repo reorg: move network/HTTP ext_authz filters

REPO_LAYOUT.md

@@ -0,0 +1,26 @@
+# Repository layout overview
+
+This is a high level overview of how the repository is laid out to both aid in code investigation,
+as well as to clearly specify how extensions are added to the repository. The top level directories
+are:
+
+* `.circleci/`:
+* `bazel/`:
+* `ci/`:
+* `configs/`:
+* `docs/`:
+* `examples/`:
+* `include/`:
+* `restarter/`:
+* `source/`:
+* `support/`:
+* `test/`:
+* `tools/`:
+
+## `include/`
+
+## `source/`
+
+## `test/`
+
+## Extension layout

source/common/filter/BUILD

@@ -22,21 +22,3 @@ envoy_cc_library(
         "@envoy_api//envoy/config/filter/network/rate_limit/v2:rate_limit_cc",
     ],
 )
-
-envoy_cc_library(
-    name = "ext_authz_lib",
-    srcs = ["ext_authz.cc"],
-    hdrs = ["ext_authz.h"],
-    deps = [
-        "//include/envoy/ext_authz:ext_authz_interface",
-        "//include/envoy/network:connection_interface",
-        "//include/envoy/network:filter_interface",
-        "//include/envoy/runtime:runtime_interface",
-        "//include/envoy/stats:stats_macros",
-        "//include/envoy/upstream:cluster_manager_interface",
-        "//source/common/common:assert_lib",
-        "//source/common/ext_authz:ext_authz_lib",
-        "//source/common/tracing:http_tracer_lib",
-        "@envoy_api//envoy/config/filter/network/ext_authz/v2:ext_authz_cc",
-    ],
-)

source/common/http/filter/BUILD

@@ -151,37 +151,3 @@ envoy_cc_library(
         "@envoy_api//envoy/config/filter/http/rate_limit/v2:rate_limit_cc",
     ],
 )
-
-envoy_cc_library(
-    name = "ext_authz_lib",
-    srcs = ["ext_authz.cc"],
-    deps = [
-        ":ext_authz_includes",
-        "//include/envoy/http:codes_interface",
-        "//source/common/common:assert_lib",
-        "//source/common/common:empty_string",
-        "//source/common/common:enum_to_int",
-        "//source/common/ext_authz:ext_authz_lib",
-        "//source/common/http:codes_lib",
-        "//source/common/router:config_lib",
-    ],
-)
-
-envoy_cc_library(
-    name = "ext_authz_includes",
-    hdrs = ["ext_authz.h"],
-    deps = [
-        "//include/envoy/access_log:access_log_interface",
-        "//include/envoy/ext_authz:ext_authz_interface",
-        "//include/envoy/http:filter_interface",
-        "//include/envoy/local_info:local_info_interface",
-        "//include/envoy/runtime:runtime_interface",
-        "//include/envoy/upstream:cluster_manager_interface",
-        "//source/common/common:assert_lib",
-        "//source/common/http:header_map_lib",
-        "//source/common/json:config_schemas_lib",
-        "//source/common/json:json_loader_lib",
-        "//source/common/json:json_validator_lib",
-        "@envoy_api//envoy/config/filter/http/ext_authz/v2:ext_authz_cc",
-    ],
-)

source/exe/BUILD

@@ -41,7 +41,6 @@ envoy_cc_library(
         "//source/server/config/access_log:grpc_access_log_lib",
         "//source/server/config/http:buffer_lib",
         "//source/server/config/http:cors_lib",
-        "//source/server/config/http:ext_authz_lib",
         "//source/server/config/http:fault_lib",
         "//source/server/config/http:grpc_http1_bridge_lib",
         "//source/server/config/http:grpc_json_transcoder_lib",
@@ -53,7 +52,6 @@ envoy_cc_library(
         "//source/server/config/http:router_lib",
         "//source/server/config/listener:original_dst_lib",
         "//source/server/config/listener:proxy_protocol_lib",
-        "//source/server/config/network:ext_authz_lib",
         "//source/server/config/network:http_connection_manager_lib",
         "//source/server/config/network:ratelimit_lib",
         "//source/server/config/network:raw_buffer_socket_lib",

source/extensions/all_extensions.bzl

@@ -4,8 +4,10 @@
 # selection options such as maturity.
 def envoy_all_extensions(repository = ""):
   return [
+    repository + "//source/extensions/filters/http/ext_authz:config",
     repository + "//source/extensions/filters/network/client_ssl_auth:config",
     repository + "//source/extensions/filters/network/echo:config",
+    repository + "//source/extensions/filters/network/ext_authz:config",
     repository + "//source/extensions/filters/network/mongo_proxy:config",
     repository + "//source/extensions/filters/network/tcp_proxy:config",
   ]

source/common/ext_authz/BUILD → source/extensions/filters/common/ext_authz/BUILD

@@ -8,12 +8,21 @@ load(
 
 envoy_package()
 
+envoy_cc_library(
+    name = "ext_authz_interface",
+    hdrs = ["ext_authz.h"],
+    deps = [
+        "//include/envoy/tracing:http_tracer_interface",
+        "@envoy_api//envoy/service/auth/v2:external_auth_cc",
+    ],
+)
+
 envoy_cc_library(
     name = "ext_authz_lib",
     srcs = ["ext_authz_impl.cc"],
     hdrs = ["ext_authz_impl.h"],
     deps = [
-        "//include/envoy/ext_authz:ext_authz_interface",
+        ":ext_authz_interface",
         "//include/envoy/grpc:async_client_interface",
         "//include/envoy/grpc:async_client_manager_interface",
         "//include/envoy/http:filter_interface",

include/envoy/ext_authz/ext_authz.h → source/extensions/filters/common/ext_authz/ext_authz.h

@@ -10,6 +10,9 @@
 #include "envoy/tracing/http_tracer.h"
 
 namespace Envoy {
+namespace Extensions {
+namespace Filters {
+namespace Common {
 namespace ExtAuthz {
 
 /**
@@ -64,4 +67,7 @@ class Client {
 typedef std::unique_ptr<Client> ClientPtr;
 
 } // namespace ExtAuthz
+} // namespace Common
+} // namespace Filters
+} // namespace Extensions
 } // namespace Envoy

source/common/ext_authz/ext_authz_impl.cc → source/extensions/filters/common/ext_authz/ext_authz_impl.cc

@@ -1,4 +1,4 @@
-#include "common/ext_authz/ext_authz_impl.h"
+#include "extensions/filters/common/ext_authz/ext_authz_impl.h"
 
 #include <chrono>
 #include <cstdint>
@@ -15,9 +15,10 @@
 #include "common/network/utility.h"
 #include "common/protobuf/protobuf.h"
 
-#include "fmt/format.h"
-
 namespace Envoy {
+namespace Extensions {
+namespace Filters {
+namespace Common {
 namespace ExtAuthz {
 
 GrpcClientImpl::GrpcClientImpl(Grpc::AsyncClientPtr&& async_client,
@@ -191,4 +192,7 @@ void CheckRequestUtils::createTcpCheck(const Network::ReadFilterCallbacks* callb
 }
 
 } // namespace ExtAuthz
+} // namespace Common
+} // namespace Filters
+} // namespace Extensions
 } // namespace Envoy

source/common/ext_authz/ext_authz_impl.h → source/extensions/filters/common/ext_authz/ext_authz_impl.h

@@ -5,7 +5,6 @@
 #include <string>
 #include <vector>
 
-#include "envoy/ext_authz/ext_authz.h"
 #include "envoy/grpc/async_client.h"
 #include "envoy/grpc/async_client_manager.h"
 #include "envoy/http/filter.h"
@@ -19,7 +18,12 @@
 
 #include "common/singleton/const_singleton.h"
 
+#include "extensions/filters/common/ext_authz/ext_authz.h"
+
 namespace Envoy {
+namespace Extensions {
+namespace Filters {
+namespace Common {
 namespace ExtAuthz {
 
 typedef Grpc::TypedAsyncRequestCallbacks<envoy::service::auth::v2::CheckResponse>
@@ -109,4 +113,7 @@ class CheckRequestUtils {
 };
 
 } // namespace ExtAuthz
+} // namespace Common
+} // namespace Filters
+} // namespace Extensions
 } // namespace Envoy

source/extensions/filters/http/ext_authz/BUILD

@@ -0,0 +1,38 @@
+licenses(["notice"])  # Apache 2
+
+load(
+    "//bazel:envoy_build_system.bzl",
+    "envoy_cc_library",
+    "envoy_package",
+)
+
+envoy_package()
+
+envoy_cc_library(
+    name = "ext_authz",
+    srcs = ["ext_authz.cc"],
+    hdrs = ["ext_authz.h"],
+    deps = [
+        "//include/envoy/http:codes_interface",
+        "//source/common/common:assert_lib",
+        "//source/common/common:empty_string",
+        "//source/common/common:enum_to_int",
+        "//source/common/http:codes_lib",
+        "//source/common/router:config_lib",
+        "//source/extensions/filters/common/ext_authz:ext_authz_lib",
+        "@envoy_api//envoy/config/filter/http/ext_authz/v2:ext_authz_cc",
+    ],
+)
+
+envoy_cc_library(
+    name = "config",
+    srcs = ["config.cc"],
+    hdrs = ["config.h"],
+    deps = [
+        ":ext_authz",
+        "//include/envoy/registry",
+        "//include/envoy/server:filter_config_interface",
+        "//source/common/config:well_known_names",
+        "//source/common/protobuf:utility_lib",
+    ],
+)

source/server/config/http/ext_authz.cc → source/extensions/filters/http/ext_authz/config.cc

@@ -1,48 +1,51 @@
-#include "server/config/http/ext_authz.h"
+#include "extensions/filters/http/ext_authz/config.h"
 
 #include <chrono>
 #include <string>
 
 #include "envoy/config/filter/http/ext_authz/v2/ext_authz.pb.validate.h"
 #include "envoy/registry/registry.h"
 
-#include "common/ext_authz/ext_authz_impl.h"
-#include "common/http/filter/ext_authz.h"
 #include "common/protobuf/utility.h"
 
+#include "extensions/filters/common/ext_authz/ext_authz_impl.h"
+#include "extensions/filters/http/ext_authz/ext_authz.h"
+
 namespace Envoy {
-namespace Server {
-namespace Configuration {
+namespace Extensions {
+namespace HttpFilters {
+namespace ExtAuthz {
 
-HttpFilterFactoryCb ExtAuthzFilterConfig::createFilter(
+Server::Configuration::HttpFilterFactoryCb ExtAuthzFilterConfig::createFilter(
     const envoy::config::filter::http::ext_authz::v2::ExtAuthz& proto_config, const std::string&,
-    FactoryContext& context) {
-  auto filter_config = std::make_shared<Http::ExtAuthz::FilterConfig>(
-      proto_config, context.localInfo(), context.scope(), context.runtime(),
-      context.clusterManager());
+    Server::Configuration::FactoryContext& context) {
+  auto filter_config =
+      std::make_shared<FilterConfig>(proto_config, context.localInfo(), context.scope(),
+                                     context.runtime(), context.clusterManager());
   const uint32_t timeout_ms = PROTOBUF_GET_MS_OR_DEFAULT(proto_config.grpc_service(), timeout, 200);
 
   return [ grpc_service = proto_config.grpc_service(), &context, filter_config,
            timeout_ms ](Http::FilterChainFactoryCallbacks & callbacks) {
     auto async_client_factory =
         context.clusterManager().grpcAsyncClientManager().factoryForGrpcService(grpc_service,
                                                                                 context.scope());
-    auto client = std::make_unique<Envoy::ExtAuthz::GrpcClientImpl>(
+    auto client = std::make_unique<Filters::Common::ExtAuthz::GrpcClientImpl>(
         async_client_factory->create(), std::chrono::milliseconds(timeout_ms));
     callbacks.addStreamDecoderFilter(Http::StreamDecoderFilterSharedPtr{
-        std::make_shared<Http::ExtAuthz::Filter>(filter_config, std::move(client))});
+        std::make_shared<Filter>(filter_config, std::move(client))});
   };
 }
 
-HttpFilterFactoryCb ExtAuthzFilterConfig::createFilterFactory(const Json::Object&,
-                                                              const std::string&, FactoryContext&) {
+Server::Configuration::HttpFilterFactoryCb
+ExtAuthzFilterConfig::createFilterFactory(const Json::Object&, const std::string&,
+                                          Server::Configuration::FactoryContext&) {
   NOT_IMPLEMENTED;
 }
 
-HttpFilterFactoryCb
+Server::Configuration::HttpFilterFactoryCb
 ExtAuthzFilterConfig::createFilterFactoryFromProto(const Protobuf::Message& proto_config,
                                                    const std::string& stats_prefix,
-                                                   FactoryContext& context) {
+                                                   Server::Configuration::FactoryContext& context) {
   return createFilter(
       MessageUtil::downcastAndValidate<const envoy::config::filter::http::ext_authz::v2::ExtAuthz&>(
           proto_config),
@@ -52,8 +55,11 @@ ExtAuthzFilterConfig::createFilterFactoryFromProto(const Protobuf::Message& prot
 /**
  * Static registration for the external authorization filter. @see RegisterFactory.
  */
-static Registry::RegisterFactory<ExtAuthzFilterConfig, NamedHttpFilterConfigFactory> register_;
+static Registry::RegisterFactory<ExtAuthzFilterConfig,
+                                 Server::Configuration::NamedHttpFilterConfigFactory>
+    register_;
 
-} // namespace Configuration
-} // namespace Server
+} // namespace ExtAuthz
+} // namespace HttpFilters
+} // namespace Extensions
 } // namespace Envoy

source/extensions/filters/http/ext_authz/config.h

@@ -0,0 +1,44 @@
+#pragma once
+
+#include <string>
+
+#include "envoy/config/filter/http/ext_authz/v2/ext_authz.pb.h"
+#include "envoy/server/filter_config.h"
+
+#include "common/config/well_known_names.h"
+
+namespace Envoy {
+namespace Extensions {
+namespace HttpFilters {
+namespace ExtAuthz {
+
+/**
+ * Config registration for the external authorization filter. @see NamedHttpFilterConfigFactory.
+ */
+class ExtAuthzFilterConfig : public Server::Configuration::NamedHttpFilterConfigFactory {
+public:
+  Server::Configuration::HttpFilterFactoryCb
+  createFilterFactory(const Json::Object& json_config, const std::string&,
+                      Server::Configuration::FactoryContext& context) override;
+
+  Server::Configuration::HttpFilterFactoryCb
+  createFilterFactoryFromProto(const Protobuf::Message& proto_config,
+                               const std::string& stats_prefix,
+                               Server::Configuration::FactoryContext& context) override;
+
+  ProtobufTypes::MessagePtr createEmptyConfigProto() override {
+    return ProtobufTypes::MessagePtr{new envoy::config::filter::http::ext_authz::v2::ExtAuthz()};
+  }
+
+  std::string name() override { return Config::HttpFilterNames::get().EXT_AUTHORIZATION; }
+
+private:
+  Server::Configuration::HttpFilterFactoryCb
+  createFilter(const envoy::config::filter::http::ext_authz::v2::ExtAuthz& proto_config,
+               const std::string& stats_prefix, Server::Configuration::FactoryContext& context);
+};
+
+} // namespace ExtAuthz
+} // namespace HttpFilters
+} // namespace Extensions
+} // namespace Envoy