Commit Message:
Additional Description: Follow up to #26155, enabling a similar feature for upstream access logs - record an access log on upstream connection established, if requested.
Risk Level: Low
Testing: Unit tests, integration tests
Docs Changes: router API
Release Notes: none
Platform Specific Features: none
Signed-off-by: Ohad Vano <ohadvano@gmail.com>
Signed-off-by: ohadvano <49730675+ohadvano@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 49a2fc0e4dbfd608737d06ab0a9b94ca4fc73104
Add a new optional field to TlsParameters to configure signature algorithms.
The value is used during TLS handshake in TLS Signature Algorithms extension.
It indicates which signature algorithms may be used for digital signatures.
The value can be used for both DownstreamTlsContext and UpstreamTlsContext.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Mirrored from https://github.com/envoyproxy/envoy @ 084794dd06c36edbcb27e05dc06c9d56a72b403f
This can help ext_proc server to extend the timeout value in case it needs more time to process a request in special situations like cold start a WASM module when receives the first request.
Risk level: Low
Testing: Integration tests.
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f23c23e24264bfe0bf9453a071ec7040f79dc347
Signed-off-by: Stefan Schönbächler <stefan@schonbachler.org>
Mirrored from https://github.com/envoyproxy/envoy @ 4e6956f77ce9685237f9a523e0aa59ef5f171455
* Add disabled option to cache filter
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Avoid constructing OptRef from nullptr
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Disabled test should use cacheable request
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Don't use oneof, make disabled separate
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* No longer using validate.proto
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Add use-cases to disabled field doc
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Doc formatting better
Signed-off-by: Raven Black <ravenblack@dropbox.com>
* Use ref link
Signed-off-by: Raven Black <ravenblack@dropbox.com>
---------
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ c430a5ab8f0e83c057ee3df0f8e836f45d39d759
Commit Message: http: periodic HCM access logs
Additional Description: Make it possible to log periodically from the HCM. This parallels the work already done in TcpProxy.
Risk Level: low
Testing: unit tests.
Docs Changes: none
Mirrored from https://github.com/envoyproxy/envoy @ e11d5de33e342400a8102dcdfabad48b7da987b7
Client-wide WRR added with #24520 needs to support the weight penalty using the error rate. This change adds a parameter that configures this behavior.
Risk Level: Low
Testing: N/A
Signed-off-by: Yousuk Seung <ysseung@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d5ab0a64c7924e526842f6edd1e5a3a7615fd221
There are some issues/quesions about the cors filter usage. And this PR do a minor update to the cors filter's docs and example to clarify the function and latest recommend usage of cors filter.
Risk Level: low.
Testing: n/a.
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ acd218e1d96a64fd9300977e38d5f5398422b820
Commit Message: adding filter state matching input
Additional Description: Adding a matching input of type 'FilterStateInput', that retrieves a specific filter state object by a given key and uses the serialized value as a matching candidate.
Risk Level: low
Testing: unit and integration tests
Docs Changes: matcher_api
Release Notes: none
Platform Specific Features: none
Mirrored from https://github.com/envoyproxy/envoy @ f52d559e0479824b9c964e4c028fa373bcb9b767
* Introduce a new field, "failed_status_to_metadata" inside the JwtProvider for getting the JWT
authentication failure inside the metadata.
Signed-off-by: danield <danield@radware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6be3c6edd98c113f0fd8d55f8928c5136a79b844
Add API for:
evict_fraction: evicting a fraction of the exceeded limits extra to reduce churn.
max_eviction_frequency: do an eviction pass before it's necessary, to ensure the stats aren't too out of date.
min_eviction_frequency: don't do an eviction pass even if limits are reached, to reduce churn.
create_cache_path: option to attempt to create the cache path if it does not exist.
Remove not-implemented-hide for:
max_cache_size_bytes
max_cache_entry_count
Clarify name for:
max_cache_entry_size_bytes -> max_individual_cache_entry_size_bytes: to avoid confusion with max_cache_size_bytes
Risk Level: None, extension is WIP and no change to existing behavior.
Testing: n/a
Docs Changes: Adds some generated docs.
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ eb4933645c3f5ddd47442174cce48cf59ba9e956
This commit marks the `grpc_service` of the opentelemtry configuration as optional and if the resulting field is empty, the plugin will abstain from sending the trace data to any collection service.
This means that the opentelemetry plugin will still generate and propagate trace headers, but they will no longer be sent to the collector.
Signed-off-by: Ashish Banerjee <ashish.banerjee@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ c424ab9b0165357b715866ee2906cf3fc717e4e8
* load balancer: added maglev/ring hash load balancer extension
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix the possbile UH of ringhash/maglev when locality_weighted_lb_config is set or LoadBalancingPolicyConfig is used
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* minor update
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* remove uncessary stdout
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* enable locality weighted lb only when he configuration is set eexplicitly
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix format
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* add more test
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* fix windows build
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
* resolve cconflict
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5ba835d8ce9ff1d92b85a391f0138f9a69a71083
Signed-off-by: Thomas van Noort thomas.vannoort@datadoghq.com
Commit Message: ratelimit: allow metadata descriptors to be skipped
Risk Level: low
Testing: added unit tests
Docs Changes: per the protobuf definitions
Release Notes: N/A
Platform Specific Features: N/A
Additional Description:
The default behaviour was to skip calling the rate limiting service whenever the metadata key was not found and the default value was not set. This was not correctly documented (nor tested) since it mentioned that only the descriptor was skipped whereas the rate limiting service was skipped altogether.
This adds a skip_if_absent field in the same spirit as for the request headers action: if set to true it skips the descriptor but still calls the rate limiting service, otherwise it skips the rate limiting service.
Note that the deprecated dynamic metadata action does not support this field and defaults to false.
Mirrored from https://github.com/envoyproxy/envoy @ 40fb636fb3ba7d502625614ed613d4e97e140b3e
Remove max_items=2 validation rules from sds configs proto.
Add test cases to verify that multiple sds configs is allowed
and works with SNI-based cert selection.
Fixes#24824
Signed-off-by: Luyao Zhong <luyao.zhong@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ fb48a7d2d41e6237640d73d5ec39d103feb8e73e
* Clarify that on-demand CDS does not support SotW xDS
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
Mirrored from https://github.com/envoyproxy/envoy @ cdc1c1d80b6fdf5b5c1fe33168feccb162bf5d51
While we return the connection to the pool, the idle timeout starts ticking until the connection is reused.
If the timeout fires, we closes the connection and let the pool knows.
Fixes#23699
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 57b1c7213327ce6a505d7a8e2209db31561f85d0
Move checks for headers with underscores to UHV when it is enabled
While UHV has implemented checks for header names with underscores, the corresponding checks in codec_impl.cc was not disabled. This PR removes this check from codecs when ENVOY_ENABLE_UHV is defined, such that code in UHV is exercised.
Also added missing plumbing for the stats for header map modification done by UHV.
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ cdbf0703ac84d0b38edc93018735dd021ad02061
Envoy supports selecting certs by selecting filter chain based on SNI.
But it is possible that we access different services via one filter
chain, which requires SNI-based cert selection in one single filter
chain during handshake.
This change is merged by #22036 and reverted by #24475.
Signed-off-by: Luyao Zhong <luyao.zhong@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ ffa7295273834e2c777b1464896397bb05c0f68a
data-plane-api(Azure Pipelines)