Commit Message: Add initial stream and connection level flow control windows to envoy.config.core.v3.QuicProtocolOptions which is be used in QUIC listener config and Http3 upstream cluster config.
Risk Level: low
Testing: re-enable more Http3 downstream protocol test.
Part of #2557#12930#14829
Signed-off-by: Dan Zhang <danzh@google.com>
Co-authored-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fe62d976a26faa46efc590a48a734f11ee6545f9
Commit Message: allow HCM to config Http3Options and use it with other HCM configs, i.e. max_request_headers_kb and headers_with_underscores_action, to setup QuicHttpServerConnectionImpl. And support these configurations in QUIC. Currently the only Http3Options configuration is override_stream_error_on_invalid_http_message.
Additional Description: added Http3 codec stats. Pass it along with Http3Options and other HCM configs.
Risk Level: low
Testing: enable related tests in quic_protocol_integration_test
Docs Changes: updated docs/root/configuration/http/http_conn_man/response_code_details.rst
Part of #12930#2557
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c93d486c2d303dbf2cc9f88717de0bfd66e1afdb
Adding a deprecated API version annotation to deprecated fields and enum values in proto files.
This is part of the work on adding minor/patch versioning work.
Risk Level: Low (adding annotation to existing protos).
Testing: Added and modified tests for the tooling (in tools/testdata).
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5a8bfa20dc3c85ecb61826d122696ecaa75dffa0
Fixes#15579
Risk Level: n/a (no functional change)
Testing: Unit test to verify case added to docs
Docs Changes: Added definition of default value
Signed-off-by: Eric Anderson <ejona@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 54fc5dc459c06d15494fd759ac3e4c4785f6a7b5
Alas I didn't end up moving all of the protocol options over, as the cluster has its own timeout params so most of the QuicProtocolOptions are listener-specific.
Commit Message: adding quic protocol config to quic upstream
Risk Level: n/a (quic only)
Testing: unit tests
Docs Changes: n/a
Release Notes: n/a
part of #14829
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 255f78b3cc66d9ed3aa86cb491d98759314294b9
This is a fast follow from https://github.com/envoyproxy/envoy/pull/15388.
I realized that I made a mistake in not using a common configuration
message. There will be more configuration options such as GRO, etc. that
will be configured similarly in multiple places. I'm correcting this
mistake now since the other change just landed within the last couple of
days.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ bd05ab7b74c2ee288aea9772a03d521cd761bd59
This PR is the first step towards xdstp:// dynamic context parameter support. It introduces an
interface by which per-resource type dynamic context parameters can be set on the server. In
addition, it adds support for propagating these to Node (for legacy non-xdstp:// use cases) and
triggering discovery requests on update.
Risk level: Low
Testing: Unit and integration tests added (ads_integration_test).
Part of #11264
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 36e05482cc27b4d2b5765fdebcdb5fef16f07d84
Add information about known extension categories (types) to extension documentation
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ 7adc0393221467fcae18052c1f7caf0cb6048d2e
Only adding explicit (hard-configured, or downstream-initiated) HTTP/3. Getting Auto for UDP/TCP is going to take substantially more work. HTTP/3 config will be rejected initially to keep this PR simple as possible.
Risk Level: Low (unused, hidden)
Testing: new unit tests
Docs Changes: n/a
Release Notes: n/a
Part of #14829
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ d06b41c670e29de9d09f0f088e007611f3800db9
Fixing "warning: Import ... but not used" warnings from protoc
Risk Level: Low
Testing: manually built protos
Signed-off-by: Chris Heisterkamp <cheister@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 209b8f96498162834856a4330f27deafdf7e0518
This change is motivated by #14221 where we use a SubstitutionFormatString as a way to define custom HTTP response body rewrites.
Commit Message: formatter: add text_format_source, relax minimum string length on text_format in SubstitutionFormatString
Additional Description: The relaxed field validation on text_format now allows a user to replace something with nothing, e.g. to replace a non-empty HTTP response body with an empty one. The text_format_source field allows for a DataSource to be used to supply text inside of providing it inline.
Risk Level: low (new fields)
Testing: unit test needed for text_format_source
Docs Changes: NEEDED
Release Notes: NEEDED
Platform Specific Features:
Signed-off-by: John Esmet <john.esmet@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 43bf707f9516264f086ded6431e294150fa30b06
The connection timeout applies to the idle timeout in the common HTTP
protocol options message in the HttpConnectionManager, not to the
RouteAction idle timeout.
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6246920219ac0ba215bfd0b5462ef78036363b75
This is a followup to #13950 in which the transport API is also
fatal-by-default.
Risk level: High (this will break anyone who is still using v2 and has
not enabled CLI or runtime override)
Testing: Various tests updated as described above. New unit test added
for bootstrap to server_test and to ads_integration_test for
dynamic rejection behavior. api_version_integration_test continues to
provide the definitive cross-version transport API integration test.
Release Notes: Same as #13950.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9093131e2a01d368566741943e112fa629c96725
As per discussion summarized in
#13555 (comment), we will not use structured
xdstp:// names/locators in the API initially. Instead, we will re-use existing string fields for
names and special case any name with a xdstp: prefix. We leave open the option of introducing
structured representation, in particular for efficiency wins, at a later point.
Risk level: Low (not in use yet)
Testing: CI
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d1ded6b381ca92cbacb2e0683adf997239b12272
As per the decision to move the cncf/udpa repository to cncf/xds branding.
Also updated cncf/udpa hash and updated identifier handling (moved from repeated to a flat string).
Risk level: Low (the only breaking API changes affect not-implemented-hide fields).
Testing: New unit tests for path components.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8c4a3c77a7de016a118aacc4cea933951b85e589
There are a few limitations in our existing support for symlink-based
key rotation:
We don't atomically resolve symlinks, so a single snapshot might have
inconsistent symlink resolutions for different watched files.
Watches are on parent directories, e.g. for /foo/bar/baz on /foo/bar,
which doesn't support common key rotation schemes were /foo/new/baz
is rotated via a mv -Tf /foo/new /foo/bar.
The solution is to provide a structured WatchedDirectory for Secrets to
opt into when monitoring DataSources. SDS will used WatchedDirectory
to setup the inotify watch instead of the DataSource path. On update, it will
read key/cert twice, verifying file content hash consistency.
Risk level: Low (opt-in feature)
Testing: Unit and integration tests added.
Fixes#13663Fixes#10979Fixes#13370
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 122257ef6ade0009feafc3c9142d480260fe069f
Add flag protected checks for frame flood and abuse by upstream servers
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6b0f592dd34819fe094de9c6d11695e806bdd1d2
Adds a no_traffic_healthy_interval for when a cluster is marked healthy
and we want to use a different interval than no_traffic_interval
Fixes https://github.com/envoyproxy/envoy/issues/13246
Risk level: Low
Testing: Unit test
Signed-off-by: Chuong Vu <chuongv@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 593be2274c3cba09873f162dd1d0c4d1fcf18641
This patch allows to set parent context which carries the current request stream info to a gRPC async client instance.
Risk Level: Low
Testing: Added
Docs Changes: Updated
Release Notes: Added
Fixes#13345
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ e5aa69658c6182dd41b6217ec7f6c4c00cac84b4
Risk Level: LOW
Testing: Unit and format
Fixes#10535
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6321e5d95f7e435625d762ea82316b7a9f7071a4
This fixes the docs for REQ command operator usage example in LocalReplyConfig and SubstitutionFormatString protos. $REQ(:path)% is an invalid command operator, it should be %REQ(:path)%.
Risk Level: N/A
Testing: N/A
Docs Changes: This is a docs change.
Release Notes: N/A
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 130c7c4e271fe306ae4dd747daa5f09ff31aef79
Prior to this fix only text_format and json_format were supported which would result in text/plain or application/json content-type. This Introduces content_type field which supports setting content-type for body_format / body_format_override in local_reply_config.
Risk Level: low
Testing: Unit Testing, Manual Testing
Docs Changes: Introduces new field content_type in substitution_format_string.proto that supports setting content-type for body_format / body_format_override in local_reply_config.
Release Notes: Added release notes.
Fixes#11313
Co-authored-by: Devesh Kandpal <devesh.kandpal@dkandpal-ltm.internal.salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ a8b946e1c30618dfcab6c7e90333301c16b56a65
This introduces an option to entirely omit null values from the access log.
Risk Level: Low
Testing: Unit and integration tests
Docs Changes: New option documented in proto file
Release Notes: Updated
Fixes#12735
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 9d466c71ab217317d3e989b261eb496877348a47
opt-in for serving requests/responses with Content-Length and Transfer-Encoding: chunked. Per RFC remove Content-Length header before forwarding it to upstream.
Signed-off-by: Oleg Guba <oleg@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ 954c93c28dfd6f152bed1ab81534c79faf154490
This was added for gRPC server support, but we've decided to use resource names instead to explicitly request the listeners we want by name. This is more in-line with the new naming scheme described in the "xDS Transport Next Steps" design.
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 05cbb309b828dc86737c51fd2c79d30e48e397a4
Add authority field in envoy grpc message to override the default host name as cluster name.
Risk Level: Low
Testing:
Docs Changes:
Release Notes:
Fix#12116
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 29b49276db0812b566d143a79996848819248428
Pulling out version to a separate package
Risk Level: Low
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 9a5de98bf26280a3b57882413dfb9084c5dbb2a6
This unifies HTTP/1.1 and HTTP/2 stream error on invalid messaging. Previously HTTP/1.1 defaulted permissive and HTTP/2 defaulted to strict. This defaults both to strict, resetting connections on invalid requests. This will have a major latency impact if downstream is sending a mix of valid and invalid requests over HTTP/1.1
Additional Description:
This change is runtime guarded per default behavioral change rules. It can also be reverted by setting the default to permissive (for prior HTTP/1 behvior) then overriding HTTP/2 to struct (for prior HTTP/2 behavior).
This works in conjunction with #11714, as the HTTP connection manager enforces the strictness, so the responses need to be sent via the HTTP connection manager to have strictness applied correctly.
Risk Level: High (HCM changes)
Testing: new unit tests, updated integration tests
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.hcm_stream_error_on_invalid_message
Fixes#9846
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 88dcb292817946510bb87f8f379a954962cece79
These are currently set as [#not-implemented-hide:]. There should be enough plumbing here to start
implementing the first roadmap steps in #11264, i.e. some simple delta discovery flows with core
LDS/CDS/RDS/EDS/SDS.
I've punted on VHDS and SRDS until later, as these will require special case mapping of their
resource keys into context parameters.
Risk level: Low (Unused API changes).
Testing: Built docs and proto_format.sh.
Part of #11264.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 99471fd8f4ef7406f50cf41cf1cfa22bbdfeacc7
This will allow configuring the version of LRS independently from the version of xDS in the lrs_server field in Cluster messages.
Risk Level: Low
Testing: N/A
Docs Changes: Inline in PR
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ edaad6d02b3e9265418196f96b4fd6b3689cc2b7
This PR proposes to rename the RetryPolicy field num_retries to max_retries.
This parameter exists in two places: 1) the RetryPolicy message in the route configuration and 2) the header x-envoy-max-retries. The naming inconsistency is a UX papercut. max_retries feels like right name for what this field is for ie. the maximum number of retries that are permitted.
There is also a stripped down RetryPolicy message which is used by RemoteDataSource which has a num_retries field. I'm including a matching rename of that for consistency.
Risk Level: Low
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Martin Matusiak <numerodix@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 286ca92afa3eaa586ad60fe20d4f5541e77b5d5e
This patch allows configuring the API version for gRPC external services. This specifies the version of the endpoint and message to be used.
Affected extensions:
- filters/http/ext_authz
- filters/network/ext_authz
- filters/http/ratelimit
- filters/network/ratelimit
- access_loggers/grpc
- stat_sinks/metrics_service
Affected upstream services:
- upstream/health_discovery_service
- upstream/load_stats_reporter
Additional Description:
tap
- TapSinkService is not yet implemented.
- TapDiscoveryService uses theconfig.core.v3.ApiConfigSource and is not yet implemented.
trace
- StreamTraces has no implemented client inside the code-base (implemented externally?)
Risk Level: Low
Testing: Added.
Docs Changes: Added.
Release Notes: Added.
Fixes#10609
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 96920250a05e62095a68fbaf4f77612179e5af32
Notice that identifier is defined in api/envoy/config/core/v3/protocol.proto as:
google.protobuf.UInt32Value identifier = 1
[ (validate.rules).uint32 = {lte: 65536 gte: 1}, (validate.rules).message = {required: true} ];
The value should range from 0 to 65535 instead of from 1 to 65536.
Because 65536 is greater than uint16::max, it triggers the assert to terminate the program.
The fix is to set it to {lte:65535 gte:0}, instead of {lte: 65536 gte: 1}
Signed-off-by: jianwen <jianwendong@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e5ccf1af01ec3c6c70726f8e12495ecfdcfdc2ca