solo-io · jmhbh · Dec 27, 2024 · Dec 27, 2024 · Jan 13, 2025 · Jan 13, 2025
diff --git a/changelog/v1.19.0-beta3/extauthz-route-metadata-context.yaml b/changelog/v1.19.0-beta3/extauthz-route-metadata-context.yaml
@@ -0,0 +1,7 @@
+changelog:
+  - type: NON_USER_FACING
+    issueLink: https://github.com/solo-io/solo-projects/issues/7484
+    description: > 
+      Add reserved portal filter namespaces to the ExtAuthz envoy filter config's `RouteMetadataContextNamespaces` list 
+      to ensure that the route metadata is passed to the ext_authz service at route_metadata_context in CheckRequest.
+    resolvesIssue: false
diff --git a/projects/gateway/pkg/translator/converter.go b/projects/gateway/pkg/translator/converter.go
@@ -1,7 +1,9 @@
 package translator
 
 import (
+	"context"
 	"fmt"
+	"github.com/solo-io/go-utils/contextutils"
 	"strings"
 
 	"github.com/solo-io/gloo/projects/gloo/pkg/api/v1/options/transformation"
@@ -524,7 +526,9 @@ func validateAndMergeParentRoute(child *gatewayv1.Route, parent *routeInfo) (*ga
 
 	// Merge options from parent routes
 	// If an option is defined on a parent route, it will override the child route's option
+	contextutils.LoggerFrom(context.Background()).Infof("child staged early transformations pre merge: %v", child.GetOptions().GetStagedTransformations().GetEarly())
 	child.Options, _ = utils.ShallowMergeRouteOptions(child.GetOptions(), parent.options)
+	contextutils.LoggerFrom(context.Background()).Infof("child staged early transformations post merge: %v", child.GetOptions().GetStagedTransformations().GetEarly())
 
 	return child, nil
 }

diff --git a/projects/gateway2/translator/httproute/gateway_http_route_translator.go b/projects/gateway2/translator/httproute/gateway_http_route_translator.go
@@ -186,20 +186,26 @@ func translateGatewayHTTPRouteRule(
 
 		// Apply the plugins for this route
 		for _, plugin := range pluginRegistry.GetRoutePlugins() {
+			contextutils.LoggerFrom(ctx).Infof("pre apply route plugin type: %T output route early transform: %v", plugin, outputRoute.GetOptions().GetStagedTransformations().GetEarly())
 			err := plugin.ApplyRoutePlugin(ctx, rtCtx, outputRoute)
 			if err != nil {
 				contextutils.LoggerFrom(ctx).Errorf("error in RoutePlugin: %v", err)
 			}
 
+			contextutils.LoggerFrom(ctx).Infof("post apply route plugin type: %T output route early transform: %v", plugin, outputRoute.GetOptions().GetStagedTransformations().GetEarly())
+
 			// If this parent route has delegatee routes, override any applied policies
 			// that are on the child with the parent's policies.
 			// When a plugin is invoked on a route, it must override the existing route.
 			for _, child := range delegatedRoutes {
+				contextutils.LoggerFrom(ctx).Infof("pre child apply route plugin type: %T output route early transform: %v", plugin, child.GetOptions().GetStagedTransformations().GetEarly())
 				err := plugin.ApplyRoutePlugin(ctx, rtCtx, child)
 				if err != nil {
 					contextutils.LoggerFrom(ctx).Errorf("error applying RoutePlugin to child route %s: %v", child.GetName(), err)
 				}
+				contextutils.LoggerFrom(ctx).Infof("post child apply route plugin type: %T output route early transform: %v", plugin, child.GetOptions().GetStagedTransformations().GetEarly())
 			}
+
 		}
 		// Add the delegatee output routes to the final output list
 		*outputs = append(*outputs, delegatedRoutes...)

diff --git a/projects/gateway2/translator/listener/gateway_listener_translator.go b/projects/gateway2/translator/listener/gateway_listener_translator.go
@@ -43,6 +43,7 @@ func TranslateListeners(
 
 	mergedListeners := mergeGWListeners(queries, gateway.Namespace, validatedListeners, *gateway, routesForGw, reporter.Gateway(gateway))
 	translatedListeners := mergedListeners.translateListeners(ctx, pluginRegistry, queries, reporter)
+
 	return translatedListeners
 }
 
@@ -352,6 +353,18 @@ func (ml *MergedListeners) translateListeners(
 	for _, mergedListener := range ml.Listeners {
 		listener := mergedListener.TranslateListener(ctx, pluginRegistry, queries, reporter)
 
+		contextutils.LoggerFrom(context.Background()).Infof("listener type: %T", listener)
+		if listener.GetAggregateListener() != nil {
+			aggListener := listener.GetAggregateListener()
+			contextutils.LoggerFrom(context.Background()).Infof("has virtual hosts: %v", len(aggListener.GetHttpResources().GetVirtualHosts()))
+			for _, vh := range aggListener.GetHttpResources().GetVirtualHosts() {
+				contextutils.LoggerFrom(context.Background()).Infof("has routes: %v", len(vh.GetRoutes()))
+				for _, route := range vh.GetRoutes() {
+					contextutils.LoggerFrom(context.Background()).Infof("has route: %v, route transform: %v", route.GetName(), route.GetOptions().GetStagedTransformations().GetEarly())
+				}
+			}
+		}
+
 		// run listener plugins
 		for _, listenerPlugin := range pluginRegistry.GetListenerPlugins() {
 			err := listenerPlugin.ApplyListenerPlugin(ctx, &plugins.ListenerContext{

diff --git a/projects/gateway2/translator/plugins/routeoptions/query/query.go b/projects/gateway2/translator/plugins/routeoptions/query/query.go
@@ -71,7 +71,9 @@ func (r *routeOptionQueries) GetRouteOptionForRouteRule(
 	}
 	for _, opt := range filterAttachments {
 		optionUsed := false
+		contextutils.LoggerFrom(context.Background()).Infof("route staged early transformations pre merge: %v", merged.Spec.GetOptions().GetStagedTransformations().GetEarly())
 		merged.Spec.Options, optionUsed = glooutils.ShallowMergeRouteOptions(merged.Spec.GetOptions(), opt.Spec.GetOptions())
+		contextutils.LoggerFrom(context.Background()).Infof("route staged early transformations post merge: %v", merged.Spec.GetOptions().GetStagedTransformations().GetEarly())
 		if optionUsed {
 			sources = append(sources, routeOptionToSourceRef(opt))
 		}

diff --git a/projects/gateway2/translator/plugins/routeoptions/route_options_plugin.go b/projects/gateway2/translator/plugins/routeoptions/route_options_plugin.go
@@ -103,6 +103,7 @@ func (p *plugin) ApplyRoutePlugin(
 		return nil
 	}
 
+	contextutils.LoggerFrom(ctx).Infof("route option plugin pre merge output route early transform: %v", outputRoute.GetOptions().GetStagedTransformations().GetEarly())
 	merged, OptionsMergeResult := mergeOptionsForRoute(ctx, routeCtx.HTTPRoute, routeOptions, outputRoute.GetOptions())
 	if OptionsMergeResult == glooutils.OptionsMergedNone {
 		// No existing options merged into 'sources', so set the 'sources' on the outputRoute
@@ -112,6 +113,7 @@ func (p *plugin) ApplyRoutePlugin(
 		routeutils.AppendRouteSources(outputRoute, sources)
 	} // In case OptionsMergedFull, the correct sources are already set on the outputRoute
 
+	contextutils.LoggerFrom(ctx).Infof("route option plugin post merge output route early transform: %v", merged.GetStagedTransformations().GetEarly())
 	// Set the merged RouteOptions on the outputRoute
 	outputRoute.Options = merged
 

diff --git a/projects/gloo/pkg/plugins/extauth/config_generator.go b/projects/gloo/pkg/plugins/extauth/config_generator.go
@@ -23,7 +23,11 @@ import (
 	"github.com/solo-io/solo-kit/pkg/utils/prototime"
 )
 
-const JWTFilterName = "envoy.filters.http.jwt_authn"
+const (
+	JWTFilterName                  = "envoy.filters.http.jwt_authn"
+	PortalMetadataFilterName       = "io.solo.gloo.portal"
+	PortalCustomMetadataFilterName = "io.solo.gloo.portal.custom_metadata"
+)
 
 var (
 	DefaultTimeout = prototime.DurationToProto(200 * time.Millisecond)
@@ -228,7 +232,8 @@ func GenerateEnvoyConfigForFilter(settings *extauthv1.Settings, upstreams v1.Ups
 	}
 
 	cfg := &envoyauth.ExtAuthz{
-		MetadataContextNamespaces: []string{JWTFilterName},
+		MetadataContextNamespaces:      []string{JWTFilterName},
+		RouteMetadataContextNamespaces: []string{PortalMetadataFilterName, PortalCustomMetadataFilterName},
 	}
 
 	httpService := settings.GetHttpService()

diff --git a/projects/gloo/pkg/plugins/transformation/plugin.go b/projects/gloo/pkg/plugins/transformation/plugin.go
@@ -3,6 +3,7 @@ package transformation
 import (
 	"context"
 	"fmt"
+	"github.com/solo-io/go-utils/contextutils"
 	"strings"
 
 	"github.com/golang/protobuf/proto"
@@ -120,6 +121,7 @@ func (p *Plugin) ProcessVirtualHost(
 	in *v1.VirtualHost,
 	out *envoy_config_route_v3.VirtualHost,
 ) error {
+	contextutils.LoggerFrom(context.Background()).Info("processing virtual host")
 	envoyTransformation, err := p.ConvertTransformation(
 		params.Ctx,
 		in.GetOptions().GetTransformations(),
@@ -143,6 +145,7 @@ func (p *Plugin) ProcessVirtualHost(
 }
 
 func (p *Plugin) ProcessRoute(params plugins.RouteParams, in *v1.Route, out *envoy_config_route_v3.Route) error {
+	contextutils.LoggerFrom(context.Background()).Info("processing route")
 	envoyTransformation, err := p.ConvertTransformation(
 		params.Ctx,
 		in.GetOptions().GetTransformations(),
@@ -170,6 +173,7 @@ func (p *Plugin) ProcessWeightedDestination(
 	in *v1.WeightedDestination,
 	out *envoy_config_route_v3.WeightedCluster_ClusterWeight,
 ) error {
+	contextutils.LoggerFrom(context.Background()).Info("processing weighted destination")
 	envoyTransformation, err := p.ConvertTransformation(
 		params.Ctx,
 		in.GetOptions().GetTransformations(),
@@ -327,6 +331,7 @@ func (p *Plugin) ConvertTransformation(
 	}
 
 	stagedEscapeCharacters := stagedTransformations.GetEscapeCharacters()
+	contextutils.LoggerFrom(ctx).Infof("staged early transformation: %v", stagedTransformations.GetEarly())
 	if early := stagedTransformations.GetEarly(); early != nil {
 		p.RequireEarlyTransformation = true
 		transformations, err := p.getTransformations(ctx, EarlyStageNumber, early, stagedEscapeCharacters)
@@ -669,6 +674,9 @@ func (p *Plugin) getTransformations(
 	}
 
 	for _, t := range transformations.GetRequestTransforms() {
+		if stage == EarlyStageNumber {
+			contextutils.LoggerFrom(ctx).Infof("gloo staged early transformation: %v", *t.RequestTransformation.GetTransformationTemplate())
+		}
 		requestTransform, err := p.TranslateTransformation(t.GetRequestTransformation(), p.escapeCharacters, stagedEscapeCharacters)
 		if err != nil {
 			return nil, err

diff --git a/projects/gloo/pkg/translator/route_config.go b/projects/gloo/pkg/translator/route_config.go
@@ -137,7 +137,6 @@ func (h *httpRouteConfigurationTranslator) computeVirtualHost(
 	}
 	var envoyRoutes []*envoy_config_route_v3.Route
 	for i, route := range virtualHost.GetRoutes() {
-
 		routeParams := plugins.RouteParams{
 			VirtualHostParams: params,
 			VirtualHost:       virtualHost,
@@ -282,6 +281,7 @@ func (h *httpRouteConfigurationTranslator) setAction(
 ) {
 	switch action := in.GetAction().(type) {
 	case *v1.Route_RouteAction:
+		contextutils.LoggerFrom(context.Background()).Infof("in route early stage: %v", in.GetOptions().GetStagedTransformations().GetEarly())
 		if err := ValidateRouteDestinations(params.Snapshot, action.RouteAction); err != nil {
 			validation.AppendRouteWarning(routeReport,
 				validationapi.RouteReport_Warning_InvalidDestinationWarning,