 minutes by default. It can be overrided by supplying "check_cache_expiration_in_seconds" in the mixer filter config. The Check response from the mixer has an expiration field. If it is filled, it will be used. By design, the mixer will control the cache expiration time. + +Following is a sample mixer filter config to enable the Check call cache: +``` + "check_cache_expiration_in_seconds": "600", + "check_cache_keys": [ + "request.host", + "request.path", + "source.labels", + "request.headers/:method", + "origin.user" + ] +``` +For the string map attributes in the above example: +1) "request.headers" attribute is a string map, "request.headers/:method" cache key means only its ":method" key and value are used for cache key. +2) "source.labels" attribute is a string map, "source.labels" cache key means all key value pairs for the string map will be used. diff --git a/src/envoy/mixer/config.cc b/src/envoy/mixer/config.cc new file mode 100644 index 00000000000..8e06b1e9c2b --- /dev/null +++ b/src/envoy/mixer/config.cc @@ -0,0 +1,97 @@ +/* Copyright 2017 Istio Authors. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "src/envoy/mixer/config.h" + +using ::istio::mixer_client::Attributes; + +namespace Http { +namespace Mixer { +namespace { + +// The Json object name for mixer-server. +const std::string kMixerServer("mixer_server"); + +// The Json object name for static attributes. +const std::string kMixerAttributes("mixer_attributes"); + +// The Json object name to specify attributes which will be forwarded +// to the upstream istio proxy. +const std::string kForwardAttributes("forward_attributes"); + +// The Json object name for quota name and amount. +const std::string kQuotaName("quota_name"); +const std::string kQuotaAmount("quota_amount"); + +// The Json object name for check cache keys. +const std::string kCheckCacheKeys("check_cache_keys"); +const std::string kCheckCacheExpiration("check_cache_expiration_in_seconds"); + +void ReadString(const Json::Object& json, const std::string& name, + std::string* value) { + if (json.hasObject(name)) { + *value = json.getString(name); + } +} + +void ReadStringMap(const Json::Object& json, const std::string& name, + std::map* map) { + if (json.hasObject(name)) { + json.getObject(name)->iterate( + [map](const std::string& key, const Json::Object& obj) -> bool { + (*map)[key] = obj.asString(); + return true; + }); + } +} + +void ReadStringVector(const Json::Object& json, const std::string& name, + std::vector* value) { + if (json.hasObject(name)) { + auto v = json.getStringArray(name); + value->swap(v); + } +} + +} // namespace + +void MixerConfig::Load(const Json::Object& json) { + ReadString(json, kMixerServer, &mixer_server); + + ReadStringMap(json, kMixerAttributes, &mixer_attributes); + ReadStringMap(json, kForwardAttributes, &forward_attributes); + + ReadString(json, kQuotaName, "a_name); + ReadString(json, kQuotaAmount, "a_amount); + + ReadStringVector(json, kCheckCacheKeys, &check_cache_keys); + ReadString(json, kCheckCacheExpiration, &check_cache_expiration); +} + +void MixerConfig::ExtractQuotaAttributes(Attributes* attr) const { + if (!quota_name.empty()) { + attr->attributes[Attributes::kQuotaName] = + Attributes::StringValue(quota_name); + + int64_t amount = 1; // default amount to 1. + if (!quota_amount.empty()) { + amount = std::stoi(quota_amount); + } + attr->attributes[Attributes::kQuotaAmount] = Attributes::Int64Value(amount); + } +} + +} // namespace Mixer +} // namespace Http diff --git a/src/envoy/mixer/config.h b/src/envoy/mixer/config.h new file mode 100644 index 00000000000..fc08f33c439 --- /dev/null +++ b/src/envoy/mixer/config.h @@ -0,0 +1,54 @@ +/* Copyright 2017 Istio Authors. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "precompiled/precompiled.h" + +#include "envoy/json/json_object.h" +#include "include/attribute.h" + +namespace Http { +namespace Mixer { + +// A config for mixer filter +struct MixerConfig { + // the mixer server address + std::string mixer_server; + + // These static attributes will be send to mixer in both + // Check and Report. + std::map mixer_attributes; + + // These attributes will be forwarded to upstream. + std::map forward_attributes; + + // Quota attributes. + std::string quota_name; + std::string quota_amount; + + // The attribute names for check cache. + std::vector check_cache_keys; + std::string check_cache_expiration; + + // Load the config from envoy config. + void Load(const Json::Object& json); + + // Extract quota attributes. + void ExtractQuotaAttributes(::istio::mixer_client::Attributes* attr) const; +}; + +} // namespace Mixer +} // namespace Http diff --git a/src/envoy/mixer/envoy.conf.template b/src/envoy/mixer/envoy.conf.template index c5377632388..c7574734ff3 100644 --- a/src/envoy/mixer/envoy.conf.template +++ b/src/envoy/mixer/envoy.conf.template @@ -1,7 +1,7 @@ { "listeners": [ { - "port": ${PORT}, + "address": "tcp://0.0.0.0:${PORT}", "bind_to_port": true, "filters": [ { @@ -19,7 +19,11 @@ { "timeout_ms": 0, "prefix": "/", - "cluster": "service1" + "cluster": "service1", + "opaque_config": { + "mixer_control": "on", + "mixer_forward": "off" + } } ] } @@ -32,14 +36,21 @@ ], "filters": [ { - "type": "both", + "type": "decoder", "name": "mixer", "config": { "mixer_server": "${MIXER_SERVER}", - "attributes": { + "mixer_attributes": { "target.uid": "POD222", "target.namespace": "XYZ222" - } + }, + "quota_name": "RequestCount", + "quota_amount": "1", + "check_cache_keys": [ + "request.host", + "request.path", + "origin.user" + ] } }, { @@ -53,7 +64,7 @@ ] }, { - "port": 7070, + "address": "tcp://0.0.0.0:7070", "bind_to_port": true, "filters": [ { @@ -85,9 +96,10 @@ "filters": [ { "type": "decoder", - "name": "forward_attribute", + "name": "mixer", "config": { - "attributes": { + "mixer_server": "${MIXER_SERVER}", + "forward_attributes": { "source.uid": "POD11", "source.namespace": "XYZ11" } @@ -106,7 +118,7 @@ ], "admin": { "access_log_path": "/dev/stdout", - "port": 9001 + "address": "tcp://0.0.0.0:9001" }, "cluster_manager": { "clusters": [ diff --git a/src/envoy/mixer/forward_attribute_filter.cc b/src/envoy/mixer/forward_attribute_filter.cc deleted file mode 100644 index 08d58916f89..00000000000 --- a/src/envoy/mixer/forward_attribute_filter.cc +++ /dev/null @@ -1,114 +0,0 @@ -/* Copyright 2017 Istio Authors. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "precompiled/precompiled.h" - -#include "common/common/base64.h" -#include "common/common/logger.h" -#include "common/http/headers.h" -#include "common/http/utility.h" -#include "envoy/server/instance.h" -#include "server/config/network/http_connection_manager.h" -#include "src/envoy/mixer/utils.h" - -namespace Http { -namespace ForwardAttribute { -namespace { - -// The Json object name to specify attributes which will be forwarded -// to the upstream istio proxy. -const std::string kJsonNameAttributes("attributes"); - -} // namespace - -class Config : public Logger::Loggable { - private: - std::string attributes_; - - public: - Config(const Json::Object& config) { - Utils::StringMap attributes = - Utils::ExtractStringMap(config, kJsonNameAttributes); - if (!attributes.empty()) { - std::string serialized_str = Utils::SerializeStringMap(attributes); - attributes_ = - Base64::encode(serialized_str.c_str(), serialized_str.size()); - } - } - - const std::string& attributes() const { return attributes_; } -}; - -typedef std::shared_ptr ConfigPtr; - -class ForwardAttributeFilter : public Http::StreamDecoderFilter { - private: - ConfigPtr config_; - - public: - ForwardAttributeFilter(ConfigPtr config) : config_(config) {} - - FilterHeadersStatus decodeHeaders(HeaderMap& headers, - bool end_stream) override { - if (!config_->attributes().empty()) { - headers.addStatic(Utils::kIstioAttributeHeader, config_->attributes()); - } - return FilterHeadersStatus::Continue; - } - - FilterDataStatus decodeData(Buffer::Instance& data, - bool end_stream) override { - return FilterDataStatus::Continue; - } - - FilterTrailersStatus decodeTrailers(HeaderMap& trailers) override { - return FilterTrailersStatus::Continue; - } - - void setDecoderFilterCallbacks( - StreamDecoderFilterCallbacks& callbacks) override {} -}; - -} // namespace ForwardAttribute -} // namespace Http - -namespace Server { -namespace Configuration { - -class ForwardAttributeConfig : public HttpFilterConfigFactory { - public: - HttpFilterFactoryCb tryCreateFilterFactory( - HttpFilterType type, const std::string& name, const Json::Object& config, - const std::string&, Server::Instance& server) override { - if (type != HttpFilterType::Decoder || name != "forward_attribute") { - return nullptr; - } - - Http::ForwardAttribute::ConfigPtr add_header_config( - new Http::ForwardAttribute::Config(config)); - return [add_header_config]( - Http::FilterChainFactoryCallbacks& callbacks) -> void { - std::shared_ptr instance( - new Http::ForwardAttribute::ForwardAttributeFilter( - add_header_config)); - callbacks.addStreamDecoderFilter(Http::StreamDecoderFilterPtr(instance)); - }; - } -}; - -static RegisterHttpFilterConfigFactory register_; - -} // namespace Configuration -} // namespace server diff --git a/src/envoy/mixer/http_control.cc b/src/envoy/mixer/http_control.cc index 3b97d20a35f..8283482dff3 100644 --- a/src/envoy/mixer/http_control.cc +++ b/src/envoy/mixer/http_control.cc @@ -23,8 +23,12 @@ #include "src/envoy/mixer/utils.h" using ::google::protobuf::util::Status; +using ::istio::mixer_client::CheckOptions; using ::istio::mixer_client::Attributes; using ::istio::mixer_client::DoneFunc; +using ::istio::mixer_client::MixerClientOptions; +using ::istio::mixer_client::ReportOptions; +using ::istio::mixer_client::QuotaOptions; namespace Http { namespace Mixer { @@ -45,6 +49,26 @@ const std::string kResponseLatency = "response.latency"; const std::string kResponseSize = "response.size"; const std::string kResponseTime = "response.time"; +// Check cache size: 10000 cache entries. +const int kCheckCacheEntries = 10000; +// Default check cache expired in 5 minutes. +const int kCheckCacheExpirationInSeconds = 300; + +CheckOptions GetCheckOptions(const MixerConfig& config) { + int expiration = kCheckCacheExpirationInSeconds; + if (!config.check_cache_expiration.empty()) { + expiration = std::stoi(config.check_cache_expiration); + } + + // Remove expired items from cache 1 second later. + CheckOptions options(kCheckCacheEntries, expiration * 1000, + (expiration + 1) * 1000); + + options.cache_keys = config.check_cache_keys; + + return options; +} + void SetStringAttribute(const std::string& name, const std::string& value, Attributes* attr) { if (!value.empty()) { @@ -94,10 +118,8 @@ void FillRequestInfoAttributes(const AccessLog::RequestInfo& info, attr->attributes[kResponseSize] = Attributes::Int64Value(info.bytesSent()); } - if (info.duration().count() > 0) { - attr->attributes[kResponseLatency] = Attributes::DurationValue( - std::chrono::duration_cast(info.duration())); - } + attr->attributes[kResponseLatency] = Attributes::DurationValue( + std::chrono::duration_cast(info.duration())); if (info.responseCode().valid()) { attr->attributes[kResponseHttpCode] = @@ -110,12 +132,14 @@ void FillRequestInfoAttributes(const AccessLog::RequestInfo& info, } // namespace -HttpControl::HttpControl(const std::string& mixer_server, - std::map&& attributes) - : config_attributes_(std::move(attributes)) { - ::istio::mixer_client::MixerClientOptions options; - options.mixer_server = mixer_server; +HttpControl::HttpControl(const MixerConfig& mixer_config) + : mixer_config_(mixer_config) { + MixerClientOptions options(GetCheckOptions(mixer_config), ReportOptions(), + QuotaOptions()); + options.mixer_server = mixer_config_.mixer_server; mixer_client_ = ::istio::mixer_client::CreateMixerClient(options); + + mixer_config_.ExtractQuotaAttributes("a_attributes_); } void HttpControl::FillCheckAttributes(HeaderMap& header_map, Attributes* attr) { @@ -133,7 +157,7 @@ void HttpControl::FillCheckAttributes(HeaderMap& header_map, Attributes* attr) { FillRequestHeaderAttributes(header_map, attr); - for (const auto& attribute : config_attributes_) { + for (const auto& attribute : mixer_config_.mixer_attributes) { SetStringAttribute(attribute.first, attribute.second, attr); } } @@ -143,7 +167,18 @@ void HttpControl::Check(HttpRequestDataPtr request_data, HeaderMap& headers, FillCheckAttributes(headers, &request_data->attributes); SetStringAttribute(kOriginUser, origin_user, &request_data->attributes); log().debug("Send Check: {}", request_data->attributes.DebugString()); - mixer_client_->Check(request_data->attributes, on_done); + + auto check_on_done = [this, on_done](const Status& status) { + if (status.ok()) { + if (!quota_attributes_.attributes.empty()) { + log().debug("Send Quota: {}", quota_attributes_.DebugString()); + mixer_client_->Quota(quota_attributes_, on_done); + return; // Not to call on_done again. + } + } + on_done(status); + }; + mixer_client_->Check(request_data->attributes, check_on_done); } void HttpControl::Report(HttpRequestDataPtr request_data, diff --git a/src/envoy/mixer/http_control.h b/src/envoy/mixer/http_control.h index e9ddc734f45..c473facef3c 100644 --- a/src/envoy/mixer/http_control.h +++ b/src/envoy/mixer/http_control.h @@ -21,6 +21,7 @@ #include "common/http/headers.h" #include "envoy/http/access_log.h" #include "include/client.h" +#include "src/envoy/mixer/config.h" namespace Http { namespace Mixer { @@ -37,8 +38,7 @@ typedef std::shared_ptr HttpRequestDataPtr; class HttpControl final : public Logger::Loggable { public: // The constructor. - HttpControl(const std::string& mixer_server, - std::map&& attributes); + HttpControl(const MixerConfig& mixer_config); // Make mixer check call. void Check(HttpRequestDataPtr request_data, HeaderMap& headers, @@ -56,8 +56,10 @@ class HttpControl final : public Logger::Loggable { // The mixer client std::unique_ptr<::istio::mixer_client::MixerClient> mixer_client_; - // The attributes read from the config file. - std::map config_attributes_; + // The mixer config + const MixerConfig& mixer_config_; + // Quota attributes; extracted from envoy filter config. + ::istio::mixer_client::Attributes quota_attributes_; }; } // namespace Mixer diff --git a/src/envoy/mixer/http_filter.cc b/src/envoy/mixer/http_filter.cc index c59f5f43eea..9f8e4ffb75c 100644 --- a/src/envoy/mixer/http_filter.cc +++ b/src/envoy/mixer/http_filter.cc @@ -15,12 +15,14 @@ #include "precompiled/precompiled.h" +#include "common/common/base64.h" #include "common/common/logger.h" #include "common/http/headers.h" #include "common/http/utility.h" #include "envoy/server/instance.h" #include "envoy/ssl/connection.h" #include "server/config/network/http_connection_manager.h" +#include "src/envoy/mixer/config.h" #include "src/envoy/mixer/http_control.h" #include "src/envoy/mixer/utils.h" @@ -32,11 +34,11 @@ namespace Http { namespace Mixer { namespace { -// The Json object name for mixer-server. -const std::string kJsonNameMixerServer("mixer_server"); +// Switch to turn off attribute forwarding +const std::string kJsonNameForwardSwitch("mixer_forward"); -// The Json object name for static attributes. -const std::string kJsonNameMixerAttributes("attributes"); +// Switch to turn off mixer check/report/quota +const std::string kJsonNameMixerSwitch("mixer_control"); // Convert Status::code to HTTP code int HttpCode(int code) { @@ -88,50 +90,90 @@ class Config : public Logger::Loggable { private: std::shared_ptr http_control_; Upstream::ClusterManager& cm_; + std::string forward_attributes_; + MixerConfig mixer_config_; public: Config(const Json::Object& config, Server::Instance& server) : cm_(server.clusterManager()) { - std::string mixer_server; - if (config.hasObject(kJsonNameMixerServer)) { - mixer_server = config.getString(kJsonNameMixerServer); - } else { + mixer_config_.Load(config); + if (mixer_config_.mixer_server.empty()) { log().error( "mixer_server is required but not specified in the config: {}", __func__); + } else { + log().debug("Called Mixer::Config constructor with mixer_server: ", + mixer_config_.mixer_server); } - std::map attributes = - Utils::ExtractStringMap(config, kJsonNameMixerAttributes); + if (!mixer_config_.forward_attributes.empty()) { + std::string serialized_str = + Utils::SerializeStringMap(mixer_config_.forward_attributes); + forward_attributes_ = + Base64::encode(serialized_str.c_str(), serialized_str.size()); + log().debug("Mixer forward attributes set: ", serialized_str); + } - http_control_ = - std::make_shared(mixer_server, std::move(attributes)); - log().debug("Called Mixer::Config constructor with mixer_server: ", - mixer_server); + http_control_ = std::make_shared(mixer_config_); } std::shared_ptr& http_control() { return http_control_; } + const std::string& forward_attributes() const { return forward_attributes_; } }; typedef std::shared_ptr ConfigPtr; -class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { +class Instance : public Http::StreamDecoderFilter, + public Http::AccessLog::Instance { private: std::shared_ptr http_control_; + ConfigPtr config_; std::shared_ptr request_data_; enum State { NotStarted, Calling, Complete, Responded }; State state_; StreamDecoderFilterCallbacks* decoder_callbacks_; - StreamEncoderFilterCallbacks* encoder_callbacks_; bool initiating_call_; int check_status_code_; + bool mixer_disabled_; + + // mixer control switch (off by default) + bool mixer_disabled() { + auto route = decoder_callbacks_->route(); + if (route != nullptr) { + auto entry = route->routeEntry(); + if (entry != nullptr) { + auto key = entry->opaqueConfig().find(kJsonNameMixerSwitch); + if (key != entry->opaqueConfig().end() && key->second == "on") { + return false; + } + } + } + return true; + } + + // attribute forward switch (on by default) + bool forward_disabled() { + auto route = decoder_callbacks_->route(); + if (route != nullptr) { + auto entry = route->routeEntry(); + if (entry != nullptr) { + auto key = entry->opaqueConfig().find(kJsonNameForwardSwitch); + if (key != entry->opaqueConfig().end() && key->second == "off") { + return true; + } + } + } + return false; + } + public: Instance(ConfigPtr config) : http_control_(config->http_control()), + config_(config), state_(NotStarted), initiating_call_(false), check_status_code_(HttpCode(StatusCode::UNKNOWN)) { @@ -149,6 +191,17 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { FilterHeadersStatus decodeHeaders(HeaderMap& headers, bool end_stream) override { Log().debug("Called Mixer::Instance : {}", __func__); + + if (!config_->forward_attributes().empty() && !forward_disabled()) { + headers.addStatic(Utils::kIstioAttributeHeader, + config_->forward_attributes()); + } + + mixer_disabled_ = mixer_disabled(); + if (mixer_disabled_) { + return FilterHeadersStatus::Continue; + } + state_ = Calling; initiating_call_ = true; request_data_ = std::make_shared(); @@ -174,6 +227,10 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { FilterDataStatus decodeData(Buffer::Instance& data, bool end_stream) override { + if (mixer_disabled_) { + return FilterDataStatus::Continue; + } + Log().debug("Called Mixer::Instance : {} ({}, {})", __func__, data.length(), end_stream); if (state_ == Calling) { @@ -183,6 +240,10 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { } FilterTrailersStatus decodeTrailers(HeaderMap& trailers) override { + if (mixer_disabled_) { + return FilterTrailersStatus::Continue; + } + Log().debug("Called Mixer::Instance : {}", __func__); if (state_ == Calling) { return FilterTrailersStatus::StopIteration; @@ -215,33 +276,12 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { } } - virtual FilterHeadersStatus encodeHeaders(HeaderMap& headers, - bool end_stream) override { - Log().debug("Called Mixer::Instance : {}", __func__); - return FilterHeadersStatus::Continue; - } - - virtual FilterDataStatus encodeData(Buffer::Instance& data, - bool end_stream) override { - Log().debug("Called Mixer::Instance : {}", __func__); - return FilterDataStatus::Continue; - } - - virtual FilterTrailersStatus encodeTrailers(HeaderMap& trailers) override { - Log().debug("Called Mixer::Instance : {}", __func__); - return FilterTrailersStatus::Continue; - } - - virtual void setEncoderFilterCallbacks( - StreamEncoderFilterCallbacks& callbacks) override { - Log().debug("Called Mixer::Instance : {}", __func__); - encoder_callbacks_ = &callbacks; - } - virtual void log(const HeaderMap* request_headers, const HeaderMap* response_headers, const AccessLog::RequestInfo& request_info) override { Log().debug("Called Mixer::Instance : {}", __func__); + // If decodeHaeders() is not called, not to call Mixer report. + if (!request_data_) return; // Make sure not to use any class members at the callback. // The class may be gone when it is called. // Log() is a static function so it is OK. @@ -270,7 +310,7 @@ class MixerConfig : public HttpFilterConfigFactory { HttpFilterFactoryCb tryCreateFilterFactory( HttpFilterType type, const std::string& name, const Json::Object& config, const std::string&, Server::Instance& server) override { - if (type != HttpFilterType::Both || name != "mixer") { + if (type != HttpFilterType::Decoder || name != "mixer") { return nullptr; } @@ -280,8 +320,10 @@ class MixerConfig : public HttpFilterConfigFactory { [mixer_config](Http::FilterChainFactoryCallbacks& callbacks) -> void { std::shared_ptr instance( new Http::Mixer::Instance(mixer_config)); - callbacks.addStreamFilter(Http::StreamFilterPtr(instance)); - callbacks.addAccessLogHandler(Http::AccessLog::InstancePtr(instance)); + callbacks.addStreamDecoderFilter( + Http::StreamDecoderFilterSharedPtr(instance)); + callbacks.addAccessLogHandler( + Http::AccessLog::InstanceSharedPtr(instance)); }; } }; @@ -289,4 +331,4 @@ class MixerConfig : public HttpFilterConfigFactory { static RegisterHttpFilterConfigFactory register_; } // namespace Configuration -} // namespace server +} // namespace Server diff --git a/src/envoy/mixer/integration_test/BUILD b/src/envoy/mixer/integration_test/BUILD new file mode 100644 index 00000000000..a6ff4916db5 --- /dev/null +++ b/src/envoy/mixer/integration_test/BUILD @@ -0,0 +1,64 @@ +# Copyright 2017 Istio Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# + +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load(":test_suite.bzl", "go_test_suite") + +go_library( + name = "go_default_library", + srcs = [ + "attributes.go", + "envoy.go", + "envoy_conf.go", + "http_client.go", + "http_server.go", + "mixer_server.go", + "setup.go", + ], + deps = [ + "@com_github_gogo_protobuf//types:go_default_library", + "@com_github_golang_glog//:go_default_library", + "@com_github_golang_protobuf//proto:go_default_library", + "@com_github_googleapis_googleapis//:google/rpc", + "@com_github_istio_api//:mixer/v1", + "@com_github_istio_mixer//pkg/api:go_default_library", + "@com_github_istio_mixer//pkg/attribute:go_default_library", + "@com_github_istio_mixer//pkg/pool:go_default_library", + "@com_github_istio_mixer//pkg/tracing:go_default_library", + "@org_golang_google_grpc//:go_default_library", + ], +) + +go_test_suite( + data = [ + "//src/envoy/mixer:envoy", + ], + library = ":go_default_library", + tags = [ + # Use fixed ports, not in sanbbox, have to be run exclusively. + "exclusive", + # shared memory path /envoy_shared_memory_0 used by Envoy + # hot start is not working in sandbox mode. + "local", + ], + tests = [ + "check_cache_test.go", + "check_report_test.go", + "failed_request_test.go", + "quota_test.go", + ], +) diff --git a/src/envoy/mixer/integration_test/attributes.go b/src/envoy/mixer/integration_test/attributes.go new file mode 100644 index 00000000000..6aecd20d8bb --- /dev/null +++ b/src/envoy/mixer/integration_test/attributes.go @@ -0,0 +1,128 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "encoding/json" + "fmt" + "reflect" + + "istio.io/mixer/pkg/attribute" +) + +func verifyStringMap(actual map[string]string, expected map[string]interface{}) error { + for k, v := range expected { + vstring := v.(string) + // "-" make sure the key does not exist. + if vstring == "-" { + if _, ok := actual[k]; ok { + return fmt.Errorf("key %+v is NOT expected", k) + } + } else { + if val, ok := actual[k]; ok { + // "*" only check key exist + if val != vstring && vstring != "*" { + return fmt.Errorf("key %+v value doesn't match. Actual %+v, expected %+v", + k, val, vstring) + } + } else { + return fmt.Errorf("key %+v is expected", k) + } + } + } + return nil +} + +// Attributes verification rules: +// +// 1) If value is *, key must exist, but value is not checked. +// 1) If value is -, key must NOT exist. +// 3) At top level attributes, not inside StringMap, all keys must +// be listed. Extra keys are NOT allowed +// 3) Inside StringMap, not need to list all keys. Extra keys are allowed +// +// Attributes provided from envoy config +// * source.id and source.namespace are forwarded from client proxy +// * target.id and target.namespace are from server proxy +// +// HTTP header "x-istio-attributes" is used to forward attributes between +// proxy. It should be removed before calling mixer and backend. +// +func Verify(b *attribute.MutableBag, json_results string) error { + var r map[string]interface{} + if err := json.Unmarshal([]byte(json_results), &r); err != nil { + return fmt.Errorf("unable to decode json %v", err) + } + + all_keys := make(map[string]bool) + for _, k := range b.Names() { + all_keys[k] = true + } + + for k, v := range r { + switch vv := v.(type) { + case string: + // "*" means only checking key. + if vv == "*" { + if _, ok := b.Get(k); !ok { + return fmt.Errorf("attribute %+v is expected", k) + } + } else { + if val, ok := b.Get(k); ok { + if val.(string) != v.(string) { + return fmt.Errorf("attribute %+v value doesn't match. Actual %+v, expected %+v", + k, val.(string), v.(string)) + } + } else { + return fmt.Errorf("attribute %+v is expected", k) + } + } + case float64: + // Json converts all integers to float64, + // Our tests only verify size related attributes which are int64 type + if val, ok := b.Get(k); ok { + vint64 := int64(vv) + if val.(int64) != vint64 { + return fmt.Errorf("attribute %+v value doesn't match. Actual %+v, expected %+v", + k, val.(int64), vint64) + } + } else { + return fmt.Errorf("attribute %+v is expected", k) + } + case map[string]interface{}: + if val, ok := b.Get(k); ok { + if err := verifyStringMap(val.(map[string]string), v.(map[string]interface{})); err != nil { + return fmt.Errorf("attribute %+v StringMap doesn't match: %+v", k, err) + } + } else { + return fmt.Errorf("attribute %+v is expected", k) + } + default: + return fmt.Errorf("attribute %+v is of a type %+v that I don't know how to handle ", + k, reflect.TypeOf(v)) + } + delete(all_keys, k) + + } + + if len(all_keys) > 0 { + var s string + for k, _ := range all_keys { + s += k + ", " + } + return fmt.Errorf("Following attributes are not expected: %s", s) + } + return nil +} diff --git a/src/envoy/mixer/integration_test/check_cache_test.go b/src/envoy/mixer/integration_test/check_cache_test.go new file mode 100644 index 00000000000..ab79320ae82 --- /dev/null +++ b/src/envoy/mixer/integration_test/check_cache_test.go @@ -0,0 +1,40 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "fmt" + "testing" +) + +func TestCheckCache(t *testing.T) { + s, err := SetUp(t, basicConfig+","+checkCacheConfig) + if err != nil { + t.Fatalf("Failed to setup test: %v", err) + } + defer s.TearDown() + + url := fmt.Sprintf("http://localhost:%d/echo", ClientProxyPort) + + // Issues a GET echo request with 0 size body + tag := "OKGet" + for i := 0; i < 10; i++ { + if _, _, err := HTTPGet(url); err != nil { + t.Errorf("Failed in request %s: %v", tag, err) + } + // Only the first check is called. + s.VerifyCheckCount(tag, 1) + } +} diff --git a/src/envoy/mixer/integration_test/check_report_test.go b/src/envoy/mixer/integration_test/check_report_test.go new file mode 100644 index 00000000000..71d8a3f6bb9 --- /dev/null +++ b/src/envoy/mixer/integration_test/check_report_test.go @@ -0,0 +1,154 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "fmt" + "testing" +) + +// Check attributes from a good GET request +const checkAttributesOkGet = ` +{ + "request.host": "localhost:27070", + "request.path": "/echo", + "request.time": "*", + "source.uid": "POD11", + "source.namespace": "XYZ11", + "target.uid": "POD222", + "target.namespace": "XYZ222", + "request.headers": { + ":method": "GET", + ":path": "/echo", + ":authority": "localhost:27070", + "x-forwarded-proto": "http", + "x-istio-attributes": "-", + "x-request-id": "*" + } +} +` + +// Report attributes from a good GET request +const reportAttributesOkGet = ` +{ + "request.host": "localhost:27070", + "request.path": "/echo", + "request.time": "*", + "source.uid": "POD11", + "source.namespace": "XYZ11", + "target.uid": "POD222", + "target.namespace": "XYZ222", + "request.headers": { + ":method": "GET", + ":path": "/echo", + ":authority": "localhost:27070", + "x-forwarded-proto": "http", + "x-istio-attributes": "-", + "x-request-id": "*" + }, + "request.size": 0, + "response.time": "*", + "response.size": 0, + "response.latency": "*", + "response.http.code": 200, + "response.headers": { + "date": "*", + "content-type": "text/plain; charset=utf-8", + "content-length": "0", + ":status": "200", + "server": "envoy" + } +} +` + +// Check attributes from a good POST request +const checkAttributesOkPost = ` +{ + "request.host": "localhost:27070", + "request.path": "/echo", + "request.time": "*", + "source.uid": "POD11", + "source.namespace": "XYZ11", + "target.uid": "POD222", + "target.namespace": "XYZ222", + "request.headers": { + ":method": "POST", + ":path": "/echo", + ":authority": "localhost:27070", + "x-forwarded-proto": "http", + "x-istio-attributes": "-", + "x-request-id": "*" + } +} +` + +// Report attributes from a good POST request +const reportAttributesOkPost = ` +{ + "request.host": "localhost:27070", + "request.path": "/echo", + "request.time": "*", + "source.uid": "POD11", + "source.namespace": "XYZ11", + "target.uid": "POD222", + "target.namespace": "XYZ222", + "request.headers": { + ":method": "POST", + ":path": "/echo", + ":authority": "localhost:27070", + "x-forwarded-proto": "http", + "x-istio-attributes": "-", + "x-request-id": "*" + }, + "request.size": 12, + "response.time": "*", + "response.size": 12, + "response.latency": "*", + "response.http.code": 200, + "response.headers": { + "date": "*", + "content-type": "text/plain", + "content-length": "12", + ":status": "200", + "server": "envoy" + } +} +` + +func TestCheckReportAttributes(t *testing.T) { + s, err := SetUp(t, basicConfig) + if err != nil { + t.Fatalf("Failed to setup test: %v", err) + } + defer s.TearDown() + + url := fmt.Sprintf("http://localhost:%d/echo", ClientProxyPort) + + // Issues a GET echo request with 0 size body + tag := "OKGet" + if _, _, err := HTTPGet(url); err != nil { + t.Errorf("Failed in request %s: %v", tag, err) + } + s.VerifyCheck(tag, checkAttributesOkGet) + s.VerifyReport(tag, reportAttributesOkGet) + + // Issues a POST request. + tag = "OKPost" + if _, _, err := HTTPPost(url, "text/plain", "Hello World!"); err != nil { + t.Errorf("Failed in request %s: %v", tag, err) + } + s.VerifyCheck(tag, checkAttributesOkPost) + s.VerifyReport(tag, reportAttributesOkPost) +} diff --git a/src/envoy/mixer/integration_test/envoy.go b/src/envoy/mixer/integration_test/envoy.go new file mode 100644 index 00000000000..b34fb5c240a --- /dev/null +++ b/src/envoy/mixer/integration_test/envoy.go @@ -0,0 +1,88 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "log" + "os" + "os/exec" + "strings" +) + +func getTestBinRootPath() string { + switch { + // custom path + case os.Getenv("TEST_BIN_ROOT") != "": + return os.Getenv("TEST_BIN_ROOT") + // running under bazel + case os.Getenv("TEST_SRCDIR") != "": + return os.Getenv("TEST_SRCDIR") + "/__main__" + // running with native go + case os.Getenv("GOPATH") != "": + list := strings.Split(os.Getenv("GOPATH"), + string(os.PathListSeparator)) + return list[0] + "/bazel-bin" + default: + return "bazel-bin" + } +} + +type Envoy struct { + cmd *exec.Cmd +} + +// Run command and return the merged output from stderr and stdout, error code +func Run(name string, args ...string) (s string, err error) { + log.Println(">", name, strings.Join(args, " ")) + c := exec.Command(name, args...) + bytes, err := c.CombinedOutput() + s = string(bytes) + for _, line := range strings.Split(s, "\n") { + log.Println(line) + } + if err != nil { + log.Println(err) + } + return +} + +func NewEnvoy(conf string) (*Envoy, error) { + bin_path := getTestBinRootPath() + "/src/envoy/mixer/envoy" + log.Printf("Envoy binary: %v\n", bin_path) + + conf_path := "/tmp/envoy.conf" + log.Printf("Envoy config: in %v\n%v\n", conf_path, conf) + if err := CreateEnvoyConf(conf_path, conf); err != nil { + return nil, err + } + + cmd := exec.Command(bin_path, "-c", conf_path, "-l", "debug") + cmd.Stderr = os.Stderr + cmd.Stdout = os.Stdout + return &Envoy{ + cmd: cmd, + }, nil +} + +func (s *Envoy) Start() error { + return s.cmd.Start() +} + +func (s *Envoy) Stop() error { + log.Printf("Kill Envoy ...\n") + err := s.cmd.Process.Kill() + log.Printf("Kill Envoy ... Done\n") + return err +} diff --git a/src/envoy/mixer/integration_test/envoy_conf.go b/src/envoy/mixer/integration_test/envoy_conf.go new file mode 100644 index 00000000000..166b11543aa --- /dev/null +++ b/src/envoy/mixer/integration_test/envoy_conf.go @@ -0,0 +1,244 @@ +// Copyright 2017 Istio Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package test + +import ( + "fmt" + "os" + "text/template" +) + +const ( + // These ports should match with used envoy.conf + // Default is using one in this folder. + ServerProxyPort = 29090 + ClientProxyPort = 27070 + MixerPort = 29091 + BackendPort = 28080 + AdminPort = 29001 +) + +type ConfParam struct { + ClientPort int + ServerPort int + AdminPort int + MixerServer string + Backend string + ClientConfig string + ServerConfig string +} + +// A basic config +const basicConfig = ` + "mixer_attributes": { + "target.uid": "POD222", + "target.namespace": "XYZ222" + } +` + +// A config with quota +const quotaConfig = ` + "quota_name": "RequestCount", + "quota_amount": "5" +` + +// A config with check cache keys +const checkCacheConfig = ` + "check_cache_keys": [ + "request.host", + "request.path", + "origin.user" + ] +` + +// The default client proxy mixer config +const defaultClientMixerConfig = ` + "forward_attributes": { + "source.uid": "POD11", + "source.namespace": "XYZ11" + } +` + +// The envoy config template +const envoyConfTempl = ` +{ + "listeners": [ + { + "address": "tcp://0.0.0.0:{{.ServerPort}}", + "bind_to_port": true, + "filters": [ + { + "type": "read", + "name": "http_connection_manager", + "config": { + "codec_type": "auto", + "stat_prefix": "ingress_http", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": ["*"], + "routes": [ + { + "timeout_ms": 0, + "prefix": "/", + "cluster": "service1", + "opaque_config": { + "mixer_control": "on", + "mixer_forward": "off" + } + } + ] + } + ] + }, + "access_log": [ + { + "path": "/dev/stdout" + } + ], + "filters": [ + { + "type": "decoder", + "name": "mixer", + "config": { + "mixer_server": "{{.MixerServer}}", +{{.ServerConfig}} + } + }, + { + "type": "decoder", + "name": "router", + "config": {} + } + ] + } + } + ] + }, + { + "address": "tcp://0.0.0.0:{{.ClientPort}}", + "bind_to_port": true, + "filters": [ + { + "type": "read", + "name": "http_connection_manager", + "config": { + "codec_type": "auto", + "stat_prefix": "ingress_http", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": ["*"], + "routes": [ + { + "timeout_ms": 0, + "prefix": "/", + "cluster": "service2" + } + ] + } + ] + }, + "access_log": [ + { + "path": "/dev/stdout" + } + ], + "filters": [ + { + "type": "decoder", + "name": "mixer", + "config": { + "mixer_server": "{{.MixerServer}}", +{{.ClientConfig}} + } + }, + { + "type": "decoder", + "name": "router", + "config": {} + } + ] + } + } + ] + } + ], + "admin": { + "access_log_path": "/dev/stdout", + "address": "tcp://0.0.0.0:{{.AdminPort}}" + }, + "cluster_manager": { + "clusters": [ + { + "name": "service1", + "connect_timeout_ms": 5000, + "type": "strict_dns", + "lb_type": "round_robin", + "hosts": [ + { + "url": "tcp://{{.Backend}}" + } + ] + }, + { + "name": "service2", + "connect_timeout_ms": 5000, + "type": "strict_dns", + "lb_type": "round_robin", + "hosts": [ + { + "url": "tcp://localhost:{{.ServerPort}}" + } + ] + } + ] + } +} +` + +func (c *ConfParam) write(path string) error { + tmpl, err := template.New("test").Parse(envoyConfTempl) + if err != nil { + return fmt.Errorf("Failed to parse config template: %v", err) + } + + f, err := os.Create(path) + if err != nil { + return fmt.Errorf("Failed to create file %v: %v", path, err) + } + defer f.Close() + return tmpl.Execute(f, *c) +} + +func getConf() ConfParam { + return ConfParam{ + ClientPort: ClientProxyPort, + ServerPort: ServerProxyPort, + AdminPort: AdminPort, + MixerServer: fmt.Sprintf("localhost:%d", MixerPort), + Backend: fmt.Sprintf("localhost:%d", BackendPort), + ClientConfig: defaultClientMixerConfig, + } +} + +func CreateEnvoyConf(path string, conf string) error { + c := getConf() + c.ServerConfig = conf + return c.write(path) +} diff --git a/src/envoy/mixer/integration_test/failed_request_test.go b/src/envoy/mixer/integration_test/failed_request_test.go new file mode 100644 index 00000000000..9ae99bcf81d --- /dev/null +++ b/src/envoy/mixer/integration_test/failed_request_test.go @@ -0,0 +1,161 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "fmt" + "testing" + + rpc "github.com/googleapis/googleapis/google/rpc" +) + +const ( + mixerAuthFailMessage = "Unauthenticated by mixer." +) + +// Check attributes from a fail GET request from mixer +const checkAttributesMixerFail = ` +{ + "request.host": "localhost:27070", + "request.path": "/echo", + "request.time": "*", + "source.uid": "POD11", + "source.namespace": "XYZ11", + "target.uid": "POD222", + "target.namespace": "XYZ222", + "request.headers": { + ":method": "GET", + ":path": "/echo", + ":authority": "localhost:27070", + "x-forwarded-proto": "http", + "x-istio-attributes": "-", + "x-request-id": "*" + } +} +` + +// Report attributes from a fail GET request from mixer +const reportAttributesMixerFail = ` +{ + "request.host": "localhost:27070", + "request.path": "/echo", + "request.time": "*", + "source.uid": "POD11", + "source.namespace": "XYZ11", + "target.uid": "POD222", + "target.namespace": "XYZ222", + "request.headers": { + ":method": "GET", + ":path": "/echo", + ":authority": "localhost:27070", + "x-forwarded-proto": "http", + "x-istio-attributes": "-", + "x-request-id": "*" + }, + "request.size": 0, + "response.time": "*", + "response.size": 41, + "response.latency": "*", + "response.http.code": 401, + "response.headers": { + "date": "*", + "content-type": "text/plain", + "content-length": "41", + ":status": "401", + "server": "envoy" + } +} +` + +// Report attributes from a fail GET request from backend +const reportAttributesBackendFail = ` +{ + "request.host": "localhost:27070", + "request.path": "/echo", + "request.time": "*", + "source.uid": "POD11", + "source.namespace": "XYZ11", + "target.uid": "POD222", + "target.namespace": "XYZ222", + "request.headers": { + ":method": "GET", + ":path": "/echo", + ":authority": "localhost:27070", + "x-forwarded-proto": "http", + "x-istio-attributes": "-", + "x-request-id": "*" + }, + "request.size": 0, + "response.time": "*", + "response.size": 25, + "response.latency": "*", + "response.http.code": 400, + "response.headers": { + "date": "*", + "content-type": "text/plain; charset=utf-8", + "content-length": "25", + ":status": "400", + "server": "envoy" + } +} +` + +func TestFailedRequest(t *testing.T) { + s, err := SetUp(t, basicConfig) + if err != nil { + t.Fatalf("Failed to setup test: %v", err) + } + defer s.TearDown() + + url := fmt.Sprintf("http://localhost:%d/echo", ClientProxyPort) + + tag := "MixerFail" + s.mixer.check.r_status = rpc.Status{ + Code: int32(rpc.UNAUTHENTICATED), + Message: mixerAuthFailMessage, + } + code, resp_body, err := HTTPGet(url) + // Make sure to restore r_status for next request. + s.mixer.check.r_status = rpc.Status{} + if err != nil { + t.Errorf("Failed in request %s: %v", tag, err) + } + if code != 401 { + t.Errorf("Status code 401 is expected.") + } + if resp_body != "UNAUTHENTICATED:"+mixerAuthFailMessage { + t.Errorf("Error response body is not expected.") + } + s.VerifyCheck(tag, checkAttributesMixerFail) + s.VerifyReport(tag, reportAttributesMixerFail) + + // Issues a failed request caused by backend + tag = "BackendFail" + headers := map[string]string{} + headers[FailHeader] = "Yes" + code, resp_body, err = HTTPGetWithHeaders(url, headers) + if err != nil { + t.Errorf("Failed in request %s: %v", tag, err) + } + if code != 400 { + t.Errorf("Status code 400 is expected.") + } + if resp_body != FailBody { + t.Errorf("Error response body is not expected.") + } + // Same Check attributes as the first one. + s.VerifyCheck(tag, checkAttributesMixerFail) + s.VerifyReport(tag, reportAttributesBackendFail) +} diff --git a/src/envoy/mixer/integration_test/http_client.go b/src/envoy/mixer/integration_test/http_client.go new file mode 100644 index 00000000000..0212ddf775e --- /dev/null +++ b/src/envoy/mixer/integration_test/http_client.go @@ -0,0 +1,80 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "io/ioutil" + "log" + "net/http" + "net/url" + "strings" +) + +func HTTPGet(url string) (code int, resp_body string, err error) { + log.Println("HTTP GET", url) + client := &http.Client{} + resp, err := client.Get(url) + if err != nil { + log.Println(err) + return 0, "", err + } + defer resp.Body.Close() + body, _ := ioutil.ReadAll(resp.Body) + resp_body = string(body) + code = resp.StatusCode + log.Println(resp_body) + return code, resp_body, nil +} + +func HTTPPost(url string, content_type string, req_body string) (code int, resp_body string, err error) { + log.Println("HTTP POST", url) + client := &http.Client{} + resp, err := client.Post(url, content_type, strings.NewReader(req_body)) + if err != nil { + log.Println(err) + return 0, "", err + } + defer resp.Body.Close() + body, _ := ioutil.ReadAll(resp.Body) + resp_body = string(body) + code = resp.StatusCode + log.Println(resp_body) + return code, resp_body, nil +} + +func HTTPGetWithHeaders(l string, headers map[string]string) (code int, resp_body string, err error) { + log.Println("HTTP GET with headers: ", l) + client := &http.Client{} + req := http.Request{} + + req.Header = map[string][]string{} + for k, v := range headers { + req.Header[k] = []string{v} + } + req.Method = http.MethodGet + req.URL, _ = url.Parse(l) + + resp, err := client.Do(&req) + if err != nil { + log.Println(err) + return 0, "", err + } + defer resp.Body.Close() + body, _ := ioutil.ReadAll(resp.Body) + resp_body = string(body) + code = resp.StatusCode + log.Println(resp_body) + return code, resp_body, nil +} diff --git a/src/envoy/mixer/integration_test/http_server.go b/src/envoy/mixer/integration_test/http_server.go new file mode 100644 index 00000000000..77677286b58 --- /dev/null +++ b/src/envoy/mixer/integration_test/http_server.go @@ -0,0 +1,111 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "fmt" + "io/ioutil" + "log" + "net" + "net/http" + "strings" + "time" +) + +const ( + FailHeader = "x-istio-backend-fail" + FailBody = "Bad request from backend." +) + +type HttpServer struct { + port uint16 + lis net.Listener +} + +func handler(w http.ResponseWriter, r *http.Request) { + log.Printf("%v %v %v %v\n", r.Method, r.URL, r.Proto, r.RemoteAddr) + for name, headers := range r.Header { + for _, h := range headers { + log.Printf("%v: %v\n", name, h) + } + } + body, err := ioutil.ReadAll(r.Body) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + // Fail if there is such header. + if r.Header.Get(FailHeader) != "" { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte(FailBody)) + return + } + + // echo back the Content-Type and Content-Length in the response + for _, k := range []string{"Content-Type", "Content-Length"} { + if v := r.Header.Get(k); v != "" { + w.Header().Set(k, v) + } + } + w.WriteHeader(http.StatusOK) + w.Write(body) +} + +func NewHttpServer(port uint16) (*HttpServer, error) { + log.Printf("Http server listening on port %v\n", port) + lis, err := net.Listen("tcp", fmt.Sprintf(":%d", port)) + if err != nil { + log.Fatal(err) + return nil, err + } + return &HttpServer{ + port: port, + lis: lis, + }, nil +} + +func (s *HttpServer) Start() { + go func() { + http.HandleFunc("/", handler) + http.Serve(s.lis, nil) + }() + + addr := fmt.Sprintf("http://localhost:%s", s.port) + + const maxAttempts = 10 + for i := 0; i < maxAttempts; i++ { + time.Sleep(time.Second) + client := http.Client{} + log.Println("Pinging the server...") + rsp, err := client.Post( + addr+"/echo", "text/plain", strings.NewReader("PING")) + if err == nil && rsp.StatusCode == http.StatusOK { + log.Println("Got a response...") + png, err := ioutil.ReadAll(rsp.Body) + if err == nil && string(png) == "PING" { + log.Println("Server is up and running...") + return + } + } + log.Println("Will wait a second and try again.") + } +} + +func (s *HttpServer) Stop() { + log.Printf("Close HTTP server\n") + s.lis.Close() + log.Printf("Close HTTP server -- Done\n") +} diff --git a/src/envoy/mixer/integration_test/mixer_server.go b/src/envoy/mixer/integration_test/mixer_server.go new file mode 100644 index 00000000000..6e3db085e5d --- /dev/null +++ b/src/envoy/mixer/integration_test/mixer_server.go @@ -0,0 +1,127 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "context" + "fmt" + "log" + "net" + + rpc "github.com/googleapis/googleapis/google/rpc" + "google.golang.org/grpc" + + mixerpb "istio.io/api/mixer/v1" + "istio.io/mixer/pkg/api" + "istio.io/mixer/pkg/attribute" + "istio.io/mixer/pkg/pool" + "istio.io/mixer/pkg/tracing" +) + +type Handler struct { + bag *attribute.MutableBag + ch chan int + count int + r_status rpc.Status +} + +func newHandler() *Handler { + return &Handler{ + bag: nil, + ch: make(chan int, 10), // Allow maximum 10 requests + count: 0, + r_status: rpc.Status{}, + } +} + +func (h *Handler) run(bag *attribute.MutableBag) rpc.Status { + h.bag = attribute.CopyBag(bag) + h.ch <- 1 + h.count++ + return h.r_status +} + +type MixerServer struct { + lis net.Listener + gs *grpc.Server + gp *pool.GoroutinePool + s mixerpb.MixerServer + + check *Handler + report *Handler + quota *Handler + quota_request *mixerpb.QuotaRequest +} + +func (ts *MixerServer) Check(ctx context.Context, bag *attribute.MutableBag, + request *mixerpb.CheckRequest, response *mixerpb.CheckResponse) { + response.RequestIndex = request.RequestIndex + response.Result = ts.check.run(bag) +} + +func (ts *MixerServer) Report(ctx context.Context, bag *attribute.MutableBag, + request *mixerpb.ReportRequest, response *mixerpb.ReportResponse) { + response.RequestIndex = request.RequestIndex + response.Result = ts.report.run(bag) +} + +func (ts *MixerServer) Quota(ctx context.Context, bag *attribute.MutableBag, + request *mixerpb.QuotaRequest, response *mixerpb.QuotaResponse) { + response.RequestIndex = request.RequestIndex + ts.quota_request = request + response.Result = ts.quota.run(bag) + response.Amount = 0 +} + +func NewMixerServer(port uint16) (*MixerServer, error) { + log.Printf("Mixer server listening on port %v\n", port) + s := &MixerServer{ + check: newHandler(), + report: newHandler(), + quota: newHandler(), + } + + var err error + s.lis, err = net.Listen("tcp", fmt.Sprintf(":%d", port)) + if err != nil { + log.Fatalf("failed to listen: %v", err) + return nil, err + } + + var opts []grpc.ServerOption + opts = append(opts, grpc.MaxConcurrentStreams(32)) + opts = append(opts, grpc.MaxMsgSize(1024*1024)) + s.gs = grpc.NewServer(opts...) + + s.gp = pool.NewGoroutinePool(128, false) + s.gp.AddWorkers(32) + + s.s = api.NewGRPCServer(s, tracing.DisabledTracer(), s.gp) + mixerpb.RegisterMixerServer(s.gs, s.s) + return s, nil +} + +func (s *MixerServer) Start() { + go func() { + _ = s.gs.Serve(s.lis) + log.Printf("Mixer server exited\n") + }() +} + +func (s *MixerServer) Stop() { + log.Printf("Stop Mixer server\n") + s.gs.Stop() + log.Printf("Stop Mixer server -- Done\n") +} diff --git a/src/envoy/mixer/integration_test/quota_test.go b/src/envoy/mixer/integration_test/quota_test.go new file mode 100644 index 00000000000..e99afb8e426 --- /dev/null +++ b/src/envoy/mixer/integration_test/quota_test.go @@ -0,0 +1,64 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "fmt" + "testing" + + rpc "github.com/googleapis/googleapis/google/rpc" +) + +const ( + mixerQuotaFailMessage = "Not enough quota by mixer." +) + +func TestQuotaCall(t *testing.T) { + s, err := SetUp(t, basicConfig+","+quotaConfig) + if err != nil { + t.Fatalf("Failed to setup test: %v", err) + } + defer s.TearDown() + + url := fmt.Sprintf("http://localhost:%d/echo", ClientProxyPort) + + // Issues a GET echo request with 0 size body + tag := "OKGet" + if _, _, err := HTTPGet(url); err != nil { + t.Errorf("Failed in request %s: %v", tag, err) + } + s.VerifyQuota(tag, "RequestCount", 5) + + // Issues a failed POST request caused by Mixer Quota + tag = "QuotaFail" + s.mixer.quota_request = nil + s.mixer.quota.r_status = rpc.Status{ + Code: int32(rpc.RESOURCE_EXHAUSTED), + Message: mixerQuotaFailMessage, + } + code, resp_body, err := HTTPPost(url, "text/plain", "Hello World!") + // Make sure to restore r_status for next request. + s.mixer.quota.r_status = rpc.Status{} + if err != nil { + t.Errorf("Failed in request %s: %v", tag, err) + } + if code != 429 { + t.Errorf("Status code 429 is expected.") + } + if resp_body != "RESOURCE_EXHAUSTED:"+mixerQuotaFailMessage { + t.Errorf("Error response body is not expected.") + } + s.VerifyQuota(tag, "RequestCount", 5) +} diff --git a/src/envoy/mixer/integration_test/repositories.bzl b/src/envoy/mixer/integration_test/repositories.bzl new file mode 100644 index 00000000000..7eec527fa39 --- /dev/null +++ b/src/envoy/mixer/integration_test/repositories.bzl @@ -0,0 +1,272 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_repositories", "new_go_repository", "go_repository") +load("@org_pubref_rules_protobuf//protobuf:rules.bzl", "proto_repositories") + +load("@org_pubref_rules_protobuf//gogo:rules.bzl", "gogo_proto_repositories") +load("@org_pubref_rules_protobuf//cpp:rules.bzl", "cpp_proto_repositories") + +def go_istio_api_repositories(use_local=False): + ISTIO_API_BUILD_FILE = """ +# build protos from istio.io/api repo + +package(default_visibility = ["//visibility:public"]) + +load("@io_bazel_rules_go//go:def.bzl", "go_prefix") + +go_prefix("istio.io/api") + +load("@org_pubref_rules_protobuf//gogo:rules.bzl", "gogoslick_proto_library") + +gogoslick_proto_library( + name = "mixer/v1", + importmap = { + "gogoproto/gogo.proto": "github.com/gogo/protobuf/gogoproto", + "google/rpc/status.proto": "github.com/googleapis/googleapis/google/rpc", + "google/protobuf/timestamp.proto": "github.com/gogo/protobuf/types", + "google/protobuf/duration.proto": "github.com/gogo/protobuf/types", + }, + imports = [ + "../../external/com_github_gogo_protobuf", + "../../external/com_github_google_protobuf/src", + "../../external/com_github_googleapis_googleapis", + ], + inputs = [ + "@com_github_google_protobuf//:well_known_protos", + "@com_github_googleapis_googleapis//:status_proto", + "@com_github_gogo_protobuf//gogoproto:go_default_library_protos", + ], + protos = [ + "mixer/v1/attributes.proto", + "mixer/v1/check.proto", + "mixer/v1/quota.proto", + "mixer/v1/report.proto", + "mixer/v1/service.proto", + ], + verbose = 0, + visibility = ["//visibility:public"], + with_grpc = True, + deps = [ + "@com_github_gogo_protobuf//gogoproto:go_default_library", + "@com_github_gogo_protobuf//sortkeys:go_default_library", + "@com_github_gogo_protobuf//types:go_default_library", + "@com_github_googleapis_googleapis//:google/rpc", + ], +) + +DESCRIPTOR_FILE_GROUP = [ + "mixer/v1/config/descriptor/attribute_descriptor.proto", + "mixer/v1/config/descriptor/label_descriptor.proto", + "mixer/v1/config/descriptor/log_entry_descriptor.proto", + "mixer/v1/config/descriptor/metric_descriptor.proto", + "mixer/v1/config/descriptor/monitored_resource_descriptor.proto", + "mixer/v1/config/descriptor/principal_descriptor.proto", + "mixer/v1/config/descriptor/quota_descriptor.proto", + "mixer/v1/config/descriptor/value_type.proto", +] + +gogoslick_proto_library( + name = "mixer/v1/config", + importmap = { + "google/protobuf/struct.proto": "github.com/gogo/protobuf/types", + "mixer/v1/config/descriptor/log_entry_descriptor.proto": "istio.io/api/mixer/v1/config/descriptor", + "mixer/v1/config/descriptor/metric_descriptor.proto": "istio.io/api/mixer/v1/config/descriptor", + "mixer/v1/config/descriptor/monitored_resource_descriptor.proto": "istio.io/api/mixer/v1/config/descriptor", + "mixer/v1/config/descriptor/principal_descriptor.proto": "istio.io/api/mixer/v1/config/descriptor", + "mixer/v1/config/descriptor/quota_descriptor.proto": "istio.io/api/mixer/v1/config/descriptor", + }, + imports = [ + "../../external/com_github_google_protobuf/src", + ], + inputs = DESCRIPTOR_FILE_GROUP + [ + "@com_github_google_protobuf//:well_known_protos", + ], + protos = [ + "mixer/v1/config/cfg.proto", + ], + verbose = 0, + visibility = ["//visibility:public"], + with_grpc = False, + deps = [ + ":mixer/v1/config/descriptor", + "@com_github_gogo_protobuf//sortkeys:go_default_library", + "@com_github_gogo_protobuf//types:go_default_library", + "@com_github_googleapis_googleapis//:google/rpc", + ], +) + +gogoslick_proto_library( + name = "mixer/v1/config/descriptor", + importmap = { + "google/protobuf/duration.proto": "github.com/gogo/protobuf/types", + }, + imports = [ + "../../external/com_github_google_protobuf/src", + ], + inputs = [ + "@com_github_google_protobuf//:well_known_protos", + ], + protos = DESCRIPTOR_FILE_GROUP, + verbose = 0, + visibility = ["//visibility:public"], + with_grpc = False, + deps = [ + "@com_github_gogo_protobuf//types:go_default_library", + ], +) +""" + if use_local: + native.new_local_repository( + name = "com_github_istio_api", + build_file_content = ISTIO_API_BUILD_FILE, + path = "../api", + ) + else: + native.new_git_repository( + name = "com_github_istio_api", + build_file_content = ISTIO_API_BUILD_FILE, + commit = "2cb09827d7f09a6e88eac2c2249dcb45c5419f09", # Mar. 14, 2017 (no releases) + remote = "https://github.com/istio/api.git", + ) + +def go_googleapis_repositories(): + GOOGLEAPIS_BUILD_FILE = """ +package(default_visibility = ["//visibility:public"]) + +load("@io_bazel_rules_go//go:def.bzl", "go_prefix") +go_prefix("github.com/googleapis/googleapis") + +load("@org_pubref_rules_protobuf//gogo:rules.bzl", "gogoslick_proto_library") + +gogoslick_proto_library( + name = "google/rpc", + protos = [ + "google/rpc/code.proto", + "google/rpc/error_details.proto", + "google/rpc/status.proto", + ], + importmap = { + "google/protobuf/any.proto": "github.com/gogo/protobuf/types", + "google/protobuf/duration.proto": "github.com/gogo/protobuf/types", + }, + imports = [ + "../../external/com_github_google_protobuf/src", + ], + inputs = [ + "@com_github_google_protobuf//:well_known_protos", + ], + deps = [ + "@com_github_gogo_protobuf//types:go_default_library", + ], + verbose = 0, +) + +load("@org_pubref_rules_protobuf//cpp:rules.bzl", "cc_proto_library") + +cc_proto_library( + name = "cc_status_proto", + protos = [ + "google/rpc/status.proto", + ], + imports = [ + "../../external/com_github_google_protobuf/src", + ], + verbose = 0, +) + +filegroup( + name = "status_proto", + srcs = [ "google/rpc/status.proto" ], +) + +filegroup( + name = "code_proto", + srcs = [ "google/rpc/code.proto" ], +) +""" + native.new_git_repository( + name = "com_github_googleapis_googleapis", + build_file_content = GOOGLEAPIS_BUILD_FILE, + commit = "13ac2436c5e3d568bd0e938f6ed58b77a48aba15", # Oct 21, 2016 (only release pre-dates sha) + remote = "https://github.com/googleapis/googleapis.git", + ) + +def go_mixer_repositories(use_local_api=False): + go_istio_api_repositories(use_local_api) + go_googleapis_repositories() + + go_repositories() + proto_repositories() + + gogo_proto_repositories() + + new_go_repository( + name = "com_github_golang_glog", + commit = "23def4e6c14b4da8ac2ed8007337bc5eb5007998", # Jan 26, 2016 (no releases) + importpath = "github.com/golang/glog", + ) + + new_go_repository( + name = "com_github_ghodss_yaml", + commit = "04f313413ffd65ce25f2541bfd2b2ceec5c0908c", # Dec 6, 2016 (no releases) + importpath = "github.com/ghodss/yaml", + ) + + new_go_repository( + name = "in_gopkg_yaml_v2", + commit = "14227de293ca979cf205cd88769fe71ed96a97e2", # Jan 24, 2017 (no releases) + importpath = "gopkg.in/yaml.v2", + ) + + new_go_repository( + name = "com_github_golang_protobuf", + commit = "8ee79997227bf9b34611aee7946ae64735e6fd93", # Nov 16, 2016 (no releases) + importpath = "github.com/golang/protobuf", + ) + + new_go_repository( + name = "org_golang_google_grpc", + commit = "708a7f9f3283aa2d4f6132d287d78683babe55c8", # Dec 5, 2016 (v1.0.5) + importpath = "google.golang.org/grpc", + ) + + new_go_repository( + name = "com_github_spf13_cobra", + commit = "35136c09d8da66b901337c6e86fd8e88a1a255bd", # Jan 30, 2017 (no releases) + importpath = "github.com/spf13/cobra", + ) + + new_go_repository( + name = "com_github_spf13_pflag", + commit = "9ff6c6923cfffbcd502984b8e0c80539a94968b7", # Jan 30, 2017 (no releases) + importpath = "github.com/spf13/pflag", + ) + + new_go_repository( + name = "com_github_hashicorp_go_multierror", + commit = "ed905158d87462226a13fe39ddf685ea65f1c11f", # Dec 16, 2016 (no releases) + importpath = "github.com/hashicorp/go-multierror", + ) + + new_go_repository( + name = "com_github_hashicorp_errwrap", + commit = "7554cd9344cec97297fa6649b055a8c98c2a1e55", # Oct 27, 2014 (no releases) + importpath = "github.com/hashicorp/errwrap", + ) + + new_go_repository( + name = "com_github_opentracing_opentracing_go", + commit = "0c3154a3c2ce79d3271985848659870599dfb77c", # Sep 26, 2016 (v1.0.0) + importpath = "github.com/opentracing/opentracing-go", + ) + + new_go_repository( + name = "com_github_opentracing_basictracer", + commit = "1b32af207119a14b1b231d451df3ed04a72efebf", # Sep 29, 2016 (no releases) + importpath = "github.com/opentracing/basictracer-go", + ) + + go_repository( + name = "com_github_istio_mixer", + commit = "064001053b51f73adc3a80ff87ef41a15316c300", + importpath = "github.com/istio/mixer", + ) + diff --git a/src/envoy/mixer/integration_test/setup.go b/src/envoy/mixer/integration_test/setup.go new file mode 100644 index 00000000000..52bfdd2f711 --- /dev/null +++ b/src/envoy/mixer/integration_test/setup.go @@ -0,0 +1,93 @@ +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package test + +import ( + "log" + "testing" +) + +type TestSetup struct { + envoy *Envoy + mixer *MixerServer + backend *HttpServer + t *testing.T +} + +func SetUp(t *testing.T, conf string) (s TestSetup, err error) { + s.t = t + s.envoy, err = NewEnvoy(conf) + if err != nil { + log.Printf("unable to create Envoy %v", err) + } else { + s.envoy.Start() + } + + s.mixer, err = NewMixerServer(MixerPort) + if err != nil { + log.Printf("unable to create mixer server %v", err) + } else { + s.mixer.Start() + } + + s.backend, err = NewHttpServer(BackendPort) + if err != nil { + log.Printf("unable to create HTTP server %v", err) + } else { + s.backend.Start() + } + return s, err +} + +func (s *TestSetup) TearDown() { + s.envoy.Stop() + s.mixer.Stop() + s.backend.Stop() +} + +func (s *TestSetup) VerifyCheckCount(tag string, expected int) { + if s.mixer.check.count != expected { + s.t.Fatalf("%s check count doesn't match: %v\n, expected: %+v", + tag, s.mixer.check.count, expected) + } +} + +func (s *TestSetup) VerifyCheck(tag string, result string) { + _ = <-s.mixer.check.ch + if err := Verify(s.mixer.check.bag, result); err != nil { + s.t.Fatalf("Failed to verify %s check: %v\n, Attributes: %+v", + tag, err, s.mixer.check.bag) + } +} + +func (s *TestSetup) VerifyReport(tag string, result string) { + _ = <-s.mixer.report.ch + if err := Verify(s.mixer.report.bag, result); err != nil { + s.t.Fatalf("Failed to verify %s report: %v\n, Attributes: %+v", + tag, err, s.mixer.report.bag) + } +} + +func (s *TestSetup) VerifyQuota(tag string, name string, amount int64) { + _ = <-s.mixer.quota.ch + if s.mixer.quota_request.Quota != name { + s.t.Fatalf("Failed to verify %s quota name: %v, expected: %v\n", + tag, s.mixer.quota_request.Quota, name) + } + if s.mixer.quota_request.Amount != amount { + s.t.Fatalf("Failed to verify %s quota amount: %v, expected: %v\n", + tag, s.mixer.quota_request.Amount, amount) + } +} diff --git a/src/envoy/mixer/integration_test/test_suite.bzl b/src/envoy/mixer/integration_test/test_suite.bzl new file mode 100644 index 00000000000..afa984f4773 --- /dev/null +++ b/src/envoy/mixer/integration_test/test_suite.bzl @@ -0,0 +1,29 @@ +# Copyright 2017 Istio Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# + +load("@io_bazel_rules_go//go:def.bzl", "go_test") + +def go_test_suite(tests, library, data, tags, size="small"): + for test in tests: + go_test( + name = test.split(".")[0], + size = size, + srcs = [test], + data = data, + library = library, + tags = tags, + ) diff --git a/src/envoy/mixer/repositories.bzl b/src/envoy/mixer/repositories.bzl index 868f52aabd0..4382e71f921 100644 --- a/src/envoy/mixer/repositories.bzl +++ b/src/envoy/mixer/repositories.bzl @@ -15,7 +15,7 @@ ################################################################################ # -MIXER_CLIENT = "456d37e71a7608636ddaf5f3d1acbce015870ebf" +MIXER_CLIENT = "c5d857e28bfcc53f20f59466b464f99526737545" def mixer_client_repositories(bind=True): native.git_repository( diff --git a/src/envoy/mixer/utils.cc b/src/envoy/mixer/utils.cc index 6dc3a78356d..32b09667208 100644 --- a/src/envoy/mixer/utils.cc +++ b/src/envoy/mixer/utils.cc @@ -21,20 +21,6 @@ namespace Utils { const LowerCaseString kIstioAttributeHeader("x-istio-attributes"); -StringMap ExtractStringMap(const Json::Object& json, const std::string& name) { - StringMap map; - if (json.hasObject(name)) { - Json::ObjectPtr json_obj = json.getObject(name); - Json::Object* raw_obj = json_obj.get(); - json_obj->iterate( - [&map, raw_obj](const std::string& key, const Json::Object&) -> bool { - map[key] = raw_obj->getString(key); - return true; - }); - } - return map; -} - std::string SerializeStringMap(const StringMap& string_map) { ::istio::proxy::mixer::StringMap pb; ::google::protobuf::Map* map_pb = pb.mutable_map(); diff --git a/src/envoy/mixer/utils.h b/src/envoy/mixer/utils.h index 9273a9a2d8b..e94ed91706c 100644 --- a/src/envoy/mixer/utils.h +++ b/src/envoy/mixer/utils.h @@ -29,9 +29,6 @@ extern const LowerCaseString kIstioAttributeHeader; // The string map. typedef std::map StringMap; -// Extracts name/value attributes from a json object. -StringMap ExtractStringMap(const Json::Object& json, const std::string& name); - // Serialize a string map to string. std::string SerializeStringMap(const StringMap& map); diff --git a/src/envoy/repositories.bzl b/src/envoy/repositories.bzl index ca7e9468ded..bad332e188d 100644 --- a/src/envoy/repositories.bzl +++ b/src/envoy/repositories.bzl @@ -62,6 +62,7 @@ event_srcs = [ "evthread.c", "evutil.c", "evutil_rand.c", + "evutil_time.c", "http.c", "listener.c", "log.c", @@ -86,9 +87,7 @@ cc_library( "defer-internal.h", "evbuffer-internal.h", "event-internal.h", - "event.h", "evthread-internal.h", - "evutil.h", "http-internal.h", "iocp-internal.h", "ipv6-internal.h", @@ -134,8 +133,8 @@ cc_library( native.new_http_archive( name = "libevent_git", - url = "https://github.com/libevent/libevent/releases/download/release-2.0.22-stable/libevent-2.0.22-stable.tar.gz", - strip_prefix = "libevent-2.0.22-stable", + url = "https://github.com/libevent/libevent/releases/download/release-2.1.8-stable/libevent-2.1.8-stable.tar.gz", + strip_prefix = "libevent-2.1.8-stable", build_file_content = BUILD, ) @@ -236,25 +235,6 @@ def lightstep_repositories(bind=True): BUILD = """ load("@protobuf_git//:protobuf.bzl", "cc_proto_library") -genrule( - name = "envoy_carrier_pb", - srcs = ["src/c++11/envoy/envoy_carrier.proto"], - outs = ["lightstep/envoy_carrier.proto"], - cmd = "cp $(SRCS) $@", -) - -cc_proto_library( - name = "envoy_carrier_proto", - srcs = ["lightstep/envoy_carrier.proto"], - include = ".", - deps = [ - "//external:cc_wkt_protos", - ], - protoc = "//external:protoc", - default_runtime = "//external:protobuf", - visibility = ["//visibility:public"], -) - cc_library( name = "lightstep_core", srcs = [ @@ -267,7 +247,7 @@ cc_library( "src/c++11/lightstep/impl.h", "src/c++11/lightstep/options.h", "src/c++11/lightstep/propagation.h", - "src/c++11/lightstep/envoy.h", + "src/c++11/lightstep/carrier.h", "src/c++11/lightstep/span.h", "src/c++11/lightstep/tracer.h", "src/c++11/lightstep/util.h", @@ -276,7 +256,7 @@ cc_library( "src/c++11/mapbox_variant/variant.hpp", ], copts = [ - "-DPACKAGE_VERSION='\\"0.19\\"'", + "-DPACKAGE_VERSION='\\"0.36\\"'", "-Iexternal/lightstep_git/src/c++11/lightstep", "-Iexternal/lightstep_git/src/c++11/mapbox_variant", ], @@ -286,7 +266,7 @@ cc_library( visibility = ["//visibility:public"], deps = [ "@lightstep_common_git//:collector_proto", - ":envoy_carrier_proto", + "@lightstep_common_git//:lightstep_carrier_proto", "//external:protobuf", ], )""" @@ -294,16 +274,21 @@ cc_library( COMMON_BUILD = """ load("@protobuf_git//:protobuf.bzl", "cc_proto_library") -genrule( - name = "collector_pb", +cc_proto_library( + name = "collector_proto", srcs = ["collector.proto"], - outs = ["lightstep/collector.proto"], - cmd = "cp $(SRCS) $@", + include = ".", + deps = [ + "//external:cc_wkt_protos", + ], + protoc = "//external:protoc", + default_runtime = "//external:protobuf", + visibility = ["//visibility:public"], ) cc_proto_library( - name = "collector_proto", - srcs = ["lightstep/collector.proto"], + name = "lightstep_carrier_proto", + srcs = ["lightstep_carrier.proto"], include = ".", deps = [ "//external:cc_wkt_protos", @@ -311,19 +296,20 @@ cc_proto_library( protoc = "//external:protoc", default_runtime = "//external:protobuf", visibility = ["//visibility:public"], -)""" +) +""" native.new_git_repository( name = "lightstep_common_git", remote = "https://github.com/lightstep/lightstep-tracer-common.git", - commit = "8d932f7f76cd286691e6179621d0012b0ff1e6aa", + commit = "cbbecd671c1ae1f20ae873c5da688c8c14d04ec3", build_file_content = COMMON_BUILD, ) native.new_git_repository( name = "lightstep_git", remote = "https://github.com/lightstep/lightstep-tracer-cpp.git", - commit = "5a71d623cac17a059041b04fabca4ed86ffff7cc", + commit = "f1dc8f3dfd529350e053fd21273e627f409ae428", # 0.36 build_file_content = BUILD, ) @@ -573,185 +559,14 @@ def envoy_repositories(bind=True): rapidjson_repositories(bind) nghttp2_repositories(bind) ares_repositories(bind) - - BUILD = """ -load("@protobuf_git//:protobuf.bzl", "cc_proto_library") - -exports_files(["source/precompiled/precompiled.h"]) - -package(default_visibility = ["//visibility:public"]) - -genrule( - name = "envoy-ratelimit-proto", - srcs = [ - "source/common/ratelimit/ratelimit.proto", - ], - outs = [ - "source/common/generated/ratelimit.proto", - ], - cmd = "cp $(SRCS) $@", -) - -cc_proto_library( - name = "envoy-ratelimit-pb", - srcs = [ - "source/common/generated/ratelimit.proto", - ], - default_runtime = "//external:protobuf", - protoc = "//external:protoc", - include = "source", -) - -genrule( - name = "envoy-test-proto", - srcs = [ - "test/proto/helloworld.proto", - ], - outs = [ - "test/generated/helloworld.proto", - ], - cmd = "cp $(SRCS) $@", -) - -cc_proto_library( - name = "envoy-test-pb", - srcs = [ - "test/generated/helloworld.proto", - ], - default_runtime = "//external:protobuf", - protoc = "//external:protoc", - include = "test", -) - -genrule( - name = "envoy-version", - srcs = glob([ - ".git/**", - ]), - tools = [ - "tools/gen_git_sha.sh", - ], - outs = [ - "source/common/version_generated.cc", - ], - cmd = "touch $@ && $(location tools/gen_git_sha.sh) $$(dirname $(location tools/gen_git_sha.sh)) $@", - local = 1, -) - -cc_library( - name = "envoy-common", - srcs = glob([ - "source/**/*.cc", - "source/**/*.h", - "include/**/*.h", - ], exclude=["source/exe/main.cc"]) + [ - "source/common/version_generated.cc", - ], - copts = [ - "-I./external/envoy_git/source", - "-include ./external/envoy_git/source/precompiled/precompiled.h", - ], - includes = [ - "include", - ], - linkopts = [ - "-lpthread", - "-lanl", - "-lrt", - ], - linkstatic=1, - alwayslink=1, - deps = [ - ":envoy-ratelimit-pb", - "//external:ares", - "//external:libssl", - "//external:nghttp2", - "//external:spdlog", - "//external:tclap", - "//external:lightstep", - "//external:event", - "//external:protobuf", - "//external:http_parser", - "//external:rapidjson", - "//external:event_pthreads", - ], -) - -cc_library( - name = "envoy-main", - srcs = [ - "source/exe/main.cc", - ], - copts = [ - "-I./external/envoy_git/source", - "-include ./external/envoy_git/source/precompiled/precompiled.h", - ], - deps = [ - ":envoy-common", - ], - linkstatic=1, -) - -cc_binary( - name = "envoy", - srcs = [ - "source/exe/main.cc", - ], - copts = [ - "-I./external/envoy_git/source", - "-include ./external/envoy_git/source/precompiled/precompiled.h", - ], - deps = [ - ":envoy-common", - ], - linkstatic=1, -) - -cc_library( - name = "envoy-test-lib", - srcs = glob([ - "test/**/*.cc", - "test/**/*.h", - ]), - copts = [ - "-I./external/envoy_git/source", - "-include ./external/envoy_git/test/precompiled/precompiled_test.h", - ], - includes = [ - "include", - ], - deps = [ - ":envoy-common", - ":envoy-test-pb", - "//external:googletest", - ], - alwayslink=1, -) - -filegroup( - name = "envoy-testdata", - srcs = glob([ - "generated/**/*", - "test/**/*", - ]), -) - -cc_test( - name = "envoy-test", - data = [ - ":envoy-testdata", - ], - deps = [ - ":envoy-test-lib", - ":envoy-test-pb", - "//external:googletest", - ], - linkstatic=1, -)""" - - native.new_git_repository( - name = "envoy_git", + # @boringssl is defined in //:repositories.bzl, but bound to libssl for + # grpc. Rebind to what envoy expects here. + native.bind( + name = "ssl", + actual = "@boringssl//:ssl", + ) + native.git_repository( + name = "envoy", remote = "https://github.com/lyft/envoy.git", - commit = "70e5d651b55d356770529e5bee9c6b2707d9cf21", # 3/1/2017 - build_file_content = BUILD, + commit = "bf3f23ad439ee83b91015dc4d0d7cb53b14bf1bc", ) diff --git a/.bazelrc b/tools/bazel.rc similarity index 100% rename from .bazelrc rename to tools/bazel.rc diff --git a/.bazelrc.jenkins b/tools/bazel.rc.jenkins similarity index 100% rename from .bazelrc.jenkins rename to tools/bazel.rc.jenkins diff --git a/.bazelrc.travis b/tools/bazel.rc.travis similarity index 100% rename from .bazelrc.travis rename to tools/bazel.rc.travis