extension: Add stateful session extension (#18207)

Introduce a new stateful session extension. This is a change after #17848 #17290. 

In #17290, we added a new cross-priority host map for fast host searching. In #17848, we extend `LoadBalancerContext` interface to provide an override host and to select the upstream host by the override host.

Finally, in this change, we expand a new API to allow users to extract the state of the session from the request and change the result of load balancing by setting the override host value.

Related doc: https://docs.google.com/document/d/1IU4b76AgOXijNa4sew1gfBfSiOMbZNiEt5Dhis8QpYg/edit?usp=sharing.

Risk Level: Medium
Testing: Added
Docs Changes: Added
Release Notes: Added
Platform-Specific Features: N/A.

Signed-off-by: wbpcode <wbphub@live.com>

Author: wbpcode

CODEOWNERS

@@ -161,6 +161,8 @@ extensions/filters/http/oauth2 @rgs1 @derekargueta @snowp
 /*/extensions/filters/common/local_ratelimit @mattklein123 @rgs1
 # HTTP Kill Request
 /*/extensions/filters/http/kill_request @qqustc @htuch
+# HTTP Stateful Session
+/*/extensions/filters/http/stateful_session @wbpcode @dio
 # Rate limit expression descriptor
 /*/extensions/rate_limit_descriptors/expr @kyessenov @lizan
 # hash input matcher
@@ -195,6 +197,8 @@ extensions/filters/http/oauth2 @rgs1 @derekargueta @snowp
 /*/extensions/matching/input_matchers/ip @aguinet @snowp
 # Key Value store
 /*/extensions/key_value @alyssawilk @ryantheoptimist
+# Stateful session
+/*/extensions/http/stateful_session/cookie @wbpcode @dio
 # DNS Resolver
 /*/extensions/network/dns_resolver/cares @junr03 @yanavlasov
 /*/extensions/network/dns_resolver/apple @junr03 @yanavlasov

api/BUILD

@@ -171,6 +171,7 @@ proto_library(
         "//envoy/extensions/filters/http/rbac/v3:pkg",
         "//envoy/extensions/filters/http/router/v3:pkg",
         "//envoy/extensions/filters/http/set_metadata/v3:pkg",
+        "//envoy/extensions/filters/http/stateful_session/v3:pkg",
         "//envoy/extensions/filters/http/tap/v3:pkg",
         "//envoy/extensions/filters/http/wasm/v3:pkg",
         "//envoy/extensions/filters/listener/http_inspector/v3:pkg",
@@ -211,6 +212,7 @@ proto_library(
         "//envoy/extensions/http/header_formatters/preserve_case/v3:pkg",
         "//envoy/extensions/http/original_ip_detection/custom_header/v3:pkg",
         "//envoy/extensions/http/original_ip_detection/xff/v3:pkg",
+        "//envoy/extensions/http/stateful_session/cookie/v3:pkg",
         "//envoy/extensions/internal_redirect/allow_listed_routes/v3:pkg",
         "//envoy/extensions/internal_redirect/previous_routes/v3:pkg",
         "//envoy/extensions/internal_redirect/safe_cross_scheme/v3:pkg",

api/envoy/extensions/filters/http/stateful_session/v3/BUILD

@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/config/core/v3:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)

api/envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto

@@ -0,0 +1,40 @@
+syntax = "proto3";
+
+package envoy.extensions.filters.http.stateful_session.v3;
+
+import "envoy/config/core/v3/extension.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.filters.http.stateful_session.v3";
+option java_outer_classname = "StatefulSessionProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/stateful_session/v3;stateful_sessionv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Stateful session filter]
+// Stateful session :ref:`configuration overview <config_http_filters_stateful_session>`.
+// [#extension: envoy.filters.http.stateful_session]
+
+message StatefulSession {
+  // Specific implementation of session state. This session state will be used to store and
+  // get address of the upstream host to which the session is assigned.
+  //
+  // [#extension-category: envoy.http.stateful_session]
+  config.core.v3.TypedExtensionConfig session_state = 1
+      [(validate.rules).message = {required: true}];
+}
+
+message StatefulSessionPerRoute {
+  oneof override {
+    option (validate.required) = true;
+
+    // Disable the stateful session filter for this particular vhost or route. If disabled is
+    // specified in multiple per-filter-configs, the most specific one will be used.
+    bool disabled = 1 [(validate.rules).bool = {const: true}];
+
+    // Per-route stateful session configuration that can be served by RDS or static route table.
+    StatefulSession stateful_session = 2;
+  }
+}

api/envoy/extensions/http/stateful_session/cookie/v3/BUILD

@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/type/http/v3:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)

api/envoy/extensions/http/stateful_session/cookie/v3/cookie.proto

@@ -0,0 +1,43 @@
+syntax = "proto3";
+
+package envoy.extensions.http.stateful_session.cookie.v3;
+
+import "envoy/type/http/v3/cookie.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.http.stateful_session.cookie.v3";
+option java_outer_classname = "CookieProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/http/stateful_session/cookie/v3;cookiev3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Cookie based stateful session extension]
+
+// This extension allows the session state to be tracked via cookies.
+//
+// This extension first encodes the address of the upstream host selected by the load balancer
+// into a `set-cookie` response header with the :ref:`cookie configuration
+// <envoy_v3_api_field_extensions.http.stateful_session.cookie.v3.CookieBasedSessionState.cookie>`.
+// when new requests are incoming, this extension will try to parse the specific upstream host
+// address by the cookie name. If the address parsed from the cookie corresponds to a valid
+// upstream host, this upstream host will be selected first. See :ref:`stateful session filter
+// <envoy_v3_api_msg_extensions.filters.http.stateful_session.v3.StatefulSession>`.
+//
+// For example, if the cookie name is set to `sticky-host`, envoy will prefer `1.2.3.4:80`
+// as the upstream host when the request contains the following header:
+//
+// .. code-block:: none
+//
+//     cookie: sticky-host="MS4yLjMuNDo4MA=="
+//
+// When processing the upstream response, if `1.2.3.4:80` is indeed the final choice the extension
+// does nothing. If `1.2.3.4:80` is not the final choice, the new selected host will be used to
+// update the cookie (via the `set-cookie` response header).
+//
+// [#extension: envoy.http.stateful_session.cookie]
+message CookieBasedSessionState {
+  // The cookie configuration used to track session state.
+  type.http.v3.Cookie cookie = 1 [(validate.rules).message = {required: true}];
+}

api/envoy/type/http/v3/cookie.proto

@@ -0,0 +1,31 @@
+syntax = "proto3";
+
+package envoy.type.http.v3;
+
+import "google/protobuf/duration.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.type.http.v3";
+option java_outer_classname = "CookieProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/type/http/v3;httpv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Http cookie API]
+
+// Cookie defines an API for obtaining or generating HTTP cookie.
+message Cookie {
+  // The name that will be used to obtain cookie value from downstream HTTP request or generate
+  // new cookie for downstream.
+  string name = 1 [(validate.rules).string = {min_len: 1}];
+
+  // Duration of cookie. This will be used to set the expiry time of a new cookie when it is
+  // generated. Set this to 0 to use a session cookie.
+  google.protobuf.Duration ttl = 2 [(validate.rules).duration = {gte {}}];
+
+  // Path of cookie. This will be used to set the path of a new cookie when it is generated.
+  // If no path is specified here, no path will be set for the cookie.
+  string path = 3;
+}

api/versioning/BUILD

@@ -109,6 +109,7 @@ proto_library(
         "//envoy/extensions/filters/http/rbac/v3:pkg",
         "//envoy/extensions/filters/http/router/v3:pkg",
         "//envoy/extensions/filters/http/set_metadata/v3:pkg",
+        "//envoy/extensions/filters/http/stateful_session/v3:pkg",
         "//envoy/extensions/filters/http/tap/v3:pkg",
         "//envoy/extensions/filters/http/wasm/v3:pkg",
         "//envoy/extensions/filters/listener/http_inspector/v3:pkg",
@@ -149,6 +150,7 @@ proto_library(
         "//envoy/extensions/http/header_formatters/preserve_case/v3:pkg",
         "//envoy/extensions/http/original_ip_detection/custom_header/v3:pkg",
         "//envoy/extensions/http/original_ip_detection/xff/v3:pkg",
+        "//envoy/extensions/http/stateful_session/cookie/v3:pkg",
         "//envoy/extensions/internal_redirect/allow_listed_routes/v3:pkg",
         "//envoy/extensions/internal_redirect/previous_routes/v3:pkg",
         "//envoy/extensions/internal_redirect/safe_cross_scheme/v3:pkg",

docs/root/api-v3/config/config.rst

@@ -30,6 +30,7 @@ Extensions
   request_id/request_id
   http/header_formatters
   http/original_ip_detection
+  http/stateful_session
   stat_sinks/stat_sinks
   quic/quic_extensions
   formatter/formatter

docs/root/api-v3/config/http/stateful_session.rst

@@ -0,0 +1,8 @@
+Stateful Session
+=====================
+
+.. toctree::
+  :glob:
+  :maxdepth: 2
+
+  ../../extensions/http/stateful_session/*/v3/*