Allows both upstream-driven and filter-controlled internal redirects, basically rerunning the whole filter chain for a new stream.
The current implementation is limited to requests-sans-bodies and complete-requests, and num-redirects = 1, but could be fairly easily extended (probably in a follow-up) to remove any of these restrictions.
I do need to add more unit tests here, but I want to make sure we're happy both the validation we're doing and where we do it. For example while this implementation forces N=1 for upstream internal redirects it allows filters to impose their own separate limits and allows them to screw up w.r.t. redirect loops. We could globally enforce by disallowing recreateStream if is_internally_created_ true but I could imagine wanting different limits for a filter redirect than an external redirect so am mildly inclined to allow filters to enforce on their own with internal checks as the router filter does.
TODO(alyssawilk) in a follow-up before killing off the initial stream, pass it the original StreamInfo and copy relevant fields (downstream timing info etc.)
Risk Level: Medium (some refactors of existing code, new high risk code paths well guarded)
Testing: E2E tests. E_INSUFFICIENT_UNIT_TESTS
Docs Changes: inline
Release Notes: yep.
Part of #3250
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ bbf5674c2c9a901ec4e964e4dd1d845516e672b2
Add support of Any as opaque config for extensions. Deprecates Struct configs. Fixes#4475.
Risk Level: Low
Testing: CI
Docs Changes: Added.
Release Notes: Added.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 851f591f4ed84594e5e5041e7ada4167a4f3a273
* api: add proto options for java
* add ci for checking proto options
Signed-off-by: Penn (Dapeng) Zhang <zdapeng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02659d411332e9f20d229f482931c15304ea17fd
This allows setting a default value for a mirroring policy.
Fixes#5273
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 85b6a7c5ffe1bc4d41d2170ed0c59474c9ca97f2
Allowing the HCM upgrades to be on or off by default, and adding per-route overrides to turn it off or on.
Risk Level: Medium (refactors existing code)
Testing: new unit and e2e tests
Docs Changes: proto docs
Release Notes: inline
Fixes#4921
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ d72eaaf6d1905f7d478ab80cc7163684fc271fd9
API for #4475.
Risk Level: Low (not implemented)
Testing: CI
Docs Changes: Added but hided
Release Notes: N/A, will add when adding impl.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 45a460fabf34698a875060482de96f7f618bdc9f
When the redirect action changes the scheme (https_redirect or scheme_redirect), remove the default port if it is set in the request. I.e. if the request is http://192.168.0.1:80/path redirected to https, the resulting URI will be https://192.168.0.1/path.
Risk Level: Low
Testing: unit and integration tests.
Docs Changes: the proto documentation.
Release Notes:
Signed-off-by: Nikolay Nikolaev <nnikolay@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0f7120968e60da62feb59f00170078611dffc18a
Add scheme and port redirects which replace the respective
URI components when applied.
Fixes issue #3060.
Signed-off-by: Nikolay Nikolaev <nnikolay@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 057edf16474df8f1ed834dbfa8ceefb45613b3a4
limiting user defined header alterations to 25 alterations (add/remove request/response headers) and 1024 bytes per alteration.
Risk Level: medium (if someone needs higher limits we can roll back and roll forward with new values)
Testing: new unit tests of one of the 17 fields affected
Release Notes: noted the new limitations
Fixes#4268
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ b9bee1e649399f838b23cb1cedfba888e1925605
This adds the ability to list arbitrary status codes as retryable.
Part of #4103
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3b00c8ee37caddca2215c5f61489d17ed2733890
This patch reintroduces PR #4217.
Signed-off-by: Tony Allen <tallen@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ bcc7a96d9e66bc0f70e3ed52161ec3471f835bdb
This reverts commit 75e54d072fa190ab78b9795f9ed7a98e1d2d33a3.
This was breaking Mac CI due to known PGV CLI limits.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ba41eea553232bdfab90d9aa32ab4b72ca6fb31
This adds the option to match on gRPC requests directly instead of
indrectly doing so through header matchers. It provides a more robust
matching mechanism, as it incorporates the gRPC content-type variations
into the check.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 701618f65a7513e2453d04ff1bc5cb2cc864c401
While there, move header modification in some tests from
route action level (deprecated in #3838) to route level.
*Risk Level*: Low
*Testing*: bazel test //test/...
*Docs Changes*: Added
*Release Notes*: Added
Fixes#4249.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6ce3e1f45005c37e4a951470ee0bcf0381738e76
Making this change so others can depend on metadatamatchcriteria_impl without needing
config_impl. Also update comments on metadata_match to specify that these fields only apply for the subset load balancer.
Context: https://github.com/envoyproxy/envoy/pull/4402/files#r216856765
Risk Level: low
Testing: tests, new and old, pass
Doc Changes: clarified docs
Release Notes: n/a
Signed-off-by: Brian Ramos <brirams@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3b3c28a1dd6be6e1dd11e543227b23891c234fe8
Description: * is being rendered out off of the docs. This fixes that.
Risk Level: low
Testing: generated docs locally.
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5c3169f863c4fc492f5a6a3220aef852451719ec
This adds the necessary configuration and interfaces to register
implementations of RetryPriority and RetryHostPredicate, which will
allow configuring smarter host selection during retries.
Part of #3958
Risk Level: low, api changes
Testing: n/a
Doc Changes: inline
Release Notes:n/a
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ f75577daab6bcd98f191ad915dd21eb341dd3b95
Add a terminal attribute to request hash policy.
Think about a case where customers want to hash on a cookie if it's present but if it's not present, do best-effort sticky based on something like IP so the customer has a stable hash.
This "terminal" allows request hashing to have the ability of "if A not working, fallback to B.", which also saves time to generate the hash.
Changes:
* Add a terminal attribute to HashMethod, which shortcircuit the hash generating process if a policy is marked terminal and there is a hash computed already.
Signed-off-by: Xin Zhuang stevenzzz@google.com
Description: Add terminal attribute to request hash.
Risk Level: Low
Testing: unit tests.
Mirrored from https://github.com/envoyproxy/envoy @ ee710d0a92b476cc3d7a0f99f11b62675d1a4e01
Signed-off-by: Daniel Hochman <danielhochman@users.noreply.github.com>
Risk: trivial (Documentation only change)
Mirrored from https://github.com/envoyproxy/envoy @ f13ef246488f2ca1c1cc925ed90d1c76695cc624
This adds the ability to specify response_headers_to_* and request_headers_to_add at the route level, for #3520
Risk Level: low
Testing: updated unit tests
Docs Changes: added
Fixes Issue: #3520
Signed-off-by: Derek Argueta <dereka@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ ec0179a78b6928f2ae96a43811c27b059d9186d7
This is a followup to #3841, where we introduce HCM-wide stream idle timeouts. This has two effects:
1. We can now timeout immediately after stream creation, potentially before receiving request headers and routing.
2. A default timeout can be configured across all routes. This is overridable on a per-route basis.
The default and overriding semantics are explained in the docs. Also added as a bonus some docs
about how timeouts interact more generally in Envoy.
Fixes#3853.
Risk Level: Low. While there is some change to the per-route vs. HCM wide semantics for stream idle
timeouts, it's not anticipated this feature is in common use yet (it's only a couple of days since
landing), and the caveats in #3841 with the new 5 minute default timeout should already apply.
Testing: Unit/integration tests added.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 672083c7ba4e92fe9548252c45d84d583a95102d
Fixes#1778.
Risk level: Medium. A very conservative 5 minute default idle timeout has been set, which should not affect most deployments with default timeout already kicking in for connection idle or upstream idle. This will however affect things like hanging POSTs.
Testing: Integration and unit tests added for various timeout scenarios.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 45fe83e4eb5344afd1d6a7b0017570ab459f4877
adds the required visibility rules and delegates the rest to the generic
api_proto_library. I tested the change by doing the following without
getting errors.
./ci/run_envoy_docker.sh './ci/do_ci.sh docs'
I changed the BUILD files using the following commands.
/envoy/api$ find . -type f -name BUILD | xargs sed -i -e 's/api_proto_library(/api_proto_library_internal(/g'
envoy/api$ find . -type f -name BUILD | xargs sed -i -e 's/"api_proto_library"/"api_proto_library_internal"/g'
Signed-off-by: mickey <mickeyju@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4b871c0ab9350882271a490adcee44e613ed9807
*Risk Level*: None
*Testing*: bazel test //test/...
*Docs Changes*: n/a
*Release Notes*: n/a
Found with buildifier.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0e8964c83f359916ecbf9c01a03ade3c92aac479
This enables configuring Envoy to generate cookies that expire at the
end of a session instead of requiring them to have an explicit max-age.
Risk Level: Low
Testing: added unit tests and an integration test
Docs Changes: documented new behavior in API and release docs
Release Notes: router: allow cookie routing to generate session cookies.
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 396f52de26e8864dbbefa903ff605bd52af11b3e
data-plane-api(CircleCI)