From 8e153baebabc5fa418dcbb4d7ee6c7b714b5094a Mon Sep 17 00:00:00 2001 From: cho-chem <121272882+cho-chem@users.noreply.github.com> Date: Wed, 5 Jul 2023 17:49:15 +0800 Subject: [PATCH] feat: kuscia-envoy 0.2 (#4) * repo-sync-2023-07-05T17:03:27+0800 * revert ci change --- .bazelrc | 4 + .bazelversion | 2 +- .gitmodules | 4 +- CHANGELOG.md | 17 + Makefile | 15 +- README.md | 8 +- README.zh-CN.md | 8 +- .../dockerfile/kuscia-envoy-anolis.Dockerfile | 10 + go.mod | 11 +- go.sum | 53 ++- hack/proto-to-go.sh | 61 --- .../filters/http/kuscia_crypt/v3/crypt.pb.go | 5 +- .../http/kuscia_crypt/v3/crypt.pb.validate.go | 331 ++++++++++++++ .../filters/http/kuscia_crypt/v3/crypt.proto | 35 ++ kuscia/api/filters/http/kuscia_gress/v3/BUILD | 1 + .../filters/http/kuscia_gress/v3/gress.pb.go | 254 +++++++++-- .../http/kuscia_gress/v3/gress.pb.validate.go | 318 +++++++++++++ .../filters/http/kuscia_gress/v3/gress.proto | 49 ++ .../v3/header_decorator.pb.go | 7 +- .../v3/header_decorator.pb.validate.go | 431 ++++++++++++++++++ .../v3/header_decorator.proto | 35 ++ .../kuscia_token_auth/v3/token_auth.pb.go | 4 +- .../v3/token_auth.pb.validate.go | 392 ++++++++++++++++ .../kuscia_token_auth/v3/token_auth.proto | 33 ++ .../source/filters/http/kuscia_common/BUILD | 1 + .../http/kuscia_common/kuscia_header.cc | 38 ++ .../http/kuscia_common/kuscia_header.h | 16 +- kuscia/source/filters/http/kuscia_gress/BUILD | 2 + .../filters/http/kuscia_gress/config.cc | 13 +- .../filters/http/kuscia_gress/gress_filter.cc | 121 ++++- .../filters/http/kuscia_gress/gress_filter.h | 79 +++- .../header_decorator_filter.cc | 10 +- .../kuscia_token_auth/token_auth_filter.cc | 12 +- .../http/kuscia_gress/gress_filter_test.cc | 20 +- 34 files changed, 2228 insertions(+), 172 deletions(-) create mode 100644 CHANGELOG.md create mode 100644 build_image/dockerfile/kuscia-envoy-anolis.Dockerfile delete mode 100755 hack/proto-to-go.sh create mode 100755 kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.validate.go create mode 100755 kuscia/api/filters/http/kuscia_crypt/v3/crypt.proto create mode 100755 kuscia/api/filters/http/kuscia_gress/v3/gress.pb.validate.go create mode 100755 kuscia/api/filters/http/kuscia_gress/v3/gress.proto create mode 100755 kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.validate.go create mode 100644 kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.proto create mode 100755 kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.validate.go create mode 100755 kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.proto create mode 100644 kuscia/source/filters/http/kuscia_common/kuscia_header.cc diff --git a/.bazelrc b/.bazelrc index 68e6018..150e6f4 100644 --- a/.bazelrc +++ b/.bazelrc @@ -3,3 +3,7 @@ import %workspace%/envoy/.bazelrc build --platform_mappings=envoy/bazel/platform_mappings build:linux --copt=-Wno-uninitialized + +build --action_env=GOPROXY=https://goproxy.cn,direct +test --action_env=GOPROXY=https://goproxy.cn,direct +run --action_env=GOPROXY=https://goproxy.cn,direc diff --git a/.bazelversion b/.bazelversion index ade6522..09b254e 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -5.4.1 +6.0.0 diff --git a/.gitmodules b/.gitmodules index 19fe703..d27b8a8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +1,4 @@ [submodule "envoy"] path = envoy - url = https://github.com/envoyproxy/envoy - branch = release/v1.25.1 + url = https://github.com/envoyproxy/envoy.git + branch = release/v1.20 diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..3c0f537 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,17 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## Types of changes +`Added ` for new features. +`Changed` for changes in existing functionality. +`Deprecated` for soon-to-be removed features. +`Removed` for now removed features. +`Fixed` for any bug fixes. +`Security` in case of vulnerabilities. + +## [0.2.0b0] - 2023-6-30 +### Added +- Kuscia-envoy init release diff --git a/Makefile b/Makefile index 70e3dc8..e4ff83f 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,16 @@ BUILD_IMAGE = envoyproxy/envoy-build-ubuntu:81a93046060dbe5620d5b3aa92632090a9ee4da6 +# Image URL to use all building image targets +DATETIME = $(shell date +"%Y%m%d%H%M%S") +KUSCIA_VERSION_TAG = $(shell git describe --abbrev=7 --always) +COMMIT_ID = $(shell git log -1 --pretty="format:%h") +TAG = ${KUSCIA_VERSION_TAG}-${DATETIME}-${COMMIT_ID} +IMG ?= secretflow/kuscia-envoy:${TAG} + CONTAINER_NAME ?= "build-envoy" COMPILE_MODE ?=opt TARGET ?= "//:envoy" -BUILD_OPTS ?= +BUILD_OPTS ?="--strip=always" TEST_COMPILE_MODE = fastbuild TEST_TARGET ?= "//kuscia/test/..." @@ -38,7 +45,7 @@ build-envoy: .PHONY: build-envoy-local build-envoy-local: - bazel build -c ${COMPILE_MODE} ${TARGET} --verbose_failures ${BUILD_OPTS} + bazel build -c ${COMPILE_MODE} ${TARGET} --verbose_failures ${BUILD_OPTS} --@envoy//source/extensions/wasm_runtime/v8:enabled=false .PHONY: test-envoy test-envoy: @@ -55,3 +62,7 @@ test-envoy-local: clean: $(call stop_docker) rm -rf output + +.PHONY: image +image: build-envoy + docker build -t ${IMG} -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . diff --git a/README.md b/README.md index b9297cb..1c4b275 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,15 @@ The extension filters are: - kuscia_header_decorator: add specified headers before forwarding requests to upstream service. For example, you can assign a token for each source, then the upstream service can use the token to authorize requests. -## build +## build executable files ```shell make build-envoy + +## build image +```shell +make image +``` + ``` ## test diff --git a/README.zh-CN.md b/README.zh-CN.md index 0cdf027..c8ed2c5 100644 --- a/README.zh-CN.md +++ b/README.zh-CN.md @@ -14,12 +14,18 @@ Kuscia Envoy 基于开源[Envoy](https://github.com/envoyproxy/envoy)实现了 - kuscia_header_decorator: 在将请求转发到上游服务之前添加指定的 header。 比如你可以根据请求来源,在请求头中添加对应的 token ,上游服务可以使用 token 对请求进行鉴权。 -## 构建 +## 构建可执行文件 ```shell make build-envoy ``` +## 构建镜像 + +```shell +make image +``` + ## 测试 ```shell diff --git a/build_image/dockerfile/kuscia-envoy-anolis.Dockerfile b/build_image/dockerfile/kuscia-envoy-anolis.Dockerfile new file mode 100644 index 0000000..51667c6 --- /dev/null +++ b/build_image/dockerfile/kuscia-envoy-anolis.Dockerfile @@ -0,0 +1,10 @@ +FROM openanolis/anolisos:8.8 + +ENV TZ=Asia/Shanghai + +ARG ROOT_DIR="/home/kuscia" +COPY output $ROOT_DIR/ + +WORKDIR ${ROOT_DIR} + +ENTRYPOINT ["/bin/bash", "--"] \ No newline at end of file diff --git a/go.mod b/go.mod index afabd87..d9dde98 100644 --- a/go.mod +++ b/go.mod @@ -2,4 +2,13 @@ module github.com/secretflow/kuscia-envoy go 1.19 -require google.golang.org/protobuf v1.28.1 +require ( + github.com/envoyproxy/go-control-plane v0.11.1 + google.golang.org/protobuf v1.30.0 +) + +require ( + github.com/cncf/xds/go v0.0.0-20230428030218-4003588d1b74 // indirect + github.com/envoyproxy/protoc-gen-validate v1.0.1 // indirect + github.com/golang/protobuf v1.5.3 // indirect +) diff --git a/go.sum b/go.sum index 1838366..8b9e95f 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,57 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/xds/go v0.0.0-20230428030218-4003588d1b74 h1:zlUubfBUxApscKFsF4VSvvfhsBNTBu0eF/ddvpo96yk= +github.com/cncf/xds/go v0.0.0-20230428030218-4003588d1b74/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= +github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v1.0.1 h1:kt9FtLiooDc0vbwTLhdg3dyNX1K9Qwa1EK9LcD4jVUQ= +github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/hack/proto-to-go.sh b/hack/proto-to-go.sh deleted file mode 100755 index 1c243a3..0000000 --- a/hack/proto-to-go.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright 2023 Ant Group Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -set -ex -set -o errexit -set -o nounset -set -o pipefail - -PROTOC=protoc - -KUSCIA_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P) -echo "${KUSCIA_ROOT}" - -PROTO_ROOT_PATH=${KUSCIA_ROOT}/kuscia/api - -function pre_install() { - # install protoc-gen-go tool if not exist - if [ "$(which protoc-gen-go)" == "" ]; then - echo "Start to install protoc-gen-go tool" - GO111MODULE=on go install -v google.golang.org/protobuf/cmd/protoc-gen-go - fi -} - -# $1: proto_dir -# $2: proto_golang_out -function generate_golang_code() { - proto_dir=$1 - for path in "${proto_dir}"/* - do - [[ -e "${path}" ]] || break - if [ -d "${path}" ]; then - generate_golang_code "${path}" - elif [[ ${path} == *.proto ]]; then - echo "${PROTOC} --proto_path=${KUSCIA_ROOT} --go_opt=paths=source_relative --go_out=./ ${path}" - ${PROTOC} --proto_path="${KUSCIA_ROOT}" \ - --go_opt=paths=source_relative --go_out=./ \ - "${path}" - fi - done -} - -function main() { - pre_install - generate_golang_code "${PROTO_ROOT_PATH}" -} - -main diff --git a/kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.go b/kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.go index ab94a43..7600c05 100644 --- a/kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.go +++ b/kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.go @@ -11,12 +11,11 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.21.8 +// protoc-gen-go v1.28.1 +// protoc v3.21.12 // source: kuscia/api/filters/http/kuscia_crypt/v3/crypt.proto package v3 diff --git a/kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.validate.go b/kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.validate.go new file mode 100755 index 0000000..27ea7f1 --- /dev/null +++ b/kuscia/api/filters/http/kuscia_crypt/v3/crypt.pb.validate.go @@ -0,0 +1,331 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: kuscia/api/filters/http/kuscia_crypt/v3/crypt.proto + +package v3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on CryptRule with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *CryptRule) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on CryptRule with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in CryptRuleMultiError, or nil +// if none found. +func (m *CryptRule) ValidateAll() error { + return m.validate(true) +} + +func (m *CryptRule) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Source + + // no validation rules for Destination + + // no validation rules for Algorithm + + // no validation rules for SecretKey + + // no validation rules for SecretKeyVersion + + // no validation rules for ReserveKey + + // no validation rules for ReserveKeyVersion + + if len(errors) > 0 { + return CryptRuleMultiError(errors) + } + + return nil +} + +// CryptRuleMultiError is an error wrapping multiple validation errors returned +// by CryptRule.ValidateAll() if the designated constraints aren't met. +type CryptRuleMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CryptRuleMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CryptRuleMultiError) AllErrors() []error { return m } + +// CryptRuleValidationError is the validation error returned by +// CryptRule.Validate if the designated constraints aren't met. +type CryptRuleValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CryptRuleValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CryptRuleValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CryptRuleValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CryptRuleValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CryptRuleValidationError) ErrorName() string { return "CryptRuleValidationError" } + +// Error satisfies the builtin error interface +func (e CryptRuleValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCryptRule.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CryptRuleValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CryptRuleValidationError{} + +// Validate checks the field values on Crypt with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Crypt) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Crypt with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in CryptMultiError, or nil if none found. +func (m *Crypt) ValidateAll() error { + return m.validate(true) +} + +func (m *Crypt) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for SelfNamespace + + for idx, item := range m.GetEncryptRules() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CryptValidationError{ + field: fmt.Sprintf("EncryptRules[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CryptValidationError{ + field: fmt.Sprintf("EncryptRules[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CryptValidationError{ + field: fmt.Sprintf("EncryptRules[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + for idx, item := range m.GetDecryptRules() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CryptValidationError{ + field: fmt.Sprintf("DecryptRules[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CryptValidationError{ + field: fmt.Sprintf("DecryptRules[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CryptValidationError{ + field: fmt.Sprintf("DecryptRules[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return CryptMultiError(errors) + } + + return nil +} + +// CryptMultiError is an error wrapping multiple validation errors returned by +// Crypt.ValidateAll() if the designated constraints aren't met. +type CryptMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CryptMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CryptMultiError) AllErrors() []error { return m } + +// CryptValidationError is the validation error returned by Crypt.Validate if +// the designated constraints aren't met. +type CryptValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CryptValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CryptValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CryptValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CryptValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CryptValidationError) ErrorName() string { return "CryptValidationError" } + +// Error satisfies the builtin error interface +func (e CryptValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCrypt.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CryptValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CryptValidationError{} diff --git a/kuscia/api/filters/http/kuscia_crypt/v3/crypt.proto b/kuscia/api/filters/http/kuscia_crypt/v3/crypt.proto new file mode 100755 index 0000000..db38503 --- /dev/null +++ b/kuscia/api/filters/http/kuscia_crypt/v3/crypt.proto @@ -0,0 +1,35 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package envoy.extensions.filters.http.kuscia_crypt.v3; +option go_package = "github.com/secretflow/kuscia-envoy/kuscia/api/filters/http/crypt/v3"; + +message CryptRule { + string source = 1; + string destination = 2; + string algorithm = 3; + string secret_key = 4; + string secret_key_version = 5; + string reserve_key = 6; + string reserve_key_version = 7; +} + +message Crypt { + string self_namespace = 1; + repeated CryptRule encrypt_rules = 2; + repeated CryptRule decrypt_rules = 3; +} diff --git a/kuscia/api/filters/http/kuscia_gress/v3/BUILD b/kuscia/api/filters/http/kuscia_gress/v3/BUILD index c496ff4..95ec17e 100755 --- a/kuscia/api/filters/http/kuscia_gress/v3/BUILD +++ b/kuscia/api/filters/http/kuscia_gress/v3/BUILD @@ -7,5 +7,6 @@ licenses(["notice"]) # Apache 2 api_proto_package( deps = [ "@com_github_cncf_udpa//udpa/annotations:pkg", + "@envoy_api//envoy/type/matcher/v3:pkg", ], ) diff --git a/kuscia/api/filters/http/kuscia_gress/v3/gress.pb.go b/kuscia/api/filters/http/kuscia_gress/v3/gress.pb.go index 712e93c..c101fad 100644 --- a/kuscia/api/filters/http/kuscia_gress/v3/gress.pb.go +++ b/kuscia/api/filters/http/kuscia_gress/v3/gress.pb.go @@ -15,13 +15,14 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.21.8 +// protoc-gen-go v1.28.1 +// protoc v3.21.12 // source: kuscia/api/filters/http/kuscia_gress/v3/gress.proto package v3 import ( + v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -35,16 +36,65 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type Gress_RewriteHostByHeader_RewritePolicy int32 + +const ( + Gress_RewriteHostByHeader_RewriteHostWithHeader Gress_RewriteHostByHeader_RewritePolicy = 0 + Gress_RewriteHostByHeader_RewriteNamespaceWithHeader Gress_RewriteHostByHeader_RewritePolicy = 1 + Gress_RewriteHostByHeader_RewriteHostWithSpecifiedHost Gress_RewriteHostByHeader_RewritePolicy = 2 +) + +// Enum value maps for Gress_RewriteHostByHeader_RewritePolicy. +var ( + Gress_RewriteHostByHeader_RewritePolicy_name = map[int32]string{ + 0: "RewriteHostWithHeader", + 1: "RewriteNamespaceWithHeader", + 2: "RewriteHostWithSpecifiedHost", + } + Gress_RewriteHostByHeader_RewritePolicy_value = map[string]int32{ + "RewriteHostWithHeader": 0, + "RewriteNamespaceWithHeader": 1, + "RewriteHostWithSpecifiedHost": 2, + } +) + +func (x Gress_RewriteHostByHeader_RewritePolicy) Enum() *Gress_RewriteHostByHeader_RewritePolicy { + p := new(Gress_RewriteHostByHeader_RewritePolicy) + *p = x + return p +} + +func (x Gress_RewriteHostByHeader_RewritePolicy) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Gress_RewriteHostByHeader_RewritePolicy) Descriptor() protoreflect.EnumDescriptor { + return file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_enumTypes[0].Descriptor() +} + +func (Gress_RewriteHostByHeader_RewritePolicy) Type() protoreflect.EnumType { + return &file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_enumTypes[0] +} + +func (x Gress_RewriteHostByHeader_RewritePolicy) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Gress_RewriteHostByHeader_RewritePolicy.Descriptor instead. +func (Gress_RewriteHostByHeader_RewritePolicy) EnumDescriptor() ([]byte, []int) { + return file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_rawDescGZIP(), []int{0, 0, 0} +} + type Gress struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Instance string `protobuf:"bytes,1,opt,name=instance,proto3" json:"instance,omitempty"` - SelfNamespace string `protobuf:"bytes,2,opt,name=self_namespace,json=selfNamespace,proto3" json:"self_namespace,omitempty"` - RewriteHost bool `protobuf:"varint,3,opt,name=rewrite_host,json=rewriteHost,proto3" json:"rewrite_host,omitempty"` - AddOriginSource bool `protobuf:"varint,4,opt,name=add_origin_source,json=addOriginSource,proto3" json:"add_origin_source,omitempty"` - MaxLoggingBodySizePerReqeuest int32 `protobuf:"varint,5,opt,name=max_logging_body_size_per_reqeuest,json=maxLoggingBodySizePerReqeuest,proto3" json:"max_logging_body_size_per_reqeuest,omitempty"` + Instance string `protobuf:"bytes,1,opt,name=instance,proto3" json:"instance,omitempty"` + SelfNamespace string `protobuf:"bytes,2,opt,name=self_namespace,json=selfNamespace,proto3" json:"self_namespace,omitempty"` + RewriteHostConfig []*Gress_RewriteHostByHeader `protobuf:"bytes,3,rep,name=rewrite_host_config,json=rewriteHostConfig,proto3" json:"rewrite_host_config,omitempty"` + AddOriginSource bool `protobuf:"varint,4,opt,name=add_origin_source,json=addOriginSource,proto3" json:"add_origin_source,omitempty"` + MaxLoggingBodySizePerReqeuest int32 `protobuf:"varint,5,opt,name=max_logging_body_size_per_reqeuest,json=maxLoggingBodySizePerReqeuest,proto3" json:"max_logging_body_size_per_reqeuest,omitempty"` } func (x *Gress) Reset() { @@ -93,11 +143,11 @@ func (x *Gress) GetSelfNamespace() string { return "" } -func (x *Gress) GetRewriteHost() bool { +func (x *Gress) GetRewriteHostConfig() []*Gress_RewriteHostByHeader { if x != nil { - return x.RewriteHost + return x.RewriteHostConfig } - return false + return nil } func (x *Gress) GetAddOriginSource() bool { @@ -114,6 +164,77 @@ func (x *Gress) GetMaxLoggingBodySizePerReqeuest() int32 { return 0 } +type Gress_RewriteHostByHeader struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RewritePolicy Gress_RewriteHostByHeader_RewritePolicy `protobuf:"varint,1,opt,name=rewrite_policy,json=rewritePolicy,proto3,enum=envoy.extensions.filters.http.kuscia_gress.v3.Gress_RewriteHostByHeader_RewritePolicy" json:"rewrite_policy,omitempty"` + Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"` + PathMatchers []*v3.PathMatcher `protobuf:"bytes,3,rep,name=path_matchers,json=pathMatchers,proto3" json:"path_matchers,omitempty"` + SpecifiedHost string `protobuf:"bytes,4,opt,name=specified_host,json=specifiedHost,proto3" json:"specified_host,omitempty"` +} + +func (x *Gress_RewriteHostByHeader) Reset() { + *x = Gress_RewriteHostByHeader{} + if protoimpl.UnsafeEnabled { + mi := &file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Gress_RewriteHostByHeader) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Gress_RewriteHostByHeader) ProtoMessage() {} + +func (x *Gress_RewriteHostByHeader) ProtoReflect() protoreflect.Message { + mi := &file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Gress_RewriteHostByHeader.ProtoReflect.Descriptor instead. +func (*Gress_RewriteHostByHeader) Descriptor() ([]byte, []int) { + return file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *Gress_RewriteHostByHeader) GetRewritePolicy() Gress_RewriteHostByHeader_RewritePolicy { + if x != nil { + return x.RewritePolicy + } + return Gress_RewriteHostByHeader_RewriteHostWithHeader +} + +func (x *Gress_RewriteHostByHeader) GetHeader() string { + if x != nil { + return x.Header + } + return "" +} + +func (x *Gress_RewriteHostByHeader) GetPathMatchers() []*v3.PathMatcher { + if x != nil { + return x.PathMatchers + } + return nil +} + +func (x *Gress_RewriteHostByHeader) GetSpecifiedHost() string { + if x != nil { + return x.SpecifiedHost + } + return "" +} + var File_kuscia_api_filters_http_kuscia_gress_v3_gress_proto protoreflect.FileDescriptor var file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_rawDesc = []byte{ @@ -123,27 +244,60 @@ var file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_rawDesc = []byte{ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x2e, 0x6b, 0x75, 0x73, 0x63, 0x69, 0x61, 0x5f, 0x67, 0x72, 0x65, 0x73, - 0x73, 0x2e, 0x76, 0x33, 0x22, 0xe4, 0x01, 0x0a, 0x05, 0x47, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1a, - 0x0a, 0x08, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x65, - 0x6c, 0x66, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0d, 0x73, 0x65, 0x6c, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x68, 0x6f, 0x73, - 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, - 0x48, 0x6f, 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x11, 0x61, 0x64, 0x64, 0x5f, 0x6f, 0x72, 0x69, 0x67, - 0x69, 0x6e, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0f, 0x61, 0x64, 0x64, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x12, 0x49, 0x0a, 0x22, 0x6d, 0x61, 0x78, 0x5f, 0x6c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x5f, - 0x62, 0x6f, 0x64, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x72, 0x65, - 0x71, 0x65, 0x75, 0x65, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x1d, 0x6d, 0x61, - 0x78, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x6f, 0x64, 0x79, 0x53, 0x69, 0x7a, 0x65, - 0x50, 0x65, 0x72, 0x52, 0x65, 0x71, 0x65, 0x75, 0x65, 0x73, 0x74, 0x42, 0x57, 0x5a, 0x55, 0x67, - 0x69, 0x74, 0x6c, 0x61, 0x62, 0x2e, 0x61, 0x6c, 0x69, 0x70, 0x61, 0x79, 0x2d, 0x69, 0x6e, 0x63, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x66, 0x6c, 0x6f, 0x77, 0x2f, - 0x6b, 0x75, 0x73, 0x63, 0x69, 0x61, 0x2d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x6b, 0x75, 0x73, - 0x63, 0x69, 0x61, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2f, - 0x68, 0x74, 0x74, 0x70, 0x2f, 0x6b, 0x75, 0x73, 0x63, 0x69, 0x61, 0x5f, 0x67, 0x72, 0x65, 0x73, - 0x73, 0x2f, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x2e, 0x76, 0x33, 0x1a, 0x20, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 0x70, 0x65, + 0x2f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x76, 0x33, 0x2f, 0x70, 0x61, 0x74, 0x68, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc8, 0x05, 0x0a, 0x05, 0x47, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x25, 0x0a, 0x0e, + 0x73, 0x65, 0x6c, 0x66, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x65, 0x6c, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x12, 0x78, 0x0a, 0x13, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x68, + 0x6f, 0x73, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x48, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, + 0x6f, 0x6e, 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x68, 0x74, 0x74, 0x70, + 0x2e, 0x6b, 0x75, 0x73, 0x63, 0x69, 0x61, 0x5f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x76, 0x33, + 0x2e, 0x47, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x48, 0x6f, + 0x73, 0x74, 0x42, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x11, 0x72, 0x65, 0x77, 0x72, + 0x69, 0x74, 0x65, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2a, 0x0a, + 0x11, 0x61, 0x64, 0x64, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x61, 0x64, 0x64, 0x4f, 0x72, 0x69, + 0x67, 0x69, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x22, 0x6d, 0x61, 0x78, + 0x5f, 0x6c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x5f, 0x62, 0x6f, 0x64, 0x79, 0x5f, 0x73, 0x69, + 0x7a, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x71, 0x65, 0x75, 0x65, 0x73, 0x74, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x1d, 0x6d, 0x61, 0x78, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, + 0x67, 0x42, 0x6f, 0x64, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x50, 0x65, 0x72, 0x52, 0x65, 0x71, 0x65, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x8a, 0x03, 0x0a, 0x13, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, + 0x48, 0x6f, 0x73, 0x74, 0x42, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x7d, 0x0a, 0x0e, + 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x56, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, + 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2e, + 0x68, 0x74, 0x74, 0x70, 0x2e, 0x6b, 0x75, 0x73, 0x63, 0x69, 0x61, 0x5f, 0x67, 0x72, 0x65, 0x73, + 0x73, 0x2e, 0x76, 0x33, 0x2e, 0x47, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x52, 0x65, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x48, 0x6f, 0x73, 0x74, 0x42, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x2e, 0x52, + 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x72, 0x65, + 0x77, 0x72, 0x69, 0x74, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x68, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x68, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x12, 0x47, 0x0a, 0x0d, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x74, 0x63, + 0x68, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x65, 0x6e, 0x76, + 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, + 0x76, 0x33, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x52, 0x0c, + 0x70, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, + 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x64, 0x48, + 0x6f, 0x73, 0x74, 0x22, 0x6c, 0x0a, 0x0d, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x12, 0x19, 0x0a, 0x15, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x48, + 0x6f, 0x73, 0x74, 0x57, 0x69, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x10, 0x00, 0x12, + 0x1e, 0x0a, 0x1a, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x57, 0x69, 0x74, 0x68, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x10, 0x01, 0x12, + 0x20, 0x0a, 0x1c, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x48, 0x6f, 0x73, 0x74, 0x57, 0x69, + 0x74, 0x68, 0x53, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x10, + 0x02, 0x42, 0x57, 0x5a, 0x55, 0x67, 0x69, 0x74, 0x6c, 0x61, 0x62, 0x2e, 0x61, 0x6c, 0x69, 0x70, + 0x61, 0x79, 0x2d, 0x69, 0x6e, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x65, 0x63, 0x72, 0x65, + 0x74, 0x66, 0x6c, 0x6f, 0x77, 0x2f, 0x6b, 0x75, 0x73, 0x63, 0x69, 0x61, 0x2d, 0x65, 0x6e, 0x76, + 0x6f, 0x79, 0x2f, 0x6b, 0x75, 0x73, 0x63, 0x69, 0x61, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x6b, 0x75, 0x73, 0x63, 0x69, + 0x61, 0x5f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2f, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -158,16 +312,23 @@ func file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_rawDescGZIP() []by return file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_rawDescData } -var file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_goTypes = []interface{}{ - (*Gress)(nil), // 0: envoy.extensions.filters.http.kuscia_gress.v3.Gress + (Gress_RewriteHostByHeader_RewritePolicy)(0), // 0: envoy.extensions.filters.http.kuscia_gress.v3.Gress.RewriteHostByHeader.RewritePolicy + (*Gress)(nil), // 1: envoy.extensions.filters.http.kuscia_gress.v3.Gress + (*Gress_RewriteHostByHeader)(nil), // 2: envoy.extensions.filters.http.kuscia_gress.v3.Gress.RewriteHostByHeader + (*v3.PathMatcher)(nil), // 3: envoy.type.matcher.v3.PathMatcher } var file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name + 2, // 0: envoy.extensions.filters.http.kuscia_gress.v3.Gress.rewrite_host_config:type_name -> envoy.extensions.filters.http.kuscia_gress.v3.Gress.RewriteHostByHeader + 0, // 1: envoy.extensions.filters.http.kuscia_gress.v3.Gress.RewriteHostByHeader.rewrite_policy:type_name -> envoy.extensions.filters.http.kuscia_gress.v3.Gress.RewriteHostByHeader.RewritePolicy + 3, // 2: envoy.extensions.filters.http.kuscia_gress.v3.Gress.RewriteHostByHeader.path_matchers:type_name -> envoy.type.matcher.v3.PathMatcher + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name } func init() { file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_init() } @@ -188,19 +349,32 @@ func file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_init() { return nil } } + file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Gress_RewriteHostByHeader); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, + NumEnums: 1, + NumMessages: 2, NumExtensions: 0, NumServices: 0, }, GoTypes: file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_goTypes, DependencyIndexes: file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_depIdxs, + EnumInfos: file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_enumTypes, MessageInfos: file_kuscia_api_filters_http_kuscia_gress_v3_gress_proto_msgTypes, }.Build() File_kuscia_api_filters_http_kuscia_gress_v3_gress_proto = out.File diff --git a/kuscia/api/filters/http/kuscia_gress/v3/gress.pb.validate.go b/kuscia/api/filters/http/kuscia_gress/v3/gress.pb.validate.go new file mode 100755 index 0000000..986a85a --- /dev/null +++ b/kuscia/api/filters/http/kuscia_gress/v3/gress.pb.validate.go @@ -0,0 +1,318 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: kuscia/api/filters/http/kuscia_gress/v3/gress.proto + +package v3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on Gress with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Gress) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Gress with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in GressMultiError, or nil if none found. +func (m *Gress) ValidateAll() error { + return m.validate(true) +} + +func (m *Gress) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Instance + + // no validation rules for SelfNamespace + + for idx, item := range m.GetRewriteHostConfig() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, GressValidationError{ + field: fmt.Sprintf("RewriteHostConfig[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, GressValidationError{ + field: fmt.Sprintf("RewriteHostConfig[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return GressValidationError{ + field: fmt.Sprintf("RewriteHostConfig[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + // no validation rules for AddOriginSource + + // no validation rules for MaxLoggingBodySizePerReqeuest + + if len(errors) > 0 { + return GressMultiError(errors) + } + + return nil +} + +// GressMultiError is an error wrapping multiple validation errors returned by +// Gress.ValidateAll() if the designated constraints aren't met. +type GressMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m GressMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m GressMultiError) AllErrors() []error { return m } + +// GressValidationError is the validation error returned by Gress.Validate if +// the designated constraints aren't met. +type GressValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e GressValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e GressValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e GressValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e GressValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e GressValidationError) ErrorName() string { return "GressValidationError" } + +// Error satisfies the builtin error interface +func (e GressValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sGress.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = GressValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = GressValidationError{} + +// Validate checks the field values on Gress_RewriteHostByHeader with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *Gress_RewriteHostByHeader) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Gress_RewriteHostByHeader with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Gress_RewriteHostByHeaderMultiError, or nil if none found. +func (m *Gress_RewriteHostByHeader) ValidateAll() error { + return m.validate(true) +} + +func (m *Gress_RewriteHostByHeader) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for RewritePolicy + + // no validation rules for Header + + for idx, item := range m.GetPathMatchers() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, Gress_RewriteHostByHeaderValidationError{ + field: fmt.Sprintf("PathMatchers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, Gress_RewriteHostByHeaderValidationError{ + field: fmt.Sprintf("PathMatchers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return Gress_RewriteHostByHeaderValidationError{ + field: fmt.Sprintf("PathMatchers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + // no validation rules for SpecifiedHost + + if len(errors) > 0 { + return Gress_RewriteHostByHeaderMultiError(errors) + } + + return nil +} + +// Gress_RewriteHostByHeaderMultiError is an error wrapping multiple validation +// errors returned by Gress_RewriteHostByHeader.ValidateAll() if the +// designated constraints aren't met. +type Gress_RewriteHostByHeaderMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Gress_RewriteHostByHeaderMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Gress_RewriteHostByHeaderMultiError) AllErrors() []error { return m } + +// Gress_RewriteHostByHeaderValidationError is the validation error returned by +// Gress_RewriteHostByHeader.Validate if the designated constraints aren't met. +type Gress_RewriteHostByHeaderValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Gress_RewriteHostByHeaderValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Gress_RewriteHostByHeaderValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Gress_RewriteHostByHeaderValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Gress_RewriteHostByHeaderValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Gress_RewriteHostByHeaderValidationError) ErrorName() string { + return "Gress_RewriteHostByHeaderValidationError" +} + +// Error satisfies the builtin error interface +func (e Gress_RewriteHostByHeaderValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sGress_RewriteHostByHeader.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Gress_RewriteHostByHeaderValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Gress_RewriteHostByHeaderValidationError{} diff --git a/kuscia/api/filters/http/kuscia_gress/v3/gress.proto b/kuscia/api/filters/http/kuscia_gress/v3/gress.proto new file mode 100755 index 0000000..71235a2 --- /dev/null +++ b/kuscia/api/filters/http/kuscia_gress/v3/gress.proto @@ -0,0 +1,49 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package envoy.extensions.filters.http.kuscia_gress.v3; +option go_package = "github.com/secretflow/kuscia-envoy/kuscia/api/filters/http/kuscia_gress/v3"; + +import "envoy/type/matcher/v3/path.proto"; + +message Gress { + // RewriteHostByHeader provides some policies to rewrite host to choose a new route: + // Firstly, the following conditions should be met: + // 1. the request headers contains an entry named ${header} + // 2. the uri path matchs one of ${path_matchers} if it's not empty + // Secondly, the host will be rewrited by ${rewrite_policy}: + // RewriteHostWithHeader: rewrite host with header value of ${header} + // RewriteNamespaceWithHeader: rewrite namespace in host with header value of ${header} + // RewriteHostWithSpecifiedHost: rewrite host with ${specified_host} + message RewriteHostByHeader { + enum RewritePolicy { + RewriteHostWithHeader = 0; + RewriteNamespaceWithHeader = 1; + RewriteHostWithSpecifiedHost = 2; + } + RewritePolicy rewrite_policy = 1; + string header = 2; + repeated type.matcher.v3.PathMatcher path_matchers = 3; + string specified_host = 4; + } + + string instance = 1; + string self_namespace = 2; + repeated RewriteHostByHeader rewrite_host_config = 3; + bool add_origin_source = 4; + int32 max_logging_body_size_per_reqeuest = 5; +} diff --git a/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.go b/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.go index 5076cf9..55712b7 100644 --- a/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.go +++ b/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.go @@ -15,8 +15,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.21.8 +// protoc-gen-go v1.28.1 +// protoc v3.21.12 // source: kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.proto package v3 @@ -40,9 +40,6 @@ type HeaderDecorator struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // as a reverse proxy, header decorator filter append specified entries to the request headers. - // for example, you can assign a token for each source, and the upstream cluster use the token to - // authorize requests AppendHeaders []*HeaderDecorator_SourceHeader `protobuf:"bytes,1,rep,name=append_headers,json=appendHeaders,proto3" json:"append_headers,omitempty"` } diff --git a/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.validate.go b/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.validate.go new file mode 100755 index 0000000..3fae841 --- /dev/null +++ b/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.pb.validate.go @@ -0,0 +1,431 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.proto + +package v3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on HeaderDecorator with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *HeaderDecorator) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on HeaderDecorator with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// HeaderDecoratorMultiError, or nil if none found. +func (m *HeaderDecorator) ValidateAll() error { + return m.validate(true) +} + +func (m *HeaderDecorator) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetAppendHeaders() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, HeaderDecoratorValidationError{ + field: fmt.Sprintf("AppendHeaders[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, HeaderDecoratorValidationError{ + field: fmt.Sprintf("AppendHeaders[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return HeaderDecoratorValidationError{ + field: fmt.Sprintf("AppendHeaders[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return HeaderDecoratorMultiError(errors) + } + + return nil +} + +// HeaderDecoratorMultiError is an error wrapping multiple validation errors +// returned by HeaderDecorator.ValidateAll() if the designated constraints +// aren't met. +type HeaderDecoratorMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m HeaderDecoratorMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m HeaderDecoratorMultiError) AllErrors() []error { return m } + +// HeaderDecoratorValidationError is the validation error returned by +// HeaderDecorator.Validate if the designated constraints aren't met. +type HeaderDecoratorValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e HeaderDecoratorValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e HeaderDecoratorValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e HeaderDecoratorValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e HeaderDecoratorValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e HeaderDecoratorValidationError) ErrorName() string { return "HeaderDecoratorValidationError" } + +// Error satisfies the builtin error interface +func (e HeaderDecoratorValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sHeaderDecorator.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = HeaderDecoratorValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = HeaderDecoratorValidationError{} + +// Validate checks the field values on HeaderDecorator_HeaderEntry with the +// rules defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *HeaderDecorator_HeaderEntry) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on HeaderDecorator_HeaderEntry with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// HeaderDecorator_HeaderEntryMultiError, or nil if none found. +func (m *HeaderDecorator_HeaderEntry) ValidateAll() error { + return m.validate(true) +} + +func (m *HeaderDecorator_HeaderEntry) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Key + + // no validation rules for Value + + if len(errors) > 0 { + return HeaderDecorator_HeaderEntryMultiError(errors) + } + + return nil +} + +// HeaderDecorator_HeaderEntryMultiError is an error wrapping multiple +// validation errors returned by HeaderDecorator_HeaderEntry.ValidateAll() if +// the designated constraints aren't met. +type HeaderDecorator_HeaderEntryMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m HeaderDecorator_HeaderEntryMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m HeaderDecorator_HeaderEntryMultiError) AllErrors() []error { return m } + +// HeaderDecorator_HeaderEntryValidationError is the validation error returned +// by HeaderDecorator_HeaderEntry.Validate if the designated constraints +// aren't met. +type HeaderDecorator_HeaderEntryValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e HeaderDecorator_HeaderEntryValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e HeaderDecorator_HeaderEntryValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e HeaderDecorator_HeaderEntryValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e HeaderDecorator_HeaderEntryValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e HeaderDecorator_HeaderEntryValidationError) ErrorName() string { + return "HeaderDecorator_HeaderEntryValidationError" +} + +// Error satisfies the builtin error interface +func (e HeaderDecorator_HeaderEntryValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sHeaderDecorator_HeaderEntry.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = HeaderDecorator_HeaderEntryValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = HeaderDecorator_HeaderEntryValidationError{} + +// Validate checks the field values on HeaderDecorator_SourceHeader with the +// rules defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *HeaderDecorator_SourceHeader) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on HeaderDecorator_SourceHeader with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// HeaderDecorator_SourceHeaderMultiError, or nil if none found. +func (m *HeaderDecorator_SourceHeader) ValidateAll() error { + return m.validate(true) +} + +func (m *HeaderDecorator_SourceHeader) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Source + + for idx, item := range m.GetHeaders() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, HeaderDecorator_SourceHeaderValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, HeaderDecorator_SourceHeaderValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return HeaderDecorator_SourceHeaderValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return HeaderDecorator_SourceHeaderMultiError(errors) + } + + return nil +} + +// HeaderDecorator_SourceHeaderMultiError is an error wrapping multiple +// validation errors returned by HeaderDecorator_SourceHeader.ValidateAll() if +// the designated constraints aren't met. +type HeaderDecorator_SourceHeaderMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m HeaderDecorator_SourceHeaderMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m HeaderDecorator_SourceHeaderMultiError) AllErrors() []error { return m } + +// HeaderDecorator_SourceHeaderValidationError is the validation error returned +// by HeaderDecorator_SourceHeader.Validate if the designated constraints +// aren't met. +type HeaderDecorator_SourceHeaderValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e HeaderDecorator_SourceHeaderValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e HeaderDecorator_SourceHeaderValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e HeaderDecorator_SourceHeaderValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e HeaderDecorator_SourceHeaderValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e HeaderDecorator_SourceHeaderValidationError) ErrorName() string { + return "HeaderDecorator_SourceHeaderValidationError" +} + +// Error satisfies the builtin error interface +func (e HeaderDecorator_SourceHeaderValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sHeaderDecorator_SourceHeader.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = HeaderDecorator_SourceHeaderValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = HeaderDecorator_SourceHeaderValidationError{} diff --git a/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.proto b/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.proto new file mode 100644 index 0000000..1fb875e --- /dev/null +++ b/kuscia/api/filters/http/kuscia_header_decorator/v3/header_decorator.proto @@ -0,0 +1,35 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package envoy.extensions.filters.http.kuscia_header_decorator.v3; +option go_package = "github.com/secretflow/kuscia-envoy/kuscia/api/filters/http/kuscia_header_decorator/v3"; + +message HeaderDecorator { + message HeaderEntry { + string key = 1; + string value = 2; + } + message SourceHeader { + string source = 1; + repeated HeaderEntry headers = 2; + } + + // as a reverse proxy, header decorator filter append specified entries to the request headers. + // for example, you can assign a token for each source, and the upstream cluster use the token to + // authorize requests + repeated SourceHeader append_headers = 1; +} diff --git a/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.go b/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.go index 59e2fe9..30003c9 100644 --- a/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.go +++ b/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.go @@ -15,8 +15,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.21.8 +// protoc-gen-go v1.28.1 +// protoc v3.21.12 // source: kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.proto package v3 diff --git a/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.validate.go b/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.validate.go new file mode 100755 index 0000000..1323c8c --- /dev/null +++ b/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.pb.validate.go @@ -0,0 +1,392 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.proto + +package v3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on TokenAuth with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *TokenAuth) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on TokenAuth with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in TokenAuthMultiError, or nil +// if none found. +func (m *TokenAuth) ValidateAll() error { + return m.validate(true) +} + +func (m *TokenAuth) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetSourceTokenList() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, TokenAuthValidationError{ + field: fmt.Sprintf("SourceTokenList[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, TokenAuthValidationError{ + field: fmt.Sprintf("SourceTokenList[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return TokenAuthValidationError{ + field: fmt.Sprintf("SourceTokenList[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return TokenAuthMultiError(errors) + } + + return nil +} + +// TokenAuthMultiError is an error wrapping multiple validation errors returned +// by TokenAuth.ValidateAll() if the designated constraints aren't met. +type TokenAuthMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m TokenAuthMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m TokenAuthMultiError) AllErrors() []error { return m } + +// TokenAuthValidationError is the validation error returned by +// TokenAuth.Validate if the designated constraints aren't met. +type TokenAuthValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e TokenAuthValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e TokenAuthValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e TokenAuthValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e TokenAuthValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e TokenAuthValidationError) ErrorName() string { return "TokenAuthValidationError" } + +// Error satisfies the builtin error interface +func (e TokenAuthValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sTokenAuth.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = TokenAuthValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = TokenAuthValidationError{} + +// Validate checks the field values on FilterConfigPerRoute with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *FilterConfigPerRoute) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on FilterConfigPerRoute with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// FilterConfigPerRouteMultiError, or nil if none found. +func (m *FilterConfigPerRoute) ValidateAll() error { + return m.validate(true) +} + +func (m *FilterConfigPerRoute) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Disabled + + if len(errors) > 0 { + return FilterConfigPerRouteMultiError(errors) + } + + return nil +} + +// FilterConfigPerRouteMultiError is an error wrapping multiple validation +// errors returned by FilterConfigPerRoute.ValidateAll() if the designated +// constraints aren't met. +type FilterConfigPerRouteMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m FilterConfigPerRouteMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m FilterConfigPerRouteMultiError) AllErrors() []error { return m } + +// FilterConfigPerRouteValidationError is the validation error returned by +// FilterConfigPerRoute.Validate if the designated constraints aren't met. +type FilterConfigPerRouteValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e FilterConfigPerRouteValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e FilterConfigPerRouteValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e FilterConfigPerRouteValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e FilterConfigPerRouteValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e FilterConfigPerRouteValidationError) ErrorName() string { + return "FilterConfigPerRouteValidationError" +} + +// Error satisfies the builtin error interface +func (e FilterConfigPerRouteValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFilterConfigPerRoute.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = FilterConfigPerRouteValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = FilterConfigPerRouteValidationError{} + +// Validate checks the field values on TokenAuth_SourceToken with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *TokenAuth_SourceToken) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on TokenAuth_SourceToken with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// TokenAuth_SourceTokenMultiError, or nil if none found. +func (m *TokenAuth_SourceToken) ValidateAll() error { + return m.validate(true) +} + +func (m *TokenAuth_SourceToken) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Source + + if len(errors) > 0 { + return TokenAuth_SourceTokenMultiError(errors) + } + + return nil +} + +// TokenAuth_SourceTokenMultiError is an error wrapping multiple validation +// errors returned by TokenAuth_SourceToken.ValidateAll() if the designated +// constraints aren't met. +type TokenAuth_SourceTokenMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m TokenAuth_SourceTokenMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m TokenAuth_SourceTokenMultiError) AllErrors() []error { return m } + +// TokenAuth_SourceTokenValidationError is the validation error returned by +// TokenAuth_SourceToken.Validate if the designated constraints aren't met. +type TokenAuth_SourceTokenValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e TokenAuth_SourceTokenValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e TokenAuth_SourceTokenValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e TokenAuth_SourceTokenValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e TokenAuth_SourceTokenValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e TokenAuth_SourceTokenValidationError) ErrorName() string { + return "TokenAuth_SourceTokenValidationError" +} + +// Error satisfies the builtin error interface +func (e TokenAuth_SourceTokenValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sTokenAuth_SourceToken.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = TokenAuth_SourceTokenValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = TokenAuth_SourceTokenValidationError{} diff --git a/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.proto b/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.proto new file mode 100755 index 0000000..d307b68 --- /dev/null +++ b/kuscia/api/filters/http/kuscia_token_auth/v3/token_auth.proto @@ -0,0 +1,33 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package envoy.extensions.filters.http.kuscia_token_auth.v3; +option go_package = "github.com/secretflow/kuscia-envoy/kuscia/api/filters/http/kuscia_token_auth/v3"; + +message TokenAuth { + message SourceToken { + string source = 1; + repeated string tokens = 2; + } + + repeated SourceToken source_token_list = 1; +} + +message FilterConfigPerRoute { + bool disabled = 1; +} + diff --git a/kuscia/source/filters/http/kuscia_common/BUILD b/kuscia/source/filters/http/kuscia_common/BUILD index e9420c6..31a65f2 100755 --- a/kuscia/source/filters/http/kuscia_common/BUILD +++ b/kuscia/source/filters/http/kuscia_common/BUILD @@ -11,6 +11,7 @@ api_proto_package() #"@envoy//envoy/http:header_map_interface", envoy_cc_library( name = "kuscia_common", + srcs = ["kuscia_header.cc"], hdrs = [ "common.h", "kuscia_header.h", diff --git a/kuscia/source/filters/http/kuscia_common/kuscia_header.cc b/kuscia/source/filters/http/kuscia_common/kuscia_header.cc new file mode 100644 index 0000000..c3ff2bb --- /dev/null +++ b/kuscia/source/filters/http/kuscia_common/kuscia_header.cc @@ -0,0 +1,38 @@ +// Copyright 2023 Ant Group Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "kuscia/source/filters/http/kuscia_common/kuscia_header.h" + +namespace Envoy { +namespace Extensions { +namespace HttpFilters { +namespace KusciaCommon { + +constexpr absl::string_view InterConnProtocolBFIA{"bfia"}; +constexpr absl::string_view InterConnProtocolKuscia{"kuscia"}; + +absl::optional KusciaHeader::getSource(const Http::RequestHeaderMap& headers) { + auto protocol = headers.getByKey(KusciaCommon::HeaderKeyInterConnProtocol); + if (protocol && protocol.value() == InterConnProtocolBFIA) { + auto ptpSource = headers.getByKey(HeaderKeyBFIAPTPSource); + return ptpSource ? ptpSource : headers.getByKey(HeaderKeyBFIAScheduleSource); + } + return headers.getByKey(HeaderKeyKusciaSource); +} + +} // namespace KusciaCommon +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy + diff --git a/kuscia/source/filters/http/kuscia_common/kuscia_header.h b/kuscia/source/filters/http/kuscia_common/kuscia_header.h index c985cbf..3f1c735 100755 --- a/kuscia/source/filters/http/kuscia_common/kuscia_header.h +++ b/kuscia/source/filters/http/kuscia_common/kuscia_header.h @@ -1,11 +1,11 @@ // Copyright 2023 Ant Group Co., Ltd. -// +// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 -// +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,6 +22,11 @@ namespace Extensions { namespace HttpFilters { namespace KusciaCommon { +const Http::LowerCaseString HeaderKeyInterConnProtocol("x-interconn-protocol"); + +const Http::LowerCaseString HeaderKeyBFIAPTPSource("x-ptp-source-node-id"); +const Http::LowerCaseString HeaderKeyBFIAScheduleSource("x-node-id"); + const Http::LowerCaseString HeaderKeyKusciaSource("Kuscia-Source"); const Http::LowerCaseString HeaderKeyKusciaToken("Kuscia-Token"); const Http::LowerCaseString HeaderKeyKusciaHost("Kuscia-Host"); @@ -35,6 +40,11 @@ const Http::LowerCaseString HeaderKeyRecordBody("Kuscia-Record-Body"); const Http::LowerCaseString HeaderKeyEncryptVersion("Kuscia-Encrypt-Version"); const Http::LowerCaseString HeaderKeyEncryptIv("Kuscia-Encrypt-Iv"); +class KusciaHeader { + public: + static absl::optional getSource(const Http::RequestHeaderMap& headers); +}; + } // namespace KusciaCommon } // namespace HttpFilters } // namespace Extensions diff --git a/kuscia/source/filters/http/kuscia_gress/BUILD b/kuscia/source/filters/http/kuscia_gress/BUILD index bd3967b..fbca5bc 100755 --- a/kuscia/source/filters/http/kuscia_gress/BUILD +++ b/kuscia/source/filters/http/kuscia_gress/BUILD @@ -28,5 +28,7 @@ envoy_cc_library( ":gress_filter", "@envoy//envoy/registry", "@envoy//source/extensions/filters/http/common:factory_base_lib", + "@envoy_api//envoy/type/matcher/v3:pkg_cc_proto", + "@envoy//source/common/matcher:matcher_lib", ], ) diff --git a/kuscia/source/filters/http/kuscia_gress/config.cc b/kuscia/source/filters/http/kuscia_gress/config.cc index e36b82d..a5c140b 100755 --- a/kuscia/source/filters/http/kuscia_gress/config.cc +++ b/kuscia/source/filters/http/kuscia_gress/config.cc @@ -1,11 +1,11 @@ // Copyright 2023 Ant Group Co., Ltd. -// +// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 -// +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -28,8 +28,9 @@ Http::FilterFactoryCb GressConfigFactory::createFilterFactoryFromProtoTyped( const envoy::extensions::filters::http::kuscia_gress::v3::Gress& proto_config, const std::string&, Server::Configuration::FactoryContext&) { - return [proto_config](Http::FilterChainFactoryCallbacks & callbacks) -> void { - callbacks.addStreamFilter(std::make_shared(proto_config)); + GressFilterConfigSharedPtr config = std::make_shared(proto_config); + return [config](Http::FilterChainFactoryCallbacks & callbacks) -> void { + callbacks.addStreamFilter(std::make_shared(config)); }; } @@ -39,4 +40,4 @@ REGISTER_FACTORY(GressConfigFactory, } // namespace KusciaGress } // namespace HttpFilters } // namespace Extensions -} // namespace Envoy +} // namespace Envoy \ No newline at end of file diff --git a/kuscia/source/filters/http/kuscia_gress/gress_filter.cc b/kuscia/source/filters/http/kuscia_gress/gress_filter.cc index 725ba7e..cad96db 100755 --- a/kuscia/source/filters/http/kuscia_gress/gress_filter.cc +++ b/kuscia/source/filters/http/kuscia_gress/gress_filter.cc @@ -1,11 +1,11 @@ // Copyright 2023 Ant Group Co., Ltd. -// +// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 -// +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -38,6 +38,39 @@ static void adjustContentLength(Http::RequestOrResponseHeaderMap& headers, uint6 } } +static std::string replaceNamespaceInHost(absl::string_view host, absl::string_view new_namespace) { + std::vector fields = absl::StrSplit(host, "."); + for (std::size_t i = 2; i < fields.size(); i++) { + if (fields[i] == "svc") { + fields[i - 1] = new_namespace; + return absl::StrJoin(fields, "."); + } + } + return ""; +} + +RewriteHostConfig::RewriteHostConfig(const RewriteHost& config) : + rewrite_policy_(config.rewrite_policy()), + header_(config.header()), + specified_host_(config.specified_host()) { + path_matchers_.reserve(config.path_matchers_size()); + for (const auto& pm : config.path_matchers()) { + PathMatcherConstSharedPtr matcher(new Envoy::Matchers::PathMatcher(pm)); + path_matchers_.emplace_back(matcher); + } +} + +GressFilterConfig::GressFilterConfig(const GressPbConfig& config) : + instance_(config.instance()), + self_namespace_(config.self_namespace()), + add_origin_source_(config.add_origin_source()), + max_logging_body_size_per_reqeuest_(config.max_logging_body_size_per_reqeuest()) { + rewrite_host_config_.reserve(config.rewrite_host_config_size()); + for (const auto& rh : config.rewrite_host_config()) { + rewrite_host_config_.emplace_back(RewriteHostConfig(rh)); + } +} + Http::FilterHeadersStatus GressFilter::decodeHeaders(Http::RequestHeaderMap& headers, bool) { // store some useful headers @@ -50,12 +83,8 @@ Http::FilterHeadersStatus GressFilter::decodeHeaders(Http::RequestHeaderMap& hea } // rewrite host to choose a new route - if (config_.rewrite_host()) { - auto kuscia_host = headers.getByKey(KusciaCommon::HeaderKeyKusciaHost).value_or(""); - if (!kuscia_host.empty()) { - headers.setHost(kuscia_host); - decoder_callbacks_->downstreamCallbacks()->clearRouteCache(); - } + if (rewriteHost(headers)) { + decoder_callbacks_->downstreamCallbacks()->clearRouteCache(); } else { // replace ".svc:" with ".svc" for internal request size_t n = host_.rfind(".svc:"); @@ -67,11 +96,11 @@ Http::FilterHeadersStatus GressFilter::decodeHeaders(Http::RequestHeaderMap& hea } // add origin-source if not exist - if (config_.add_origin_source()) { + if (config_->addOriginSource()) { auto origin_source = headers.getByKey(KusciaCommon::HeaderKeyOriginSource) .value_or(std::string()); if (origin_source.empty()) { - headers.addCopy(KusciaCommon::HeaderKeyOriginSource, config_.self_namespace()); + headers.addCopy(KusciaCommon::HeaderKeyOriginSource, config_->selfNamespace()); } } @@ -96,21 +125,21 @@ Http::FilterHeadersStatus GressFilter::encodeHeaders(Http::ResponseHeaderMap& he auto inner_msg = headers.get(KusciaCommon::HeaderKeyErrorMessageInternal); if (inner_msg.size() == 1 && inner_msg[0] != nullptr && !inner_msg[0]->value().empty()) { err_msg = fmt::format("Domain {}.{}: {}", - config_.self_namespace(), - config_.instance(), + config_->selfNamespace(), + config_->instance(), inner_msg[0]->value().getStringView()); headers.remove(KusciaCommon::HeaderKeyErrorMessageInternal); } else { err_msg = fmt::format("Domain {}.{}<--{} return http code {}.", - config_.self_namespace(), - config_.instance(), + config_->selfNamespace(), + config_->instance(), host_, headers.getStatusValue()); } } else if (result[0] != nullptr) { err_msg = fmt::format("Domain {}.{}<--{}", - config_.self_namespace(), - config_.instance(), + config_->selfNamespace(), + config_->instance(), result[0]->value().getStringView()); } @@ -133,12 +162,68 @@ Http::FilterDataStatus GressFilter::encodeData(Buffer::Instance& data, bool end_ return Http::FilterDataStatus::Continue; } +bool GressFilter::rewriteHost(Http::RequestHeaderMap& headers) { + for (const auto& rh : config_->rewriteHostConfig()) { + if (rewriteHost(headers, rh)) { + return true; + } + } + return false; +} + +bool GressFilter::rewriteHost(Http::RequestHeaderMap& headers, const RewriteHostConfig& rh) { + auto header_value = headers.getByKey(Http::LowerCaseString(rh.header())).value_or(""); + if (header_value.empty()) { + return false; + } + + if (rh.pathMatchers().size() > 0) { + const absl::string_view path = headers.getPathValue(); + bool path_match = false; + for (const auto& pm : rh.pathMatchers()) { + if (pm->match(path)) { + path_match = true; + break; + } + } + if (!path_match) { + return false; + } + } + + switch (rh.rewritePolicy()) { + case RewriteHost::RewriteHostWithHeader: { + headers.setHost(header_value); + return true; + } + case RewriteHost::RewriteNamespaceWithHeader: { + auto host_value = replaceNamespaceInHost(headers.getHostValue(), header_value); + if (!host_value.empty()) { + headers.setHost(host_value); + return true; + } + break; + } + case RewriteHost::RewriteHostWithSpecifiedHost: { + if (!rh.specifiedHost().empty()) { + headers.setHost(rh.specifiedHost()); + return true; + } + break; + } + default: + break; + } + + return false; +} + bool GressFilter::recordBody(Buffer::OwnedImpl& body, Buffer::Instance& data, bool end_stream, bool is_req) { auto& stream_info = is_req ? decoder_callbacks_->streamInfo() : encoder_callbacks_->streamInfo(); std::string body_key = is_req ? "request_body" : "response_body"; - uint64_t logging_size = static_cast(config_.max_logging_body_size_per_reqeuest()); + uint64_t logging_size = static_cast(config_->maxLoggingBodySizePerReqeuest()); bool record_body = true; if (data.length() > 0) { if (logging_size > 0 && body.length() + data.length() > logging_size) { diff --git a/kuscia/source/filters/http/kuscia_gress/gress_filter.h b/kuscia/source/filters/http/kuscia_gress/gress_filter.h index 3d4ebf0..f23c7fc 100755 --- a/kuscia/source/filters/http/kuscia_gress/gress_filter.h +++ b/kuscia/source/filters/http/kuscia_gress/gress_filter.h @@ -1,11 +1,11 @@ // Copyright 2023 Ant Group Co., Ltd. -// +// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 -// +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,24 +24,89 @@ #include "kuscia/api/filters/http/kuscia_gress/v3/gress.pb.h" +#include "envoy/common/matchers.h" +#include "source/common/common/matchers.h" + namespace Envoy { namespace Extensions { namespace HttpFilters { namespace KusciaGress { using GressPbConfig = envoy::extensions::filters::http::kuscia_gress::v3::Gress; +using RewriteHost = envoy::extensions::filters::http::kuscia_gress::v3::Gress_RewriteHostByHeader; +using RewritePolicy = RewriteHost::RewritePolicy; +using PathMatcherConstSharedPtr = std::shared_ptr; + +class RewriteHostConfig { + public: + explicit RewriteHostConfig(const RewriteHost& config); + + const std::string& header() const { + return header_; + } + RewritePolicy rewritePolicy() const { + return rewrite_policy_; + } + const std::string& specifiedHost() const { + return specified_host_; + } + + const std::vector& pathMatchers() const { + return path_matchers_; + } + + private: + RewriteHost::RewritePolicy rewrite_policy_; + std::string header_; + std::string specified_host_; + std::vector path_matchers_; +}; + +class GressFilterConfig { + public: + explicit GressFilterConfig(const GressPbConfig& config); + const std::string& instance() const { + return instance_; + } + + const std::string& selfNamespace() const { + return self_namespace_; + } + + bool addOriginSource() const { + return add_origin_source_; + } + + int32_t maxLoggingBodySizePerReqeuest() { + return max_logging_body_size_per_reqeuest_; + } + + const std::vector& rewriteHostConfig() const { + return rewrite_host_config_; + } + + private: + std::string instance_; + std::string self_namespace_; + bool add_origin_source_; + int32_t max_logging_body_size_per_reqeuest_; + + std::vector rewrite_host_config_; +}; + +using GressFilterConfigSharedPtr = std::shared_ptr; + class GressFilter : public Envoy::Http::PassThroughFilter, public Logger::Loggable { public: - explicit GressFilter(const GressPbConfig& config) : + explicit GressFilter(GressFilterConfigSharedPtr config) : config_(config), host_(), request_id_(), record_request_body_(false), record_response_body_(false) {} - Http::FilterHeadersStatus decodeHeaders(Http::RequestHeaderMap& headers, bool) override; Http::FilterDataStatus decodeData(Buffer::Instance& data, bool end_stream) override; @@ -51,9 +116,11 @@ class GressFilter : public Envoy::Http::PassThroughFilter, Http::FilterDataStatus encodeData(Buffer::Instance& data, bool end_stream) override; private: + bool rewriteHost(Http::RequestHeaderMap& headers); + bool rewriteHost(Http::RequestHeaderMap& headers, const RewriteHostConfig& rh); bool recordBody(Buffer::OwnedImpl& body, Buffer::Instance& data, bool end_stream, bool is_req); - GressPbConfig config_; + GressFilterConfigSharedPtr config_; std::string host_; std::string request_id_; diff --git a/kuscia/source/filters/http/kuscia_header_decorator/header_decorator_filter.cc b/kuscia/source/filters/http/kuscia_header_decorator/header_decorator_filter.cc index 19873bf..27dc4ec 100755 --- a/kuscia/source/filters/http/kuscia_header_decorator/header_decorator_filter.cc +++ b/kuscia/source/filters/http/kuscia_header_decorator/header_decorator_filter.cc @@ -1,11 +1,11 @@ // Copyright 2023 Ant Group Co., Ltd. -// +// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 -// +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,6 +25,8 @@ namespace Extensions { namespace HttpFilters { namespace KusciaHeaderDecorator { +using KusciaHeader = Envoy::Extensions::HttpFilters::KusciaCommon::KusciaHeader; + HeaderDecoratorFilter::HeaderDecoratorFilter(const HeaderDecoratorPbConfig& config) { for (const auto& source_headers : config.append_headers()) { std::vector> headers; @@ -43,7 +45,7 @@ Http::FilterHeadersStatus HeaderDecoratorFilter::decodeHeaders(Http::RequestHead } void HeaderDecoratorFilter::appendHeaders(Http::RequestHeaderMap& headers) const { - auto source = headers.getByKey(KusciaCommon::HeaderKeyKusciaSource).value_or(""); + auto source = KusciaHeader::getSource(headers).value_or(""); auto iter = append_headers_.find(source); if (iter != append_headers_.end()) { for (const auto& entry : iter->second) { diff --git a/kuscia/source/filters/http/kuscia_token_auth/token_auth_filter.cc b/kuscia/source/filters/http/kuscia_token_auth/token_auth_filter.cc index 6e636c2..8fa6f17 100755 --- a/kuscia/source/filters/http/kuscia_token_auth/token_auth_filter.cc +++ b/kuscia/source/filters/http/kuscia_token_auth/token_auth_filter.cc @@ -1,11 +1,11 @@ // Copyright 2023 Ant Group Co., Ltd. -// +// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 -// +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,8 +27,10 @@ namespace KusciaTokenAuth { constexpr absl::string_view UnauthorizedBodyMessage = "unauthorized."; +using KusciaHeader = Envoy::Extensions::HttpFilters::KusciaCommon::KusciaHeader; + Http::FilterHeadersStatus TokenAuthFilter::decodeHeaders(Http::RequestHeaderMap& headers, - bool) { + bool) { // Disable filter per route config if applies if (decoder_callbacks_->route() != nullptr) { const auto* per_route_config = @@ -38,7 +40,7 @@ Http::FilterHeadersStatus TokenAuthFilter::decodeHeaders(Http::RequestHeaderMap& } } - auto source = headers.getByKey(KusciaCommon::HeaderKeyKusciaSource).value_or(""); + auto source = KusciaHeader::getSource(headers).value_or(""); auto token = headers.getByKey(KusciaCommon::HeaderKeyKusciaToken).value_or(""); bool is_valid = config_->validateSource(source, token); if (!is_valid) { diff --git a/kuscia/test/filters/http/kuscia_gress/gress_filter_test.cc b/kuscia/test/filters/http/kuscia_gress/gress_filter_test.cc index 330596b..06546aa 100755 --- a/kuscia/test/filters/http/kuscia_gress/gress_filter_test.cc +++ b/kuscia/test/filters/http/kuscia_gress/gress_filter_test.cc @@ -1,11 +1,11 @@ // Copyright 2023 Ant Group Co., Ltd. -// +// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 -// +// // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -45,14 +45,16 @@ class GressFilterTest : public testing::Test { filter_.setDecoderFilterCallbacks(decoder_callbacks_); } - GressPbConfig setupConfig() { + GressFilterConfigSharedPtr setupConfig() { GressPbConfig proto_config; proto_config.set_instance("foo"); proto_config.set_self_namespace("alice"); proto_config.set_add_origin_source(true); proto_config.set_max_logging_body_size_per_reqeuest(5); - proto_config.set_rewrite_host(true); - return proto_config; + auto rh = proto_config.add_rewrite_host_config(); + rh->set_header("kuscia-Host"); + rh->set_rewrite_policy(RewriteHost::RewriteHostWithHeader); + return GressFilterConfigSharedPtr(new GressFilterConfig(proto_config)); } void enableRecordBody () { @@ -62,7 +64,7 @@ class GressFilterTest : public testing::Test { } GressFilter filter_; - GressPbConfig config_; + GressFilterConfigSharedPtr config_; NiceMock decoder_callbacks_; }; @@ -71,7 +73,7 @@ TEST_F(GressFilterTest, EmptyHost) { EXPECT_EQ(Http::FilterHeadersStatus::Continue, filter_.decodeHeaders(headers, true)); KusciaHeaderChecker::checkRequestHeaders(headers, ExpectHeaders{{kHost, ""}, - {kOrginSource, config_.self_namespace()}}); + {kOrginSource, config_->selfNamespace()}}); } TEST_F(GressFilterTest, OtherHost) { @@ -79,7 +81,7 @@ TEST_F(GressFilterTest, OtherHost) { EXPECT_EQ(Http::FilterHeadersStatus::Continue, filter_.decodeHeaders(headers, true)); KusciaHeaderChecker::checkRequestHeaders(headers, ExpectHeaders{{kHost, "baidu.com"}, - {kOrginSource, config_.self_namespace()}}); + {kOrginSource, config_->selfNamespace()}}); } TEST_F(GressFilterTest, RewriteHost) {