Signed-off-by: Xie Zhihao zhihao.xie@intel.com
Commit Message: rbac: add unified matcher for RBAC filters
Additional Description:
The patch add the matching API support for both RBAC network filter and HTTP filter. Users can configure rules and shadow rules in either policies or the matching API manner. There are some incompatibilities, TODOs and behavior changes compared to the policies way.
RBAC matchers are not compatible with the matching API.
URL path and CEL are not supported in the matching API. These matchers may come as custom matcher.
Metadata is not supported in the matching API. These matchers may come as inputs.
Connections and requests with no matcher matched will always be denied.
Risk Level: Medium
Testing: Unit and integration
Docs Changes: API and configuration
Release Notes: WIP
Platform Specific Features: N/A
Fixes#20623
Mirrored from https://github.com/envoyproxy/envoy @ 42cb84456d53d053eb1ae94680d07a74f4545a48
Commit Message: add stats prefix for route
Additional Description: Adds API for stats generation support per route.
Risk Level: Low
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
API for #3351
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7b937e8cd5796cf19d14f20abcb6be81f149c68b
Risk Level: low (and config guarded)
Testing: new unit, integration tests
Docs Changes: in with APIs
Release Notes: inline
part of envoyproxy/envoy-mobile#1622
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 71f7f2c54b4c7c8b3c076ad22d849914c25f62e8
Make sure a config option is a valid header name.
Signed-off-by: Andre Vehreschild <vehre@x41-dsec.de>
Mirrored from https://github.com/envoyproxy/envoy @ 2db5f021551b67cb37c49ca769bf1ab659897bc9
The default value of most_specific_header_mutations_wins is false.
Signed-off-by: derekguo001 <dong.guo@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 774bcedf31ac495f4ccb9df5d702f2be6d169079
* Change API to only allow poll delay values greater than or equal to 1ms and create tests.
Signed-off-by: Ville Pihlava <ville.pihlava@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ cfb7b64116283e27d848b2721973513ffc0937cd
API for Unified Header Validators
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e569ce06101932cfe3ccb710c3c60b92dd09464b
Based off #20596, this preserves the current behavior by default.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Co-authored-by: fishy
Mirrored from https://github.com/envoyproxy/envoy @ 53867ab5cc97c945f8c7f6a771d28443b1bcec43
udp: Add a udp_packet_packet_writer_config option to UdpListenerConfig.
Fixes#21200
Risk Level: Low
Testing: Existing and additional tests
Docs Changes: None
Release Notes: Added
Platform Specific Features: N/A
Signed-off-by: Ryan Hamilton <rch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3a7b26aa3909488a8561a232b82845b8b4cd38bb
Commit Message: deps: Bump com_github_cncf_udpa (cncf/xds)
Additional Description: Updating to the latest cncf/xds main as of 2022-05-18
to get CEL matcher and CEL Expression APIs. Will be needed for #9793.
Full changelog: cncf/xds@7f1daf1...d35b9e6.
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8a15908bf38ed2ad8d134f026940aa8480872da1
Commit Message: make HTTP/3 upstream sends 0-RTT (early data) requests if it has cached 0-RTT credentials. Add a config knob in RouteAction to specify which request can be sent over early data, which by default are HTTP safe methods.
Risk Level: high, changes to conn pool behavior though should only take effect for h3 pool
Testing: added h3 upstream integration tests.
Docs Changes: N/A
Release Notes: changes to docs/root/version_history/current.rst
Platform Specific Features: N/A
Runtime guard: envoy.reloadable_features.http3_sends_early_data
Fixes#18715, #19542
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ce13d75a982ddd347db5a333a4bb080922f7514
* Add an option to RouteConfiguration, when enabled, ignore port contained in host header during host matching.
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2f99e0c9f83b6c91b42d215a148ed49ce0f174fd
Note: support for logging headers (via %REQ()%) will happen in a follow-up.
Risk Level: medium
Testing: unit tests
Doc Changes: included
Release Notes: updated
Fixes#17898.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 01a0ff52ed3a1e55b14c3bbff4daede6c61fd5fb
Allows users to opt-in to functionality to auto-detect proxy protocol if present, and skip the filter if it's not present.
Signed-off-by: Kevin Dorosh <kevin.dorosh@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 18c59eaf1b78c5b6bbe4d6ad96009ec3ecd895e1
This adds an odcds_config field to the extension's config, and also allows the extension to be configured per-route. As it stands, it currently works only with routes using cluster-header config.
Risk Level: Medium, extending one extension in an opt-in way.
Testing: Added unit tests and integration tests.
Fixes#2500
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ a41b254a4e8f1faf40033c50c7122aa654186f63
To avoid HOL blocking impacts on slow connections.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ d0befbbb952c979782857bdb986bec562d9a3c2f