envoyproxy · ggreenway · Mar 15, 2024 · Mar 15, 2024 · Mar 15, 2024 · Mar 15, 2024
@@ -15,7 +15,7 @@ Http::FilterFactoryCb CsrfFilterFactory::createFilterFactoryFromProtoTyped(
     const envoy::extensions::filters::http::csrf::v3::CsrfPolicy& policy,
     const std::string& stats_prefix, Server::Configuration::FactoryContext& context) {
   CsrfFilterConfigSharedPtr config = std::make_shared<CsrfFilterConfig>(
-      policy, stats_prefix, context.scope(), context.serverFactoryContext().runtime());
+      policy, stats_prefix, context.scope(), context.serverFactoryContext());
   return [config](Http::FilterChainFactoryCallbacks& callbacks) -> void {
     callbacks.addStreamDecoderFilter(std::make_shared<CsrfFilter>(config));
   };
@@ -25,7 +25,7 @@ Router::RouteSpecificFilterConfigConstSharedPtr
 CsrfFilterFactory::createRouteSpecificFilterConfigTyped(
     const envoy::extensions::filters::http::csrf::v3::CsrfPolicy& policy,
     Server::Configuration::ServerFactoryContext& context, ProtobufMessage::ValidationVisitor&) {
-  return std::make_shared<const Csrf::CsrfPolicy>(policy, context.runtime());
+  return std::make_shared<const Csrf::CsrfPolicy>(policy, context);
 }
 
 /**

@@ -76,15 +76,16 @@ static CsrfStats generateStats(const std::string& prefix, Stats::Scope& scope) {
 
 static CsrfPolicyPtr
 generatePolicy(const envoy::extensions::filters::http::csrf::v3::CsrfPolicy& policy,
-               Runtime::Loader& runtime) {
-  return std::make_unique<CsrfPolicy>(policy, runtime);
+               Server::Configuration::CommonFactoryContext& context) {
+  return std::make_unique<CsrfPolicy>(policy, context);
 }
 } // namespace
 
 CsrfFilterConfig::CsrfFilterConfig(
     const envoy::extensions::filters::http::csrf::v3::CsrfPolicy& policy,
-    const std::string& stats_prefix, Stats::Scope& scope, Runtime::Loader& runtime)
-    : stats_(generateStats(stats_prefix, scope)), policy_(generatePolicy(policy, runtime)) {}
+    const std::string& stats_prefix, Stats::Scope& scope,
+    Server::Configuration::CommonFactoryContext& context)
+    : stats_(generateStats(stats_prefix, scope)), policy_(generatePolicy(policy, context)) {}
 
 CsrfFilter::CsrfFilter(const CsrfFilterConfigSharedPtr config) : config_(config) {}
 

@@ -35,12 +35,13 @@ struct CsrfStats {
 class CsrfPolicy : public Router::RouteSpecificFilterConfig {
 public:
   CsrfPolicy(const envoy::extensions::filters::http::csrf::v3::CsrfPolicy& policy,
-             Runtime::Loader& runtime)
-      : policy_(policy), runtime_(runtime) {
+             Server::Configuration::CommonFactoryContext& context)
+      : policy_(policy), runtime_(context.runtime()) {
     for (const auto& additional_origin : policy.additional_origins()) {
       additional_origins_.emplace_back(
-          std::make_unique<Matchers::StringMatcherImpl<envoy::type::matcher::v3::StringMatcher>>(
-              additional_origin));
+          std::make_unique<
+              Matchers::StringMatcherImplWithContext<envoy::type::matcher::v3::StringMatcher>>(
+              additional_origin, context));
     }
   }
 
@@ -78,7 +79,8 @@ using CsrfPolicyPtr = std::unique_ptr<CsrfPolicy>;
 class CsrfFilterConfig {
 public:
   CsrfFilterConfig(const envoy::extensions::filters::http::csrf::v3::CsrfPolicy& policy,
-                   const std::string& stats_prefix, Stats::Scope& scope, Runtime::Loader& runtime);
+                   const std::string& stats_prefix, Stats::Scope& scope,
+                   Server::Configuration::CommonFactoryContext& context);
 
   CsrfStats& stats() { return stats_; }
   const CsrfPolicy* policy() { return policy_.get(); }

@@ -20,7 +20,7 @@ Http::FilterFactoryCb ExternalProcessingFilterConfig::createFilterFactoryFromPro
       proto_config, std::chrono::milliseconds(message_timeout_ms), max_message_timeout_ms,
       context.scope(), stats_prefix,
       Envoy::Extensions::Filters::Common::Expr::getBuilder(context.serverFactoryContext()),
-      context.serverFactoryContext().localInfo());
+      context.serverFactoryContext());
 
   return [filter_config, grpc_service = proto_config.grpc_service(),
           &context](Http::FilterChainFactoryCallbacks& callbacks) {
@@ -50,8 +50,7 @@ ExternalProcessingFilterConfig::createFilterFactoryFromProtoWithServerContextTyp
   const auto filter_config = std::make_shared<FilterConfig>(
       proto_config, std::chrono::milliseconds(message_timeout_ms), max_message_timeout_ms,
       server_context.scope(), stats_prefix,
-      Envoy::Extensions::Filters::Common::Expr::getBuilder(server_context),
-      server_context.localInfo());
+      Envoy::Extensions::Filters::Common::Expr::getBuilder(server_context), server_context);
 
   return [filter_config, grpc_service = proto_config.grpc_service(),
           &server_context](Http::FilterChainFactoryCallbacks& callbacks) {

@@ -129,7 +129,7 @@ class FilterConfig {
                const uint32_t max_message_timeout_ms, Stats::Scope& scope,
                const std::string& stats_prefix,
                Extensions::Filters::Common::Expr::BuilderInstanceSharedPtr builder,
-               const LocalInfo::LocalInfo& local_info)
+               Server::Configuration::CommonFactoryContext& context)
       : failure_mode_allow_(config.failure_mode_allow()),
         disable_clear_route_cache_(config.disable_clear_route_cache()),
         message_timeout_(message_timeout), max_message_timeout_ms_(max_message_timeout_ms),
@@ -138,8 +138,9 @@ class FilterConfig {
         filter_metadata_(config.filter_metadata()),
         allow_mode_override_(config.allow_mode_override()),
         disable_immediate_response_(config.disable_immediate_response()),
-        allowed_headers_(initHeaderMatchers(config.forward_rules().allowed_headers())),
-        disallowed_headers_(initHeaderMatchers(config.forward_rules().disallowed_headers())),
+        allowed_headers_(initHeaderMatchers(config.forward_rules().allowed_headers(), context)),
+        disallowed_headers_(
+            initHeaderMatchers(config.forward_rules().disallowed_headers(), context)),
         untyped_forwarding_namespaces_(
             config.metadata_options().forwarding_namespaces().untyped().begin(),
             config.metadata_options().forwarding_namespaces().untyped().end()),
@@ -149,7 +150,7 @@ class FilterConfig {
         untyped_receiving_namespaces_(
             config.metadata_options().receiving_namespaces().untyped().begin(),
             config.metadata_options().receiving_namespaces().untyped().end()),
-        expression_manager_(builder, local_info, config.request_attributes(),
+        expression_manager_(builder, context.localInfo(), config.request_attributes(),
                             config.response_attributes()) {}
 
   bool failureModeAllow() const { return failure_mode_allow_; }

@@ -86,12 +86,14 @@ ExpressionManager::evaluateAttributes(const Filters::Common::Expr::Activation& a
 }
 
 std::vector<Matchers::StringMatcherPtr>
-initHeaderMatchers(const envoy::type::matcher::v3::ListStringMatcher& header_list) {
+initHeaderMatchers(const envoy::type::matcher::v3::ListStringMatcher& header_list,
+                   Server::Configuration::CommonFactoryContext& context) {
   std::vector<Matchers::StringMatcherPtr> header_matchers;
   for (const auto& matcher : header_list.patterns()) {
     header_matchers.push_back(
-        std::make_unique<Matchers::StringMatcherImpl<envoy::type::matcher::v3::StringMatcher>>(
-            matcher));
+        std::make_unique<
+            Matchers::StringMatcherImplWithContext<envoy::type::matcher::v3::StringMatcher>>(
+            matcher, context));
   }
   return header_matchers;
 }

@@ -57,7 +57,8 @@ class ExpressionManager : public Logger::Loggable<Logger::Id::ext_proc> {
 };
 
 std::vector<Matchers::StringMatcherPtr>
-initHeaderMatchers(const envoy::type::matcher::v3::ListStringMatcher& header_list);
+initHeaderMatchers(const envoy::type::matcher::v3::ListStringMatcher& header_list,
+                   Server::Configuration::CommonFactoryContext& context);
 
 } // namespace ExternalProcessing
 } // namespace HttpFilters

@@ -63,7 +63,7 @@ class JwksDataImpl : public JwksCache::JwksData, public Logger::Loggable<Logger:
     audiences_ = std::make_unique<::google::jwt_verify::CheckAudience>(audiences);
 
     if (jwt_provider_.has_subjects()) {
-      sub_matcher_.emplace(jwt_provider_.subjects());
+      sub_matcher_.emplace(jwt_provider_.subjects(), context.serverFactoryContext());
     }
 
     if (jwt_provider_.require_expiration()) {
@@ -189,7 +189,8 @@ class JwksDataImpl : public JwksCache::JwksData, public Logger::Loggable<Logger:
   ThreadLocal::TypedSlot<ThreadLocalCache> tls_;
   // async fetcher
   JwksAsyncFetcherPtr async_fetcher_;
-  absl::optional<Matchers::StringMatcherImpl<envoy::type::matcher::v3::StringMatcher>> sub_matcher_;
+  absl::optional<Matchers::StringMatcherImplWithContext<envoy::type::matcher::v3::StringMatcher>>
+      sub_matcher_;
   absl::optional<absl::Duration> max_exp_;
 };
 

@@ -21,6 +21,7 @@ envoy_extension_cc_test(
         "//source/extensions/filters/http/csrf:csrf_filter_lib",
         "//test/mocks/buffer:buffer_mocks",
         "//test/mocks/http:http_mocks",
+        "//test/mocks/server:factory_context_mocks",
         "//test/mocks/upstream:upstream_mocks",
         "@envoy_api//envoy/extensions/filters/http/csrf/v3:pkg_cc_proto",
         "@envoy_api//envoy/type/v3:pkg_cc_proto",

@@ -6,6 +6,7 @@
 
 #include "test/mocks/buffer/mocks.h"
 #include "test/mocks/http/mocks.h"
+#include "test/mocks/server/server_factory_context.h"
 #include "test/mocks/stats/mocks.h"
 #include "test/test_common/printers.h"
 
@@ -43,7 +44,8 @@ class CsrfFilterTest : public testing::Test {
     const auto& add_regex_origin = policy.mutable_additional_origins()->Add();
     add_regex_origin->MergeFrom(TestUtility::createRegexMatcher(R"(www\-[0-9]\.allow\.com)"));
 
-    return std::make_shared<CsrfFilterConfig>(policy, "test", *stats_.rootScope(), runtime_);
+    return std::make_shared<CsrfFilterConfig>(policy, "test", *stats_.rootScope(),
+                                              factory_context_);
   }
 
   CsrfFilterTest() : config_(setupConfig()), filter_(config_) {}
@@ -69,14 +71,14 @@ class CsrfFilterTest : public testing::Test {
   }
 
   void setFilterEnabled(bool enabled) {
-    ON_CALL(runtime_.snapshot_,
+    ON_CALL(factory_context_.runtime_loader_.snapshot_,
             featureEnabled("csrf.enabled",
                            testing::Matcher<const envoy::type::v3::FractionalPercent&>(_)))
         .WillByDefault(Return(enabled));
   }
 
   void setShadowEnabled(bool enabled) {
-    ON_CALL(runtime_.snapshot_,
+    ON_CALL(factory_context_.runtime_loader_.snapshot_,
             featureEnabled("csrf.shadow_enabled",
                            testing::Matcher<const envoy::type::v3::FractionalPercent&>(_)))
         .WillByDefault(Return(enabled));
@@ -87,7 +89,7 @@ class CsrfFilterTest : public testing::Test {
   Buffer::OwnedImpl data_;
   Router::MockDirectResponseEntry direct_response_entry_;
   Stats::IsolatedStoreImpl stats_;
-  NiceMock<Runtime::MockLoader> runtime_;
+  NiceMock<Server::Configuration::MockServerFactoryContext> factory_context_;
   CsrfFilterConfigSharedPtr config_;
 
   CsrfFilter filter_;

@@ -54,10 +54,9 @@ envoy_extension_cc_test(
         "//test/mocks/event:event_mocks",
         "//test/mocks/http:stream_encoder_mock",
         "//test/mocks/http:stream_mock",
-        "//test/mocks/local_info:local_info_mocks",
         "//test/mocks/runtime:runtime_mocks",
-        "//test/mocks/server:factory_context_mocks",
         "//test/mocks/server:overload_manager_mocks",
+        "//test/mocks/server:server_factory_context_mocks",
         "//test/proto:helloworld_proto_cc_proto",
         "//test/test_common:test_runtime_lib",
         "@envoy_api//envoy/config/core/v3:pkg_cc_proto",
@@ -88,7 +87,7 @@ envoy_extension_cc_test(
         "//test/common/http:common_lib",
         "//test/mocks/event:event_mocks",
         "//test/mocks/local_info:local_info_mocks",
-        "//test/mocks/server:factory_context_mocks",
+        "//test/mocks/server:server_factory_context_mocks",
         "//test/test_common:test_runtime_lib",
         "@envoy_api//envoy/config/core/v3:pkg_cc_proto",
     ],

@@ -25,7 +25,7 @@
 #include "test/mocks/network/mocks.h"
 #include "test/mocks/router/mocks.h"
 #include "test/mocks/runtime/mocks.h"
-#include "test/mocks/server/factory_context.h"
+#include "test/mocks/server/server_factory_context.h"
 #include "test/mocks/stream_info/mocks.h"
 #include "test/mocks/tracing/mocks.h"
 #include "test/mocks/upstream/cluster_manager.h"
@@ -136,7 +136,7 @@ class HttpFilterTest : public testing::Test {
         proto_config, 200ms, 10000, *stats_store_.rootScope(), "",
         std::make_shared<Envoy::Extensions::Filters::Common::Expr::BuilderInstance>(
             Envoy::Extensions::Filters::Common::Expr::createBuilder(nullptr)),
-        local_info_);
+        factory_context_);
     filter_ = std::make_unique<Filter>(config_, std::move(client_), proto_config.grpc_service());
     filter_->setEncoderFilterCallbacks(encoder_callbacks_);
     EXPECT_CALL(encoder_callbacks_, encoderBufferLimit()).WillRepeatedly(Return(BufferSize));
@@ -579,7 +579,7 @@ class HttpFilterTest : public testing::Test {
   Envoy::Event::SimulatedTimeSystem* test_time_;
   envoy::config::core::v3::Metadata dynamic_metadata_;
   testing::NiceMock<Network::MockConnection> connection_;
-  testing::NiceMock<LocalInfo::MockLocalInfo> local_info_;
+  NiceMock<Server::Configuration::MockServerFactoryContext> factory_context_;
 };
 
 // Using the default configuration, test the filter with a processor that

@@ -7,9 +7,9 @@
 #include "test/extensions/filters/http/ext_proc/mock_server.h"
 #include "test/mocks/event/mocks.h"
 #include "test/mocks/http/mocks.h"
-#include "test/mocks/local_info/mocks.h"
 #include "test/mocks/network/mocks.h"
 #include "test/mocks/router/mocks.h"
+#include "test/mocks/server/server_factory_context.h"
 #include "test/mocks/stream_info/mocks.h"
 #include "test/mocks/tracing/mocks.h"
 #include "test/mocks/upstream/cluster_manager.h"
@@ -75,7 +75,7 @@ class OrderingTest : public testing::Test {
         proto_config, kMessageTimeout, kMaxMessageTimeoutMs, *stats_store_.rootScope(), "",
         std::make_shared<Envoy::Extensions::Filters::Common::Expr::BuilderInstance>(
             Envoy::Extensions::Filters::Common::Expr::createBuilder(nullptr)),
-        local_info_);
+        factory_context_);
     filter_ = std::make_unique<Filter>(config_, std::move(client_), proto_config.grpc_service());
     filter_->setEncoderFilterCallbacks(encoder_callbacks_);
     filter_->setDecoderFilterCallbacks(decoder_callbacks_);
@@ -216,7 +216,7 @@ class OrderingTest : public testing::Test {
   Http::TestResponseHeaderMapImpl response_headers_;
   Http::TestRequestTrailerMapImpl request_trailers_;
   Http::TestResponseTrailerMapImpl response_trailers_;
-  NiceMock<LocalInfo::MockLocalInfo> local_info_;
+  NiceMock<Server::Configuration::MockServerFactoryContext> factory_context_;
 };
 
 // A base class for tests that will check that gRPC streams fail while being created

@@ -41,7 +41,7 @@ envoy_cc_fuzz_test(
         "//source/extensions/filters/http/ext_proc:config",
         "//test/extensions/filters/http/common/fuzz:http_filter_fuzzer_lib",
         "//test/mocks/http:http_mocks",
-        "//test/mocks/local_info:local_info_mocks",
         "//test/mocks/network:network_mocks",
+        "//test/mocks/server:server_factory_context_mocks",
     ],
 )
@@ -5,8 +5,8 @@
 #include "test/extensions/filters/http/ext_proc/unit_test_fuzz/mocks.h"
 #include "test/fuzz/fuzz_runner.h"
 #include "test/mocks/http/mocks.h"
-#include "test/mocks/local_info/mocks.h"
 #include "test/mocks/network/mocks.h"
+#include "test/mocks/server/server_factory_context.h"
 
 using testing::Return;
 using testing::ReturnRef;
@@ -47,7 +47,7 @@ class FuzzerMocks {
   NiceMock<Http::TestResponseTrailerMapImpl> response_trailers_;
   NiceMock<Buffer::OwnedImpl> buffer_;
   NiceMock<StreamInfo::MockStreamInfo> async_client_stream_info_;
-  NiceMock<LocalInfo::MockLocalInfo> local_info_;
+  NiceMock<Server::Configuration::MockServerFactoryContext> factory_context_;
 };
 
 DEFINE_PROTO_FUZZER(
@@ -87,7 +87,7 @@ DEFINE_PROTO_FUZZER(
         proto_config, std::chrono::milliseconds(200), 200, *stats_store.rootScope(), "",
         std::make_shared<Envoy::Extensions::Filters::Common::Expr::BuilderInstance>(
             Envoy::Extensions::Filters::Common::Expr::createBuilder(nullptr)),
-        mocks.local_info_);
+        mocks.factory_context_);
   } catch (const EnvoyException& e) {
     ENVOY_LOG_MISC(debug, "EnvoyException during ext_proc filter config validation: {}", e.what());
     return;