In the current implementation of the DNS cache, circuit breaker is derived from cluster config. It seems unnatural. In this PR, I implemented the DNS cache specific circuit breaker by adding resource manager to that.
Additional Description:
Risk Level: Mid
Testing: Unit / Integration
Docs Changes: Added
Release Notes: Added
Signed-off-by: shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ de247a8140f4230726eaa4ea732d6d01bc530911
This allows Lua filter to support per-route configuration. This patch enables the configured Lua filter to have multiple registered codes that can be referenced from each per-route config. Disabling running the global Lua filter for a route is also supported.
Signed-off-by: wbpcode <comems@msn.com>
Mirrored from https://github.com/envoyproxy/envoy @ 75930e357165634f69814dcb3e42f75a373b88ba
These are currently set as [#not-implemented-hide:]. There should be enough plumbing here to start
implementing the first roadmap steps in #11264, i.e. some simple delta discovery flows with core
LDS/CDS/RDS/EDS/SDS.
I've punted on VHDS and SRDS until later, as these will require special case mapping of their
resource keys into context parameters.
Risk level: Low (Unused API changes).
Testing: Built docs and proto_format.sh.
Part of #11264.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 99471fd8f4ef7406f50cf41cf1cfa22bbdfeacc7
This commit adds a new stream flush timeout to guard against a
remote server that does not open window once an entire stream has
been buffered for flushing. Additional stats have also been added
to better understand the codecs view of active streams as well as
amount of data buffered.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0e49a495826ea9e29134c1bd54fdeb31a034f40c
Provides a way to specify dynamic rate limit override in the rate limit descriptor from static value or from dynamic metadata. New type, RateLimitUnit was created to share across config protocol and rate limit service protocol. A PR for the reference implementation of the rate limit service will follow after the API changes are discussed and accepted.
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7ea1f24bd53522408d9bc55316dff9ed1701bc73
Currently, the header-to-metadata filter supports adding
a header's value to a metadata key. This extends this to
support performing a regex match & substitution before
the value is added as metadata.
The use-case we have is extracting parts of a the :path
header and using those as metadata for routing decisions
via the subset LB.
Risk Level: Low
Testing: Unit tests.
Docs Changes: adding in a bit.
Release Notes: added.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5f1348bbc6c530b6adf118f41718bc4200fb55e1
Before this change TLVs are read and discarded in the Proxy Protocol filter. This change is to extend the Proxy Protocol Listener filter to extract TLVs of interest and emit them as metadata which can be consumed by other filters.
Fixes#11336
Signed-off-by: Song <songhu@amazon.com>
Mirrored from https://github.com/envoyproxy/envoy @ f8bfc6a16ffebf1ecb9cdf8eb1265912118ae7bf
Define filter config discovery. Add FDS for HTTP filters (HTTP extensions is where the pain is felt the most). Modelled after RDS with a twist of config override for re-use.
Risk Level: low (not implemented)
Testing:
Docs Changes:
Release Notes:
Issue: #7867
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ bda15c0a5a0390daed991ed4c96a4873ab3ba7d8
Adds an optional username to config and auth commands, and tests
Signed-off-by: bibby <james.bibby@datadoghq.com>
Mirrored from https://github.com/envoyproxy/envoy @ 85491294f335b1e2a4c12247dc87a7545457f0be
The upstream resolver list should not be mandatory as it won't allow Envoy to default
to the ambient DNS resolvers to resolve hosts not found in the static dns table.
Risk Level: Low
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 1cac626ff5473a53b190f4b3c6c5481850edfdcc
This patch adds allowed_upstream_headers_to_append to allow sending multiple headers with the same name to upstream.
Relevant issue: solo-io/gloo#2983.
Risk Level: Low
Testing: Unit tests.
Docs Changes: Added.
Release Notes: Added.
Fixes#11156
Signed-off-by: weixiao-huang <hwx.simle@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ dcf34972d1bc15324835c40dfd7a780e8fc69d72
This adds the option allow_insecure_cluster_options to the dynamic forward proxy's cluster configuration.
Enabling this flag allows disabling auto_sni and auto_san_validation in the cluster's UpstreamHttpProtocolOptions, which was previously disallowed.
This allows use where e.g. automatic adding of an exact SAN matcher for the original authority is undesirable, while preserving the existing "safe
by default" behaviour for most use cases.
Signed-off-by: Jonathan Oddy <jonathan.oddy@transferwise.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3e2686c2bda4cc196db8d083d0dcdf6738c578ac
This PR fixes a TODO in the health check filter by translating the floating point arithmetic to integer arithmetic instead.
Signed-off-by: Martin Matusiak <numerodix@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ b8e9a3599541084efe44c6c91651c6308f90e671
Extend the DNS Filter so that it can resolve queries using external resolvers
Additional Description: The DNS Filter up to this point resolves queries from its local configuration. This change adds the ability to define external name servers and refer queries that cannot be answered from the local config. We also add metrics to gauge the filters behavior and performance.
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ d0e52aade70bf841803476b12657ab6053897745
This patch allows configuring the API version for gRPC external services. This specifies the version of the endpoint and message to be used.
Affected extensions:
- filters/http/ext_authz
- filters/network/ext_authz
- filters/http/ratelimit
- filters/network/ratelimit
- access_loggers/grpc
- stat_sinks/metrics_service
Affected upstream services:
- upstream/health_discovery_service
- upstream/load_stats_reporter
Additional Description:
tap
- TapSinkService is not yet implemented.
- TapDiscoveryService uses theconfig.core.v3.ApiConfigSource and is not yet implemented.
trace
- StreamTraces has no implemented client inside the code-base (implemented externally?)
Risk Level: Low
Testing: Added.
Docs Changes: Added.
Release Notes: Added.
Fixes#10609
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 96920250a05e62095a68fbaf4f77612179e5af32
Note need to install a sufficiently recent libstdc++ version when
setting up clang builds. For example, Ubuntu gcc packages install
libstdc++, but depending on the gcc version libstdc++ might not be
new enough to compile Envoy.
Additional Description:
c.f., https://envoyproxy.slack.com/archives/C7E6C71QB/p1586307917037300
Risk Level: low, docs only
Testing: n/a
Docs Changes: yes
Release Notes: n/a
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ c33e1a4f2882e7494bee424aec8a1dba8671b556
split out from #11327
There's a bit of transitive ugliness: declaring the extensions requires security posture, requires stub build files, requires codeowners before the code move, but it'll be pretty short lived.
Risk Level: Low (mostly only APIs)
Testing: n/a
Docs Changes: some of the new docs
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ e8dc25ecec277c0b94d02151de79353a9ba07b4e
This adds a runtime configuration for `envoy.filters.http.ext_authz` to deny requests when the filter is disabled.
While the risk level is low, it updates the frozen v2 API. It also adds a runtime guard: The runtime flag can be specified via `http.ext_authz.deny_at_disable`. This runtime key will work with `http.ext_authz.filter_enable` flag to deny all filter protected paths without sending RPC requests to the `ext_authz` service.
Signed-off-by: Fangpeng Liu <62083774+fpliu233@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 97ba1684a8c85395fdad43a35615915ff086193c
This extension is used in production and we should treat it as such.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 86caf439d6cae2c8173b19fd4fdc95361565a72d
Commit Message: add generic decompressor filter
Risk Level: low - low as it is an extension, med - for users as this is a brand new filter.
Testing: unit tests, integration tests
Docs Changes: added docs
Release Notes: added release notes
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 48a5b21d9483e7eddac79aeff7daac178d7b7462
Allows to create custom mappers of response code based on access_log filters.
Allows to map error response to custom in Text or Json format.
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 74290ef76a76fbbf50f072dc33438791f93f68c7
Update docs to reflect redis upstream latency is in micros only.
Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <nflacco@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ f64007db8b1cc68901d51d121f13e1860b391595
Description: router: Create InternalRedirectPolicy to capture all internal redirect related options and extend it with pluggable predicates similar to retry plugins. The previous_routes and whitelisted_routes predicate allow creating a DAG of routes for internal redirects. Each node in the DAG is a route. whitelisted_routes defines the edges of each node. previous_routes serves as visited status keeper for each of the edge. This prevents infinite loop, while allowing loop to exist in the DAG.
Risk Level: Medium
Testing: Unit tests. Integration tests.
Docs Changes: Updated HCM architecture overview page. Added toctree for the predicates.
Release Notes: Updated version history.
Signed-off-by: pengg <pengg@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1ce010929d4d283fce977bc65558da71ffe6bf7c
Un-hiding CONNECT docs and config, now that it is implemented.
Risk Level: low (docs only)
Testing: in prior PRs
Docs Changes: yes
Release Notes: yes
Fixes#1630 and #1451
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ c07e5c84437124921df24b001c93802f6bc39c1c
creates decompressors as an extension point and moves the zlib based gzip decompressor.
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 520e0c7050564ac7886129a87290e9e433470efd
This reverts commit 10c755e9d9b8acd7cf1702a4f49dbcbdf0696198.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8e52a24362221af1512a037ed7ea667a8330fbf2
Currently the generic HTTP compressor filter isn't exposed to users
even though it's used internally by `envoy.filters.http.gzip` and can be
used by external filter extensions.
Expose the compressor's config API to users. For example the filter
can be configured as follows:
...
filter_chains:
filters:
- name: envoy.http_connection_manager
config:
http_filters:
- name: envoy.filters.http.compressor
config:
disable_on_etag_header: true
content_length: 100
content_type:
- text/html
- application/json
compressor_library:
name: envoy.filters.http.compressor.gzip
config:
memory_level: 3
window_bits: 10
compression_level: best
compression_strategy: rle
...
Multiple compressor filters using different compressor libraries,
e.g. gzip and brotli, can be stacked in one filter chain.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 49efb9841a58ebdc43a666f55c445911c8e4181c
add an api option/conn manager feature which would allow to remove port part from Host header (e.g. would transform
example:443 to example. this would simplify domain's matching inside virtual host as well as would not require explicit matching on "domain:port" in upstream proxies.
Signed-off-by: Nikita V. Shirokov <tehnerd@tehnerd.com>
Mirrored from https://github.com/envoyproxy/envoy @ 111684faa1d28f34fb16af43911c575c6815c450
The preserve_upstream_date option allows the HTTP Connection Manager to be configured to pass through the original date header from the upstream response rather than overwriting it. The default behaviour for the date response header remains the same as before -- the header value will be overwritten by Envoy.
Signed-off-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
Mirrored from https://github.com/envoyproxy/envoy @ 10c755e9d9b8acd7cf1702a4f49dbcbdf0696198
I still had an arcane mental model (pre https://github.com/envoyproxy/envoy/pull/5955) where both decoder and encoder filters where invoked in the same order as the configuration order. My mind was so used to this I even failed to notice the code that prepends encoder filters into the encoder_filters_ list in the conn manager. These documentation additions are trying to make the behavior as explicit as possible so others are not confused.
Risk Level: low - doc updates, no behavior change.
Docs Changes: updated inline comments in the code I failed to notice, and in the project docs.
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4abe685446316f79ba1627cf830f0c0d398abdaf
Deprecates GoogleRE2.max_program_size field so that client does not need to check this.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR
Release Notes: Included in PR
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 10125161be0d0a759c3ffb02ddcdf8abc0bc6060
This change adds DNS Request Parsing to the DNS filter. The filter will parse and decode DNS requests for A and AAAA records. Tests simply validate that the filter can consume queries.
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 54cd4d49e895befb8ecb10ebb14585cd8fc71ee7
This is necessary to provide TLS transport socket docs and to be able to have the TLS transport
socket added to the threat model docs (via its security_posture tag).
I did both v2/v3, since this is not technically a change to v2, justa file re-org, and the shadowing
machinery prefers file consistency across versions.
Risk level: Low (refactoring)
Testing: Docs generation and manual inspection.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ab32f5fd01ca8b23ee16dcffb55b1276e55bf1fa
Description:
The filter implements decoding postgres wire protocol and parses messages exchanged between postgres server and client. Based on the decoded messages the filter generates statistics (counters) indicating how many messages of a specific type were exchanged. #9107
Risk Level: Low: The filter is implemented as extension and the code is not executed unless inserted into filter chain.
Testing: Added unit and integration tests.
Docs Changes: Yes - added architecture overview chapter and configuration specific sections
Release Notes: Yes
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Dhi Aurrahman <dio@tetrate.io>
Co-authored-by: Fabrízio de Royes Mello <fabrizio@ongres.com>
Mirrored from https://github.com/envoyproxy/envoy @ f599ad7c05824a2cdbcde60ab2c035d264cd4247
Fuzzing catches more fields tripping on ASSERT(valid())
* JWT Authn filter has HTTP header name/value strings: forward_payload_header, name, value
* Route components: request_headers_to_remove
* health_check.proto: host, path, authority, and request_headers_to_remove
Test-only:
* utility fuzz test was running findQueryStringStart on a HeaderString. Fuzz inputs were not validated.
Fixes:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21323https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21623
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 167df8c4554073d5115316ac36dd97088c3e6d93