Skip to content

Commit

Permalink
Populate origin.user attribute from the SAN field of client cert (#142)
Browse files Browse the repository at this point in the history
* Test

* test

* test

* revert file

* address comments

* test

* fix typo

* fix format

* fix format
  • Loading branch information
wattli authored Mar 2, 2017
1 parent a118aea commit 9d10adc
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 7 deletions.
13 changes: 8 additions & 5 deletions src/envoy/mixer/http_control.cc
Original file line number Diff line number Diff line change
Expand Up @@ -31,17 +31,19 @@ namespace Mixer {
namespace {

// Define attribute names
const std::string kRequestPath = "request.path";
const std::string kOriginUser = "origin.user";

const std::string kRequestHeaders = "request.headers";
const std::string kRequestHost = "request.host";
const std::string kRequestPath = "request.path";
const std::string kRequestSize = "request.size";
const std::string kRequestTime = "request.time";
const std::string kRequestHeaders = "request.headers";

const std::string kResponseHeaders = "response.headers";
const std::string kResponseHttpCode = "response.http.code";
const std::string kResponseLatency = "response.latency";
const std::string kResponseSize = "response.size";
const std::string kResponseTime = "response.time";
const std::string kResponseLatency = "response.latency";
const std::string kResponseHttpCode = "response.http.code";

Attributes::Value StringValue(const std::string& str) {
Attributes::Value v;
Expand Down Expand Up @@ -170,8 +172,9 @@ void HttpControl::FillCheckAttributes(HeaderMap& header_map, Attributes* attr) {
}

void HttpControl::Check(HttpRequestDataPtr request_data, HeaderMap& headers,
DoneFunc on_done) {
std::string origin_user, DoneFunc on_done) {
FillCheckAttributes(headers, &request_data->attributes);
SetStringAttribute(kOriginUser, origin_user, &request_data->attributes);
log().debug("Send Check: {}", request_data->attributes.DebugString());
mixer_client_->Check(request_data->attributes, on_done);
}
Expand Down
2 changes: 1 addition & 1 deletion src/envoy/mixer/http_control.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class HttpControl final : public Logger::Loggable<Logger::Id::http> {

// Make mixer check call.
void Check(HttpRequestDataPtr request_data, HeaderMap& headers,
::istio::mixer_client::DoneFunc on_done);
std::string origin_user, ::istio::mixer_client::DoneFunc on_done);

// Make mixer report call.
void Report(HttpRequestDataPtr request_data,
Expand Down
17 changes: 16 additions & 1 deletion src/envoy/mixer/http_filter.cc
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
#include "common/http/headers.h"
#include "common/http/utility.h"
#include "envoy/server/instance.h"
#include "envoy/ssl/connection.h"
#include "server/config/network/http_connection_manager.h"
#include "src/envoy/mixer/http_control.h"
#include "src/envoy/mixer/utils.h"
Expand Down Expand Up @@ -151,8 +152,16 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance {
state_ = Calling;
initiating_call_ = true;
request_data_ = std::make_shared<HttpRequestData>();

std::string origin_user;
Ssl::Connection* ssl =
const_cast<Ssl::Connection*>(decoder_callbacks_->ssl());
if (ssl != nullptr) {
origin_user = ssl->uriSanPeerCertificate();
}

http_control_->Check(
request_data_, headers,
request_data_, headers, origin_user,
wrapper([this](const Status& status) { completeCheck(status); }));
initiating_call_ = false;

Expand Down Expand Up @@ -180,13 +189,15 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance {
}
return FilterTrailersStatus::Continue;
}

void setDecoderFilterCallbacks(
StreamDecoderFilterCallbacks& callbacks) override {
Log().debug("Called Mixer::Instance : {}", __func__);
decoder_callbacks_ = &callbacks;
decoder_callbacks_->addResetStreamCallback(
[this]() { state_ = Responded; });
}

void completeCheck(const Status& status) {
Log().debug("Called Mixer::Instance : check complete {}",
status.ToString());
Expand All @@ -197,6 +208,7 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance {
status.ToString());
return;
}

state_ = Complete;
if (!initiating_call_) {
decoder_callbacks_->continueDecoding();
Expand All @@ -208,15 +220,18 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance {
Log().debug("Called Mixer::Instance : {}", __func__);
return FilterHeadersStatus::Continue;
}

virtual FilterDataStatus encodeData(Buffer::Instance& data,
bool end_stream) override {
Log().debug("Called Mixer::Instance : {}", __func__);
return FilterDataStatus::Continue;
}

virtual FilterTrailersStatus encodeTrailers(HeaderMap& trailers) override {
Log().debug("Called Mixer::Instance : {}", __func__);
return FilterTrailersStatus::Continue;
}

virtual void setEncoderFilterCallbacks(
StreamEncoderFilterCallbacks& callbacks) override {
Log().debug("Called Mixer::Instance : {}", __func__);
Expand Down

0 comments on commit 9d10adc

Please sign in to comment.