http: Internal redirects with request body#15634
Conversation
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
|
all existing tests pass. I assume this needs a runtime guard since it modifies behavior without a configuration change (hmm, should it be a config option? Still some cleanup to do as well, but wanted to see if I can start getting feedback on the direction cc @alyssawilk @mattklein123 Also thinking that trailers should probably be handled as well? |
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
Looks great overall - thanks for tackling this one! I know we'll be wanting to use it for small bodied requests as well.
|
|
||
| default_request_headers_.setHost("handle.internal.redirect"); | ||
| IntegrationStreamDecoderPtr response = | ||
| codec_client_->makeRequestWithBody(default_request_headers_, "foobarbizbaz"); |
There was a problem hiding this comment.
Let's also make sure we have a test where we encode headers and partial body, do an early redirect, and downstream sends the rest of the body (or make sure we don't redirect given partial body if you don't want to deal with that yet)
There was a problem hiding this comment.
I don't think I want to tackle partial bodies quite yet (happy to do further iterations, but hoping to get the complete-request-body functionality in very soon 🙂).
We still have the condition The request must have been fully processed by Envoy., which is gated by checking that downstream_end_stream_ is true in order to do an internal redirect.
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
Looking good! Here's a few more thoughts.
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
|
Hm, looks like that asan failure may be real. Want to check it out? https://dev.azure.com/cncf/4684fb3d-0389-4e0b-8251-221942316e06/_apis/build/builds/70794/logs/169 |
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
Looks great overall! Only minor nits left so @snowp up for second pass?
Also cc @penguingao in case he wants to check it out.
source/common/http/filter_manager.cc
Outdated
| // the stream is complete may differ, re-check bytesReceived() to make sure | ||
| // there was no body from the HCM's point of view. | ||
| if (!complete() || parent_.stream_info_.bytesReceived() != 0) { | ||
| if (!parent_.enableInternalRedirectsWithBody() && |
There was a problem hiding this comment.
I think we want
if (!complete() || (!parent_.enableInternalRedirectsWithBody() parent_.stream_info_.bytesReceived() != 0)
no?
There was a problem hiding this comment.
Ah you're right - the integration test still passed since the router has its own end-of-stream/request-body-present checks that generally prevent us from reaching this point but (as the above comment mentions) this seems to be an extra protection layer against incomplete requests.
I don't see any existing tests for this branch but I can try to put one together - this could occur when the router's downstream_end_stream_ is true but the FM's state_.local_complete_ is false, and if the router's bufferedBody() is false (router doesn't think there's a body) but FM's receivedBytes() is non-zero. Hmmm, tricky cases to test.
|
/retest |
|
Retrying Azure Pipelines: |
|
hmm, gonna give it one more kick while I try to repro locally |
|
/retest |
|
Retrying Azure Pipelines: |
|
@snowp any other requests as second pass reviewer (once you're back tomorrow)? |
snowp
left a comment
snowp
left a comment
There was a problem hiding this comment.
Thanks this looks good in general, just a few questions
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Signed-off-by: Derek Argueta <darguetap@gmail.com>
…er_.bufferedRequestData() a second time Signed-off-by: Derek Argueta <darguetap@gmail.com>
|
/retest |
|
Retrying Azure Pipelines: |
|
/retest |
|
Retrying Azure Pipelines: |
|
verify examples got broken last night by a g-c-p change - main merge should now fix! |
Signed-off-by: Derek Argueta <darguetap@gmail.com>
|
/retest |
|
Retrying Azure Pipelines: |
4 participants
Commit Message: http: Internal redirects with request body
Additional Description: Adds support for handling internal redirects for requests that have a body.
Risk Level: medium - HCM/FM stream recreation
Testing: Added unit and integration tests
Docs Changes: Done
Release Notes: Added
Runtime guard:
envoy.reloadable_features.internal_redirects_with_bodyFixes: #14736
Signed-off-by: Derek Argueta darguetap@gmail.com