Skip to content

Commit

Permalink
give grouped mappings their own settings
Browse files Browse the repository at this point in the history
Signed-off-by: Alice Wasko <[email protected]>
  • Loading branch information
Alice Wasko committed May 2, 2024
1 parent 75b4a5e commit 38316d0
Show file tree
Hide file tree
Showing 20 changed files with 426 additions and 569 deletions.
51 changes: 8 additions & 43 deletions python/ambassador/diagnostics/diagnostics.py
Original file line number Diff line number Diff line change
Expand Up @@ -414,40 +414,6 @@ def __init__(self, ir: IR, econf: EnvoyConfig) -> None:
f'A future Ambassador version will change the GRPC protocol version for {" and ".join(things_to_warn)}. See the CHANGELOG for details.'
)

# # Warn people about the default port change.
# if self.ir.ambassador_module.service_port < 1024:
# # Does it look like they explicitly asked for this?
# amod = self.ir.aconf.get_module('ambassador')
#
# if not (amod and amod.get('service_port')):
# # They did not explictly set the port. Warn them about the
# # port change.
# new_defaults = [ "port 8080 for HTTP" ]
#
# if self.ir.tls_contexts:
# new_defaults.append("port 8443 for HTTPS")
#
# default_ports = " and ".join(new_defaults)
#
# listen_ports = [ str(l.service_port) for l in self.ir.listeners ]
# self.ir.logger.info("listen_ports %s" % listen_ports)
#
# port_or_ports = "port" if (len(listen_ports) == 1) else "ports"
#
# last_port = listen_ports.pop()
#
# els = [ last_port ]
#
# if len(listen_ports) > 0:
# els.insert(0, ", ".join(listen_ports))
#
# port_nums = " and ".join(els)
#
# m1 = f'Ambassador 0.60 will default to listening on {default_ports}.'
# m2 = f'You will need to change your configuration to continue using {port_or_ports} {port_nums}.'
#
# self.ir.aconf.post_notice(f'{m1} {m2}')

# Copy in the toplevel 'error' and 'notice' sets.
self.errors = self.ir.aconf.errors
self.notices = self.ir.aconf.notices
Expand Down Expand Up @@ -499,7 +465,7 @@ def __init__(self, ir: IR, econf: EnvoyConfig) -> None:
# Always generate the full group set so that we can look up groups.
self.groups = {
"grp-%s" % group.group_id: group
for group in self.ir.groups.values()
for group in self.ir.get_base_mapping_groups()
if group.location != "--diagnostics--"
}

Expand Down Expand Up @@ -608,12 +574,14 @@ def as_dict(self) -> dict:
"envoy_elements": self.envoy_elements,
"errors": self.errors,
"notices": self.notices,
"groups": {key: self.flattened(value) for key, value in self.groups.items()},
"groups": {
key: self.flatten_mapping_group(value) for key, value in self.groups.items()
},
# 'clusters': { key: value.as_dict() for key, value in self.clusters.items() },
"tlscontexts": [x.as_dict() for x in self.ir.tls_contexts.values()],
}

def flattened(self, group: IRBaseMappingGroup) -> dict:
def flatten_mapping_group(self, group: IRBaseMappingGroup) -> dict:
flattened = {k: v for k, v in group.as_dict().items() if k != "mappings"}
flattened_mappings = []

Expand All @@ -632,12 +600,10 @@ def flattened(self, group: IRBaseMappingGroup) -> dict:
fm["prefix"] = m.get("prefix")

rewrite = m.get("rewrite", None)

if rewrite:
fm["rewrite"] = rewrite

host = m.get("host", None)

if host:
fm["host"] = host

Expand Down Expand Up @@ -696,10 +662,9 @@ def overview(self, request, estat: EnvoyStats) -> Dict[str, Any]:

result = DiagResult(self, estat, request)

for group in self.ir.ordered_groups():
# TCPMappings are currently handled elsewhere.
if isinstance(group, IRHTTPMappingGroup):
result.include_httpgroup(group)
# TCPMappings are currently handled elsewhere.
for mapping_group in self.ir.ordered_http_mapping_groups():
result.include_httpgroup(mapping_group)

return result.as_dict()

Expand Down
31 changes: 14 additions & 17 deletions python/ambassador/envoy/v3/v3listener.py
Original file line number Diff line number Diff line change
Expand Up @@ -169,9 +169,9 @@ def __str__(self) -> str:


def tlscontext_for_tcpmapping(
irgroup: IRTCPMappingGroup, config: "V3Config"
tcp_mapping_group: IRTCPMappingGroup, config: "V3Config"
) -> Optional["IRTLSContext"]:
group_host = irgroup.get("host")
group_host = tcp_mapping_group.get("host")
if not group_host:
return None

Expand Down Expand Up @@ -685,14 +685,14 @@ def finalize_tcp(self) -> None:
if self._log_debug:
self.config.ir.logger.debug(f" build chain[{repr(chain_key)}]={chain}")

for irgroup in chain.hosts.values():
if not isinstance(irgroup, IRTCPMappingGroup):
for tcp_mapping_group in chain.hosts.values():
if not isinstance(tcp_mapping_group, IRTCPMappingGroup):
continue

# First up, which clusters do we need to talk to?
clusters = [
{"name": mapping.cluster.envoy_name, "weight": mapping._weight}
for mapping in irgroup.mappings
for mapping in tcp_mapping_group.mappings
]

# From that, we can sort out a basic tcp_proxy filter config.
Expand All @@ -707,7 +707,7 @@ def finalize_tcp(self) -> None:

# OK. Basic filter chain entry next.
filter_chain: Dict[str, Any] = {
"name": f"tcphost-{irgroup.name}",
"name": f"tcphost-{tcp_mapping_group.name}",
"filters": [tcp_filter],
}

Expand Down Expand Up @@ -743,14 +743,11 @@ def finalize_tcp(self) -> None:
def compute_tcpchains(self) -> None:
self.config.ir.logger.debug(" compute_tcpchains")

for irgroup in self.config.ir.ordered_groups():
if not isinstance(irgroup, IRTCPMappingGroup):
continue

for tcp_mapping_group in self.config.ir.ordered_tcp_mapping_groups():
if self._log_debug:
self.config.ir.logger.debug(f" consider {irgroup}")
self.config.ir.logger.debug(f" consider {tcp_mapping_group}")

if irgroup.bind_to() != self.bind_to:
if tcp_mapping_group.bind_to() != self.bind_to:
self.config.ir.logger.debug(" reject")
continue

Expand All @@ -760,21 +757,21 @@ def compute_tcpchains(self) -> None:
# than for a 'Host'. Same deal applies with TLS: you can't do host-based matching
# without it.

group_host = irgroup.get("host", None)
group_host = tcp_mapping_group.get("host", None)
if not group_host: # cleartext
# Special case. No host (aka hostname) in a TCPMapping means an unconditional forward,
# so just add this immediately as a "*" chain.
self.add_chain("tcp", None, "*", "*").add_tcphost(irgroup)
self.add_chain("tcp", None, "*", "*").add_tcphost(tcp_mapping_group)
else: # TLS/SNI
context = tlscontext_for_tcpmapping(irgroup, self.config)
context = tlscontext_for_tcpmapping(tcp_mapping_group, self.config)
if not context:
irgroup.post_error("No matching TLSContext found, disabling!")
tcp_mapping_group.post_error("No matching TLSContext found, disabling!")
continue

# group_host comes from `TCPMapping.host` which is expected to be a valid dns hostname
# without a port so no need to parse out a port
sni = group_host
self.add_chain("tcp", context, group_host, sni).add_tcphost(irgroup)
self.add_chain("tcp", context, group_host, sni).add_tcphost(tcp_mapping_group)

def compute_httpchains(self) -> None:
# Compute the set of chains we need, HTTP version. The core here is matching
Expand Down
Loading

0 comments on commit 38316d0

Please sign in to comment.