feat: adding custom-http-filter flag. supporting buffer and wasm filter for the moment

Author: Nicopfy

cmd/root.go

@@ -113,6 +113,7 @@ func init() {
 	rootCmd.PersistentFlags().Bool("http-ext-authz-allow-partial-message", true, "When this field is true, Envoy will buffer the message until max_request_bytes is reached")
 	rootCmd.PersistentFlags().Bool("http-ext-authz-pack-as-bytes", false, "When this field is true, Envoy will send the body as raw bytes.")
 	rootCmd.PersistentFlags().Bool("http-ext-authz-failure-mode-allow", true, "Changes filters behaviour on errors")
+	rootCmd.PersistentFlags().String("custom-http-filter-file", "", "Path to a custom HTTP filter file to load. The file should contain a valid Envoy HTTP filters list in JSON protobuff.")
 
 	rootCmd.PersistentFlags().Duration("default-route-timeout", 15*time.Second, "Default timeout of the routes")
 	rootCmd.PersistentFlags().Duration("default-cluster-timeout", 30*time.Second, "Default timeout of the cluster")
@@ -155,6 +156,7 @@ func init() {
 	viper.BindPFlag("defaultTimeouts.Cluster", rootCmd.PersistentFlags().Lookup("default-cluster-timeout"))
 	viper.BindPFlag("defaultTimeouts.PerTry", rootCmd.PersistentFlags().Lookup("default-per-try-timeout"))
 	viper.BindPFlag("alpnProtocols", rootCmd.PersistentFlags().Lookup("alpn-protocols"))
+	viper.BindPFlag("customHttpFilterFile", rootCmd.PersistentFlags().Lookup("custom-http-filter-file"))
 }
 
 func initConfig() {
@@ -261,6 +263,7 @@ func main(*cobra.Command, []string) error {
 		envoy.WithAccessLog(c.AccessLogger),
 		envoy.WithTracingProvider(viper.GetString("tracingProvider")),
 		envoy.WithAlpnProtocols(viper.GetStringSlice("alpnProtocols")),
+		envoy.WithCustomHttpFilterFile(viper.GetString("customHttpFilterFile")),
 	)
 	configurator.ValidateAndFormatPath()
 	snapshotter := envoy.NewSnapshotter(envoyCache, configurator, aggregator)

pkg/envoy/boilerplate.go

@@ -1,8 +1,10 @@
 package envoy
 
 import (
+	"encoding/json"
 	"fmt"
 	"log"
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -15,13 +17,16 @@ import (
 	tracing "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3"
 	eal "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3"
 	gal "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3"
+	buffer "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/buffer/v3"
 	eauthz "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3"
 	hcfg "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v3"
+	wasm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3"
 	tls_inspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3"
 	hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
 	previousHosts "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3"
 	auth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	envoy_extension_http "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
+	wasmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3"
 	matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
 	any "github.com/golang/protobuf/ptypes/any"
 	"github.com/golang/protobuf/ptypes/duration"
@@ -125,6 +130,124 @@ func makeVirtualHost(vhost *virtualHost, reselectionAttempts int64, defaultRetry
 	return &virtualHost, nil
 }
 
+func loadCustomHttpFilters(filePath string) ([]*hcm.HttpFilter, error) {
+	data, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read custom HTTP filter file `%s`: %w", filePath, err)
+	}
+	var config CustomHttpFiltersConfig
+	if err := json.Unmarshal(data, &config); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal custom HTTP filter file `%s`: %w", filePath, err)
+	}
+	var filters []*hcm.HttpFilter
+	for _, filter := range config {
+		var anyConfig *anypb.Any
+		switch filter.Name {
+		case "envoy.filters.http.wasm":
+			wasmConfig, err := makeWasmConfig(filter.TypedConfig)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create wasm config: %w", err)
+			}
+			anyConfig, err = anypb.New(wasmConfig)
+			if err != nil {
+				return nil, fmt.Errorf("failed to convert wasm config to Any: %w", err)
+			}
+		case "envoy.filters.http.buffer":
+			bufferConfig, err := makeBufferConfig(filter.TypedConfig)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create buffer config: %w", err)
+			}
+			anyConfig, err = anypb.New(bufferConfig)
+			if err != nil {
+				return nil, fmt.Errorf("failed to convert buffer config to Any: %w", err)
+			}
+		default:
+			return nil, fmt.Errorf("unsupported filter type: %s", filter.Name)
+		}
+		filters = append(filters, &hcm.HttpFilter{
+			Name: filter.Name,
+			ConfigType: &hcm.HttpFilter_TypedConfig{
+				TypedConfig: anyConfig,
+			},
+		})
+	}
+	return filters, nil
+}
+
+func makeBufferConfig(typedConfig map[string]interface{}) (*buffer.Buffer, error) {
+	maxRequestBytes, ok := typedConfig["maxRequestBytes"].(float64)
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `maxRequestBytes` field in buffer typedConfig")
+	}
+
+	return &buffer.Buffer{
+		MaxRequestBytes: wrapperspb.UInt32(uint32(maxRequestBytes)),
+	}, nil
+}
+
+func makeWasmConfig(typedConfig map[string]interface{}) (*wasm.Wasm, error) {
+	value, ok := typedConfig["value"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `value` field in wasm typedConfig")
+	}
+	config, ok := value["config"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `config` field in wasm typedConfig")
+	}
+	vmConfig, ok := config["vm_config"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `vm_config` field in wasm config")
+	}
+	runtime, ok := vmConfig["runtime"].(string)
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `runtime` field in wasm vm_config")
+	}
+	vmID, ok := vmConfig["vm_id"].(string)
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `vm_id` field in wasm vm_config")
+	}
+	code, ok := vmConfig["code"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `code` field in wasm vm_config")
+	}
+	local, ok := code["local"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `local` field in wasm code")
+	}
+	filename, ok := local["filename"].(string)
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `filename` field in wasm local code")
+	}
+	configuration, ok := config["configuration"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid `configuration` field in wasm config")
+	}
+	return &wasm.Wasm{
+		Config: &wasmv3.PluginConfig{
+			Name:   config["name"].(string),
+			RootId: config["root_id"].(string),
+			Configuration: &anypb.Any{
+				Value: []byte(configuration["value"].(string)),
+			},
+			Vm: &wasmv3.PluginConfig_VmConfig{
+				VmConfig: &wasmv3.VmConfig{
+					Runtime: runtime,
+					VmId:    vmID,
+					Code: &core.AsyncDataSource{
+						Specifier: &core.AsyncDataSource_Local{
+							Local: &core.DataSource{
+								Specifier: &core.DataSource_Filename{
+									Filename: filename,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}, nil
+}
+
 func makeHealthConfig() *hcfg.HealthCheck {
 	return &hcfg.HealthCheck{
 		PassThroughMode: &wrappers.BoolValue{Value: false},
@@ -247,11 +370,21 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir
 	// HTTP Filters
 	filterBuilder := &httpFilterBuilder{}
 
+	// custom HTTP filters
+	if c.customHttpFilterFile != "" {
+		customFilters, err := loadCustomHttpFilters(c.customHttpFilterFile)
+		if err != nil {
+			log.Fatalf("failed to load custom HTTP filters: %s", err)
+		}
+		for _, filter := range customFilters {
+			filterBuilder.Add(filter)
+		}
+	}
+
 	anyHealthConfig, err := anypb.New(makeHealthConfig())
 	if err != nil {
 		log.Fatalf("failed to marshal healthcheck config struct to typed struct: %s", err)
 	}
-
 	filterBuilder.Add(&hcm.HttpFilter{
 		Name:       "envoy.filters.http.health_check",
 		ConfigType: &hcm.HttpFilter_TypedConfig{TypedConfig: anyHealthConfig},
@@ -268,7 +401,6 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir
 			ConfigType: &hcm.HttpFilter_TypedConfig{TypedConfig: anyExtAuthzConfig},
 		})
 	}
-
 	filter, err := filterBuilder.Filters()
 	if err != nil {
 		return &hcm.HttpConnectionManager{}, err

pkg/envoy/configurator.go

@@ -80,6 +80,7 @@ type KubernetesConfigurator struct {
 	defaultRetryOn             string
 	tracingProvider            string
 	alpnProtocols              []string
+	customHttpFilterFile       string
 
 	previousConfig  *envoyConfiguration
 	listenerVersion string

pkg/envoy/http_filters.go

@@ -12,6 +12,13 @@ type httpFilterBuilder struct {
 	filters []*hcm.HttpFilter
 }
 
+type CustomHttpFilter struct {
+	Name        string                 `json:"name"`
+	TypedConfig map[string]interface{} `json:"typed_config"`
+}
+
+type CustomHttpFiltersConfig []CustomHttpFilter
+
 func (b *httpFilterBuilder) Add(filter *hcm.HttpFilter) *httpFilterBuilder {
 	b.filters = append(b.filters, filter)
 	return b

pkg/envoy/options.go

@@ -106,3 +106,10 @@ func WithAlpnProtocols(alpnProtocols []string) option {
 		c.alpnProtocols = alpnProtocols
 	}
 }
+
+// WithCustomHttpFilterFile configures the custom HTTP filter file path
+func WithCustomHttpFilterFile(customHttpFilterFile string) option {
+	return func(c *KubernetesConfigurator) {
+		c.customHttpFilterFile = customHttpFilterFile
+	}
+}