transformer header matchers (#31)

* added header matchers
* git tests running
* tested and working
* got unit tests passig again with null route_config
* integration tests work
* integration tests now include a skip
* fixed unit tests
* Merge branch 'master' of github.com:solo-io/envoy-gloo into transformer-header-matchers
* changelog
* nearly switched over with yuvals help, now for tests
* if no match is available, do not add transforms
* no more seg faults
* got tests passing again
* integration tests passing
* override
* updated matcher code to be generic
* made matchers common
* udpated package
* pr comments

Author: EItanya

api/envoy/config/filter/http/transformation/v2/BUILD

@@ -9,4 +9,10 @@ envoy_package()
 
 load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 
-api_proto_package()
+api_proto_package(
+    deps = [
+        "@envoy_api//envoy/api/v2/route:pkg",
+        "@envoy_api//envoy/type/matcher:pkg",
+        "@envoy_api//envoy/type:pkg",
+    ],
+    visibility = ["//visibility:public"],)

api/envoy/config/filter/http/transformation/v2/transformation_filter.proto

@@ -7,6 +7,33 @@ option java_outer_classname = "TransformationFilterProto";
 option java_multiple_files = true;
 option go_package = "transformation";
 
+import "validate/validate.proto";
+
+import "envoy/api/v2/route/route.proto";
+
+message FilterTransformations {
+  // Specifies transformations based on the route matches. The first matched transformation will be
+  // applied. If there are overlapped match conditions, please put the most specific match first.
+  repeated TransformationRule transformations = 1;
+}
+
+message TransformationRule {
+  // The route matching parameter. Only when the match is satisfied, the "requires" field will
+  // apply.
+  //
+  // For example: following match will match all requests.
+  //
+  // .. code-block:: yaml
+  //
+  //    match:
+  //      prefix: /
+  //
+  api.v2.route.RouteMatch match = 1 [(validate.rules).message = {required: true}];
+  // transformation to perform 
+  RouteTransformations route_transformations = 2;
+}
+
+
 message RouteTransformations {
   Transformation request_transformation = 1;
   // clear the route cache if the request transformation was applied

changelog/v0.1.18/header-matchers.yaml

@@ -0,0 +1,4 @@
+changelog:
+- type: NEW_FEATURE
+  issueLink: https://github.com/solo-io/envoy-gloo/issues/34
+  description: Add envoy header matching into transformation filter.

source/common/matcher/BUILD

@@ -0,0 +1,25 @@
+licenses(["notice"])  # Apache 2
+
+load(
+    "@envoy//bazel:envoy_build_system.bzl",
+    "envoy_cc_binary",
+    "envoy_cc_library",
+    "envoy_cc_test",
+    "envoy_package",
+)
+
+envoy_package()
+
+envoy_cc_library(
+    name = "matchers_lib",
+    srcs = ["matcher.cc"],
+    hdrs = ["matcher.h"],
+    repository = "@envoy",
+    external_deps = ["abseil_optional"],
+    deps = [
+        "@envoy//source/common/router:config_lib",
+        "@envoy//source/common/http:header_utility_lib",
+        "@envoy_api//envoy/api/v2/route:pkg_cc_proto",
+    ],
+)
+

source/common/matcher/matcher.cc

@@ -0,0 +1,160 @@
+#include "common/matcher/matcher.h"
+
+#include "common/common/logger.h"
+#include "common/common/regex.h"
+#include "common/router/config_impl.h"
+
+#include "absl/strings/match.h"
+
+using ::envoy::api::v2::route::RouteMatch;
+using Envoy::Router::ConfigUtility;
+
+namespace Envoy {
+namespace Matcher {
+namespace {
+
+/**
+ * Perform a match against any HTTP header or pseudo-header.
+ */
+class BaseMatcherImpl : public Matcher, public Logger::Loggable<Logger::Id::filter> {
+public:
+  BaseMatcherImpl(const ::envoy::api::v2::route::RouteMatch& match)
+      : case_sensitive_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(match, case_sensitive, true)),
+        config_headers_(Http::HeaderUtility::buildHeaderDataVector(match.headers())) {
+    for (const auto& query_parameter : match.query_parameters()) {
+      config_query_parameters_.push_back(
+          std::make_unique<Router::ConfigUtility::QueryParameterMatcher>(query_parameter));
+    }
+  }
+
+  // Check match for HeaderMatcher and QueryParameterMatcher
+  bool matchRoute(const Http::HeaderMap& headers) const {
+    bool matches = true;
+    // TODO(potatop): matching on RouteMatch runtime is not implemented.
+
+    matches &= Http::HeaderUtility::matchHeaders(headers, config_headers_);
+    if (!config_query_parameters_.empty()) {
+      Http::Utility::QueryParams query_parameters =
+          Http::Utility::parseQueryString(headers.Path()->value().getStringView());
+      matches &= ConfigUtility::matchQueryParams(query_parameters, config_query_parameters_);
+    }
+    return matches;
+  }
+
+protected:
+  const bool case_sensitive_;
+
+private:
+  std::vector<Http::HeaderUtility::HeaderDataPtr> config_headers_;
+  std::vector<Router::ConfigUtility::QueryParameterMatcherPtr> config_query_parameters_;
+};
+
+/**
+ * Perform a match against any path with prefix rule.
+ */
+class PrefixMatcherImpl : public BaseMatcherImpl {
+public:
+  PrefixMatcherImpl(const ::envoy::api::v2::route::RouteMatch& match)
+      : BaseMatcherImpl(match), prefix_(match.prefix()) {}
+
+  bool matches(const Http::HeaderMap& headers) const override {
+    if (BaseMatcherImpl::matchRoute(headers) &&
+        (case_sensitive_
+             ? absl::StartsWith(headers.Path()->value().getStringView(), prefix_)
+             : absl::StartsWithIgnoreCase(headers.Path()->value().getStringView(), prefix_))) {
+      ENVOY_LOG(debug, "Prefix requirement '{}' matched.", prefix_);
+      return true;
+    }
+    return false;
+  }
+
+private:
+  // prefix string
+  const std::string prefix_;
+};
+
+/**
+ * Perform a match against any path with a specific path rule.
+ */
+class PathMatcherImpl : public BaseMatcherImpl {
+public:
+  PathMatcherImpl(const ::envoy::api::v2::route::RouteMatch& match)
+      : BaseMatcherImpl(match), path_(match.path()) {}
+
+  bool matches(const Http::HeaderMap& headers) const override {
+    if (BaseMatcherImpl::matchRoute(headers)) {
+      const Http::HeaderString& path = headers.Path()->value();
+      const size_t compare_length =
+          path.getStringView().length() - Http::Utility::findQueryStringStart(path).length();
+      auto real_path = path.getStringView().substr(0, compare_length);
+      bool match = case_sensitive_ ? real_path == path_ : StringUtil::caseCompare(real_path, path_);
+      if (match) {
+        ENVOY_LOG(debug, "Path requirement '{}' matched.", path_);
+        return true;
+      }
+    }
+    return false;
+  }
+
+private:
+  // path string.
+  const std::string path_;
+};
+
+/**
+ * Perform a match against any path with a regex rule.
+ * TODO(mattklein123): This code needs dedup with RegexRouteEntryImpl.
+ */
+class RegexMatcherImpl : public BaseMatcherImpl {
+public:
+  RegexMatcherImpl(const ::envoy::api::v2::route::RouteMatch& match) : BaseMatcherImpl(match) {
+    if (match.path_specifier_case() == envoy::api::v2::route::RouteMatch::kRegex) {
+      regex_ = Regex::Utility::parseStdRegexAsCompiledMatcher(match.regex());
+      regex_str_ = match.regex();
+    } else {
+      ASSERT(match.path_specifier_case() == envoy::api::v2::route::RouteMatch::kSafeRegex);
+      regex_ = Regex::Utility::parseRegex(match.safe_regex());
+      regex_str_ = match.safe_regex().regex();
+    }
+  }
+
+  bool matches(const Http::HeaderMap& headers) const override {
+    if (BaseMatcherImpl::matchRoute(headers)) {
+      const Http::HeaderString& path = headers.Path()->value();
+      const absl::string_view query_string = Http::Utility::findQueryStringStart(path);
+      absl::string_view path_view = path.getStringView();
+      path_view.remove_suffix(query_string.length());
+      if (regex_->match(path_view)) {
+        ENVOY_LOG(debug, "Regex requirement '{}' matched.", regex_str_);
+        return true;
+      }
+    }
+    return false;
+  }
+
+private:
+  Regex::CompiledMatcherPtr regex_;
+  // raw regex string, for logging.
+  std::string regex_str_;
+};
+
+} // namespace
+
+MatcherConstPtr Matcher::create(const ::envoy::api::v2::route::RouteMatch& match) {
+  switch (match.path_specifier_case()) {
+  case RouteMatch::PathSpecifierCase::kPrefix:
+    return std::make_shared<PrefixMatcherImpl>(match);
+  case RouteMatch::PathSpecifierCase::kPath:
+    return std::make_shared<PathMatcherImpl>(match);
+  case RouteMatch::PathSpecifierCase::kRegex:
+  case RouteMatch::PathSpecifierCase::kSafeRegex:
+    return std::make_shared<RegexMatcherImpl>(match);
+  // path specifier is required.
+  case RouteMatch::PathSpecifierCase::PATH_SPECIFIER_NOT_SET:
+  default:
+    NOT_REACHED_GCOVR_EXCL_LINE;
+  }
+}
+
+} // namespace Matcher
+} // namespace Envoy

source/common/matcher/matcher.h

@@ -0,0 +1,39 @@
+#pragma once
+
+#include "envoy/api/v2/route/route.pb.h"
+#include "envoy/http/header_map.h"
+
+namespace Envoy {
+namespace Matcher {
+
+class Matcher;
+using MatcherConstPtr = std::shared_ptr<const Matcher>;
+
+/**
+ * Supports matching a HTTP requests with JWT requirements.
+ */
+class Matcher {
+public:
+  virtual ~Matcher() = default;
+
+  /**
+   * Returns if a HTTP request matches with the rules of the matcher.
+   *
+   * @param headers    the request headers used to match against. An empty map should be used if
+   *                   there are none headers available.
+   * @return  true if request is a match, false otherwise.
+   */
+  virtual bool matches(const Http::HeaderMap& headers) const PURE;
+
+  /**
+   * Factory method to create a shared instance of a matcher based on the rule defined.
+   *
+   * @param rule  the proto rule match message.
+   * @return the matcher instance.
+   */
+  static MatcherConstPtr
+  create(const ::envoy::api::v2::route::RouteMatch& match);
+};
+
+} // namespace Extensions
+} // namespace Envoy

source/extensions/filters/http/transformation/BUILD

@@ -98,10 +98,12 @@ envoy_cc_library(
     ],
     repository = "@envoy",
     deps = [
+        "//source/common/matcher:matchers_lib",
         "@envoy//include/envoy/buffer:buffer_interface",
         "@envoy//include/envoy/http:header_map_interface",
         "@envoy//include/envoy/http:filter_interface",
         "@envoy//include/envoy/router:router_interface",
+        "@envoy//source/common/http:header_utility_lib",
     ],
 )
 
@@ -118,3 +120,4 @@ envoy_cc_library(
         "@envoy//source/extensions/filters/http/common:factory_base_lib",
     ],
 )
+