feat: add MeshGateway support to MeshAccessLog

Signed-off-by: Mike Beaumont <[email protected]>
kumahq · Oct 5, 2022 · 5311e8b · 5311e8b
1 parent 13f2034
commit 5311e8b
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin.go
@@ -13,9 +13,11 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/matchers"
 	api "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/api/v1alpha1"
 	plugin_xds "github.com/kumahq/kuma/pkg/plugins/policies/meshaccesslog/plugin/xds"
+	"github.com/kumahq/kuma/pkg/plugins/runtime/gateway"
 	xds_context "github.com/kumahq/kuma/pkg/xds/context"
 	"github.com/kumahq/kuma/pkg/xds/envoy"
 	"github.com/kumahq/kuma/pkg/xds/generator"
+	xds_topology "github.com/kumahq/kuma/pkg/xds/topology"
 )
 
 var _ core_plugins.PolicyPlugin = &plugin{}
@@ -58,6 +60,9 @@ func (p plugin) Apply(rs *core_xds.ResourceSet, ctx xds_context.Context, proxy *
 	if err := applyToDirectAccess(policies.ToRules, listeners.directAccess, proxy.Dataplane); err != nil {
 		return err
 	}
+	if err := applyToGateway(policies.ToRules, listeners.gateway, ctx.Mesh.Resources.MeshLocalResources, proxy.Dataplane); err != nil {
+		return err
+	}
 
 	return nil
 }
@@ -153,9 +158,50 @@ func applyToDirectAccess(
 	return nil
 }
 
+func applyToGateway(
+	rules xds.ToRules, gatewayListeners map[xds.InboundListener]*envoy_listener.Listener, resources xds_context.ResourceMap, dataplane *core_mesh.DataplaneResource,
+) error {
+	var gateways *core_mesh.MeshGatewayResourceList
+	if rawList := resources[core_mesh.MeshGatewayType]; rawList != nil {
+		gateways = rawList.(*core_mesh.MeshGatewayResourceList)
+	} else {
+		return nil
+	}
+
+	gateway := xds_topology.SelectGateway(gateways.Items, dataplane.Spec.Matches)
+	if gateway == nil {
+		return nil
+	}
+
+	for _, listener := range gateway.Spec.GetConf().GetListeners() {
+		address := dataplane.Spec.GetNetworking().Address
+		port := listener.GetPort()
+		listener, ok := gatewayListeners[xds.InboundListener{
+			Address: address,
+			Port:    port,
+		}]
+		if !ok {
+			continue
+		}
+
+		if err := configureOutbound(
+			rules,
+			dataplane,
+			xds.Subset{},
+			mesh_proto.MatchAllTag,
+			listener,
+		); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 type listeners struct {
 	inbound         map[xds.InboundListener]*envoy_listener.Listener
 	outbound        map[mesh_proto.OutboundInterface]*envoy_listener.Listener
+	gateway         map[xds.InboundListener]*envoy_listener.Listener
 	ipv4Passthrough *envoy_listener.Listener
 	ipv6Passthrough *envoy_listener.Listener
 	directAccess    map[generator.Endpoint]*envoy_listener.Listener
@@ -165,6 +211,7 @@ func gatherListeners(rs *core_xds.ResourceSet) listeners {
 	listeners := listeners{
 		inbound:      map[xds.InboundListener]*envoy_listener.Listener{},
 		outbound:     map[mesh_proto.OutboundInterface]*envoy_listener.Listener{},
+		gateway:      map[xds.InboundListener]*envoy_listener.Listener{},
 		directAccess: map[generator.Endpoint]*envoy_listener.Listener{},
 	}
 
@@ -195,6 +242,11 @@ func gatherListeners(rs *core_xds.ResourceSet) listeners {
 				Address: address.GetAddress(),
 				Port:    address.GetPortValue(),
 			}] = listener
+		case gateway.OriginGateway:
+			listeners.gateway[xds.InboundListener{
+				Address: address.GetAddress(),
+				Port:    address.GetPortValue(),
+			}] = listener
 		default:
 			continue
 		}