ext_proc: send attributes

source/extensions/filters/http/ext_proc/BUILD

@@ -21,6 +21,7 @@ envoy_cc_library(
     ],
     deps = [
         ":client_interface",
+        ":matching_utils_lib",
         ":mutation_utils_lib",
         "//envoy/event:timer_interface",
         "//envoy/http:filter_interface",
@@ -80,6 +81,31 @@ envoy_cc_library(
     ],
 )
 
+envoy_cc_library(
+    name = "matching_utils_lib",
+    srcs = ["matching_utils.cc"],
+    hdrs = ["matching_utils.h"],
+    copts = select({
+        "//bazel:windows_x86_64": [],
+        "//conditions:default": [
+            "-DUSE_CEL_PARSER",
+        ],
+    }),
+    deps = [
+        "//envoy/http:header_map_interface",
+        "//source/common/protobuf",
+        "//source/extensions/filters/common/expr:evaluator_lib",
+        "@com_google_cel_cpp//eval/public:cel_expr_builder_factory",
+    ] + select(
+        {
+            "//bazel:windows_x86_64": [],
+            "//conditions:default": [
+                "@com_google_cel_cpp//parser",
+            ],
+        },
+    ),
+)
+
 envoy_cc_library(
     name = "client_lib",
     srcs = ["client_impl.cc"],

source/extensions/filters/http/ext_proc/config.cc

@@ -1,5 +1,6 @@
 #include "source/extensions/filters/http/ext_proc/config.h"
 
+#include "source/extensions/filters/common/expr/evaluator.h"
 #include "source/extensions/filters/http/ext_proc/client_impl.h"
 #include "source/extensions/filters/http/ext_proc/ext_proc.h"
 
@@ -15,9 +16,9 @@ Http::FilterFactoryCb ExternalProcessingFilterConfig::createFilterFactoryFromPro
       PROTOBUF_GET_MS_OR_DEFAULT(proto_config, message_timeout, DefaultMessageTimeoutMs);
   const uint32_t max_message_timeout_ms =
       PROTOBUF_GET_MS_OR_DEFAULT(proto_config, max_message_timeout, DefaultMaxMessageTimeoutMs);
-  const auto filter_config =
-      std::make_shared<FilterConfig>(proto_config, std::chrono::milliseconds(message_timeout_ms),
-                                     max_message_timeout_ms, context.scope(), stats_prefix);
+  const auto filter_config = std::make_shared<FilterConfig>(
+      proto_config, std::chrono::milliseconds(message_timeout_ms), max_message_timeout_ms,
+      context.scope(), stats_prefix, Envoy::Extensions::Filters::Common::Expr::getBuilder(context));
 
   return [filter_config, grpc_service = proto_config.grpc_service(),
           &context](Http::FilterChainFactoryCallbacks& callbacks) {
@@ -45,9 +46,10 @@ ExternalProcessingFilterConfig::createFilterFactoryFromProtoWithServerContextTyp
       PROTOBUF_GET_MS_OR_DEFAULT(proto_config, message_timeout, DefaultMessageTimeoutMs);
   const uint32_t max_message_timeout_ms =
       PROTOBUF_GET_MS_OR_DEFAULT(proto_config, max_message_timeout, DefaultMaxMessageTimeoutMs);
-  const auto filter_config =
-      std::make_shared<FilterConfig>(proto_config, std::chrono::milliseconds(message_timeout_ms),
-                                     max_message_timeout_ms, server_context.scope(), stats_prefix);
+  const auto filter_config = std::make_shared<FilterConfig>(
+      proto_config, std::chrono::milliseconds(message_timeout_ms), max_message_timeout_ms,
+      server_context.scope(), stats_prefix,
+      Envoy::Extensions::Filters::Common::Expr::getBuilder(server_context));
 
   return [filter_config, grpc_service = proto_config.grpc_service(),
           &server_context](Http::FilterChainFactoryCallbacks& callbacks) {

source/extensions/filters/http/ext_proc/ext_proc.cc

@@ -1,5 +1,7 @@
 #include "source/extensions/filters/http/ext_proc/ext_proc.h"
 
+#include <typeinfo>
+
 #include "envoy/config/common/mutation_rules/v3/mutation_rules.pb.h"
 
 #include "source/common/http/utility.h"
@@ -201,7 +203,8 @@ void Filter::onDestroy() {
 }
 
 FilterHeadersStatus Filter::onHeaders(ProcessorState& state,
-                                      Http::RequestOrResponseHeaderMap& headers, bool end_stream) {
+                                      Http::RequestOrResponseHeaderMap& headers, bool end_stream,
+                                      absl::optional<ProtobufWkt::Struct> proto) {
   switch (openStream()) {
   case StreamOpenState::Error:
     return FilterHeadersStatus::StopIteration;
@@ -219,6 +222,9 @@ FilterHeadersStatus Filter::onHeaders(ProcessorState& state,
   MutationUtils::headersToProto(headers, config_->allowedHeaders(), config_->disallowedHeaders(),
                                 *headers_req->mutable_headers());
   headers_req->set_end_of_stream(end_stream);
+  if (proto.has_value()) {
+    (*headers_req->mutable_attributes())[FilterName] = proto.value();
+  }
   state.onStartProcessorCall(std::bind(&Filter::onMessageTimeout, this), config_->messageTimeout(),
                              ProcessorState::CallbackState::HeadersCallback);
   ENVOY_LOG(debug, "Sending headers message");
@@ -237,7 +243,16 @@ FilterHeadersStatus Filter::decodeHeaders(RequestHeaderMap& headers, bool end_st
 
   FilterHeadersStatus status = FilterHeadersStatus::Continue;
   if (decoding_state_.sendHeaders()) {
-    status = onHeaders(decoding_state_, headers, end_stream);
+    absl::optional<Envoy::ProtobufWkt::Struct> proto;
+    if (config().hasRequestExpr()) {
+      auto activation_ptr = Filters::Common::Expr::createActivation(decoding_state_.streamInfo(),
+                                                                    &headers, nullptr, nullptr);
+      ExpressionManager::printExprPtrAndType(config().getExprPtr("request.path"),
+                                             "in decodeHeaders");
+      proto = config().evaluateRequestAttributes(std::move(activation_ptr));
+    }
+
+    status = onHeaders(decoding_state_, headers, end_stream, proto);
     ENVOY_LOG(trace, "onHeaders returning {}", static_cast<int>(status));
   } else {
     ENVOY_LOG(trace, "decodeHeaders: Skipped header processing");
@@ -515,7 +530,14 @@ FilterHeadersStatus Filter::encodeHeaders(ResponseHeaderMap& headers, bool end_s
 
   FilterHeadersStatus status = FilterHeadersStatus::Continue;
   if (!processing_complete_ && encoding_state_.sendHeaders()) {
-    status = onHeaders(encoding_state_, headers, end_stream);
+    absl::optional<Envoy::ProtobufWkt::Struct> proto;
+    if (config_->hasResponseExpr()) {
+      auto activation_ptr = Filters::Common::Expr::createActivation(encoding_state_.streamInfo(),
+                                                                    nullptr, &headers, nullptr);
+      proto = config_->evaluateResponseAttributes(std::move(activation_ptr));
+    }
+
+    status = onHeaders(encoding_state_, headers, end_stream, proto);
     ENVOY_LOG(trace, "onHeaders returns {}", static_cast<int>(status));
   } else {
     ENVOY_LOG(trace, "encodeHeaders: Skipped header processing");

source/extensions/filters/http/ext_proc/ext_proc.h

@@ -24,6 +24,7 @@
 #include "source/extensions/filters/common/mutation_rules/mutation_rules.h"
 #include "source/extensions/filters/http/common/pass_through_filter.h"
 #include "source/extensions/filters/http/ext_proc/client.h"
+#include "source/extensions/filters/http/ext_proc/matching_utils.h"
 #include "source/extensions/filters/http/ext_proc/processor_state.h"
 
 namespace Envoy {
@@ -126,7 +127,8 @@ class FilterConfig {
   FilterConfig(const envoy::extensions::filters::http::ext_proc::v3::ExternalProcessor& config,
                const std::chrono::milliseconds message_timeout,
                const uint32_t max_message_timeout_ms, Stats::Scope& scope,
-               const std::string& stats_prefix)
+               const std::string& stats_prefix,
+               Extensions::Filters::Common::Expr::BuilderInstanceSharedPtr builder)
       : failure_mode_allow_(config.failure_mode_allow()),
         disable_clear_route_cache_(config.disable_clear_route_cache()),
         message_timeout_(message_timeout), max_message_timeout_ms_(max_message_timeout_ms),
@@ -135,8 +137,19 @@ class FilterConfig {
         filter_metadata_(config.filter_metadata()),
         allow_mode_override_(config.allow_mode_override()),
         disable_immediate_response_(config.disable_immediate_response()),
-        allowed_headers_(initHeaderMatchers(config.forward_rules().allowed_headers())),
-        disallowed_headers_(initHeaderMatchers(config.forward_rules().disallowed_headers())) {}
+        allowed_headers_(
+            MatchingUtils::initHeaderMatchers(config.forward_rules().allowed_headers())),
+        disallowed_headers_(
+            MatchingUtils::initHeaderMatchers(config.forward_rules().disallowed_headers())),
+        expression_manager_(builder, config.request_attributes(), config.response_attributes()) {
+    printExprPtrAndType("in FilterConfig constructor");
+  }
+
+  // TODO delete
+  void printExprPtrAndType(std::string location) {
+    expression_manager_.printExprPtrAndType(expression_manager_.getExprPtr("request.path"),
+                                            location);
+  }
 
   bool failureModeAllow() const { return failure_mode_allow_; }
 
@@ -166,23 +179,31 @@ class FilterConfig {
 
   const Envoy::ProtobufWkt::Struct& filterMetadata() const { return filter_metadata_; }
 
+  const absl::optional<ProtobufWkt::Struct>
+  evaluateRequestAttributes(const Filters::Common::Expr::ActivationPtr& activation) const {
+    return expression_manager_.evaluateRequestAttributes(std::move(activation));
+  }
+
+  const absl::optional<ProtobufWkt::Struct>
+  evaluateResponseAttributes(const Filters::Common::Expr::ActivationPtr& activation) const {
+    return expression_manager_.evaluateResponseAttributes(std::move(activation));
+  }
+
+  bool hasRequestExpr() const { return expression_manager_.hasRequestExpr(); }
+
+  bool hasResponseExpr() const { return expression_manager_.hasResponseExpr(); }
+
+  // TODO: delete
+  const ExpressionManager::ExpressionPtrWithExpr& getExprPtr(std::string matcher) const {
+    return expression_manager_.getExprPtr(matcher);
+  }
+
 private:
   ExtProcFilterStats generateStats(const std::string& prefix,
                                    const std::string& filter_stats_prefix, Stats::Scope& scope) {
     const std::string final_prefix = absl::StrCat(prefix, "ext_proc.", filter_stats_prefix);
     return {ALL_EXT_PROC_FILTER_STATS(POOL_COUNTER_PREFIX(scope, final_prefix))};
   }
-  const std::vector<Matchers::StringMatcherPtr>
-  initHeaderMatchers(const envoy::type::matcher::v3::ListStringMatcher& header_list) {
-    std::vector<Matchers::StringMatcherPtr> header_matchers;
-    for (const auto& matcher : header_list.patterns()) {
-      header_matchers.push_back(
-          std::make_unique<Matchers::StringMatcherImpl<envoy::type::matcher::v3::StringMatcher>>(
-              matcher));
-    }
-    return header_matchers;
-  }
-
   const bool failure_mode_allow_;
   const bool disable_clear_route_cache_;
   const std::chrono::milliseconds message_timeout_;
@@ -201,6 +222,8 @@ class FilterConfig {
   const std::vector<Matchers::StringMatcherPtr> allowed_headers_;
   // Empty disallowed_header_ means disallow nothing, i.e, allow all.
   const std::vector<Matchers::StringMatcherPtr> disallowed_headers_;
+
+  const ExpressionManager expression_manager_;
 };
 
 using FilterConfigSharedPtr = std::shared_ptr<FilterConfig>;
@@ -248,7 +271,9 @@ class Filter : public Logger::Loggable<Logger::Id::ext_proc>,
       : config_(config), client_(std::move(client)), stats_(config->stats()),
         grpc_service_(grpc_service), config_with_hash_key_(grpc_service),
         decoding_state_(*this, config->processingMode()),
-        encoding_state_(*this, config->processingMode()) {}
+        encoding_state_(*this, config->processingMode()) {
+    config_->printExprPtrAndType("in Filter constructor");
+  }
 
   const FilterConfig& config() const { return *config_; }
 
@@ -300,7 +325,9 @@ class Filter : public Logger::Loggable<Logger::Id::ext_proc>,
   void sendImmediateResponse(const envoy::service::ext_proc::v3::ImmediateResponse& response);
 
   Http::FilterHeadersStatus onHeaders(ProcessorState& state,
-                                      Http::RequestOrResponseHeaderMap& headers, bool end_stream);
+                                      Http::RequestOrResponseHeaderMap& headers, bool end_stream,
+                                      absl::optional<ProtobufWkt::Struct> proto);
+
   // Return a pair of whether to terminate returning the current result.
   std::pair<bool, Http::FilterDataStatus> sendStreamChunk(ProcessorState& state);
   Http::FilterDataStatus onData(ProcessorState& state, Buffer::Instance& data, bool end_stream);

source/extensions/filters/http/ext_proc/matching_utils.cc

@@ -0,0 +1,47 @@
+#include "source/extensions/filters/http/ext_proc/matching_utils.h"
+
+#include <memory>
+#include <typeinfo>
+
+namespace Envoy {
+namespace Extensions {
+namespace HttpFilters {
+namespace ExternalProcessing {
+
+absl::flat_hash_map<std::string, std::unique_ptr<ExpressionManager::ExpressionPtrWithExpr>>
+ExpressionManager::initExpressions(const Protobuf::RepeatedPtrField<std::string>& matchers) const {
+  absl::flat_hash_map<std::string, std::unique_ptr<ExpressionManager::ExpressionPtrWithExpr>>
+      expressions;
+#if defined(USE_CEL_PARSER)
+  for (const auto& matcher : matchers) {
+    auto parse_status = google::api::expr::parser::Parse(matcher);
+    if (!parse_status.ok()) {
+      throw EnvoyException("Unable to parse descriptor expression: " +
+                           parse_status.status().ToString());
+    }
+    const google::api::expr::v1alpha1::Expr& parse_status_expr = parse_status.value().expr();
+    const Filters::Common::Expr::ExpressionPtr& expression =
+        Extensions::Filters::Common::Expr::createExpression(builder_->builder(), parse_status_expr);
+    std::unique_ptr<ExpressionPtrWithExpr> expr =
+        std::make_unique<ExpressionPtrWithExpr>(parse_status_expr, std::move(expression.get()));
+    if (matcher == "request.path") {
+      ExpressionManager::printExprPtrAndType(*expr, "after construction");
+    }
+    expressions.try_emplace(matcher, std::move(expr));
+    if (matcher == "request.path") {
+      ExpressionManager::printExprPtrAndType(*expressions.at(matcher),
+                                             "after placing in container");
+    }
+  }
+#else
+  ENVOY_LOG(warn, "CEL expression parsing is not available for use in this environment."
+                  " Attempted to parse " +
+                      std::to_string(matchers.size()) + " expressions");
+#endif
+  return expressions;
+}
+
+} // namespace ExternalProcessing
+} // namespace HttpFilters
+} // namespace Extensions
+} // namespace Envoy