update version to 1.0.0 (#348)

Makefile.core.mk

@@ -139,8 +139,8 @@ install: pre-install
 	cd helm/higress; helm dependency build
 	helm install higress helm/higress -n higress-system --create-namespace --set 'global.local=true'
 
-ENVOY_LATEST_IMAGE_TAG ?= 1.0.0-rc
-ISTIO_LATEST_IMAGE_TAG ?= 1.0.0-rc
+ENVOY_LATEST_IMAGE_TAG ?= 1.0.0
+ISTIO_LATEST_IMAGE_TAG ?= 1.0.0
 
 install-dev: pre-install
 	helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true'

README.md

@@ -21,7 +21,7 @@
 
 Higress 是基于阿里内部两年多的 Envoy Gateway 实践沉淀，以开源 [Istio](https://github.com/istio/istio) 与 [Envoy](https://github.com/envoyproxy/envoy) 为核心构建的下一代云原生网关。Higress 实现了安全防护网关、流量网关、微服务网关三层网关合一，可以显著降低网关的部署和运维成本。
 
-![arch](https://img.alicdn.com/imgextra/i4/O1CN01OgGP1728t0xeRfRYJ_!!6000000007989-0-tps-1726-1366.jpg)
+![arch](https://img.alicdn.com/imgextra/i1/O1CN01iO9ph825juHbOIg75_!!6000000007563-2-tps-2483-2024.png)
 
 ## Summary
     

README_EN.md

@@ -23,7 +23,7 @@ Higress is a next-generation cloud-native gateway based on Alibaba's internal ga
 Powered by [Istio](https://github.com/istio/istio) and [Envoy](https://github.com/envoyproxy/envoy), Higress realizes the integration of the triple gateway architecture of traffic gateway, microservice gateway and security gateway, thereby greatly reducing the costs of deployment, operation and maintenance.
 
 <h1 align="center">
-  <img src="https://img.alicdn.com/imgextra/i1/O1CN01vnNawh26mU5C9py9w_!!6000000007704-0-tps-1726-1366.jpg" alt="Higress Architecture">
+  <img src="https://img.alicdn.com/imgextra/i1/O1CN01iO9ph825juHbOIg75_!!6000000007563-2-tps-2483-2024.png" alt="Higress Architecture">
 </h1>
 
 

VERSION

@@ -1 +1 @@
-v1.0.0-rc
+v1.0.0

helm/core/Chart.yaml

@@ -1,7 +1,8 @@
 apiVersion: v2
-appVersion: 1.0.0-rc
+appVersion: 1.0.0
 description: Helm chart for deploying higress gateways
 icon: https://higress.io/img/higress_logo_small.png
+home: http://higress.io/
 keywords:
 - higress
 - gateways
@@ -9,4 +10,4 @@ name: higress-core
 sources:
 - http://github.com/alibaba/higress
 type: application
-version: 1.0.0-rc
+version: 1.0.0

helm/core/templates/_helpers.tpl

@@ -95,3 +95,9 @@ higress: {{ include "controller.name" . }}
 {{- print "first-party-jwt" }}
 {{- end }}
 {{- end }}
+
+{{- define "skywalking.enabled" -}}
+{{- if and .Values.skywalking.enabled .Values.skywalking.service.address }}
+true
+{{- end }}
+{{- end }}

helm/core/templates/configmap.yaml

@@ -122,7 +122,7 @@ data:
 {{- include "mesh" . }}
 {{- end }}
 ---
-{{- if .Values.enableSkywalking  }}
+{{- if include "skywalking.enabled" . }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -154,7 +154,6 @@ data:
             "type": "LOGICAL_DNS",
             "connect_timeout": "5s",
             "http2_protocol_options": {
-
             },
             "dns_lookup_family": "V4_ONLY",
             "lb_policy": "ROUND_ROBIN",
@@ -167,8 +166,8 @@ data:
                       "endpoint": {
                         "address": {
                           "socket_address": {
-                            "address": "{{ .Values.Skywalking.address }}",
-                            "port_value": "{{ .Values.Skywalking.port }}"
+                            "address": "{{ .Values.skywalking.service.address }}",
+                            "port_value": "{{ .Values.skywalking.service.port }}"
                           }
                         }
                       }

helm/core/templates/deployment.yaml

@@ -146,7 +146,7 @@ spec:
             value: "{{ $.Values.clusterName | default `Kubernetes` }}"
           - name: INSTANCE_NAME
             value: "higress-gateway"
-          {{- if .Values.enableSkywalking }}
+          {{- if include "skywalking.enabled" . }}
           - name: ISTIO_BOOTSTRAP_OVERRIDE
             value: /etc/istio/custom-bootstrap/custom_bootstrap.json
           {{- end }}
@@ -202,7 +202,7 @@ spec:
             mountPath: /etc/istio/pod
           - name: proxy-socket
             mountPath: /etc/istio/proxy
-          {{- if .Values.enableSkywalking }}
+          {{- if include "skywalking.enabled" . }}
           - mountPath: /etc/istio/custom-bootstrap
             name: custom-bootstrap-volume
           {{- end }}
@@ -242,7 +242,7 @@ spec:
       - name: config
         configMap:
           name: higress-config
-      {{- if .Values.enableSkywalking }}
+      {{- if include "skywalking.enabled" . }}
       - configMap:
           defaultMode: 420
           name: higress-custom-bootstrap

helm/core/values.yaml

@@ -45,7 +45,7 @@ global:
   # Dev builds from prow are on gcr.io
   hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress
   # Default tag for Istio images.
-  tag: 1.0.0-rc
+  tag: 1.0.0
 
   # Specify image pull policy if default behavior isn't desired.
   # Default behavior: latest images will be Always else IfNotPresent.
@@ -369,7 +369,7 @@ gateway:
   name: "higress-gateway"
   replicas: 2
   image: gateway
-  tag: "1.0.0-rc"
+  tag: "1.0.0"
   # revision declares which revision this gateway is a part of
   revision: ""
 
@@ -457,7 +457,7 @@ controller:
   name: "higress-controller"
   replicas: 1
   image: higress
-  tag: "1.0.0-rc"
+  tag: "1.0.0"
   env: {}
 
   labels: {}
@@ -547,7 +547,7 @@ pilot:
   rollingMaxUnavailable: 25%
 
   hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress
-  tag: 1.0.0-rc
+  tag: 1.0.0
 
   # Can be a full hub/image:tag
   image: pilot
@@ -610,7 +610,8 @@ pilot:
 
 
 # Skywalking config settings
-enableSkywalking: false
-Skywalking:
-  address: "skywalking-oap.higress-system.svc"
-  port: 11800
+skywalking:
+  enabled: false
+  service:
+    address: ~
+    port: 11800

helm/higress/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: higress-core
   repository: file://../core
-  version: 1.0.0-rc
+  version: 1.0.0
 - name: higress-console
   repository: https://higress.io/helm-charts/
-  version: 1.0.0-rc
-digest: sha256:e22d3f977aec759e23f035bad2cdff643e5f670788872316234701f6d0d91418
-generated: "2023-05-08T09:40:35.6095006+08:00"
+  version: 1.0.0
+digest: sha256:fb0f1b6816df5f5ac6888a93fb148b55b669affc9ac99336dd1ac818b8f84ace
+generated: "2023-05-22T17:42:02.506864+08:00"

helm/higress/Chart.yaml

@@ -1,7 +1,8 @@
 apiVersion: v2
-appVersion: 1.0.0-rc
-description: Helm chart for deploying higress gateways
+appVersion: 1.0.0
+description: Helm chart for deploying Higress gateways
 icon: https://higress.io/img/higress_logo_small.png
+home: http://higress.io/
 keywords:
 - higress
 - gateways
@@ -11,9 +12,9 @@ sources:
 dependencies:
 - name: higress-core
   repository: "file://../core"
-  version: 1.0.0-rc
+  version: 1.0.0
 - name: higress-console
   repository: "https://higress.io/helm-charts/"
-  version: 1.0.0-rc
+  version: 1.0.0
 type: application
-version: 1.0.0-rc
+version: 1.0.0

plugins/wasm-cpp/extensions/jwt_auth/README.md

@@ -244,12 +244,14 @@ public class GenerateJwtDemo {
 - 只有当`from_headers`,`from_params`,`from_cookies`均未配置时，才会使用默认值
 
 `from_headers` 中每一项的配置字段说明如下：
+
 | 名称             | 数据类型        | 填写要求| 默认值 | 描述                                                      |
 | ---------------- | --------------- | ------- | ------ | --------------------------------------------------------- |
 | `name`           | string          | 必填    | -      | 抽取JWT的请求header                                       |
 | `value_prefix`   | string          | 必填    | -      | 对请求header的value去除此前缀，剩余部分作为JWT            |
 
 `claims_to_headers` 中每一项的配置字段说明如下：
+
 | 名称             | 数据类型        | 填写要求| 默认值 | 描述                                                      |
 | ---------------- | --------------- | ------- | ------ | --------------------------------------------------------- |
 | `claim`          | string          | 必填    | -      | JWT payload中的指定字段，要求必须是字符串或无符号整数类型 |

plugins/wasm-cpp/extensions/jwt_auth/README_EN.md

@@ -390,10 +390,10 @@ consumers:
 ```
 
 # Common Error Codes
-| 
-HTTP Status Code | Error Message               | Reason Description|
-| ----------- | ---------------------- | -------------------------------------------------------------------------------- |
-| 401         | JWT missing            | The JWT is not provided in the request header. |
-| 401         | JWT expired            | The JWT has expired. |
-| 401         | JWT verification fails | The JWT payload verification failed, such as the iss mismatch. |
-| 403         | Access denied          | Access to the current route is denied. |
+
+| HTTP Status Code | Error Message               | Reason Description|
+|------------------| ---------------------- | -------------------------------------------------------------------------------- |
+| 401              | JWT missing            | The JWT is not provided in the request header. |
+| 401              | JWT expired            | The JWT has expired. |
+| 401              | JWT verification fails | The JWT payload verification failed, such as the iss mismatch. |
+| 403              | Access denied          | Access to the current route is denied. |

plugins/wasm-cpp/extensions/key_rate_limit/README.md

@@ -14,6 +14,7 @@
 |  limit_keys     |  array of object     | 必填     |   -  |  配置匹配键值后的限流次数   |
 
 `limit_keys`中每一项的配置字段说明
+
 | 名称 | 数据类型 | 填写要求 |  默认值 | 描述 |
 | -------- | -------- | -------- | -------- | -------- |
 |  key     |  string     | 必填     |   -  |  匹配的键值 |

plugins/wasm-cpp/extensions/key_rate_limit/README_EN.md

@@ -14,6 +14,7 @@
 |  limit_keys     |  array of object     | Required     |   -  |  Rate-limiting thresholds when matching specific key-values |
 
 Field descriptions of `limit_keys` items:
+
 | Name | Type | Requirement |  Default Value | Description |
 | -------- | -------- | -------- | -------- | -------- |
 |  key     |  string     | Required     |   -  |  Value to match of the specific key |

plugins/wasm-go/Dockerfile

@@ -1,4 +1,4 @@
-ARG BUILDER=higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/wasm-go-builder:go1.19-tinygo0.27.0-oras1.0.0
+ARG BUILDER=higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/wasm-go-builder:go1.19-tinygo0.25.0-oras1.0.0
 FROM $BUILDER as builder
 
 

plugins/wasm-go/DockerfileBuilder

@@ -4,13 +4,13 @@
 # - arch: amd64
 #   base image: docker.io/ubuntu
 #   go_url: https://golang.google.cn/dl/go1.20.1.linux-amd64.tar.gz"
-#   tinygo_url: https://github.com/tinygo-org/tinygo/releases/download/v0.27.0/tinygo_0.27.0_amd64.deb
+#   tinygo_url: https://github.com/alibaba/higress/releases/download/v1.0.0-rc/higress-tinygo0.25.0.linux-amd64.tar.gz
 #   oras_url: https://github.com/oras-project/oras/releases/download/v1.0.0/oras_1.0.0_linux_amd64.tar.gz
 #
 # - arch: arm64
 #   base image: docker.io/ubuntu
 #   go_url: https://golang.google.cn/dl/go1.20.1.linux-arm64.tar.gz
-#   tinygo_url: https://github.com/tinygo-org/tinygo/releases/download/v0.27.0/tinygo_0.27.0_arm64.deb
+#   tinygo_url: https://github.com/alibaba/higress/releases/download/v1.0.0-rc/higress-tinygo0.25.0.linux-arm64.tar.gz
 #   oras_url: https://github.com/oras-project/oras/releases/download/v1.0.0/oras_1.0.0_linux_arm64.tar.gz
 #
 # - arch: armel
@@ -46,7 +46,7 @@
 # - arch: armhf
 #   base image: build your self
 #   go_url: https://golang.google.cn/dl/go1.20.1.linux-armv6l.tar.gz
-#   tinygo_url: https://github.com/tinygo-org/tinygo/releases/download/v0.27.0/tinygo_0.27.0_armhf.deb
+#   tinygo_url: https://github.com/tinygo-org/tinygo/releases/download/v0.25.0/tinygo_0.25.0_armhf.deb
 #   oras_url: build your self
 
 ARG BASE_IMAGE=docker.io/ubuntu
@@ -55,46 +55,61 @@ FROM $BASE_IMAGE
 ARG GO_VERSION
 ARG TINYGO_VERSION
 ARG ORAS_VERSION
+ARG HIGRESS_VERSION
+ARG USE_HIGRESS_TINYGO
 
 LABEL go_version=$GO_VERSION tinygo_version=$TINYGO_VERSION oras_version=$ORAS_VERSION
 
 RUN apt-get update \
-  && apt-get install -y wget build-essential \
+  && apt-get install -y wget \
   && rm -rf /var/lib/apt/lists/*
 
-
 RUN arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
-	go_url=; \
+    go_url=; \
     tinygo_url=; \
     go_version=${GO_VERSION:-1.19}; \
-    tinygo_version=${TINYGO_VERSION:-0.27.0}; \
+    tinygo_version=${TINYGO_VERSION:-0.25.0}; \
     oras_version=${ORAS_VERSION:-1.0.0}; \
+    higress_version=${HIGRESS_VERSION:-1.0.0-rc}; \
+    use_higress_tinygo=${USE_HIGRESS_TINYGO:-false}; \
     echo "arch:           '$arch'"; \
     echo "go go_version:  '$go_version'"; \
     echo "tinygo_version: '$tinygo_version'"; \
     echo "oras_version: '$oras_version'"; \
-	case "$arch" in \
-		'amd64') \
+    echo "higress_version: '$higress_version'"; \
+    echo "use_higress_tinygo: '$use_higress_tinygo'"; \
+    case "$arch" in \
+        'amd64') \
             go_url="https://golang.google.cn/dl/go$go_version.linux-amd64.tar.gz"; \
-            tinygo_url="https://github.com/tinygo-org/tinygo/releases/download/v$tinygo_version/tinygo_${tinygo_version}_amd64.deb"; \
+            if [ "$use_higress_tinygo" = "true" ]; \
+            then \
+                tinygo_url="https://github.com/alibaba/higress/releases/download/v$higress_version/higress-tinygo${tinygo_version}.linux-amd64.tar.gz"; \
+            else \
+                tinygo_url="https://github.com/tinygo-org/tinygo/releases/download/v$tinygo_version/tinygo${tinygo_version}.linux-amd64.tar.gz"; \
+            fi; \
             oras_url="https://github.com/oras-project/oras/releases/download/v$oras_version/oras_${oras_version}_linux_amd64.tar.gz"; \
-			;; \
-		'arm64') \
+            ;; \
+        'arm64') \
             go_url="https://golang.google.cn/dl/go$go_version.linux-arm64.tar.gz"; \
-            tinygo_url="https://github.com/tinygo-org/tinygo/releases/download/v$tinygo_version/tinygo_${tinygo_version}_arm64.deb"; \
+            if [ "$use_higress_tinygo" = "true" ]; \
+            then \
+                tinygo_url="https://github.com/alibaba/higress/releases/download/v$higress_version/higress-tinygo${tinygo_version}.linux-arm64.tar.gz"; \
+            else \
+                tinygo_url="https://github.com/tinygo-org/tinygo/releases/download/v$tinygo_version/tinygo${tinygo_version}.linux-arm64.tar.gz"; \
+            fi; \
             oras_url="https://github.com/oras-project/oras/releases/download/v$oras_version/oras_${oras_version}_linux_arm64.tar.gz"; \
-			;; \
-		*) echo >&2 "error: unsupported architecture '$arch' "; exit 1 ;; \
-	esac; \
+            ;; \
+        *) echo >&2 "error: unsupported architecture '$arch' "; exit 1 ;; \
+    esac; \
     echo "go_url: '$go_url'"; \
-    echo "tinygo_url: '$tinygo_url'"; \
-    echo "oras_url: '$oras_url'"; \
     wget -O go.tgz "$go_url" --progress=dot:giga; \
-    wget -O tinygo.deb "$tinygo_url" --progress=dot:giga; \
-    wget -O oras.tgz "$oras_url" --progress=dot:giga; \
-    echo "Download complete"; \
     rm -rf /usr/local/go && tar -C /usr/local -xzf go.tgz && rm -rf go.tgz; \
+    echo "tinygo_url: '$tinygo_url'"; \
+    wget -O tinygo.tgz "$tinygo_url" --progress=dot:giga; \
+    rm -rf /usr/local/tinygo && tar -C /usr/local -xzf tinygo.tgz && rm -rf tinygo.tgz; \
+    echo "oras_url: '$oras_url'"; \
+    wget -O oras.tgz "$oras_url" --progress=dot:giga; \
     tar -C /usr/local/bin -xzf oras.tgz && rm -rf oras.tgz; \
-    dpkg -i tinygo.deb && rm -rf tinygo.deb
+    echo "done";
 
-ENV PATH=$PATH:/usr/local/go/bin:/usr/local/bin
+ENV PATH=$PATH:/usr/local/go/bin:/usr/local/tinygo/bin:/usr/local/bin

plugins/wasm-go/Makefile

@@ -1,27 +1,39 @@
 PLUGIN_NAME ?= hello-world
 REGISTRY ?= higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/
 GO_VERSION ?= 1.19
-TINYGO_VERSION ?= 0.27.0
+TINYGO_VERSION ?= 0.25.0
 ORAS_VERSION ?= 1.0.0
+HIGRESS_VERSION ?= 1.0.0-rc
+USE_HIGRESS_TINYGO ?= true
 BUILDER ?= ${REGISTRY}wasm-go-builder:go${GO_VERSION}-tinygo${TINYGO_VERSION}-oras${ORAS_VERSION}
 BUILD_TIME := $(shell date "+%Y%m%d-%H%M%S")
 COMMIT_ID := $(shell git rev-parse --short HEAD 2>/dev/null)
-IMG ?= ${REGISTRY}${PLUGIN_NAME}:${BUILD_TIME}-${COMMIT_ID}
+IMAGE_TAG = $(if $(strip $(PLUGIN_VERSION)),${PLUGIN_VERSION},${BUILD_TIME}-${COMMIT_ID})
+IMG ?= ${REGISTRY}${PLUGIN_NAME}:${IMAGE_TAG}
 GOPROXY := $(shell go env GOPROXY)
 
 .DEFAULT:
 build:
 	DOCKER_BUILDKIT=1 docker build --build-arg PLUGIN_NAME=${PLUGIN_NAME} \
 	                            --build-arg BUILDER=${BUILDER}  \
-								--build-arg GOPROXY=$(GOPROXY) \
+	                            --build-arg GOPROXY=$(GOPROXY) \
 	                            -t ${IMG} \
 	                            --output extensions/${PLUGIN_NAME} \
 	                            .
 	@echo ""
-	@echo "image:            ${IMG}"
 	@echo "output wasm file: extensions/${PLUGIN_NAME}/plugin.wasm"
 
-build-push: build
+build-image:
+	DOCKER_BUILDKIT=1 docker build --build-arg PLUGIN_NAME=${PLUGIN_NAME} \
+	                            --build-arg BUILDER=${BUILDER}  \
+	                            --build-arg GOPROXY=$(GOPROXY) \
+	                            -t ${IMG} \
+	                            --load \
+	                            .
+	@echo ""
+	@echo "image:            ${IMG}"
+
+build-push: build-image
 	docker push ${IMG}
 
 # builder:
@@ -39,6 +51,8 @@ builder:
 			--build-arg GO_VERSION=$(GO_VERSION) \
 			--build-arg TINYGO_VERSION=$(TINYGO_VERSION) \
 			--build-arg ORAS_VERSION=$(ORAS_VERSION) \
+			--build-arg HIGRESS_VERSION=$(HIGRESS_VERSION) \
+			--build-arg USE_HIGRESS_TINYGO=$(USE_HIGRESS_TINYGO) \
 			-f DockerfileBuilder \
 			-t ${BUILDER} \
 			--push \

plugins/wasm-go/extensions/de-graphql/README.md

@@ -100,10 +100,6 @@ curl 'https://api.github.com/graphql' -X POST \
 | `gql`           | graphql 查询              | 不能为空       |
 | `endpoint`      | graphql 查询端点            | `/graphql` |
 | `timeout`       | 查询连接超时，单位毫秒             | `5000`     |
-| `serviceSource` | 服务来源：k8s, nacos,dns, ip | 不能为空       |
-| `serviceName`   | 服务名称                    | 不能为空       |
-| `servicePort`   | 服务端口                    | 不能为空       |
-| `namespace`     | 服务命名空间， 当服务来源是nacos需要配置 |      |
 | `domain`        | 服务域名，当服务来源是dns配置        |      |
 
 ### 插件使用
@@ -158,9 +154,6 @@ spec:
     config:
       timeout: 5000
       endpoint: /graphql
-      serviceSource: dns
-      serviceName: github
-      servicePort: 443
       domain: api.github.com
       gql: |
            query ($owner:String! $name:String!){

plugins/wasm-go/extensions/de-graphql/config/degraphql_config.go

@@ -16,7 +16,6 @@ package config
 
 import (
 	"errors"
-	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"net/url"
 	"regexp"
 	"strings"
@@ -46,10 +45,10 @@ type Variable struct {
 }
 
 type DeGraphQLConfig struct {
-	client    wrapper.HttpClient
 	gql       string
 	endpoint  string
 	timeout   uint32
+	domain    string
 	variables []Variable
 }
 
@@ -63,6 +62,14 @@ func (d *DeGraphQLConfig) SetEndpoint(endpoint string) error {
 	return nil
 }
 
+func (d *DeGraphQLConfig) GetDomain() string {
+	return d.domain
+}
+
+func (d *DeGraphQLConfig) SetDomain(domain string) {
+	d.domain = domain
+}
+
 func (d *DeGraphQLConfig) GetEndpoint() string {
 	return d.endpoint
 }
@@ -79,14 +86,6 @@ func (d *DeGraphQLConfig) SetTimeout(timeout uint32) {
 	}
 }
 
-func (d *DeGraphQLConfig) SetClient(client wrapper.HttpClient) {
-	d.client = client
-}
-
-func (d *DeGraphQLConfig) GetClient() wrapper.HttpClient {
-	return d.client
-}
-
 func (d *DeGraphQLConfig) SetGql(gql string) error {
 	if strings.TrimSpace(gql) == "" {
 		return errors.New("gql can't be empty")

plugins/wasm-go/extensions/de-graphql/envoy.yaml

@@ -22,7 +22,7 @@ static_resources:
                         - match:
                             prefix: "/api"
                           route:
-                            cluster: mock_service
+                            cluster: github
                 http_filters:
                   - name: envoy.filters.http.wasm
                     typed_config:
@@ -35,9 +35,6 @@ static_resources:
                             value: |-
                               {
                                 "gql": "query ($owner:String! $name:String!){\n repository(owner:$owner, name:$name) {\n name\n forkCount\n description\n}\n}",
-                                "serviceSource": "dns",
-                                "serviceName": "github",
-                                "servicePort": 443,
                                 "domain": "api.github.com",
                                 "endpoint": "/graphql",
                                 "timeout": 2000
@@ -96,7 +93,7 @@ static_resources:
                     socket_address:
                       address: 127.0.0.1
                       port_value: 8099
-    - name: outbound|443||github.dns
+    - name: github
       connect_timeout: 0.5s
       type: STRICT_DNS
       lb_policy: ROUND_ROBIN
@@ -107,7 +104,7 @@ static_resources:
         typed_config:
           "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
       load_assignment:
-        cluster_name: outbound|443||github.dns
+        cluster_name: github
         endpoints:
           - lb_endpoints:
               - endpoint:

plugins/wasm-go/extensions/de-graphql/go.mod

@@ -2,6 +2,8 @@ module de-graphql
 
 go 1.19
 
+replace github.com/alibaba/higress/plugins/wasm-go => ../..
+
 require (
 	github.com/alibaba/higress/plugins/wasm-go v0.0.0-20230410091208-df60dd43079c
 	github.com/stretchr/testify v1.8.0

plugins/wasm-go/extensions/de-graphql/graphql.yaml

@@ -51,11 +51,9 @@ spec:
                description
             }
           }
-        serviceName: github
-        servicePort: 443
-        serviceSource: dns
         timeout: 5000
       configDisable: false
       ingress:
         - github-api
   url: oci://docker.io/2456868764/de-graphql:1.0.0
+

plugins/wasm-go/extensions/de-graphql/main.go

@@ -15,7 +15,6 @@
 package main
 
 import (
-	"errors"
 	"fmt"
 	"net/http"
 
@@ -42,7 +41,8 @@ func parseConfig(json gjson.Result, config *config.DeGraphQLConfig, log wrapper.
 	gql := json.Get("gql").String()
 	endpoint := json.Get("endpoint").String()
 	timeout := json.Get("timeout").Int()
-	log.Debugf("gql:%s endpoint:%s timeout:%d", gql, endpoint, timeout)
+	domain := json.Get("domain").String()
+	log.Debugf("gql:%s endpoint:%s timeout:%d domain:%s", gql, endpoint, timeout, domain)
 	err := config.SetGql(gql)
 	if err != nil {
 		return err
@@ -52,48 +52,7 @@ func parseConfig(json gjson.Result, config *config.DeGraphQLConfig, log wrapper.
 		return err
 	}
 	config.SetTimeout(uint32(timeout))
-	serviceSource := json.Get("serviceSource").String()
-	serviceName := json.Get("serviceName").String()
-	servicePort := json.Get("servicePort").Int()
-	log.Debugf("serviceSource:%s serviceName:%s servicePort:%d", serviceSource, serviceName, servicePort)
-	if serviceName == "" || servicePort == 0 {
-		return errors.New("invalid service config")
-	}
-	switch serviceSource {
-	case "k8s":
-		namespace := json.Get("namespace").String()
-		config.SetClient(wrapper.NewClusterClient(wrapper.K8sCluster{
-			ServiceName: serviceName,
-			Namespace:   namespace,
-			Port:        servicePort,
-		}))
-		return nil
-	case "nacos":
-		namespace := json.Get("namespace").String()
-		config.SetClient(wrapper.NewClusterClient(wrapper.NacosCluster{
-			ServiceName: serviceName,
-			NamespaceID: namespace,
-			Port:        servicePort,
-		}))
-		return nil
-	case "ip":
-		config.SetClient(wrapper.NewClusterClient(wrapper.StaticIpCluster{
-			ServiceName: serviceName,
-			Port:        servicePort,
-		}))
-		return nil
-	case "dns":
-		domain := json.Get("domain").String()
-		config.SetClient(wrapper.NewClusterClient(wrapper.DnsCluster{
-			ServiceName: serviceName,
-			Port:        servicePort,
-			Domain:      domain,
-		}))
-		return nil
-	default:
-		return errors.New("unknown service source: " + serviceSource)
-	}
-
+	config.SetDomain(domain)
 	return nil
 }
 
@@ -122,8 +81,9 @@ func onHttpRequestHeaders(ctx wrapper.HttpContext, config config.DeGraphQLConfig
 	}
 	// Add header Content-Type: application/json
 	headers = append(headers, [2]string{"Content-Type", "application/json"})
+	client := wrapper.NewClusterClient(wrapper.RouteCluster{Host: config.GetDomain()})
 	// Call upstream graphql endpoint
-	config.GetClient().Post(config.GetEndpoint(), headers, []byte(replaceBody),
+	client.Post(config.GetEndpoint(), headers, []byte(replaceBody),
 		func(statusCode int, responseHeaders http.Header, responseBody []byte) {
 			// Pass response headers and body to client
 			headers := make([][2]string, 0, len(responseHeaders)+3)

plugins/wasm-go/pkg/wrapper/cluster_wrapper.go

@@ -17,6 +17,8 @@ package wrapper
 import (
 	"fmt"
 	"strings"
+
+	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
 )
 
 type Cluster interface {
@@ -24,6 +26,25 @@ type Cluster interface {
 	HostName() string
 }
 
+type RouteCluster struct {
+	Host string
+}
+
+func (c RouteCluster) ClusterName() string {
+	routeName, err := proxywasm.GetProperty([]string{"cluster_name"})
+	if err != nil {
+		proxywasm.LogErrorf("get route cluster failed, err:%v", err)
+	}
+	return string(routeName)
+}
+
+func (c RouteCluster) HostName() string {
+	if c.Host != "" {
+		return c.Host
+	}
+	return GetRequestHost()
+}
+
 type K8sCluster struct {
 	ServiceName string
 	Namespace   string

plugins/wasm-go/pkg/wrapper/http_wrapper.go

@@ -115,7 +115,7 @@ func HttpCall(cluster Cluster, method, path string, headers [][2]string, body []
 			requestID, code, normalResponse, respBody)
 		callback(code, headers, respBody)
 	})
-	proxywasm.LogDebugf("http call start, id: %s, cluster: %+v, method: %s, path: %s, body: %s, timeout: %d",
-		requestID, cluster, method, path, body, timeout)
+	proxywasm.LogDebugf("http call start, id: %s, cluster: %s, method: %s, path: %s, body: %s, timeout: %d",
+		requestID, cluster.ClusterName(), method, path, body, timeout)
 	return err
 }

plugins/wasm-go/pkg/wrapper/plugin_wrapper.go

@@ -40,6 +40,7 @@ type HttpContext interface {
 type ParseConfigFunc[PluginConfig any] func(json gjson.Result, config *PluginConfig, log Log) error
 type onHttpHeadersFunc[PluginConfig any] func(context HttpContext, config PluginConfig, log Log) types.Action
 type onHttpBodyFunc[PluginConfig any] func(context HttpContext, config PluginConfig, body []byte, log Log) types.Action
+type onHttpStreamDoneFunc[PluginConfig any] func(context HttpContext, config PluginConfig, log Log)
 
 type CommonVmCtx[PluginConfig any] struct {
 	types.DefaultVMContext
@@ -51,6 +52,7 @@ type CommonVmCtx[PluginConfig any] struct {
 	onHttpRequestBody     onHttpBodyFunc[PluginConfig]
 	onHttpResponseHeaders onHttpHeadersFunc[PluginConfig]
 	onHttpResponseBody    onHttpBodyFunc[PluginConfig]
+	onHttpStreamDone      onHttpStreamDoneFunc[PluginConfig]
 }
 
 func SetCtx[PluginConfig any](pluginName string, setFuncs ...SetPluginFunc[PluginConfig]) {
@@ -89,6 +91,12 @@ func ProcessResponseBodyBy[PluginConfig any](f onHttpBodyFunc[PluginConfig]) Set
 	}
 }
 
+func ProcessStreamDoneBy[PluginConfig any](f onHttpStreamDoneFunc[PluginConfig]) SetPluginFunc[PluginConfig] {
+	return func(ctx *CommonVmCtx[PluginConfig]) {
+		ctx.onHttpStreamDone = f
+	}
+}
+
 func parseEmptyPluginConfig[PluginConfig any](gjson.Result, *PluginConfig, Log) error {
 	return nil
 }
@@ -289,3 +297,13 @@ func (ctx *CommonHttpCtx[PluginConfig]) OnHttpResponseBody(bodySize int, endOfSt
 	}
 	return ctx.plugin.vm.onHttpResponseBody(ctx, *ctx.config, body, ctx.plugin.vm.log)
 }
+
+func (ctx *CommonHttpCtx[PluginConfig]) OnHttpStreamDone() {
+	if ctx.config == nil {
+		return
+	}
+	if ctx.plugin.vm.onHttpStreamDone == nil {
+		return
+	}
+	ctx.plugin.vm.onHttpStreamDone(ctx, *ctx.config, ctx.plugin.vm.log)
+}

test/ingress/conformance/tests/httproute-force-redirect-https.go

@@ -0,0 +1,67 @@
+// Copyright (c) 2022 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tests
+
+import (
+	"testing"
+
+	"github.com/alibaba/higress/test/ingress/conformance/utils/http"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/roundtripper"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/suite"
+)
+
+func init() {
+	HigressConformanceTests = append(HigressConformanceTests, HttpForceRedirectHttps)
+}
+
+var HttpForceRedirectHttps = suite.ConformanceTest{
+	ShortName:   "HttpForceRedirectHttps",
+	Description: " The ingress in the higress-conformance-infra namespace enforces server-side HTTPS with forced redirection.",
+	Manifests:   []string{"tests/httproute-force-redirect-https.yaml"},
+	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+		testcases := []http.Assertion{
+			{
+				Meta: http.AssertionMeta{
+					TargetBackend:   "infra-backend-v1",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Host:             "test.com",
+						Path:             "/test",
+						UnfollowRedirect: true,
+					},
+					RedirectRequest: &roundtripper.RedirectRequest{
+						Scheme: "https",
+						Host:   "test.com",
+						Path:   "/test",
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 308,
+					},
+				},
+			},
+		}
+
+		t.Run("HTTPFORCEREDIRCTHTTPS", func(t *testing.T) {
+			for _, testcase := range testcases {
+				http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
+			}
+		})
+
+	},
+}

test/ingress/conformance/tests/httproute-force-redirect-https.yaml

@@ -0,0 +1,49 @@
+# Copyright (c) 2022 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+  name: http-redirect-as-https
+  namespace: higress-conformance-infra
+spec:
+  ingressClassName: higress
+  tls:
+    - hosts:
+        - "test.com"
+      secretName: my-app-tls-secret
+  rules:
+    - host: "test.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/test"
+            backend:
+              service:
+                name: infra-backend-v1
+                port:
+                  number: 8080
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-tls-secret
+  namespace: higress-conformance-infra
+type: kubernetes.io/tls
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQxekNDQXIrZ0F3SUJBZ0lVWXh4dE1Ia0tIQXpxM25yUG0rd0Y2UEtNdmw4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2V6RUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWxOWU1Rc3dDUVlEVlFRSERBSllRVEVOTUFzRwpBMVVFQ2d3RVdGVlFWREVUTUJFR0ExVUVDd3dLVEVsT1ZWaEhVazlWVURFTU1Bb0dBMVVFQXd3RFJsbFVNU0F3CkhnWUpLb1pJaHZjTkFRa0JGaEZtWjNrNE9UTTJRR2R0WVdsc0xtTnZiVEFlRncweU16QTFNRGd4TkRVM016UmEKRncweU5EQTFNRGN4TkRVM016UmFNSHN4Q3pBSkJnTlZCQVlUQWtOT01Rc3dDUVlEVlFRSURBSlRXREVMTUFrRwpBMVVFQnd3Q1dFRXhEVEFMQmdOVkJBb01CRmhWVUZReEV6QVJCZ05WQkFzTUNreEpUbFZZUjFKUFZWQXhEREFLCkJnTlZCQU1NQTBaWlZERWdNQjRHQ1NxR1NJYjNEUUVKQVJZUlptZDVPRGt6TmtCbmJXRnBiQzVqYjIwd2dnRWkKTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEUEVHaDJxeFpFMmpJUnMvNkFXYkI2b3oxZQpic0c4enE0YWxLTzVUcjgzWFlrUzhOa2g4UkdiU1l3ODlVR3NBWmZ0WkFqT0M2Mml1aEVOUTUzZjhwTmoySWQ1Ck9PNGVhVDN6bndKQ0xGMmRHcThRZE90c1RjU09FZE11N2dORWVOZkxVeWRFNitnYjcxSi9PRkNlZTlQM1dWWWgKQ05adG1nYWcyWm0wQUZxT0F2b1hUV3lGdDBzWEYyVG90VENnWFhNM1kydmdCY3JRMHRTbllHZmVqOVRUcmpENgpGQTBTYmFlL0F6Y001cC9FNmdKNWFXREhLekY5c2lvOHRUOUZuN1Fzb3djR1BSTElOL1o3OGxhaEZITGpsVFBtCmZqUEFmdWVUWVYzY05ZNXRGNjZlV1duazI0WG4vTEFaSlhHU0hXRm5aWHhxZWIxQlBQQlRKSFpWNmFScEFnTUIKQUFHalV6QlJNQjBHQTFVZERnUVdCQlFScHRWS3hCNGpGTjJnZTAwVStBd3FLM2czTkRBZkJnTlZIU01FR0RBVwpnQlFScHRWS3hCNGpGTjJnZTAwVStBd3FLM2czTkRBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ2tJTVJKYzRqZWtCazZUTUVUckFmOWJiKzBMcVkyYi9EMUlXdjUycFZzRkNmeWRDQ0wKRS9KVU1USGpTUXZvd1FRSHh1S291d3VHd2VoVFVocHJISzNzUXptUnZLTkpMVGlkT0tlNWJSUEZuTEVCa1JMRQpnQ1hrRXFNY2dvSjlMdzQvWW5sVm5UakRxK1lVN21QUkJlV3U3WDNFTXE4MWpjNHg1RWtubDZXem95MjIxd1RKCkhMTEl2OGFsbTBuYzAzV2lBbVBsUGpLL3Z3N0lRNDlKMTlydnROMXNDQ2xyUDBSVyt1NjRQL0luL3pBeE1HMC8KeGkwTTdjYk1GYjh5UGFDeERPWVQ0enljdWRUWlhNS0FReDRxLzRhYVpRK1oxV2FBTkVtQi9OM1hNTHBTTUZJaApEdjdCbUVVOWRSUkx6dklQMHIxNDlKNnlaZ2VQYzc2WWR5R0oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFBFR2gycXhaRTJqSVIKcy82QVdiQjZvejFlYnNHOHpxNGFsS081VHI4M1hZa1M4TmtoOFJHYlNZdzg5VUdzQVpmdFpBak9DNjJpdWhFTgpRNTNmOHBOajJJZDVPTzRlYVQzem53SkNMRjJkR3E4UWRPdHNUY1NPRWRNdTdnTkVlTmZMVXlkRTYrZ2I3MUovCk9GQ2VlOVAzV1ZZaENOWnRtZ2FnMlptMEFGcU9Bdm9YVFd5RnQwc1hGMlRvdFRDZ1hYTTNZMnZnQmNyUTB0U24KWUdmZWo5VFRyakQ2RkEwU2JhZS9BemNNNXAvRTZnSjVhV0RIS3pGOXNpbzh0VDlGbjdRc293Y0dQUkxJTi9aNwo4bGFoRkhMamxUUG1malBBZnVlVFlWM2NOWTV0RjY2ZVdXbmsyNFhuL0xBWkpYR1NIV0ZuWlh4cWViMUJQUEJUCkpIWlY2YVJwQWdNQkFBRUNnZ0VBRSs5UzkxWEtXNCtjTVdzZ1RmQVVsd0gvUndlbnZFc3pwTmg1bUw0Vmw3bDQKR0d3Nm8xTm5yQWtkS01NOTh0Ym1ieExwN0JoZ3U2RnBRZHNvS0diY3ZNaWNabFhPU3Z3NzNDZ0xXaDZXVnFrNgpnSDJaS3NDajh6K1JFdHdVVVhQRzVzclhKWUlHd3lXN3pnYTRjRUdncXhnZFBDbnpKdk1rdnppajNSb0puZEZNCktMMjBjeDArUDROMnZLem1FSDJaYmZLUUo0bXlpTlUzdTFjWE14L1hhU04yczJNSExqNHVZemFJV0Q1clU0S1YKOHVrTmNnT3ZFSHl1eUFYcGgyYlVXdjVMcWIvWnFuQnVqVDI1ZFF6Zk43NC81a3grR1dNVkpVMXM1cUFqOEVyMApWZXhhK0FkMU9hM2JTMktEVGt4MHROQVZ1NGprT2tLSkZxVWJjc2RtendLQmdRRHl1T2diSW9CcVY2NjRLTVhlCk1lendkRGVLdTV3dkhUUEhDQStnQlRkbE5Kb1orS3g2Z2FVOXhsN0o2Q0pIcXB2Ti8xdGZFdVY1bzMySmhMdzEKQWtJMDY1ODQ3Slgyb1BvWDFYdU4xelJNUjk4bW05YWkvNk10d20vYWpoOVdKNnhKV2tCYUpyVXB1UGV5K2d5QQp6cDRhSXFCY2xXUjJWK0dkS3RHODROeWNKd0tCZ1FEYVpDUjVMVzBSMmc2bTNHUk9nQS9vY0RMTEM3V0ovVzliCkxUcTZLcndWYlVKUFUvRk1IbG1wb3NBOHY0dUp2MklnM0FwTXphL0JJd2FCUHMvUXArN1hrZVI1em5MbEg2RlEKK3VNQnVRRDhBRXQxZTZiVzJYQkpCcDZjemJXMmF1bjYvUEd3WmpCZkdYT0RQNXJVWHFQNkpiZ2pqMjdwL2RYMwpFVzUrVGlyRTd3S0JnRjdLSzRyOVRGMDdaUFp5cGVPQ1o5LzM0d0VCQjV1MnNkUFdxQk44TmdnR0pQQmpseWc0Cm5VbWt3THZsTmczNjZPSG9DY3oxV2p6SXhtd0FOR2dYTzdmakZNbHNTNXlIZldQMWNVMFJjRkVoK0ZuaG5rOEYKdXJwU0p0Q1psRTlYS3dkeWdaTXpicWllbmMxOXJZaFlLSkpZVjN3UXM2MHI0T1k2SkxLNHRpOGRBb0dCQUpjeQpyK0hKWm5MdWtpaEorNVF4cTFIVXBBWFpkSFUxcGl2czAzVGljMWN1VHJOWFBYN2lvRmNHbTZzelBlcy9PalBmCnc2M0sxYnlVZ0VObzlqM1NsbFJlNkZ6QVp1RmtsYTNZRk9RemJwQUpzRFNGU0V3RlBHMENqVHVvVy84UVpDL2wKZ1hzTU5MOFNndHZDWkhKVmw1ZHZGOTVleG41dncvd0s4SUczb25xM0FvR0FiYVV6UGZJWkRiTlJvM2tKeEZxawoxellzd3ZUUTdqU1lvMGlSbUVNSG9KTStvYWJPaFZjN0NZSjFoK1ZXelBmWXJCUFE5VEZjZEI3b1hueW9OTlZOClBjdGtUYXc1LyszNWdJWThHcmJsdzlqWmtmalFFVDJPNkFmMG5tQTd4a1F2djZkZkgzQTI0WlRyTExrY0pJTzYKZGVtNFpXbitiUWFRNnBvYThJdngvelU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K

test/ingress/conformance/tests/httproute-redirct-as-https.yaml

@@ -0,0 +1,50 @@
+# Copyright (c) 2022 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  name: http-redirect-as-https
+  namespace: higress-conformance-infra
+spec:
+  ingressClassName: higress
+  tls:
+    - hosts:
+        - "test.com"
+      secretName: my-app-tls-secret
+  rules:
+    - host: "test.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/test"
+            backend:
+              service:
+                name: infra-backend-v1
+                port:
+                  number: 8080
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-tls-secret
+  namespace: higress-conformance-infra
+type: kubernetes.io/tls
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURzVENDQXBtZ0F3SUJBZ0lVUGRDZENSdm1pbVZwK2VCcTMxUm9oZ1JsYTBzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2FERUxNQWtHQTFVRUJoTUNZWE14RERBS0JnTlZCQWdNQTJSaGN6RU1NQW9HQTFVRUJ3d0RZWE5rTVF3dwpDZ1lEVlFRS0RBTmhaSE14RERBS0JnTlZCQXNNQTNwNFl6RU5NQXNHQTFVRUF3d0VZWGRsY2pFU01CQUdDU3FHClNJYjNEUUVKQVJZRGNYZGxNQjRYRFRJek1EVXlNREEzTVRRd09Wb1hEVEkwTURVeE9UQTNNVFF3T1Zvd2FERUwKTUFrR0ExVUVCaE1DWVhNeEREQUtCZ05WQkFnTUEyUmhjekVNTUFvR0ExVUVCd3dEWVhOa01Rd3dDZ1lEVlFRSwpEQU5oWkhNeEREQUtCZ05WQkFzTUEzcDRZekVOTUFzR0ExVUVBd3dFWVhkbGNqRVNNQkFHQ1NxR1NJYjNEUUVKCkFSWURjWGRsTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUExeHB6Z21UVzdwQmUKa3ZlRkRBU0JZLzdpZmxvWFk1T0x3OUZwOXJqZHNMRmh5Y1dPR0U5NHJ1RmhDSkVqYmNzQW5URHZOKzg4WVRzOApkV2tWbVArQ1RQQjVoN2EvZmJtelJPYVE5SjVDQXhqaGJuRGhCc3YrYVpzeVlhVzBHQkp3Y3h6U1RoVUJpbm9aCmJwYUhvU1QxUjBlZ0FHQ2lkWk4wU2xDMW9KYmxOMHJoOGxKNUROcWxWSnBYejUxaGdLU1NmSm1UcElRQkhBQVkKSDVMUU1CTCtQem9INy83cWhUSUVaWWJvU0o2ajV1ZDc1YUZzVVhndmdLWFgvZ2JZTHlaQ0ljTXUyR2YzRjQ5bwoyc1QwdFZzQmxHbWsrVkswcmgxSi9xQjBWNDBheU8xR3NFalRhelBLUitrYTZJS1N6SjJLVkJadCtHQTdGMUkrCmlHOXcrVDQwVFFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVTFLZSs3aHZTaTljRjhXM2hZTW5hd0NKblcwVXcKSHdZRFZSMGpCQmd3Rm9BVTFLZSs3aHZTaTljRjhXM2hZTW5hd0NKblcwVXdEd1lEVlIwVEFRSC9CQVV3QXdFQgovekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQ3JGQU1KV3g1QThsaXVLY1NETmlWY0Rvem5sU1p6cFYyeGRNCnpkSU5SRytFVXFzV3lpekNtWk5rSUMyV0lKTWhNdVBkOWhJdTZ3cWd5YjJaNnN3MmdjOXpwVnpsbkRKYlUwSlUKZEZJZDFuYmtQRG01ekk3NzAyRTk0eVZqUUs5ZllRVDU3cHFTdlkvOUpSeXRpcGdpdnAxMGR2UC95NUpocDVBawo3VHNQcnZ2K3gzWGhLYTRwRG40eEhzZHp4MGx0ZHdUdExiaWFGU1IwUHpBZzdpOUNsbjQ5aWRRd3YxaHpaNTV5CkFtOStESHhmTkgreGFIYk9zWTJFRHpiZ0FxR0JMaTNEMmtxMkdRREFmRDdOdGovRUNlODl1bG5zSWpMajB5YmUKNWR0QzRXYndBNER3UHBFWUJvbTFTZmdxQlJSSG5seTVIMUxZMS80ZnpUZkNIYkFtdWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFhHbk9DWk5idWtGNlMKOTRVTUJJRmovdUorV2hkams0dkQwV24ydU4yd3NXSEp4WTRZVDNpdTRXRUlrU050eXdDZE1PODM3enhoT3p4MQphUldZLzRKTThIbUh0cjk5dWJORTVwRDBua0lER09GdWNPRUd5LzVwbXpKaHBiUVlFbkJ6SE5KT0ZRR0tlaGx1CmxvZWhKUFZIUjZBQVlLSjFrM1JLVUxXZ2x1VTNTdUh5VW5rTTJxVlVtbGZQbldHQXBKSjhtWk9raEFFY0FCZ2YKa3RBd0V2NC9PZ2Z2L3VxRk1nUmxodWhJbnFQbTUzdmxvV3hSZUMrQXBkZitCdGd2SmtJaHd5N1laL2NYajJqYQp4UFMxV3dHVWFhVDVVclN1SFVuK29IUlhqUnJJN1Vhd1NOTnJNOHBINlJyb2dwTE1uWXBVRm0zNFlEc1hVajZJCmIzRDVQalJOQWdNQkFBRUNnZ0VBTVRZT2ZpTDIzejV0UEo5Zk0zZ21hQXVzb3E2VzBrT3p3cGw2N2lTdUoxbjEKbnRWUkpIT3VEd2htRERFMFUwNlJ0ZVMzbmVyZ08vaHk1UU9sR3NzOThyOURkbzZUTWI3VjZpbjd1Tk1xRkE1UgpxTlF2VDBCRlZNRGFYbWVzRTZQSVVUV2pVWlRSdE80cE9sazY3MTJHdGdlSGJmNnR2RXQvVys4cUZuTGZQdTQ1Cm50Nld6NzgrRkVuUW5qWVk3R1N4bTlaVFEraUw3VGMyR09MMUFjdkxVcmV1VS9aMXNwTVFPTFRUUzBLbkJka0YKY0FVeFBkNGpnZ3lwbGNpSHBQaktNNG1VRGkvSDluTWFjNyt4K08zZFZCNXlpb2xLREJCOHUybDIvb3BPSzVVZwpTSUg0ajVqU1NJY3lNNUNSdkFpR2Q3eE9HaE1Zb3hQV1FNNnduNGMyMFFLQmdRRFpEbkc5TmNTeHVSbnNUSVFMCnZIMForUWFMZmZ4WGF6eWswM21NMldiOWd3NEoxOGF5ZlF4STk2RU13VXd5ODJkRFh5QldzWFgxK0NxMnd2ZUUKMnB1cU1kV3pvUWI4UnZlOVJ6RDlwM0Z1V2kyR3BmL3JsWkVmZ1lRek1FWENtWnN0VlVDZXo5aVZVdW5ZQzRoZQovNU83Zm12VkVlQ1k3TUFIT2JtWUNOWmNtUUtCZ1FEOXNreTdqNjViai9ZYzlER2pQVzNraUZKeWl5YU9rb2dQCnVtbk5vQ2w4bHhIZ2d1Ym8wT3pubEFZQ0M5V3pxTmdBa3E4eWNlMkdTVkFEOTNoZisycDNON3lGRktMS0I3L0YKTlFsUHMyV2pyK25DUytxSHBSdnpQUjgzN01DUkZnbVlxRlNlaXE5NlcyeStwVTJBYVJkQTlqYWtPeWd0TGl5YQpSbHFDeWNVUjFRS0JnUUROWXBLVFpGWmJpUGdUbFk5NC80RXMyMnVyQUtxUEdhVEhubWVzdEdaMHlkYTF6NXh2CmRrM3ltWWFsNkI0dk5BeHBQcEQrRjJ1ME5JQk9jWXYvQlZBNHFuRTVTTXl3V0lMQmNxVFR6K1pRY2pvVDUrMlMKd1BNU2FkNXJCV2x0S3lZZnJrUzRRWm9DS2ZPbC83dXBrSkw4M2pJdzZucW9tWlZYQVBNeC9tTEFPUUtCZ1FDQQpWeXplVGNlRTVvVTVESWYzN3VHakZSdXdlcGljMDZBbFpNYVZrWXFyVHJscWZJNVlCU2x6MWJ4Y1dLUlphUGN0CkF3ZkNXMFF3QlBLSHJ5K2tUc29EV1p6ekxnZFVjU3NnbHI0SkpkWXJRcGpkQkE2M1pGMkpaY2hmUUZRQ2tjVjEKQnVNWCtVemdkMVBCOWxvSXRpRmZhYThtMGc1M0hMN1BwUHV3NG1YaHFRS0JnQmY5NGRrTXplUW44SDBrK2xXcQpJV3lJaGtqOHpNUmw2ODNzRFFOQUdSYngyTnR2RjYyL2dUK1ZJSXdmSzV5MmI4WXEwNFVEQy9rL1hkK0lBc3dVClFTRGdUVFpmYzZkUkVtRU8zc0M0a0xYa1N3Y1BQZmcvTC92T29YRDJiZWxmWUFtaHhSUnByQ0p4ZVowRVBvRUEKc25RblpMN1VsZCtSTmF3dmJNR05XTXJiCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+

test/ingress/conformance/tests/httproute-redirect-as-https.go

@@ -0,0 +1,67 @@
+// Copyright (c) 2022 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tests
+
+import (
+	"testing"
+
+	"github.com/alibaba/higress/test/ingress/conformance/utils/http"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/roundtripper"
+	"github.com/alibaba/higress/test/ingress/conformance/utils/suite"
+)
+
+func init() {
+	HigressConformanceTests = append(HigressConformanceTests, HttpRedirectAsHttps)
+}
+
+var HttpRedirectAsHttps = suite.ConformanceTest{
+	ShortName:   "HttpRedirectAsHttps",
+	Description: "The Ingress in the higress-conformance-infra namespace Server-side HTTPS enforcement through redirect.",
+	Manifests:   []string{"tests/httproute-redirct-as-https.yaml"},
+	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+		testcases := []http.Assertion{
+			{
+				Meta: http.AssertionMeta{
+					TargetBackend:   "infra-backend-v1",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Host:             "test.com",
+						Path:             "/test",
+						UnfollowRedirect: true,
+					},
+					RedirectRequest: &roundtripper.RedirectRequest{
+						Scheme: "https",
+						Host:   "test.com",
+						Path:   "/test",
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 308,
+					},
+				},
+			},
+		}
+
+		t.Run("HTTPREDIRCTASHTTPS", func(t *testing.T) {
+			for _, testcase := range testcases {
+				http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
+			}
+		})
+
+	},
+}

test/ingress/e2e_test.go

@@ -70,6 +70,8 @@ func TestHigressConformanceTests(t *testing.T) {
 		tests.HTTPRouteWhitelistSourceRange,
 		tests.HTTPRouteCanaryWeight,
 		tests.HTTPRouteMatchPath,
+		tests.HttpForceRedirectHttps,
+		tests.HttpRedirectAsHttps,
 	}
 
 	cSuite.Run(t, higressTests)