diff --git a/.bazelversion b/.bazelversion index dfda3e0b4..91e4a9f26 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -6.1.0 +6.3.2 diff --git a/api/envoy/config/filter/http/transformation/v2/BUILD b/api/envoy/config/filter/http/transformation/v2/BUILD index 32a78b320..649334859 100644 --- a/api/envoy/config/filter/http/transformation/v2/BUILD +++ b/api/envoy/config/filter/http/transformation/v2/BUILD @@ -16,7 +16,7 @@ api_proto_package( "@envoy_api//envoy/type:pkg", "@envoy_api//envoy/type/matcher/v3:pkg", "@envoy_api//envoy/type/matcher:pkg", - "@com_github_cncf_udpa//xds/type/matcher/v3:pkg", + "@com_github_cncf_xds//xds/type/matcher/v3:pkg", ], visibility = ["//visibility:public"], ) diff --git a/bazel/extensions/extensions_build_config.bzl b/bazel/extensions/extensions_build_config.bzl index 99f179323..f8542194c 100644 --- a/bazel/extensions/extensions_build_config.bzl +++ b/bazel/extensions/extensions_build_config.bzl @@ -124,6 +124,7 @@ EXTENSIONS = { "envoy.filters.http.aws_lambda": "//source/extensions/filters/http/aws_lambda:config", "envoy.filters.http.aws_request_signing": "//source/extensions/filters/http/aws_request_signing:config", "envoy.filters.http.bandwidth_limit": "//source/extensions/filters/http/bandwidth_limit:config", + "envoy.filters.http.basic_auth": "//source/extensions/filters/http/basic_auth:config", "envoy.filters.http.buffer": "//source/extensions/filters/http/buffer:config", "envoy.filters.http.cache": "//source/extensions/filters/http/cache:config", "envoy.filters.http.cdn_loop": "//source/extensions/filters/http/cdn_loop:config", @@ -263,6 +264,19 @@ EXTENSIONS = { "envoy.tracers.skywalking": "//source/extensions/tracers/skywalking:config", "envoy.tracers.opentelemetry": "//source/extensions/tracers/opentelemetry:config", + # + # OpenTelemetry Resource Detectors + # + + "envoy.tracers.opentelemetry.resource_detectors.environment": "//source/extensions/tracers/opentelemetry/resource_detectors/environment:config", + "envoy.tracers.opentelemetry.resource_detectors.dynatrace": "//source/extensions/tracers/opentelemetry/resource_detectors/dynatrace:config", + + # + # OpenTelemetry tracer samplers + # + + "envoy.tracers.opentelemetry.samplers.always_on": "//source/extensions/tracers/opentelemetry/samplers/always_on:config", + # # Transport sockets # @@ -482,6 +496,12 @@ EXTENSIONS = { # Geolocation Provider # # "envoy.geoip_providers.maxmind": "//source/extensions/geoip_providers/maxmind:config", + + # + # cluster specifier plugin + # + + "envoy.router.cluster_specifier_plugin.lua": "//source/extensions/router/cluster_specifiers/lua:config", } # These can be changed to ["//visibility:public"], for downstream builds which diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl index c477ce41c..94d406888 100644 --- a/bazel/repositories.bzl +++ b/bazel/repositories.bzl @@ -66,10 +66,6 @@ def _repository_impl(name, **kwargs): ) def envoy_gloo_dependencies(): - # the following 2 patches are needed to support the deprecated cipher - # passthrough and only need to be backported onto envoy v1.25.x - # these should be removed when moving to v1.26.x since this code exists in - # upstream at that point. _repository_impl("envoy") _repository_impl("json", build_file = "@envoy_gloo//bazel/external:json.BUILD") _repository_impl("inja", build_file = "@envoy_gloo//bazel/external:inja.BUILD") diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl index 122ba9baa..1eb6e0425 100644 --- a/bazel/repository_locations.bzl +++ b/bazel/repository_locations.bzl @@ -1,7 +1,7 @@ REPOSITORY_LOCATIONS = dict( envoy = dict( - # envoy 1.28.1 with backported ext_proc updates - commit = "47d4c36d399b9daae47cd7f6c4d41cf75e7e3ff8", + # envoy 1.29.2 with backported ext_proc updates + commit = "b5c77750dc0f9de19478c89776f580fb9336fc99", remote = "https://github.com/solo-io/envoy-fork", ), inja = dict( diff --git a/changelog/v1.29.2-patch1/bump-envoy.yaml b/changelog/v1.29.2-patch1/bump-envoy.yaml new file mode 100644 index 000000000..8e04fbe89 --- /dev/null +++ b/changelog/v1.29.2-patch1/bump-envoy.yaml @@ -0,0 +1,8 @@ +changelog: +- type: DEPENDENCY_BUMP + dependencyOwner: solo-io + dependencyRepo: envoy-fork + dependencyTag: v1.29.2 + resolvesIssue: false + description: >- + Update Envoy to latest from forked 1.29.2 diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 56be03f3c..63a15bf4f 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -1,11 +1,13 @@ #!/bin/bash set -e -if [ -n "$ENVOY_DOCKER_BUILD_DIR" ]; then - rm -rf "$ENVOY_DOCKER_BUILD_DIR/envoy/x64/bin/" -else - rm -rf "/build/envoy/x64/bin/" +if [ -z "$BUILD_DIR" ]; then + BUILD_DIR=/build + echo "using build dir: ${BUILD_DIR}" +else + echo "using pre-defined build dir: ${BUILD_DIR}" fi +export BUILD_DIR bazel fetch //source/exe:envoy-static @@ -32,6 +34,7 @@ fi export ENVOY_SRCDIR=$SOURCE_DIR # google cloud build times out when using full throttle. +# additionally, we see builds killed due to OOM at high concurrency. export NUM_CPUS=10 # google cloud build doesn't like ipv6 @@ -42,9 +45,11 @@ export BAZEL_EXTRA_TEST_OPTIONS="--test_env=ENVOY_IP_TEST_VERSIONS=v4only --test export ENVOY_CONTRIB_BUILD_TARGET="//source/exe:envoy-static" export ENVOY_CONTRIB_BUILD_DEBUG_INFORMATION="//source/exe:envoy-static.dwp" +export BAZEL_BUILD_EXTRA_OPTIONS BAZEL_BUILD_EXTRA_OPTIONS+=" --remote_cache=${BAZEL_REMOTE_CACHE}" -export GCP_SERVICE_ACCOUNT_KEY_PATH=$(mktemp -t gcp_service_account.XXXXXX.json) +export GCP_SERVICE_ACCOUNT_KEY_PATH +GCP_SERVICE_ACCOUNT_KEY_PATH=$(mktemp -t gcp_service_account.XXXXXX.json) echo "${GCP_SERVICE_ACCOUNT_KEY}" | base64 --decode > "${GCP_SERVICE_ACCOUNT_KEY_PATH}" BAZEL_BUILD_EXTRA_OPTIONS+=" --google_credentials=${GCP_SERVICE_ACCOUNT_KEY_PATH}" diff --git a/source/extensions/filters/http/aws_lambda/aws_lambda_filter_config_factory.cc b/source/extensions/filters/http/aws_lambda/aws_lambda_filter_config_factory.cc index f780c052b..d256661fe 100644 --- a/source/extensions/filters/http/aws_lambda/aws_lambda_filter_config_factory.cc +++ b/source/extensions/filters/http/aws_lambda/aws_lambda_filter_config_factory.cc @@ -17,21 +17,27 @@ AWSLambdaFilterConfigFactory::createFilterFactoryFromProtoTyped( &proto_config, const std::string &stats_prefix, Server::Configuration::FactoryContext &context) { + auto& server_context = context.serverFactoryContext(); - + // ServerFactoryContext::clusterManager() is not available during server initialization + // therefore we need to pass absl::nullopt in lieu of the server_context to prevent + // the upstream code from attempting to access the method. https://github.com/envoyproxy/envoy/issues/26653 auto chain = std::make_unique( - context.api(), Extensions::Common::Aws::Utility::fetchMetadata); - auto sts_factory = StsCredentialsProviderFactory::create(context.api(), - context.clusterManager()); + server_context.api(), absl::nullopt /* ServerFactoryContextOptRef context */, + // We pass an empty string if we don't have a region + proto_config.has_service_account_credentials() ? proto_config.service_account_credentials().region() : "", + Extensions::Common::Aws::Utility::fetchMetadata); + auto sts_factory = StsCredentialsProviderFactory::create(server_context.api(), + server_context.clusterManager()); auto config = std::make_shared(std::move(chain), std::move(sts_factory), - context.mainThreadDispatcher(), context.api(), context.threadLocal(), stats_prefix, - context.scope(), proto_config); + server_context.mainThreadDispatcher(), server_context.api(), server_context.threadLocal(), stats_prefix, + server_context.scope(), proto_config); return - [&context, config] + [&server_context, config] (Http::FilterChainFactoryCallbacks &callbacks) -> void { callbacks.addStreamFilter(std::make_shared( - context.clusterManager(), context.api(), config)); + server_context.clusterManager(), server_context.api(), config)); }; } diff --git a/source/extensions/filters/http/aws_lambda/sts_credentials_provider.h b/source/extensions/filters/http/aws_lambda/sts_credentials_provider.h index 3ce82252d..8ee3dad80 100644 --- a/source/extensions/filters/http/aws_lambda/sts_credentials_provider.h +++ b/source/extensions/filters/http/aws_lambda/sts_credentials_provider.h @@ -62,6 +62,7 @@ class StsCredentialsProviderFactory { static StsCredentialsProviderFactoryPtr create(Api::Api &api, Upstream::ClusterManager &cm); + }; } // namespace AwsLambda diff --git a/source/extensions/filters/http/nats/streaming/nats_streaming_filter_config_factory.cc b/source/extensions/filters/http/nats/streaming/nats_streaming_filter_config_factory.cc index 52a4d0cc3..f053e886e 100644 --- a/source/extensions/filters/http/nats/streaming/nats_streaming_filter_config_factory.cc +++ b/source/extensions/filters/http/nats/streaming/nats_streaming_filter_config_factory.cc @@ -24,7 +24,7 @@ NatsStreamingFilterConfigFactory::createFilterFactoryFromProtoTyped( NatsStreamingFilterConfigSharedPtr config = std::make_shared( - NatsStreamingFilterConfig(proto_config, context.clusterManager())); + NatsStreamingFilterConfig(proto_config, context.serverFactoryContext().clusterManager())); Tcp::ConnPoolNats::ClientFactory &client_factory = Tcp::ConnPoolNats::ClientFactoryImpl( - config->cluster(), context.clusterManager(), client_factory, - context.threadLocal(), context.api().randomGenerator(), config->opTimeout()); + config->cluster(), context.serverFactoryContext().clusterManager(), client_factory, + context.serverFactoryContext().threadLocal(), context.serverFactoryContext().api().randomGenerator(), config->opTimeout()); return [config, nats_streaming_client]( Envoy::Http::FilterChainFactoryCallbacks &callbacks) -> void { diff --git a/source/extensions/filters/http/transformation/transformation_filter_config.cc b/source/extensions/filters/http/transformation/transformation_filter_config.cc index c96dbacc1..dfac33d88 100644 --- a/source/extensions/filters/http/transformation/transformation_filter_config.cc +++ b/source/extensions/filters/http/transformation/transformation_filter_config.cc @@ -29,7 +29,7 @@ void TransformationFilterConfig::addTransformationLegacy( request_transformation, response_transformation, on_stream_completion_transformation, clear_route_cache); if (rule.has_route_transformations()) { - transformer_pair = createTransformations(rule.route_transformations(), context); + transformer_pair = createTransformations(rule.route_transformations(), context.serverFactoryContext()); } transformer_pairs_.emplace_back(MatcherCopy::Matcher::create(rule.match()), transformer_pair); @@ -38,10 +38,10 @@ void TransformationFilterConfig::addTransformationLegacy( TransformationFilterConfig::TransformationFilterConfig( const TransformationConfigProto &proto_config, const std::string &prefix, Server::Configuration::FactoryContext &context) - : FilterConfig(prefix, context.scope(), proto_config.stage(), + : FilterConfig(prefix, context.serverFactoryContext().scope(), proto_config.stage(), proto_config.log_request_response_info()) { if (proto_config.has_matcher()) { - matcher_ = createTransformationMatcher(proto_config.matcher(), context.getServerFactoryContext()); + matcher_ = createTransformationMatcher(proto_config.matcher(), context.serverFactoryContext()); return; } for (const auto &rule : proto_config.transformations()) { diff --git a/test/extensions/filters/http/aws_lambda/aws_lambda_filter_test.cc b/test/extensions/filters/http/aws_lambda/aws_lambda_filter_test.cc index 221883460..2e3f498bc 100644 --- a/test/extensions/filters/http/aws_lambda/aws_lambda_filter_test.cc +++ b/test/extensions/filters/http/aws_lambda/aws_lambda_filter_test.cc @@ -83,8 +83,8 @@ class AWSLambdaFilterTest : public testing::Test { void setupRoute(bool sessionToken = false, bool noCredentials = false, bool persistOriginalHeaders = false, bool unwrapAsAlb = false, bool unmanagedCredentials = false, bool unwrapAsApiGateway = false) { - factory_context_.cluster_manager_.initializeClusters({"fake_cluster"}, {}); - factory_context_.cluster_manager_.initializeThreadLocalClusters({"fake_cluster"}); + factory_context_.server_factory_context_.cluster_manager_.initializeClusters({"fake_cluster"}, {}); + factory_context_.server_factory_context_.cluster_manager_.initializeThreadLocalClusters({"fake_cluster"}); routeconfig_.set_name("func"); routeconfig_.set_qualifier("v1"); @@ -131,7 +131,7 @@ class AWSLambdaFilterTest : public testing::Test { filter_config_->propagate_original_routing_=persistOriginalHeaders; ON_CALL( - *factory_context_.cluster_manager_.thread_local_cluster_.cluster_.info_, + *factory_context_.server_factory_context_.cluster_manager_.thread_local_cluster_.cluster_.info_, extensionProtocolOptions(SoloHttpFilterNames::get().AwsLambda)) .WillByDefault( Return(std::make_shared( @@ -139,7 +139,7 @@ class AWSLambdaFilterTest : public testing::Test { filter_ = std::make_unique( - factory_context_.cluster_manager_, factory_context_.api_, + factory_context_.server_factory_context_.cluster_manager_, factory_context_.server_factory_context_.api_, filter_config_); filter_->setDecoderFilterCallbacks(filter_callbacks_); @@ -402,7 +402,7 @@ TEST_F(AWSLambdaFilterTest, SignsDataSetByPreviousFilters) { auto hex_sha1 = auth1.getBodyHexSha(); filter_ = std::make_unique( - factory_context_.cluster_manager_, factory_context_.api_, + factory_context_.server_factory_context_.cluster_manager_, factory_context_.server_factory_context_.api_, filter_config_); filter_->setDecoderFilterCallbacks(filter_callbacks_); @@ -423,7 +423,7 @@ TEST_F(AWSLambdaFilterTest, SignsDataSetByPreviousFilters) { EXPECT_EQ(hex_sha1, hex_sha2); filter_ = std::make_unique( - factory_context_.cluster_manager_, factory_context_.api_, + factory_context_.server_factory_context_.cluster_manager_, factory_context_.server_factory_context_.api_, filter_config_); filter_->setDecoderFilterCallbacks(filter_callbacks_); diff --git a/test/extensions/filters/http/aws_lambda/aws_lambda_transformer_test.cc b/test/extensions/filters/http/aws_lambda/aws_lambda_transformer_test.cc index a8a8a6791..bc129ea3a 100644 --- a/test/extensions/filters/http/aws_lambda/aws_lambda_transformer_test.cc +++ b/test/extensions/filters/http/aws_lambda/aws_lambda_transformer_test.cc @@ -76,8 +76,8 @@ class AWSLambdaTransformerTest : public testing::Test, } void setupRoute(bool unwrapAsApiGateway = false, bool wrapAsApiGateway = false) { - factory_context_.cluster_manager_.initializeClusters({"fake_cluster"}, {}); - factory_context_.cluster_manager_.initializeThreadLocalClusters({"fake_cluster"}); + factory_context_.server_factory_context_.cluster_manager_.initializeClusters({"fake_cluster"}, {}); + factory_context_.server_factory_context_.cluster_manager_.initializeThreadLocalClusters({"fake_cluster"}); routeconfig_.set_name("func"); routeconfig_.set_qualifier("v1"); @@ -109,14 +109,14 @@ class AWSLambdaTransformerTest : public testing::Test, filter_config_->propagate_original_routing_=false; ON_CALL( - *factory_context_.cluster_manager_.thread_local_cluster_.cluster_.info_, + *factory_context_.server_factory_context_.cluster_manager_.thread_local_cluster_.cluster_.info_, extensionProtocolOptions(SoloHttpFilterNames::get().AwsLambda)) .WillByDefault( Return(std::make_shared( protoextconfig))); filter_ = std::make_unique( - factory_context_.cluster_manager_, factory_context_.api_, + factory_context_.server_factory_context_.cluster_manager_, factory_context_.server_factory_context_.api_, filter_config_); filter_->setDecoderFilterCallbacks(filter_callbacks_); } diff --git a/test/extensions/filters/http/aws_lambda/config_test.cc b/test/extensions/filters/http/aws_lambda/config_test.cc index 1a1a648a3..575bbac2c 100644 --- a/test/extensions/filters/http/aws_lambda/config_test.cc +++ b/test/extensions/filters/http/aws_lambda/config_test.cc @@ -49,9 +49,9 @@ class ConfigTest : public testing::Test { NiceMock *prepareTimer() { NiceMock *timer = - new NiceMock(&context_.dispatcher_); + new NiceMock(&context_.server_factory_context_.dispatcher_); protoconfig.mutable_use_default_credentials()->set_value(true); - EXPECT_CALL(context_.thread_local_, allocateSlot()).Times(1); + EXPECT_CALL(context_.server_factory_context_.thread_local_, allocateSlot()).Times(1); return timer; } @@ -84,8 +84,8 @@ TEST_F(ConfigTest, WithUseDefaultCreds) { std::unique_ptr> unique_factory{ sts_factory_}; auto config = std::make_shared( - std::move(cred_provider), std::move(unique_factory), context_.dispatcher_, - context_.api_, context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); + std::move(cred_provider), std::move(unique_factory), context_.server_factory_context_.dispatcher_, + context_.server_factory_context_.api_, context_.server_factory_context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); NiceMock callbacks_1; @@ -150,8 +150,8 @@ TEST_F(ConfigTest, FailingToRotate) { std::unique_ptr> unique_factory{ sts_factory_}; auto config = std::make_shared( - std::move(cred_provider), std::move(unique_factory), context_.dispatcher_, - context_.api_, context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); + std::move(cred_provider), std::move(unique_factory), context_.server_factory_context_.dispatcher_, + context_.server_factory_context_.api_, context_.server_factory_context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); std::shared_ptr ext_config_1 = std::make_shared(protoextconfig); @@ -200,8 +200,8 @@ TEST_F(ConfigTest, WithProtocolExtensionCreds) { std::unique_ptr> unique_factory{ sts_factory_}; auto config = std::make_shared( - std::move(cred_provider), std::move(unique_factory), context_.dispatcher_, - context_.api_, context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); + std::move(cred_provider), std::move(unique_factory), context_.server_factory_context_.dispatcher_, + context_.server_factory_context_.api_, context_.server_factory_context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); NiceMock callbacks_1; @@ -254,10 +254,10 @@ TEST_F(ConfigTest, WithStsCreds) { setenv("AWS_WEB_IDENTITY_TOKEN_FILE", "test", 1); setenv("AWS_ROLE_ARN", "test_arn", 1); - EXPECT_CALL(context_.api_.file_system_, fileExists(_)) + EXPECT_CALL(context_.server_factory_context_.api_.file_system_, fileExists(_)) .Times(1) .WillOnce(Return(true)); - EXPECT_CALL(context_.api_.file_system_, fileReadToEnd(_)) + EXPECT_CALL(context_.server_factory_context_.api_.file_system_, fileReadToEnd(_)) .Times(1) .WillOnce(Return("web_token")); @@ -273,15 +273,15 @@ TEST_F(ConfigTest, WithStsCreds) { })); auto watcher = new Filesystem::MockWatcher(); - EXPECT_CALL(context_.dispatcher_, createFilesystemWatcher_()) + EXPECT_CALL(context_.server_factory_context_.dispatcher_, createFilesystemWatcher_()) .WillOnce(Return(watcher)); EXPECT_CALL(*watcher, addWatch("test", _, _)).Times(1); std::unique_ptr> unique_factory{ sts_factory_}; auto config = std::make_shared( - std::move(cred_provider), std::move(unique_factory), context_.dispatcher_, - context_.api_, context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); + std::move(cred_provider), std::move(unique_factory), context_.server_factory_context_.dispatcher_, + context_.server_factory_context_.api_, context_.server_factory_context_.thread_local_, "prefix.", *stats_.rootScope(), protoconfig); NiceMock callbacks; diff --git a/test/extensions/filters/http/aws_lambda/sts_connection_pool_test.cc b/test/extensions/filters/http/aws_lambda/sts_connection_pool_test.cc index d8f13cf40..e5a4a8681 100644 --- a/test/extensions/filters/http/aws_lambda/sts_connection_pool_test.cc +++ b/test/extensions/filters/http/aws_lambda/sts_connection_pool_test.cc @@ -83,7 +83,7 @@ TEST_F(StsConnectionPoolTest, TestSuccessfulCallback) { std::unique_ptr> unique_fetcher{ sts_fetcher_}; auto sts_conn_pool = StsConnectionPool::create( - mock_factory_ctx_.api_, mock_factory_ctx_.dispatcher_, role_arn, role_arn, + mock_factory_ctx_.server_factory_context_.api_, mock_factory_ctx_.server_factory_context_.dispatcher_, role_arn, role_arn, &pool_callbacks, std::move(unique_fetcher)); // Fetch credentials first call as they are not in the cache @@ -133,7 +133,7 @@ TEST_F(StsConnectionPoolTest, TestPostInitAdd) { std::unique_ptr> unique_fetcher{ sts_fetcher_}; auto sts_conn_pool = StsConnectionPool::create( - mock_factory_ctx_.api_, mock_factory_ctx_.dispatcher_, role_arn, role_arn, + mock_factory_ctx_.server_factory_context_.api_, mock_factory_ctx_.server_factory_context_.dispatcher_, role_arn, role_arn, &pool_callbacks, std::move(unique_fetcher)); StsFetcher::Callbacks *lambda_callbacks; @@ -154,7 +154,7 @@ TEST_F(StsConnectionPoolTest, TestPostInitAdd) { auto context_1 = sts_conn_pool->add(&ctx_callbacks); // Expect the context to be removed - EXPECT_CALL(mock_factory_ctx_.dispatcher_, deferredDelete_(_)); + EXPECT_CALL(mock_factory_ctx_.server_factory_context_.dispatcher_, deferredDelete_(_)); context_1->cancel(); @@ -193,7 +193,7 @@ TEST_F(StsConnectionPoolTest, TestFailure) { std::unique_ptr> unique_fetcher{ sts_fetcher_}; auto sts_conn_pool = StsConnectionPool::create( - mock_factory_ctx_.api_, mock_factory_ctx_.dispatcher_, role_arn, role_arn, + mock_factory_ctx_.server_factory_context_.api_, mock_factory_ctx_.server_factory_context_.dispatcher_, role_arn, role_arn, &pool_callbacks, std::move(unique_fetcher)); // Fetch credentials first call as they are not in the cache diff --git a/test/extensions/filters/http/aws_lambda/sts_credentials_provider_test.cc b/test/extensions/filters/http/aws_lambda/sts_credentials_provider_test.cc index f37e8dfc8..dac889d03 100644 --- a/test/extensions/filters/http/aws_lambda/sts_credentials_provider_test.cc +++ b/test/extensions/filters/http/aws_lambda/sts_credentials_provider_test.cc @@ -79,7 +79,7 @@ TEST_F(StsCredentialsProviderTest, TestFullFlow) { std::unique_ptr> factory_ = std::move(sts_connection_pool_factory_); auto* factory = factory_.get(); auto sts_provider = StsCredentialsProvider::create( - config_, mock_factory_ctx_.api_, mock_factory_ctx_.cluster_manager_, + config_, mock_factory_ctx_.server_factory_context_.api_, mock_factory_ctx_.server_factory_context_.cluster_manager_, std::move(factory_), token, role_arn); testing::NiceMock ctx_callbacks_1; @@ -164,7 +164,7 @@ TEST_F(StsCredentialsProviderTest, TestFullChainedFlow) { std::unique_ptr> factory_ = std::move(sts_connection_pool_factory_); auto* factory = factory_.get(); auto sts_provider = StsCredentialsProvider::create( - config_, mock_factory_ctx_.api_, mock_factory_ctx_.cluster_manager_, + config_, mock_factory_ctx_.server_factory_context_.api_, mock_factory_ctx_.server_factory_context_.cluster_manager_, std::move(factory_), token, base_role_arn); testing::NiceMock ctx_callbacks_1; @@ -253,7 +253,7 @@ TEST_F(StsCredentialsProviderTest, TestUnchainedFlow) { auto* factory = factory_.get(); auto sts_provider = StsCredentialsProvider::create( - config_, mock_factory_ctx_.api_, mock_factory_ctx_.cluster_manager_, + config_, mock_factory_ctx_.server_factory_context_.api_, mock_factory_ctx_.server_factory_context_.cluster_manager_, std::move(factory_), token, role_arn); testing::NiceMock ctx_callbacks_1; @@ -317,4 +317,4 @@ TEST_F(StsCredentialsProviderTest, TestUnchainedFlow) { } // namespace AwsLambda } // namespace HttpFilters } // namespace Extensions -} // namespace Envoy \ No newline at end of file +} // namespace Envoy diff --git a/test/extensions/filters/http/aws_lambda/sts_fetcher_test.cc b/test/extensions/filters/http/aws_lambda/sts_fetcher_test.cc index 1d2da68f0..305978fc4 100644 --- a/test/extensions/filters/http/aws_lambda/sts_fetcher_test.cc +++ b/test/extensions/filters/http/aws_lambda/sts_fetcher_test.cc @@ -101,8 +101,8 @@ const std::string web_token = "web_token"; class StsFetcherTest : public testing::Test { public: void SetUp() override { - mock_factory_ctx_.cluster_manager_.initializeClusters({"test"}, {}); - mock_factory_ctx_.cluster_manager_.initializeThreadLocalClusters({"test"}); + mock_factory_ctx_.server_factory_context_.cluster_manager_.initializeClusters({"test"}, {}); + mock_factory_ctx_.server_factory_context_.cluster_manager_.initializeThreadLocalClusters({"test"}); TestUtility::loadFromYaml(service_account_credentials_config, config_); uri_.set_cluster(config_.cluster()); uri_.set_uri(config_.uri()); @@ -119,10 +119,10 @@ class StsFetcherTest : public testing::Test { // Test findByIssuer TEST_F(StsFetcherTest, TestGetSuccess) { // Setup - MockUpstream mock_sts(mock_factory_ctx_.cluster_manager_, "200", + MockUpstream mock_sts(mock_factory_ctx_.server_factory_context_.cluster_manager_, "200", valid_response); std::unique_ptr fetcher(StsFetcher::create( - mock_factory_ctx_.cluster_manager_, mock_factory_ctx_.api_)); + mock_factory_ctx_.server_factory_context_.cluster_manager_, mock_factory_ctx_.server_factory_context_.api_)); EXPECT_TRUE(fetcher != nullptr); testing::NiceMock callbacks; @@ -133,10 +133,10 @@ TEST_F(StsFetcherTest, TestGetSuccess) { TEST_F(StsFetcherTest, TestChainedSts) { // Setup - MockUpstream mock_sts(mock_factory_ctx_.cluster_manager_, "200", + MockUpstream mock_sts(mock_factory_ctx_.server_factory_context_.cluster_manager_, "200", valid_chained_response); std::unique_ptr fetcher(StsFetcher::create( - mock_factory_ctx_.cluster_manager_, mock_factory_ctx_.api_)); + mock_factory_ctx_.server_factory_context_.cluster_manager_, mock_factory_ctx_.server_factory_context_.api_)); EXPECT_TRUE(fetcher != nullptr); testing::NiceMock callbacks; @@ -157,9 +157,9 @@ TEST_F(StsFetcherTest, TestChainedSts) { TEST_F(StsFetcherTest, TestGet503) { // Setup - MockUpstream mock_sts(mock_factory_ctx_.cluster_manager_, "503", "invalid"); + MockUpstream mock_sts(mock_factory_ctx_.server_factory_context_.cluster_manager_, "503", "invalid"); std::unique_ptr fetcher(StsFetcher::create( - mock_factory_ctx_.cluster_manager_, mock_factory_ctx_.api_)); + mock_factory_ctx_.server_factory_context_.cluster_manager_, mock_factory_ctx_.server_factory_context_.api_)); EXPECT_TRUE(fetcher != nullptr); testing::NiceMock callbacks; @@ -171,10 +171,10 @@ TEST_F(StsFetcherTest, TestGet503) { TEST_F(StsFetcherTest, TestCredentialsExpired) { // Setup - MockUpstream mock_sts(mock_factory_ctx_.cluster_manager_, "401", + MockUpstream mock_sts(mock_factory_ctx_.server_factory_context_.cluster_manager_, "401", expired_token_response); std::unique_ptr fetcher(StsFetcher::create( - mock_factory_ctx_.cluster_manager_, mock_factory_ctx_.api_)); + mock_factory_ctx_.server_factory_context_.cluster_manager_, mock_factory_ctx_.server_factory_context_.api_)); EXPECT_TRUE(fetcher != nullptr); testing::NiceMock callbacks; @@ -187,10 +187,10 @@ TEST_F(StsFetcherTest, TestCredentialsExpired) { TEST_F(StsFetcherTest, TestCredentialScopeMismatch) { // Setup - MockUpstream mock_sts(mock_factory_ctx_.cluster_manager_, "401", + MockUpstream mock_sts(mock_factory_ctx_.server_factory_context_.cluster_manager_, "401", credential_scope_mismatch); std::unique_ptr fetcher(StsFetcher::create( - mock_factory_ctx_.cluster_manager_, mock_factory_ctx_.api_)); + mock_factory_ctx_.server_factory_context_.cluster_manager_, mock_factory_ctx_.server_factory_context_.api_)); EXPECT_TRUE(fetcher != nullptr); testing::NiceMock callbacks; @@ -203,10 +203,10 @@ TEST_F(StsFetcherTest, TestCredentialScopeMismatch) { TEST_F(StsFetcherTest, TestHttpFailure) { // Setup - MockUpstream mock_sts(mock_factory_ctx_.cluster_manager_, + MockUpstream mock_sts(mock_factory_ctx_.server_factory_context_.cluster_manager_, Http::AsyncClient::FailureReason::Reset); std::unique_ptr fetcher(StsFetcher::create( - mock_factory_ctx_.cluster_manager_, mock_factory_ctx_.api_)); + mock_factory_ctx_.server_factory_context_.cluster_manager_, mock_factory_ctx_.server_factory_context_.api_)); EXPECT_TRUE(fetcher != nullptr); testing::NiceMock callbacks; @@ -219,10 +219,10 @@ TEST_F(StsFetcherTest, TestHttpFailure) { TEST_F(StsFetcherTest, TestCancel) { // Setup Http::MockAsyncClientRequest request( - &(mock_factory_ctx_.cluster_manager_.thread_local_cluster_.async_client_)); - MockUpstream mock_sts(mock_factory_ctx_.cluster_manager_, &request); + &(mock_factory_ctx_.server_factory_context_.cluster_manager_.thread_local_cluster_.async_client_)); + MockUpstream mock_sts(mock_factory_ctx_.server_factory_context_.cluster_manager_, &request); std::unique_ptr fetcher(StsFetcher::create( - mock_factory_ctx_.cluster_manager_, mock_factory_ctx_.api_)); + mock_factory_ctx_.server_factory_context_.cluster_manager_, mock_factory_ctx_.server_factory_context_.api_)); EXPECT_TRUE(fetcher != nullptr); EXPECT_CALL(request, cancel()).Times(1); diff --git a/test/extensions/filters/http/nats/streaming/nats_streaming_filter_test.cc b/test/extensions/filters/http/nats/streaming/nats_streaming_filter_test.cc index d9a8a735a..e61fba950 100644 --- a/test/extensions/filters/http/nats/streaming/nats_streaming_filter_test.cc +++ b/test/extensions/filters/http/nats/streaming/nats_streaming_filter_test.cc @@ -33,11 +33,11 @@ class NatsStreamingFilterTest : public testing::Test { proto_config.mutable_op_timeout()->set_nanos(17 * 1000000); proto_config.set_max_connections(1); proto_config.set_cluster("cluster"); - factory_context_.cluster_manager_.initializeClusters({"cluster"}, {}); - factory_context_.cluster_manager_.initializeThreadLocalClusters({"cluster"}); + factory_context_.server_factory_context_.cluster_manager_.initializeClusters({"cluster"}, {}); + factory_context_.server_factory_context_.cluster_manager_.initializeThreadLocalClusters({"cluster"}); config_.reset(new NatsStreamingFilterConfig( - proto_config, factory_context_.clusterManager())); + proto_config, factory_context_.server_factory_context_.clusterManager())); nats_streaming_client_.reset( new NiceMock); filter_.reset(new NatsStreamingFilter(config_, nats_streaming_client_)); diff --git a/test/extensions/filters/http/transformation/transformation_filter_config_test.cc b/test/extensions/filters/http/transformation/transformation_filter_config_test.cc index ee68ae030..975e4accb 100644 --- a/test/extensions/filters/http/transformation/transformation_filter_config_test.cc +++ b/test/extensions/filters/http/transformation/transformation_filter_config_test.cc @@ -48,7 +48,7 @@ TEST(Transformation, TestGetTransformer) { factoryConfig->set_name("io.solo.transformer.fake"); auto any = factoryConfig->mutable_typed_config(); any->set_type_url("type.googleapis.com/envoy.test.extensions.transformation.FakeTransformer"); - auto transformer = t.getTransformer(transformation, factory_context_); + auto transformer = t.getTransformer(transformation, factory_context_.server_factory_context_); auto fakeTransformer = dynamic_cast(transformer.get()); // if transformer is not fake transformer type, will return nullptr EXPECT_NE(fakeTransformer, nullptr); @@ -57,4 +57,4 @@ TEST(Transformation, TestGetTransformer) { } } } -} \ No newline at end of file +} diff --git a/test/integration/BUILD b/test/integration/BUILD index a5894b8be..a904a3266 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -24,6 +24,7 @@ envoy_gloo_cc_test( "//source/extensions/filters/http/transformation:transformation_filter_config_lib", "@envoy//test/integration:http_integration_lib", "@envoy//test/integration:integration_lib", + "@envoy//test/test_common:test_runtime_lib", ], ) diff --git a/test/integration/aws_lambda_filter_integration_test.cc b/test/integration/aws_lambda_filter_integration_test.cc index fb498dc68..a7ea8eb36 100644 --- a/test/integration/aws_lambda_filter_integration_test.cc +++ b/test/integration/aws_lambda_filter_integration_test.cc @@ -5,6 +5,7 @@ #include "test/integration/http_integration.h" #include "test/integration/integration.h" #include "test/integration/utility.h" +#include "test/test_common/test_runtime.h" #include "api/envoy/config/filter/http/aws_lambda/v2/aws_lambda.pb.validate.h" @@ -13,6 +14,8 @@ namespace Envoy { const std::string DEFAULT_LAMBDA_FILTER = R"EOF( name: io.solo.aws_lambda +typed_config: + "@type": type.googleapis.com/envoy.config.filter.http.aws_lambda.v2.AWSLambdaConfig )EOF"; const std::string USE_CHAIN_LAMBDA_FILTER = @@ -72,7 +75,6 @@ class AWSLambdaFilterIntegrationTest * Initializer for an individual integration test. */ void initialize() override { - if (add_transform_) { // not sure why but checking the "authorization" in the test succeeds. // what i really want to test is that the filter that follows the aws filter gets the auth header @@ -184,89 +186,126 @@ name: io.solo.aws_lambda makeHttpConnection(makeClientConnection((lookupPort("http")))); } + void testWithConfig() { + initialize(); + Http::TestRequestHeaderMapImpl request_headers{ + {":method", "POST"}, {":authority", "www.solo.io"}, {":path", "/"}}; + + sendRequestAndWaitForResponse(request_headers, 10, default_response_headers_, + 10); + + EXPECT_NE(0, upstream_request_->headers() + .get(Http::LowerCaseString("authorization"))[0] + ->value() + .size()); + } + + void testWithChain() { + cred_mode_ = CredMode::CHAIN; + initialize(); + Http::TestRequestHeaderMapImpl request_headers{ + {":method", "POST"}, {":authority", "www.solo.io"}, {":path", "/"}}; + + sendRequestAndWaitForResponse(request_headers, 10, default_response_headers_, + 10); + + EXPECT_NE(0, upstream_request_->headers() + .get(Http::LowerCaseString("authorization"))[0] + ->value() + .size()); + EXPECT_EQ(1UL, + test_server_->gauge("http.config_test.aws_lambda.current_state") + ->value()); + EXPECT_EQ(1UL, + test_server_->counter("http.config_test.aws_lambda.creds_rotated") + ->value()); + EXPECT_EQ(0UL, + test_server_->counter("http.config_test.aws_lambda.fetch_failed") + ->value()); + } + + void testWithSTS() { + cred_mode_ = CredMode::STS; + add_transform_ = true; + initialize(); + Http::TestRequestHeaderMapImpl request_headers{ + {":method", "GET"}, {":authority", "www.solo.io"}, {":path", "/"}}; + + IntegrationStreamDecoderPtr response = codec_client_->makeHeaderOnlyRequest(request_headers); + + auto timeout = TestUtility::DefaultTimeout; + + // first request is sts request; return sts response. + waitForNextUpstreamRequest(0, timeout); + upstream_request_->encodeHeaders(default_response_headers_, false); + upstream_request_->encodeData(VALID_CHAINED_RESPONSE, true); + + // second upstream request is the "lambda" request. + waitForNextUpstreamRequest(0, timeout); + + // make sure we have a body (i.e. make sure transformation filter worked). + std::string body = upstream_request_->body().toString(); + EXPECT_EQ(body, "abc /"); + + // make sure that the transformation filter after the lambda was called and observed the authorization header: + // ** THIS IS THE MANIFESTATION OF THE BUG ** + const auto& auth_header = upstream_request_->headers() + .get(Http::LowerCaseString("x-authorization"))[0] + ->value(); + EXPECT_NE(0, auth_header.size()); + + // wrap up the test nicely: + upstream_request_->encodeHeaders(default_response_headers_, false); + upstream_request_->encodeData(10, true); + + // Wait for the response to be read by the codec client. + RELEASE_ASSERT(response->waitForEndStream(timeout), "unexpected timeout"); + } + + void setUseHttpClient(bool use) { + std::string useStr = use ? "true" : "false"; + scoped_runtime_.mergeValues( + {{"envoy.reloadable_features.use_http_client_to_fetch_aws_credentials", useStr}}); + } + enum class CredMode{DEFAULT, CHAIN, STS}; CredMode cred_mode_{}; bool add_transform_{}; + TestScopedRuntime scoped_runtime_; }; INSTANTIATE_TEST_SUITE_P( IpVersions, AWSLambdaFilterIntegrationTest, testing::ValuesIn(TestEnvironment::getIpVersionsForTest())); -TEST_P(AWSLambdaFilterIntegrationTest, TestWithConfig) { - initialize(); - Http::TestRequestHeaderMapImpl request_headers{ - {":method", "POST"}, {":authority", "www.solo.io"}, {":path", "/"}}; - - sendRequestAndWaitForResponse(request_headers, 10, default_response_headers_, - 10); - - EXPECT_NE(0, upstream_request_->headers() - .get(Http::LowerCaseString("authorization"))[0] - ->value() - .size()); +TEST_P(AWSLambdaFilterIntegrationTest, TestWithConfigLibcurl) { + setUseHttpClient(false); + testWithConfig(); } -TEST_P(AWSLambdaFilterIntegrationTest, TestWithChain) { - cred_mode_ = CredMode::CHAIN; - initialize(); - Http::TestRequestHeaderMapImpl request_headers{ - {":method", "POST"}, {":authority", "www.solo.io"}, {":path", "/"}}; - - sendRequestAndWaitForResponse(request_headers, 10, default_response_headers_, - 10); - - EXPECT_NE(0, upstream_request_->headers() - .get(Http::LowerCaseString("authorization"))[0] - ->value() - .size()); - EXPECT_EQ(1UL, - test_server_->gauge("http.config_test.aws_lambda.current_state") - ->value()); - EXPECT_EQ(1UL, - test_server_->counter("http.config_test.aws_lambda.creds_rotated") - ->value()); - EXPECT_EQ(0UL, - test_server_->counter("http.config_test.aws_lambda.fetch_failed") - ->value()); +TEST_P(AWSLambdaFilterIntegrationTest, TestWithConfigHttpClient) { + setUseHttpClient(true); + testWithConfig(); } -TEST_P(AWSLambdaFilterIntegrationTest, TestWithSTS) { - cred_mode_ = CredMode::STS; - add_transform_ = true; - initialize(); - Http::TestRequestHeaderMapImpl request_headers{ - {":method", "GET"}, {":authority", "www.solo.io"}, {":path", "/"}}; - - IntegrationStreamDecoderPtr response = codec_client_->makeHeaderOnlyRequest(request_headers); - - auto timeout = TestUtility::DefaultTimeout; - - // first request is sts request; return sts response. - waitForNextUpstreamRequest(0, timeout); - upstream_request_->encodeHeaders(default_response_headers_, false); - upstream_request_->encodeData(VALID_CHAINED_RESPONSE, true); - - // second upstream request is the "lambda" request. - waitForNextUpstreamRequest(0, timeout); - - // make sure we have a body (i.e. make sure transformation filter worked). - std::string body = upstream_request_->body().toString(); - EXPECT_EQ(body, "abc /"); +TEST_P(AWSLambdaFilterIntegrationTest, TestWithChainLibcurl) { + setUseHttpClient(false); + testWithChain(); +} - // make sure that the transformation filter after the lambda was called and observed the authorization header: - // ** THIS IS THE MANIFESTATION OF THE BUG ** - const auto& auth_header = upstream_request_->headers() - .get(Http::LowerCaseString("x-authorization"))[0] - ->value(); - EXPECT_NE(0, auth_header.size()); +TEST_P(AWSLambdaFilterIntegrationTest, TestWithChainHttpClient) { + setUseHttpClient(true); + testWithChain(); +} - // wrap up the test nicely: - upstream_request_->encodeHeaders(default_response_headers_, false); - upstream_request_->encodeData(10, true); +TEST_P(AWSLambdaFilterIntegrationTest, TestWithSTSLibcurl) { + setUseHttpClient(false); + testWithSTS(); +} - // Wait for the response to be read by the codec client. - RELEASE_ASSERT(response->waitForEndStream(timeout), "unexpected timeout"); +TEST_P(AWSLambdaFilterIntegrationTest, TestWithSTSHttpClient) { + setUseHttpClient(true); + testWithSTS(); }