Filter example that uses third-party libraries

Question

Filter example that uses third-party libraries

hzariv opened this issue 7 years ago · 12 comments

Is there a recommend approach for developing a filter that uses third-party C++ libraries?
This document describes how to add external libraries to envoy but how can a filter developer add external third-party opensource C or C++ libraries for filter usage?

https://github.com/lyft/envoy/blob/master/bazel/EXTERNAL_DEPS.md

Answer 1 · 2017-08-01T19:29:20.000Z

We probably need to somehow allow all of the locations in https://github.com/lyft/envoy/blob/master/bazel/EXTERNAL_DEPS.md to be extended by the consuming project somehow. @htuch ?

Answer 2 · 2017-08-01T20:22:09.000Z

Yeah, but TBH the original recursive make solution is a complete hack and I don't think we want to build castles on it. My best advice on this is to either:

Integrate the filter into Envoy and add the dependency there.
Add the 3rd party library as a Bazel dependency in the consuming project (and do the work to Bazelify the project if necessary). This may or may not be reasonable, depending on how complicated the build system of the dependency is.
Add a repository_rule to the consuming project for the sole purpose of building the dependency. This respository_rule can use https://github.com/lyft/envoy/blob/master/bazel/repositories.bzl#L138 for inspiration.

Answer 3 · 2017-08-01T20:42:40.000Z

I am trying to develop a filter to validate JWT token. There are C++ open source libraries for JWT token (here is one example https://github.com/pokowaka/jwt-cpp). This library also has external dependency on https://github.com/akheron/jansson. @htuch which approach above would you recommend for this type of filter?

Answer 4 · 2017-08-01T20:45:59.000Z

@hzariv FYI, We're actively developing a JWT token filter in https://github.com/istio/proxy/tree/master/src/envoy/auth

Answer 5 · 2017-08-01T20:46:37.000Z

jwt-cpp seems simple enough for (2). Its dependency on Jansson will make the BUILD file writing probably a bit involved, since that is a bit larger and also uses autoconf.

BTW, are you aware that Datawire are working on an external auth filter that would probably be capable of doing this by calling out to a separate process/server? @ark3

Answer 6 · 2017-08-01T20:47:53.000Z

Looks like someone has figured out the Jansson BUILD bit: https://github.com/twitter/heron/tree/master/third_party/jansson. A bit of a megahack with genrule, but when in Bazel...

Answer 7 · 2017-08-01T20:53:36.000Z

@lizan Yes I saw that but are you going to implement JWT token validation and authorization claims from scratch yourself or use some third party library. In the second case, wouldn't you face the same issue?

Answer 8 · 2017-08-01T20:57:32.000Z

@htuch yes I have looked at https://github.com/datawire/ambassador-envoy the external service call is a performance bottleneck.

Answer 9 · 2017-08-01T21:03:56.000Z

@hzariv Yes, I was just curious if we can converge the efforts implementing JWT filters. I'm open to contribute the JWT filter (though it is still WIP). we evaluated those deps and decided to implementing from scratch because it is simple and we already have similar code. Also I didn't want to introduce 2 different libraries to deal with JSON (RapidJSON / jansson)

re: third-party deps in general, I think @htuch covered options. One least favorable option is install to system (i.e. /usr/local) and along with copts and linkopts. In istio/proxy we are mostly doing (2).

Answer 10 · 2017-08-01T21:16:13.000Z

@htuch / @lizan could you point me to some option (2) examples?
(sorry I come from Java world where build systems are simple :))

Answer 11 · 2017-08-01T22:20:41.000Z

@hzariv https://github.com/istio/proxy/blob/master/repositories.bzl#L75 this is the sample to bazelify googletest, this is already in envoy as (3), but we excluded that in istio/proxy.

Answer 12 · 2017-10-25T23:04:14.000Z

Closing this out as answered.