return MatchedPolicies structure around

Signed-off-by: Charly Molter <charly.molter@konghq.com>
kumahq · Aug 29, 2022 · b17bd11 · b17bd11
1 parent e786482
commit b17bd11
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 57 deletions.
diff --git a/pkg/core/plugins/interfaces.go b/pkg/core/plugins/interfaces.go
@@ -88,5 +88,5 @@ type AuthnAPIServerPlugin interface {
 type PolicyPlugin interface {
 	Plugin
 	MatchedPolicies(dataplane *core_mesh.DataplaneResource, resources xds_context.Resources) (core_xds.TypedMatchingPolicies, error)
-	Apply(rs *core_xds.ResourceSet, proxy *core_xds.Proxy) error
+	Apply(rs *core_xds.ResourceSet, ctx xds_context.Context, proxy *core_xds.Proxy) error
 }
diff --git a/pkg/core/xds/matched_policies.go b/pkg/core/xds/matched_policies.go
@@ -25,27 +25,36 @@ type MatchedPolicies struct {
 	FaultInjections       FaultInjectionMap
 	RateLimitsInbound     InboundRateLimitsMap
 	CustomInboundPolicies []map[mesh_proto.InboundInterface]core_model.Resource
-	InboundPolicies       map[mesh_proto.InboundInterface]MatchingPolicyMap
 
 	// Service(Cluster) -> Policy
 	TrafficLogs     TrafficLogMap
 	HealthChecks    HealthCheckMap
 	CircuitBreakers CircuitBreakerMap
 	Retries         RetryMap
-	ServicePolicies map[ServiceName]MatchingPolicyMap
 
 	// Outbound(Listener) -> Policy
 	Timeouts           TimeoutMap
 	RateLimitsOutbound OutboundRateLimitsMap
 	// Actual Envoy Configuration is generated without taking this TrafficRoutes into account
-	TrafficRoutes    RouteMap
-	OutboundPolicies map[mesh_proto.OutboundInterface]MatchingPolicyMap
+	TrafficRoutes RouteMap
 
 	// Dataplane -> Policy
 	TrafficTrace *core_mesh.TrafficTraceResource
 	// Actual Envoy Configuration is generated without taking this ProxyTemplate into account
-	ProxyTemplate     *core_mesh.ProxyTemplateResource
-	DataplanePolicies MatchingPolicyMap
+	ProxyTemplate *core_mesh.ProxyTemplateResource
+
+	Policies map[core_model.ResourceType]TypedMatchingPolicies
+}
+
+func (m *MatchedPolicies) orderedDynamicPolicies() []core_model.ResourceType {
+	var all []core_model.ResourceType
+	for k := range m.Policies {
+		all = append(all, k)
+	}
+	sort.Slice(all, func(i, j int) bool {
+		return all[i] < all[j]
+	})
+	return all
 }
 
 type AttachmentType int64
@@ -204,8 +213,8 @@ func getInboundMatchedPolicies(matchedPolicies *MatchedPolicies) map[mesh_proto.
 			result[inbound] = append(result[inbound], customList)
 		}
 	}
-	for inbound, policyMap := range matchedPolicies.InboundPolicies {
-		for _, elts := range policyMap {
+	for _, tpe := range matchedPolicies.orderedDynamicPolicies() {
+		for inbound, elts := range matchedPolicies.Policies[tpe].InboundPolicies {
 			result[inbound] = append(result[inbound], elts...)
 		}
 	}
@@ -225,8 +234,8 @@ func getOutboundMatchedPolicies(matchedPolicies *MatchedPolicies) map[mesh_proto
 	for outbound, tr := range matchedPolicies.TrafficRoutes {
 		result[outbound] = append(result[outbound], tr)
 	}
-	for outbound, policyMap := range matchedPolicies.OutboundPolicies {
-		for _, elts := range policyMap {
+	for _, tpe := range matchedPolicies.orderedDynamicPolicies() {
+		for outbound, elts := range matchedPolicies.Policies[tpe].OutboundPolicies {
 			result[outbound] = append(result[outbound], elts...)
 		}
 	}
@@ -249,9 +258,9 @@ func getServiceMatchedPolicies(matchedPolicies *MatchedPolicies) map[ServiceName
 	for service, retry := range matchedPolicies.Retries {
 		result[service] = append(result[service], retry)
 	}
-	for service, policyMap := range matchedPolicies.ServicePolicies {
-		for _, elts := range policyMap {
-			result[service] = append(result[service], elts...)
+	for _, tpe := range matchedPolicies.orderedDynamicPolicies() {
+		for serviceName, elts := range matchedPolicies.Policies[tpe].ServicePolicies {
+			result[serviceName] = append(result[serviceName], elts...)
 		}
 	}
 
@@ -266,8 +275,8 @@ func getDataplaneMatchedPolicies(matchedPolicies *MatchedPolicies) []core_model.
 	if matchedPolicies.ProxyTemplate != nil {
 		resources = append(resources, matchedPolicies.ProxyTemplate)
 	}
-	for _, elts := range matchedPolicies.DataplanePolicies {
-		resources = append(resources, elts...)
+	for _, tpe := range matchedPolicies.orderedDynamicPolicies() {
+		resources = append(resources, matchedPolicies.Policies[tpe].DataplanePolicies...)
 	}
 	return resources
 }

diff --git a/pkg/core/xds/matched_policies_test.go b/pkg/core/xds/matched_policies_test.go
@@ -76,13 +76,19 @@ var _ = Describe("GroupByAttachment", func() {
 						{Meta: meta3},
 					},
 				},
-				InboundPolicies: map[mesh_proto.InboundInterface]core_xds.MatchingPolicyMap{
-					inbound("192.168.0.2", 90, 91): {
-						core_mesh.CircuitBreakerType: []core_model.Resource{
-							&core_mesh.CircuitBreakerResource{Meta: meta4},
+				Policies: map[core_model.ResourceType]core_xds.TypedMatchingPolicies{
+					core_mesh.CircuitBreakerType: {
+						InboundPolicies: map[mesh_proto.InboundInterface][]core_model.Resource{
+							inbound("192.168.0.2", 90, 91): {
+								&core_mesh.CircuitBreakerResource{Meta: meta4},
+							},
 						},
-						core_mesh.RateLimitType: []core_model.Resource{
-							&core_mesh.RateLimitResource{Meta: meta5},
+					},
+					core_mesh.RateLimitType: {
+						InboundPolicies: map[mesh_proto.InboundInterface][]core_model.Resource{
+							inbound("192.168.0.2", 90, 91): {
+								&core_mesh.RateLimitResource{Meta: meta5},
+							},
 						},
 					},
 				},
@@ -205,13 +211,19 @@ var _ = Describe("GroupByAttachment", func() {
 					outbound("192.168.0.2", 90): {Meta: meta3},
 					outbound("192.168.0.4", 90): {Meta: meta5},
 				},
-				OutboundPolicies: map[mesh_proto.OutboundInterface]core_xds.MatchingPolicyMap{
-					outbound("192.168.0.4", 90): {
-						core_mesh.CircuitBreakerType: []core_model.Resource{
-							&core_mesh.CircuitBreakerResource{Meta: meta6},
+				Policies: map[core_model.ResourceType]core_xds.TypedMatchingPolicies{
+					core_mesh.CircuitBreakerType: {
+						OutboundPolicies: map[mesh_proto.OutboundInterface][]core_model.Resource{
+							outbound("192.168.0.4", 90): {
+								&core_mesh.CircuitBreakerResource{Meta: meta6},
+							},
 						},
-						core_mesh.RateLimitType: []core_model.Resource{
-							&core_mesh.RateLimitResource{Meta: meta6},
+					},
+					core_mesh.RateLimitType: {
+						OutboundPolicies: map[mesh_proto.OutboundInterface][]core_model.Resource{
+							outbound("192.168.0.4", 90): {
+								&core_mesh.RateLimitResource{Meta: meta6},
+							},
 						},
 					},
 				},
@@ -288,10 +300,12 @@ var _ = Describe("GroupByAttachment", func() {
 				Retries: core_xds.RetryMap{
 					"backend": &core_mesh.RetryResource{Meta: meta1},
 				},
-				ServicePolicies: map[core_xds.ServiceName]core_xds.MatchingPolicyMap{
-					"redis": {
-						core_mesh.TrafficLogType: {
-							&core_mesh.TrafficLogResource{Meta: meta6},
+				Policies: map[core_model.ResourceType]core_xds.TypedMatchingPolicies{
+					core_mesh.TrafficLogType: {
+						ServicePolicies: map[core_xds.ServiceName][]core_model.Resource{
+							"redis": {
+								&core_mesh.TrafficLogResource{Meta: meta6},
+							},
 						},
 					},
 				},
@@ -338,9 +352,11 @@ var _ = Describe("GroupByAttachment", func() {
 			matchedPolicies: &core_xds.MatchedPolicies{
 				TrafficTrace:  &core_mesh.TrafficTraceResource{Meta: meta1},
 				ProxyTemplate: &core_mesh.ProxyTemplateResource{Meta: meta2},
-				DataplanePolicies: map[core_model.ResourceType][]core_model.Resource{
+				Policies: map[core_model.ResourceType]core_xds.TypedMatchingPolicies{
 					core_mesh.TrafficTraceType: {
-						&core_mesh.TrafficTraceResource{Meta: meta3},
+						DataplanePolicies: []core_model.Resource{
+							&core_mesh.TrafficTraceResource{Meta: meta3},
+						},
 					},
 				},
 			},
@@ -689,20 +705,20 @@ var _ = Describe("GroupByPolicy", func() {
 						},
 					},
 				},
-				InboundPolicies: map[mesh_proto.InboundInterface]core_xds.MatchingPolicyMap{
-					inbound("192.168.0.1", 80, 81): {
-						core_mesh.RateLimitType: {
-							&core_mesh.RateLimitResource{
-								Meta: &test_model.ResourceMeta{Name: "rl-3", Mesh: "mesh-1"},
+				Policies: map[core_model.ResourceType]core_xds.TypedMatchingPolicies{
+					core_mesh.RateLimitType: {
+						InboundPolicies: map[mesh_proto.InboundInterface][]core_model.Resource{
+							inbound("192.168.0.1", 80, 81): {
+								&core_mesh.RateLimitResource{
+									Meta: &test_model.ResourceMeta{Name: "rl-3", Mesh: "mesh-1"},
+								},
 							},
 						},
-					},
-				},
-				OutboundPolicies: map[mesh_proto.OutboundInterface]core_xds.MatchingPolicyMap{
-					outbound("192.168.0.3", 80): {
-						core_mesh.RateLimitType: {
-							&core_mesh.RateLimitResource{
-								Meta: &test_model.ResourceMeta{Name: "rl-3", Mesh: "mesh-1"},
+						OutboundPolicies: map[mesh_proto.OutboundInterface][]core_model.Resource{
+							outbound("192.168.0.3", 80): {
+								&core_mesh.RateLimitResource{
+									Meta: &test_model.ResourceMeta{Name: "rl-3", Mesh: "mesh-1"},
+								},
 							},
 						},
 					},

diff --git a/pkg/xds/server/v3/reconcile.go b/pkg/xds/server/v3/reconcile.go
@@ -174,7 +174,7 @@ func (s *templateSnapshotGenerator) GenerateSnapshot(ctx xds_context.Context, pr
 		return envoy_cache.Snapshot{}, err
 	}
 	for name, p := range plugins.Plugins().PolicyPlugins() {
-		if err := p.Apply(rs, proxy); err != nil {
+		if err := p.Apply(rs, ctx, proxy); err != nil {
 			return envoy_cache.Snapshot{}, errors.Wrapf(err, "could not apply policy plugin %s", name)
 		}
 	}

diff --git a/pkg/xds/sync/dataplane_proxy_builder.go b/pkg/xds/sync/dataplane_proxy_builder.go
@@ -166,22 +166,14 @@ func (p *DataplaneProxyBuilder) matchPolicies(meshContext xds_context.MeshContex
 		RateLimitsInbound:  ratelimits.Inbound,
 		RateLimitsOutbound: ratelimits.Outbound,
 		ProxyTemplate:      template.SelectProxyTemplate(dataplane, resources.ProxyTemplates().Items),
+		Policies:           map[core_model.ResourceType]core_xds.TypedMatchingPolicies{},
 	}
 	for _, p := range plugins.Plugins().PolicyPlugins() {
 		res, err := p.MatchedPolicies(dataplane, resources)
 		if err != nil {
 			return nil, err
 		}
-		matchedPolicies.DataplanePolicies[res.Type] = res.DataplanePolicies
-		for inf := range res.OutboundPolicies {
-			matchedPolicies.OutboundPolicies[inf][res.Type] = res.OutboundPolicies[inf]
-		}
-		for inf := range res.InboundPolicies {
-			matchedPolicies.InboundPolicies[inf][res.Type] = res.InboundPolicies[inf]
-		}
-		for inf := range res.ServicePolicies {
-			matchedPolicies.ServicePolicies[inf][res.Type] = res.ServicePolicies[inf]
-		}
+		matchedPolicies.Policies[res.Type] = res
 	}
 	return matchedPolicies, nil
 }