* API for defining HTTP errors, locally originated errors and database errors.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Adjusted next free field.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Use Any for monitor extensions.
Moved proto for errors and consecutive errors monitor to envoy/extensions.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Adjusted main api's BUILD file.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Renamed common to error_types.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Fixed docs.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Used TypedExtensionConfig instead of user-define message.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Redesign ErrorBucket to avoid using oneof.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Renamed error buckets.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
---------
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6e71eb87e5d1c5b1853763afce64738bce13b586
---------
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 32dd29468e136392d31cc75acc3c296d3bf76eb9
Commit Message: Set QUIC network idle timeout to 30s for Envoy Mobile.
Additional Description: A proto knob was added to modify the QUIC config on idle network timeout. The proto is only set for mobile.
Risk Level: Low
Testing: unit tests
Docs Changes: n/a
Release Notes: n/a
Signed-off-by: Renjie Tang <renjietang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 56a034b447672bd97d7c48c12ff5ee27b78be4d0
Add FULL_SCAN mode to least request load balancer.
By default, the least request load balancer returns the host with the fewest
active requests from a set of N randomly selected hosts.
This introduces a new "full scan" selection method that returns the host with
the fewest number of active requests from all hosts. If multiple hosts are
tied for "least", one of the tied hosts is randomly chosen.
Added selection_method option to the least request load balancer. If set to
FULL_SCAN, Envoy will select the host with the fewest active requests from
the entire host set rather than choice_count random choices.
Risk Level: low, existing code path unchanged
Testing: unit tests add
Docs Changes: protobuf docs
Release Notes: added
Signed-off-by: Jared Kirschner <jkirschner@hashicorp.com>
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
Co-authored-by: Leonardo da Mata <barroca@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1995d9291835e3292895a34bf009c683f578e75a
---------
Signed-off-by: Juan Manuel Ollé <jolle@mulesoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c636750f00038d3fdbb67e6a27fa7861097d7e2
Lowering API limits so we can more easily test dns refresh.
Adding a bunch of e2e DNS refresh tests.
Risk Level: low
Testing: yes
Docs Changes: inline
Release Notes:
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 72c15547a7dea9735235e65e2323219d59b6a9dd
Commit Message: Cluster: make happy eyeballs algorithm configurable. Implemented configure options to specify first address family version and count in RFC8305#section-4.
Additional Description:
Risk Level: low, added a small feature guarded by runtime guard
Testing: added new unit tests
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:] added false runtime guard: envoy_reloadable_features_enable_universal_header_validator
Signed-off-by: Ting Pan <panting@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a862674c6fc9323c24d6df6207ed405204e2c88f
chore: remove `append_x_forwarded_host` runtime flag
Signed-off-by: River Phillips <riverphillips1@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6762bf3e17512bdb3b49c748dc75dd2000494606
Added uri_template with envoy.path.match extension category to allow matching with URI templates in RBAC.
Risk Level: low
Testing: unit, integration
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
Fixes#30724
Signed-off-by: kozjan <jan.kozlowski@allegro.com>
Mirrored from https://github.com/envoyproxy/envoy @ 20c7368afa9d686a109f9601ae1b9b6028b74b0a
Introduce the ability to send dynamic metadata in the External Processing Request. Also implements the API for returning dynamic metadata as part of the External Processing Response.
---------
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 8f95f9ec501febe91e3f7688a3f85e33a2052d7a
Introduce the ability to send attributes in the External Processing Request
---------
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 6952f5477cce549126cb9f12b9f62c079548fed7
---------
Signed-off-by: Antonio Leonti <leonti@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1eaaedf9aa361eea5219b911ad1de725d0da069b
See envoyproxy/go-control-plane#824 for more information
This PR adds the vtprotobuf protoc plugin for Go. This works on top of the existing protoc-gen-go, to add optimized marshal functions that callers can opt in to using. This is not like gogo, which was a very invasive change -- everything is layered and opt-in. See issue for benchmarks, etc.
Additionally, to avoid possible binary size increase, the entire new code is protected under a go build tag. Users will need to opt-in at build time (-tags=vtprotobuf). By default, there is no impact for users at all.
Risk Level: Low - only additional opt-in code
Testing: Manually tested in Istio codebase
Signed-off-by: John Howard <howardjohn@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 21b52ba73d8ebbb51834d529a68f55ea2ec5e614
Additional Description: The CryptoMB private key provider only supports RSA at the time, the patch adds ECDSA support to it.
Risk Level: Low (as contrib extension)
Testing: Unit and integration tests
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: Requires AVX512 or equivalent CPU instruction set
Signed-off-by: Xie Zhihao <zhihao.xie@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8dcb3165334b8d9fdec7bb9f5f0b103d97f858d3
* accesslog: add field to TLSProperties in data.accesslog.v3.AccessLogCommon
Signed-off-by: Li <wanxuli@ebay.com>
* Update changelogs/current.yaml
Signed-off-by: code <wangbaiping@corp.netease.com>
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
* fix intergration_test for issuer
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
* fix missing value for issuerPeerCertificate in test case
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
---------
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
Co-authored-by: Li <wanxuli@ebay.com>
Co-authored-by: code <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ 24ffda3f4f4d6aa310a20d9e4c77887581dbfce3
Commit Message: add an option to use a generic string object for the value
Additional Description:
Risk Level: low (new oneof but a recent extension)
Testing: done
Docs Changes: none
Release Notes: none
Mirrored from https://github.com/envoyproxy/envoy @ 5e4967ee54d2904cdfad853d201d2110e49eaf95
Remove decommissioned (in v5.x) bazel attribute
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 56f88a1761c7076004d5500c8aca06c4a51fc4ec
Prior to OpenSSL 1.1.0, the certificate depth limit in OpenSSL omitted
the leaf but included the trust anchor. That is, if your chain was Leaf,
Intermediate, Root, any depth limit of 2 or more allowed the
certificate.
OpenSSL 1.1.0 included d9b8b89bec4480de3a10bdaf9425db371c19145b, which
was described as a cleanup change to X509_verify_cert. However, this
change the semantics of the depth limit to omit *both* the leaf and
trust anchor. So the example above was accepted also at depth limit 1.
This is also why common.proto had a comment about different semantics
between the libraries.
BoringSSL originally forked a little before 1.0.2, so it had the older
OpenSSL behavior. Now that the new behavior has been in OpenSSL upstream
for a while, BoringSSL plans to match the new behavior in
https://boringssl-review.googlesource.com/c/boringssl/+/64707/
This change makes Envoy compatible with BoringSSLs before and after that
change. When BORINGSSL_API_VERSION is new enough, we adjust the value
before passing it in, to preserve the original semantics. I'm assuming
here that Envoy would prefer to maintain its existing semantics, rather
than change the test expectation. I've also removed the comment about
backend-specific behavior difference. Supposing Envoy prefers to
maintain existing semantics, any OpenSSL port of Envoy should similarly
adjust the value on OpenSSL 1.1.0 and up.
Along the way, fix an overflow. maxVerifyDepth is a uint32_t, but the
OpenSSL API takes an int. When we exceed INT_MAX, saturate the cast.
Signed-off-by: David Benjamin <davidben@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f7ef1eeca94f714f0d48af3dd8a43757dc63d770
update-envoy[bot]