search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.95k stars 4.8k forks source link

ip tagging filter: support loading tags from file system #2695

Open ccaraman opened 6 years ago

ccaraman commented 6 years ago

Description: IP tags can only be loaded via the v2 configurations. Extend the filter to support reading IP tags from the file system.

htuch commented 6 years ago

Should this be a DataSource?

Radha13 commented 3 years ago

We (Slack) have a similar need and happy to work on the implementation.

We would want to add another argument ip_tag_path which should be oneof (either ip_list or ip_tag_path) in v4 and programmatically mutually exclusive in v3.

For our specific needs, we want to be able to update the file out-of-band, so it's important to watch for changes. Instead of a DataSource (which only supports static files), we want to use dispatcher.createFilesystemWatcher().

The content of the file will be type repeated IPTag ip_tags which will look like:

message IPTagFile {
  repeated IPTag ip_tags format
}

filter config looks like:

{
  "request_type": "...",
  "path": "/path/to/file",
  "ip_tags": [
    "ip_tag_name": "...",
    "ip_list": [],
  ]
}

File content looks like

[
  {
    "ip_tag_name": "...",
    "ip_list": []
  },
  {
    "ip_tag_name": "...",
    "ip_list": []
  },
  ...
]

With above, we can have country codes in ip_tag_name with associated IP list. If that looks acceptable to you, I'll go ahead and implement this. :bow:

mattklein123 commented 3 years ago

@Radha13 yup this would be great!