Introduce vh_rate_limits option and deprecate include_vh_rate_limits

Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>
clarakosi · Sep 3, 2020 · 6809828 · 6809828
1 parent 964b8ad
commit 6809828
Show file tree

Hide file tree

Showing 14 changed files with 549 additions and 38 deletions.
diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto
@@ -545,7 +545,7 @@ message CorsPolicy {
   core.v3.RuntimeFractionalPercent shadow_enabled = 10;
 }
 
-// [#next-free-field: 36]
+// [#next-free-field: 37]
 message RouteAction {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteAction";
 
@@ -566,6 +566,17 @@ message RouteAction {
     HANDLE_INTERNAL_REDIRECT = 1;
   }
 
+  enum VhRateLimitsOptions {
+    // Use the virtual host rate limits unless the route has a rate limit policy
+    OVERRIDE = 0;
+
+    // Use the virtual host rate limits even if the route has a rate limit policy
+    INCLUDE = 1;
+
+    // Ignores the virtual host rate limits even if the route does not have a rate limit policy
+    IGNORE = 2;
+  }
+
   // The router is capable of shadowing traffic from one cluster to another. The current
   // implementation is "fire and forget," meaning Envoy will not wait for the shadow cluster to
   // respond before returning the response from the primary cluster. All normal statistics are
@@ -964,11 +975,18 @@ message RouteAction {
   // route.
   repeated RateLimit rate_limits = 13;
 
-  // Specifies if the rate limit filter should include the virtual host rate
-  // limits. By default, if the route configured rate limits, the virtual host
-  // :ref:`rate_limits <envoy_api_field_config.route.v3.VirtualHost.rate_limits>` are not applied to the
-  // request.
-  google.protobuf.BoolValue include_vh_rate_limits = 14;
+  oneof vh_rate_limits_options {
+    // Specifies if the rate limit filter should include the virtual host rate
+    // limits. By default, if the route configured rate limits, the virtual host
+    // :ref:`rate_limits <envoy_api_field_config.route.v3.VirtualHost.rate_limits>` are not applied to the
+    // request.
+    //
+    // This field is deprecated. Please use :ref:`vh_rate_limits <envoy_v3_api_field_config.route.v3.RouteAction.vh_rate_limits>`
+    google.protobuf.BoolValue include_vh_rate_limits = 14 [deprecated = true];
+
+    // Specifies if the rate limit filter should include the virtual host rate limits.
+    VhRateLimitsOptions vh_rate_limits = 36 [(validate.rules).enum = {defined_only: true}];
+  }
 
   // Specifies a list of hash policies to use for ring hash load balancing. Each
   // hash policy is evaluated individually and the combined result is used to

diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto
diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst
@@ -87,6 +87,7 @@ New Features
   retry policy, which allows retrying envoy's own rate limited responses.
 * router: added new :ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>`
   option, which allows rewriting Host header based on path.
+* router: added new :ref:`vh_rate_limits <envoy_v3_api_field_config.route.v3.RouteAction.vh_rate_limits>` option to specify if the rate limit filter should include the virtual host rate limits.
 * router: added support for DYNAMIC_METADATA :ref:`header formatter <config_http_conn_man_headers_custom_request_headers>`.
 * signal: added support for calling fatal error handlers without envoy's signal handler, via FatalErrorHandler::callFatalErrorHandlers().
 * stats: added optional histograms to :ref:`cluster stats <config_cluster_manager_cluster_stats_request_response_sizes>`
@@ -111,6 +112,7 @@ Deprecated
 * hds: the :ref:`endpoints_health <envoy_v3_api_field_service.health.v3.EndpointHealthResponse.endpoints_health>`
   field has been deprecated in favor of :ref:`cluster_endpoints_health <envoy_v3_api_field_service.health.v3.EndpointHealthResponse.cluster_endpoints_health>` to maintain
   grouping by cluster and locality.
+* router: the :ref:`include_vh_rate_limits <envoy_v3_api_field_config.route.v3.RouteAction.include_vh_rate_limits>` has been deprecated in favor of :ref:`vh_rate_limits <envoy_v3_api_field_config.route.v3.RouteAction.vh_rate_limits>`.
 * tap: the :ref:`match_config <envoy_v3_api_field_config.tap.v3.TapConfig.match_config>` field has been deprecated in favor of
   :ref:`match <envoy_v3_api_field_config.tap.v3.TapConfig.match>` field.
 * ext_authz: the :ref:`dynamic metadata <envoy_v3_api_field_service.auth.v3.OkHttpResponse.dynamic_metadata>` field in :ref:`OkHttpResponse <envoy_v3_api_msg_service.auth.v3.OkHttpResponse>`

diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto
diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto
diff --git a/include/envoy/router/router.h b/include/envoy/router/router.h
@@ -700,6 +700,19 @@ class PathMatchCriterion {
  */
 class HttpRouteTypedMetadataFactory : public Envoy::Config::TypedMetadataFactory {};
 
+/**
+ * Options for setting the virtual host rate limits on the route.
+ */
+enum class VhRateLimitOptions { Override, Include, Ignore };
+
+/**
+ * Configuration options for setting the virtual host rate limit options.
+ *
+ * Deprecated and only added to support a breaking change when deprecating
+ * include_vh_rate_limits in favor of vh_rate_limits.
+ */
+enum class VhRateLimitOptionsCase { kVhRateLimits, kIncludeVhRateLimits };
+
 /**
  * An individual resolved route entry.
  */
@@ -843,6 +856,21 @@ class RouteEntry : public ResponseEntry {
    */
   virtual bool includeVirtualHostRateLimits() const PURE;
 
+  /**
+   *
+   * @return VhRateLimitOptions return the virtual rate limit option set for the route
+   */
+  virtual VhRateLimitOptions virtualHostRateLimitsOption() const PURE;
+
+  /**
+   *
+   * @return VhRateLimitOptionsCase return the type of virtual host rate limits option being used.
+   *
+   * Deprecated and only introduced to support breaking change when deprecating
+   * include_vh_rate_limits in favor of vh_rate_limits.
+   */
+  virtual VhRateLimitOptionsCase vhRateLimitsOptionsCase() const PURE;
+
   /**
    * @return const Envoy::Config::TypedMetadata& return the typed metadata provided in the config
    * for this route.

diff --git a/source/common/http/async_client_impl.h b/source/common/http/async_client_impl.h
@@ -274,6 +274,12 @@ class AsyncStreamImpl : public AsyncClient::Stream,
     const Router::VirtualHost& virtualHost() const override { return virtual_host_; }
     bool autoHostRewrite() const override { return false; }
     bool includeVirtualHostRateLimits() const override { return true; }
+    Router::VhRateLimitOptions virtualHostRateLimitsOption() const override {
+      return vh_rate_limits_;
+    }
+    Router::VhRateLimitOptionsCase vhRateLimitsOptionsCase() const override {
+      return vh_rate_limits_option_case_;
+    }
     const envoy::config::core::v3::Metadata& metadata() const override { return metadata_; }
     const Config::TypedMetadata& typedMetadata() const override { return typed_metadata_; }
     const Router::PathMatchCriterion& pathMatchCriterion() const override {
@@ -309,6 +315,8 @@ class AsyncStreamImpl : public AsyncClient::Stream,
     absl::optional<std::chrono::milliseconds> timeout_;
     static const absl::optional<ConnectConfig> connect_config_nullopt_;
     const std::string route_name_;
+    Router::VhRateLimitOptions vh_rate_limits_;
+    Router::VhRateLimitOptionsCase vh_rate_limits_option_case_;
   };
 
   struct RouteImpl : public Router::Route {

diff --git a/source/common/router/config_impl.cc b/source/common/router/config_impl.cc
@@ -420,11 +420,34 @@ RouteEntryImplBase::RouteEntryImplBase(const VirtualHostImpl& vhost,
         std::make_unique<TlsContextMatchCriteriaImpl>(route.match().tls_context());
   }
 
-  // Only set include_vh_rate_limits_ to true if the rate limit policy for the route is empty
-  // or the route set `include_vh_rate_limits` to true.
-  include_vh_rate_limits_ =
-      (rate_limit_policy_.empty() ||
-       PROTOBUF_GET_WRAPPED_OR_DEFAULT(route.route(), include_vh_rate_limits, false));
+  if (route.route().vh_rate_limits_options_case() ==
+      envoy::config::route::v3::RouteAction::VhRateLimitsOptionsCase::kVhRateLimits) {
+    vh_rate_limits_option_case_ = Router::VhRateLimitOptionsCase::kVhRateLimits;
+  } else {
+    vh_rate_limits_option_case_ = Router::VhRateLimitOptionsCase::kIncludeVhRateLimits;
+  }
+
+  if (vh_rate_limits_option_case_ == Router::VhRateLimitOptionsCase::kVhRateLimits) {
+    switch (route.route().vh_rate_limits()) {
+    case envoy::config::route::v3::RouteAction::OVERRIDE:
+      vh_rate_limits_ = Router::VhRateLimitOptions::Override;
+      break;
+    case envoy::config::route::v3::RouteAction::INCLUDE:
+      vh_rate_limits_ = Router::VhRateLimitOptions::Include;
+      break;
+    case envoy::config::route::v3::RouteAction::IGNORE:
+      vh_rate_limits_ = Router::VhRateLimitOptions::Ignore;
+      break;
+    default:
+      NOT_REACHED_GCOVR_EXCL_LINE;
+    }
+  } else {
+    // Only set include_vh_rate_limits_ to true if the rate limit policy for the route is empty
+    // or the route set `include_vh_rate_limits` to true.
+    include_vh_rate_limits_ =
+        (rate_limit_policy_.empty() ||
+         PROTOBUF_GET_WRAPPED_OR_DEFAULT(route.route(), include_vh_rate_limits, false));
+  }
 
   if (route.route().has_cors()) {
     cors_policy_ =

diff --git a/source/common/router/config_impl.h b/source/common/router/config_impl.h
@@ -510,6 +510,12 @@ class RouteEntryImplBase : public RouteEntry,
     return opaque_config_;
   }
   bool includeVirtualHostRateLimits() const override { return include_vh_rate_limits_; }
+  Router::VhRateLimitOptions virtualHostRateLimitsOption() const override {
+    return vh_rate_limits_;
+  }
+  Router::VhRateLimitOptionsCase vhRateLimitsOptionsCase() const override {
+    return vh_rate_limits_option_case_;
+  }
   const envoy::config::core::v3::Metadata& metadata() const override { return metadata_; }
   const Envoy::Config::TypedMetadata& typedMetadata() const override { return typed_metadata_; }
   const PathMatchCriterion& pathMatchCriterion() const override { return *this; }
@@ -546,6 +552,8 @@ class RouteEntryImplBase : public RouteEntry,
   const std::string host_rewrite_;
   bool include_vh_rate_limits_;
   absl::optional<ConnectConfig> connect_config_;
+  Router::VhRateLimitOptions vh_rate_limits_;
+  Router::VhRateLimitOptionsCase vh_rate_limits_option_case_;
 
   RouteConstSharedPtr clusterEntry(const Http::HeaderMap& headers, uint64_t random_value) const;
 
@@ -630,6 +638,12 @@ class RouteEntryImplBase : public RouteEntry,
     bool includeVirtualHostRateLimits() const override {
       return parent_->includeVirtualHostRateLimits();
     }
+    Router::VhRateLimitOptions virtualHostRateLimitsOption() const override {
+      return parent_->virtualHostRateLimitsOption();
+    }
+    Router::VhRateLimitOptionsCase vhRateLimitsOptionsCase() const override {
+      return parent_->vhRateLimitsOptionsCase();
+    }
     const envoy::config::core::v3::Metadata& metadata() const override {
       return parent_->metadata();
     }