Created
August 16, 2022 15:03
-
-
Save calam1/32143590ec018b856ef224e2904f708e to your computer and use it in GitHub Desktop.
Revisions
-
calam1 created this gist
Aug 16, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,143 @@ --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: core-authz-filter spec: workloadSelector: labels: app: python-api configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: # name: "envoy.router" name: envoy.filters.http.router patch: operation: INSERT_BEFORE value: name: envoy.ext_authz # connect_timeout: 1.0s typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz grpc_service: envoy_grpc: cluster_name: external.authz.mystuff.svc.cluster.local timeout: 1.0s transport_api_version: V3 - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: envoy.ext_authz patch: operation: INSERT_AFTER value: name: envoy.filters.http.header_to_metadata typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config request_rules: - header: x-ext-auth-ratelimit on_header_present: key: rate.requests_per_unit type: NUMBER on_header_missing: key: rate.requests_per_unit value: "1" type: STRING remove: false - header: x-ext-auth-ratelimit-unit on_header_present: key: rate.unit type: STRING on_header_missing: key: rate.unit value: 'HOUR' type: STRING remove: false - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.header_to_metadata" patch: operation: INSERT_AFTER value: name: envoy.filters.http.lua typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua inline_code: | function PrintTable(tbl, depth, n) n = n or 0; depth = depth or 5; if (depth == 0) then print(string.rep(' ', n).."..."); return; end if (n == 0) then print(" "); end for key, value in pairs(tbl) do if (key and type(key) == "number" or type(key) == "string") then key = string.format("[\"%s\"]", key); if (type(value) == "table") then if (next(value)) then print(string.rep(' ', n)..key.." = {"); PrintTable(value, depth - 1, n + 4); print(string.rep(' ', n).."},"); else print(string.rep(' ', n)..key.." = {},"); end else if (type(value) == "string") then value = string.format("\"%s\"", value); else value = tostring(value); end print(string.rep(' ', n)..key.." = "..value..","); end end end if (n == 0) then print(" "); end end function envoy_on_request(request_handle) local reqs_per_unit = request_handle:streamInfo():dynamicMetadata():get("envoy.filters.http.header_to_metadata")["rate.requests_per_unit"] local reqs_unit = request_handle:streamInfo():dynamicMetadata():get("envoy.filters.http.header_to_metadata")["rate.unit"] request_handle:logWarn("requests_per_unit value: " .. reqs_per_unit) request_handle:logWarn("unit value: " .. reqs_unit) local rate_limits = { requests_per_unit = reqs_per_unit, unit = reqs_unit} request_handle:streamInfo():dynamicMetadata():set("envoy.filters.http.ratelimit.override", "limit", rate_limits) local all_of_it = request_handle:streamInfo():dynamicMetadata() request_handle:logWarn("DATA IN METADATA") PrintTable(all_of_it) end