From 8969b28125239be5f53ab6e6d26c00dddb09aa18 Mon Sep 17 00:00:00 2001 From: Femi Novia Lina Date: Mon, 2 Dec 2024 11:56:22 +0700 Subject: [PATCH] feat: envoy control plane --- cmd/serve.go | 3 ++- config/config.yaml | 10 ++++++++++ internal/proxy/config.go | 8 +++++++- internal/proxy/envoy/xds/ads/ads.go | 13 +++++-------- internal/proxy/envoy/xds/ads/pubsub_test.go | 3 ++- internal/proxy/envoy/xds/ads/response.go | 13 +++++++------ internal/proxy/envoy/xds/ads/response_test.go | 13 +++++++------ internal/proxy/envoy/xds/ads/stream.go | 5 +++-- 8 files changed, 43 insertions(+), 25 deletions(-) diff --git a/cmd/serve.go b/cmd/serve.go index b019605b2..f2e263f28 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -34,6 +34,7 @@ import ( "github.com/goto/shield/core/user" "github.com/goto/shield/internal/adapter" "github.com/goto/shield/internal/api" + proxycfg "github.com/goto/shield/internal/proxy" "github.com/goto/shield/internal/schema" "github.com/goto/shield/internal/server" "github.com/goto/shield/internal/store/blob" @@ -181,7 +182,7 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error { // serving proxies var cbs []func() error var cps []func(context.Context) error - if cfg.Proxy.EnvoyAgent.XDS.Host != "" && cfg.Proxy.EnvoyAgent.XDS.Port != 0 { + if cfg.Proxy.Type == proxycfg.ENVOY_PROXY { cbs, err = serveXDS(ctx, logger, cfg.Proxy, pgRuleRepository) } else { cbs, cps, err = serveProxies(ctx, logger, cfg.App.IdentityProxyHeader, cfg.App.UserIDHeader, cfg.Proxy, pgRuleRepository, deps.ResourceService, deps.RelationService, deps.UserService, deps.GroupService, deps.ProjectService, deps.RelationAdapter) diff --git a/config/config.yaml b/config/config.yaml index 4992752df..4c39aade6 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -37,6 +37,16 @@ spicedb: # proxy configuration proxy: + # proxy type configuration + # valid values are "shield" and "envoy", with the default set to "shield" + type: shield + # envoy proxy configuration, will be ignored if proxy type set to "shield" + envoy: + xds: + host: 127.0.0.1 + port: 8082 + refresh_interval: 10s + # proxy services configuration services: - name: test host: 0.0.0.0 diff --git a/internal/proxy/config.go b/internal/proxy/config.go index c932c346f..be6ce57a6 100644 --- a/internal/proxy/config.go +++ b/internal/proxy/config.go @@ -2,7 +2,13 @@ package proxy import "time" +const ( + SHIELD_PROXY = "shield" + ENVOY_PROXY = "envoy" +) + type ServicesConfig struct { + Type string `yaml:"type" mapstructure:"type"` EnvoyAgent EnvoyAgent `yaml:"envoy" mapstructure:"envoy"` Services []Config `yaml:"services" mapstructure:"services"` } @@ -12,7 +18,7 @@ type EnvoyAgent struct { } type XDS struct { - Host string `yaml:"host" mapstructure:"host"` + Host string `yaml:"host" mapstructure:"host" default:"shield"` Port int `yaml:"port" mapstructure:"port"` RefreshInterval time.Duration `yaml:"refresh_interval" mapstructure:"refresh_interval" default:"60s"` } diff --git a/internal/proxy/envoy/xds/ads/ads.go b/internal/proxy/envoy/xds/ads/ads.go index 5c679a17d..d2f5347b2 100644 --- a/internal/proxy/envoy/xds/ads/ads.go +++ b/internal/proxy/envoy/xds/ads/ads.go @@ -4,18 +4,15 @@ import ( "context" "time" + "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/goto/shield/core/rule" ) const ( - CLUSTER_TYPE_URL = "type.googleapis.com/envoy.config.cluster.v3.Cluster" - LISTENER_TYPE_URL = "type.googleapis.com/envoy.config.listener.v3.Listener" - ROUTE_CONFIGURATION_TYPE_URL = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration" - - HTTP_CONNECTION_MANAGER_TYPE_URL = "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - ROUTER_TYPE_URL = "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - URI_TEMPLATE_TYPE_URL = "type.googleapis.com/envoy.extensions.path.match.uri_template.v3.UriTemplateMatchConfig" - STDOUT_LOGGER_TYPE_URL = "type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog" + HTTP_CONNECTION_MANAGER_TYPE_URL = resource.APITypePrefix + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" + ROUTER_TYPE_URL = resource.APITypePrefix + "envoy.extensions.filters.http.router.v3.Router" + URI_TEMPLATE_TYPE_URL = resource.APITypePrefix + "envoy.extensions.path.match.uri_template.v3.UriTemplateMatchConfig" + STDOUT_LOGGER_TYPE_URL = resource.APITypePrefix + "envoy.extensions.access_loggers.stream.v3.StdoutAccessLog" ) type Repository interface { diff --git a/internal/proxy/envoy/xds/ads/pubsub_test.go b/internal/proxy/envoy/xds/ads/pubsub_test.go index 1868df09a..3ace9ee9e 100644 --- a/internal/proxy/envoy/xds/ads/pubsub_test.go +++ b/internal/proxy/envoy/xds/ads/pubsub_test.go @@ -4,6 +4,7 @@ import ( "errors" "testing" + "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/goto/shield/internal/proxy/envoy/xds/ads" "github.com/stretchr/testify/assert" ) @@ -13,7 +14,7 @@ func TestPush(t *testing.T) { NodeID: "node-1", VersionInfo: "v1", Nonce: "test", - TypeUrl: ads.CLUSTER_TYPE_URL, + TypeUrl: resource.ClusterType, } messageChan := make(ads.MessageChan, 1) diff --git a/internal/proxy/envoy/xds/ads/response.go b/internal/proxy/envoy/xds/ads/response.go index 65892fc14..092deabae 100644 --- a/internal/proxy/envoy/xds/ads/response.go +++ b/internal/proxy/envoy/xds/ads/response.go @@ -4,6 +4,7 @@ import ( cluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" @@ -29,7 +30,7 @@ func (s ResponseStream) StreamCDS(clusters []*cluster.Cluster) error { } resources = append(resources, &anypb.Any{ - TypeUrl: CLUSTER_TYPE_URL, + TypeUrl: resource.ClusterType, Value: res, }) } @@ -38,7 +39,7 @@ func (s ResponseStream) StreamCDS(clusters []*cluster.Cluster) error { VersionInfo: s.versionInfo, Nonce: s.nonce, Resources: resources, - TypeUrl: CLUSTER_TYPE_URL, + TypeUrl: resource.ClusterType, } return s.stream.Send(resp) @@ -57,7 +58,7 @@ func (s ResponseStream) StreamLDS(listeners []*listener.Listener) error { } resources = append(resources, &anypb.Any{ - TypeUrl: LISTENER_TYPE_URL, + TypeUrl: resource.ListenerType, Value: res, }) } @@ -66,7 +67,7 @@ func (s ResponseStream) StreamLDS(listeners []*listener.Listener) error { VersionInfo: s.versionInfo, Nonce: s.nonce, Resources: resources, - TypeUrl: LISTENER_TYPE_URL, + TypeUrl: resource.ListenerType, } return s.stream.Send(resp) } @@ -84,7 +85,7 @@ func (s ResponseStream) StreamRDS(routes []*route.RouteConfiguration) error { } resources = append(resources, &anypb.Any{ - TypeUrl: ROUTE_CONFIGURATION_TYPE_URL, + TypeUrl: resource.RouteType, Value: res, }) } @@ -93,7 +94,7 @@ func (s ResponseStream) StreamRDS(routes []*route.RouteConfiguration) error { VersionInfo: s.versionInfo, Nonce: s.nonce, Resources: resources, - TypeUrl: ROUTE_CONFIGURATION_TYPE_URL, + TypeUrl: resource.RouteType, } return s.stream.Send(resp) diff --git a/internal/proxy/envoy/xds/ads/response_test.go b/internal/proxy/envoy/xds/ads/response_test.go index faf774b9e..b2cd73e73 100644 --- a/internal/proxy/envoy/xds/ads/response_test.go +++ b/internal/proxy/envoy/xds/ads/response_test.go @@ -7,6 +7,7 @@ import ( listenerv3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" routev3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" xds "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/goto/shield/internal/proxy/envoy/xds/ads" "github.com/goto/shield/internal/proxy/envoy/xds/ads/mocks" "github.com/stretchr/testify/assert" @@ -18,21 +19,21 @@ var ( testClusterStream = &clusterv3.Cluster{} testClusterBytes, _ = proto.Marshal(testClusterStream) testClusterResources = &anypb.Any{ - TypeUrl: ads.CLUSTER_TYPE_URL, + TypeUrl: resource.ClusterType, Value: testClusterBytes, } testListenerStream = &listenerv3.Listener{} testListenerBytes, _ = proto.Marshal(testListenerStream) testListenerResources = &anypb.Any{ - TypeUrl: ads.LISTENER_TYPE_URL, + TypeUrl: resource.ListenerType, Value: testListenerBytes, } testRouteStream = &routev3.RouteConfiguration{} testRouteBytes, _ = proto.Marshal(testRouteStream) testRouteResources = &anypb.Any{ - TypeUrl: ads.ROUTE_CONFIGURATION_TYPE_URL, + TypeUrl: resource.RouteType, Value: testRouteBytes, } ) @@ -56,7 +57,7 @@ func TestStreamCDS(t *testing.T) { VersionInfo: "v1", Nonce: "test", Resources: []*anypb.Any{testClusterResources}, - TypeUrl: ads.CLUSTER_TYPE_URL, + TypeUrl: resource.ClusterType, }).Return(nil) return ads.NewResponseStream(&stream, "v1", "test") }, @@ -97,7 +98,7 @@ func TestStreamLDS(t *testing.T) { VersionInfo: "v1", Nonce: "test", Resources: []*anypb.Any{testListenerResources}, - TypeUrl: ads.LISTENER_TYPE_URL, + TypeUrl: resource.ListenerType, }).Return(nil) return ads.NewResponseStream(&stream, "v1", "test") }, @@ -138,7 +139,7 @@ func TestStreamRDS(t *testing.T) { VersionInfo: "v1", Nonce: "test", Resources: []*anypb.Any{testRouteResources}, - TypeUrl: ads.ROUTE_CONFIGURATION_TYPE_URL, + TypeUrl: resource.RouteType, }).Return(nil) return ads.NewResponseStream(&stream, "v1", "test") }, diff --git a/internal/proxy/envoy/xds/ads/stream.go b/internal/proxy/envoy/xds/ads/stream.go index 4a2311ed4..1d96757cb 100644 --- a/internal/proxy/envoy/xds/ads/stream.go +++ b/internal/proxy/envoy/xds/ads/stream.go @@ -10,6 +10,7 @@ import ( listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" xds "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/goto/salt/log" ) @@ -121,11 +122,11 @@ func (s Stream) streamResponses(message Message) error { responseStream := NewResponseStream(s.stream, message.VersionInfo, message.Nonce) switch message.TypeUrl { - case CLUSTER_TYPE_URL: + case resource.ClusterType: if err := responseStream.StreamCDS(cfg.Clusters); err != nil { return err } - case LISTENER_TYPE_URL: + case resource.ListenerType: if err := responseStream.StreamLDS(cfg.Listeners); err != nil { return err }