Envoy: Support per-route config for Lua

Created on 18 Apr 2018 · 14Comments · Source: envoyproxy/envoy

Hi,

I'm trying to implement simple basic auth using LUA, and I want to activate the filter on selected routes. But it seems that I can't get to make per_filter_config on route configuration work. Am I missing something ?

This is working:

- filters:
  - name: envoy.http_connection_manager
    config:
      access_log:
        name: envoy.file_access_log
        config:
          path: /dev/stdout
      codec_type: auto
      stat_prefix: ingress_http
      route_config:
        name: proxy
        virtual_hosts:
          - name: backend
            domains:
              - '*'
            routes:
              - match:
                  prefix: /api
                route:
                  cluster: api
              - match:
                  prefix: /
                route:
                  cluster: web
      http_filters:
        - name: envoy.lua
          config:
            inline_code: |
              function envoy_on_request(request_handle)
                request_handle:respond(
                  {
                    [":status"] = "401",
                    ["Content-Type"] = "text/plain",
                    ["WWW-Authenticate"] = "Basic"
                  },
                  "Please authenticate!"
                )
              end
        - name: envoy.router
          config: {}

But this is not:

- filters:
  - name: envoy.http_connection_manager
    config:
      access_log:
        name: envoy.file_access_log
        config:
          path: /dev/stdout
      codec_type: auto
      stat_prefix: ingress_http
      route_config:
        name: proxy
        virtual_hosts:
          - name: backend
            domains:
              - '*'
            routes:
              - match:
                  prefix: /api
                route:
                  cluster: api
              - match:
                  prefix: /
                per_filter_config:
                  envoy.lua:
                    inline_code: |
                      function envoy_on_request(request_handle)
                        request_handle:respond(
                          {
                            [":status"] = "401",
                            ["Content-Type"] = "text/plain",
                            ["WWW-Authenticate"] = "Basic"
                          },
                          "Please authenticate!"
                        )
                      end
                route:
                  cluster: web
      http_filters:
        - name: envoy.router
          config: {}

enhancement help wanted

Source

salper

Most helpful comment

@erikbos @salper per above PR, you can play around with the image here: docker.io/dio123/envoy-lua. I also have updated the demo repo to reflect this change.

dio on 11 Dec 2019

👍2

All 14 comments

Per filter config is not supported for Lua currently. I think @rshriram talked about working on this.

mattklein123 on 18 Apr 2018

Note this will require the route update stuff that @qiwzhang is working on.

mattklein123 on 18 Apr 2018

Is their any issue or roadmap that I can follow ? In the meanwhile, how can I achieve a simple basic auth ?

salper on 19 Apr 2018

I am waiting for @qiwzhang’s pr to land.

rshriram on 19 Apr 2018

👍1

Also looking forward to this feature!

lwhile on 14 May 2018

Hi folks, thanks for the great work you're doing!
Is there any update on this issue? It'd be great to have different Lua scripts per virtual host or per route.

Thanks!

mgiorgio on 9 Jan 2019

I too in need for this feature. Is there any plan to support this? I've exact usecase of doing auth checks per virtualhost.

kesavkolla on 25 Jan 2019

Is there any recent development on this? This is really a desirable feature to use envoy as front proxy. If we had this, we could write their own filters easily.

ZedYu on 7 Feb 2019

I have been working on an OpenID Connect Lua filter that would really be helped with per-route config. Curious to see where this is at.

zandbelt on 20 Mar 2019

Anybody actively working on this one?

erikbos on 14 Nov 2019

@erikbos I’m not aware of any active effort on this. Do you want to take it?

dio on 15 Nov 2019

@dio I was just checking if there was something in progress as I really want to see & use this functionality. Unfortunately I am not experienced in C++ so I cannot take it :|

erikbos on 15 Nov 2019

An idea for implementing this, a demo: https://github.com/dio/per-route-envoy-lua

The API is, of course, subject to change. The key idea here is: to list down all available lua codes, put a name for each of it and refer that from the route entry. As you can observe from https://github.com/dio/per-route-envoy-lua/blob/master/envoy.yaml.

              routes:
              - match:
                  prefix: "/hello"
                route:
                  cluster: web_service
                per_filter_config:
                  envoy.lua:
                    name: hello

The available codes:

              inline_codes:
                hello: |
                  function envoy_on_request(request_handle)
                    request_handle:logInfo("hello:foo")
                  end
                  function envoy_on_response(response_handle)
                    response_handle:logInfo("hello:bar")
                    response_handle:headers():add("hello:ok", "1")
                  end

The current inline_code will be still there as the "global" catch-all code.

dio on 8 Dec 2019

@erikbos @salper per above PR, you can play around with the image here: docker.io/dio123/envoy-lua. I also have updated the demo repo to reflect this change.

dio on 11 Dec 2019

👍2

Was this page helpful?

0 / 5 - 0 ratings