Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* Policy controller suggestions * core: Use `http` crate instead of `hyper`'s re-export. `http` is just the core types. `hyper` includes client/server infrastructure which isn't needed. We already pull in both so there's practically no functional difference. * core: Rename `Hostname` to `HostMatch` to be consistent with API types. * core: Rename `HttpRoute`, `HttpFilter`, etc to `Inbound*`. These types are specific to inbound policies. We wouldn't use the same types for outbound policies. * core: Split individual filter types from the `InboundFilter` type so that the `InboundFilter` type doesn't hold all of the details for all of the filters. * core: Make `HeaderMatch` hold `HeaderName` and `HeaderValue` so that we can rely on the validation from these libraries. Notably, `Headervalue` does not necessarily hold a string. * core: Make `QueryParamMatch` an enum, since the `Value` type would only have that one use now. * index: Rename `RouteBinding` to `InboundRouteBinding`, as it holds inbound-specific route configuration. * index: Add a `InboundParentRef` type that describes a validated parent reference. * index: Update `InboundRouteBinding::try_from` to validate parent references and fail reading routes that do not reference servers. * grpc: Move general `http_route` conversions into a dedicated module (to simplify inbound coverters). * Cleanup imports as much as possible, shortening module names with aliases where possible. Because we're frequently converting between different representations of the same types, it's helpful to reference the modules explicitly rather than relying on large sets of imports. * Where possible, we destructure types to document that we are handling all fields on a type. * Update deny.toml for git dependency Signed-off-by: Oliver Gould <ver@buoyant.io> * Upgrade to moment 2.29.4 (#8856) Signed-off-by: Alex Leong <alex@buoyant.io> * build(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0 (#8857) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.48.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.47.0...v1.48.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add port to helm Values (#8855) Fix `linkerd-viz` helm chart documentation for jaeger integration. Adds miss port to jaeger url example in `value.yaml`. This port is required to allow the dashboard to proxy to the jaeger instance. This brings the example given in the `values.yaml` file in line with the web docs. Closes #8851 Signed-off-by: Harry Walter <harry@bluebamboostudios.com> * policy: Index authorization policies with no authentications (#8865) In 1a0c1c3 we updated the admission controller to allow `AuthorizationPolicy` resources with an empty `requiredAuthenticationRefs`. But we did NOT update the indexer, so we would allow these resources to be created but then fail to honor them in the API. To fix this: 1. The `AuthorizationPolicy` admission controller is updated to exercise the indexer's validation so that it is impossible to admit resources that will be discarded by the indexer; 2. An e2e test is added to exercise this configuration; 3. The indexer's validation is updated to accept resources with no authentications. Signed-off-by: Oliver Gould <ver@buoyant.io> * Simply ignore non-server parent refs when indexing Signed-off-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Alex Leong <alex@buoyant.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Harry Walter <harry.walter@lqdinternet.com>
- Loading branch information
1 parent
1df6259
commit 26cc102
Showing
21 changed files
with
463 additions
and
340 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
use linkerd2_proxy_api::{http_route as proto, http_types}; | ||
use linkerd_policy_controller_core::http_route::{ | ||
FailureInjectorFilter, HeaderMatch, HostMatch, HttpRouteMatch, PathMatch, PathModifier, | ||
QueryParamMatch, RequestHeaderModifierFilter, RequestRedirectFilter, | ||
}; | ||
|
||
pub(crate) fn convert_host_match(h: HostMatch) -> proto::HostMatch { | ||
proto::HostMatch { | ||
r#match: Some(match h { | ||
HostMatch::Exact(host) => proto::host_match::Match::Exact(host), | ||
HostMatch::Suffix { reverse_labels } => { | ||
proto::host_match::Match::Suffix(proto::host_match::Suffix { | ||
reverse_labels: reverse_labels.to_vec(), | ||
}) | ||
} | ||
}), | ||
} | ||
} | ||
|
||
pub(crate) fn convert_match( | ||
HttpRouteMatch { | ||
headers, | ||
path, | ||
query_params, | ||
method, | ||
}: HttpRouteMatch, | ||
) -> proto::HttpRouteMatch { | ||
let headers = headers | ||
.into_iter() | ||
.map(|hm| match hm { | ||
HeaderMatch::Exact(name, value) => proto::HeaderMatch { | ||
name: name.to_string(), | ||
value: Some(proto::header_match::Value::Exact(value.as_bytes().to_vec())), | ||
}, | ||
HeaderMatch::Regex(name, re) => proto::HeaderMatch { | ||
name: name.to_string(), | ||
value: Some(proto::header_match::Value::Regex(re.to_string())), | ||
}, | ||
}) | ||
.collect(); | ||
|
||
let path = path.map(|path| proto::PathMatch { | ||
kind: Some(match path { | ||
PathMatch::Exact(path) => proto::path_match::Kind::Exact(path), | ||
PathMatch::Prefix(prefix) => proto::path_match::Kind::Prefix(prefix), | ||
PathMatch::Regex(regex) => proto::path_match::Kind::Regex(regex.to_string()), | ||
}), | ||
}); | ||
|
||
let query_params = query_params | ||
.into_iter() | ||
.map(|qpm| match qpm { | ||
QueryParamMatch::Exact(name, value) => proto::QueryParamMatch { | ||
name, | ||
value: Some(proto::query_param_match::Value::Exact(value)), | ||
}, | ||
QueryParamMatch::Regex(name, re) => proto::QueryParamMatch { | ||
name, | ||
value: Some(proto::query_param_match::Value::Regex(re.to_string())), | ||
}, | ||
}) | ||
.collect(); | ||
|
||
proto::HttpRouteMatch { | ||
headers, | ||
path, | ||
query_params, | ||
method: method.map(Into::into), | ||
} | ||
} | ||
|
||
pub(crate) fn convert_failure_injector_filter( | ||
FailureInjectorFilter { | ||
status, | ||
message, | ||
ratio, | ||
}: FailureInjectorFilter, | ||
) -> proto::HttpFailureInjector { | ||
proto::HttpFailureInjector { | ||
status: u32::from(status.as_u16()), | ||
message, | ||
ratio: Some(proto::Ratio { | ||
numerator: ratio.numerator, | ||
denominator: ratio.denominator, | ||
}), | ||
} | ||
} | ||
|
||
pub(crate) fn convert_header_modifier_filter( | ||
RequestHeaderModifierFilter { add, set, remove }: RequestHeaderModifierFilter, | ||
) -> proto::RequestHeaderModifier { | ||
proto::RequestHeaderModifier { | ||
add: Some(http_types::Headers { | ||
headers: add | ||
.into_iter() | ||
.map(|(n, v)| http_types::headers::Header { | ||
name: n.to_string(), | ||
value: v.as_bytes().to_owned(), | ||
}) | ||
.collect(), | ||
}), | ||
set: Some(http_types::Headers { | ||
headers: set | ||
.into_iter() | ||
.map(|(n, v)| http_types::headers::Header { | ||
name: n.to_string(), | ||
value: v.as_bytes().to_owned(), | ||
}) | ||
.collect(), | ||
}), | ||
remove: remove.into_iter().map(|n| n.to_string()).collect(), | ||
} | ||
} | ||
|
||
pub(crate) fn convert_redirect_filter( | ||
RequestRedirectFilter { | ||
scheme, | ||
host, | ||
path, | ||
port, | ||
status, | ||
}: RequestRedirectFilter, | ||
) -> proto::RequestRedirect { | ||
proto::RequestRedirect { | ||
scheme: scheme.map(|ref s| s.into()), | ||
host: host.unwrap_or_default(), | ||
path: path.map(|pm| proto::PathModifier { | ||
replace: Some(match pm { | ||
PathModifier::Full(p) => proto::path_modifier::Replace::Full(p), | ||
PathModifier::Prefix(p) => proto::path_modifier::Replace::Prefix(p), | ||
}), | ||
}), | ||
port: port.unwrap_or_default(), | ||
status: u32::from(status.unwrap_or_default().as_u16()), | ||
} | ||
} |
Oops, something went wrong.