diff --git a/source/server/config_validation/server.cc b/source/server/config_validation/server.cc index 3d37c7ac56c49..69bc3db58654a 100644 --- a/source/server/config_validation/server.cc +++ b/source/server/config_validation/server.cc @@ -78,22 +78,21 @@ void ValidationInstance::initialize(const Options& options, // If we get all the way through that stripped-down initialization flow, to the point where we'd // be ready to serve, then the config has passed validation. // Handle configuration that needs to take place prior to the main configuration load. - envoy::config::bootstrap::v3::Bootstrap bootstrap; - InstanceUtil::loadBootstrapConfig(bootstrap, options, + InstanceUtil::loadBootstrapConfig(bootstrap_, options, messageValidationContext().staticValidationVisitor(), *api_); - Config::Utility::createTagProducer(bootstrap); - bootstrap.mutable_node()->set_hidden_envoy_deprecated_build_version(VersionInfo::version()); + Config::Utility::createTagProducer(bootstrap_); + bootstrap_.mutable_node()->set_hidden_envoy_deprecated_build_version(VersionInfo::version()); local_info_ = std::make_unique( - stats().symbolTable(), bootstrap.node(), bootstrap.node_context_params(), local_address, + stats().symbolTable(), bootstrap_.node(), bootstrap_.node_context_params(), local_address, options.serviceZone(), options.serviceClusterName(), options.serviceNodeName()); overload_manager_ = std::make_unique( - dispatcher(), stats(), threadLocal(), bootstrap.overload_manager(), + dispatcher(), stats(), threadLocal(), bootstrap_.overload_manager(), messageValidationContext().staticValidationVisitor(), *api_, options_); - Configuration::InitialImpl initial_config(bootstrap, options); - initial_config.initAdminAccessLog(bootstrap, *this); + Configuration::InitialImpl initial_config(bootstrap_, options); + initial_config.initAdminAccessLog(bootstrap_, *this); admin_ = std::make_unique(initial_config.admin().address()); listener_manager_ = std::make_unique(*this, *this, *this, false, quic_stat_names_); @@ -107,7 +106,7 @@ void ValidationInstance::initialize(const Options& options, localInfo(), *secret_manager_, messageValidationContext(), *api_, http_context_, grpc_context_, router_context_, accessLogManager(), singletonManager(), options, quic_stat_names_); - config_.initialize(bootstrap, *this, *cluster_manager_factory_); + config_.initialize(bootstrap_, *this, *cluster_manager_factory_); runtime().initialize(clusterManager()); clusterManager().setInitializedCb([this]() -> void { init_manager_.initialize(init_watcher_); }); } diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h index 356769f2b5962..e1c734d526275 100644 --- a/source/server/config_validation/server.h +++ b/source/server/config_validation/server.h @@ -112,7 +112,7 @@ class ValidationInstance final : Logger::Loggable, bool enableReusePortDefault() override { return true; } Configuration::StatsConfig& statsConfig() override { return config_.statsConfig(); } - envoy::config::bootstrap::v3::Bootstrap& bootstrap() override { NOT_IMPLEMENTED_GCOVR_EXCL_LINE; } + envoy::config::bootstrap::v3::Bootstrap& bootstrap() override { return bootstrap_; } Configuration::ServerFactoryContext& serverFactoryContext() override { return server_contexts_; } Configuration::TransportSocketFactoryContext& transportSocketFactoryContext() override { return server_contexts_; @@ -199,6 +199,7 @@ class ValidationInstance final : Logger::Loggable, Event::DispatcherPtr dispatcher_; std::unique_ptr admin_; Singleton::ManagerPtr singleton_manager_; + envoy::config::bootstrap::v3::Bootstrap bootstrap_; std::unique_ptr runtime_singleton_; Random::RandomGeneratorImpl random_generator_; std::unique_ptr ssl_context_manager_; diff --git a/test/extensions/filters/http/ext_authz/BUILD b/test/extensions/filters/http/ext_authz/BUILD index 6cf4e0f99615f..3d52bfc4150f5 100644 --- a/test/extensions/filters/http/ext_authz/BUILD +++ b/test/extensions/filters/http/ext_authz/BUILD @@ -56,10 +56,15 @@ envoy_extension_cc_test( envoy_extension_cc_test( name = "ext_authz_integration_test", srcs = ["ext_authz_integration_test.cc"], + data = [ + "ext_authz.yaml", + ], extension_names = ["envoy.filters.http.ext_authz"], deps = [ "//source/extensions/filters/http/ext_authz:config", + "//source/server/config_validation:server_lib", "//test/integration:http_integration_lib", + "//test/mocks/server:options_mocks", "//test/test_common:utility_lib", "@envoy_api//envoy/config/bootstrap/v3:pkg_cc_proto", "@envoy_api//envoy/config/listener/v3:pkg_cc_proto", diff --git a/test/extensions/filters/http/ext_authz/ext_authz.yaml b/test/extensions/filters/http/ext_authz/ext_authz.yaml new file mode 100644 index 0000000000000..e9c0877180ef0 --- /dev/null +++ b/test/extensions/filters/http/ext_authz/ext_authz.yaml @@ -0,0 +1,77 @@ +# Regression test for https://github.com/envoyproxy/envoy/issues/17344 +static_resources: + listeners: + - address: + socket_address: + address: 0.0.0.0 + port_value: 8080 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: local_service + domains: ["*"] + routes: + - match: + prefix: "/" + route: + cluster: local_service + http_filters: + - name: envoy.ext_authz + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz + failure_mode_allow: false + transport_api_version: V3 + status_on_error: + code: 503 + grpc_service: + envoy_grpc: + cluster_name: ext_authz-service + timeout: 0.5s + with_request_body: + max_request_bytes: 10240 + allow_partial_message: true + pack_as_bytes: false + - name: envoy.filters.http.router + typed_config: {} + clusters: + - name: local_service + connect_timeout: 30s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: local_service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: main + port_value: 8080 + - name: ext_authz-service + type: STRICT_DNS + lb_policy: ROUND_ROBIN + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicit_http_config: + http2_protocol_options: {} + load_assignment: + cluster_name: ext_authz-service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: opa + port_value: 80 +admin: + address: + socket_address: + address: 0.0.0.0 + port_value: 8081 diff --git a/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc b/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc index e5d41543b8548..64348bf33a470 100644 --- a/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc +++ b/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc @@ -4,9 +4,11 @@ #include "envoy/service/auth/v3/external_auth.pb.h" #include "source/common/common/macros.h" +#include "source/server/config_validation/server.h" #include "test/common/grpc/grpc_client_integration.h" #include "test/integration/http_integration.h" +#include "test/mocks/server/options.h" #include "test/test_common/utility.h" #include "absl/strings/str_format.h" @@ -887,4 +889,13 @@ TEST_P(ExtAuthzGrpcIntegrationTest, GoogleAsyncClientCreation) { cleanup(); } +// Regression test for https://github.com/envoyproxy/envoy/issues/17344 +TEST(ExtConfigValidateTest, Validate) { + Server::TestComponentFactory component_factory; + EXPECT_TRUE(validateConfig(testing::NiceMock(TestEnvironment::runfilesPath( + "test/extensions/filters/http/ext_authz/ext_authz.yaml")), + Network::Address::InstanceConstSharedPtr(), component_factory, + Thread::threadFactoryForTest(), Filesystem::fileSystemForTest())); +} + } // namespace Envoy