add an api option/conn manager feature which would allow to remove port part from Host header (e.g. would transform
example:443 to example. this would simplify domain's matching inside virtual host as well as would not require explicit matching on "domain:port" in upstream proxies.
Signed-off-by: Nikita V. Shirokov <tehnerd@tehnerd.com>
Mirrored from https://github.com/envoyproxy/envoy @ 111684faa1d28f34fb16af43911c575c6815c450
The preserve_upstream_date option allows the HTTP Connection Manager to be configured to pass through the original date header from the upstream response rather than overwriting it. The default behaviour for the date response header remains the same as before -- the header value will be overwritten by Envoy.
Signed-off-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
Mirrored from https://github.com/envoyproxy/envoy @ 10c755e9d9b8acd7cf1702a4f49dbcbdf0696198
A common wrapper for name/Any that should be used for all new extensions
throughout the API.
I've left a note that we need to revisit existing typed_config at the
next major version as well, since that would be a breaking change.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b16981f8d4f4726d5f8d31b55603f893fbba5575
This was added before we started annotating fields missing
implementations. Fixed with a [#not-implemented-hide:] annotations for
now, the plan is to move things like this to
https://github.com/envoyproxy/envoy/issues/11085 when it lands.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a250a871571f18dffd13732da83cbd4a677b1f03
There was somewhat ambiguous wording after recent changes to the major versioning policy.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 311aee4cbe2b8779070f2f0729dfa6ae4f2dc80e
I still had an arcane mental model (pre https://github.com/envoyproxy/envoy/pull/5955) where both decoder and encoder filters where invoked in the same order as the configuration order. My mind was so used to this I even failed to notice the code that prepends encoder filters into the encoder_filters_ list in the conn manager. These documentation additions are trying to make the behavior as explicit as possible so others are not confused.
Risk Level: low - doc updates, no behavior change.
Docs Changes: updated inline comments in the code I failed to notice, and in the project docs.
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4abe685446316f79ba1627cf830f0c0d398abdaf
To resolve#10274, adding max stream duration for upstream connection.
Signed-off-by: shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 6151a69f9c0dc4aa7938d987036ec00eedb818d5
Deprecates GoogleRE2.max_program_size field so that client does not need to check this.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR
Release Notes: Included in PR
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 10125161be0d0a759c3ffb02ddcdf8abc0bc6060
Fixes a mismatch in metadata attribute name used by transport_socket_matches
Risk Level: Low
Testing: Manual review
Docs Changes: Not applicable
Fixes#10660
Signed-off-by: Raghavendra Balgi <rkbalgi@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ cb08d542389d455069f83f20dc543176ffb484fb
After extended discussion in #10852, Slack and offline, this patch proposes a revision to the API
major versioning policy where we will:
* Not mechanically cut a new major version at EOY, instead wait for enough tech debt.
* Point to future minor versioning and client capabilities to help deal with tech debt.
Fixes#10852.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ cf12e8ab8bbbeebf9d003173ee8fb21f5a2428dd
Add a send_all_clusters field to LRS response, triggered by a new client capability. This avoids the need for the server to enumerate the full list of clusters if it always wants data for all clusters.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR.
Release Notes: N/A
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b0f45ed98a7a0e6a6c02b28d54bb29e96fe6e6fc
This change adds DNS Request Parsing to the DNS filter. The filter will parse and decode DNS requests for A and AAAA records. Tests simply validate that the filter can consume queries.
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 54cd4d49e895befb8ecb10ebb14585cd8fc71ee7
Description: this PR adds the ability to configure the metrics service stats sink to report counters as deltas between flushing intervals. This is the expected representation for some stats aggregations backends. Similar behavior is seen, for instance, in the statsd sink.
Risk Level: low, previous behavior is left unchanged, and is the default.
Testing: updated unit test.
Docs Changes: left comments in the field definition
Release Notes: updated version history.
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 048f4231310fbbead0cbe03d43ffb4307fff0517
This is necessary to provide TLS transport socket docs and to be able to have the TLS transport
socket added to the threat model docs (via its security_posture tag).
I did both v2/v3, since this is not technically a change to v2, justa file re-org, and the shadowing
machinery prefers file consistency across versions.
Risk level: Low (refactoring)
Testing: Docs generation and manual inspection.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ab32f5fd01ca8b23ee16dcffb55b1276e55bf1fa
Users can specify metadata in a health check's config that will be
used to select a matching transport socket from those configured in a
cluster's transport_socket_matches. This allows users to configure a
different transport socket for health check connections than the one
that is used to create a connection to an endpoint for proxying.
Risk Level: low; small optional feature
Testing: added unit tests
Docs Changes: updated health check and cluster proto docs with an explanation and example.
Release Notes: added
Fixes#10575
Signed-off-by: Spencer Lewis <slewis@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ b6c8bb3a4ac6bcce221643a4924befd5eefd6815
Description: This PR creates a common PROXY protocol config API message. It will be used for CONNECT work as well as in the transport socket for my upstream proxy proto work. This message could be extended to include TLVs in the future.
Risk Level: Low
Testing: None
Docs Changes: None
Release Notes: None
Discussed in: #10682 (my draft PR to discuss the upstream implementation)
Signed-off-by: Weston Carlson <wez470@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1c28302b62bc4f5b93f2826eb06d2878069d9081
Adds a --boostrap_version flag that can be used to determine which API version the bootstrap should be parsed as.
Risk Level: Low
Testing: UTs
Docs Changes: Flag docs
Release Notes: n/a
Fixes#10343
Signed-off-by: Snow Pettersen <aickck@gmail.com>
Co-authored-by: Snow Pettersen <kpettersen@netflix.com>
Mirrored from https://github.com/envoyproxy/envoy @ 62777e87edc9f16af5c7920bb86f198585789a3d
Split out from #10623
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 09bf9a1ff75879986da876d0e3248630c959cf73
Also remove some stale comments around delta xDS in ConfigSource.
Fixes#10836
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4ee310ec07a4e0e775626fe8c652726b4151b8e9
Description:
The filter implements decoding postgres wire protocol and parses messages exchanged between postgres server and client. Based on the decoded messages the filter generates statistics (counters) indicating how many messages of a specific type were exchanged. #9107
Risk Level: Low: The filter is implemented as extension and the code is not executed unless inserted into filter chain.
Testing: Added unit and integration tests.
Docs Changes: Yes - added architecture overview chapter and configuration specific sections
Release Notes: Yes
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Dhi Aurrahman <dio@tetrate.io>
Co-authored-by: Fabrízio de Royes Mello <fabrizio@ongres.com>
Mirrored from https://github.com/envoyproxy/envoy @ f599ad7c05824a2cdbcde60ab2c035d264cd4247
Fuzzing catches more fields tripping on ASSERT(valid())
* JWT Authn filter has HTTP header name/value strings: forward_payload_header, name, value
* Route components: request_headers_to_remove
* health_check.proto: host, path, authority, and request_headers_to_remove
Test-only:
* utility fuzz test was running findQueryStringStart on a HeaderString. Fuzz inputs were not validated.
Fixes:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21323https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21623
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 167df8c4554073d5115316ac36dd97088c3e6d93
This patch performs a major version freeze and bump by modifying
package_version_status, using the tooling developed in #10636.
Specifically:
v2 APIs are frozen (except for where they are the latest in their
package history and still active)
v3 APIs are transitioned to be active
Candidate v4alpha APIs are generated (not used by Envoy yet)
Fixes#10355
Risk level: medium (entire API's files are modified, visually verified
to ensure things look sane, all tests pass)
Testing: CI
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 549164c42cae84b59154ca4c36009e408aa10b52
This part of the global rate limiter api is not currently used by envoy, but for anyone implementing the envoy global rate limiter api being able to describe what specific limit you've hit in a human-readable and/or machine-readable way will be useful for debugging, alerting, etc.
Risk Level: Low
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
Fixes#10556
Signed-off-by: David Weitzman <dweitzman@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 99706022206acb99bd8093c654fc84f6cd5a877e
This patch introduces the tools/docs for a new flow for protoxform: freeze.
This performs a major version freeze and bump by modifying
package_version_status. Tooling now needs to deal with 3 possible versions (v2,
v3, v4alpha). The following contributions are made in the patch:
* Tooling added to support v2 APIs freeze, transitioning v3 to active and generating v4alpha.
* A new tool, merge_active_shadow.py, is introduced to combine hand-edited active v3 API protos with the v2 implied shadows for deprecated fields.
* The type database now spans v2 and v3 (and implied v4alpha files)
* api_proto_plugins can now take extra args on the Bazel CLI; this is used to plumb in the freeze arg to protoxform.
Docs are updated to reflect the v3 flow that developers should now
follow.
Part of #10355
This is the tools/docs component of #10601. See #10601 for the resulting
API protos generated by a freeze/fix cycle.
Risk level: Low (tooling only, no API changes yet)
Testing: new golden protos tests for protoxform, unit tests for merge_active_shadow.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ de222c3acf1fbf124ca44f50495fc4b8e9aba525
Now that we are Python 3 everywhere, remove explicit python_versions. I haven't made this change yet
to the Thrift extension, as it has explicit PY2/PY3 overrides that I'm guessing relate to external
libs.
Risk level: Low (tooling only)
Testing: bazel.api
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 197f6b1cebbd49a591b916ece168d7e984c87a15
This patch adds the RuntimeDouble helper class, similar to the
RuntimeUint32 class.
Signed-off-by: Tony Allen <tony@allen.gg>
Mirrored from https://github.com/envoyproxy/envoy @ 15330aa60bd6da79be02f00b8130b527f11eb0fa
Allow using a custom host name for endpoints and health checks. This enables auto host re-write to work with EDS
Risk Level: Low, new opt in field.
Testing: Unit tests
Docs Changes: inline docs in the protocs.
Release Notes: added to version_history.rst
Fixes#10408
Signed-off-by: Yuval Kohavi <yuval.kohavi@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ b5a3405b2725e979a93e7410fce7c57a0c66d8db
Signed-off-by: Ruslan Nigmatullin <elessar@dropbox.com>
Co-authored-by: Ross Delinger <rossd@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ 56537f6acf687ff889b47bd2b823d7e11c178e1c
This commit is this base structure and api definition
for the DNS filter. The code itself takes no action
on packets. Tests will be added later.
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ b3949eaf2080809b8a3a6cf720eba2cfdf864472
Add options to either put all methods into the same per-cluster
stat, or to whitelist which methods to create stats for.
Additionally, start a deprecation process for the default mode
being to create a stat for all methods, to remove an unsafe
default.
Risk Level: Low
Testing: Unit tests added
Docs Changes: done
Release Notes: added
Fixes#10445
Deprecated: added
Mirrored from https://github.com/envoyproxy/envoy @ 715992f3ac891d87e67566ffbfd6b3af8d8a4e1d