func()

in src/go/configgenerator/filtergen/http_connection_manager.go [87:200]


func (g *HTTPConnectionManagerGenerator) GenFilterConfig() (proto.Message, error) {
	httpConMgr := &hcmpb.HttpConnectionManager{
		UpgradeConfigs: []*hcmpb.HttpConnectionManager_UpgradeConfig{
			{
				UpgradeType: "websocket",
			},
		},
		CodecType:         hcmpb.HttpConnectionManager_AUTO,
		StatPrefix:        util.StatPrefix,
		UseRemoteAddress:  &wrapperspb.BoolValue{Value: g.EnvoyUseRemoteAddress},
		XffNumTrustedHops: uint32(g.EnvoyXffNumTrustedHops),

		// Security options for `path` header.
		NormalizePath: &wrapperspb.BoolValue{Value: g.NormalizePath},
		MergeSlashes:  g.MergeSlashesInPath,
	}

	// Converting the error message for requests rejected by Envoy to JSON format:
	//
	//    {
	//       "code": "http-status-code",
	//       "message": "the error message",
	//    }
	//
	httpConMgr.LocalReplyConfig = &hcmpb.LocalReplyConfig{
		BodyFormat: &corepb.SubstitutionFormatString{
			Format: &corepb.SubstitutionFormatString_JsonFormat{
				JsonFormat: &structpb.Struct{
					Fields: map[string]*structpb.Value{
						"code": {
							Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE%"},
						},
						"message": {
							Kind: &structpb.Value_StringValue{StringValue: "%LOCAL_REPLY_BODY%"},
						},
					},
				},
			},
		},
	}

	// https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf
	if g.DisallowEscapedSlashesInPath {
		httpConMgr.PathWithEscapedSlashesAction = hcmpb.HttpConnectionManager_UNESCAPE_AND_REDIRECT
	} else {
		httpConMgr.PathWithEscapedSlashesAction = hcmpb.HttpConnectionManager_KEEP_UNCHANGED
	}

	if g.AccessLogPath != "" {
		fileAccessLog := &facpb.FileAccessLog{
			Path: g.AccessLogPath,
		}

		if g.AccessLogFormat != "" {
			fileAccessLog.AccessLogFormat = &facpb.FileAccessLog_LogFormat{
				LogFormat: &corepb.SubstitutionFormatString{
					Format: &corepb.SubstitutionFormatString_TextFormat{
						TextFormat: g.AccessLogFormat,
					},
				},
			}
		}

		serialized, _ := anypb.New(fileAccessLog)

		httpConMgr.AccessLog = []*acpb.AccessLog{
			{
				Name:   util.AccessFileLogger,
				Filter: nil,
				ConfigType: &acpb.AccessLog_TypedConfig{
					TypedConfig: serialized,
				},
			},
		}
	}

	if !g.TracingOptions.DisableTracing {
		var err error
		httpConMgr.Tracing, err = tracing.CreateTracing(*g.TracingOptions)
		if err != nil {
			return nil, err
		}
	}

	if g.UnderscoresInHeaders {
		httpConMgr.CommonHttpProtocolOptions = &corepb.HttpProtocolOptions{
			HeadersWithUnderscoresAction: corepb.HttpProtocolOptions_ALLOW,
		}
	} else {
		httpConMgr.CommonHttpProtocolOptions = &corepb.HttpProtocolOptions{
			HeadersWithUnderscoresAction: corepb.HttpProtocolOptions_REJECT_REQUEST,
		}
	}

	if g.EnableGrpcForHttp1 {
		// Retain gRPC trailers if downstream is using http1.
		httpConMgr.HttpProtocolOptions = &corepb.Http1ProtocolOptions{
			EnableTrailers: true,
		}
	}

	if g.IsSchemeHeaderOverrideRequired {
		httpConMgr.SchemeHeaderTransformation = &corepb.SchemeHeaderTransformation{
			Transformation: &corepb.SchemeHeaderTransformation_SchemeToOverwrite{
				SchemeToOverwrite: "https",
			},
		}
	}

	jsonStr, _ := util.ProtoToJson(httpConMgr)
	glog.Infof("HTTP Connection Manager config before adding routes or HTTP filters: %v", jsonStr)

	return httpConMgr, nil
}