From f6da81c9d04a0d67c55d06cf66a904a9ecf7fccf Mon Sep 17 00:00:00 2001 From: cskh Date: Tue, 31 Jan 2023 11:49:45 -0500 Subject: [PATCH] improvement: prevent filter being added twice from any enovy extension (#16112) * improvement: prevent filter being added twice from any enovy extension * break if error != nil * update test --- .../extensioncommon/basic_envoy_extender.go | 9 +++++++ .../connect/envoy/case-lua/setup.sh | 25 +++++++++++++++++++ .../connect/envoy/case-lua/verify.bats | 10 ++++++++ 3 files changed, 44 insertions(+) diff --git a/agent/envoyextensions/extensioncommon/basic_envoy_extender.go b/agent/envoyextensions/extensioncommon/basic_envoy_extender.go index 77b9e1c2e9..82fc81e808 100644 --- a/agent/envoyextensions/extensioncommon/basic_envoy_extender.go +++ b/agent/envoyextensions/extensioncommon/basic_envoy_extender.go @@ -169,10 +169,13 @@ func (b BasicEnvoyExtender) patchTerminatingGatewayListener(config *RuntimeConfi if err != nil { resultErr = multierror.Append(resultErr, fmt.Errorf("error patching listener filter: %w", err)) filters = append(filters, filter) + continue } if ok { filters = append(filters, newFilter) patched = true + } else { + filters = append(filters, filter) } } filterChain.Filters = filters @@ -215,11 +218,14 @@ func (b BasicEnvoyExtender) patchConnectProxyListener(config *RuntimeConfig, l * if err != nil { resultErr = multierror.Append(resultErr, fmt.Errorf("error patching listener filter: %w", err)) filters = append(filters, filter) + continue } if ok { filters = append(filters, newFilter) patched = true + } else { + filters = append(filters, filter) } } filterChain.Filters = filters @@ -247,11 +253,14 @@ func (b BasicEnvoyExtender) patchTProxyListener(config *RuntimeConfig, l *envoy_ if err != nil { resultErr = multierror.Append(resultErr, fmt.Errorf("error patching listener filter: %w", err)) filters = append(filters, filter) + continue } if ok { filters = append(filters, newFilter) patched = true + } else { + filters = append(filters, filter) } } filterChain.Filters = filters diff --git a/test/integration/connect/envoy/case-lua/setup.sh b/test/integration/connect/envoy/case-lua/setup.sh index ee88be1f2a..2455758a0b 100644 --- a/test/integration/connect/envoy/case-lua/setup.sh +++ b/test/integration/connect/envoy/case-lua/setup.sh @@ -27,6 +27,31 @@ end ] ' +upsert_config_entry primary ' +Kind = "service-defaults" +Name = "s1" +Protocol = "tcp" +EnvoyExtensions = [ + { + Name = "builtin/lua", + Arguments = { + ProxyType = "connect-proxy" + Listener = "inbound" + Script = <<-EOF +function envoy_on_request(request_handle) + meta = request_handle:streamInfo():dynamicMetadata() + m = meta:get("consul") + request_handle:headers():add("x-consul-service", m["service"]) + request_handle:headers():add("x-consul-namespace", m["namespace"]) + request_handle:headers():add("x-consul-datacenter", m["datacenter"]) + request_handle:headers():add("x-consul-trust-domain", m["trust-domain"]) +end + EOF + } + } +] +' + register_services primary gen_envoy_bootstrap s1 19000 primary diff --git a/test/integration/connect/envoy/case-lua/verify.bats b/test/integration/connect/envoy/case-lua/verify.bats index 762f8f1c3c..f15af3ff5a 100644 --- a/test/integration/connect/envoy/case-lua/verify.bats +++ b/test/integration/connect/envoy/case-lua/verify.bats @@ -37,3 +37,13 @@ load helpers echo "$output" | grep -E "X-Consul-Namespace: default" echo "$output" | grep -E "X-Consul-Trust-Domain: (\w+-){4}\w+.consul" } + +@test "s1(tcp) proxy should not be changed by lua extension" { + TCP_FILTERS=$(get_envoy_listener_filters localhost:19000) + PUB=$(echo "$TCP_FILTERS" | grep -E "^public_listener:" | cut -f 2 -d ' ') + + echo "TCP_FILTERS = $TCP_FILTERS" + echo "PUB = $PUB" + + [ "$PUB" = "envoy.filters.network.rbac,envoy.filters.network.tcp_proxy" ] +}