Feat/lambda with basic defaults - 1.12 backport (#7569)

* Feat/lambda with basic defaults (#7474) * plugins/aws: Non-functional format changes to aws * plguins/aws: reformat oss perroute to accept additional parameters and add new settings option for driving this behavior * plugins/aws: Testing showing that there is an issue with implementation * plugins/aws: Testing without blowing away the entire destinations * plugins/aws: Route level destination spec settings can be inherited from upstream spec * plugins/aws: Codegen getters * plugins/aws: Add comment * plugins/aws: Null checks on destinations * plugins/aws: Cleaner comments * plugins/aws: Update naming and better descriptions * aws: Update naming and comments per review * aws: Update naming and comments per review * changelog: update Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com> * codegen * update change type to NON_USER_FACING since patch bump * empty commit * expand m1 setup support - remove race image setup for m1 * Expose fallbackToFirstFunction helm (#7575) * expose fallbackToFirstFunction helm * add changelog * update changelog + add aws fallback tests * codegen * empty commit * update changelog * update changelog Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com> * delete changelog * Adding changelog file to new location * Deleting changelog file from old location * Fix destinationOverrides not being applied to empty aws destination (#7583) * fix issue with overrides not being applies to unset destinationSpec * add changelog * remove unecessary dest.DestinationType * add tests + move 'no spec' tests to own context * empty commit * aws: Update plugin comments for the new fallback behaviors * aws: Update naming of plugin variables, make a new possible err set if somehow an upstream erroneously had aws set * fix comment nits + return * review fix Co-authored-by: nfuden <[email protected]> Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com> Co-authored-by: Nathan Fudenberg <[email protected]> Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com> Co-authored-by: changelog-bot <changelog-bot>
solo-io · Dec 22, 2022 · b20951c · b20951c
1 parent 9863604
commit b20951c
Show file tree

Hide file tree

Showing 22 changed files with 666 additions and 252 deletions.
diff --git a/Makefile b/Makefile
@@ -700,9 +700,20 @@ ifeq ($(RELEASE), "true")
 endif
 
 .PHONY: docker docker-push
-docker: discovery-docker gloo-docker gloo-race-docker \
+docker: docker-local docker-non-arm
+
+.PHONY: docker-local
+docker-local: discovery-docker gloo-docker \
 		gloo-envoy-wrapper-docker certgen-docker sds-docker \
 		ingress-docker access-logger-docker kubectl-docker
+		touch $@
+
+.PHONY: docker-non-arm
+ifeq ($(UNAME_M), arm64)
+docker-non-arm:
+else
+docker-non-arm: gloo-race-docker
+endif
 
 .PHONY: docker-push-local-arm
 docker-push-local-arm: docker docker-push
@@ -712,17 +723,25 @@ docker-push-local-arm: docker docker-push
 # to be used for local testing.
 # docker-push-non-arm is intended to be run on CI only, where as docker-push-local is intended for local builds. Primarily used for arm support.
 .PHONY: docker-push
-docker-push: $(DOCKER_IMAGES)
+docker-push: docker-push-local docker-push-non-arm
+
+.PHONY: docker-push-local
+docker-push-local: $(DOCKER_IMAGES)
 	docker push $(IMAGE_REPO)/ingress:$(VERSION) && \
 	docker push $(IMAGE_REPO)/discovery:$(VERSION) && \
 	docker push $(IMAGE_REPO)/gloo:$(VERSION) && \
-	docker push $(IMAGE_REPO)/gloo:$(VERSION)-race && \
 	docker push $(IMAGE_REPO)/gloo-envoy-wrapper:$(VERSION) && \
 	docker push $(IMAGE_REPO)/certgen:$(VERSION) && \
 	docker push $(IMAGE_REPO)/kubectl:$(VERSION) && \
 	docker push $(IMAGE_REPO)/sds:$(VERSION) && \
 	docker push $(IMAGE_REPO)/access-logger:$(VERSION)
 
+.PHONY: docker-push-non-arm
+docker-push-non-arm:
+ifneq ($(and $(filter $(CREATE_ASSETS), "true"), $(filter-out $(UNAME_M), arm64)),)
+	docker push $(IMAGE_REPO)/gloo:$(VERSION)-race
+endif
+
 .PHONY: docker-push-extended
 docker-push-extended:
 ifeq ($(CREATE_ASSETS), "true")

diff --git a/changelog/v1.12.39/lambda-no-function.yaml b/changelog/v1.12.39/lambda-no-function.yaml
@@ -0,0 +1,12 @@
+changelog:
+  - type: NON_USER_FACING
+    description: >
+      Add option that allows usage of lambda upstreams without specifying a function.
+      Affects custom extensions of the lambda extension built in go that use gloo as a library.
+      This is purely a work around for current Gloo Portal behavior and likely should not be opted into otherwise.
+    issueLink: https://github.com/solo-io/solo-projects/issues/4274
+    resolvesIssue: false
+  - type: NON_USER_FACING
+    description: Aws lambda set upstream level defaults to override route destinations.
+    issueLink: https://github.com/solo-io/solo-projects/issues/4274
+    resolvesIssue: false
diff --git a/...ce/api/github.com/solo-io/gloo/projects/gloo/api/v1/options/aws/aws.proto.sk.md b/...ce/api/github.com/solo-io/gloo/projects/gloo/api/v1/options/aws/aws.proto.sk.md
diff --git a/...reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md b/...reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md
diff --git a/docs/content/reference/values.txt b/docs/content/reference/values.txt
@@ -108,6 +108,7 @@
 |settings.aws.propagateOriginalRouting|bool||Send downstream path and method as x-envoy-original-path and x-envoy-original-method headers on the request to AWS lambda.|
 |settings.aws.credential_refresh_delay.seconds|int32||The value of this duration in seconds.|
 |settings.aws.credential_refresh_delay.nanos|int32||The value of this duration in nanoseconds.|
+|settings.aws.fallbackToFirstFunction|bool||It will use the first function which if discovery is enabled the first function is the first function name alphabetically from the last discovery run. Defaults to false.|
 |settings.rateLimit|interface||Partial config for Gloo Edge Enterprise’s rate-limiting service, based on Envoy’s rate-limit service; supports Envoy’s rate-limit service API. (reference here: https://github.com/lyft/ratelimit#configuration) Configure rate-limit descriptors here, which define the limits for requests based on their descriptors. Configure rate-limits (composed of actions, which define how request characteristics get translated into descriptors) on the VirtualHost or its routes.|
 |settings.enableRestEds|bool|false|Whether or not to use rest xds for all EDS by default. Defaults to false.|
 |settings.kubeResourceOverride.NAME|interface||override fields in the generated resource by specifying the yaml structure to override under the top-level key.|

diff --git a/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml b/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml
@@ -336,6 +336,9 @@ spec:
                         type: string
                       enableCredentialsDiscovey:
                         type: boolean
+                      fallbackToFirstFunction:
+                        nullable: true
+                        type: boolean
                       propagateOriginalRouting:
                         nullable: true
                         type: boolean

diff --git a/install/helm/gloo/crds/gloo.solo.io_v1_Upstream.yaml b/install/helm/gloo/crds/gloo.solo.io_v1_Upstream.yaml
@@ -27,6 +27,24 @@ spec:
                 properties:
                   awsAccountId:
                     type: string
+                  destinationOverrides:
+                    properties:
+                      invocationStyle:
+                        type: string
+                        x-kubernetes-int-or-string: true
+                      logicalName:
+                        type: string
+                      requestTransformation:
+                        type: boolean
+                      responseTransformation:
+                        type: boolean
+                      unwrapAsAlb:
+                        type: boolean
+                      unwrapAsApiGateway:
+                        type: boolean
+                      wrapAsApiGateway:
+                        type: boolean
+                    type: object
                   disableRoleChaining:
                     type: boolean
                   lambdaFunctions:

diff --git a/install/helm/gloo/generate/values.go b/install/helm/gloo/generate/values.go
@@ -204,6 +204,7 @@ type AwsSettings struct {
 	StsCredentialsRegion            *string   `json:"stsCredentialsRegion,omitempty" desc:"Regional endpoint to use for AWS STS requests. If empty will default to global sts endpoint."`
 	PropagateOriginalRouting        *bool     `json:"propagateOriginalRouting,omitempty" desc:"Send downstream path and method as x-envoy-original-path and x-envoy-original-method headers on the request to AWS lambda."`
 	CredentialRefreshDelay          *Duration `json:"credential_refresh_delay,omitempty" desc:"Adds a timed refresh to for ServiceAccount credentials in addition to the default filewatch."`
+	FallbackToFirstFunction         *bool     `json:"fallbackToFirstFunction,omitempty" desc:"It will use the first function which if discovery is enabled the first function is the first function name alphabetically from the last discovery run. Defaults to false."`
 }
 
 type InvalidConfigPolicy struct {

diff --git a/install/helm/gloo/templates/18-settings.yaml b/install/helm/gloo/templates/18-settings.yaml
@@ -53,6 +53,9 @@ spec:
 {{- if  .Values.settings.aws.propagateOriginalRouting }}
       propagateOriginalRouting: {{ .Values.settings.aws.propagateOriginalRouting }}
 {{- end }}
+  {{- if .Values.settings.aws.fallbackToFirstFunction }}
+      fallbackToFirstFunction: {{ .Values.settings.aws.fallbackToFirstFunction }}
+  {{- end }}
 {{- end }}
 
   {{- if .Values.settings.integrations.consul }}

diff --git a/projects/gloo/api/v1/options/aws/aws.proto b/projects/gloo/api/v1/options/aws/aws.proto
@@ -42,6 +42,10 @@ message UpstreamSpec {
 
     // Optional override to disable role chaining;
     bool disable_role_chaining = 6;
+
+    // Specifies AWS DestinationSpec configuration overrides for any route targeting this upstream.
+    // Note that the route in question must have an AWS DestinationSpec to be affected and this will only set things that are non-falsey as overrides.
+    DestinationSpec destination_overrides = 7;
 }
 
 // Each Lambda Function Spec contains data necessary for Gloo to invoke Lambda functions:

diff --git a/projects/gloo/api/v1/settings.proto b/projects/gloo/api/v1/settings.proto
@@ -521,6 +521,13 @@ message GlooOptions {
         // Does not affect the default filewatch for service account only augments it.
         // Defaults to not refreshing on time period. Suggested is 15 minutes.
         google.protobuf.Duration credential_refresh_delay = 4;
+
+        // Sets the unsafe behavior where a route can specify a lambda upstream
+        // but not set the function to target. It will use the first function which 
+        // if discovery is enabled the first function is the first function name alphabetically
+        // from the last discovery run. This means that the lambda being pointed to could change.
+        // Defaults to false.
+        google.protobuf.BoolValue fallback_to_first_function = 5;
     }
 
     AWSOptions aws_options = 5;

diff --git a/projects/gloo/pkg/api/v1/options/aws/aws.pb.clone.go b/projects/gloo/pkg/api/v1/options/aws/aws.pb.clone.go
diff --git a/projects/gloo/pkg/api/v1/options/aws/aws.pb.equal.go b/projects/gloo/pkg/api/v1/options/aws/aws.pb.equal.go
diff --git a/projects/gloo/pkg/api/v1/options/aws/aws.pb.go b/projects/gloo/pkg/api/v1/options/aws/aws.pb.go
diff --git a/projects/gloo/pkg/api/v1/options/aws/aws.pb.hash.go b/projects/gloo/pkg/api/v1/options/aws/aws.pb.hash.go
diff --git a/projects/gloo/pkg/api/v1/settings.pb.clone.go b/projects/gloo/pkg/api/v1/settings.pb.clone.go
diff --git a/projects/gloo/pkg/api/v1/settings.pb.equal.go b/projects/gloo/pkg/api/v1/settings.pb.equal.go