xds: add http filters to FilterChain matching (#4595)

* Add HTTP Filters to FilterChain

Author: zasweq

xds/internal/server/listener_wrapper_test.go

@@ -30,6 +30,7 @@ import (
 
 	v3corepb "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	v3listenerpb "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
+	v3httppb "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
 	v3tlspb "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	wrapperspb "github.com/golang/protobuf/ptypes/wrappers"
 	"google.golang.org/grpc/internal/grpctest"
@@ -82,6 +83,14 @@ var listenerWithFilterChains = &v3listenerpb.Listener{
 					}),
 				},
 			},
+			Filters: []*v3listenerpb.Filter{
+				{
+					Name: "filter-1",
+					ConfigType: &v3listenerpb.Filter_TypedConfig{
+						TypedConfig: testutils.MarshalAny(&v3httppb.HttpConnectionManager{}),
+					},
+				},
+			},
 		},
 	},
 }

xds/internal/xdsclient/filter_chain.go

@@ -26,7 +26,6 @@ import (
 	v3listenerpb "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	v3tlspb "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	"github.com/golang/protobuf/proto"
-
 	"google.golang.org/grpc/xds/internal/version"
 )
 
@@ -50,14 +49,11 @@ const (
 
 // FilterChain captures information from within a FilterChain message in a
 // Listener resource.
-//
-// Currently, this simply contains the security configuration found in the
-// 'transport_socket' field of the filter chain. The actual set of filters
-// associated with this filter chain are not captured here, since we do not
-// support these filters on the server-side yet.
 type FilterChain struct {
 	// SecurityCfg contains transport socket security configuration.
 	SecurityCfg *SecurityConfig
+	// HTTPFilters represent the HTTP Filters that comprise this FilterChain.
+	HTTPFilters []HTTPFilter
 }
 
 // SourceType specifies the connection source IP match type.
@@ -395,16 +391,20 @@ func (fci *FilterChainManager) addFilterChainsForSourcePorts(srcEntry *sourcePre
 }
 
 // filterChainFromProto extracts the relevant information from the FilterChain
-// proto and stores it in our internal representation. Currently, we only
-// process the security configuration stored in the transport_socket field.
+// proto and stores it in our internal representation.
 func filterChainFromProto(fc *v3listenerpb.FilterChain) (*FilterChain, error) {
+	httpFilters, err := processNetworkFilters(fc.GetFilters())
+	if err != nil {
+		return nil, err
+	}
+	filterChain := &FilterChain{HTTPFilters: httpFilters}
 	// If the transport_socket field is not specified, it means that the control
 	// plane has not sent us any security config. This is fine and the server
 	// will use the fallback credentials configured as part of the
 	// xdsCredentials.
 	ts := fc.GetTransportSocket()
 	if ts == nil {
-		return &FilterChain{}, nil
+		return filterChain, nil
 	}
 	if name := ts.GetName(); name != transportSocketName {
 		return nil, fmt.Errorf("transport_socket field has unexpected name: %s", name)
@@ -431,7 +431,8 @@ func filterChainFromProto(fc *v3listenerpb.FilterChain) (*FilterChain, error) {
 	if sc.RequireClientCert && sc.RootInstanceName == "" {
 		return nil, errors.New("security configuration on the server-side does not contain root certificate provider instance name, but require_client_cert field is set")
 	}
-	return &FilterChain{SecurityCfg: sc}, nil
+	filterChain.SecurityCfg = sc
+	return filterChain, nil
 }
 
 // FilterChainLookupParams wraps parameters to be passed to Lookup.