Release/v1.24 - backport of envoyproxy/envoy#24302 (#24851)

* attributes: implement xds info (#24302)

Signed-off-by: Kuat Yessenov [email protected]

Commit Message: Support look up of xDS info from expressions.
Additional Description: Promotes Wasm-specific attributes to first-class (usable in access log, for example), and reduces some code duplication.
Risk Level: low (new attributes)
Testing: unit
Docs Changes: yes
Release Notes: yes
Related: #24023

Signed-off-by: Carl Eastman <[email protected]>

Author: ceastman-r7

changelogs/current.yaml

@@ -34,5 +34,8 @@ removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 
 new_features:
+- area: attributes
+  change: |
+    added :ref:`attributes <arch_overview_attributes>` for looking up xDS configuration information.
 
 deprecated:

docs/root/intro/arch_overview/advanced/attributes.rst

@@ -166,6 +166,24 @@ Data exchanged between filters is available as the following attributes:
 Note that these attributes may change during the life of a request as the data can be
 updated by filters at any point.
 
+Configuration attributes
+----------------------------
+
+Configuration identifiers and metadata related to the handling of the request or the connection is available as the
+following attributes:
+
+.. csv-table::
+   :header: Attribute, Type, Description
+   :widths: 1, 1, 4
+
+   xds.cluster_name, string, Upstream cluster name
+   xds.cluster_metadata, :ref:`Metadata<envoy_v3_api_msg_config.core.v3.metadata>`, Upstream cluster metadata
+   xds.route_name, string, Route name
+   xds.route_metadata, :ref:`Metadata<envoy_v3_api_msg_config.core.v3.metadata>`, Route metadata
+   xds.upstream_host_metadata, :ref:`Metadata<envoy_v3_api_msg_config.core.v3.metadata>`, Upstream host metadata
+   xds.filter_chain_name, string, Listener filter chain name
+
+
 Wasm attributes
 ---------------
 

source/extensions/common/wasm/context.cc

@@ -425,11 +425,9 @@ WasmResult serializeValue(Filters::Common::Expr::CelValue value, std::string* re
 }
 
 #define PROPERTY_TOKENS(_f)                                                                        \
-  _f(METADATA) _f(REQUEST) _f(RESPONSE) _f(CONNECTION) _f(UPSTREAM) _f(NODE) _f(SOURCE)            \
-      _f(DESTINATION) _f(LISTENER_DIRECTION) _f(LISTENER_METADATA) _f(CLUSTER_NAME)                \
-          _f(CLUSTER_METADATA) _f(ROUTE_NAME) _f(ROUTE_METADATA) _f(PLUGIN_NAME)                   \
-              _f(UPSTREAM_HOST_METADATA) _f(PLUGIN_ROOT_ID) _f(PLUGIN_VM_ID) _f(CONNECTION_ID)     \
-                  _f(FILTER_STATE)
+  _f(NODE) _f(LISTENER_DIRECTION) _f(LISTENER_METADATA) _f(CLUSTER_NAME) _f(CLUSTER_METADATA)      \
+      _f(ROUTE_NAME) _f(ROUTE_METADATA) _f(PLUGIN_NAME) _f(UPSTREAM_HOST_METADATA)                 \
+          _f(PLUGIN_ROOT_ID) _f(PLUGIN_VM_ID) _f(CONNECTION_ID)
 
 static inline std::string downCase(std::string s) {
   std::transform(s.begin(), s.end(), s.begin(), [](unsigned char c) { return std::tolower(c); });
@@ -444,12 +442,31 @@ enum class PropertyToken { PROPERTY_TOKENS(_DECLARE) };
 static absl::flat_hash_map<std::string, PropertyToken> property_tokens = {PROPERTY_TOKENS(_PAIR)};
 #undef _PAIR
 
+absl::optional<google::api::expr::runtime::CelValue>
+Context::FindValue(absl::string_view name, Protobuf::Arena* arena) const {
+  return findValue(name, arena, false);
+}
+
 absl::optional<google::api::expr::runtime::CelValue>
 Context::findValue(absl::string_view name, Protobuf::Arena* arena, bool last) const {
   using google::api::expr::runtime::CelProtoWrapper;
   using google::api::expr::runtime::CelValue;
 
   const StreamInfo::StreamInfo* info = getConstRequestStreamInfo();
+  // In order to delegate to the StreamActivation method, we have to set the
+  // context properties to match the Wasm context properties in all callbacks
+  // (e.g. onLog or onEncodeHeaders) for the duration of the call.
+  activation_info_ = info;
+  activation_request_headers_ = request_headers_ ? request_headers_ : access_log_request_headers_;
+  activation_response_headers_ =
+      response_headers_ ? response_headers_ : access_log_response_headers_;
+  activation_response_trailers_ =
+      response_trailers_ ? response_trailers_ : access_log_response_trailers_;
+  auto value = StreamActivation::FindValue(name, arena);
+  resetActivation();
+  if (value) {
+    return value;
+  }
 
   // Convert into a dense token to enable a jump table implementation.
   auto part_token = property_tokens.find(name);
@@ -473,62 +490,20 @@ Context::findValue(absl::string_view name, Protobuf::Arena* arena, bool last) co
   }
 
   switch (part_token->second) {
-  case PropertyToken::METADATA:
-    if (info) {
-      return CelProtoWrapper::CreateMessage(&info->dynamicMetadata(), arena);
-    }
-    break;
-  case PropertyToken::REQUEST:
-    if (info) {
-      return CelValue::CreateMap(Protobuf::Arena::Create<Filters::Common::Expr::RequestWrapper>(
-          arena, *arena, request_headers_ ? request_headers_ : access_log_request_headers_, *info));
-    }
-    break;
-  case PropertyToken::RESPONSE:
-    if (info) {
-      return CelValue::CreateMap(Protobuf::Arena::Create<Filters::Common::Expr::ResponseWrapper>(
-          arena, *arena, response_headers_ ? response_headers_ : access_log_response_headers_,
-          response_trailers_ ? response_trailers_ : access_log_response_trailers_, *info));
-    }
-    break;
-  case PropertyToken::CONNECTION:
-    if (info) {
-      return CelValue::CreateMap(
-          Protobuf::Arena::Create<Filters::Common::Expr::ConnectionWrapper>(arena, *info));
-    }
-    break;
   case PropertyToken::CONNECTION_ID: {
     auto conn = getConnection();
     if (conn) {
       return CelValue::CreateUint64(conn->id());
     }
     break;
   }
-  case PropertyToken::UPSTREAM:
-    if (info) {
-      return CelValue::CreateMap(
-          Protobuf::Arena::Create<Filters::Common::Expr::UpstreamWrapper>(arena, *info));
-    }
-    break;
   case PropertyToken::NODE:
     if (root_local_info_) {
       return CelProtoWrapper::CreateMessage(&root_local_info_->node(), arena);
     } else if (plugin_) {
       return CelProtoWrapper::CreateMessage(&plugin()->localInfo().node(), arena);
     }
     break;
-  case PropertyToken::SOURCE:
-    if (info) {
-      return CelValue::CreateMap(
-          Protobuf::Arena::Create<Filters::Common::Expr::PeerWrapper>(arena, *info, false));
-    }
-    break;
-  case PropertyToken::DESTINATION:
-    if (info) {
-      return CelValue::CreateMap(
-          Protobuf::Arena::Create<Filters::Common::Expr::PeerWrapper>(arena, *info, true));
-    }
-    break;
   case PropertyToken::LISTENER_DIRECTION:
     if (plugin_) {
       return CelValue::CreateInt64(plugin()->direction());
@@ -582,13 +557,6 @@ Context::findValue(absl::string_view name, Protobuf::Arena* arena, bool last) co
     return CelValue::CreateStringView(toAbslStringView(root_id()));
   case PropertyToken::PLUGIN_VM_ID:
     return CelValue::CreateStringView(toAbslStringView(wasm()->vm_id()));
-  case PropertyToken::FILTER_STATE:
-    if (info) {
-      return Protobuf::Arena::Create<Filters::Common::Expr::FilterStateWrapper>(arena,
-                                                                                info->filterState())
-          ->Produce(arena);
-    }
-    break;
   }
   return {};
 }

source/extensions/common/wasm/context.h

@@ -109,7 +109,7 @@ class Context : public proxy_wasm::ContextBase,
                 public Http::StreamFilter,
                 public Network::ConnectionCallbacks,
                 public Network::Filter,
-                public google::api::expr::runtime::BaseActivation,
+                public Filters::Common::Expr::StreamActivation,
                 public std::enable_shared_from_this<Context> {
 public:
   Context();                                          // Testing.
@@ -272,16 +272,10 @@ class Context : public proxy_wasm::ContextBase,
   void onStatsUpdate(Envoy::Stats::MetricSnapshot& snapshot);
 
   // CEL evaluation
-  std::vector<const google::api::expr::runtime::CelFunction*>
-  FindFunctionOverloads(absl::string_view) const override {
-    return {};
-  }
   absl::optional<google::api::expr::runtime::CelValue>
   findValue(absl::string_view name, Protobuf::Arena* arena, bool last) const;
   absl::optional<google::api::expr::runtime::CelValue>
-  FindValue(absl::string_view name, Protobuf::Arena* arena) const override {
-    return findValue(name, arena, false);
-  }
+  FindValue(absl::string_view name, Protobuf::Arena* arena) const override;
 
   // Foreign function state
   virtual void setForeignData(absl::string_view data_name, std::unique_ptr<StorageObject> data) {

source/extensions/filters/common/expr/context.cc

@@ -293,18 +293,53 @@ absl::optional<CelValue> FilterStateWrapper::operator[](CelValue key) const {
       object != nullptr) {
     const CelState* cel_state = dynamic_cast<const CelState*>(object);
     if (cel_state) {
-      return cel_state->exprValue(arena_, false);
+      return cel_state->exprValue(&arena_, false);
     } else if (object != nullptr) {
       absl::optional<std::string> serialized = object->serializeAsString();
       if (serialized.has_value()) {
-        std::string* out = ProtobufWkt::Arena::Create<std::string>(arena_, serialized.value());
+        std::string* out = ProtobufWkt::Arena::Create<std::string>(&arena_, serialized.value());
         return CelValue::CreateBytes(out);
       }
     }
   }
   return {};
 }
 
+absl::optional<CelValue> XDSWrapper::operator[](CelValue key) const {
+  if (!key.IsString()) {
+    return {};
+  }
+  auto value = key.StringOrDie().value();
+  if (value == ClusterName) {
+    const auto cluster_info = info_.upstreamClusterInfo();
+    if (cluster_info && cluster_info.value()) {
+      return CelValue::CreateString(&cluster_info.value()->name());
+    }
+  } else if (value == ClusterMetadata) {
+    const auto cluster_info = info_.upstreamClusterInfo();
+    if (cluster_info && cluster_info.value()) {
+      return CelProtoWrapper::CreateMessage(&cluster_info.value()->metadata(), &arena_);
+    }
+  } else if (value == RouteName) {
+    if (info_.route() && info_.route()->routeEntry()) {
+      return CelValue::CreateString(&info_.route()->routeEntry()->routeName());
+    }
+  } else if (value == RouteMetadata) {
+    if (info_.route()) {
+      return CelProtoWrapper::CreateMessage(&info_.route()->metadata(), &arena_);
+    }
+  } else if (value == UpstreamHostMetadata) {
+    const auto upstream_info = info_.upstreamInfo();
+    if (upstream_info && upstream_info->upstreamHost()) {
+      return CelProtoWrapper::CreateMessage(upstream_info->upstreamHost()->metadata().get(),
+                                            &arena_);
+    }
+  } else if (value == FilterChainName) {
+    return CelValue::CreateString(&info_.filterChainName());
+  }
+  return {};
+}
+
 } // namespace Expr
 } // namespace Common
 } // namespace Filters

source/extensions/filters/common/expr/context.h

@@ -9,7 +9,6 @@
 #include "source/common/singleton/const_singleton.h"
 
 #include "eval/public/cel_value.h"
-#include "eval/public/cel_value_producer.h"
 #include "eval/public/containers/container_backed_list_impl.h"
 #include "eval/public/structs/cel_proto_wrapper.h"
 
@@ -81,6 +80,15 @@ constexpr absl::string_view Upstream = "upstream";
 constexpr absl::string_view UpstreamLocalAddress = "local_address";
 constexpr absl::string_view UpstreamTransportFailureReason = "transport_failure_reason";
 
+// xDS configuration context properties
+constexpr absl::string_view XDS = "xds";
+constexpr absl::string_view ClusterName = "cluster_name";
+constexpr absl::string_view ClusterMetadata = "cluster_metadata";
+constexpr absl::string_view RouteName = "route_name";
+constexpr absl::string_view RouteMetadata = "route_metadata";
+constexpr absl::string_view UpstreamHostMetadata = "upstream_host_metadata";
+constexpr absl::string_view FilterChainName = "filter_chain_name";
+
 class WrapperFieldValues {
 public:
   using ContainerBackedListImpl = google::api::expr::runtime::ContainerBackedListImpl;
@@ -141,28 +149,23 @@ template <class T> class HeadersWrapper : public google::api::expr::runtime::Cel
 // Wrapper for accessing properties from internal data structures.
 // Note that CEL assumes no ownership of the underlying data, so temporary
 // data must be arena-allocated.
-class BaseWrapper : public google::api::expr::runtime::CelMap,
-                    public google::api::expr::runtime::CelValueProducer {
+class BaseWrapper : public google::api::expr::runtime::CelMap {
 public:
+  BaseWrapper(Protobuf::Arena& arena) : arena_(arena) {}
   int size() const override { return 0; }
-  CelValue Produce(ProtobufWkt::Arena* arena) override {
-    // Producer is unique per evaluation arena since activation is re-created.
-    arena_ = arena;
-    return CelValue::CreateMap(this);
-  }
   absl::StatusOr<const google::api::expr::runtime::CelList*> ListKeys() const override {
     return absl::UnimplementedError("ListKeys() is not implemented");
   }
 
 protected:
-  ProtobufWkt::Arena* arena_;
+  ProtobufWkt::Arena& arena_;
 };
 
 class RequestWrapper : public BaseWrapper {
 public:
   RequestWrapper(Protobuf::Arena& arena, const Http::RequestHeaderMap* headers,
                  const StreamInfo::StreamInfo& info)
-      : headers_(arena, headers), info_(info) {}
+      : BaseWrapper(arena), headers_(arena, headers), info_(info) {}
   absl::optional<CelValue> operator[](CelValue key) const override;
 
 private:
@@ -174,7 +177,7 @@ class ResponseWrapper : public BaseWrapper {
 public:
   ResponseWrapper(Protobuf::Arena& arena, const Http::ResponseHeaderMap* headers,
                   const Http::ResponseTrailerMap* trailers, const StreamInfo::StreamInfo& info)
-      : headers_(arena, headers), trailers_(arena, trailers), info_(info) {}
+      : BaseWrapper(arena), headers_(arena, headers), trailers_(arena, trailers), info_(info) {}
   absl::optional<CelValue> operator[](CelValue key) const override;
 
 private:
@@ -185,7 +188,8 @@ class ResponseWrapper : public BaseWrapper {
 
 class ConnectionWrapper : public BaseWrapper {
 public:
-  ConnectionWrapper(const StreamInfo::StreamInfo& info) : info_(info) {}
+  ConnectionWrapper(Protobuf::Arena& arena, const StreamInfo::StreamInfo& info)
+      : BaseWrapper(arena), info_(info) {}
   absl::optional<CelValue> operator[](CelValue key) const override;
 
 private:
@@ -194,7 +198,8 @@ class ConnectionWrapper : public BaseWrapper {
 
 class UpstreamWrapper : public BaseWrapper {
 public:
-  UpstreamWrapper(const StreamInfo::StreamInfo& info) : info_(info) {}
+  UpstreamWrapper(Protobuf::Arena& arena, const StreamInfo::StreamInfo& info)
+      : BaseWrapper(arena), info_(info) {}
   absl::optional<CelValue> operator[](CelValue key) const override;
 
 private:
@@ -203,32 +208,33 @@ class UpstreamWrapper : public BaseWrapper {
 
 class PeerWrapper : public BaseWrapper {
 public:
-  PeerWrapper(const StreamInfo::StreamInfo& info, bool local) : info_(info), local_(local) {}
+  PeerWrapper(Protobuf::Arena& arena, const StreamInfo::StreamInfo& info, bool local)
+      : BaseWrapper(arena), info_(info), local_(local) {}
   absl::optional<CelValue> operator[](CelValue key) const override;
 
 private:
   const StreamInfo::StreamInfo& info_;
   const bool local_;
 };
 
-class MetadataProducer : public google::api::expr::runtime::CelValueProducer {
+class FilterStateWrapper : public BaseWrapper {
 public:
-  MetadataProducer(const envoy::config::core::v3::Metadata& metadata) : metadata_(metadata) {}
-  CelValue Produce(ProtobufWkt::Arena* arena) override {
-    return CelProtoWrapper::CreateMessage(&metadata_, arena);
-  }
+  FilterStateWrapper(Protobuf::Arena& arena, const StreamInfo::FilterState& filter_state)
+      : BaseWrapper(arena), filter_state_(filter_state) {}
+  absl::optional<CelValue> operator[](CelValue key) const override;
 
 private:
-  const envoy::config::core::v3::Metadata& metadata_;
+  const StreamInfo::FilterState& filter_state_;
 };
 
-class FilterStateWrapper : public BaseWrapper {
+class XDSWrapper : public BaseWrapper {
 public:
-  FilterStateWrapper(const StreamInfo::FilterState& filter_state) : filter_state_(filter_state) {}
+  XDSWrapper(Protobuf::Arena& arena, const StreamInfo::StreamInfo& info)
+      : BaseWrapper(arena), info_(info) {}
   absl::optional<CelValue> operator[](CelValue key) const override;
 
 private:
-  const StreamInfo::FilterState& filter_state_;
+  const StreamInfo::StreamInfo& info_;
 };
 
 } // namespace Expr