Skip to content

Commit

Permalink
control plane version bump changes (#35)
Browse files Browse the repository at this point in the history 
* control plane version bump
* tls_context deprecation fixes
* saferegex
* remotejwks timeout
  • Loading branch information
@wardviaene
wardviaene authored Jan 26, 2020
1 parent e610909 commit 1c6d1d5
Show file tree
Hide file tree
Showing 14 changed files with 333 additions and 116 deletions.
6 changes: 3 additions & 3 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ go 1.12

require (
github.com/aws/aws-sdk-go v1.20.5
github.com/envoyproxy/go-control-plane v0.8.4
github.com/envoyproxy/go-control-plane v0.9.2
github.com/ghodss/yaml v1.0.0
github.com/gogo/protobuf v1.2.2-0.20190730201129-28a6bbf47e48
github.com/golang/protobuf v1.3.2-0.20190517061210-b285ee9cfc6c
github.com/golang/protobuf v1.3.2
github.com/google/go-cmp v0.2.0
github.com/google/uuid v1.1.1
github.com/hashicorp/golang-lru v0.5.1 // indirect
github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8
golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443
google.golang.org/grpc v1.21.1
google.golang.org/grpc v1.25.1
gopkg.in/yaml.v2 v2.2.2
)
28 changes: 28 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,23 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/aws/aws-sdk-go v1.20.5 h1:Ytq5AxpA2pr4vRJM9onvgAjjVRZKKO63WStbG/jLHw0=
github.com/aws/aws-sdk-go v1.20.5/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f h1:WBZRG4aNOuI15bLRrCgN8fCq8E5Xuty6jGbmSNEvSsU=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/envoyproxy/go-control-plane v0.8.0 h1:uE6Fp4fOcAJdc1wTQXLJ+SYistkbG1dNoi6Zs1+Ybvk=
github.com/envoyproxy/go-control-plane v0.8.0/go.mod h1:GSSbY9P1neVhdY7G4wu+IK1rk/dqhiCC/4ExuWJZVuk=
github.com/envoyproxy/go-control-plane v0.8.4 h1:moNlmfa71yZkzDxAb4Fz5qwaW1giZmTtwn6P/gYIK6E=
github.com/envoyproxy/go-control-plane v0.8.4/go.mod h1:XB9+ce7x+IrsjgIVnRnql0O61gj/np0/bGDfhJI3sCU=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.2 h1:GJ5MKABRjz+QuET1GHm0KD9HC/mAzb3g2FznLQ0aThc=
github.com/envoyproxy/go-control-plane v0.9.2/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.0.0-20190405222122-d6164de49109 h1:FNgqGzbOm637YKRbYGKb9cqGo8i50++w/LWvMau7jrw=
github.com/envoyproxy/protoc-gen-validate v0.0.0-20190405222122-d6164de49109/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v0.0.14 h1:YBW6/cKy9prEGRYLnaGa4IDhzxZhRCtKsax8srGKDnM=
github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/gogo/googleapis v1.1.0 h1:kFkMAZBNAn4j7K0GiZr8cRYzejq68VbheufiV3YuyFI=
Expand All @@ -25,6 +33,8 @@ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2-0.20190517061210-b285ee9cfc6c h1:zqAKixg3cTcIasAMJV+EcfVbWwLpOZ7LeoWJvcuD/5Q=
github.com/golang/protobuf v1.3.2-0.20190517061210-b285ee9cfc6c/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
Expand All @@ -37,43 +47,61 @@ github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVE
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443 h1:IcSOAf4PyMp3U3XbIEj1/xJ2BjNN2jWv7JoyOsMxXUU=
golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c h1:uOCk1iQW6Vc18bnC13MfzScl+wdKBmM9Y9kU7Z83/lw=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190508220229-2d0786266e9c h1:hDn6jm7snBX2O7+EeTk6Q4WXJfKt7MWgtiCCRi1rBoY=
golang.org/x/sys v0.0.0-20190508220229-2d0786266e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 h1:Nw54tB0rB7hY/N0NQvRW8DG4Yk3Q6T9cu9RcFQDu1tc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.21.1 h1:j6XxA85m/6txkUCHvzlV5f+HBNl/1r5cZ2A/3IEFOO8=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
istio.io/gogo-genproto v0.0.0-20190124151557-6d926a6e6feb/go.mod h1:eIDJ6jNk/IeJz6ODSksHl5Aiczy5JUq6vFhJWI5OtiI=
istio.io/gogo-genproto v0.0.0-20190731221249-06e20ada0df2 h1:AZ+aTgKSBmBc6KtZU+P+Wr2dOdPriJu09cU8wGMG+/M=
istio.io/gogo-genproto v0.0.0-20190731221249-06e20ada0df2/go.mod h1:IjvrbUlRbbw4JCpsgvgihcz9USUwEoNTL/uwMtyV5yk=
15 changes: 8 additions & 7 deletions pkg/envoy/authzfilter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ import (
"time"

api "github.com/envoyproxy/go-control-plane/envoy/api/v2"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/listener"
core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener"
extAuthz "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/ext_authz/v2"
"github.com/gogo/protobuf/types"
"github.com/golang/protobuf/ptypes"
any "github.com/golang/protobuf/ptypes/any"
)

type AuthzFilter struct{}
Expand Down Expand Up @@ -38,7 +39,7 @@ func (a *AuthzFilter) updateListenersWithAuthzFilter(cache *WorkQueueCache, para
updateHTTPFilterWithConfig(&manager.HttpFilters, "envoy.ext_authz", authzConfigEncoded)

// update manager in cache
pbst, err := types.MarshalAny(&manager)
pbst, err := ptypes.MarshalAny(&manager)
if err != nil {
return err
}
Expand All @@ -54,12 +55,12 @@ func (a *AuthzFilter) updateListenersWithAuthzFilter(cache *WorkQueueCache, para

return nil
}
func (a *AuthzFilter) getAuthzFilterEncoded(params ListenerParams) (*types.Any, error) {
func (a *AuthzFilter) getAuthzFilterEncoded(params ListenerParams) (*any.Any, error) {
authzConfig, err := a.getAuthzFilter(params)
if err != nil {
return nil, err
}
authzConfigEncoded, err := types.MarshalAny(authzConfig)
authzConfigEncoded, err := ptypes.MarshalAny(authzConfig)
if err != nil {
return nil, err
}
Expand All @@ -75,7 +76,7 @@ func (a *AuthzFilter) getAuthzFilter(params ListenerParams) (*extAuthz.ExtAuthz,
FailureModeAllow: params.Authz.FailureModeAllow,
Services: &extAuthz.ExtAuthz_GrpcService{
GrpcService: &core.GrpcService{
Timeout: types.DurationProto(timeout),
Timeout: ptypes.DurationProto(timeout),
TargetSpecifier: &core.GrpcService_EnvoyGrpc_{
EnvoyGrpc: &core.GrpcService_EnvoyGrpc{
ClusterName: params.Name,
Expand Down
2 changes: 1 addition & 1 deletion pkg/envoy/callback.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import (
"context"

v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
)

type Callback struct {
Expand Down
28 changes: 19 additions & 9 deletions pkg/envoy/cluster.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,11 @@ import (
"time"

api "github.com/envoyproxy/go-control-plane/envoy/api/v2"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/auth"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint"
"github.com/envoyproxy/go-control-plane/pkg/cache"
auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth"
core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
endpoint "github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint"
cache "github.com/envoyproxy/go-control-plane/pkg/cache"
"github.com/golang/protobuf/ptypes"
)

type Cluster struct{}
Expand Down Expand Up @@ -42,10 +43,19 @@ func (c *Cluster) getAllClusterNames(clusters []cache.Resource) []string {
}

func (c *Cluster) createCluster(params ClusterParams) *api.Cluster {
var tlsContext *auth.UpstreamTlsContext
var transportSocket *core.TransportSocket
if params.Port == 443 {
tlsContext = &auth.UpstreamTlsContext{
tlsContext, err := ptypes.MarshalAny(&auth.UpstreamTlsContext{
Sni: params.TargetHostname,
})
if err != nil {
panic(err)
}
transportSocket = &core.TransportSocket{
Name: "tls",
ConfigType: &core.TransportSocket_TypedConfig{
TypedConfig: tlsContext,
},
}
}

Expand All @@ -54,7 +64,7 @@ func (c *Cluster) createCluster(params ClusterParams) *api.Cluster {
address := &core.Address{Address: &core.Address_SocketAddress{
SocketAddress: &core.SocketAddress{
Address: params.TargetHostname,
Protocol: core.TCP,
Protocol: core.SocketAddress_TCP,
PortSpecifier: &core.SocketAddress_PortValue{
PortValue: uint32(params.Port),
},
Expand All @@ -68,10 +78,10 @@ func (c *Cluster) createCluster(params ClusterParams) *api.Cluster {
ClusterDiscoveryType: &api.Cluster_Type{
Type: api.Cluster_STRICT_DNS,
},
ConnectTimeout: &connectTimeout,
ConnectTimeout: ptypes.DurationProto(connectTimeout),
DnsLookupFamily: api.Cluster_V4_ONLY,
LbPolicy: api.Cluster_ROUND_ROBIN,
TlsContext: tlsContext,
TransportSocket: transportSocket,
LoadAssignment: &api.ClusterLoadAssignment{
ClusterName: params.Name,
Endpoints: []*endpoint.LocalityLbEndpoints{
Expand Down
2 changes: 1 addition & 1 deletion pkg/envoy/hasher.go
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package envoy

import (
"github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
)

// Hasher returns node ID as an ID
Expand Down
41 changes: 25 additions & 16 deletions pkg/envoy/jwtprovider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,16 @@ package envoy
import (
"fmt"
"sort"
"time"

api "github.com/envoyproxy/go-control-plane/envoy/api/v2"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/listener"
"github.com/envoyproxy/go-control-plane/envoy/api/v2/route"
core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener"
route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route"
jwtAuth "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/jwt_authn/v2alpha"
hcm "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2"
"github.com/gogo/protobuf/types"
matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher"
"github.com/golang/protobuf/ptypes"
)

type JwtProvider struct{}
Expand Down Expand Up @@ -105,8 +107,11 @@ func (j *JwtProvider) getJwtRule(conditions Conditions, clusterName string, jwtP
if len(methodHeaders) == 0 {
rules = append(rules, &jwtAuth.RequirementRule{
Match: &route.RouteMatch{
PathSpecifier: &route.RouteMatch_Regex{
Regex: conditions.Regex,
PathSpecifier: &route.RouteMatch_SafeRegex{
SafeRegex: &matcher.RegexMatcher{
Regex: conditions.Regex,
EngineType: &matcher.RegexMatcher_GoogleRe2{GoogleRe2: &matcher.RegexMatcher_GoogleRE2{}},
},
},
Headers: hostnameHeaders,
},
Expand All @@ -116,8 +121,11 @@ func (j *JwtProvider) getJwtRule(conditions Conditions, clusterName string, jwtP
for _, methodHeader := range methodHeaders {
rules = append(rules, &jwtAuth.RequirementRule{
Match: &route.RouteMatch{
PathSpecifier: &route.RouteMatch_Regex{
Regex: conditions.Regex,
PathSpecifier: &route.RouteMatch_SafeRegex{
SafeRegex: &matcher.RegexMatcher{
Regex: conditions.Regex,
EngineType: &matcher.RegexMatcher_GoogleRe2{GoogleRe2: &matcher.RegexMatcher_GoogleRE2{}},
},
},
Headers: append(hostnameHeaders, methodHeader),
},
Expand All @@ -133,7 +141,7 @@ func (j *JwtProvider) getJwtRule(conditions Conditions, clusterName string, jwtP
func (j *JwtProvider) jwtRuleExist(rules []*jwtAuth.RequirementRule, rule *jwtAuth.RequirementRule) bool {
ruleFound := false
for _, v := range rules {
if v.Match.Equal(rule.Match) && v.Requires.RequiresType.(*jwtAuth.JwtRequirement_ProviderName).ProviderName == rule.Requires.RequiresType.(*jwtAuth.JwtRequirement_ProviderName).ProviderName {
if routeMatchEqual(v.Match, rule.Match) && v.Requires.RequiresType.(*jwtAuth.JwtRequirement_ProviderName).ProviderName == rule.Requires.RequiresType.(*jwtAuth.JwtRequirement_ProviderName).ProviderName {
ruleFound = true
}
}
Expand All @@ -153,7 +161,8 @@ func (j *JwtProvider) getJwtConfig(auth Auth) *jwtAuth.JwtAuthentication {
JwksSourceSpecifier: &jwtAuth.JwtProvider_RemoteJwks{
RemoteJwks: &jwtAuth.RemoteJwks{
HttpUri: &core.HttpUri{
Uri: auth.RemoteJwks,
Uri: auth.RemoteJwks,
Timeout: ptypes.DurationProto(30 * time.Second),
HttpUpstreamType: &core.HttpUri_Cluster{
Cluster: "jwtProvider_" + auth.JwtProvider,
},
Expand Down Expand Up @@ -186,14 +195,14 @@ func (j *JwtProvider) updateListenerWithJwtProvider(cache *WorkQueueCache, param
jwtConfig.Providers[params.Auth.JwtProvider] = jwtNewConfig.Providers[params.Auth.JwtProvider]
logger.Debugf("Adding/updating %s to jwt config", params.Auth.JwtProvider)

jwtConfigEncoded, err := types.MarshalAny(&jwtConfig)
jwtConfigEncoded, err := ptypes.MarshalAny(&jwtConfig)
if err != nil {
panic(err)
}

updateHTTPFilterWithConfig(&manager.HttpFilters, "envoy.filters.http.jwt_authn", jwtConfigEncoded)

pbst, err := types.MarshalAny(&manager)
pbst, err := ptypes.MarshalAny(&manager)
if err != nil {
panic(err)
}
Expand Down Expand Up @@ -274,14 +283,14 @@ func (j *JwtProvider) UpdateJwtRule(cache *WorkQueueCache, params ListenerParams
jwtConfig.Rules = append(jwtConfig.Rules, newJwtRule)
}
}
jwtConfigEncoded, err := types.MarshalAny(&jwtConfig)
jwtConfigEncoded, err := ptypes.MarshalAny(&jwtConfig)
if err != nil {
panic(err)
}

updateHTTPFilterWithConfig(&manager.HttpFilters, "envoy.filters.http.jwt_authn", jwtConfigEncoded)

pbst, err := types.MarshalAny(&manager)
pbst, err := ptypes.MarshalAny(&manager)
if err != nil {
panic(err)
}
Expand Down Expand Up @@ -351,7 +360,7 @@ func (j *JwtProvider) DeleteJwtRule(cache *WorkQueueCache, params ListenerParams
index := j.requirementRuleIndex(jwtConfig.Rules, rule)
jwtConfig.Rules = append(jwtConfig.Rules[:index], jwtConfig.Rules[index+1:]...)
}
jwtConfigEncoded, err := types.MarshalAny(&jwtConfig)
jwtConfigEncoded, err := ptypes.MarshalAny(&jwtConfig)
if err != nil {
panic(err)
}
Expand All @@ -361,7 +370,7 @@ func (j *JwtProvider) DeleteJwtRule(cache *WorkQueueCache, params ListenerParams
logger.Debugf("Couldn't find jwt provider %s during deleteRoute", params.Auth.JwtProvider)
}

pbst, err := types.MarshalAny(&manager)
pbst, err := ptypes.MarshalAny(&manager)
if err != nil {
panic(err)
}
Expand Down
Loading

0 comments on commit 1c6d1d5

Please sign in to comment.