Deprecate google.protobuf.Struct config members in the following types:
envoy.api.v2.auth.PrivateKeyProvider
envoy.api.v2.listener.UdpListenerConfig
envoy.config.filter.accesslog.v2.ExtensionFilter
Risk Level: Low
Testing: Unit Test
Docs Changes: N/A
Release Notes: N/A
Fixes: #8403
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d36adbb5c4aad13af21f109b86978b8478f54409
Wires up the upstream side of HTTP/1.1 header formatting and documents the header casing behavior.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 86420eb64a750fd6025cf5efc8b846c8fe63f0c9
Adds a configuration option that will convert all header keys into
Proper-Case. This is useful to allow Envoy to respond with headers
that match the casing of other systems, to ensure that the wire format
of responses is unchanged when migrating to Envoy.
Fixes#8463
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7846427d7aafb9e023c38bb6e704262f7c724c92
Fix PGV location references and TODOs. Remove some unused imports.
Risk Level: Low (locations in comments and simple TODOs as outlined by @htuch)
Testing: bazel build @envoy_api//envoy/..., bazel test //test/...
Signed-off-by: Michael Payne <michael@sooper.org>
Mirrored from https://github.com/envoyproxy/envoy @ 68ca6746d168c6cea26d21479ef50b2be9aaa25d
A skeleton tracer to incrementally add support for AWS X-Ray
Risk Level: Low
Testing: unit tests for functionality in util - the rest of files have no business logic to test yet
Signed-off-by: Marco Magdy <mmagdy@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ f68368f1a497d8f9254a714c2694cee88477438d
Modifies the pedantic spell checker to better handle camel-case words.
Each part the word is now treated as a separate error in both the check
and fix modes.
Disables run-together mode for aspell, which allowed typos such as
"mananger" (man + anger). Fixes the resulting spelling errors.
Miscellaneous other fixes:
* Provides an option to replace a word without adding the word to the
dictionary (in case aspell's suggestions do not contain the correct
replacement).
* Fixes a bug in the script when no suggestions are returned by aspell.
* Checks the dictionary and added words for invalid characters that cause
aspell errors at dictionary load time.
* Sets the mark flag when in CI runs so that misspelled words are indicated.
* Culls words from the dictionary that are no longer in the codebase, or are
otherwise not needed.
Risk Level: low (comments only)
Testing: n/a
Doc Changes: n/a
Release Notes: n/a
Fixes: #8481
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ de70fe54cdba6b022b3971379afa535f402f2ffe
Signed-off-by: Manuel Jurado <manuel.jurado@socialpoint.es>
Mirrored from https://github.com/envoyproxy/envoy @ e0e94c5a52ee692468fd2b802a0430dd5b35854f
This reverts commit 596cd4894c8ecd536c1da1dddecaae3531f269ea.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8c4afa6fee5e104c7b195657a3c22e23f062eb11
Modifies the pedantic spell checker to better handle camel-case words.
Each part the word is now treated as a separate error in both the check
and fix modes.
Disables run-together mode for aspell, which allowed typos such as
"mananger" (man + anger). Fixes the resulting spelling errors.
Miscellaneous other fixes:
* Provides an option to replace a word without adding the word to the
dictionary (in case aspell's suggestions do not contain the correct
replacement).
* Fixes a bug in the script when no suggestions are returned by aspell.
* Checks the dictionary and added words for invalid characters that cause
aspell errors at dictionary load time.
* Sets the mark flag when in CI runs so that misspelled words are indicated.
* Culls words from the dictionary that are no longer in the codebase, or are
otherwise not needed.
Risk Level: low (comments only)
Testing: n/a
Doc Changes: n/a
Release Notes: n/a
Fixes: #8481
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 596cd4894c8ecd536c1da1dddecaae3531f269ea
Add the ability to route match based on client credentials.
This is an output of the changes requested for PR #8248 (#8248 (comment))
To more cleanly support #8248 , it would be better to be able to route based on downstream connection details, instead of hoisting more information into headers.
As an API example, route matching based on presented and/or expired client certificate is supported.
The end goal for #8248 is to route based on 'validated'.
By default the routing rules are unchanged.
Risk Level: Medium
Testing: Currently Manual tests
Docs Changes: API proto changes
Release Notes: N/A
Signed-off-by: Michael Hargreaves <mik.hargreaves@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 350e4ce17b8bcf3880fdd87ca41814261d6bffed
Generate or format next free field annotation via protoxform.
Risk Level: low
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Fixes#8429
Signed-off-by: Yi Tang <ssnailtang@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 986173ed516dcc1c3dea7db90659ed993d0aad75
*Ability to add custom upstream headers from ratelimit service/filter.
*For LimitStatus::OK, custom upstream headers are added if RLS service sends upstream headers.
Risk Level: Low
Testing:
Unit and integration tests added.
Verified with modified github.com/lyft/ratelimit service.
Passes "bazel test //test/..." in Linux
Docs Changes: protobuf documentation updated
Release Notes: ratelimit: support for adding custom headers to upstream server
from ratelimit service
** Issues: #6141
Signed-off-by: Nandu Vinodan <nandu.vinodan@freshworks.com>
Mirrored from https://github.com/envoyproxy/envoy @ c2a396c84cc97711eef0231f04d81ce680652abb
Handle udpa.type.v1.TypedStruct embedded into google.protobuf.Any
Risk Level: Low
Testing: Unit and Integration Tests
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b4eaa177332a131fb41fd086fcb4bec63f9130d9
This commit introduces optional connection rebalancing
for TCP listeners, targeted as cases where there are a
small number of long lived connections such as service
mesh HTTP2/gRPC egress.
Part of this change involved tracking connection counts
at the per-listener level, which made it clear that we
have quite a bit of tech debt in some of our interfaces
in this area. I did various cleanups in service of this
change which leave the connection handler / accept path
in a cleaner state.
Fixes https://github.com/envoyproxy/envoy/issues/4602
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 587e07974e6badb061ee3c9413660ab47f42750f
Description:
Risk Level: Medium (Opt-in required)
Testing: unit test, integration tested.
Docs Changes: TODO(incfly) add an architecture docs.
Release Notes: New feature, implement `Cluster.transport_socket_matches`. Envoy can be configured to use different transport socket configuration to different endpoints based on metadata match.
Fixes#8016
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ cc057ce626adb2076d3dddb8dec4628c62fc5b35
This patch moves away from the paradigm of sed-style upgrading of every v2
package to v3alpha. Instead, an additional type analysis phase is
performed prior to protoxform by a protoc plugin known as the "type
whisperer".
The type whisperer produces structured type dependency information for
each .proto. The tools/type_whisperer/typedb_gen.py tool then knits
these together to provide an API-wide type dependency graph. This is
then used to determine which types need upgrading (either they have
breaking changes or transitively depend on types with such changes).
Only packages with upgraded types now undergo the v2 -> v3alpha
transition.
The API type database is checked into
source/common/config/api_type_db.pb. This may seem a strange location,
but in the future we will include the type database as a build artifact
for the Envoy binary, as it will be used by the reflection-based version
converter to find the type upgrade path for input proto.
Risk level: Low (the v3alpha protos are not used yet).
Testing: fix_format, manual inspection of diffs, bazel test //test/...,
docs build.
Part of #8082Fixes#8490
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ad57b58cfbb256af41a467260dce2a8013b7a7fa
This allows changing the precedence of global/vhost/route level
configs when adding/removing headers.
Fixes#8450.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6460467c366e26d63feb1ebe1ffd9d86dcb9ceca
Adds a max request and response header count limit with default value
100. This value is configurable in the bootstrap. Runtime configurations
envoy.reloadable_features.http_connection_manager.max_request_headers_count
and
envoy.reloadable_features.http_connection_manager.max_response_headers_count
override the default limit of 100.
Both the codecs and the HCM perform this check.
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5c122a35ebd7d3f7678b0f1c9846c1e282bba079
This provides canonical BUILD formatting and puts protoxform in charge
of being able to determine import paths, without having to worry about
Bazel implications.
Part of #8082.
Risk level: Low
Testing: tools/proto_sync.py, visual inspection of diffs.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e53f40f0e5ccc84fca5cd350416fe0f2accf8229
As part of #8082, we want to be able to (1) automatically generate BUILD
files and (2) treat packages as atomic from a "upgrade / do not upgrade"
decision perspective. This is simplified by having our BUILD targets at
package granularity, since this is what the protoxform plugin operates
on.
This PR broadens the package-level treatment that was already introduced
for Go in #8003 to Python and C++. This simplifies BUILD files
significantly and opens the way to automated generation.
There is some technical debt introduced, since all visibility controls
have been removed. This is slated for reintroduction in
https://github.com/envoyproxy/envoy/issues/8491.
As a bonus (useful for BUILD file generation), also removed the
inconsistency in BUILD package target naming for packages in envoy.api.*
and envoy.type.*. E.g. //envoy/api/v2:v2 is now //envoy/api/v2:pkg.
Risk level: Low (but this will break internal builds and require BUILD
fixups to consuming projects).
Testing: bazel test //test/... @envoy_api//...
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4e858f17fe08224c9c089240908ccd0c518e01a7
* [#not-implemented-warn:] was barely used and its purposes are better
served by [#not-implemented-hide:].
* [#proto-status:] was there for an earlier style of versioning, where
APIs were "frozen" or "draft", etc. Now we have semantic versioning
and a regular API clock as per #6271.
Part of #8371.
Risk level: Low (docs only).
Testing: Docs rebuild.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c4b6f2b3d614a15f312e34f4664ebeb96d07d12
This captures the API versioning guidelines implied by
https://docs.google.com/document/d/1xeVvJ6KjFBkNjVspPbY_PwEDHC7XPi0J5p1SqUXcCl8/edit#heading=h.xgk8xel154p
and splits apart the Envoy API and internal implementation breaking change policies.
Some of the policy decisions (e.g. not allowing vNalpha to be hand edited, how we do manual breaking
changes, etc.) have been added to these guidelines based on recent experience with protoxform and
mechanical major version upgrade work, they are not part of the original stable API versioning work.
Risk level: Low
Testing: Formatting and docs build.
Fixes#8371
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3801c6846a5c7bf4d230f1dad58985f2bb8bcdeb
Delta ADS/xDS support. Added NewGrpcMuxImpl, a GrpcMux implementation that supports delta (and is intended to soon take over for state-of-the-world). DeltaSubscriptionImpl (which can soon be renamed to/replace GrpcSubscriptionImpl) now uses that new class. NewGrpcMuxImpl is the first user of the recently added WatchMap.
Risk Level: medium (huge new thing that people aren't using yet)
Testing: added delta param variant to ads_integration_test
Docs Changes: added source/common/config/README.md and accompanying diagram, added to root/configuration/overview.rst and root/intro/arch_overview/operations/dynamic_configuration.rst.
Release Notes: added support for delta xDS (including ADS) delivery
Fixes#4991
Signed-off-by: Fred Douglas <fredlas@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ abb14cdd7aa50d0a54a9288420a098314581782a