Skip to content

dynamic_modules: remote source: add nack_on_cache_miss#44044

Merged
wbpcode merged 4 commits intoenvoyproxy:mainfrom
kanurag94:dym-module-nack-on-cache-miss
Mar 30, 2026
Merged

dynamic_modules: remote source: add nack_on_cache_miss#44044
wbpcode merged 4 commits intoenvoyproxy:mainfrom
kanurag94:dym-module-nack-on-cache-miss

Conversation

@kanurag94
Copy link
Copy Markdown
Contributor

@kanurag94 kanurag94 commented Mar 20, 2026

Commit Message: dynamic_modules: add nack_on_cache_miss for remote module sources

Additional Description:

This PR adds support for nacking a configuration if the dynamic module is not fetched and start a background fetch. The module may become available in the next config push and ready to use from cache.

Entries are keyed by sha256 so that multiple listeners can use the same fetch. The cache lives inside the factory and is safe to be used across listeners. Completed entries are cleaned up on the next createFilterFactory() and not during a fetch callback. So that the RemoteDataFetcher is not destroyed mid-fetch.

Risk Level: Low
Testing: Unit tests added. Manually validated
Docs Changes: Proto changes included
Release Notes: Added

[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
@repokitteh-read-only
Copy link
Copy Markdown

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #44044 was opened by kanurag94.

see: more, trace.

Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
@kanurag94
Copy link
Copy Markdown
Contributor Author

/retest

@kanurag94
Copy link
Copy Markdown
Contributor Author

/gemini review

Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the nack_on_cache_miss option for remote dynamic modules, enabling a non-blocking loading mechanism suitable for ECDS and per-route configurations. The changes are well-implemented, including clear documentation in the protobuf definition, a corresponding changelog entry, and a comprehensive set of tests that cover success, failure, and edge-case scenarios. The overall approach is sound. I have one minor suggestion to optimize a section of the code for better performance and readability.

Comment thread source/extensions/filters/http/dynamic_modules/factory.cc
Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
@kanurag94 kanurag94 marked this pull request as ready for review March 23, 2026 11:29
@repokitteh-read-only
Copy link
Copy Markdown

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @wbpcode
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #44044 was ready_for_review by kanurag94.

see: more, trace.

Copy link
Copy Markdown
Member

@wbpcode wbpcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

Comment on lines +240 to +249
void DynamicModuleConfigFactory::BackgroundFetchState::onSuccess(const std::string& data) {
auto result = Extensions::DynamicModules::newDynamicModuleFromBytes(data, sha256_, do_not_close_,
load_globally_);
if (!result.ok()) {
ENVOY_LOG(error, "Failed to load background-fetched module: {}", result.status().message());
} else {
ENVOY_LOG(info, "Background fetch complete, module cached for SHA256 {}", sha256_);
}
completed_ = true;
}
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the background fetcher only need to fetch the data, validate its hash, and write it to local file. We needn't try to load it because it make no sense I think?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make sense. It would have no real meaning. Thanks for catching this

Copy link
Copy Markdown
Member

@wbpcode wbpcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will say, great. Thanks for this great contribution and only two comments.

/wait

Comment on lines +79 to +84
// This lives on the factory (rather than a singletonManager singleton) because
// REGISTER_FACTORY already makes the factory a process-lifetime singleton, so a
// separate registration would just be boilerplate for the same semantics.
// Entries are erased in createFilterFactory(), never inside a fetch callback,
// which means the RemoteDataFetcher is never destroyed while it's still running.
absl::flat_hash_map<std::string, std::unique_ptr<BackgroundFetchState>> background_fetches_;
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we can make this a singleton because in the future, we may want to support similar feature for other dynamic modules (like network filter dym, logger dym and so on)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good!

Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
Copy link
Copy Markdown
Member

@wbpcode wbpcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks.

@wbpcode wbpcode merged commit d7435f9 into envoyproxy:main Mar 30, 2026
30 checks passed
TAOXUY pushed a commit to TAOXUY/envoy that referenced this pull request Apr 1, 2026
)

<!--
!!!ATTENTION!!!

If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.

!!!ATTENTION!!!

For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)

!!!ATTENTION!!!

Please check the [use of generative AI
policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41).

You may use generative AI only if you fully understand the code. You
need to disclose
this usage in the PR description to ensure transparency.
-->

**Commit Message:** dynamic_modules: add nack_on_cache_miss for remote
module sources

**Additional Description:**

This PR adds support for nacking a configuration if the dynamic module
is not fetched and start a background fetch. The module may become
available in the next config push and ready to use from cache.

Entries are keyed by sha256 so that multiple listeners can use the same
fetch. The cache lives inside the factory and is safe to be used across
listeners. Completed entries are cleaned up on the next
`createFilterFactory()` and not during a fetch callback. So that the
`RemoteDataFetcher` is not destroyed mid-fetch.

**Risk Leve**l: Low
**Testing:** Unit tests added. Manually validated
**Docs Changes**: Proto changes included
**Release Notes:** Added

[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
Signed-off-by: Xuyang Tao <taoxuy@google.com>
citrus7 pushed a commit to citrus7/envoy that referenced this pull request Apr 1, 2026
)

<!--
!!!ATTENTION!!!

If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.

!!!ATTENTION!!!

For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)

!!!ATTENTION!!!

Please check the [use of generative AI
policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41).

You may use generative AI only if you fully understand the code. You
need to disclose
this usage in the PR description to ensure transparency.
-->

**Commit Message:** dynamic_modules: add nack_on_cache_miss for remote
module sources

**Additional Description:**

This PR adds support for nacking a configuration if the dynamic module
is not fetched and start a background fetch. The module may become
available in the next config push and ready to use from cache.

Entries are keyed by sha256 so that multiple listeners can use the same
fetch. The cache lives inside the factory and is safe to be used across
listeners. Completed entries are cleaned up on the next
`createFilterFactory()` and not during a fetch callback. So that the
`RemoteDataFetcher` is not destroyed mid-fetch.

**Risk Leve**l: Low
**Testing:** Unit tests added. Manually validated
**Docs Changes**: Proto changes included
**Release Notes:** Added

[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
Signed-off-by: Jonathan Wu <jtwu@google.com>
nshipilov pushed a commit to nshipilov/envoy that referenced this pull request Apr 13, 2026
)

<!--
!!!ATTENTION!!!

If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.

!!!ATTENTION!!!

For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)

!!!ATTENTION!!!

Please check the [use of generative AI
policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41).

You may use generative AI only if you fully understand the code. You
need to disclose
this usage in the PR description to ensure transparency.
-->

**Commit Message:** dynamic_modules: add nack_on_cache_miss for remote
module sources

**Additional Description:**

This PR adds support for nacking a configuration if the dynamic module
is not fetched and start a background fetch. The module may become
available in the next config push and ready to use from cache.

Entries are keyed by sha256 so that multiple listeners can use the same
fetch. The cache lives inside the factory and is safe to be used across
listeners. Completed entries are cleaned up on the next
`createFilterFactory()` and not during a fetch callback. So that the
`RemoteDataFetcher` is not destroyed mid-fetch.

**Risk Leve**l: Low
**Testing:** Unit tests added. Manually validated
**Docs Changes**: Proto changes included
**Release Notes:** Added

[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
Signed-off-by: Nick Shipilov <nick.shipilov.n@gmail.com>
krinkinmu pushed a commit to grnmeira/envoy that referenced this pull request Apr 20, 2026
)

<!--
!!!ATTENTION!!!

If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.

!!!ATTENTION!!!

For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)

!!!ATTENTION!!!

Please check the [use of generative AI
policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41).

You may use generative AI only if you fully understand the code. You
need to disclose
this usage in the PR description to ensure transparency.
-->

**Commit Message:** dynamic_modules: add nack_on_cache_miss for remote
module sources

**Additional Description:**

This PR adds support for nacking a configuration if the dynamic module
is not fetched and start a background fetch. The module may become
available in the next config push and ready to use from cache.

Entries are keyed by sha256 so that multiple listeners can use the same
fetch. The cache lives inside the factory and is safe to be used across
listeners. Completed entries are cleaned up on the next
`createFilterFactory()` and not during a fetch callback. So that the
`RemoteDataFetcher` is not destroyed mid-fetch.

**Risk Leve**l: Low
**Testing:** Unit tests added. Manually validated
**Docs Changes**: Proto changes included
**Release Notes:** Added

[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]

---------

Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants