Signed-off-by: Jacek Ewertowski jacek.ewertowski1@gmail.com
Commit Message: tcp_proxy: support command operators in tunneling_config.hostname
Additional Description: This change enables dynamically setting tunneling_config.hostname with command operators.
This pull request is an alternative for auto_sni.
This change allows to configure TCP proxy as follows:
```
tunneling_config:
hostname: %REQUESTED_SERVER_NAME%:443
```
Risk Level: Low
Testing: added unit tests
Docs Changes: done
Release Notes: done
Platform Specific Features: none
Fixes#19612Fixes#21804
Mirrored from https://github.com/envoyproxy/envoy @ 764a2e9fbb06e2f27fd6775fdc0ed78313b94157
Commit Message: Adds a new flag for filter state objects that indicates the intent to share with the upstream.
Additional Description: Follow-up to #19809. There have been multiple reports of unexpected lifecycle changes for the filter state objects because they are stored in the transport socket options. This PR addresses this issue by introducing a new mark for filter state that explicitly changes the usage of filter state objects:
marked objects always participate in the connection pool hashing (generalizing and simplifying transport sockets: support passthrough state for internal connections #19435);
marked objects are copied by reference to the upstream info - this allows sharing state between downstream and upstream (and further down the chain, the internal listeners).
Risk Level: medium, revert to the original behavior prior to #19809
Testing: yes
Docs Changes: yes
Release Notes: yes
Mirrored from https://github.com/envoyproxy/envoy @ 18212bb6395af308d895f75352f82df522b038b4
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Co-authored-by: Yan Avlasov <yavlasov@google.com>
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 259d76ef89bc008db6620497c424a3ca3fe97d88
Follow-up to #21707 with a focus on back-filling more extension type URLs. Renames extensions_build_config and extensions_metadata to the names in the internal extension registry. For preserve_case, we deprecate the short name with the fully qualified name (both names are valid in the interim).
Risk Level: medium, only preserve_case name changes
Testing: regression
Docs Changes: yes
Release Notes: yes
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7c04dda02a61c4866b6cc7273c776d62dd3fb127
The patch does following up jobs of #21633,
1. removes deprecated fields of regex matching in docs and examples,
2. add the missing deprecation changelog,
3. add the missing extension category and extensions.
Risk Level: Low
Testing: N/A
Docs Changes: Yes (examples)
Release Notes: Added
Platform Specific Features: N/A
Signed-off-by: Xie Zhihao <zhihao.xie@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ aa8da5554ae8bdf8c85229cc2594ec7d8dee6edb
Updated `grpc-httpjson-transcoding` repo to have this [change](grpc-ecosystem/grpc-httpjson-transcoding#70).
Additional Description:
grpc_json_transcoder: to support reject request if binding and body value are conflict
Risk Level: Low
Testing: unit test
Docs Changes: N/A
Release Notes: Add an option in grpc_json_transcoder to support reject request if binding and body value are conflict.
Platform Specific Features: N/A
Signed-off-by: yangshuo <yangshuo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f40d62f6a2e11486f397c688ffc6c01a85738582
Part of #20389. Most of the formatters used in header manipulation are also present in substitution access log formatters. However, UPSTREAM_METADATA was not present in access log formatters.
Also, as noted in #17457 all xxxx_METADATA will be eventually replaced my METADATA(xxxx,...) so this PR also extends METADATA formatter.
api changes are trivial and limited to comments.
Risk Level: Low
Testing: Added unit tests.
Docs Changes: Yes.
Release Notes: Yes
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 380a328f7e32e4d18d31cba82bac7143904e0536
initially this will only check for "unused imports" but we can expand
as other linting rules are met.
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ e9f492281f9f905b6bedcbbb334c370b36c56fb2
Implements a special transport socket for transferring state (metadata and filter state) over the internal connection.
This transport socket captures a subset of endpoint metadata, cluster metadata, and stream filter state in the user space socket. When an internal listener accepts a user space socket connection, it immediately merges this passthrough state into the connection stream info. Because the state can be transferred from HTTP stream to TCP stream, this transport socket also participates in the hashing decisions in the HTTP connection pools.
Commit Message: Add passhtrough state over internal connection.
Risk Level: low, new extension
Testing: WIP
Docs Changes: yes
Release Notes: yes
Platform Specific Features:
Fixes: #19274
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 637a92a56e2739b5f78441c337171968f18b46ee
Add support for injecting regex engine with its options on startup in a bootstrap option. These are some API, runtime and implementation changes.
* google_re2 in safe_regex will be deprecated and no longer be required. Regex::parseRegex will choose the registered regex engine to parse expressions into matchers.
* A new bootstrap option default_regex_engine will be introduced for regex engine selection.
* For compatibility, GoogleRE2 will be chosen as default regex engine if no regex engine is designated.
Signed-off-by: Xie Zhihao <zhihao.xie@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0a92cc86e7f8b88d5af0eb2e27b5c7ef64719e56
Signed-off-by: Xie Zhihao zhihao.xie@intel.com
Commit Message: rbac: add unified matcher for RBAC filters
Additional Description:
The patch add the matching API support for both RBAC network filter and HTTP filter. Users can configure rules and shadow rules in either policies or the matching API manner. There are some incompatibilities, TODOs and behavior changes compared to the policies way.
RBAC matchers are not compatible with the matching API.
URL path and CEL are not supported in the matching API. These matchers may come as custom matcher.
Metadata is not supported in the matching API. These matchers may come as inputs.
Connections and requests with no matcher matched will always be denied.
Risk Level: Medium
Testing: Unit and integration
Docs Changes: API and configuration
Release Notes: WIP
Platform Specific Features: N/A
Fixes#20623
Mirrored from https://github.com/envoyproxy/envoy @ 42cb84456d53d053eb1ae94680d07a74f4545a48
Commit Message: add stats prefix for route
Additional Description: Adds API for stats generation support per route.
Risk Level: Low
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
API for #3351
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7b937e8cd5796cf19d14f20abcb6be81f149c68b
Risk Level: low (and config guarded)
Testing: new unit, integration tests
Docs Changes: in with APIs
Release Notes: inline
part of envoyproxy/envoy-mobile#1622
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 71f7f2c54b4c7c8b3c076ad22d849914c25f62e8
Make sure a config option is a valid header name.
Signed-off-by: Andre Vehreschild <vehre@x41-dsec.de>
Mirrored from https://github.com/envoyproxy/envoy @ 2db5f021551b67cb37c49ca769bf1ab659897bc9
The default value of most_specific_header_mutations_wins is false.
Signed-off-by: derekguo001 <dong.guo@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 774bcedf31ac495f4ccb9df5d702f2be6d169079
API for Unified Header Validators
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e569ce06101932cfe3ccb710c3c60b92dd09464b
Based off #20596, this preserves the current behavior by default.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Co-authored-by: fishy
Mirrored from https://github.com/envoyproxy/envoy @ 53867ab5cc97c945f8c7f6a771d28443b1bcec43
udp: Add a udp_packet_packet_writer_config option to UdpListenerConfig.
Fixes#21200
Risk Level: Low
Testing: Existing and additional tests
Docs Changes: None
Release Notes: Added
Platform Specific Features: N/A
Signed-off-by: Ryan Hamilton <rch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3a7b26aa3909488a8561a232b82845b8b4cd38bb
Commit Message: make HTTP/3 upstream sends 0-RTT (early data) requests if it has cached 0-RTT credentials. Add a config knob in RouteAction to specify which request can be sent over early data, which by default are HTTP safe methods.
Risk Level: high, changes to conn pool behavior though should only take effect for h3 pool
Testing: added h3 upstream integration tests.
Docs Changes: N/A
Release Notes: changes to docs/root/version_history/current.rst
Platform Specific Features: N/A
Runtime guard: envoy.reloadable_features.http3_sends_early_data
Fixes#18715, #19542
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ce13d75a982ddd347db5a333a4bb080922f7514
* Add an option to RouteConfiguration, when enabled, ignore port contained in host header during host matching.
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2f99e0c9f83b6c91b42d215a148ed49ce0f174fd
data-plane-api(Azure Pipelines)