Skip to content

network: migrate ratelimit, rbac, ext_authz filters to exception free#46111

Open
davidvo-lyft wants to merge 1 commit into
envoyproxy:mainfrom
davidvo-lyft:davidvo/27412-network-filters-exception-free
Open

network: migrate ratelimit, rbac, ext_authz filters to exception free#46111
davidvo-lyft wants to merge 1 commit into
envoyproxy:mainfrom
davidvo-lyft:davidvo/27412-network-filters-exception-free

Conversation

@davidvo-lyft

@davidvo-lyft davidvo-lyft commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Migrate the ratelimit, rbac, and ext_authz network filter config factories from the throwing Common::FactoryBase to Common::ExceptionFreeFactoryBase, so config validation returns absl::StatusOr instead of throwing. This mirrors the already merged HTTP twins (#38629, #46035) and continues the exception free migration tracked in #27412. Error messages and failure semantics are unchanged (EnvoyException becomes absl::InvalidArgumentError with identical text).

rbac's factory validation was the only throw in its directory, so its entry is removed from the tools/code_format/config.yaml exception allowlist, locking the directory throw free via check_format. ratelimit and ext_authz keep their entries: both retain throws outside the config validation surface (descriptor formatter, per connection client creation), left for a follow-up.

The network read filter fuzz harness relied on factories throwing for invalid configs (.value() inside a catch (EnvoyException)). It now checks the returned status first, mirroring the HTTP fuzz harness, so error statuses keep exiting setup early instead of escaping as BadStatusOrAccess (caught by the ext_authz_2 corpus entry, a V2 config).

Commit Message: network: migrate ratelimit, rbac, ext_authz filters to exception free

Additional Description: see above

Risk Level: Low. Behavior preserving refactor, no user visible change.

Testing: The three config_test targets and //test/extensions/filters/network/common/fuzz:network_readfilter_fuzz_test (which exercises the migrated error path via the ext_authz_2 corpus) pass in the CI clang image. Added DeprecatedV2TransportApiVersion negative tests for ratelimit and ext_authz; rbac's checkRule expectations converted from EXPECT_THROW to status assertions. check_format passes with the rbac allowlist entry removed.

Docs Changes: N/A

Release Notes: N/A (internal refactor)

Platform Specific Features: N/A

Part of #27412

Generative AI disclosure: Developed with AI assistance (Claude Code); I reviewed and understand every line and take full ownership of the submission.

@davidvo-lyft davidvo-lyft force-pushed the davidvo/27412-network-filters-exception-free branch 2 times, most recently from 29cb24b to 3c0b0c0 Compare July 14, 2026 17:29
Migrate the ratelimit, rbac, and ext_authz network filter config
factories from the throwing Common::FactoryBase to the in-tree
Common::ExceptionFreeFactoryBase, so createFilterFactoryFromProtoTyped
returns absl::StatusOr instead of throwing during config validation.
The factory scope THROW_IF_NOT_OK(checkTransportVersion(...)) calls in
ratelimit and ext_authz become RETURN_IF_NOT_OK, mirroring their already
merged HTTP twins, and rbac's validate helpers now return absl::Status
with identical error messages. Since rbac's factory throw was the only
throw token in its directory, its entry is removed from the
tools/code_format/config.yaml exception allowlist, locking the directory
throw free via check_format.

The network read filter fuzz harness previously relied on these
factories throwing EnvoyException for invalid configs; it now checks the
returned status before dereferencing, mirroring the HTTP fuzz harness,
so error statuses keep exiting the setup path early instead of escaping
as BadStatusOrAccess.

This continues the exception free migration series tracked in envoyproxy#27412.

Signed-off-by: David Vo <davidvo@lyft.com>
@davidvo-lyft davidvo-lyft force-pushed the davidvo/27412-network-filters-exception-free branch from 3c0b0c0 to ec198fb Compare July 14, 2026 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant