d6c0557e86
* Add support for HTTP proxy listeners * Add customizable bootstrap configuration options * Debug logging for xDS AuthZ * Add Envoy Integration test suite with basic test coverage * Add envoy command tests to cover new cases * Add tracing integration test * Add gRPC support WIP * Merged changes from master Docker. get CI integration to work with same Dockerfile now * Make docker build optional for integration * Enable integration tests again! * http2 and grpc integration tests and fixes * Fix up command config tests * Store all container logs as artifacts in circle on fail * Add retries to outer part of stats measurements as we keep missing them in CI * Only dump logs on failing cases * Fix typos from code review * Review tidying and make tests pass again * Add debug logs to exec test. * Fix legit test failure caused by upstream rename in envoy config * Attempt to reduce cases of bad TLS handshake in CI integration tests * bring up the right service * Add prometheus integration test * Add test for denied AuthZ both HTTP and TCP * Try ANSI term for Circle
95 lines
3.6 KiB
Go
95 lines
3.6 KiB
Go
package xds
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
)
|
|
|
|
// ProxyConfig describes the keys we understand from Connect.Proxy.Config. Note
|
|
// that this only includes config keys that affects runtime config delivered by
|
|
// xDS. For Envoy config keys that affect bootstrap generation see
|
|
// command/connect/envoy/bootstrap_config.go.
|
|
type ProxyConfig struct {
|
|
// PublicListenerJSON is a complete override ("escape hatch") for the
|
|
// upstream's public listener. The Connect server TLS certificate and
|
|
// validation context will be injected overriding any TLS settings present. An
|
|
// AuthZ filter will also be prepended to each filterChain provided to enforce
|
|
// Connect's access control.
|
|
PublicListenerJSON string `mapstructure:"envoy_public_listener_json"`
|
|
|
|
// LocalClusterJSON is a complete override ("escape hatch") for the
|
|
// local application cluster.
|
|
LocalClusterJSON string `mapstructure:"envoy_local_cluster_json"`
|
|
|
|
// LocalConnectTimeoutMs is the number of milliseconds to timeout making a new
|
|
// connection to the local app instance. Defaults to 5000 (5 seconds) if not
|
|
// set.
|
|
LocalConnectTimeoutMs int `mapstructure:"local_connect_timeout_ms"`
|
|
|
|
// Protocol describes the service's protocol. Valid values are "tcp",
|
|
// "http" and "grpc". Anything else is treated as tcp. The enables protocol
|
|
// aware features like per-request metrics and connection pooling, tracing,
|
|
// routing etc.
|
|
Protocol string `mapstructure:"protocol"`
|
|
}
|
|
|
|
// ParseProxyConfig returns the ProxyConfig parsed from the an opaque map. If an
|
|
// error occurs during parsing it is returned along with the default config this
|
|
// allows caller to choose whether and how to report the error.
|
|
func ParseProxyConfig(m map[string]interface{}) (ProxyConfig, error) {
|
|
var cfg ProxyConfig
|
|
err := mapstructure.WeakDecode(m, &cfg)
|
|
// Set defaults (even if error is returned)
|
|
if cfg.Protocol == "" {
|
|
cfg.Protocol = "tcp"
|
|
} else {
|
|
cfg.Protocol = strings.ToLower(cfg.Protocol)
|
|
}
|
|
if cfg.LocalConnectTimeoutMs < 1 {
|
|
cfg.LocalConnectTimeoutMs = 5000
|
|
}
|
|
return cfg, err
|
|
}
|
|
|
|
// UpstreamConfig describes the keys we understand from
|
|
// Connect.Proxy.Upstream[*].Config.
|
|
type UpstreamConfig struct {
|
|
// ListenerJSON is a complete override ("escape hatch") for the upstream's
|
|
// listener.
|
|
ListenerJSON string `mapstructure:"envoy_listener_json"`
|
|
|
|
// ClusterJSON is a complete override ("escape hatch") for the upstream's
|
|
// cluster. The Connect client TLS certificate and context will be injected
|
|
// overriding any TLS settings present.
|
|
ClusterJSON string `mapstructure:"envoy_cluster_json"`
|
|
|
|
// Protocol describes the upstream's service protocol. Valid values are "tcp",
|
|
// "http" and "grpc". Anything else is treated as tcp. The enables protocol
|
|
// aware features like per-request metrics and connection pooling, tracing,
|
|
// routing etc.
|
|
Protocol string `mapstructure:"protocol"`
|
|
|
|
// ConnectTimeoutMs is the number of milliseconds to timeout making a new
|
|
// connection to this upstream. Defaults to 5000 (5 seconds) if not set.
|
|
ConnectTimeoutMs int `mapstructure:"connect_timeout_ms"`
|
|
}
|
|
|
|
// ParseUpstreamConfig returns the UpstreamConfig parsed from the an opaque map.
|
|
// If an error occurs during parsing it is returned along with the default
|
|
// config this allows caller to choose whether and how to report the error.
|
|
func ParseUpstreamConfig(m map[string]interface{}) (UpstreamConfig, error) {
|
|
var cfg UpstreamConfig
|
|
err := mapstructure.WeakDecode(m, &cfg)
|
|
// Set defaults (even if error is returned)
|
|
if cfg.Protocol == "" {
|
|
cfg.Protocol = "tcp"
|
|
} else {
|
|
cfg.Protocol = strings.ToLower(cfg.Protocol)
|
|
}
|
|
if cfg.ConnectTimeoutMs < 1 {
|
|
cfg.ConnectTimeoutMs = 5000
|
|
}
|
|
return cfg, err
|
|
}
|