Commit Message: GrpcFieldExtraction: Supports extracting fields of type
`map<string, string>` in addition to string
Additional Description:
Risk Level: Low
Testing: Unit test
Docs Changes: Inline with the filter API proto.
Release Notes: This change is backward compatible and no behavior change
is expected for existing users.
Platform Specific Features:
---------
Signed-off-by: Xi Wu <xiwuxw@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1cd67c5821125a246e2a4f13254f8d6c69068705
Previously the only way to configure the HTTP/1.1 proxy transport socket
was by adding information to the streamInfo metadata via an intermediate
filter. This patch adds the ability to configure proxy addresses using
endpoint or locality metadata.
The metadata key is `envoy.http11_proxy_transport_socket.proxy_address`.
Configuration can be set in the metadata associated with
`LocalityLbEndpoints`. The metadata associated with each individual
endpoint overrides this value and the original method of configuration
(filter state metadata) takes precedence above all. The format of the
value must be a valid `config::core::v3::Address`.
Risk Level: Low. Alpha feature.
Testing: Unit test.
Docs Changes: Done.
Release Notes: Done.
---------
Signed-off-by: Tony Allen <txallen@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 03561251fbc50e9d16b35e02ae6032e073c16430
This PR adds an option to change the http connection manager's draining
behavior for max_connection_duration for http1. The new behavior is that
envoy will wait indefinitely for one more request, add connection:close
to the response headers, then close the connection once the stream ends.
This is to avoid a networking race condition which results in the client
not receiving a response to their last request if they send it right
when envoy is closing the connection.
Fixes#34356 (check for context)
---------
Signed-off-by: antoniovleonti <leonti@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5b22dced91c062fc409153777c287f053dac0cbe
<!--
!!!ATTENTION!!!
If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.
!!!ATTENTION!!!
For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)
-->
Commit Message: Adds the ability to set the hits_addend for a given
rate_limit request via a hardcoded dynamic metadata field:
envoy.ratelimit:hits_addend.
Additional Description:
Risk Level: Low
Testing: Added unit test. I have also manually tested this using
gloo-edge as the control-plane.
Docs Changes:
Release Notes:
Platform Specific Features: N/A
[Optional Runtime guard:] N/A
[Optional Fixes #Issue] N/A
[Optional Fixes commit #PR or SHA] N/A
[Optional Deprecated:] N/A
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]
N/A
---------
Signed-off-by: Eitan Yarmush <eitan.yarmush@solo.io>
Signed-off-by: code <wbphub@gmail.com>
Co-authored-by: code <wbphub@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9a474a30a1b9ecbfe1e9d1a5190ee8aef2b29041
These configs have been around for a few releases, and
seem to be stable. Removing this status so that Envoy no longer warns
when they are used.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 90761ad890979d72fd478909730c3f10b11ea42a
Commit Message: Fix extension name in docs to match the actual implementation.
Currently user docs (`envoy.resource_monitors.downstream_connections`) and implementation
(`envoy.resource_monitors.global_downstream_max_connections`).
Signed-off-by: Kateryna Nezdolii <kateryna.nezdolii@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 52ef87dc9866b5b4dbf9ddb412a8ba53b2e3cc0d
fix https://github.com/envoyproxy/envoy/issues/30600
Commit Message: Add an extension point to allow overriding TLS
certificate selection behavior.
An extension can select certificate base on the incoming SNI, in both
sync and async mode.
Signed-off-by: doujiang24 <doujiang24@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ b1e3351d7f3147afab9d29596d324d93e2198ba3
Commit Message: Add a socket `type` field in the `SocketOption` proto
Additional Description: The `socket_option_impl.cc` implementation
already has a logic to apply the socket option based on the socket type.
This change is simply exposing the socket type filter in the
`SocketOption` proto.
Risk Level: low
Testing: unit tests
Docs Changes: updated
Release Notes: updated
Platform Specific Features: n/a
---------
Signed-off-by: Fredy Wijaya <fredyw@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1d9910e57d9b767b6a5653f746b760bbb8c8f145
Adds a temporarily unused ExtAuthzLoggingInfo to
store stats in filter status. Also adds a field to ext_authz config
which will populate a filter_metadata field in the ExtAuthzLoggingInfo.
Signed-off-by: antoniovleonti <leonti@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ff6ced12ef202a18f94186da898ea10329b618e9
<!--
!!!ATTENTION!!!
If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.
!!!ATTENTION!!!
For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)
-->
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]
---------
Signed-off-by: wbpcode <wbphub@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 44ad1a7db101abe2d42752c21a24913060da8e06
Implementation for new trace resource detector.
This new Detector allows to use static config for resource attributes.
Risk Level: low
Testing: yes
Docs Changes: yes
Release Notes: yes
Platform Specific Features: No
---------
Signed-off-by: Juan Manuel Ollé <jolle@mulesoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ f79b881883e862bc0f7dc7f09d3bc811fb0944f6
This reverts commit 6db316f25dc70b439c028beeaac31e6f33d3b2aa.
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ d84f707f8cc03d41a9f6bbffaf1b4f0105e7432b
Commit Message: conn pool: use hostnames of endpoints as SNI values
Additional Description: optional support for usage of upstream cluster
endpoints' hostnames as SNI values
Risk Level: Low
Testing: integration
Docs Changes: added information about new mechanism of SNI derivation
Release Notes:
b8e8a4537e/changelogs/current.yaml (L377)
Platform Specific Features: N/A
Fixes#15839
---------
Signed-off-by: Dmitriy Ilin <dmitry.m.ilyin@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6db316f25dc70b439c028beeaac31e6f33d3b2aa
Commit Message: tracer(datadog): improve remote configuration usability
Additional Description: Remote Configuration has been introduced in
https://github.com/envoyproxy/envoy/pull/33294.
It was enabled by default with the only way to configure the feature
being an environment variable. This commit disables the feature by
default and adds a new fields to enable and configure it from Envoy's
configuration.
Here's a snippet for enabling remote configuration with a 10s polling
interval:
```yaml
...
tracing:
provider:
name: envoy.tracers.datadog
typed_config:
"@type": type.googleapis.com/envoy.config.trace.v3.DatadogConfig
collector_cluster: datadog_agent
service_name: envoy-demo
remote_config:
enabled: true
polling_interval: "10s"
...
```
Changes:
- Add configuration options for remote configuration.
- Disable remote configuration by default.
Risk Level: Low.
Testing: unit test and manual testing.
Docs Changes: NA.
Release Notes: Updated.
Platform Specific Features: NA.
---------
Signed-off-by: Damien Mehala <damien.mehala@datadoghq.com>
Mirrored from https://github.com/envoyproxy/envoy @ bea314b7623ca29bd3f8b99756476177afd687eb
Commit Message: formatter: support for virtual host metadata
Additional Description:
This enables the access to the virtual host metadata introduced in
https://github.com/envoyproxy/envoy/pull/30175 from formatter.
Risk Level: low
Testing: : unit test
Docs Changes: done.
Release Notes:
Platform Specific Features:
[Optional Fixes #Issue] https://github.com/envoyproxy/envoy/issues/34900
---------
Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1f79be9c21d4a343f68e8fba41f5a819300cb27f
Commit Message: Add UNIQUE_ID substitution string in the access log.
Additional Description: Envoy access log today doesn't have the concept
of unique log id which is guaranteed to be always present always when
emitting an access log record. This will ensure every access log record
when uses % UNIQUE_ID% in schema gets a UUID.
Risk Level: Low
Testing: Unit test has been added to ensure the UNIQUE_ID provides
unique value for every invocation of parse. Local testing has also been
performed to ensure the UNIQUE_ID is emitted from all filter levels
(example - listener filter access log, http connection manager access
log, tcp_proxy access log) for good and bad requests (which are
malformed and expected to fail at http parser level).
Docs Changes: Updated Access log documentation to provide the new
UNIQUE_ID support.
Release Notes: N/A
Platform Specific Features: N/A
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional [API
Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):]
---------
Signed-off-by: Chaitra Reddy Vontela <cvontela@microsoft.com>
Co-authored-by: Chaitra Reddy Vontela <cvontela@microsoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6cb0b30d6be9302025e09248a4327bac7a7e8cf1
Commit Message: [grpc-transcoder] Add option to pack unknown parameters
into HttpBody extension
Additional Description: We've been using this behavior for years, with
PR #15338 as a patch. Finally getting around to trying to upstream the
behavior to make it available for others, and to make it so I don't have
to keep repositioning the patch. Unlike #15338 I'm also adding a
configuration option so that no behavior change will occur without a
corresponding configuration change.
Risk Level: Very low, guarded by a new config field.
Testing: Added positive unit tests, added conditions to other tests for
the negative case.
Docs Changes: Autogen
Fixes#14710
---------
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ f837c480adad94e8d1a05ef648c26ffce7ecd286
---------
Signed-off-by: Anton Kaymakchi <tonysignal@gmail.com>
Signed-off-by: Anton Kaymakchi <anton.kaymakchi@transferwise.com>
Mirrored from https://github.com/envoyproxy/envoy @ 61f36812a422cecf1e056fe398e014c45b358708
Looks like it broke prechecks
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 6145b7e9cc68061aaaa1c003d6f995e3e4499269
Commit Message: generic proxy: move generic proxy from contrib into
extensions
Additional Description:
The generic proxy is designed as a framework to empower the developers
to develop new L7 proxy for various L7 protocols.
It's be used for multiple different private protocols now in the
production env of our users. And recently, I complete the last part of
generic proxy: the filter chain support to the variable length stream.
And except the private protocols, we use the generic proxy implement the
kafka proxing and pulsar proxing and conditional traffic routing. (part
of these works are contributed back to the envoy).
After an offline discussion with other maintainers, I prepare to move
the generic proxy to the extensions now.
Risk Level: low.
Testing: n/a.
Docs Changes: n/a.
Release Notes: n/a.
Platform Specific Features: n/a.
---------
Signed-off-by: wbpcode <wbphub@live.com>
Signed-off-by: wbpcode <wbphub@gmail.com>
Co-authored-by: wbpcode <wbphub@live.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0dbd4418f6a4b2c649b7c88cff4ec2bec872a9c6
Add a config option to allow ejecting one host regardless of max_ejection_percentage
Risk Level: low
Testing: added test
Docs Changes: updated proto comment
Release Notes: todo
Fixes#34666
Signed-off-by: Pawan Bishnoi <pawanbishnoi@outlook.com>
Signed-off-by: Pawan Kumar <pawanbishnoi@outlook.com>
Mirrored from https://github.com/envoyproxy/envoy @ 36531d9a1852bec3df8eb171600fd4b2479159cf
Commit Message: oauth: add disable_id_token_set_cookie option
Additional Description: When this is enabled, Envoy will stop setting
the IdToken cookie. It will still take into account HMACs with IdTokens
if they are available (to support existing auth sessions) but new
authentication will not use the IdToken in the HMAC.
Risk Level: log
Testing: included
Docs Changes: included
Release Notes: included
Fixes#33825
---------
Signed-off-by: Derek Argueta <darguetap@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7f34be9c44ad75813730c5a1ed46b52eee27e321
This allows for cases when the control plane does not know the correct configuration for the server preferred address, but the needed addresses are available in the context Envoy is running in.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ dbe8cca3787cc0e15f4c3b8d9bed9ab17816e5e3
update-envoy[bot]