*Composite filter has already been declared as stable in extensions_metadata.yaml
*matching API and its extensions have been used for a while. So I think breaking API changes are not allowed.
Signed-off-by: tyxia <tyxia@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c29797bd4744ab0910dc2f3103b48bec852e967
This reverts commit e95324541b0e1cbfa07b43cbf87490cff7383f27.
This change broke the compile_time_options CI job.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ de85ff2a125a2c23378bd463259fbea3e05442f9
This is a revival of #25535 with changes for previous review comments.
Risk level: low
Testing: integration tested
Docs changes: n/a
Release notes: makes the ext_authz filter a dual filter.
See also: #23071 (model), #10455
Signed-off-by: Eugene Chan <eugenechan@google.com>
Signed-off-by: pianiststickman <34144687+pianiststickman@users.noreply.github.com>
Co-authored-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9918a0a06deaf0cb3c935566523ab3fdd7a2bab1
Commit Message: Add interfaces for QUIC listener filter chain. The filters still use the same config API as TCP listener filters and also get installed before connection creation. The difference is that if the iteration through the chain on onAccept() gets paused, the connection will still be created, though the rest filters will be skipped. The contract of returning StopIteration means the connection socket gets closed, the corresponding connection should be closed.
Additional Message: this change introduced a new extension category envoy.filters.quic_listener.
Risk Level: low, not in use
Testing: new unit tests and integration tests.
Docs Changes: yes
Release Notes: yes
Platform Specific Features: N/A
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9d8cb4b0c6892452741fc41e87d50934bf58acc3
* Allow custom local address resolvers.
#27881 introduces the concept of EDS clusters with hosts that have multiple (potentially > 2) IP addresses.
The current implementation of UpstreamLocalAddressSelector limits the number of source addresses in BindConfig artificially to 2, and further requires that the addresses be of different address families.
The workaround for this (if we need to specify more than 2 source addresses or have multiple addresses from the same family) is to use a custom address resolver that resolves the bind config address to nullptr (and therefore ignore it) and call bind in a customised SocketInterfaceImpl to a local source address determined by the SocketInterfaceImpl specialisation.
This PR makes it possible to define a custom local address selector, that makes it easy to work with a custom address resolver to pick the right source address based on the upstream address selected by HappyEyeballsConnectionImpl
Signed-off-by: pcrao <pcrao@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ da47a54a8ccbaa384c4cb62a5f4fcd4745a72c37
Current fill_rate must be above 0.0 (PGV constraint).
However, a low double value can cause an infinite value when computing 1/fill_rate and its cast to uint64_t fails.
This PR changes the minimal fill_rate to be once-per-year, and if a lower value is given, it is overridden and set to once-per-year.
Alternatives considered: changing the PGV value to 3.1709792e-8 (once-per-year).
Risk Level: Low - minor change in behavior
Testing: Added fuzz test case
Docs Changes: Updated API comments
Release Notes: Added.
Platform Specific Features: N/A
Fixes fuzz bug 60974
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ffddd03ece01d9a542037bbf275e81a714fd6b8c
Adds a config option to set a stat prefix for all stats flushed by the otlp stats sink. Resolves#28962.
Risk Level: low
Testing: Unit tests, integration tests
Docs Changes: API docs
Signed-off-by: ohadvano <ohadvano@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ a19966b92bc3afcdd68ebeffe53c4b6848733e79
Signed-off-by: Michael Kaufmann <michael.kaufmann@ergon.ch>
Mirrored from https://github.com/envoyproxy/envoy @ e83b53cf138626d0255b4aad2045fcebb47b5d6e
* Revert "api: introduce the private key provider list field (#28215)"
This reverts commit b24ea1e75aea899d5106f2a10ddc8f3ef975fe20.
Signed-off-by: He Jie Xu <hejie.xu@intel.com>
* Add fallback to PrivateKeyProvider
Signed-off-by: He Jie Xu <hejie.xu@intel.com>
---------
Signed-off-by: He Jie Xu <hejie.xu@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 209dff813fc0bed403a11aa0abcb12342b64d7f7
* Deprecate OpenTracing
* Change security_posture to `unknown`. The OT extension is no longer covered by security process.
---------
Signed-off-by: Ryan Hamilton <rch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 494c716cefcf98bc30773f0bd850d9a3788a1615
This is implementation to address issue: #28698.
It's a follow up PR of #28907
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 00309b2db645d5ffba9f8e398f6fc9c21067b7c6
This is the API change to address issue: #28698
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3efdbd7261b9f29bfdd5d57521c769fb8b43bdc9
Commit Message: add knobs to set QUIC connection options and client connection options
Additional Description: This allows Envoy Mobile applications to set Quiche's connection options so that more performance tuning can be done.
Risk Level: Low
Testing: Unit tests
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: Mobile only
Signed-off-by: Renjie Tang <renjietang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 450dd5bc89d7b8994c88614333328097128caeb1
* Implement deferred clusters on worker. We initialize certain cluster on
workers inline when there's traffic for that cluster.
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4aaf17dce6e6c2dfde384f3e496b63363da2aac8
* Avoid send empty body to ext_proc server if decodeData() not called
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5e4f35055a30f0990430664d74f6060a2a5ff20a
* Add UHV config to strip URL fragment
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1fe0dd5b9e0d33e59917247552f918adc835e596
Commit 664f3fce4730544f34ae767e10150fb6be11cdc6 changed how this data
is handled, but was only intended to apply when calling grpc_service.
Fixes#27386
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6b276066f4704abbbc870ed2bb71e3225476a1a2
* Add header forwarding disallow list support for ext_proc filter.
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 852326772e76621cb495b38cec571d60ac8493b5