Policy: HTTP proxy #1080
Policy: HTTP proxy #1080
Conversation
eloycoto
force-pushed
the
HTTPProxyPolicy
branch
3 times, most recently
from
4d35291 to
5a64c3b
Compare
eloycoto
force-pushed
the
HTTPProxyPolicy
branch
3 times, most recently
from
c6e5abb to
e8ae68a
Compare
|
@eloycoto The commit with title |
|
Also, the feature + tests should be in the same commit anyway :) |
eloycoto
force-pushed
the
HTTPProxyPolicy
branch
from
3fed5d5 to
84da86b
Compare
| "name": "apicast.policy.apicast" | ||
| }, | ||
| { | ||
| "name": "apicast.policy.http_proxy", |
There was a problem hiding this comment.
I think it's important to clarify that this only applies to the API backend and not the 3scale backend (apisonator).
| and terminated, traffic for this policy will be: | ||
|
|
||
| ``` | ||
| @startuml |
There was a problem hiding this comment.
This does not look good when I open the file with the View file option in GitHub.
| # HTTP proxy policy | ||
|
|
||
| This policy allows users to define a HTTP proxy where the traffic will be send | ||
| and terminated, traffic for this policy will be: |
There was a problem hiding this comment.
What do you mean by terminated here?
|
|
||
| ## Caveats | ||
|
|
||
| - This policy will disable all load-balancing policies and traffic will be |
There was a problem hiding this comment.
Asking just in case. Does the order in the chain matter?
| "type": "string" | ||
| }, | ||
| "https_proxy": { | ||
| "description": "Defines a HTTP proxy to be used for connecting to HTTP services. Authentication is not supported", |
There was a problem hiding this comment.
Should be HTTPS instead of HTTP.
| end | ||
| end | ||
|
|
||
| for _, proto in ipairs(proxies) do |
gateway/src/resty/http/proxy.lua
Outdated
| @@ -108,6 +108,12 @@ local function find_proxy_url(request) | |||
| local uri = parse_request_uri(request) | |||
| if not uri then return end | |||
|
|
|||
| -- request can have a local proxy defined and env variables have lower | |||
| -- priority, if the proxy is defined in the request that will be used. | |||
| if request.proxy_uri then | |||
There was a problem hiding this comment.
This could be simplified:
return request.proxy_uri or _M.find(uri)
| local proxy = proxy_policy.new({ | ||
| all_proxy = all_proxy_val | ||
| }) | ||
| assert.same(proxy:find_proxy("http"), resty_url.parse(all_proxy_val)) |
There was a problem hiding this comment.
In all these tests, I think we should check what export returns instead of find_proxy, because export is what should be exposed to other modules.
t/apicast-policy-http-proxy.t
Outdated
| using proxy: $TEST_NGINX_HTTP_PROXY | ||
|
|
||
| === TEST 3: using HTTPS proxy for backend | ||
| --- ONLY |
t/apicast-policy-http-proxy.t
Outdated
| location /transactions/authrep.xml { | ||
| access_by_lua_block { | ||
| assert = require('luassert') | ||
| assert.equal('https', ngx.var.scheme) |
There was a problem hiding this comment.
Shouldn't all this be in upstream instead of backend ?
eloycoto
force-pushed
the
HTTPProxyPolicy
branch
4 times, most recently
from
8fa98a0 to
c947504
Compare
|
|
||
| An example HTTP proxy transformation can be the following project; this project | ||
| transforms the response given by and endpoint and converts the body to | ||
| uppercaint and convert the body to uppercase. |
There was a problem hiding this comment.
This sentence does not sound right.
CHANGELOG.md
Outdated
| @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). | |||
|
|
|||
| - Introduce possibility of specifying policy order restrictions in their schemas. APIcast now shows a warning when those restrictions are not respected [#1088](https://github.com/3scale/APIcast/pull/1088), [THREESCALE-2896](https://issues.jboss.org/browse/THREESCALE-2896) | |||
| - Added new parameters to logging policy to allow custom access log [PR #1081](https://github.com/3scale/APIcast/pull/1089) [THREESCALE-1234](https://issues.jboss.org/browse/THREESCALE-1234)[THREESCALE-2876](https://issues.jboss.org/browse/THREESCALE-2876) | |||
| - Added http_proxy policy to use an HTTP proxy in api_backed calls. [THREESCALE-2696](https://issues.jboss.org/browse/THREESCALE-2696) | |||
There was a problem hiding this comment.
Would be good to add the link to this PR as well.
| @@ -0,0 +1,48 @@ | |||
| local policy = require('apicast.policy') | |||
| local _M = policy.new('http_proxy') | |||
There was a problem hiding this comment.
Can you please add the version? It's needed in order to make the feature of checking the order of policies work.
I needed to add the version in all the policies here: https://github.com/3scale/APIcast/pull/1088/files
In the future we might want to see if there's a better way to do this.
|
|
||
| function _M:export() | ||
| return { | ||
| get_http_proxy = function(_, uri) |
There was a problem hiding this comment.
I don't see why this function needs the first param.
Can't we get rid of it and then just call context.get_http_proxy(self.uri) from the upstream module instead of context:get_http_proxy(self.uri) ?
This policy adds the option to set a service to use a http proxy (As is
in use for HTTP_PROXY parameter)
This service will allow Apicast users to send the traffic over a proxy
and do request modifications in 3-party proxies.
Traffic flow:
```
,-.
`-'
/|\
| ,-------. ,---------. ,----------.
/ \ |Apicast| |HTTPPROXY| |APIBackend|
User `---+---' `----+----' `----------'
| GET /resource | | |
| --------------->| | |
| | | |
| | Get /resource | |
| |------------------>| |
| | | |
| | | Get /resource/ |
| | | - - - - - - - - - >|
| | | |
| | | response |
| | |<- - - - - - - - - -|
| | | |
| | response | |
| |<------------------| |
| | | |
| | | |
| <---------------| | |
User ,---+---. ,----+----. ,----------.
,-. |Apicast| |HTTPPROXY| |APIBackend|
`-' `-------' `---------' `----------'
/|\
|
/ \
```
Configuration:
```
{
"services": [
{
"id": 200,
"backend_version": 1,
"backend_authentication_type": "service_token",
"backend_authentication_value": "token-value",
"proxy": {
"hosts": [
"one"
],
"api_backend": "https://echo-api.3scale.net/",
"proxy_rules": [
{
"pattern": "/",
"http_method": "GET",
"metric_system_name": "hits",
"delta": 1
}
],
"policy_chain": [
{
"name": "apicast.policy.apicast"
},
{
"name": "apicast.policy.http_proxy",
"configuration": {
"all_proxy": "http://192.168.15.103:8888/",
"https_proxy": "https://192.168.15.103:8888/",
"http_proxy": "https://192.168.15.103:8888/"
}
}
]
}
}
]
}
```
Signed-off-by: Eloy Coto <[email protected]>
Signed-off-by: Eloy Coto <[email protected]>
Signed-off-by: Eloy Coto <[email protected]>
This commit adds the integration test for the http proxy policy. Signed-off-by: Eloy Coto <[email protected]>
Add readme for http_proxy configuration. Signed-off-by: Eloy Coto <[email protected]>
Signed-off-by: Eloy Coto <[email protected]>
eloycoto
force-pushed
the
HTTPProxyPolicy
branch
from
c947504 to
4515570
Compare
This policy adds the option to set a service to use a http proxy (As is
in use for HTTP_PROXY parameter)
This service will allow Apicast users to send the traffic over a proxy
and do request modifications in 3-party proxies.
Traffic flow:
Configuration: