linkerd
/
linkerd2-proxy
mirror of https://github.com/linkerd/linkerd2-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

configure param overrides for TLS policy 

Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
This commit is contained in:
Zahari Dichev 2025-04-17 13:38:54 +00:00
parent 13ab2f4825
commit ba077518aa
2 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
linkerd/proxy/client-policy/src/lib.rs
View File

@ -501,7 +501,9 @@ pub mod proto {
proxy_protocol::Kind::Grpc(grpc) => { proxy_protocol::Kind::Grpc(grpc) => {
Protocol::Grpc(grpc::Grpc::try_from(overrides, grpc)?) Protocol::Grpc(grpc::Grpc::try_from(overrides, grpc)?)
} }
proxy_protocol::Kind::Tls(tls) => Protocol::Tls(tls.try_into()?), proxy_protocol::Kind::Tls(tls) => {
Protocol::Tls(tls::Tls::try_from(overrides, tls)?)
}
}; };
let mut backends = BackendSet::default(); let mut backends = BackendSet::default();

26
linkerd/proxy/client-policy/src/tls.rs
View File

@ -47,7 +47,7 @@ pub(crate) mod proto {
use super::*; use super::*;
use crate::{ use crate::{
proto::{BackendSet, InvalidBackend, InvalidDistribution, InvalidMeta}, proto::{BackendSet, InvalidBackend, InvalidDistribution, InvalidMeta},
Meta, RouteBackend, RouteDistribution, ClientPolicyOverrides, Meta, RouteBackend, RouteDistribution,
}; };
use linkerd2_proxy_api::outbound::{self, tls_route}; use linkerd2_proxy_api::outbound::{self, tls_route};
use linkerd_tls_route::sni::proto::InvalidSniMatch; use linkerd_tls_route::sni::proto::InvalidSniMatch;
@ -88,20 +88,20 @@ pub(crate) mod proto {
Missing, Missing,
} }
impl TryFrom<outbound::proxy_protocol::Tls> for Tls { impl Tls {
type Error = InvalidTlsRoute; pub fn try_from(
fn try_from(proto: outbound::proxy_protocol::Tls) -> Result<Self, Self::Error> { overrides: ClientPolicyOverrides,
proto: outbound::proxy_protocol::Tls,
) -> Result<Self, InvalidTlsRoute> {
let routes = proto let routes = proto
.routes .routes
.into_iter() .into_iter()
.map(try_route) .map(|p| try_route(overrides, p))
.collect::<Result<Arc<[_]>, _>>()?; .collect::<Result<Arc<[_]>, _>>()?;
Ok(Self { routes }) Ok(Self { routes })
} }
}
impl Tls {
pub fn fill_backends(&self, set: &mut BackendSet) { pub fn fill_backends(&self, set: &mut BackendSet) {
for Route { ref policy, .. } in &*self.routes { for Route { ref policy, .. } in &*self.routes {
policy.distribution.fill_backends(set); policy.distribution.fill_backends(set);
@ -109,7 +109,10 @@ pub(crate) mod proto {
} }
} }
fn try_route(proto: outbound::TlsRoute) -> Result<Route, InvalidTlsRoute> { fn try_route(
overrides: ClientPolicyOverrides,
proto: outbound::TlsRoute,
) -> Result<Route, InvalidTlsRoute> {
let outbound::TlsRoute { let outbound::TlsRoute {
rules, rules,
snis, snis,
@ -135,7 +138,7 @@ pub(crate) mod proto {
let policy = rules let policy = rules
.into_iter() .into_iter()
.map(|rule| try_rule(&meta, rule)) .map(|rule| try_rule(&meta, overrides, rule))
.next() .next()
.ok_or(InvalidTlsRoute::OnlyOneRule(0))??; .ok_or(InvalidTlsRoute::OnlyOneRule(0))??;
@ -144,6 +147,7 @@ pub(crate) mod proto {
fn try_rule( fn try_rule(
meta: &Arc<Meta>, meta: &Arc<Meta>,
overrides: ClientPolicyOverrides,
tls_route::Rule { backends, filters }: tls_route::Rule, tls_route::Rule { backends, filters }: tls_route::Rule,
) -> Result<Policy, InvalidTlsRoute> { ) -> Result<Policy, InvalidTlsRoute> {
let distribution = backends let distribution = backends
@ -158,7 +162,9 @@ pub(crate) mod proto {
Ok(Policy { Ok(Policy {
meta: meta.clone(), meta: meta.clone(),
filters, filters,
params: Default::default(), params: RouteParams {
export_hostname_labels: overrides.export_hostname_labels,
},
distribution, distribution,
}) })
} }