2018-10-03 19:18:55 +01:00
package xds
import (
"errors"
2019-07-01 22:10:51 -05:00
"fmt"
2019-07-23 20:56:39 -05:00
"strings"
2018-10-03 19:18:55 +01:00
"github.com/gogo/protobuf/proto"
2019-07-01 22:10:51 -05:00
envoy "github.com/envoyproxy/go-control-plane/envoy/api/v2"
envoyroute "github.com/envoyproxy/go-control-plane/envoy/api/v2/route"
2018-10-03 19:18:55 +01:00
"github.com/hashicorp/consul/agent/proxycfg"
2019-07-01 22:10:51 -05:00
"github.com/hashicorp/consul/agent/structs"
2018-10-03 19:18:55 +01:00
)
2019-07-01 22:10:51 -05:00
// routesFromSnapshot returns the xDS API representation of the "routes" in the
// snapshot.
2020-03-27 17:57:16 -04:00
func routesFromSnapshot ( cfgSnap * proxycfg . ConfigSnapshot , _ string ) ( [ ] proto . Message , error ) {
2018-10-03 19:18:55 +01:00
if cfgSnap == nil {
return nil , errors . New ( "nil config given" )
}
2019-07-01 22:10:51 -05:00
switch cfgSnap . Kind {
case structs . ServiceKindConnectProxy :
2020-03-27 17:57:16 -04:00
return routesFromSnapshotConnectProxy ( cfgSnap )
2020-04-03 12:41:10 -07:00
case structs . ServiceKindIngressGateway :
return routesFromSnapshotIngressGateway ( cfgSnap )
2019-07-01 22:10:51 -05:00
default :
return nil , fmt . Errorf ( "Invalid service kind: %v" , cfgSnap . Kind )
}
}
// routesFromSnapshotConnectProxy returns the xDS API representation of the
// "routes" in the snapshot.
2020-03-27 17:57:16 -04:00
func routesFromSnapshotConnectProxy ( cfgSnap * proxycfg . ConfigSnapshot ) ( [ ] proto . Message , error ) {
2019-07-01 22:10:51 -05:00
if cfgSnap == nil {
return nil , errors . New ( "nil config given" )
}
var resources [ ] proto . Message
2020-04-16 16:24:11 -07:00
for _ , u := range cfgSnap . Proxy . Upstreams {
2019-07-01 22:10:51 -05:00
upstreamID := u . Identifier ( )
var chain * structs . CompiledDiscoveryChain
if u . DestinationType != structs . UpstreamDestTypePreparedQuery {
2020-04-16 16:24:11 -07:00
chain = cfgSnap . ConnectProxy . DiscoveryChain [ upstreamID ]
2019-07-01 22:10:51 -05:00
}
if chain == nil || chain . IsDefault ( ) {
// TODO(rb): make this do the old school stuff too
} else {
2020-04-23 10:06:19 -05:00
virtualHost , err := makeUpstreamRouteForDiscoveryChain ( upstreamID , chain , [ ] string { "*" } )
2019-07-01 22:10:51 -05:00
if err != nil {
return nil , err
}
2020-04-16 16:24:11 -07:00
route := & envoy . RouteConfiguration {
2020-05-01 09:31:23 -05:00
Name : upstreamID ,
VirtualHosts : [ ] envoyroute . VirtualHost { virtualHost } ,
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the sane value of true to prevent
// null-routing traffic.
2020-04-16 16:24:11 -07:00
ValidateClusters : makeBoolValue ( true ) ,
2019-07-01 22:10:51 -05:00
}
2020-04-16 16:24:11 -07:00
resources = append ( resources , route )
2019-07-01 22:10:51 -05:00
}
}
// TODO(rb): make sure we don't generate an empty result
return resources , nil
}
2020-04-16 16:24:11 -07:00
// routesFromSnapshotIngressGateway returns the xDS API representation of the
// "routes" in the snapshot.
func routesFromSnapshotIngressGateway ( cfgSnap * proxycfg . ConfigSnapshot ) ( [ ] proto . Message , error ) {
if cfgSnap == nil {
return nil , errors . New ( "nil config given" )
}
var result [ ] proto . Message
for listenerKey , upstreams := range cfgSnap . IngressGateway . Upstreams {
// Do not create any route configuration for TCP listeners
if listenerKey . Protocol == "tcp" {
continue
}
upstreamRoute := & envoy . RouteConfiguration {
Name : listenerKey . RouteName ( ) ,
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the sane value of true to prevent
// null-routing traffic.
ValidateClusters : makeBoolValue ( true ) ,
}
for _ , u := range upstreams {
upstreamID := u . Identifier ( )
chain := cfgSnap . IngressGateway . DiscoveryChain [ upstreamID ]
2020-04-23 10:06:19 -05:00
if chain == nil {
continue
}
2020-05-06 13:39:38 -05:00
namespace := u . GetEnterpriseMeta ( ) . NamespaceOrDefault ( )
2020-04-23 10:06:19 -05:00
var domains [ ] string
switch {
case len ( upstreams ) == 1 :
2020-04-16 16:24:11 -07:00
// Don't require a service prefix on the domain if there is only 1
// upstream. This makes it a smoother experience when only having a
// single service associated to a listener, which is probably a common
// case when demoing/testing
2020-04-23 10:06:19 -05:00
domains = [ ] string { "*" }
case len ( u . IngressHosts ) > 0 :
// If a user has specified hosts, do not add the default
// "<service-name>.*" prefix
domains = u . IngressHosts
2020-05-06 13:39:38 -05:00
case namespace != structs . IntentionDefaultNamespace :
domains = [ ] string { fmt . Sprintf ( "%s.ingress.%s.*" , chain . ServiceName , namespace ) }
2020-04-23 10:06:19 -05:00
default :
domains = [ ] string { fmt . Sprintf ( "%s.*" , chain . ServiceName ) }
}
virtualHost , err := makeUpstreamRouteForDiscoveryChain ( upstreamID , chain , domains )
if err != nil {
return nil , err
2020-04-16 16:24:11 -07:00
}
2020-04-23 10:06:19 -05:00
upstreamRoute . VirtualHosts = append ( upstreamRoute . VirtualHosts , virtualHost )
2020-04-16 16:24:11 -07:00
}
result = append ( result , upstreamRoute )
}
return result , nil
}
2019-07-01 22:10:51 -05:00
func makeUpstreamRouteForDiscoveryChain (
2020-04-16 16:24:11 -07:00
routeName string ,
2019-07-01 22:10:51 -05:00
chain * structs . CompiledDiscoveryChain ,
2020-04-23 10:06:19 -05:00
serviceDomains [ ] string ,
) ( envoyroute . VirtualHost , error ) {
2019-07-01 22:10:51 -05:00
var routes [ ] envoyroute . Route
2019-08-01 22:44:05 -05:00
startNode := chain . Nodes [ chain . StartNode ]
if startNode == nil {
panic ( "missing first node in compiled discovery chain for: " + chain . ServiceName )
}
switch startNode . Type {
2019-07-01 22:10:51 -05:00
case structs . DiscoveryGraphNodeTypeRouter :
2019-08-01 22:44:05 -05:00
routes = make ( [ ] envoyroute . Route , 0 , len ( startNode . Routes ) )
2019-07-01 22:10:51 -05:00
2019-08-01 22:44:05 -05:00
for _ , discoveryRoute := range startNode . Routes {
2019-07-01 22:10:51 -05:00
routeMatch := makeRouteMatchForDiscoveryRoute ( discoveryRoute , chain . Protocol )
var (
routeAction * envoyroute . Route_Route
err error
)
2019-08-01 22:44:05 -05:00
nextNode := chain . Nodes [ discoveryRoute . NextNode ]
switch nextNode . Type {
case structs . DiscoveryGraphNodeTypeSplitter :
2020-04-03 12:41:10 -07:00
routeAction , err = makeRouteActionForSplitter ( nextNode . Splits , chain )
2019-07-01 22:10:51 -05:00
if err != nil {
2020-04-23 10:06:19 -05:00
return envoyroute . VirtualHost { } , err
2019-07-01 22:10:51 -05:00
}
2019-08-01 22:44:05 -05:00
case structs . DiscoveryGraphNodeTypeResolver :
2020-04-03 12:41:10 -07:00
routeAction = makeRouteActionForSingleCluster ( nextNode . Resolver . Target , chain )
2019-07-01 22:10:51 -05:00
2019-08-01 22:44:05 -05:00
default :
2020-04-23 10:06:19 -05:00
return envoyroute . VirtualHost { } , fmt . Errorf ( "unexpected graph node after route %q" , nextNode . Type )
2019-07-01 22:10:51 -05:00
}
2019-07-12 14:16:21 -05:00
// TODO(rb): Better help handle the envoy case where you need (prefix=/foo/,rewrite=/) and (exact=/foo,rewrite=/) to do a full rewrite
destination := discoveryRoute . Definition . Destination
if destination != nil {
if destination . PrefixRewrite != "" {
routeAction . Route . PrefixRewrite = destination . PrefixRewrite
}
if destination . RequestTimeout > 0 {
routeAction . Route . Timeout = & destination . RequestTimeout
}
if destination . HasRetryFeatures ( ) {
retryPolicy := & envoyroute . RetryPolicy { }
if destination . NumRetries > 0 {
retryPolicy . NumRetries = makeUint32Value ( int ( destination . NumRetries ) )
}
// The RetryOn magic values come from: https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on
if destination . RetryOnConnectFailure {
retryPolicy . RetryOn = "connect-failure"
}
if len ( destination . RetryOnStatusCodes ) > 0 {
if retryPolicy . RetryOn != "" {
2020-02-18 09:25:47 -06:00
retryPolicy . RetryOn = retryPolicy . RetryOn + ",retriable-status-codes"
2019-07-12 14:16:21 -05:00
} else {
retryPolicy . RetryOn = "retriable-status-codes"
}
retryPolicy . RetriableStatusCodes = destination . RetryOnStatusCodes
}
routeAction . Route . RetryPolicy = retryPolicy
}
}
2019-07-01 22:10:51 -05:00
routes = append ( routes , envoyroute . Route {
Match : routeMatch ,
Action : routeAction ,
} )
}
case structs . DiscoveryGraphNodeTypeSplitter :
2020-04-03 12:41:10 -07:00
routeAction , err := makeRouteActionForSplitter ( startNode . Splits , chain )
2019-07-01 22:10:51 -05:00
if err != nil {
2020-04-23 10:06:19 -05:00
return envoyroute . VirtualHost { } , err
2019-07-01 22:10:51 -05:00
}
defaultRoute := envoyroute . Route {
Match : makeDefaultRouteMatch ( ) ,
Action : routeAction ,
}
routes = [ ] envoyroute . Route { defaultRoute }
2019-08-01 22:44:05 -05:00
case structs . DiscoveryGraphNodeTypeResolver :
2020-04-03 12:41:10 -07:00
routeAction := makeRouteActionForSingleCluster ( startNode . Resolver . Target , chain )
2019-07-01 22:10:51 -05:00
defaultRoute := envoyroute . Route {
Match : makeDefaultRouteMatch ( ) ,
Action : routeAction ,
}
routes = [ ] envoyroute . Route { defaultRoute }
default :
2019-08-01 22:44:05 -05:00
panic ( "unknown first node in discovery chain of type: " + startNode . Type )
2019-07-01 22:10:51 -05:00
}
2020-04-23 10:06:19 -05:00
host := envoyroute . VirtualHost {
2020-04-16 16:24:11 -07:00
Name : routeName ,
2020-04-23 10:06:19 -05:00
Domains : serviceDomains ,
2020-04-16 16:24:11 -07:00
Routes : routes ,
}
return host , nil
2019-07-01 22:10:51 -05:00
}
func makeRouteMatchForDiscoveryRoute ( discoveryRoute * structs . DiscoveryRoute , protocol string ) envoyroute . RouteMatch {
match := discoveryRoute . Definition . Match
if match == nil || match . IsEmpty ( ) {
return makeDefaultRouteMatch ( )
}
em := envoyroute . RouteMatch { }
switch {
case match . HTTP . PathExact != "" :
2019-07-12 14:16:21 -05:00
em . PathSpecifier = & envoyroute . RouteMatch_Path {
Path : match . HTTP . PathExact ,
}
2019-07-01 22:10:51 -05:00
case match . HTTP . PathPrefix != "" :
2019-07-12 14:16:21 -05:00
em . PathSpecifier = & envoyroute . RouteMatch_Prefix {
Prefix : match . HTTP . PathPrefix ,
}
2019-07-01 22:10:51 -05:00
case match . HTTP . PathRegex != "" :
2019-07-12 14:16:21 -05:00
em . PathSpecifier = & envoyroute . RouteMatch_Regex {
Regex : match . HTTP . PathRegex ,
}
2019-07-01 22:10:51 -05:00
default :
2019-07-12 14:16:21 -05:00
em . PathSpecifier = & envoyroute . RouteMatch_Prefix {
Prefix : "/" ,
}
2019-07-01 22:10:51 -05:00
}
if len ( match . HTTP . Header ) > 0 {
em . Headers = make ( [ ] * envoyroute . HeaderMatcher , 0 , len ( match . HTTP . Header ) )
for _ , hdr := range match . HTTP . Header {
eh := & envoyroute . HeaderMatcher {
Name : hdr . Name ,
}
switch {
case hdr . Exact != "" :
eh . HeaderMatchSpecifier = & envoyroute . HeaderMatcher_ExactMatch {
ExactMatch : hdr . Exact ,
}
case hdr . Regex != "" :
eh . HeaderMatchSpecifier = & envoyroute . HeaderMatcher_RegexMatch {
RegexMatch : hdr . Regex ,
}
case hdr . Prefix != "" :
eh . HeaderMatchSpecifier = & envoyroute . HeaderMatcher_PrefixMatch {
PrefixMatch : hdr . Prefix ,
}
case hdr . Suffix != "" :
eh . HeaderMatchSpecifier = & envoyroute . HeaderMatcher_SuffixMatch {
SuffixMatch : hdr . Suffix ,
}
case hdr . Present :
eh . HeaderMatchSpecifier = & envoyroute . HeaderMatcher_PresentMatch {
PresentMatch : true ,
}
default :
continue // skip this impossible situation
}
if hdr . Invert {
eh . InvertMatch = true
}
em . Headers = append ( em . Headers , eh )
}
}
2019-07-23 20:56:39 -05:00
if len ( match . HTTP . Methods ) > 0 {
methodHeaderRegex := strings . Join ( match . HTTP . Methods , "|" )
eh := & envoyroute . HeaderMatcher {
Name : ":method" ,
HeaderMatchSpecifier : & envoyroute . HeaderMatcher_RegexMatch {
RegexMatch : methodHeaderRegex ,
} ,
}
em . Headers = append ( em . Headers , eh )
}
2019-07-01 22:10:51 -05:00
if len ( match . HTTP . QueryParam ) > 0 {
em . QueryParameters = make ( [ ] * envoyroute . QueryParameterMatcher , 0 , len ( match . HTTP . QueryParam ) )
for _ , qm := range match . HTTP . QueryParam {
eq := & envoyroute . QueryParameterMatcher {
2019-07-23 20:55:26 -05:00
Name : qm . Name ,
}
switch {
case qm . Exact != "" :
eq . Value = qm . Exact
case qm . Regex != "" :
eq . Value = qm . Regex
eq . Regex = makeBoolValue ( true )
case qm . Present :
eq . Value = ""
default :
continue // skip this impossible situation
2019-07-01 22:10:51 -05:00
}
em . QueryParameters = append ( em . QueryParameters , eq )
}
}
return em
}
func makeDefaultRouteMatch ( ) envoyroute . RouteMatch {
return envoyroute . RouteMatch {
PathSpecifier : & envoyroute . RouteMatch_Prefix {
Prefix : "/" ,
} ,
// TODO(banks) Envoy supports matching only valid GRPC
// requests which might be nice to add here for gRPC services
// but it's not supported in our current envoy SDK version
// although docs say it was supported by 1.8.0. Going to defer
// that until we've updated the deps.
}
}
2020-04-03 12:41:10 -07:00
func makeRouteActionForSingleCluster ( targetID string , chain * structs . CompiledDiscoveryChain ) * envoyroute . Route_Route {
2019-08-02 15:34:54 -05:00
target := chain . Targets [ targetID ]
2019-08-19 13:03:03 -05:00
clusterName := CustomizeClusterName ( target . Name , chain )
2019-07-01 22:10:51 -05:00
return & envoyroute . Route_Route {
Route : & envoyroute . RouteAction {
ClusterSpecifier : & envoyroute . RouteAction_Cluster {
Cluster : clusterName ,
} ,
} ,
}
}
2020-04-03 12:41:10 -07:00
func makeRouteActionForSplitter ( splits [ ] * structs . DiscoverySplit , chain * structs . CompiledDiscoveryChain ) ( * envoyroute . Route_Route , error ) {
2019-07-01 22:10:51 -05:00
clusters := make ( [ ] * envoyroute . WeightedCluster_ClusterWeight , 0 , len ( splits ) )
for _ , split := range splits {
2019-08-01 22:44:05 -05:00
nextNode := chain . Nodes [ split . NextNode ]
if nextNode . Type != structs . DiscoveryGraphNodeTypeResolver {
return nil , fmt . Errorf ( "unexpected splitter destination node type: %s" , nextNode . Type )
2019-07-01 22:10:51 -05:00
}
2019-08-02 15:34:54 -05:00
targetID := nextNode . Resolver . Target
target := chain . Targets [ targetID ]
2019-08-01 22:03:34 -05:00
2019-08-19 13:03:03 -05:00
clusterName := CustomizeClusterName ( target . Name , chain )
2019-07-01 22:10:51 -05:00
2019-07-12 14:16:21 -05:00
// The smallest representable weight is 1/10000 or .01% but envoy
// deals with integers so scale everything up by 100x.
2019-07-01 22:10:51 -05:00
cw := & envoyroute . WeightedCluster_ClusterWeight {
2019-07-12 14:16:21 -05:00
Weight : makeUint32Value ( int ( split . Weight * 100 ) ) ,
2019-07-01 22:10:51 -05:00
Name : clusterName ,
}
clusters = append ( clusters , cw )
}
return & envoyroute . Route_Route {
Route : & envoyroute . RouteAction {
ClusterSpecifier : & envoyroute . RouteAction_WeightedClusters {
WeightedClusters : & envoyroute . WeightedCluster {
Clusters : clusters ,
2019-07-12 14:16:21 -05:00
TotalWeight : makeUint32Value ( 10000 ) , // scaled up 100%
2019-07-01 22:10:51 -05:00
} ,
} ,
} ,
} , nil
2018-10-03 19:18:55 +01:00
}