ext_proc: send and receive dynamic metadata #30747
Conversation
jbohanon
requested review from
mattklein123,
htuch and
yanavlasov
as code owners
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
|
@markdroth you had previously approved the API changes on the now-closed PR (#29069) from which this work was extracted. What do you think about the API as-is and the comments above? I'm happy to change the API naming if it's deemed necessary, but as we have some internal references and some customers using this early-access provisional API, it'd be preferred to keep the naming if the benefit is marginal. |
I chatted w/ Mark and he clarified to me that "dynamic" in this case is redundant since the term metadata in xDS is used specifically for dynamic metadata, so please ignore those changes. But as a general rule, the API should be amenable to fixes and "getting it right" before being relied upon, and changes made up front are far less costly than mistakes down the road. But I understand you got approval from Mark before on this API change so your case is a bit different. Also, if you can please address the comments around adding a Happy to approve this PR after that's done, thanks for your effort on this! |
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
jbohanon
force-pushed
the
feature/ext_proc/dynamic-metadata
branch
from
ca0d0eb
to
cbfc6e7
Compare
|
Note: please avoid force pushing commits. According to the contributing guide: If you need to resolve merge conflicts: |
|
Adding @tyxia as a code owner |
| @@ -73,10 +73,19 @@ class ProcessorState : public Logger::Loggable<Logger::Id::ext_proc> { | |||
| }; | |||
|
|
|||
| explicit ProcessorState(Filter& filter, | |||
| envoy::config::core::v3::TrafficDirection traffic_direction) | |||
| envoy::config::core::v3::TrafficDirection traffic_direction, | |||
| std::vector<std::string> untyped_forwarding_namespaces, | |||
There was a problem hiding this comment.
We should avoid the copy here. Please pass argument by reference or use absl::Span (https://abseil.io/tips/93).
Please also fix other places in this PR
|
|
||
| // Describes which typed or untyped dynamic metadata namespaces to accept from | ||
| // the external processing server. Set to empty or leave unset to disallow writing | ||
| // any received dynamic metadata. Receiving of typed metadata is not supported. |
There was a problem hiding this comment.
Re: receiving of typed metadata is not supported: Looks like it is because that only google.protobuf.Struct is defined in ProcessingResponse? Actually I am not very sure why protobuf.Any is not defined. Though this could be out of scope of this PR.
cc @gbrail
| @@ -79,7 +79,7 @@ class ExtProcIntegrationTest : public HttpIntegrationTest, | |||
| scoped_runtime_.mergeValues( | |||
| {{"envoy.reloadable_features.send_header_raw_value", header_raw_value_}}); | |||
| scoped_runtime_.mergeValues( | |||
| {{"envoy_reloadable_features_immediate_response_use_filter_mutation_rule", | |||
| {{"envoy.reloadable_features.immediate_response_use_filter_mutation_rule", | |||
There was a problem hiding this comment.
Thanks for fixing this!
Could you please also add integration test cases for send/receive dynamic metadata that is introduced in this PR?
There was a problem hiding this comment.
@tyxia I have added integration testing for this feature.
|
@yanjunxiang-google can you PTAL? |
|
Waiting for comments to be addressed. /wait |
- pass vectors by reference instead of copying - cleaner check for receiving namespaces - logging when returned metadata doesn't match any configured namespaces - pass response by reference instead of smart pointer Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
|
/retest edit: attempted to rerun failed Azure Pipelines job. This did not have any effect. |
|
/retest edit: attempted to rerun failed GitHub Actions job. This did not have any effect. |
|
@yanavlasov this is ready now, PTAL, thanks @tyxia some changes were made since you reviewed, namely the responsibility for the merging of more-specific namespaces lists into less-specific namespaces lists has been offloaded to the control-plane. This simplified the API and merge logic. Notably, I was still getting junk memory values if I did not store the new merged vectors for namespaces, presumably due to copying into |
| untyped_forwarding_namespaces_(more_specific.untypedForwardingMetadataNamespaces()), | ||
| typed_forwarding_namespaces_(more_specific.typedForwardingMetadataNamespaces()), | ||
| untyped_receiving_namespaces_(more_specific.untypedReceivingMetadataNamespaces()) {} |
There was a problem hiding this comment.
@jbohanon I agree with getting rid of merge proto. That probably has unnecessary complexity that we don' need for now.
However, I am not sure that we should let control plane do the merge . At least it seems to be inconsistent with existing ext_proc behavior. e.g., mergeProcessingMode, grpc_service_ above. Can we just have similar simple logic : if most_specific has namespaces, use that; if most_specific doesn't , use less_specific.
This is probably not critical thing to this PR and I am ok with discussing it in a separate PR. Small PR which can help review and move things faster is preferred and appreciated .
There was a problem hiding this comment.
However, I am not sure that we should let control plane do the merge . At least it seems to be inconsistent with existing ext_proc behavior. e.g., mergeProcessingMode, grpc_service_ above. Can we just have similar simple logic : if most_specific has namespaces, use that; if most_specific doesn't , use less_specific.
I might have worded this poorly. This is currently the behavior. What was meant by letting the control plane handle the merge is that the if a control plane implementation has abstractions over Envoy APIs, then during the translation down to Envoy API, it is the responsibility of the control plane to ensure that the most specific config defined is the desired state of the metadata namespaces config/overrides
There was a problem hiding this comment.
After discussing with @tyxia I need to revisit the merge logic here to make sure nonexistent more-specific config doesn't blow out existing less-specific config
/wait
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
|
/retest |
Introduce the ability to send dynamic metadata in the External Processing Request. Also implements the API for returning dynamic metadata as part of the External Processing Response. --------- Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Introduce the ability to send dynamic metadata in the External Processing Request. Also implements the API for returning dynamic metadata as part of the External Processing Response. --------- Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
* ext_proc: send attributes (envoyproxy#31090) Introduce the ability to send attributes in the External Processing Request --------- Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io> * ext_proc: send and receive dynamic metadata (envoyproxy#30747) Introduce the ability to send dynamic metadata in the External Processing Request. Also implements the API for returning dynamic metadata as part of the External Processing Response. --------- Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io> * ext_proc: revise service api for attributes (envoyproxy#32176) --------- Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io> --------- Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
extract metadata changes from #29069
Commit Message:
Introduce the ability to send dynamic metadata in the External Processing Request. Also implements the API for returning dynamic metadata as part of the External Processing Response.
Additional Description:
Risk Level: Low
Testing:
Release Notes: N/A
Platform Specific Features: N/A
Fixes Dynamic Metadata for External Processing Filters Similar to Dynamic Metadata for External Authorization #19881