From 9d10adc1099769ed2097d91314fa8089393f9210 Mon Sep 17 00:00:00 2001 From: wattli Date: Thu, 2 Mar 2017 15:00:52 -0800 Subject: [PATCH] Populate origin.user attribute from the SAN field of client cert (#142) * Test * test * test * revert file * address comments * test * fix typo * fix format * fix format --- src/envoy/mixer/http_control.cc | 13 ++++++++----- src/envoy/mixer/http_control.h | 2 +- src/envoy/mixer/http_filter.cc | 17 ++++++++++++++++- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/src/envoy/mixer/http_control.cc b/src/envoy/mixer/http_control.cc index 6e64659c2bb..c78f4bd9049 100644 --- a/src/envoy/mixer/http_control.cc +++ b/src/envoy/mixer/http_control.cc @@ -31,17 +31,19 @@ namespace Mixer { namespace { // Define attribute names -const std::string kRequestPath = "request.path"; +const std::string kOriginUser = "origin.user"; + +const std::string kRequestHeaders = "request.headers"; const std::string kRequestHost = "request.host"; +const std::string kRequestPath = "request.path"; const std::string kRequestSize = "request.size"; const std::string kRequestTime = "request.time"; -const std::string kRequestHeaders = "request.headers"; const std::string kResponseHeaders = "response.headers"; +const std::string kResponseHttpCode = "response.http.code"; +const std::string kResponseLatency = "response.latency"; const std::string kResponseSize = "response.size"; const std::string kResponseTime = "response.time"; -const std::string kResponseLatency = "response.latency"; -const std::string kResponseHttpCode = "response.http.code"; Attributes::Value StringValue(const std::string& str) { Attributes::Value v; @@ -170,8 +172,9 @@ void HttpControl::FillCheckAttributes(HeaderMap& header_map, Attributes* attr) { } void HttpControl::Check(HttpRequestDataPtr request_data, HeaderMap& headers, - DoneFunc on_done) { + std::string origin_user, DoneFunc on_done) { FillCheckAttributes(headers, &request_data->attributes); + SetStringAttribute(kOriginUser, origin_user, &request_data->attributes); log().debug("Send Check: {}", request_data->attributes.DebugString()); mixer_client_->Check(request_data->attributes, on_done); } diff --git a/src/envoy/mixer/http_control.h b/src/envoy/mixer/http_control.h index c5938cf369d..e9ddc734f45 100644 --- a/src/envoy/mixer/http_control.h +++ b/src/envoy/mixer/http_control.h @@ -42,7 +42,7 @@ class HttpControl final : public Logger::Loggable { // Make mixer check call. void Check(HttpRequestDataPtr request_data, HeaderMap& headers, - ::istio::mixer_client::DoneFunc on_done); + std::string origin_user, ::istio::mixer_client::DoneFunc on_done); // Make mixer report call. void Report(HttpRequestDataPtr request_data, diff --git a/src/envoy/mixer/http_filter.cc b/src/envoy/mixer/http_filter.cc index a990b0fd7e3..c59f5f43eea 100644 --- a/src/envoy/mixer/http_filter.cc +++ b/src/envoy/mixer/http_filter.cc @@ -19,6 +19,7 @@ #include "common/http/headers.h" #include "common/http/utility.h" #include "envoy/server/instance.h" +#include "envoy/ssl/connection.h" #include "server/config/network/http_connection_manager.h" #include "src/envoy/mixer/http_control.h" #include "src/envoy/mixer/utils.h" @@ -151,8 +152,16 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { state_ = Calling; initiating_call_ = true; request_data_ = std::make_shared(); + + std::string origin_user; + Ssl::Connection* ssl = + const_cast(decoder_callbacks_->ssl()); + if (ssl != nullptr) { + origin_user = ssl->uriSanPeerCertificate(); + } + http_control_->Check( - request_data_, headers, + request_data_, headers, origin_user, wrapper([this](const Status& status) { completeCheck(status); })); initiating_call_ = false; @@ -180,6 +189,7 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { } return FilterTrailersStatus::Continue; } + void setDecoderFilterCallbacks( StreamDecoderFilterCallbacks& callbacks) override { Log().debug("Called Mixer::Instance : {}", __func__); @@ -187,6 +197,7 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { decoder_callbacks_->addResetStreamCallback( [this]() { state_ = Responded; }); } + void completeCheck(const Status& status) { Log().debug("Called Mixer::Instance : check complete {}", status.ToString()); @@ -197,6 +208,7 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { status.ToString()); return; } + state_ = Complete; if (!initiating_call_) { decoder_callbacks_->continueDecoding(); @@ -208,15 +220,18 @@ class Instance : public Http::StreamFilter, public Http::AccessLog::Instance { Log().debug("Called Mixer::Instance : {}", __func__); return FilterHeadersStatus::Continue; } + virtual FilterDataStatus encodeData(Buffer::Instance& data, bool end_stream) override { Log().debug("Called Mixer::Instance : {}", __func__); return FilterDataStatus::Continue; } + virtual FilterTrailersStatus encodeTrailers(HeaderMap& trailers) override { Log().debug("Called Mixer::Instance : {}", __func__); return FilterTrailersStatus::Continue; } + virtual void setEncoderFilterCallbacks( StreamEncoderFilterCallbacks& callbacks) override { Log().debug("Called Mixer::Instance : {}", __func__);