Feat/lambda with basic defaults - 1.13 backport (#7568)

* Feat/lambda with basic defaults (#7474)

* plugins/aws: Non-functional format changes to aws

* plguins/aws: reformat oss perroute to accept additional parameters and add new settings option for driving this behavior

* plugins/aws: Testing showing that there is an issue with implementation

* plugins/aws: Testing without blowing away the entire destinations

* plugins/aws: Route level destination spec settings can be inherited from upstream spec

* plugins/aws: Codegen getters

* plugins/aws: Add comment

* plugins/aws: Null checks on destinations

* plugins/aws: Cleaner comments

* plugins/aws: Update naming and better descriptions

* aws: Update naming and comments per review

* aws: Update naming and comments per review

* changelog: update

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>

* move changelog

* empty commit

* Adding changelog file to new location

* Deleting changelog file from old location

* Expose fallbackToFirstFunction helm (#7575)

* expose fallbackToFirstFunction helm

* add changelog

* update changelog + add aws fallback tests

* codegen

* empty commit

* update changelog

* update changelog

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>

* delete changelog

* move changelog

* Fix destinationOverrides not being applied to empty aws destination (#7583)

* fix issue with overrides not being applies to unset destinationSpec

* add changelog

* remove unecessary dest.DestinationType

* add tests + move 'no spec' tests to own context

* empty commit

* aws: Update plugin comments for the new fallback behaviors

* aws: Update naming of plugin variables, make a new possible err set if somehow an upstream erroneously had aws set

* fix comment nits + return

* review fix

Co-authored-by: nfuden <[email protected]>
Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>

Co-authored-by: Nathan Fudenberg <[email protected]>
Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: changelog-bot <changelog-bot>

changelog/v1.13.1/lambda-no-function.yaml

@@ -0,0 +1,12 @@
+changelog:
+  - type: NON_USER_FACING
+    description: >
+      Add option that allows usage of lambda upstreams without specifying a function.
+      Affects custom extensions of the lambda extension built in go that use gloo as a library.
+      This is purely a work around for current Gloo Portal behavior and likely should not be opted into otherwise.
+    issueLink: https://github.com/solo-io/solo-projects/issues/4274
+    resolvesIssue: false
+  - type: NON_USER_FACING
+    description: Aws lambda set upstream level defaults to override route destinations.
+    issueLink: https://github.com/solo-io/solo-projects/issues/4274
+    resolvesIssue: false

docs/content/reference/values.txt

@@ -109,6 +109,7 @@
 |settings.aws.propagateOriginalRouting|bool||Send downstream path and method as x-envoy-original-path and x-envoy-original-method headers on the request to AWS lambda.|
 |settings.aws.credential_refresh_delay.seconds|int32||The value of this duration in seconds.|
 |settings.aws.credential_refresh_delay.nanos|int32||The value of this duration in nanoseconds.|
+|settings.aws.fallbackToFirstFunction|bool||It will use the first function which if discovery is enabled the first function is the first function name alphabetically from the last discovery run. Defaults to false.|
 |settings.rateLimit|interface||Partial config for Gloo Edge Enterprise’s rate-limiting service, based on Envoy’s rate-limit service; supports Envoy’s rate-limit service API. (reference here: https://github.com/lyft/ratelimit#configuration) Configure rate-limit descriptors here, which define the limits for requests based on their descriptors. Configure rate-limits (composed of actions, which define how request characteristics get translated into descriptors) on the VirtualHost or its routes.|
 |settings.circuitBreakers.maxConnections|uint32||Set this field to specify the maximum number of connections that Envoy will make to the upstream cluster. If not specified, the default is 1024.|
 |settings.circuitBreakers.maxPendingRequests|uint32||Set this field to specfify the maximum number of pending requests that Envoy will allow to the upstream cluster. If not specified, the default is 1024.|

install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml

@@ -349,6 +349,9 @@ spec:
                         type: string
                       enableCredentialsDiscovey:
                         type: boolean
+                      fallbackToFirstFunction:
+                        nullable: true
+                        type: boolean
                       propagateOriginalRouting:
                         nullable: true
                         type: boolean

install/helm/gloo/crds/gloo.solo.io_v1_Upstream.yaml

@@ -27,6 +27,24 @@ spec:
                 properties:
                   awsAccountId:
                     type: string
+                  destinationOverrides:
+                    properties:
+                      invocationStyle:
+                        type: string
+                        x-kubernetes-int-or-string: true
+                      logicalName:
+                        type: string
+                      requestTransformation:
+                        type: boolean
+                      responseTransformation:
+                        type: boolean
+                      unwrapAsAlb:
+                        type: boolean
+                      unwrapAsApiGateway:
+                        type: boolean
+                      wrapAsApiGateway:
+                        type: boolean
+                    type: object
                   disableRoleChaining:
                     type: boolean
                   lambdaFunctions:

install/helm/gloo/generate/values.go

@@ -209,6 +209,7 @@ type AwsSettings struct {
 	StsCredentialsRegion            *string   `json:"stsCredentialsRegion,omitempty" desc:"Regional endpoint to use for AWS STS requests. If empty will default to global sts endpoint."`
 	PropagateOriginalRouting        *bool     `json:"propagateOriginalRouting,omitempty" desc:"Send downstream path and method as x-envoy-original-path and x-envoy-original-method headers on the request to AWS lambda."`
 	CredentialRefreshDelay          *Duration `json:"credential_refresh_delay,omitempty" desc:"Adds a timed refresh to for ServiceAccount credentials in addition to the default filewatch."`
+	FallbackToFirstFunction         *bool     `json:"fallbackToFirstFunction,omitempty" desc:"It will use the first function which if discovery is enabled the first function is the first function name alphabetically from the last discovery run. Defaults to false."`
 }
 
 type CircuitBreakersSettings struct {

install/helm/gloo/templates/18-settings.yaml

@@ -57,6 +57,9 @@ spec:
 {{- if  .Values.settings.aws.propagateOriginalRouting }}
       propagateOriginalRouting: {{ .Values.settings.aws.propagateOriginalRouting }}
 {{- end }}
+  {{- if .Values.settings.aws.fallbackToFirstFunction }}
+      fallbackToFirstFunction: {{ .Values.settings.aws.fallbackToFirstFunction }}
+  {{- end }}
 {{- end }}
 
   {{- if .Values.settings.integrations.consul }}

projects/gloo/api/v1/options/aws/aws.proto

@@ -42,6 +42,10 @@ message UpstreamSpec {
 
     // Optional override to disable role chaining;
     bool disable_role_chaining = 6;
+
+    // Specifies AWS DestinationSpec configuration overrides for any route targeting this upstream.
+    // Note that the route in question must have an AWS DestinationSpec to be affected and this will only set things that are non-falsey as overrides.
+    DestinationSpec destination_overrides = 7;
 }
 
 // Each Lambda Function Spec contains data necessary for Gloo to invoke Lambda functions:

projects/gloo/api/v1/settings.proto

@@ -533,6 +533,13 @@ message GlooOptions {
         // Does not affect the default filewatch for service account only augments it.
         // Defaults to not refreshing on time period. Suggested is 15 minutes.
         google.protobuf.Duration credential_refresh_delay = 4;
+
+        // Sets the unsafe behavior where a route can specify a lambda upstream
+        // but not set the function to target. It will use the first function which 
+        // if discovery is enabled the first function is the first function name alphabetically
+        // from the last discovery run. This means that the lambda being pointed to could change.
+        // Defaults to false.
+        google.protobuf.BoolValue fallback_to_first_function = 5;
     }
 
     AWSOptions aws_options = 5;