listener: add match all filter chain#13449
Conversation
The match all filter chain is chosen when no other filter chain matches the request. Signed-off-by: Yuchen Dai <silentdai@gmail.com>
|
@envoyproxy/api-shepherds The reason to add match_all field: Theoretically we replace the match-all filter chain by a number of filter chains w/o introducing this match-all field. However, it's not a trivial efforts to generate the above set of filter chains:
IMHO it's reasonable to promote the match-all semantic to API |
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
|
@lambdai two questions:
|
|
I agree with @htuch that it should be an explicit fallback filter chain match, and not an option. |
The pain is that the default is semantically optional (0 or 1). So we have to use "oneof" to describe the "optional" because there is no "nullable" filter chain. I am fine to switch to one_of if we all agree on explicit at-most-one default chain. |
I think no one wishes to invest in implementing better-find because fallback probably resolve 95% of the corner cases. |
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
mattklein123
left a comment
There was a problem hiding this comment.
Thanks API looks good to me with small comment, but I would like to see more documentation, release notes, etc.
/wait
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
I think the status is that this will fix our short term issues. Longer term, it does not seem feasible to migrate off of At this point, we can neither use just the catch all, since we do not have just a single catch all. We also will struggle to implement this logic with the current FCM algorithm since we will need to duplicate all the matches per port. |
mattklein123
left a comment
There was a problem hiding this comment.
Thanks generally looks great. Can you also add an integration test in whatever place we have the other integration tests for the intelligent update feature?
/wait
docs/root/intro/arch_overview/listeners/network_filter_chain.rst
Outdated
Show resolved
Hide resolved
docs/root/intro/arch_overview/listeners/network_filter_chain.rst
Outdated
Show resolved
Hide resolved
docs/root/intro/arch_overview/listeners/network_filter_chain.rst
Outdated
Show resolved
Hide resolved
| const auto* origin = getOriginFilterChainManager(); | ||
| if (origin == nullptr) { | ||
| default_filter_chain_ = | ||
| filter_chain_factory_builder.buildFilterChain(*default_filter_chain, context_creator); | ||
| return; | ||
| } | ||
| MessageUtil eq; | ||
| if (origin->default_filter_chain_message_.has_value() && | ||
| eq(origin->default_filter_chain_message_.value(), *default_filter_chain)) { | ||
| default_filter_chain_ = origin->default_filter_chain_; | ||
| } else { | ||
| default_filter_chain_ = | ||
| filter_chain_factory_builder.buildFilterChain(*default_filter_chain, context_creator); | ||
| } | ||
| } |
There was a problem hiding this comment.
I forget this code from the last time we reviewed this. Is this logic effectively duplicated elsewhere? Can you unify? If not can you add more comments?
There was a problem hiding this comment.
The high level find-existing-or-add is duplicating. However, the source of the find and dest of add are not.
Previously we are building from a repeated field (filter_chains) to a map <message, filter_chain_runtime_info>, but now I am adding the default field under the goal of "at-most-one-default-chain"
There was a problem hiding this comment.
OK, please add more comments. It's hard to understand what all of this logic does.
There was a problem hiding this comment.
added the context and the inline comment to the if branches
lambdai
left a comment
There was a problem hiding this comment.
Thank you! Now that the general flow is fine, I am adding more tests to cover the codes
| const auto* origin = getOriginFilterChainManager(); | ||
| if (origin == nullptr) { | ||
| default_filter_chain_ = | ||
| filter_chain_factory_builder.buildFilterChain(*default_filter_chain, context_creator); | ||
| return; | ||
| } | ||
| MessageUtil eq; | ||
| if (origin->default_filter_chain_message_.has_value() && | ||
| eq(origin->default_filter_chain_message_.value(), *default_filter_chain)) { | ||
| default_filter_chain_ = origin->default_filter_chain_; | ||
| } else { | ||
| default_filter_chain_ = | ||
| filter_chain_factory_builder.buildFilterChain(*default_filter_chain, context_creator); | ||
| } | ||
| } |
There was a problem hiding this comment.
The high level find-existing-or-add is duplicating. However, the source of the find and dest of add are not.
Previously we are building from a repeated field (filter_chains) to a map <message, filter_chain_runtime_info>, but now I am adding the default field under the goal of "at-most-one-default-chain"
| // | ||
| // For destination port, filter chains specifying the destination port of incoming traffic are the | ||
| // best match. If none of the filter chains specifies the exact destination port, the filter | ||
| // chains which do not specify ports are the best match. Filter chains specifying the wrong |
There was a problem hiding this comment.
This example helps, but I can't help but think that "best match" would be best expressed as "most specifically match".
There was a problem hiding this comment.
Thanks! That's more accurate in this context. Updated all over this file.
Yeah agreed we can't migrate off |
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
mattklein123
left a comment
There was a problem hiding this comment.
Thanks LGTM other than comment request. Please also make sure @htuch doc concerns are addressed so I will assign him also. Thank you!
/wait
| const auto* origin = getOriginFilterChainManager(); | ||
| if (origin == nullptr) { | ||
| default_filter_chain_ = | ||
| filter_chain_factory_builder.buildFilterChain(*default_filter_chain, context_creator); | ||
| return; | ||
| } | ||
| MessageUtil eq; | ||
| if (origin->default_filter_chain_message_.has_value() && | ||
| eq(origin->default_filter_chain_message_.value(), *default_filter_chain)) { | ||
| default_filter_chain_ = origin->default_filter_chain_; | ||
| } else { | ||
| default_filter_chain_ = | ||
| filter_chain_factory_builder.buildFilterChain(*default_filter_chain, context_creator); | ||
| } | ||
| } |
There was a problem hiding this comment.
OK, please add more comments. It's hard to understand what all of this logic does.
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
|
/retest |
|
Retrying Azure Pipelines, to retry CircleCI checks, use |
mattklein123
left a comment
There was a problem hiding this comment.
Thanks LGTM. I will defer to @htuch for final review.
The match all filter chain is chosen when no other filter chain matches the request. Signed-off-by: Yuchen Dai <silentdai@gmail.com>
The match all filter chain is chosen when no other filter chain matches the request. Signed-off-by: Yuchen Dai <silentdai@gmail.com>
* master: (22 commits) delay health checks until transport socket secrets are ready. (envoyproxy#13516) test, oauth2: Make sure config test runs field validation (envoyproxy#13496) [http] swap codec implementations to default new (envoyproxy#13579) wasm: update proxy-wasm-cpp-host (envoyproxy#13606) postgres: do not copy and linearize received data when it is not going to be used (envoyproxy#13393) configs: Update configs v2 -> v3 (envoyproxy#13562) http2: Remove RELEASE_ASSERTs in sendPendingFrames() error handling (envoyproxy#13546) dependencies: track untracked implied dependencies, wrapup dashboard. (envoyproxy#13571) listener: add match all filter chain (envoyproxy#13449) fix mistakes in docstrings (envoyproxy#13603) ratelimit: add route entry metadata to ratelimit actions (envoyproxy#13269) cluster manager: avoid immediate activation for dynamic inserted cluster when initialize (envoyproxy#12783) ext_authz: Avoid calling check multiple times (envoyproxy#13288) docs: Unexclude remaining configs from validation (envoyproxy#13534) build: update rules_rust to allow Rustc in RBE (envoyproxy#13595) docs: Update sphinxext.rediraffe (envoyproxy#13589) Deprecate moonjit support on Windows before beta (envoyproxy#13541) dependencies: bump LuaJIT to 2.1 branch HEAD @ e9af1ab. (envoyproxy#13474) docs: add TLS stats to cluster stats doc (envoyproxy#13561) ci: stop building alpine-debug images in favor of ubuntu-based debug image (envoyproxy#13598) ... Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Commit Message:
The match all filter chain is chosen when no other filter chain matches
the request.
Signed-off-by: Yuchen Dai silentdai@gmail.com
Additional Description:
Also update the doc on filter chain match and listener update.
Risk Level: LOW
Testing: unit tests
Docs Changes:
Release Notes:
Fixes #11088
Fixes #12572