Add a new optional field to TlsParameters to configure signature algorithms.
The value is used during TLS handshake in TLS Signature Algorithms extension.
It indicates which signature algorithms may be used for digital signatures.
The value can be used for both DownstreamTlsContext and UpstreamTlsContext.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Mirrored from https://github.com/envoyproxy/envoy @ 084794dd06c36edbcb27e05dc06c9d56a72b403f
* accesslog: add fields to ALS proto
Signed-off-by: Lex Herbert <lex.herbert@gmail.com>
* update code to match proto changes
Signed-off-by: Lex Herbert <lex.herbert@gmail.com>
* address PR feedback
Signed-off-by: Lex Herbert <lex.herbert@gmail.com>
---------
Signed-off-by: Lex Herbert <lex.herbert@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ a565b6e68ab269540a16c03fa5a6183d0cb3094f
This can help ext_proc server to extend the timeout value in case it needs more time to process a request in special situations like cold start a WASM module when receives the first request.
Risk level: Low
Testing: Integration tests.
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f23c23e24264bfe0bf9453a071ec7040f79dc347
Signed-off-by: Stefan Schönbächler <stefan@schonbachler.org>
Mirrored from https://github.com/envoyproxy/envoy @ 4e6956f77ce9685237f9a523e0aa59ef5f171455
add support for warm on init flag for redis cluster
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ bb546b0e65932a47d160b0b6e676f43381d6aa00
* Add disabled option to cache filter
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Avoid constructing OptRef from nullptr
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Disabled test should use cacheable request
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Don't use oneof, make disabled separate
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* No longer using validate.proto
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Add use-cases to disabled field doc
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Doc formatting better
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Use ref link
Signed-off-by: Raven Black <ravenblack@dropbox.com>
---------
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ c430a5ab8f0e83c057ee3df0f8e836f45d39d759
Commit Message: http: periodic HCM access logs
Additional Description: Make it possible to log periodically from the HCM. This parallels the work already done in TcpProxy.
Risk Level: low
Testing: unit tests.
Docs Changes: none
Mirrored from https://github.com/envoyproxy/envoy @ e11d5de33e342400a8102dcdfabad48b7da987b7
Client-wide WRR added with #24520 needs to support the weight penalty using the error rate. This change adds a parameter that configures this behavior.
Risk Level: Low
Testing: N/A
Signed-off-by: Yousuk Seung <ysseung@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d5ab0a64c7924e526842f6edd1e5a3a7615fd221
Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5e83af5042ec4ff87cad9d3baf476fbd57a7d048
If present, force http-parser (if value is false) or BalsaParser (if value is true). If not present, parser is selected based on envoy.reloadable_features.http1_use_balsa_parser.
Tracking issue: #21245
Signed-off-by: Bence Béky bnc@google.com
Commit Message: [balsa] Add Http1ProtocolOptions field to override HTTP/1 parser.
Additional Description:
Risk Level: low
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: n/a
Signed-off-by: Bence Béky <bnc@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 80530fd0a32e242327c684cfe262d88e0f5eacbb
There are some issues/quesions about the cors filter usage. And this PR do a minor update to the cors filter's docs and example to clarify the function and latest recommend usage of cors filter.
Risk Level: low.
Testing: n/a.
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ acd218e1d96a64fd9300977e38d5f5398422b820
Commit Message: adding filter state matching input
Additional Description: Adding a matching input of type 'FilterStateInput', that retrieves a specific filter state object by a given key and uses the serialized value as a matching candidate.
Risk Level: low
Testing: unit and integration tests
Docs Changes: matcher_api
Release Notes: none
Platform Specific Features: none
Mirrored from https://github.com/envoyproxy/envoy @ f52d559e0479824b9c964e4c028fa373bcb9b767
This reverts commit 1f4f60003ea4331e71d661a536e6c4dcdf23f8db.
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ 27cab5153d080bce2715395325da43267e04a009
* Introduce a new field, "failed_status_to_metadata" inside the JwtProvider for getting the JWT
authentication failure inside the metadata.
Signed-off-by: danield <danield@radware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6be3c6edd98c113f0fd8d55f8928c5136a79b844
Risk Level: Medium
Testing: Unit test that verifies the documented behavior is correct
Docs Changes: API documentation added
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Adrien Guinet <adrien@reblaze.com>
Mirrored from https://github.com/envoyproxy/envoy @ c7c462fa4c10b7a71edd57ab2029619e752f4b2b
Generic services are deprecated since protoc version 2.4.0 (2010). Protoc plugins that generates code may require that generic services are disabled, so that they can generate their own classes of the same name.
Risk Level: Low
Fixes#25172
Signed-off-by: Sébastien CROCQUESEL <88554524+scrocquesel@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ baec129464bba6e3651147a0d846e8c1f4610199
Add API for:
evict_fraction: evicting a fraction of the exceeded limits extra to reduce churn.
max_eviction_frequency: do an eviction pass before it's necessary, to ensure the stats aren't too out of date.
min_eviction_frequency: don't do an eviction pass even if limits are reached, to reduce churn.
create_cache_path: option to attempt to create the cache path if it does not exist.
Remove not-implemented-hide for:
max_cache_size_bytes
max_cache_entry_count
Clarify name for:
max_cache_entry_size_bytes -> max_individual_cache_entry_size_bytes: to avoid confusion with max_cache_size_bytes
Risk Level: None, extension is WIP and no change to existing behavior.
Testing: n/a
Docs Changes: Adds some generated docs.
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ eb4933645c3f5ddd47442174cce48cf59ba9e956
This commit marks the `grpc_service` of the opentelemtry configuration as optional and if the resulting field is empty, the plugin will abstain from sending the trace data to any collection service.
This means that the opentelemetry plugin will still generate and propagate trace headers, but they will no longer be sent to the collector.
Signed-off-by: Ashish Banerjee <ashish.banerjee@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ c424ab9b0165357b715866ee2906cf3fc717e4e8
This pulls the validation listener manager code into an extension, such that there's no hard-coded dependency on the TCP listener code. It should be a no-op for Envoy and a slight memory improvement for Envoy Mobile which does not support or use validation mode.
Risk Level: low
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ ec9099786796da6f834a6d562d0c3939c342a5e1