-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http: add Kill Request HTTP filter (#14170)
Add a KillRequest HTTP filter which can crash Envoy when receiving a Kill request. It will be used to fault inject kill request to Envoy and measure the blast radius. Risk Level: Low, new feature. Testing: Unit/integration tests. Docs Changes: Added Release Notes: Added Issue: #13978 Signed-off-by: Qin Qin <qqin@google.com>
- Loading branch information
Showing
31 changed files
with
765 additions
and
15 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. | ||
|
||
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") | ||
|
||
licenses(["notice"]) # Apache 2 | ||
|
||
api_proto_package( | ||
deps = [ | ||
"//envoy/type/v3:pkg", | ||
"@com_github_cncf_udpa//udpa/annotations:pkg", | ||
], | ||
) |
23 changes: 23 additions & 0 deletions
23
api/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
syntax = "proto3"; | ||
|
||
package envoy.extensions.filters.http.kill_request.v3; | ||
|
||
import "envoy/type/v3/percent.proto"; | ||
|
||
import "udpa/annotations/status.proto"; | ||
import "udpa/annotations/versioning.proto"; | ||
|
||
option java_package = "io.envoyproxy.envoy.extensions.filters.http.kill_request.v3"; | ||
option java_outer_classname = "KillRequestProto"; | ||
option java_multiple_files = true; | ||
option (udpa.annotations.file_status).package_version_status = ACTIVE; | ||
|
||
// [#protodoc-title: Kill Request] | ||
// Kill Request :ref:`configuration overview <config_http_filters_kill_request>`. | ||
// [#extension: envoy.filters.http.kill_request] | ||
|
||
// Configuration for KillRequest filter. | ||
message KillRequest { | ||
// The probability that a Kill request will be triggered. | ||
type.v3.FractionalPercent probability = 1; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
docs/root/configuration/http/http_filters/kill_request_filter.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
.. _config_http_filters_kill_request: | ||
|
||
Kill Request | ||
=============== | ||
|
||
The KillRequest filter can be used to crash Envoy when receiving a Kill request. | ||
By default, KillRequest filter is not built into Envoy binary since it is included in *DISABLED_BY_DEFAULT_EXTENSIONS* in *extensions_build_config.bzl*. If you want to use this extension, please move it from *DISABLED_BY_DEFAULT_EXTENSIONS* to *EXTENSIONS*. | ||
|
||
Configuration | ||
------------- | ||
|
||
* This filter should be configured with the name *envoy.filters.http.kill_request*. | ||
|
||
.. _config_http_filters_kill_request_http_header: | ||
|
||
Enable Kill Request via HTTP header | ||
-------------------------------------------- | ||
|
||
The KillRequest filter requires the following header in the request: | ||
|
||
x-envoy-kill-request | ||
whether the request is a Kill request. | ||
The header value must be one of (case-insensitive) ["true", "t", "yes", "y", "1"] | ||
in order for the request to be a Kill request. | ||
|
||
.. note:: | ||
|
||
If the headers appear multiple times only the first value is used. | ||
|
||
The following is an example configuration: | ||
|
||
.. code-block:: yaml | ||
name: envoy.filters.http.kill_request | ||
typed_config: | ||
"@type": type.googleapis.com/envoy.extensions.filters.http.kill_request.v3.KillRequest | ||
probability: | ||
numerator: 100 | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
generated_api_shadow/envoy/extensions/filters/http/kill_request/v3/BUILD
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
23 changes: 23 additions & 0 deletions
23
generated_api_shadow/envoy/extensions/filters/http/kill_request/v3/kill_request.proto
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
load( | ||
"//bazel:envoy_build_system.bzl", | ||
"envoy_cc_extension", | ||
"envoy_cc_library", | ||
"envoy_extension_package", | ||
) | ||
|
||
licenses(["notice"]) # Apache 2 | ||
|
||
envoy_extension_package() | ||
|
||
envoy_cc_library( | ||
name = "kill_request_filter_lib", | ||
srcs = ["kill_request_filter.cc"], | ||
hdrs = ["kill_request_filter.h"], | ||
deps = [ | ||
"//include/envoy/common:random_generator_interface", | ||
"//include/envoy/http:filter_interface", | ||
"//include/envoy/http:header_map_interface", | ||
"//source/common/http:header_map_lib", | ||
"//source/common/http:header_utility_lib", | ||
"//source/common/http:headers_lib", | ||
"//source/common/protobuf:utility_lib", | ||
"@envoy_api//envoy/extensions/filters/http/kill_request/v3:pkg_cc_proto", | ||
], | ||
) | ||
|
||
envoy_cc_extension( | ||
name = "kill_request_config", | ||
srcs = ["kill_request_config.cc"], | ||
hdrs = ["kill_request_config.h"], | ||
security_posture = "robust_to_untrusted_downstream", | ||
deps = [ | ||
"//include/envoy/registry", | ||
"//source/extensions/filters/http:well_known_names", | ||
"//source/extensions/filters/http/common:factory_base_lib", | ||
"//source/extensions/filters/http/kill_request:kill_request_filter_lib", | ||
"@envoy_api//envoy/extensions/filters/http/kill_request/v3:pkg_cc_proto", | ||
], | ||
) |
31 changes: 31 additions & 0 deletions
31
source/extensions/filters/http/kill_request/kill_request_config.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#include "extensions/filters/http/kill_request/kill_request_config.h" | ||
|
||
#include "envoy/extensions/filters/http/kill_request/v3/kill_request.pb.h" | ||
#include "envoy/extensions/filters/http/kill_request/v3/kill_request.pb.validate.h" | ||
#include "envoy/registry/registry.h" | ||
|
||
#include "extensions/filters/http/kill_request/kill_request_filter.h" | ||
|
||
namespace Envoy { | ||
namespace Extensions { | ||
namespace HttpFilters { | ||
namespace KillRequest { | ||
|
||
Http::FilterFactoryCb KillRequestFilterFactory::createFilterFactoryFromProtoTyped( | ||
const envoy::extensions::filters::http::kill_request::v3::KillRequest& proto_config, | ||
const std::string&, Server::Configuration::FactoryContext& context) { | ||
return [proto_config, &context](Http::FilterChainFactoryCallbacks& callbacks) -> void { | ||
callbacks.addStreamFilter( | ||
std::make_shared<KillRequestFilter>(proto_config, context.api().randomGenerator())); | ||
}; | ||
} | ||
|
||
/** | ||
* Static registration for the KillRequest filter. @see RegisterFactory. | ||
*/ | ||
REGISTER_FACTORY(KillRequestFilterFactory, Server::Configuration::NamedHttpFilterConfigFactory); | ||
|
||
} // namespace KillRequest | ||
} // namespace HttpFilters | ||
} // namespace Extensions | ||
} // namespace Envoy |
31 changes: 31 additions & 0 deletions
31
source/extensions/filters/http/kill_request/kill_request_config.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#pragma once | ||
|
||
#include "envoy/extensions/filters/http/kill_request/v3/kill_request.pb.h" | ||
#include "envoy/extensions/filters/http/kill_request/v3/kill_request.pb.validate.h" | ||
|
||
#include "extensions/filters/http/common/factory_base.h" | ||
#include "extensions/filters/http/well_known_names.h" | ||
|
||
namespace Envoy { | ||
namespace Extensions { | ||
namespace HttpFilters { | ||
namespace KillRequest { | ||
|
||
/** | ||
* Config registration for KillRequestFilter. @see NamedHttpFilterConfigFactory. | ||
*/ | ||
class KillRequestFilterFactory | ||
: public Common::FactoryBase<envoy::extensions::filters::http::kill_request::v3::KillRequest> { | ||
public: | ||
KillRequestFilterFactory() : FactoryBase(HttpFilterNames::get().KillRequest) {} | ||
|
||
private: | ||
Http::FilterFactoryCb createFilterFactoryFromProtoTyped( | ||
const envoy::extensions::filters::http::kill_request::v3::KillRequest& proto_config, | ||
const std::string& stats_prefix, Server::Configuration::FactoryContext& context) override; | ||
}; | ||
|
||
} // namespace KillRequest | ||
} // namespace HttpFilters | ||
} // namespace Extensions | ||
} // namespace Envoy |
38 changes: 38 additions & 0 deletions
38
source/extensions/filters/http/kill_request/kill_request_filter.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
#include "extensions/filters/http/kill_request/kill_request_filter.h" | ||
|
||
#include <csignal> | ||
|
||
#include "common/protobuf/utility.h" | ||
|
||
namespace Envoy { | ||
namespace Extensions { | ||
namespace HttpFilters { | ||
namespace KillRequest { | ||
|
||
bool KillRequestFilter::isKillRequestEnabled() { | ||
return ProtobufPercentHelper::evaluateFractionalPercent(kill_request_.probability(), | ||
random_generator_.random()); | ||
} | ||
|
||
Http::FilterHeadersStatus KillRequestFilter::decodeHeaders(Http::RequestHeaderMap& headers, bool) { | ||
const auto kill_request_header = headers.get(KillRequestHeaders::get().KillRequest); | ||
bool is_kill_request = false; | ||
// This is an implicitly untrusted header, so per the API documentation only | ||
// the first value is used. | ||
if (kill_request_header.empty() || | ||
!absl::SimpleAtob(kill_request_header[0]->value().getStringView(), &is_kill_request)) { | ||
return Http::FilterHeadersStatus::Continue; | ||
} | ||
|
||
if (is_kill_request && isKillRequestEnabled()) { | ||
// Crash Envoy. | ||
raise(SIGABRT); | ||
} | ||
|
||
return Http::FilterHeadersStatus::Continue; | ||
} | ||
|
||
} // namespace KillRequest | ||
} // namespace HttpFilters | ||
} // namespace Extensions | ||
} // namespace Envoy |
Oops, something went wrong.