Add terminal attribute to request hash.#4292
Conversation
…ow CookieHashMethod to use whole cookies header by not specifying a cookie name.
Changes:
* Add a terminal attribute to HashMethod, which shortcircuit the hash generating process if a policy is marked terminal and there is a hash computed already.
* Add QueryParams hash method to hash on URL query parameter value.
* Add HostPath hash method to hash on HOST and PATH in URL.
* Allow CookieHashMethod to hash on the cookies header if no cookie key specified.
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
|
@akonradi has best context on this code, so will defer to him for primary review. |
Signed-off-by: Xin Zhuang <stevenzzz@stevenzzz6.cam.corp.google.com>
akonradi
left a comment
akonradi
left a comment
There was a problem hiding this comment.
Sending initial thoughts for discussion while I keep reading the tests.
| // identical lists of hash policies will produce the same hash. Since a hash | ||
| // identical lists of hash policies will produce the same hash.Since a hash | ||
| // policy examines specific parts of a request, it can fail to produce a hash | ||
| // (i.e. if the hashed header is not present). If (and only if) all configured |
There was a problem hiding this comment.
Can you update this section with info about the terminal field? It seems important but the documentation for it is kind of buried up above.
source/common/router/config_impl.cc
Outdated
| const uint64_t old_value = hash ? ((hash.value() << 1) | (hash.value() >> 63)) : 0; | ||
| hash = old_value ^ new_hash.value(); | ||
| } | ||
| // If the policy is a terminal policy and there are hash generated, ignore |
There was a problem hiding this comment.
nits:
"there are hash" -> "a hash was"
"rest" -> "rest of the"
…about adding the "terminal" attribute. Test adjusted accordingly. Signed-off-by: Xin Zhuang <stevenzzz@stevenzzz6.cam.corp.google.com>
stevenzzzz
force-pushed
the
request-hashing
branch
from
83390f8 to
dff9c22
Compare
|
@akonradi Hey Alex please take a look at your convenience. :) Thx! |
akonradi
left a comment
akonradi
left a comment
There was a problem hiding this comment.
LGTM modulo minor nits.
| } | ||
|
|
||
| TEST_F(RouterMatcherHashPolicyTest, HashTerminal) { | ||
| // Hash pilicy list: cookie, header [terminal=true], user_ip. |
|
|
||
| uint64_t hash_1, hash_2; | ||
| // Test terminal works when there is hash computed, the rest of the policy | ||
| // list is ignored. |
There was a problem hiding this comment.
Can you add a note about how these are using different addresses? It was hard to make out the one-character difference at first glance.
There was a problem hiding this comment.
Thanks, and done.
There was a problem hiding this comment.
test 123 ( I don't know how github UI works)
api/envoy/api/v2/route/route.proto
Outdated
| ConnectionProperties connection_properties = 3; | ||
| } | ||
| // Reserve for new policy_specifier. | ||
| /* RESERVED */ reserved 4 to 20; |
There was a problem hiding this comment.
Out of curiosity, why are we reserving these field numbers?
There was a problem hiding this comment.
I think we will add more hash method into the oneof list above and I naively think it'd be nice if we have a ascending order for all the policy_specifier to be added.
Revert it as it's not the general recognition.
Thanks Alex! Signed-off-by: Xin Zhuang <stevenzzz@stevenzzz6.cam.corp.google.com>
stevenzzzz
changed the title
api/envoy/api/v2/route/route.proto
Outdated
| // [(Header A, true), | ||
| // (Cookie B, false), | ||
| // (Cookie C, false)] | ||
| // The generateHash process ends after computing "header A", as it's a terminal policy. |
There was a problem hiding this comment.
Can you add to the commit message and comments here the motivation for the terminal attribute; is there some real-world use case where this is important? Knowing what you are working on, I'm sure there is, but it would be helpful to share.
Merge updates from upstream. Signed-off-by: Xin Zhuang <stevenzzz@stevenzzz6.cam.corp.google.com>
Signed-off-by: Xin Zhuang <stevenzzz@stevenzzz6.cam.corp.google.com>
Signed-off-by: Xin Zhuang <stevenzzz@stevenzzz6.cam.corp.google.com>
|
|
||
| // The flag that shortcircuits the hash computing. This field provides a | ||
| // 'fallback' style of configuration: "if a terminal policy doesn't work, | ||
| // fallback to rest of the policy list", it saves time when the terminal |
There was a problem hiding this comment.
Is this only about performance, or is there a functional aspect? I.e. avoiding taking unnecessary detail into account when computing the hash? We can talk IRL tomorrow if it would be easier to describe the use case then.
There was a problem hiding this comment.
It's about functionality: it provides a fallback for a primary hash method when it didn't work. The performance part is a little gain comes with this attribute.
Updated the PR description to sate it a little bit more clear. Thanks for pointing it out!
3 participants
Add a terminal attribute to request hash policy.
Think about a case where customers want to hash on a cookie if it's present but if it's not present, do best-effort sticky based on something like IP so the customer has a stable hash.
This "terminal" allows request hashing to have the ability of "if A not working, fallback to B.", which also saves time to generate the hash.
Changes:
* Add a terminal attribute to HashMethod, which shortcircuit the hash generating process if a policy is marked terminal and there is a hash computed already.
Signed-off-by: Xin Zhuang stevenzzz@google.com
Description: Add terminal attribute to request hash.
Risk Level: Low
Testing: unit tests.
[Optional Fixes #Issue]
[Optional Deprecated:]