Add stackdriver stub param (envoyproxy#2739)

* add stackdriver stub param * dedup envoy grpc proto build code * clean up
Shikugawa · Mar 3, 2020 · 0237b23 · 0237b23
1 parent 07efeed
commit 0237b23
Show file tree

Hide file tree

Showing 14 changed files with 152 additions and 152 deletions.
diff --git a/extensions/stackdriver/common/constants.h b/extensions/stackdriver/common/constants.h
@@ -71,10 +71,9 @@ constexpr char kOutboundRootContextId[] = "stackdriver_outbound";
 constexpr char kInboundRootContextId[] = "stackdriver_inbound";
 
 // Stackdriver service endpoint node metadata key.
-constexpr char kMonitoringEndpointKey[] = "STACKDRIVER_MONITORING_ENDPOINT";
-constexpr char kLoggingEndpointKey[] = "STACKDRIVER_LOGGING_ENDPOINT";
-constexpr char kMeshTelemetryEndpointKey[] =
-    "STACKDRIVER_MESH_TELEMETRY_ENDPOINT";
+constexpr char kSecureStackdriverEndpointKey[] = "SECURE_STACKDRIVER_ENDPOINT";
+constexpr char kInsecureStackdriverEndpointKey[] =
+    "INSECURE_STACKDRIVER_ENDPOINT";
 constexpr char kMonitoringExportIntervalKey[] =
     "STACKDRIVER_MONITORING_EXPORT_INTERVAL_SECS";
 constexpr char kTokenFile[] = "STACKDRIVER_TOKEN_FILE";
@@ -88,6 +87,11 @@ constexpr char kSTSSubjectTokenPath[] = "/var/run/secrets/tokens/istio-token";
 constexpr char kSTSSubjectTokenType[] = "urn:ietf:params:oauth:token-type:jwt";
 constexpr char kSTSScope[] = "https://www.googleapis.com/auth/cloud-platform";
 
+// Stackdriver services
+constexpr char kMonitoringService[] = "monitoring.googleapis.com";
+constexpr char kLoggingService[] = "logging.googleapis.com";
+constexpr char kMeshTelemetryService[] = "meshtelemetry.googleapis.com";
+
 }  // namespace Common
 }  // namespace Stackdriver
 }  // namespace Extensions
diff --git a/extensions/stackdriver/common/utils.cc b/extensions/stackdriver/common/utils.cc
@@ -24,6 +24,45 @@ namespace Common {
 
 using google::api::MonitoredResource;
 
+void buildEnvoyGrpcService(
+    const StackdriverStubOption &stub_option,
+    ::envoy::config::core::v3::GrpcService *grpc_service) {
+  if (!stub_option.insecure_endpoint.empty()) {
+    // Do not set up credential if insecure endpoint is provided. This is only
+    // for testing.
+    grpc_service->mutable_google_grpc()->set_target_uri(
+        stub_option.insecure_endpoint);
+  } else {
+    grpc_service->mutable_google_grpc()->set_target_uri(
+        stub_option.secure_endpoint.empty() ? stub_option.default_endpoint
+                                            : stub_option.secure_endpoint);
+    if (stub_option.sts_port.empty()) {
+      // Security token exchange is not enabled. Use default GCE credential.
+      grpc_service->mutable_google_grpc()
+          ->add_call_credentials()
+          ->mutable_google_compute_engine();
+    } else {
+      ::Extensions::Stackdriver::Common::setSTSCallCredentialOptions(
+          grpc_service->mutable_google_grpc()
+              ->add_call_credentials()
+              ->mutable_sts_service(),
+          stub_option.sts_port,
+          stub_option.test_token_path.empty()
+              ? ::Extensions::Stackdriver::Common::kSTSSubjectTokenPath
+              : stub_option.test_token_path);
+    }
+
+    grpc_service->mutable_google_grpc()
+        ->mutable_channel_credentials()
+        ->mutable_ssl_credentials()
+        ->mutable_root_certs()
+        ->set_filename(
+            stub_option.test_root_pem_path.empty()
+                ? ::Extensions::Stackdriver::Common::kDefaultRootCertFile
+                : stub_option.test_root_pem_path);
+  }
+}
+
 void getMonitoredResource(const std::string &monitored_resource_type,
                           const ::wasm::common::NodeInfo &local_node_info,
                           MonitoredResource *monitored_resource) {

diff --git a/extensions/stackdriver/common/utils.h b/extensions/stackdriver/common/utils.h
@@ -13,6 +13,8 @@
  * limitations under the License.
  */
 
+#pragma once
+
 #include "envoy/config/core/v3/grpc_service.pb.h"
 #include "extensions/common/context.h"
 #include "google/api/monitored_resource.pb.h"
@@ -22,6 +24,22 @@ namespace Extensions {
 namespace Stackdriver {
 namespace Common {
 
+// StackdriverStubOption includes all the configuration to construct stackdriver
+// gRPC stubs.
+struct StackdriverStubOption {
+  std::string sts_port;
+  std::string default_endpoint;
+  std::string test_token_path;
+  std::string test_root_pem_path;
+  std::string secure_endpoint;
+  std::string insecure_endpoint;
+};
+
+// Build Envoy GrpcService proto based on the given stub option.
+void buildEnvoyGrpcService(
+    const StackdriverStubOption &option,
+    ::envoy::config::core::v3::GrpcService *grpc_service);
+
 // Gets monitored resource proto based on the type and node metadata info.
 // Only two types of monitored resource could be returned: k8s_container or
 // k8s_pod.

diff --git a/extensions/stackdriver/edges/mesh_edges_service_client.cc b/extensions/stackdriver/edges/mesh_edges_service_client.cc
@@ -17,7 +17,6 @@
 #include "extensions/stackdriver/edges/mesh_edges_service_client.h"
 
 #include "extensions/stackdriver/common/constants.h"
-#include "extensions/stackdriver/common/utils.h"
 #include "google/protobuf/util/time_util.h"
 
 #ifdef NULL_PLUGIN
@@ -35,8 +34,6 @@ using Envoy::Extensions::Common::Wasm::Null::Plugin::logWarn;
 using Envoy::Extensions::Common::Wasm::Null::Plugin::StringView;
 #endif
 
-// TODO(douglas-reid): confirm values here
-constexpr char kMeshTelemetryService[] = "meshtelemetry.googleapis.com";
 constexpr char kMeshEdgesService[] =
     "google.cloud.meshtelemetry.v1alpha1.MeshEdgesService";
 constexpr char kReportTrafficAssertions[] = "ReportTrafficAssertions";
@@ -50,9 +47,8 @@ using google::cloud::meshtelemetry::v1alpha1::ReportTrafficAssertionsRequest;
 using google::protobuf::util::TimeUtil;
 
 MeshEdgesServiceClientImpl::MeshEdgesServiceClientImpl(
-    RootContext* root_context, const std::string& edges_endpoint,
-    const std::string& sts_port, const std::string& test_token_file,
-    const std::string& test_root_pem_file)
+    RootContext* root_context,
+    const ::Extensions::Stackdriver::Common::StackdriverStubOption& stub_option)
     : context_(root_context) {
   success_callback_ = [](size_t) {
     // TODO(douglas-reid): improve logging message.
@@ -69,36 +65,9 @@ MeshEdgesServiceClientImpl::MeshEdgesServiceClientImpl(
 
   GrpcService grpc_service;
   grpc_service.mutable_google_grpc()->set_stat_prefix("mesh_edges");
-
-  // use application default creds and default target
-  grpc_service.mutable_google_grpc()->set_target_uri(
-      edges_endpoint.empty() ? kMeshTelemetryService : edges_endpoint);
-  if (sts_port.empty()) {
-    // Security token exchange is not enabled. Use default GCE credential.
-    grpc_service.mutable_google_grpc()
-        ->add_call_credentials()
-        ->mutable_google_compute_engine();
-  } else {
-    ::Extensions::Stackdriver::Common::setSTSCallCredentialOptions(
-        grpc_service.mutable_google_grpc()
-            ->add_call_credentials()
-            ->mutable_sts_service(),
-        sts_port,
-        test_token_file.empty()
-            ? ::Extensions::Stackdriver::Common::kSTSSubjectTokenPath
-            : test_token_file);
-  }
-  grpc_service.mutable_google_grpc()
-      ->mutable_channel_credentials()
-      ->mutable_ssl_credentials()
-      ->mutable_root_certs()
-      ->set_filename(
-          test_root_pem_file.empty()
-              ? ::Extensions::Stackdriver::Common::kDefaultRootCertFile
-              : test_root_pem_file);
-
+  buildEnvoyGrpcService(stub_option, &grpc_service);
   grpc_service.SerializeToString(&grpc_service_);
-};
+}
 
 void MeshEdgesServiceClientImpl::reportTrafficAssertions(
     const ReportTrafficAssertionsRequest& request) const {
@@ -108,7 +77,7 @@ void MeshEdgesServiceClientImpl::reportTrafficAssertions(
   context_->grpcSimpleCall(
       grpc_service_, kMeshEdgesService, kReportTrafficAssertions, request,
       kDefaultTimeoutMillisecond, success_callback_, failure_callback_);
-};
+}
 
 }  // namespace Edges
 }  // namespace Stackdriver

diff --git a/extensions/stackdriver/edges/mesh_edges_service_client.h b/extensions/stackdriver/edges/mesh_edges_service_client.h
@@ -15,6 +15,7 @@
 
 #pragma once
 
+#include "extensions/stackdriver/common/utils.h"
 #include "extensions/stackdriver/edges/edges.pb.h"
 
 #ifndef NULL_PLUGIN
@@ -56,11 +57,10 @@ class MeshEdgesServiceClientImpl : public MeshEdgesServiceClient {
   // root_context is the wasm runtime context
   // edges_endpoint is an optional param used to specify alternative service
   // address.
-  MeshEdgesServiceClientImpl(RootContext* root_context,
-                             const std::string& edges_endpoint,
-                             const std::string& sts_port = "",
-                             const std::string& test_token_path = "",
-                             const std::string& test_root_pem_file = "");
+  MeshEdgesServiceClientImpl(
+      RootContext* root_context,
+      const ::Extensions::Stackdriver::Common::StackdriverStubOption&
+          stub_option);
 
   void reportTrafficAssertions(
       const ReportTrafficAssertionsRequest& request) const override;

diff --git a/extensions/stackdriver/log/exporter.cc b/extensions/stackdriver/log/exporter.cc
@@ -16,7 +16,6 @@
 #include "extensions/stackdriver/log/exporter.h"
 
 #include "extensions/stackdriver/common/constants.h"
-#include "extensions/stackdriver/common/utils.h"
 
 #ifdef NULL_PLUGIN
 namespace Envoy {
@@ -34,7 +33,6 @@ using Envoy::Extensions::Common::Wasm::Null::Plugin::StringView;
 
 #endif
 
-constexpr char kGoogleStackdriverLoggingAddress[] = "logging.googleapis.com";
 constexpr char kGoogleLoggingService[] = "google.logging.v2.LoggingServiceV2";
 constexpr char kGoogleWriteLogEntriesMethod[] = "WriteLogEntries";
 constexpr int kDefaultTimeoutMillisecond = 10000;
@@ -43,11 +41,10 @@ namespace Extensions {
 namespace Stackdriver {
 namespace Log {
 
-ExporterImpl::ExporterImpl(RootContext* root_context,
-                           const std::string& logging_service_endpoint,
-                           const std::string& sts_port,
-                           const std::string& test_token_file,
-                           const std::string& test_root_pem_file) {
+ExporterImpl::ExporterImpl(
+    RootContext* root_context,
+    const ::Extensions::Stackdriver::Common::StackdriverStubOption&
+        stub_option) {
   context_ = root_context;
   Metric export_call(MetricType::Counter, "stackdriver_filter",
                      {MetricTag{"type", MetricTag::TagType::String},
@@ -72,35 +69,7 @@ ExporterImpl::ExporterImpl(RootContext* root_context,
   // Construct grpc_service for the Stackdriver gRPC call.
   GrpcService grpc_service;
   grpc_service.mutable_google_grpc()->set_stat_prefix("stackdriver_logging");
-
-  grpc_service.mutable_google_grpc()->set_target_uri(
-      logging_service_endpoint.empty() ? kGoogleStackdriverLoggingAddress
-                                       : logging_service_endpoint);
-  if (sts_port.empty()) {
-    // Security token exchange is not enabled. Use default GCE credential.
-    grpc_service.mutable_google_grpc()
-        ->add_call_credentials()
-        ->mutable_google_compute_engine();
-  } else {
-    ::Extensions::Stackdriver::Common::setSTSCallCredentialOptions(
-        grpc_service.mutable_google_grpc()
-            ->add_call_credentials()
-            ->mutable_sts_service(),
-        sts_port,
-        test_token_file.empty()
-            ? ::Extensions::Stackdriver::Common::kSTSSubjectTokenPath
-            : test_token_file);
-  }
-
-  grpc_service.mutable_google_grpc()
-      ->mutable_channel_credentials()
-      ->mutable_ssl_credentials()
-      ->mutable_root_certs()
-      ->set_filename(
-          test_root_pem_file.empty()
-              ? ::Extensions::Stackdriver::Common::kDefaultRootCertFile
-              : test_root_pem_file);
-
+  buildEnvoyGrpcService(stub_option, &grpc_service);
   grpc_service.SerializeToString(&grpc_service_string_);
 }
 

diff --git a/extensions/stackdriver/log/exporter.h b/extensions/stackdriver/log/exporter.h
@@ -17,6 +17,7 @@
 
 #include <string>
 
+#include "extensions/stackdriver/common/utils.h"
 #include "google/logging/v2/logging.pb.h"
 
 #ifndef NULL_PLUGIN
@@ -56,10 +57,8 @@ class ExporterImpl : public Exporter {
   // logging_service_endpoint is an optional param which should be used for test
   // only.
   ExporterImpl(RootContext* root_context,
-               const std::string& logging_service_endpoint,
-               const std::string& sts_port = "",
-               const std::string& test_token_file = "",
-               const std::string& test_root_pem_file = "");
+               const ::Extensions::Stackdriver::Common::StackdriverStubOption&
+                   stub_option);
 
   // exportLogs exports the given log request to Stackdriver.
   void exportLogs(

diff --git a/extensions/stackdriver/log/logger.cc b/extensions/stackdriver/log/logger.cc
@@ -16,7 +16,6 @@
 #include "extensions/stackdriver/log/logger.h"
 
 #include "extensions/stackdriver/common/constants.h"
-#include "extensions/stackdriver/common/utils.h"
 #include "google/logging/v2/log_entry.pb.h"
 #include "google/protobuf/util/time_util.h"
 

diff --git a/extensions/stackdriver/metric/registry.cc b/extensions/stackdriver/metric/registry.cc
@@ -19,7 +19,6 @@
 #include <sstream>
 
 #include "extensions/stackdriver/common/constants.h"
-#include "extensions/stackdriver/common/utils.h"
 #include "google/api/monitored_resource.pb.h"
 #include "grpcpp/grpcpp.h"
 
@@ -32,42 +31,48 @@ using namespace opencensus::exporters::stats;
 using namespace opencensus::stats;
 using wasm::common::NodeInfo;
 
-constexpr char kStackdriverStatsAddress[] = "monitoring.googleapis.com";
-
 // Gets opencensus stackdriver exporter options.
 StackdriverOptions getStackdriverOptions(
-    const NodeInfo &local_node_info,
-    const std::string &test_monitoring_endpoint, const std::string &sts_port,
-    const std::string &test_token_path, const std::string &test_root_pem_file) {
+    const wasm::common::NodeInfo& local_node_info,
+    const ::Extensions::Stackdriver::Common::StackdriverStubOption&
+        stub_option) {
   StackdriverOptions options;
   auto platform_metadata = local_node_info.platform_metadata();
   options.project_id = platform_metadata[kGCPProjectKey];
 
   auto ssl_creds_options = grpc::SslCredentialsOptions();
-  std::ifstream file(test_root_pem_file.empty() ? kDefaultRootCertFile
-                                                : test_root_pem_file);
+  std::ifstream file(stub_option.test_root_pem_path.empty()
+                         ? kDefaultRootCertFile
+                         : stub_option.test_root_pem_path);
   if (!file.fail()) {
     std::stringstream file_string;
     file_string << file.rdbuf();
     ssl_creds_options.pem_root_certs = file_string.str();
   }
   auto channel_creds = grpc::SslCredentials(ssl_creds_options);
 
-  if (!sts_port.empty()) {
+  if (!stub_option.sts_port.empty()) {
     ::grpc::experimental::StsCredentialsOptions sts_options;
-    std::string token_path =
-        test_token_path.empty() ? kSTSSubjectTokenPath : test_token_path;
+    std::string token_path = stub_option.test_token_path.empty()
+                                 ? kSTSSubjectTokenPath
+                                 : stub_option.test_token_path;
     ::Extensions::Stackdriver::Common::setSTSCallCredentialOptions(
-        &sts_options, sts_port, token_path);
+        &sts_options, stub_option.sts_port, token_path);
     auto call_creds = grpc::experimental::StsCredentials(sts_options);
     auto channel = ::grpc::CreateChannel(
-        test_monitoring_endpoint.empty() ? kStackdriverStatsAddress
-                                         : test_monitoring_endpoint,
+        stub_option.secure_endpoint.empty() ? stub_option.default_endpoint
+                                            : stub_option.secure_endpoint,
         grpc::CompositeChannelCredentials(channel_creds, call_creds));
     options.metric_service_stub =
         google::monitoring::v3::MetricService::NewStub(channel);
-  } else if (!test_monitoring_endpoint.empty()) {
-    auto channel = grpc::CreateChannel(test_monitoring_endpoint, channel_creds);
+  } else if (!stub_option.secure_endpoint.empty()) {
+    auto channel =
+        grpc::CreateChannel(stub_option.secure_endpoint, channel_creds);
+    options.metric_service_stub =
+        google::monitoring::v3::MetricService::NewStub(channel);
+  } else if (!stub_option.insecure_endpoint.empty()) {
+    auto channel = grpc::CreateChannel(stub_option.insecure_endpoint,
+                                       grpc::InsecureChannelCredentials());
     options.metric_service_stub =
         google::monitoring::v3::MetricService::NewStub(channel);
   }

diff --git a/extensions/stackdriver/metric/registry.h b/extensions/stackdriver/metric/registry.h
@@ -16,6 +16,7 @@
 #pragma once
 
 #include "extensions/common/context.h"
+#include "extensions/stackdriver/common/utils.h"
 
 // OpenCensus is full of unused parameters in metric_service.
 #pragma GCC diagnostic push
@@ -34,9 +35,8 @@ namespace Metric {
 // Returns Stackdriver exporter config option based on node metadata.
 opencensus::exporters::stats::StackdriverOptions getStackdriverOptions(
     const wasm::common::NodeInfo& local_node_info,
-    const std::string& test_monitoring_endpoint = "",
-    const std::string& sts_port = "", const std::string& test_token_path = "",
-    const std::string& test_root_pem_file = "");
+    const ::Extensions::Stackdriver::Common::StackdriverStubOption&
+        stub_option);
 
 // registers Opencensus views
 void registerViews();