3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity

envoy: add internal_address_config to address deprecation warning (#5425)

Browse source
This commit is contained in:
Joe Kralicky 2025-01-14 16:51:04 -05:00 committed by GitHub
parent 5ff53ef2b1
commit dfd2457bb6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 82 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/envoyconfig/filters.go
View file

@ -47,6 +47,7 @@ func ExtAuthzFilter(grpcClientTimeout *durationpb.Duration) *envoy_extensions_fi
func HTTPConnectionManagerFilter( func HTTPConnectionManagerFilter(
httpConnectionManager *envoy_extensions_filters_network_http_connection_manager.HttpConnectionManager, httpConnectionManager *envoy_extensions_filters_network_http_connection_manager.HttpConnectionManager,
) *envoy_config_listener_v3.Filter { ) *envoy_config_listener_v3.Filter {
applyGlobalHTTPConnectionManagerOptions(httpConnectionManager)
return &envoy_config_listener_v3.Filter{ return &envoy_config_listener_v3.Filter{
Name: "envoy.filters.network.http_connection_manager", Name: "envoy.filters.network.http_connection_manager",
ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{

22
config/envoyconfig/http_connection_manager.go
View file

@ -8,6 +8,7 @@ import (
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
envoy_http_connection_manager "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_http_connection_manager "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
"google.golang.org/protobuf/types/known/wrapperspb"
"github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/httputil"
@ -120,3 +121,24 @@ func (b *Builder) buildLocalReplyConfig(
}}, }},
}, nil }, nil
} }
func applyGlobalHTTPConnectionManagerOptions(hcm *envoy_http_connection_manager.HttpConnectionManager) {
if hcm.InternalAddressConfig == nil {
// see doc comment on InternalAddressConfig for details
hcm.InternalAddressConfig = &envoy_http_connection_manager.HttpConnectionManager_InternalAddressConfig{
CidrRanges: []*envoy_config_core_v3.CidrRange{
// localhost
{AddressPrefix: "127.0.0.1", PrefixLen: wrapperspb.UInt32(32)},
{AddressPrefix: "::1", PrefixLen: wrapperspb.UInt32(128)},
// RFC1918
{AddressPrefix: "10.0.0.0", PrefixLen: wrapperspb.UInt32(8)},
{AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(16)},
{AddressPrefix: "172.16.0.0", PrefixLen: wrapperspb.UInt32(12)},
// RFC4193
{AddressPrefix: "fd00::", PrefixLen: wrapperspb.UInt32(8)},
},
}
}
}

9
config/envoyconfig/outbound.go
View file

@ -42,7 +42,7 @@ func (b *Builder) buildOutboundListener(cfg *config.Config) (*envoy_config_liste
func (b *Builder) buildOutboundHTTPConnectionManager() *envoy_config_listener_v3.Filter { func (b *Builder) buildOutboundHTTPConnectionManager() *envoy_config_listener_v3.Filter {
rc := b.buildOutboundRouteConfiguration() rc := b.buildOutboundRouteConfiguration()
tc := marshalAny(&envoy_http_connection_manager.HttpConnectionManager{ return HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{
CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO, CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO,
StatPrefix: "grpc_egress", StatPrefix: "grpc_egress",
// limit request first byte to last byte time // limit request first byte to last byte time
@ -56,13 +56,6 @@ func (b *Builder) buildOutboundHTTPConnectionManager() *envoy_config_listener_v3
HTTPRouterFilter(), HTTPRouterFilter(),
}, },
}) })
return &envoy_config_listener_v3.Filter{
Name: "envoy.filters.network.http_connection_manager",
ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{
TypedConfig: tc,
},
}
} }
func (b *Builder) buildOutboundRouteConfiguration() *envoy_config_route_v3.RouteConfiguration { func (b *Builder) buildOutboundRouteConfiguration() *envoy_config_route_v3.RouteConfiguration {

30
config/envoyconfig/testdata/main_http_connection_manager_filter.json vendored
View file

@ -186,6 +186,34 @@
} }
}, },
"useRemoteAddress": true, "useRemoteAddress": true,
"xffNumTrustedHops": 1 "xffNumTrustedHops": 1,
"internalAddressConfig": {
"cidrRanges": [
{
"addressPrefix": "127.0.0.1",
"prefixLen": 32
},
{
"addressPrefix": "::1",
"prefixLen": 128
},
{
"addressPrefix": "10.0.0.0",
"prefixLen": 8
},
{
"addressPrefix": "192.168.0.0",
"prefixLen": 16
},
{
"addressPrefix": "172.16.0.0",
"prefixLen": 12
},
{
"addressPrefix": "fd00::",
"prefixLen": 8
}
]
}
} }
} }

30
config/envoyconfig/testdata/metrics_http_connection_manager.json vendored
View file

@ -54,7 +54,35 @@
} }
] ]
}, },
"statPrefix": "metrics" "statPrefix": "metrics",
"internalAddressConfig": {
"cidrRanges": [
{
"addressPrefix": "127.0.0.1",
"prefixLen": 32
},
{
"addressPrefix": "::1",
"prefixLen": 128
},
{
"addressPrefix": "10.0.0.0",
"prefixLen": 8
},
{
"addressPrefix": "192.168.0.0",
"prefixLen": 16
},
{
"addressPrefix": "172.16.0.0",
"prefixLen": 12
},
{
"addressPrefix": "fd00::",
"prefixLen": 8
}
]
}
} }
} }
], ],