Move bazel/utils.bzl into api/bazel
The api/... subtree depends on utils.bzl, but it is stored in //bazel,
not //api/bazel. When the api sub-tree is exported as
"data-plane-api", the resulting repository is not buildable.
This attempts to fix that by changing the canonical location of
utils.bzl and updating the references to it.
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Mirrored from https://github.com/envoyproxy/envoy @ 35ef2c4eeac8e930e3c00e40baaea5271590db41
* Update googleapis to 114a745 and xDS API to 46e39c7
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8319b9287e5324a4f24bfd2072493c1a208cfa83
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ cce99bf8b006b16b1be212c18cc0a267e72fe7da
This cycles proto deps and creates a descriptor file from them.
This will allow other proto plugins to call protoc with the descriptor
file and just their `direct_sources` and not all of the `transitive_sources`
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ 00aab5c9c89b16435633613e5e57374f28cd7e26
Signed-off-by: Xie Zhihao zhihao.xie@intel.com
Commit Message: rbac: add unified matcher for RBAC filters
Additional Description:
The patch add the matching API support for both RBAC network filter and HTTP filter. Users can configure rules and shadow rules in either policies or the matching API manner. There are some incompatibilities, TODOs and behavior changes compared to the policies way.
RBAC matchers are not compatible with the matching API.
URL path and CEL are not supported in the matching API. These matchers may come as custom matcher.
Metadata is not supported in the matching API. These matchers may come as inputs.
Connections and requests with no matcher matched will always be denied.
Risk Level: Medium
Testing: Unit and integration
Docs Changes: API and configuration
Release Notes: WIP
Platform Specific Features: N/A
Fixes#20623
Mirrored from https://github.com/envoyproxy/envoy @ 42cb84456d53d053eb1ae94680d07a74f4545a48
Commit Message: deps: Bump com_github_cncf_udpa (cncf/xds)
Additional Description: Updating to the latest cncf/xds main as of 2022-05-18
to get CEL matcher and CEL Expression APIs. Will be needed for #9793.
Full changelog: cncf/xds@7f1daf1...d35b9e6.
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8a15908bf38ed2ad8d134f026940aa8480872da1
The plans for bazel to move to rules_cc have been postponed without any
communication. There's no value to us in using this right now, but it
will be trivial to re-adopt in the future if needed. But it has the
downside of using a fork of bazel's crosstool, that has to be updated
independently of bazel, which doesn't always happen as improvements are
made.
More details: https://github.com/bazelbuild/rules_cc/issues/86https://github.com/bazelbuild/bazel/issues/14150
This also required a `--host_action_env` addition to mirror the variables we
pass through to actions in general. This is required because C++ toolchain
setup which discovers linkers in the cc configuration which uses PATH directly,
but then host actions didn't use PATH because of
--incompatible_strict_action_env, so gcc couldn't discover the path of lld even
though `-fuse-ld=lld` was passed.
Fixes https://github.com/envoyproxy/envoy/issues/16608
Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1edd65f80bd8ded5cb2c0ebeec818784ebd76bfb
- Add ability to fail on deprecated or WiP
- Add basic tests to the validator.
- PGV checks will now recurse into all sub-messages, including
Any messages, allowing for full verification of the message tree.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 80458835e87ba03019df319a1927ae0d17956dd3
There are a few tools that require the repository_locations data, currently we are bringing that data into the python by putting the implementation (as opposed to the abstract library) in the envoy repo, this will allow us to instead pass the repo locations data as a file/cli flag, and move the implementation into the upstream tooling
This PR also avoids using the old SourceFileLoader + bzl files method of loading the data, instead loading directly from the write_json rules for the repo files and interpolating
There is a more generic implementation of some of what is required here in #17998
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ f2d3f523ee4170f7ded205523526c592e2550f75
Breaking ground for network property unified matchers with a custom
trie-based matcher.
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d3ef83a5cb822e0ba1a13e4c32abf6f061bdddf1
Signed-off-by: James Heppenstall <james.heppenstall@mongodb.com>
Mirrored from https://github.com/envoyproxy/envoy @ 293965652ff8782143ce3be9c25a8109f522c125
Update to latest commit of xDS protos.
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ea223b1a6cd999fecf60d3cdea3ccc589e86f9a3
This includes some more go_package annotations in the protos
Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 17d00f7e9a75b494d8cdeac77be4647619a1a9fa
This is a first step towards https://github.com/envoyproxy/envoy/issues/17920
A single proto (kafka mesh) has been swapped from using the udpa
file_status annotation to the xds file_status annotation to avoid a
large amount of churn and a forthcoming migration of many alpha/wip
protos to non alpha/wip. The rest will be audited and swapped in
future PRs. This single one was done to make sure the doc machinary
works properly.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ f0f17a3caa75106a9e28b99edc27dd09c1bed488
This PR is a continuation to #17515 - it adds a script that uses buf to check for breaking changes on proto files in the api folder. It does so by comparing the current api folder against the api folder at the git commit computed by tools/git/last_github_commit.sh - that should hopefully represent the most recent commit on main (if there is a better method to obtain the base branch commit, let me know!).
Adding the script also required re-organizing some of the breaking change detector logic from the previous pr: some levels of abstraction were added, and the detector now expects a git repository and ref as the input for initial state (rather than a proto file).
The script is invoked in do_ci.sh if bazel.api_compat is specified as the CI_TARGET.
This PR also bumps the buf bazel dependency to 0.53.0. If this is preferred to be in a separate PR, let me know and I would be happy to do so
Risk Level: low (hopefully) - the CI script will be invoked in a separate CI pipeline job that can be set to be optional on github. The azure pipeline has been added but needs to be set to optional by a CI maintainer
Testing: New scripts and logic were tested manually; also ran tests from the previous PR and they still pass. hoping to observe more output of this tool through reading CI logs of other PRs once this is merged (this PR should not affect the existing PR workflow - refer to Risk Level)
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: CI script uses a linux binary for buf so it cannot be run outside of docker on non-linux systems
Fixes#3368
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f30c289e456df11d549d7236c56f22da00500e9e
data-plane-api(Azure Pipelines)