istio · qiwzhang · Feb 22, 2017 · Feb 22, 2017 · Feb 22, 2017 · Feb 22, 2017
@@ -17,15 +17,28 @@
 
 load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
 load("@bazel_tools//tools/build_defs/docker:docker.bzl", "docker_build")
+load("@protobuf_git//:protobuf.bzl", "cc_proto_library")
+
+cc_proto_library(
+    name = "string_map_proto",
+    srcs = ["string_map.proto"],
+    default_runtime = "//external:protobuf",
+    protoc = "//external:protoc",
+    visibility = ["//visibility:public"],
+)
 
 cc_library(
     name = "filter_lib",
     srcs = [
         "http_control.cc",
         "http_control.h",
         "http_filter.cc",
+        "send_attribute_filter.cc",
+        "utils.cc",
+        "utils.h",
     ],
     deps = [
+        ":string_map_proto",
         "//external:mixer_client_lib",
         "@envoy_git//:envoy-common",
     ],

@@ -49,3 +49,51 @@ This Proxy will use Envoy and talk to Mixer server.
   curl http://localhost:9090/echo -d "hello world"
 ```
 
+## How to configurate HTTP filters
+
+This module has two HTTP filters:
+1. mixer filter: intercept all HTTP requests, call the mixer.
+2. send_attribute filter: Send some attributes to next hop istio/proxy with mixer filter.
+
+### *mixer* filter:
+
+This filter will intercept all HTTP requests and call Mixer. Here is its config:
+
+```
+   "filters": [
+      "type": "both",
+      "name": "mixer",
+      "config": {
+         "mixer_server": "${MIXER_SERVER}",
+         "attributes" : {
+            "attribute_name1": "attribute_value1",
+            "attribute_name2": "attribute_value2"
+         }
+    }
+```
+
+Notes:
+* mixer_server is required
+* attributes: these attributes will be send to mixer
+
+### *send_attribute* HTTP filter:
+
+This filer will send attributes to the next hop istio/proxy with mixer_filter.
+
+```
+   "filters": [
+      "type": "decoder",
+      "name": "send_attribute",
+      "config": {
+         "attributes": {
+            "attribute_name1": "attribute_value1",
+            "attribute_name2": "attribute_value2"
+ 	    }
+    }
+```
+
+Notes:
+* attributes: these attributes will be send to the next hop istio/proxy with mixer filter.
+
+
+
@@ -35,7 +35,62 @@
                 "type": "both",
                 "name": "mixer",
                 "config": {
-                  "mixer_server": "${MIXER_SERVER}"
+                  "mixer_server": "${MIXER_SERVER}",
+                  "attributes": {
+                      "target.uid": "POD222",
+                      "target.namespace": "XYZ222"
+                  }
+                }
+              },
+              {
+                "type": "decoder",
+                "name": "router",
+                "config": {}
+              }
+            ]
+          }
+        }
+      ]
+    },
+    {
+      "port": 7070,
+      "bind_to_port": true,
+      "filters": [
+        {
+          "type": "read",
+          "name": "http_connection_manager",
+          "config": {
+            "codec_type": "auto",
+            "stat_prefix": "ingress_http",
+            "route_config": {
+              "virtual_hosts": [
+                {
+                  "name": "backend",
+                  "domains": ["*"],
+                  "routes": [
+                    {
+                      "timeout_ms": 0,
+                      "prefix": "/",
+                      "cluster": "service2"
+                    }
+                  ]
+                }
+              ]
+            },
+            "access_log": [
+              {
+                "path": "/dev/stdout"
+              }
+            ],
+            "filters": [
+              {
+                "type": "decoder",
+                "name": "send_attribute",
+                "config": {
+                   "attributes": {
+                      "source.uid": "POD11",
+                      "source.namespace": "XYZ11"
+                   }
                 }
               },
               {
@@ -65,6 +120,17 @@
             "url": "tcp://${BACKEND}"
           }
         ]
+      },
+      {
+        "name": "service2",
+        "connect_timeout_ms": 5000,
+        "type": "strict_dns",
+        "lb_type": "round_robin",
+        "hosts": [
+          {
+            "url": "tcp://localhost:9090"
+          }
+        ]
       }
     ]
   }

@@ -13,8 +13,12 @@
  */
 
 #include "src/envoy/mixer/http_control.h"
+
+#include "common/common/base64.h"
 #include "common/common/utility.h"
 #include "common/http/utility.h"
+#include "src/envoy/mixer/string_map.pb.h"
+#include "src/envoy/mixer/utils.h"
 
 using ::google::protobuf::util::Status;
 using ::istio::mixer_client::Attributes;
@@ -144,8 +148,19 @@ HttpControl::HttpControl(const std::string& mixer_server,
   mixer_client_ = ::istio::mixer_client::CreateMixerClient(options);
 }
 
-void HttpControl::FillCheckAttributes(const HeaderMap& header_map,
-                                      Attributes* attr) {
+void HttpControl::FillCheckAttributes(HeaderMap& header_map, Attributes* attr) {
+  // Extract attributes from x-istio-attributes header
+  const HeaderEntry* entry = header_map.get(Utils::kHeaderNameIstioAttributes);
+  if (entry) {
+    ::istio::proxy::mixer::StringMap pb;
+    std::string str(entry->value().c_str(), entry->value().size());
+    pb.ParseFromString(Base64::decode(str));
+    for (const auto& it : pb.map()) {
+      SetStringAttribute(it.first, it.second, attr);
+    }
+    header_map.remove(Utils::kHeaderNameIstioAttributes);
+  }
+
   FillRequestHeaderAttributes(header_map, attr);
 
   for (const auto& attribute : config_attributes_) {

@@ -51,7 +51,7 @@ class HttpControl final : public Logger::Loggable<Logger::Id::http> {
               ::istio::mixer_client::DoneFunc on_done);
 
  private:
-  void FillCheckAttributes(const HeaderMap& header_map,
+  void FillCheckAttributes(HeaderMap& header_map,
                            ::istio::mixer_client::Attributes* attr);
 
   // The mixer client

@@ -21,6 +21,7 @@
 #include "envoy/server/instance.h"
 #include "server/config/network/http_connection_manager.h"
 #include "src/envoy/mixer/http_control.h"
+#include "src/envoy/mixer/utils.h"
 
 using ::google::protobuf::util::Status;
 using StatusCode = ::google::protobuf::util::error::Code;
@@ -30,8 +31,11 @@ namespace Http {
 namespace Mixer {
 namespace {
 
-// Define lower case string for X-Forwarded-Host.
-const LowerCaseString kHeaderNameXFH("x-forwarded-host", false);
+// The Json object name for mixer-server.
+const std::string kJsonNameMixerServer("mixer_server");
+
+// The Json object name for static attributes.
+const std::string kJsonNameMixerAttributes("attributes");
 
 // Convert Status::code to HTTP code
 int HttpCode(int code) {
@@ -88,20 +92,16 @@ class Config : public Logger::Loggable<Logger::Id::http> {
   Config(const Json::Object& config, Server::Instance& server)
       : cm_(server.clusterManager()) {
     std::string mixer_server;
-    if (config.hasObject("mixer_server")) {
-      mixer_server = config.getString("mixer_server");
+    if (config.hasObject(kJsonNameMixerServer)) {
+      mixer_server = config.getString(kJsonNameMixerServer);
     } else {
       log().error(
           "mixer_server is required but not specified in the config: {}",
           __func__);
     }
 
-    std::map<std::string, std::string> attributes;
-    if (config.hasObject("attributes")) {
-      for (const std::string& attr : config.getStringArray("attributes")) {
-        attributes[attr] = config.getString(attr);
-      }
-    }
+    std::map<std::string, std::string> attributes =
+        Utils::ExtractStringMap(config, kJsonNameMixerAttributes);
 
     http_control_ =
         std::make_shared<HttpControl>(mixer_server, std::move(attributes));

diff --git a/src/envoy/mixer/send_attribute_filter.cc b/src/envoy/mixer/send_attribute_filter.cc
@@ -0,0 +1,116 @@
+/* Copyright 2016 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "precompiled/precompiled.h"
+
+#include "common/common/base64.h"
+#include "common/common/logger.h"
+#include "common/http/headers.h"
+#include "common/http/utility.h"
+#include "envoy/server/instance.h"
+#include "server/config/network/http_connection_manager.h"
+#include "src/envoy/mixer/utils.h"
+
+namespace Http {
+namespace AddHeader {
+namespace {
+
+// The Json object name to specify attributes to pass to
+// next hop istio proxy.
+const std::string kJsonNameAttributes("attributes");
+
+}  // namespace
+
+class Config : public Logger::Loggable<Logger::Id::http> {
+ private:
+  Upstream::ClusterManager& cm_;
+  std::string attributes_;
+
+ public:
+  Config(const Json::Object& config, Server::Instance& server)
+      : cm_(server.clusterManager()) {
+    const auto& attributes =
+        Utils::ExtractStringMap(config, kJsonNameAttributes);
+    if (!attributes.empty()) {
+      std::string serialized_str = Utils::SerializeStringMap(attributes);
+      attributes_ =
+          Base64::encode(serialized_str.c_str(), serialized_str.size());
+    }
+  }
+
+  const std::string& attributes() const { return attributes_; }
+};
+
+typedef std::shared_ptr<Config> ConfigPtr;
+
+class Instance : public Http::StreamDecoderFilter {
+ private:
+  ConfigPtr config_;
+
+ public:
+  Instance(ConfigPtr config) : config_(config) {}
+
+  FilterHeadersStatus decodeHeaders(HeaderMap& headers,
+                                    bool end_stream) override {
+    if (!config_->attributes().empty()) {
+      headers.addStatic(Utils::kHeaderNameIstioAttributes,
+                        config_->attributes());
+    }
+    return FilterHeadersStatus::Continue;
+  }
+
+  FilterDataStatus decodeData(Buffer::Instance& data,
+                              bool end_stream) override {
+    return FilterDataStatus::Continue;
+  }
+
+  FilterTrailersStatus decodeTrailers(HeaderMap& trailers) override {
+    return FilterTrailersStatus::Continue;
+  }
+
+  void setDecoderFilterCallbacks(
+      StreamDecoderFilterCallbacks& callbacks) override {}
+};
+
+}  // namespace AddHeader
+}  // namespace Http
+
+namespace Server {
+namespace Configuration {
+
+class AddHeaderConfig : public HttpFilterConfigFactory {
+ public:
+  HttpFilterFactoryCb tryCreateFilterFactory(
+      HttpFilterType type, const std::string& name, const Json::Object& config,
+      const std::string&, Server::Instance& server) override {
+    if (type != HttpFilterType::Decoder || name != "send_attribute") {
+      return nullptr;
+    }
+
+    Http::AddHeader::ConfigPtr add_header_config(
+        new Http::AddHeader::Config(config, server));
+    return [add_header_config](
+               Http::FilterChainFactoryCallbacks& callbacks) -> void {
+      std::shared_ptr<Http::AddHeader::Instance> instance(
+          new Http::AddHeader::Instance(add_header_config));
+      callbacks.addStreamDecoderFilter(Http::StreamDecoderFilterPtr(instance));
+    };
+  }
+};
+
+static RegisterHttpFilterConfigFactory<AddHeaderConfig> register_;
+
+}  // namespace Configuration
+}  // namespace server
@@ -0,0 +1,22 @@
+// Copyright 2016 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package istio.proxy.mixer;
+
+// A map of string to string.
+message StringMap {
+  map<string, string> map = 1;
+}