[ProtoApiScrubber] Add response scrubber to the filter. #42145
Conversation
Signed-off-by: Sumit Kumar <sumitkmr@google.com>
Signed-off-by: Sumit Kumar <sumitkmr@google.com>
Signed-off-by: Sumit Kumar <sumitkmr@google.com>
Signed-off-by: Sumit Kumar <sumitkmr@google.com>
| // vice-versa. | ||
| GrpcFieldExtraction::MessageConverterPtr request_msg_converter_{nullptr}; | ||
|
|
||
| // Response message converter which converts Envoy Buffer data to StreamMessage (for scrubbing) |
There was a problem hiding this comment.
High-level comment:
looking at the request vs response related fields, it seems that there are the same group of objects needed for each of these. Using a generic struct with the relevant fields that is initialized differently for each of them may reduce the copy-paste between the two.
(not AI for this PR, just high-level observation to take into account).
There was a problem hiding this comment.
Yeah, that makes sense. I'll add that in the backlog for now, will pick it up once the current lined-up items are complete for the filter.
| if (stream_message->message() == nullptr) { | ||
| // Expect end_stream=true when the MessageConverter signals an stream end. | ||
| ASSERT(end_stream); | ||
|
|
There was a problem hiding this comment.
style-nit: please remove empty lines that don't split logical code segments
|
|
||
| auto buf_convert_status = | ||
| response_msg_converter_->convertBackToBuffer(std::move(stream_message)); | ||
| RELEASE_ASSERT(buf_convert_status.ok(), "failed to convert message back to envoy buffer"); |
There was a problem hiding this comment.
I'm pretty sure I had reservations about this RELEASE_ASSERT in the request path.
I'm worried this will create an attack vector that may crash the proxy.
If this is needed, can you add a comment before these lines describing why the release-assert is necessary here (say compared to sending local reply)?
There was a problem hiding this comment.
Yeah, you are right. Although, the message converter is designed to be very robust, it is still possible that it can fail due to a bug introduced later. I've replaced release_assert() with rejectResponse which sends a local reply with appropriate error details. I'll make the change for request path in a separate PR.
|
|
||
| using ProtoApiScrubberResponsePassThroughTest = ProtoApiScrubberFilterTest; | ||
|
|
||
| TEST_F(ProtoApiScrubberResponsePassThroughTest, UnaryResponseSingleBuffer) { |
There was a problem hiding this comment.
Please add one-liner comments describing these tests.
Signed-off-by: Sumit Kumar <sumitkmr@google.com>
sumitkmr2
left a comment
sumitkmr2
left a comment
There was a problem hiding this comment.
Addressed comments, thanks!
| // vice-versa. | ||
| GrpcFieldExtraction::MessageConverterPtr request_msg_converter_{nullptr}; | ||
|
|
||
| // Response message converter which converts Envoy Buffer data to StreamMessage (for scrubbing) |
There was a problem hiding this comment.
Yeah, that makes sense. I'll add that in the backlog for now, will pick it up once the current lined-up items are complete for the filter.
| if (stream_message->message() == nullptr) { | ||
| // Expect end_stream=true when the MessageConverter signals an stream end. | ||
| ASSERT(end_stream); | ||
|
|
|
|
||
| using ProtoApiScrubberResponsePassThroughTest = ProtoApiScrubberFilterTest; | ||
|
|
||
| TEST_F(ProtoApiScrubberResponsePassThroughTest, UnaryResponseSingleBuffer) { |
|
|
||
| auto buf_convert_status = | ||
| response_msg_converter_->convertBackToBuffer(std::move(stream_message)); | ||
| RELEASE_ASSERT(buf_convert_status.ok(), "failed to convert message back to envoy buffer"); |
There was a problem hiding this comment.
Yeah, you are right. Although, the message converter is designed to be very robust, it is still possible that it can fail due to a bug introduced later. I've replaced release_assert() with rejectResponse which sends a local reply with appropriate error details. I'll make the change for request path in a separate PR.
2 participants
Commit Message: Add response scrubber to the filter.
Additional Description:
Risk Level: None.
Testing: UTs are added. Integration tests will be added in a separate PR once IT setup PR ([ProtoApiScrubber] Add Integration Tests #42121) gets submitted.
Docs Changes: None.
Release Notes: None.
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]