Add classifiers to flowcontrolv1.CheckResponse (#310)

* Add classifiers to flowcontrolv1.CheckResponse * Add classifier index to classifier ID Closes: GH-268 Co-authored-by: Filip Chmielewski <[email protected]>
fluxninja · Sep 8, 2022 · 79ad85f · 79ad85f
1 parent dd77ac5
commit 79ad85f
Show file tree

Hide file tree

Showing 25 changed files with 824 additions and 341 deletions.
diff --git a/api/aperture/flowcontrol/v1/flowcontrol.proto b/api/aperture/flowcontrol/v1/flowcontrol.proto
@@ -27,6 +27,8 @@ message CheckResponse {
   repeated FluxMeter flux_meters = 4;
   // flow label keys that were matched for this request.
   repeated string flow_label_keys = 5;
+  // classifiers that were matched for this request.
+  repeated Classifier classifiers = 6;
 }
 
 // Reason contains fields that give further information about error or rejection.
@@ -83,3 +85,10 @@ message LimiterDecision {
 message FluxMeter {
   string flux_meter_name = 1;
 }
+
+// Classifier describes details for each Classifier.
+message Classifier {
+  string policy_name = 1;
+  string policy_hash = 2;
+  int64 classifier_index = 3;
+}
diff --git a/api/aperture/policy/wrappers/v1/policy.proto b/api/aperture/policy/wrappers/v1/policy.proto
@@ -2,6 +2,7 @@ syntax = "proto3";
 
 package aperture.policy.wrappers.v1;
 
+import "aperture/policy/language/v1/classifier.proto";
 import "aperture/policy/language/v1/fluxmeter.proto";
 import "aperture/policy/language/v1/policy.proto";
 
@@ -21,6 +22,17 @@ message FluxMeterWrapper {
   string fluxmeter_name = 4;
 }
 
+message ClassifierWrapper {
+  // Classifier
+  policy.language.v1.Classifier classifier = 1;
+  // Name of the Policy.
+  string policy_name = 2;
+  // Hash of the entire Policy spec.
+  string policy_hash = 3;
+  // Index of the classifier within Policy.
+  int64 classifier_index = 4;
+}
+
 message ConcurrencyLimiterWrapper {
   // Concurrency Limiter
   policy.language.v1.ConcurrencyLimiter concurrency_limiter = 1;

diff --git a/api/gen/openapiv2/aperture.swagger.yaml b/api/gen/openapiv2/aperture.swagger.yaml
@@ -263,6 +263,17 @@ definitions:
       workload:
         $ref: '#/definitions/SchedulerWorkload'
         description: Workload associated with flows matching the label matcher.
+  apertureflowcontrolv1Classifier:
+    type: object
+    properties:
+      classifier_index:
+        type: string
+        format: int64
+      policy_hash:
+        type: string
+      policy_name:
+        type: string
+    description: Classifier describes details for each Classifier.
   apertureflowcontrolv1FluxMeter:
     type: object
     properties:
@@ -351,6 +362,37 @@ definitions:
       Ratelimiting is done separately on per-label-value basis. Use _label\_key_
       to select which label should be used as key.
     title: Limits the traffic on a control point to specified rate
+  policylanguagev1Classifier:
+    type: object
+    properties:
+      rules:
+        type: object
+        additionalProperties:
+          $ref: '#/definitions/v1Rule'
+        description: |-
+          A map of {key, value} pairs mapping from
+          [flow label](/concepts/flow-control/label/label.md) keys to rules that define
+          how to extract and propagate flow labels with that key.
+      selector:
+        $ref: '#/definitions/v1Selector'
+        description: Defines where to apply the flow classification rule.
+    description: |-
+      :::info
+      See also [Classifier overview](/concepts/flow-control/label/classifier.md).
+      :::
+
+      Example:
+      ```yaml
+      selector:
+        service: service1.default.svc.cluster.local
+        control_point:
+          traffic: ingress
+      rules:
+        user:
+          extractor:
+            from: request.http.headers.user
+      ```
+    title: Set of classification rules sharing a common selector
   policylanguagev1FluxMeter:
     type: object
     properties:
@@ -593,6 +635,11 @@ definitions:
   v1CheckResponse:
     type: object
     properties:
+      classifiers:
+        type: array
+        items:
+          $ref: '#/definitions/apertureflowcontrolv1Classifier'
+        description: classifiers that were matched for this request.
       decision_reason:
         $ref: '#/definitions/v1DecisionReason'
         description: reason contains information in the case of an error or rejection.
@@ -650,37 +697,6 @@ definitions:
       docs on how exactly it handles invalid inputs.
       :::
     title: Circuit is defined as a dataflow graph of inter-connected components
-  v1Classifier:
-    type: object
-    properties:
-      rules:
-        type: object
-        additionalProperties:
-          $ref: '#/definitions/v1Rule'
-        description: |-
-          A map of {key, value} pairs mapping from
-          [flow label](/concepts/flow-control/label/label.md) keys to rules that define
-          how to extract and propagate flow labels with that key.
-      selector:
-        $ref: '#/definitions/v1Selector'
-        description: Defines where to apply the flow classification rule.
-    description: |-
-      :::info
-      See also [Classifier overview](/concepts/flow-control/label/classifier.md).
-      :::
-
-      Example:
-      ```yaml
-      selector:
-        service: service1.default.svc.cluster.local
-        control_point:
-          traffic: ingress
-      rules:
-        user:
-          extractor:
-            from: request.http.headers.user
-      ```
-    title: Set of classification rules sharing a common selector
   v1Component:
     type: object
     properties:
@@ -1605,7 +1621,7 @@ definitions:
       classifiers:
         type: array
         items:
-          $ref: '#/definitions/v1Classifier'
+          $ref: '#/definitions/policylanguagev1Classifier'
         description: |-
           Classifiers are installed in the data-plane and are used to label the requests based on payload content.