Conversation
| #include "common/http/filter/ip_tagging_filter.h" | ||
| #include "common/json/config_schemas.h" | ||
|
|
||
| namespace Envoy { |
There was a problem hiding this comment.
You can still write tests for loading the config under https://github.com/lyft/envoy/blob/master/test/server/config/http/config_test.cc
|
@junr03 I'll take a look later today. |
| static IpTaggingFilterStats generateStats(const std::string& prefix, Stats::Store& store); | ||
|
|
||
| //Trie ip_tags_; | ||
| Runtime::Loader& runtime_; |
There was a problem hiding this comment.
Runtime isn't needed for this filter at the moment.
| "type" : "string", | ||
| "enum" : ["internal", "external", "both"] | ||
| }, | ||
| "ip_tags" : { |
There was a problem hiding this comment.
ip_tags is supposed to be an array of ip_tag_name and ip_lists.
| "items" : { | ||
| "type": "string", | ||
| "oneOf": [ | ||
| { "format": "host-name" }, |
There was a problem hiding this comment.
We don't have plans to support host-name for ip tagging.
There was a problem hiding this comment.
In fact I think we need to change this to a regex match, because as far as I can tell there is no pre determined format for a CIDR range. And what this is is actually an array of cidr ranges, isn't it?
| /** | ||
| * All stats for the ip tagging filter. @see stats_macros.h | ||
| */ | ||
| // clang-format off |
There was a problem hiding this comment.
At the moment, there are no specific IP Tag stats. This can be removed for now.
| "items" : { | ||
| "type": "string", | ||
| "oneOf": [ | ||
| { "pattern" : "^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$" }, |
There was a problem hiding this comment.
Why use these patterns instead of ipv6 and ipv4 like you had before?
There was a problem hiding this comment.
from the comment above: In fact I think we need to change this to a regex match, because as far as I can tell there is no pre determined format for a CIDR range. And what this is is actually an array of cidr ranges, isn't it?
There was a problem hiding this comment.
I stand corrected. The json schema format rule includes the range.
| extra data. This is useful to prevent against DDoS. | ||
|
|
||
| **Note**: this filter is under active development, and currently does not perform any tagging on requests. In other | ||
| words, installing this filter is a nop in the filter chain. |
| } | ||
|
|
||
| request_type: | ||
| (optional, string) The type of requests the filter should apply to. ``external``, ``internal``, or ``both``. |
There was a problem hiding this comment.
Can you expand the about what is deemed internal/external? ie take it from the rl filter.
| Defaults to ``both``. | ||
|
|
||
| ip_tags: | ||
| (optional, array) Specifies the list of ip tags to set for a request. |
There was a problem hiding this comment.
(optional, array) + in other places.
|
|
||
| ip_list: | ||
| (required, list of strings) A list of IP address and subnet masks that will be tagged with the ``ip_tag_name``. Both | ||
| IPv4, and IPv6 CIDR addresses are allowed here. No newline at end of file |
| } | ||
|
|
||
| ip_tag_name: | ||
| (required, string) Specifies the ip tag name to apply. The names will be added to the request's ``x-envoy-ip-tag`` |
There was a problem hiding this comment.
put some docs in place for the HTTP header "x-envoy-ip-tag"
|
|
||
| ip_tag_name: | ||
| (required, string) Specifies the ip tag name to apply. The names will be added to the request's ``x-envoy-ip-tag`` | ||
| header if the request's XFF address belongs to a range present in the ``ip_list`` |
There was a problem hiding this comment.
XFF can contain multiple addresses, can you put more details around if we look at the last hop address or not.
| namespace Server { | ||
| namespace Configuration { | ||
|
|
||
| HttpFilterFactoryCb IpTaggingFilterConfig::tryCreateFilterFactory(HttpFilterType type, |
There was a problem hiding this comment.
can you refactor this to use a new method for filter registration, see 3a466c3#diff-12a4439b6c76df424840b91ab1cf3789R14
| std::string IpTaggingFilterConfig::name() { return "ip_tagging"; } | ||
|
|
||
| /** | ||
| * Static registration for the ip tagging filter. @see RegisterHttpFilterConfigFactory. |
There was a problem hiding this comment.
RegisterHttpFilterConfigFactory is not correct ;)
| "items" : { | ||
| "type": "string", | ||
| "anyOf": [ | ||
| { "format" : "ipv4" }, |
There was a problem hiding this comment.
can you add a test when format does not conform ipv4/ipv6?
There was a problem hiding this comment.
on adding this test it looks like we are not actually enforcing this format. I verified with tests that exercise this https://github.com/lyft/envoy/blob/master/source/common/json/config_schemas.cc#L79. The schema validator lets the wrong string through, and it is envoy code that catches it. Specifically: https://github.com/lyft/envoy/blob/master/source/common/network/utility.cc#L28
| Json::ObjectSharedPtr json_config = Json::Factory::loadFromString(json_string); | ||
| NiceMock<MockInstance> server; | ||
| IpTaggingFilterConfig factory; | ||
| EXPECT_THROW(factory.tryCreateFilterFactory(HttpFilterType::Decoder, "ip_tagging", *json_config, |
| Ip tagging filter | ||
| ==================== | ||
|
|
||
| This is a filter which enables Envoy to tag requests with extra information such as location, cloud source and any |
| Ip tagging filter | ||
| ==================== | ||
|
|
||
| This is a filter which enables Envoy to tag requests with extra information such as location, cloud source and any |
|
@mattklein123 @ccaraman I can take care of that. |
Description: This job seems to get cancelled frequently at the 45-minute mark, which just means another 45-minute cycle to run it again. Increase to 60 to hopefully get it to complete consistently. Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Description: This job seems to get cancelled frequently at the 45-minute mark, which just means another 45-minute cycle to run it again. Increase to 60 to hopefully get it to complete consistently. Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
**Description** This removes the input api schema field in the filter config as it shouldn't be a config and currently it is not really used. The input schema is already determined by the specific API endpoint being used by the Envoy AI Gateway, such as the unified OpenAI API at `v1/chat/completions` or later the Anthropic Messages API we are supporting at `anthropic/v1/messages`. This removes the confusion when we are going to support other vendor pass through APIs like Anthropic. We may need to consider deprecating the input `APISchema` defined on `AIGatewayRoute` which is also not really used. Related Issue: #847 --------- Signed-off-by: Dan Sun <dsun20@bloomberg.net> Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
**Description** This removes the unused "schema" API from AIGatewayRoute as a preparation for transparent passthrough etc support for non-OpenAI SDK support as well as the prefix configuration #1002 **Related Issues/PRs (if applicable)** Follow up on #998 Necessary for #1002 --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
5 participants
@ccaraman
Here is the skeleton for the ip tagging filter. Will write tests, and actual filter code once we have the trie.