Use the TransformationPolicy API directly as rustformation config

cmd/envoyinit/Dockerfile

@@ -46,7 +46,6 @@ ENV DEBIAN_FRONTEND=noninteractive
 
 # Update our deps to make cve toil lower
 # install wget for our default probes
-USER root
 RUN apt-get update \
     && apt-get upgrade -y \
     && apt-get install wget ca-certificates -y \

internal/envoyinit/rustformations/src/http_simple_mutations.rs

@@ -1,41 +1,46 @@
 use envoy_proxy_dynamic_modules_rust_sdk::*;
 use lazy_static::lazy_static;
-use serde::{Deserialize, Serialize};
+use serde::Deserialize;
 use std::collections::HashMap;
+use std::ops::Deref;
+use transformations::{LocalTransformationConfig, TransformationOps};
 
 #[cfg(test)]
 use mockall::*;
 
 lazy_static! {
     static ref EMPTY_MAP: HashMap<String, String> = HashMap::new();
 }
-#[derive(Serialize, Deserialize, Clone)]
-pub struct PerRouteConfig {
-    #[serde(default)]
-    request_headers_setter: Vec<(String, String)>,
-    #[serde(default)]
-    response_headers_setter: Vec<(String, String)>,
+#[derive(Deserialize, Clone)]
+pub struct FilterConfig {
+    transformations: LocalTransformationConfig,
 }
 
-impl PerRouteConfig {
-    pub fn new(config: &str) -> Option<Self> {
-        let per_route_config: PerRouteConfig = match serde_json::from_str(config) {
-            Ok(cfg) => cfg,
-            Err(err) => {
-                envoy_log_error!("Error parsing per route config: {config} {err}");
-                return None;
-            }
-        };
-        Some(per_route_config)
+struct EnvoyTransformationOps<'a> {
+    envoy_filter: &'a mut dyn EnvoyHttpFilter,
+}
+
+impl TransformationOps for EnvoyTransformationOps<'_> {
+    fn set_request_header(&mut self, key: &str, value: &[u8]) -> bool {
+        self.envoy_filter.set_request_header(key, value)
+    }
+    fn remove_request_header(&mut self, key: &str) -> bool {
+        self.envoy_filter.remove_request_header(key)
+    }
+    fn set_response_header(&mut self, key: &str, value: &[u8]) -> bool {
+        self.envoy_filter.set_response_header(key, value)
+    }
+    fn remove_response_header(&mut self, key: &str) -> bool {
+        self.envoy_filter.remove_response_header(key)
     }
 }
 
-#[derive(Serialize, Deserialize, Clone)]
-pub struct FilterConfig {
-    #[serde(default)]
-    request_headers_setter: Vec<(String, String)>,
-    #[serde(default)]
-    response_headers_setter: Vec<(String, String)>,
+impl Deref for FilterConfig {
+    type Target = LocalTransformationConfig;
+
+    fn deref(&self) -> &Self::Target {
+        &self.transformations
+    }
 }
 
 impl FilterConfig {
@@ -44,19 +49,23 @@ impl FilterConfig {
     /// filter_config is the filter config from the Envoy config here:
     /// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/dynamic_modules/v3/dynamic_modules.proto#envoy-v3-api-msg-extensions-dynamic-modules-v3-dynamicmoduleconfig
     pub fn new(filter_config: &str) -> Option<Self> {
-        let filter_config: FilterConfig = match serde_json::from_str(filter_config) {
-            // TODO(nfuden): Handle optional configuration entries more cleanly. Currently all values are required to be present
+        let config: LocalTransformationConfig = match serde_json::from_str(filter_config) {
             Ok(cfg) => cfg,
             Err(err) => {
-                // TODO(nfuden): Dont panic if there is incorrect configuration
+                // Dont panic if there is incorrect configuration
                 envoy_log_error!("Error parsing filter config: {filter_config} {err}");
                 return None;
             }
         };
-        Some(filter_config)
+        Some(FilterConfig {
+            transformations: config,
+        })
     }
 }
 
+// Since PerRouteConfig is the same as the FilterConfig, for now just just a type alias
+pub type PerRouteConfig = FilterConfig;
+
 impl<EHF: EnvoyHttpFilter> HttpFilterConfig<EHF> for FilterConfig {
     /// This is called for each new HTTP filter.
     fn new_http_filter(&mut self, _envoy: &mut EHF) -> Box<dyn HttpFilter<EHF>> {
@@ -140,35 +149,39 @@ impl Filter {
     }
 
     fn transform_request_headers<EHF: EnvoyHttpFilter>(&self, envoy_filter: &mut EHF) {
-        let setters = match self.get_per_route_config() {
-            Some(config) => &config.request_headers_setter,
-            None => &self.filter_config.request_headers_setter,
+        let set = match self.get_per_route_config() {
+            Some(config) => &config.request.as_ref().map(|r| &r.set),
+            None => &self.filter_config.request.as_ref().map(|r| &r.set),
         };
 
-        transformations::jinja::transform_request_headers(
-            setters,
-            &self.env,
-            self.get_request_headers_map(),
-            |key, value| envoy_filter.set_request_header(key, value),
-        );
+        if let Some(setters) = set {
+            transformations::jinja::transform_request_headers(
+                setters,
+                &self.env,
+                self.get_request_headers_map(),
+                EnvoyTransformationOps { envoy_filter },
+            );
+        }
     }
 
     fn transform_response_headers<EHF: EnvoyHttpFilter>(&self, envoy_filter: &mut EHF) {
-        let setters = match self.get_per_route_config() {
-            Some(config) => &config.response_headers_setter,
-            None => &self.filter_config.response_headers_setter,
+        let set = match self.get_per_route_config() {
+            Some(config) => &config.response.as_ref().map(|r| &r.set),
+            None => &self.filter_config.response.as_ref().map(|r| &r.set),
         };
 
-        // TODO(nfuden): find someone who knows rust to see if we really need this Hash map for serialization
-        let response_headers_map = self.create_headers_map(envoy_filter.get_response_headers());
-
-        transformations::jinja::transform_response_headers(
-            setters,
-            &self.env,
-            self.get_request_headers_map(),
-            &response_headers_map,
-            |key, value| envoy_filter.set_response_header(key, value),
-        );
+        if let Some(setters) = set {
+            // TODO(nfuden): find someone who knows rust to see if we really need this Hash map for serialization
+            let response_headers_map = self.create_headers_map(envoy_filter.get_response_headers());
+
+            transformations::jinja::transform_response_headers(
+                setters,
+                &self.env,
+                self.get_request_headers_map(),
+                &response_headers_map,
+                EnvoyTransformationOps { envoy_filter },
+            );
+        }
     }
 }
 
@@ -241,29 +254,28 @@ mod tests {
         let mut envoy_filter = envoy_proxy_dynamic_modules_rust_sdk::MockEnvoyHttpFilter::default();
 
         // construct the filter config
-        // most upstream tests start with the filter itself but we are tryign to add heavier logic
-        // to the config factory strat rather than running it on header calls
-        let mut filter_conf = FilterConfig {
-            request_headers_setter: vec![
-                (
-                    "X-substring".to_string(),
-                    "{{substring(\"ENVOYPROXY something\", 5, 10) }}".to_string(),
-                ),
-                (
-                    "X-substring-no-3rd".to_string(),
-                    "{{substring(\"ENVOYPROXY something\", 5) }}".to_string(),
-                ),
-                (
-                    "X-donor-header-contents".to_string(),
-                    "{{ header(\"x-donor\") }}".to_string(),
-                ),
-                (
-                    "X-donor-header-substringed".to_string(),
-                    "{{ substring( header(\"x-donor\"), 0, 7)}}".to_string(),
-                ),
-            ],
-            response_headers_setter: vec![("X-Bar".to_string(), "foo".to_string())],
-        };
+        // most upstream tests start with the filter itself but we are trying to add heavier logic
+        // to the config factory start rather than running it on header calls
+        let json_str = r#"
+        {
+          "request": {
+            "set": [
+              { "name": "X-substring", "value": "{{substring(\"ENVOYPROXY something\", 5, 10) }}" },
+              { "name": "X-substring-no-3rd", "value": "{{substring(\"ENVOYPROXY something\", 5) }}" },
+              { "name": "X-donor-header-contents", "value": "{{ header(\"x-donor\") }}" },
+              { "name": "X-donor-header-substringed", "value": "{{ substring( header(\"x-donor\"), 0, 7)}}" }
+            ]
+          },
+          "response": {
+            "set": [
+              { "name": "X-Bar", "value": "foo" }
+            ]
+          },
+          "foo": "This is a fake field to make sure the parser will ignore an new fields from the control plane for compatibility"
+        }
+        "#;
+        let mut filter_conf =
+            FilterConfig::new(json_str).expect("Failed to parse filter config json: {json_str}");
         let mut filter = filter_conf.new_http_filter(&mut envoy_filter);
 
         envoy_filter
@@ -356,13 +368,22 @@ mod tests {
         // construct the filter config
         // most upstream tests start with the filter itself but we are trying to add heavier logic
         // to the config factory start rather than running it on header calls
-        let mut filter_conf = FilterConfig {
-            request_headers_setter: vec![(
-                "X-if-truth".to_string(),
-                "{%- if true -%}supersuper{% endif %}".to_string(),
-            )],
-            response_headers_setter: vec![("X-Bar".to_string(), "foo".to_string())],
-        };
+        let json_str = r#"
+        {
+          "request": {
+            "set": [
+              { "name": "X-if-truth", "value": "{%- if true -%}supersuper{% endif %}" }
+            ]
+          },
+          "response": {
+            "set": [
+                { "name": "X-Bar", "value": "foo" }
+            ]
+          }
+        }
+        "#;
+        let mut filter_conf =
+            FilterConfig::new(json_str).expect("Failed to parse filter config json: {json_str}");
         let mut filter = filter_conf.new_http_filter(&mut envoy_filter);
 
         envoy_filter

internal/envoyinit/rustformations/src/lib.rs

@@ -35,7 +35,6 @@ fn new_http_filter_config_fn<EC: EnvoyHttpFilterConfig, EHF: EnvoyHttpFilter>(
     filter_name: &str,
     filter_config: &[u8],
 ) -> Option<Box<dyn HttpFilterConfig<EHF>>> {
-    envoy_log_trace!("new_http_filter_config_fn");
     let filter_config = match std::str::from_utf8(filter_config) {
         Ok(config) => config,
         Err(_) => {
@@ -55,7 +54,6 @@ fn new_http_filter_config_fn<EC: EnvoyHttpFilterConfig, EHF: EnvoyHttpFilter>(
 }
 
 fn new_http_filter_per_route_config_fn(name: &str, config: &[u8]) -> Option<Box<dyn Any>> {
-    envoy_log_trace!("new_http_filter_per_route_config_fn");
     let per_route_config = match std::str::from_utf8(config) {
         Ok(config) => config,
         Err(_) => {

internal/envoyinit/transformations/src/jinja.rs

@@ -1,3 +1,4 @@
+use crate::TransformationOps;
 use minijinja::value::Rest;
 use minijinja::{context, Environment, State};
 use serde::Deserialize;
@@ -87,15 +88,17 @@ pub fn new_jinja_env() -> Environment<'static> {
     env
 }
 
-pub fn transform_request_headers<F>(
+pub fn transform_request_headers<T: TransformationOps>(
     setters: &Vec<(String, String)>,
     env: &Environment<'static>,
     request_headers_map: &HashMap<String, String>,
-    mut set_request_header: F,
-) where
-    F: FnMut(&str, &[u8]) -> bool,
-{
+    mut ops: T,
+) {
     for (key, value) in setters {
+        if value.is_empty() {
+            ops.remove_request_header(key);
+            continue;
+        }
         let tmpl = env.template_from_str(value).unwrap();
         let rendered = tmpl.render(
             context!(headers => request_headers_map, request_headers => request_headers_map),
@@ -106,20 +109,22 @@ pub fn transform_request_headers<F>(
         } else {
             eprintln!("Error rendering template: {}", rendered.err().unwrap());
         }
-        set_request_header(key, rendered_str.as_bytes());
+        ops.set_request_header(key, rendered_str.as_bytes());
     }
 }
 
-pub fn transform_response_headers<F>(
+pub fn transform_response_headers<T: TransformationOps>(
     setters: &Vec<(String, String)>,
     env: &Environment<'static>,
     request_headers_map: &HashMap<String, String>,
     response_headers_map: &HashMap<String, String>,
-    mut set_response_header: F,
-) where
-    F: FnMut(&str, &[u8]) -> bool,
-{
+    mut ops: T,
+) {
     for (key, value) in setters {
+        if value.is_empty() {
+            ops.remove_response_header(key);
+            continue;
+        }
         let tmpl = env.template_from_str(value).unwrap();
         let rendered = tmpl.render(
             context!(headers => response_headers_map, request_headers => request_headers_map),
@@ -130,6 +135,6 @@ pub fn transform_response_headers<F>(
         } else {
             eprintln!("Error rendering template: {}", rendered.err().unwrap());
         }
-        set_response_header(key, rendered_str.as_bytes());
+        ops.set_response_header(key, rendered_str.as_bytes());
     }
 }

internal/envoyinit/transformations/src/lib.rs

@@ -1,5 +1,6 @@
+use serde::de::{self, Deserializer};
 use serde::Deserialize;
-use serde_with::serde_as;
+use serde_json::Value;
 type Strng = String;
 
 pub mod jinja;
@@ -12,17 +13,54 @@ pub struct LocalTransformationConfig {
     pub response: Option<LocalTransform>,
 }
 
-#[serde_as]
 #[derive(Default, Clone, Deserialize)]
 pub struct LocalTransform {
     #[serde(default)]
-    #[serde_as(as = "serde_with::Map<_, _>")]
+    #[serde(deserialize_with = "deserialize_name_value")]
     pub add: Vec<(Strng, Strng)>,
     #[serde(default)]
-    #[serde_as(as = "serde_with::Map<_, _>")]
+    #[serde(deserialize_with = "deserialize_name_value")]
     pub set: Vec<(Strng, Strng)>,
     #[serde(default)]
     pub remove: Vec<Strng>,
     #[serde(default)]
-    pub body: Option<Strng>,
+    pub body: Option<BodyTransform>,
+}
+
+#[derive(Default, Clone, Deserialize)]
+pub struct BodyTransform {
+    #[serde(default)]
+    pub parse_as: Strng,
+    #[serde(default)]
+    pub value: String,
+}
+
+fn deserialize_name_value<'de, D>(deserializer: D) -> Result<Vec<(Strng, Strng)>, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    let raw: Vec<Value> = Deserialize::deserialize(deserializer)?;
+    let mut result = Vec::new();
+
+    for item in raw {
+        if let Some(name) = item.get("name") {
+            let header_name = name.as_str().unwrap().to_string();
+            let mut header_value = String::new();
+            if let Some(value) = item.get("value") {
+                header_value = value.as_str().unwrap().to_string();
+            }
+            result.push((header_name, header_value));
+        } else {
+            return Err(de::Error::custom("missing name in header item"));
+        }
+    }
+
+    Ok(result)
+}
+
+pub trait TransformationOps {
+    fn set_request_header(&mut self, key: &str, value: &[u8]) -> bool;
+    fn remove_request_header(&mut self, key: &str) -> bool;
+    fn set_response_header(&mut self, key: &str, value: &[u8]) -> bool;
+    fn remove_response_header(&mut self, key: &str) -> bool;
 }