Event Reporter with interface for multiple clients

Signed-off-by: aakugan <aakashganapathy2@gmail.com>

Author: aakugan

CODEOWNERS

@@ -496,5 +496,6 @@ extensions/upstreams/tcp @ggreenway @mattklein123
 /contrib/peak_ewma/load_balancing_policies/ @rroblak @UNOWNED
 /contrib/kae/ @Misakokoro @UNOWNED
 /contrib/istio @kyessenov @wbpcode @keithmattix @krinkinmu @zirain
+/contrib/reverse_tunnel_reporter @agrawroh @aakugan @basundhara-c
 
 /compat/openssl/ @tedjpoole @envoyproxy/envoy-openssl-sync

contrib/contrib_build_config.bzl

@@ -118,4 +118,10 @@ CONTRIB_EXTENSIONS = {
     #
 
     "envoy.upstreams.http.tcp.golang":                          "//contrib/golang/upstreams/http/tcp/source:config",
+
+    #
+    # Reverse tunnel reporters
+    #
+
+    "envoy.bootstrap.reverse_tunnel.reverse_tunnel_reporting_service": "//contrib/reverse_tunnel_reporter/source:config",
 }

contrib/extensions_metadata.yaml

@@ -205,3 +205,11 @@ envoy.load_balancing_policies.peak_ewma:
   status: alpha
   type_urls:
   - envoy.extensions.load_balancing_policies.peak_ewma.v3alpha.PeakEwma
+envoy.bootstrap.reverse_tunnel.reverse_tunnel_reporting_service:
+  categories:
+  - envoy.bootstrap
+  security_posture: requires_trusted_downstream_and_upstream
+  status: alpha
+  type_urls:
+  - envoy.extensions.reverse_tunnel_reporters.v3alpha.reporters.EventReporterConfig
+  - envoy.extensions.reverse_tunnel_reporters.v3alpha.clients.grpc_client.GrpcClientConfig

contrib/reverse_tunnel_reporter/source/BUILD

@@ -0,0 +1,35 @@
+load(
+    "//bazel:envoy_build_system.bzl",
+    "envoy_cc_contrib_extension",
+    "envoy_cc_library",
+    "envoy_contrib_package",
+)
+
+licenses(["notice"])  # Apache 2
+
+envoy_contrib_package()
+
+envoy_cc_library(
+    name = "reverse_tunnel_event_types",
+    hdrs = [
+        "reverse_tunnel_event_types.h",
+    ],
+    deps = [
+        "//envoy/common:pure_lib",
+        "//envoy/common:time_interface",
+        "//envoy/config:typed_config_interface",
+        "//envoy/extensions/bootstrap/reverse_tunnel:reverse_tunnel_reporter_lib",
+        "//envoy/server:factory_context_interface",
+        "//source/common/common:fmt_lib",
+        "//source/common/config:utility_lib",
+        "//source/common/protobuf",
+        "//source/common/protobuf:message_validator_lib",
+    ],
+)
+
+envoy_cc_contrib_extension(
+    name = "config",
+    deps = [
+        "//contrib/reverse_tunnel_reporter/source/reporters:reporters_lib",
+    ],
+)

contrib/reverse_tunnel_reporter/source/reporters/BUILD

@@ -0,0 +1,16 @@
+load(
+    "//bazel:envoy_build_system.bzl",
+    "envoy_cc_library",
+    "envoy_contrib_package",
+)
+
+licenses(["notice"])  # Apache 2
+
+envoy_contrib_package()
+
+envoy_cc_library(
+    name = "reporters_lib",
+    deps = [
+        "//contrib/reverse_tunnel_reporter/source/reporters/event_reporter:event_reporter_lib",
+    ],
+)

contrib/reverse_tunnel_reporter/source/reporters/event_reporter/BUILD

@@ -0,0 +1,30 @@
+load(
+    "//bazel:envoy_build_system.bzl",
+    "envoy_cc_library",
+    "envoy_contrib_package",
+)
+
+licenses(["notice"])  # Apache 2
+
+envoy_contrib_package()
+
+envoy_cc_library(
+    name = "event_reporter_lib",
+    srcs = [
+        "factory.cc",
+        "reporter.cc",
+    ],
+    hdrs = [
+        "factory.h",
+        "reporter.h",
+    ],
+    deps = [
+        "//contrib/reverse_tunnel_reporter/source:reverse_tunnel_event_types",
+        "//envoy/extensions/bootstrap/reverse_tunnel:reverse_tunnel_reporter_lib",
+        "//envoy/registry",
+        "//source/common/common:logger_lib",
+        "//source/common/config:utility_lib",
+        "//source/common/protobuf:utility_lib",
+        "@envoy_api//contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/reporters:pkg_cc_proto",
+    ],
+)

contrib/reverse_tunnel_reporter/source/reporters/event_reporter/factory.cc

@@ -0,0 +1,58 @@
+#include "contrib/reverse_tunnel_reporter/source/reporters/event_reporter/factory.h"
+
+#include "envoy/registry/registry.h"
+
+#include "source/common/config/utility.h"
+#include "source/common/protobuf/utility.h"
+
+namespace Envoy {
+namespace Extensions {
+namespace Bootstrap {
+namespace ReverseConnection {
+
+ReverseTunnelReporterPtr
+EventReporterFactory::createReporter(Server::Configuration::ServerFactoryContext& context,
+                                     ProtobufTypes::MessagePtr config) {
+  const auto& reporter_config = MessageUtil::downcastAndValidate<const ConfigProto&>(
+      *config, context.messageValidationVisitor());
+
+  std::vector<ReverseTunnelReporterClientPtr> clients;
+  clients.reserve(reporter_config.clients().size());
+  for (const auto& client_config : reporter_config.clients()) {
+    clients.push_back(createClient(context, client_config));
+  }
+  return std::make_unique<EventReporter>(context, reporter_config, std::move(clients));
+}
+
+std::string EventReporterFactory::name() const {
+  return "envoy.extensions.reverse_tunnel.reverse_tunnel_reporting_service.reporters.event_"
+         "reporter";
+}
+
+ProtobufTypes::MessagePtr EventReporterFactory::createEmptyConfigProto() {
+  return std::make_unique<ConfigProto>();
+}
+
+ReverseTunnelReporterClientPtr
+EventReporterFactory::createClient(Server::Configuration::ServerFactoryContext& context,
+                                   const ClientConfigProto& client_config) {
+  auto* factory =
+      Config::Utility::getFactoryByName<ReverseTunnelReporterClientFactory>(client_config.name());
+  if (!factory) {
+    throw EnvoyException(
+        fmt::format("Unknown Reporter Client Factory: '{}'. "
+                    "Make sure it is registered as a ReverseTunnelReporterClientFactory.",
+                    client_config.name()));
+  }
+
+  auto typed_config = Config::Utility::translateAnyToFactoryConfig(
+      client_config.typed_config(), context.messageValidationVisitor(), *factory);
+  return factory->createClient(context, *typed_config);
+}
+
+REGISTER_FACTORY(EventReporterFactory, ReverseTunnelReporterFactory);
+
+} // namespace ReverseConnection
+} // namespace Bootstrap
+} // namespace Extensions
+} // namespace Envoy

contrib/reverse_tunnel_reporter/source/reporters/event_reporter/factory.h

@@ -0,0 +1,37 @@
+#pragma once
+
+#include "envoy/extensions/bootstrap/reverse_tunnel/reverse_tunnel_reporter.h"
+
+#include "contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/reporters/event_reporter.pb.h"
+#include "contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/reporters/event_reporter.pb.validate.h"
+#include "contrib/reverse_tunnel_reporter/source/reporters/event_reporter/reporter.h"
+#include "contrib/reverse_tunnel_reporter/source/reverse_tunnel_event_types.h"
+
+namespace Envoy {
+namespace Extensions {
+namespace Bootstrap {
+namespace ReverseConnection {
+
+/// Factory that builds an EventReporter from its proto config, dynamically
+/// resolving each child ReverseTunnelReporterClient by name.
+class EventReporterFactory : public ReverseTunnelReporterFactory {
+public:
+  ReverseTunnelReporterPtr createReporter(Server::Configuration::ServerFactoryContext& context,
+                                          ProtobufTypes::MessagePtr config) override;
+  std::string name() const override;
+  ProtobufTypes::MessagePtr createEmptyConfigProto() override;
+
+private:
+  using ConfigProto =
+      envoy::extensions::reverse_tunnel_reporters::v3alpha::reporters::EventReporterConfig;
+  using ClientConfigProto = envoy::extensions::reverse_tunnel_reporters::v3alpha::reporters::
+      ReverseConnectionReporterClient;
+
+  ReverseTunnelReporterClientPtr createClient(Server::Configuration::ServerFactoryContext& context,
+                                              const ClientConfigProto& client_config);
+};
+
+} // namespace ReverseConnection
+} // namespace Bootstrap
+} // namespace Extensions
+} // namespace Envoy

contrib/reverse_tunnel_reporter/source/reporters/event_reporter/reporter.cc

@@ -0,0 +1,126 @@
+#include "contrib/reverse_tunnel_reporter/source/reporters/event_reporter/reporter.h"
+
+#include "source/common/protobuf/utility.h"
+
+namespace Envoy {
+namespace Extensions {
+namespace Bootstrap {
+namespace ReverseConnection {
+
+EventReporter::EventReporter(Server::Configuration::ServerFactoryContext& context,
+                             const ConfigProto& config,
+                             std::vector<ReverseTunnelReporterClientPtr>&& clients)
+    : context_{context}, clients_{std::move(clients)},
+      stats_(generateStats(
+          PROTOBUF_GET_STRING_OR_DEFAULT(config, stat_prefix, "reverse_tunnel_reporter"),
+          context.scope())) {
+  ENVOY_LOG(info, "Constructed with {} clients", clients_.size());
+}
+
+void EventReporter::onServerInitialized() {
+  ENVOY_LOG(info, "Initialized");
+  for (auto& client : clients_) {
+    client->onServerInitialized(this);
+  }
+}
+
+void EventReporter::reportConnectionEvent(absl::string_view node_id, absl::string_view cluster_id,
+                                          absl::string_view tenant_id) {
+  auto ptr = std::make_shared<ReverseTunnelEvent::Connected>(
+      ReverseTunnelEvent::Connected{std::string(node_id), std::string(cluster_id),
+                                    std::string(tenant_id), Envoy::SystemTime::clock::now()});
+
+  context_.mainThreadDispatcher().post(
+      [this, ptr = std::move(ptr)]() mutable { this->addConnection(std::move(ptr)); });
+}
+
+void EventReporter::reportDisconnectionEvent(absl::string_view node_id, absl::string_view) {
+  std::string name = ReverseTunnelEvent::getName(node_id);
+  auto ptr = std::make_shared<ReverseTunnelEvent::Disconnected>(name);
+
+  context_.mainThreadDispatcher().post(
+      [this, ptr = std::move(ptr)]() mutable { this->removeConnection(std::move(ptr)); });
+}
+
+// This is only served on the main thread so no locks needed.
+ReverseTunnelEvent::ConnectionsList EventReporter::getAllConnections() {
+  ASSERT(context_.mainThreadDispatcher().isThreadSafe());
+  stats_.reverse_tunnel_full_pulls_total_.inc();
+
+  ReverseTunnelEvent::ConnectionsList all_connections;
+  all_connections.reserve(connections_.size());
+
+  for (auto& [key, val] : connections_) {
+    all_connections.push_back(val.connection);
+  }
+  return all_connections;
+}
+
+EventReporterStats EventReporter::generateStats(const std::string& prefix, Stats::Scope& scope) {
+  return EventReporterStats{ALL_EVENT_REPORTER_STATS(POOL_COUNTER_PREFIX(scope, prefix),
+                                                     POOL_GAUGE_PREFIX(scope, prefix))};
+}
+
+void EventReporter::notifyClients(ReverseTunnelEvent::TunnelUpdates&& updates) {
+  ASSERT(clients_.size() > 0, "Need atleast one client. Enforced via the protos.");
+
+  for (size_t i = 0; i < clients_.size() - 1; i++) {
+    clients_[i]->receiveEvents(updates);
+  }
+
+  clients_.back()->receiveEvents(std::move(updates));
+}
+
+void EventReporter::addConnection(std::shared_ptr<ReverseTunnelEvent::Connected>&& connection) {
+  ASSERT(context_.mainThreadDispatcher().isThreadSafe());
+
+  ENVOY_LOG(info, "Accepted a new connection. Node: {}, Cluster: {}, Tenant: {}",
+            connection->node_id, connection->cluster_id, connection->tenant_id);
+
+  std::string name = ReverseTunnelEvent::getName(connection->node_id);
+  auto [it, inserted] = connections_.try_emplace(std::move(name), std::move(connection), 1);
+
+  if (inserted) {
+    stats_.reverse_tunnel_unique_active_.inc();
+    notifyClients(ReverseTunnelEvent::TunnelUpdates{{it->second.connection}, {}});
+  } else {
+    // Multiple reverse tunnels can share the same name (same node).
+    // We ref-count them and only notify clients of removal when the last one disconnects.
+    it->second.count++;
+  }
+
+  stats_.reverse_tunnel_established_total_.inc();
+  stats_.reverse_tunnel_active_.inc();
+}
+
+void EventReporter::removeConnection(
+    std::shared_ptr<ReverseTunnelEvent::Disconnected>&& disconnection) {
+  ASSERT(context_.mainThreadDispatcher().isThreadSafe());
+
+  const auto& name = disconnection->name;
+  auto it = connections_.find(name);
+
+  ENVOY_LOG(info, "Removed connection. Name: {}", name);
+
+  if (it == connections_.end()) {
+    ENVOY_LOG(warn, "Tried to remove a connection which doesnt exist");
+    return;
+  }
+
+  // Only notify removal on the last ref — see addConnection for the ref-count rationale.
+  if (it->second.count == 1) {
+    connections_.erase(it);
+    stats_.reverse_tunnel_unique_active_.dec();
+    notifyClients(ReverseTunnelEvent::TunnelUpdates{{}, {disconnection}});
+  } else {
+    it->second.count--;
+  }
+
+  stats_.reverse_tunnel_closed_total_.inc();
+  stats_.reverse_tunnel_active_.dec();
+}
+
+} // namespace ReverseConnection
+} // namespace Bootstrap
+} // namespace Extensions
+} // namespace Envoy