wip: grab direction from config

dettanym · Feb 29, 2024 · 1445381 · 1445381
1 parent 95ff2df
commit 1445381
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 17 deletions.
diff --git a/...uation/kubernetes/apps/test-sample-microservices/bookinfo/envoy-filter/golang-filter.yaml b/...uation/kubernetes/apps/test-sample-microservices/bookinfo/envoy-filter/golang-filter.yaml
@@ -34,7 +34,7 @@ spec:
                   split_spans_for_request: true
     - applyTo: HTTP_FILTER
       match:
-        context: SIDECAR_INBOUND
+        context: &direction SIDECAR_INBOUND
         listener:
           portNumber: 9080
           filterChain:
@@ -54,6 +54,7 @@ spec:
             plugin_config:
               "@type": type.googleapis.com/xds.type.v3.TypedStruct
               value:
+                direction: *direction
                 presidio_url: http://presidio.prose-system.svc.cluster.local:3000/batchanalyze
                 zipkin_url: http://zipkin.prose-system.svc.cluster.local:9411/api/v2/spans
                 opa_enforce: false
@@ -106,7 +107,7 @@ spec:
                   split_spans_for_request: true
     - applyTo: HTTP_FILTER
       match:
-        context: SIDECAR_OUTBOUND
+        context: &direction SIDECAR_OUTBOUND
         listener:
           filterChain:
             filter:
@@ -125,6 +126,7 @@ spec:
             plugin_config:
               "@type": type.googleapis.com/xds.type.v3.TypedStruct
               value:
+                direction: *direction
                 presidio_url: http://presidio.prose-system.svc.cluster.local:3000/batchanalyze
                 zipkin_url: http://zipkin.prose-system.svc.cluster.local:9411/api/v2/spans
                 opa_enforce: false

diff --git a/privacy-profile-composer/pkg/envoyfilter/filter.go b/privacy-profile-composer/pkg/envoyfilter/filter.go
@@ -17,11 +17,6 @@ import (
 )
 
 func NewFilter(callbacks api.FilterCallbackHandler, config *config) (api.StreamFilter, error) {
-	sidecarDirection, err := common.GetDirection(callbacks)
-	if err != nil {
-		return nil, err
-	}
-
 	tracer, err := common.NewZipkinTracer(config.zipkinUrl)
 	if err != nil {
 		return nil, fmt.Errorf("unable to create tracer: %+v\n", err)
@@ -38,24 +33,23 @@ func NewFilter(callbacks api.FilterCallbackHandler, config *config) (api.StreamF
 	}
 
 	return &Filter{
-		callbacks:        callbacks,
-		config:           config,
-		tracer:           tracer,
-		sidecarDirection: sidecarDirection,
-		opa:              opaObj,
+		callbacks: callbacks,
+		config:    config,
+		tracer:    tracer,
+		opa:       opaObj,
 	}, nil
 }
 
 type Filter struct {
 	api.PassThroughStreamFilter
 
-	callbacks        api.FilterCallbackHandler
-	config           *config
-	tracer           *common.ZipkinTracer
-	opa              *sdk.OPA
-	sidecarDirection common.SidecarDirection
+	callbacks api.FilterCallbackHandler
+	config    *config
+	tracer    *common.ZipkinTracer
+	opa       *sdk.OPA
 
 	// Runtime state of the filter
+	sidecarDirection  common.SidecarDirection
 	parentSpanContext model.SpanContext
 	headerMetadata    common.HeaderMetadata
 }
@@ -64,6 +58,22 @@ type Filter struct {
 func (f *Filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.StatusType {
 	log.Println(">>> DECODE HEADERS")
 
+	log.Println("get property xds.node")
+	v, err := f.callbacks.GetProperty("xds.node")
+	if err != nil {
+		log.Printf("error getting key: %v\n", err)
+	} else {
+		log.Printf("%+v\n", v)
+	}
+
+	sidecarDirection, err := common.GetDirection(f.callbacks)
+	if err != nil {
+		log.Println(err)
+	} else {
+		log.Printf("determined sidecar direction: \"%s\"\n", sidecarDirection)
+	}
+	f.sidecarDirection = sidecarDirection
+
 	f.parentSpanContext = f.tracer.Extract(header)
 
 	span := f.tracer.StartSpan("test span in decode headers", zipkin.Parent(f.parentSpanContext))
@@ -90,6 +100,9 @@ func (f *Filter) DecodeData(buffer api.BufferInstance, endStream bool) api.Statu
 	log.Println(">>> DECODE DATA")
 	log.Println("  <<About to forward", buffer.Len(), "bytes of data to service>>")
 
+	span.Tag("buffer-value", buffer.String())
+	span.Tag("end-stream", strconv.FormatBool(endStream))
+
 	processBody := false
 	// If it is an inbound sidecar, then do process the body
 	// run PII Analysis + OPA directly
@@ -165,6 +178,9 @@ func (f *Filter) EncodeData(buffer api.BufferInstance, endStream bool) api.Statu
 	log.Println("<<< ENCODE DATA")
 	log.Println("  <<About to forward", buffer.Len(), "bytes of data to client>>")
 
+	span.Tag("buffer-value", buffer.String())
+	span.Tag("end-stream", strconv.FormatBool(endStream))
+
 	// if outbound then indirect purpose of use violation
 	// TODO: This is usually data obtained from another service
 	//  but it could also be data obtained from a third party. I.e. a kind of join violation.