Note: support for logging headers (via %REQ()%) will happen in a follow-up.
Risk Level: medium
Testing: unit tests
Doc Changes: included
Release Notes: updated
Fixes#17898.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 01a0ff52ed3a1e55b14c3bbff4daede6c61fd5fb
Allows users to opt-in to functionality to auto-detect proxy protocol if present, and skip the filter if it's not present.
Signed-off-by: Kevin Dorosh <kevin.dorosh@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 18c59eaf1b78c5b6bbe4d6ad96009ec3ecd895e1
This adds an odcds_config field to the extension's config, and also allows the extension to be configured per-route. As it stands, it currently works only with routes using cluster-header config.
Risk Level: Medium, extending one extension in an opt-in way.
Testing: Added unit tests and integration tests.
Fixes#2500
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ a41b254a4e8f1faf40033c50c7122aa654186f63
To avoid HOL blocking impacts on slow connections.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ d0befbbb952c979782857bdb986bec562d9a3c2f
By default the router closes downstream connection if the current request is not routable or the upstream connection is broken. This causes oneway (or async) requests pending on wire or in kernel buffers will be also dropped even if they are routable and their target cluster is perfectly healthy.
Risk Level: low
Testing: unit test
Docs Changes: Comment added to the new API field.
Fixes#12836
Signed-off-by: Tamas Kovacs <tamas.2.kovacs@nokia-sbell.com>
Mirrored from https://github.com/envoyproxy/envoy @ 65a4fc4977c4e50e722461a1d68278d404610342
This is a continuation of #20577.
Additional Description:
Risk Level: low
Testing: unit test
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0be448e6d92dff8d609142a8e5492ebf03884779
Allow configs with both typed and non typed san matchers specified to allow config servers to use the same config for Envoys across multiple versions. The match_subject_alt_names field is ignored if match_typed_subject_alt_names is set.
Signed-off-by: Pradeep Rao <pcrao@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ef08b1c3d0cf9c2af84d32529a11b3e2056e9dcb
If set, the resolver will avoid the system's heuristics to only return
IPv4 or IPv6 addresses that it considers to be "routable", instead
returning all possible IPv4 or IPv6 addresses. This setting is
ignored if the DNS lookup family is set to v4-only or v6-only.
This may be a useful setting to specify if the addresses considered
unroutable by the system's heuristics may in practice be routable.
Signed-off-by: JP Simard <jp@jpsim.com>
Mirrored from https://github.com/envoyproxy/envoy @ 60a13f30a4e425c907607fab96efee0ed2afcf22
ComparisonFilter's value now marked as required in validate to ensure valid
input to fuzz tests.
Signed-off-by: Andre Vehreschild <vehre@x41-dsec.de>
Mirrored from https://github.com/envoyproxy/envoy @ 8df3136bcc00c701bf5c30d090937e5f37585652
This adds the ability to change the GrpcService used by the ext_proc filter on a per-route basis.
Risk Level: Low. Not triggered unless configured.
Testing: New unit and integration tests added.
Docs Changes: Addition of new config field.
Signed-off-by: Michael Warres <mpw@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0e8899c90213b39d8f4a1a083d4fd31e9c2fe8c1
Add unified matcher for network streams, as a replacement for filter chain match.
See previous discussion in #18871
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7eb3a87b8757e030aedfdc4959adc509e89ac788
This change introduces a new output sink type for admin /tap requests which buffers traces internally before responding to the client.
This sink is best used to collect traces for requests that are frequently matched, or to work around system limitations such as improper support for streaming HTTP responses.
Signed-off-by: David Peet <davidpeet@tutanota.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0fd80eef63bc9770186c4f4aa345ee63e464cab3
Use type_url to look up extensions. This prevents the undesirable practice of putting invalid protobufs to avoid a type lookup or duplicating the type URL.
Risk Level: medium, affects extensions with duplicated type URLs or no configuration
Testing: yes
Docs Changes: yes, this has been the recommendation for awhile.
Release Notes: yes
Runtime Guard: envoy.reloadable_features.no_extension_lookup_by_name
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8cb6862fe6099cd8583a64ff037ecdeaf0e939fa
Add an extra async cluster look up. The continuation of the cluster look up is establishUpstreamConnection().
To establishConnection() is also the callback of upstream connection failure.
Additional Description:
Risk Level: LOW if odcds is disabled, the code path remains the same.
Testing: Added integration tests and existing unit test is untouched.
Docs Changes: n/a
Release Notes: inline
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0a587f23b21ab34b28d9c53428af259b3f7b0970
Added option to limit the number of certificates parsed during verification.
Signed-off-by: Deepti Gupta <deepti_gupta2@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ b130ee612018cf099a91b3f2bc1225f70f49e48c
The new field would allow more efficient generation of routes, replacing pairs of path+prefix routes into one path_separated_prefix route
Risk Level: Low
Testing: Unit test
Docs Changes: inline
Release Notes: Added
Fixes#18148
Signed-off-by: Toma Petkov <tpetkov@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8f9e11247a07cc6df0ecd62689fe290f12a9013d
This begins the deprecation process for TTwitter.
Fixes#20466.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9e67f1e2461e965c0269c69356d608e39c23902b
filter_metadata is already forwarded to external auth service
but typed_filter_metadata is not, this commit fixes this.
Signed-off-by: Wanli Li <wanlil@netflix.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9cce4a61851069f025493726f0b6cef87489f394
When deploying a new cluster specifier plugin, it is often necessary to add it to the configuration before all clients can be updated to support it, with routing rules configured to prevent clients without support from selecting any routes referencing the plugin. This field will allow those clients to suppress the default behavior of NACKing any resource containing the unknown plugin.
Risk Level: None
Testing: None
Docs Changes: None
Release Notes: None
Platform Specific Features: None
Signed-off-by: Doug Fawley <dfawley@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 55539d34f6ad5771f17ba04a64e1c7d24aa3c055
data-plane-api(Azure Pipelines)