-
Notifications
You must be signed in to change notification settings - Fork 103
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add core secondary api and forwarding middleware
- Loading branch information
Henry Fontanier
committed
Aug 6, 2024
1 parent
fc7c02e
commit d6cc818
Showing
11 changed files
with
202 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -98,3 +98,5 @@ pub mod oauth { | |
} | ||
|
||
pub mod api_keys; | ||
|
||
pub mod secondary_api; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
use axum::{ | ||
body::{Body, Bytes}, | ||
extract::Request, | ||
middleware::Next, | ||
response::Response, | ||
}; | ||
use http::StatusCode; | ||
use lazy_static::lazy_static; | ||
use reqwest::Client; | ||
use tracing::error; | ||
|
||
lazy_static! { | ||
static ref SECONDARY_API_FORWARDING_ENABLED: bool = | ||
std::env::var("SECONDARY_API_FORWARDING_ENABLED") | ||
.map(|s| s == "true") | ||
.unwrap_or(false); | ||
static ref IS_SECONDARY: bool = std::env::var("IS_SECONDARY") | ||
.map(|s| s == "true") | ||
.unwrap_or(false); | ||
static ref CORE_SECONDARY_API_URL: String = | ||
std::env::var("CORE_SECONDARY_API").unwrap_or_default(); | ||
} | ||
|
||
fn should_forward(req: &Request<Body>) -> bool { | ||
if *SECONDARY_API_FORWARDING_ENABLED && !*IS_SECONDARY { | ||
if CORE_SECONDARY_API_URL.is_empty() { | ||
error!("CORE_SECONDARY_API is not set"); | ||
} | ||
// Forward all requests for paths that contain "/tables" or "/query_database" | ||
req.uri().path().contains("/tables") || req.uri().path().contains("/query_database") | ||
} else { | ||
false | ||
} | ||
} | ||
|
||
pub async fn forward_middleware(req: Request<Body>, next: Next) -> Result<Response, StatusCode> { | ||
if should_forward(&req) { | ||
let client = Client::new(); | ||
let (parts, body) = req.into_parts(); | ||
let body_bytes: Bytes = axum::body::to_bytes(body, usize::MAX) | ||
.await | ||
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; | ||
|
||
let new_url = format!( | ||
"{}{}", | ||
*CORE_SECONDARY_API_URL, | ||
parts.uri.path_and_query().map_or("", |x| x.as_str()) | ||
); | ||
|
||
let mut new_req = client.request(parts.method, new_url).body(body_bytes); | ||
|
||
for (name, value) in parts.headers.iter() { | ||
new_req = new_req.header(name, value); | ||
} | ||
|
||
match new_req.send().await { | ||
Ok(response) => { | ||
let status = response.status(); | ||
let headers = response.headers().clone(); | ||
let body = response | ||
.bytes() | ||
.await | ||
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; | ||
|
||
let mut builder = Response::builder().status(status); | ||
let headers_mut = builder.headers_mut().unwrap(); | ||
headers_mut.extend(headers); | ||
|
||
builder | ||
.body(Body::from(body)) | ||
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR) | ||
} | ||
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR), | ||
} | ||
} else { | ||
Ok(next.run(req).await) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: core-secondary-deployment | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: core-secondary | ||
template: | ||
metadata: | ||
labels: | ||
app: core-secondary | ||
name: core-secondary-pod | ||
admission.datadoghq.com/enabled: "true" | ||
annotations: | ||
ad.datadoghq.com/web.logs: '[{"source": "core-secondary","service": "core-secondary","tags": ["env:prod"]}]' | ||
spec: | ||
terminationGracePeriodSeconds: 180 | ||
containers: | ||
- name: web | ||
image: gcr.io/or1g1n-186209/core-image:latest | ||
command: ["cargo", "run", "--release", "--bin", "dust-api"] | ||
imagePullPolicy: Always | ||
ports: | ||
- containerPort: 3001 | ||
readinessProbe: | ||
httpGet: | ||
path: / | ||
port: 3001 | ||
initialDelaySeconds: 10 | ||
periodSeconds: 5 | ||
|
||
envFrom: | ||
- configMapRef: | ||
name: core-config | ||
- secretRef: | ||
name: core-secrets | ||
env: | ||
- name: DD_AGENT_HOST | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: status.hostIP | ||
|
||
- name: IS_SECONDARY | ||
value: "true" | ||
|
||
volumeMounts: | ||
- name: service-account-volume | ||
mountPath: /etc/service-accounts | ||
- name: api-keys-volume | ||
mountPath: /etc/api-keys | ||
|
||
resources: | ||
requests: | ||
cpu: 4000m | ||
memory: 8Gi | ||
limits: | ||
cpu: 4000m | ||
memory: 8Gi | ||
|
||
volumes: | ||
- name: service-account-volume | ||
secret: | ||
secretName: gcp-service-account-secret | ||
|
||
- name: api-keys-volume | ||
secret: | ||
secretName: core-api-keys-secret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: core-secondary-network-policy | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
app: core-secondary | ||
policyTypes: | ||
- Ingress | ||
ingress: | ||
- from: | ||
- podSelector: | ||
matchLabels: | ||
app: core | ||
|
||
- podSelector: | ||
matchLabels: | ||
app: prodbox | ||
ports: | ||
- protocol: TCP | ||
port: 3001 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: core-secondary-service | ||
annotations: | ||
cloud.google.com/backend-config: '{"default": "core-backendconfig"}' | ||
spec: | ||
selector: | ||
app: core-secondary | ||
name: core-secondary-pod | ||
ports: | ||
- protocol: TCP | ||
port: 80 | ||
targetPort: 3001 | ||
type: ClusterIP |