This is the first PR towards filesystem support for file:/// URLs
compatible with #11264. Currently it plumbs in only LDS filesystem
support for list collections with only inline entries.
Risk level: Low (opt in)
Testing: Unit and integration tests added.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 108d2bcc884a0249eda26213e5dbdd0124134558
Commit Message: CacheFilter: parses the allowed_vary_headers from the cache config.
Additional Description:
Parses the allowlist from the cache config proto; this allows users to define a set of rules to control which headers can be varied in the cache.
Risk Level: Low
Testing: Unit testing
Docs Changes: Updated cache proto's comments regarding allowed_vary_headers
Release Notes: N/A
Fixes#10131
Signed-off-by: Caio <caiomelo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6a994d5afcd7fa038beac5113951afe6daaaf677
Tweak the HTTP upgrades documentation to mention RFC8841 in the
documentation body (complementing the existing link to the RFC).
Minor fix to the warning text for CONNECT support.
Make explicit mention of "Extended CONNECT" in the API docs for
`RouteMatch`.
Closes#13044.
Signed-off-by: Nick Travers <n.e.travers@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 12d7b17906df69749990a9f481bc4fce087c22e6
Additional Description: This PR necessitated decoupling SslHandshakerImpl from ContextConfig a bit. We now pass an int representing the index of the extended_info struct rather than the ContextConfig.
This PR moves SslHandshakerImpl to its own build target, moves SslHandshaker construction into the ContextConfig, and adds a HandshakerFactoryContext and HandshakerFactory for modifying the ContextConfig's behavior when constructing a Handshaker. This PR also adds a control (requireCertificates) to turn off the release asserts that a context must have certificates.
This PR builds off work in https://github.com/envoyproxy/envoy/pull/12571 and refines work done (and abandoned) in https://github.com/envoyproxy/envoy/pull/12075/. For more discussion please see the comments section of https://github.com/envoyproxy/envoy/pull/12075/.
Risk Level: Low. This PR does not modify existing handshaking behavior, it just adds an extension point for modifying it.
Testing: A representative alternative implementation was added under :handshaker_test.
Docs Changes: N/a
Release Notes: N/a
Signed-off-by: James Buckland <jbuckland@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7d6e7a4e559bdf0346687f7f404412e2412ea6fb
This patch introduces the xDS transport++ context parameter encoding
algorithm.
Risk level: Low
Testing: Unit tests added.
Part of #11264
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8613b8ebbb2e9465177eb1d437f28363b92225c3
Description: Taking advantage of the new feature introduced in [#12035](https://github.com/envoyproxy/envoy/pull/12035), which introduced quick visibility for init managers to check unready targets, this pull request adds protobuf message for unready targets and enables admin to dump configs of unready targets. An example of config dump for listeners’ unready targets is given in this pull request.
Introduce ```InitDumpHandler``` with ```handlerInitDump``` method to help dump information of unready targets.
Add ```dumpUnreadyTargets``` function for ```init::manager```.
Risk Level: Low
Docs Changes: protodoc
Release Notes: Added
Signed-off-by: pingsun <pingsun@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8aef76370877c66b09f7791f0577ca83aad7d608
Simplified Profile Action to have a per-process limit rather than a per thread limit which simplifies disk-filling concerns.
We want to prevent the profiler from filling the disk, and using a per thread limit creates more complexity and profiles (i.e. for the "global" limit would be #threads * limit per thread vs limit per process. The former is harder to reason about.
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ faab20c8477827643ae2e22b25b28fef631f0d89
Add a field to the current protobuf of ScopedRouteConfiguration to enable on demand scoped route table loading. The on demand scope route tables will be loaded lazily. The lazy loading feature of route table associated with scope is achieved by extending the current vhds on_demand filter to support lazy loading of RouteConfigurationscoped route discovery service.If a scoped route configuration is set to be loaded lazily, upon a http request using SRDS, when the corresponding route table of a scope is not found, post a callback to control plane, request the route table from the management server, after the route table has been initialized, continue the filter chain.
https://docs.google.com/document/d/15GX30U5CH2bsWUyQRkiiQ_nbMCoklvgP_ObrDaSlkuc/edit?usp=sharing
Risk Level: Low
Testing: add unit tests and integration test to verifiy behavior changes
Fixes#10641
Signed-off-by: chaoqinli <chaoqinli@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 709d1c31749a6ba2eab2865927f10300570ac533
In order to support TLS in a health check connection, a TransportSocket proto must be matched to build the proper TLS connection factory. These are matched by the repeated field transport_socket_matches in the cluster proto, which HDS is currently leaving blank when building this proto. As a result, there is not way to specify a TLS transport socket or any transport socket listed in the docs.
This change adds the transport_socket_matches field to the HDS health check specifier, and adds it to the Cluster config generated by HDS, to support transport socket matches per-health check.
Risk Level: Low
Testing: HDS Unit tests and integration tests pass. Added unit test to test that the transport socket matcher receives the correct fields. Added two integration tests with a TLS configuration, one over HTTP and one over HTTP/2.
Docs Changes: Added comments about the new transport_socket_maches field in the HDS specifier proto.
Release Notes: Included
Signed-off-by: Drew S. Ortega <drewortega@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ bf6b9ba65495175e164b4ef0051b94cd66e7dbf5
This introduces an option to entirely omit null values from the access log.
Risk Level: Low
Testing: Unit and integration tests
Docs Changes: New option documented in proto file
Release Notes: Updated
Fixes#12735
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 9d466c71ab217317d3e989b261eb496877348a47
Currently, the maglev hash algorithm default to table size to 65537.
It is the recommended size by a paper but it is better if the user
can set this value.
This patch introduces a new MaglevLbConfig that contains table
size of maglev.
So, now, the user can set the table size of maglev by their situation.
Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5fd73ca889aa12618c626c96bb33fde4707f8bf0
This patch introduces hash based routing functionality.
It is very similar to tcp's one.
Previously, the udp proxy does not support hash based routing.
So, even if the lb_policy is set, load balancing algorithms will
select a host randomly.
This patch may very useful if some packets should be routed to same host
continuously.
Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Mirrored from https://github.com/envoyproxy/envoy @ a92c496754f04f624729937b9812c5fc4c44b371
This can be used in similar situations to maglev/ring, but can be used when the host selection must remain the same for existing sessions even if more hosts are added to the cluster.
In a test with 1500 endpoints, updating 50 (remove 50, add 50 different ones) took:
without new setting: ~500ms
with new setting (this PR): ~4ms
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 724df08c329c8270509e2a8568be90fd43d597c1
opt-in for serving requests/responses with Content-Length and Transfer-Encoding: chunked. Per RFC remove Content-Length header before forwarding it to upstream.
Signed-off-by: Oleg Guba <oleg@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ 954c93c28dfd6f152bed1ab81534c79faf154490
This is as described in the paper https://arxiv.org/abs/1608.01350; Logic followed is similar to what's in haproxy.
Signed-off-by: Santosh Cheler <santosh.cheler@appdynamics.com>
Mirrored from https://github.com/envoyproxy/envoy @ 760a164640acf75a8009ac89b5ff06f78a733221
Added a watchdog extension that triggers profiling.
Risk Level: Medium (new extension that is optional)
Testing: Unit tests
Docs Changes: Included (added a reference to the generated extension proto.rst)
Release Notes: Included
Fixes#11388
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c88515fc0c8a291992732947671190b37949bbbd
Add connect_pool_per_downstream_connection flag to the cluster config (disabled by default)
Add a hashKey method to Connection in order to be able to hash on the connection ID
Signed-off-by: Craig Radcliffe <craig.radcliffe@broadcom.com>
Mirrored from https://github.com/envoyproxy/envoy @ 76a1b24dd511bb5b3a38da3e84c9003ccadc64ce
Adds intermediate certificate authority revocation list documentation and tests that cover revoked, unrevoked and incomplete certificate revocation list chains.
Signed-off-by: Joshua Rutherford <joshua.rutherford@greymatter.io>
Mirrored from https://github.com/envoyproxy/envoy @ 969711e8c7f6b4cdc8fbc9f1f8d9c81a4df94adb
In the closed-source implementation of the AWS X-Ray tracer extension
there was additional span metadata that was hard-coded for the AWS App Mesh
service. This was expectedly removed from the implementation that was
upstreamed but there was a miss in adding an API to re-add this metadata
to spans.
Signed-off-by: Scott LaVigne <lavignes@amazon.com>
Mirrored from https://github.com/envoyproxy/envoy @ 64731cece4fb1c7a63251007e3f8bf319d1cb895
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR
Release Notes: N/A
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c7323f25ee8395736b5b6d37a4521b29eeb84a0f
For matching values in the header that might be somewhere in the middle of the header, the present option is to use Regex in the form .Search-Pattern.. This can cause catastrophic backtracking as described in #7728
As a solution, I have introduced another header match type called contains which is based on absl::StrContains().
Risk Level: Low
Testing: Unit tests are included and manual testing was performed.
Fixes#12590
Signed-off-by: Shivanshu Goswami <shigoswami@ebay.com>
Mirrored from https://github.com/envoyproxy/envoy @ e322daaf0ca70fd3fcb1c1405830c73395510d93
This was written by Derek Argueta originally. Some more
work might be needed to make it more generic.
Risk Level: low, new filter
Testing: unit tests included
Docs Changes: filter docs added
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Co-authored-by: Derek Argueta <darguetap@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ c6bfd7f9f52468d576781a9b1fe9ea5d3f9086c9
The filter responds to the SRV requests identifying the server targets, and address records for each target.
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ d6b9cf7fce5065062940248f254d66cf77770ee9
This adds a dynamic_metadata field to CheckResponse message, hence it can be used for any type of HTTP response (OkHttpResponse or DeniedHttpResponse).
Risk Level: Low
Testing: Updated
Docs Changes: Updated
Release Notes: Added
Fixes#12671
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ cbdd01c22b84ac5333f95f030821dfcf6db49734
Currently, the health discovery service takes a specifier with information about which endpoints to perform health checks on, which already supports information about cluster structure and locality information. However, when when forming a response holding endpoint health information, all notion of cluster or locality is dropped and endpoint information is stored in a flat list. This is problematic when there are several endpoints with the same address or port but with a different locality, cluster, or path.
This PR uses the previous proto change in Issue #12153 which added support for grouping endpoint health information by their respective cluster and locality.
Risk Level: Low
Testing: Added a unit test in test/common/upstream/hds_test, which sends a specifier to HdsDelegate with several clusters, localties, and endpoints. It then verifies that the response holds the same structure. Existing integration tests were also changed to check for the new proto structure, specifically ones that already group several endpoints by differing clusters or localities.
Signed-off-by: Drew S. Ortega <drewortega@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d16164be1bd0ec7eba2b0b0f78ae8b0f455acd50
This was added for gRPC server support, but we've decided to use resource names instead to explicitly request the listeners we want by name. This is more in-line with the new naming scheme described in the "xDS Transport Next Steps" design.
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 05cbb309b828dc86737c51fd2c79d30e48e397a4
Add log control (list and modify log level) in admin interface for Fancy Logger, a new fine-grained logger for Envoy, and provide command line option --enable-fine-grain-logging for developers.
Additional Description: A doc of overview is provided here: source/docs/fancy_logger.md.
Risk Level: Medium
Testing: Unit tests.
Docs Changes: Added a new option --enable-fine-grain-logging and doc it.
Release Notes: Added to current.rst.
Signed-off-by: Jinhui Song <jinhuisong@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b7138814dde530b8c2957e806ea40879a4fdce32
This PR implements a new retry back off strategy that uses values from response headers like Retry-After or X-RateLimit-Reset (the headers are configurable) to decide the back off interval before retrying a request.
Signed-off-by: Martin Matusiak <numerodix@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ bd2b989c578b2472faaff44902573e5b187f671f
Establish an extension point for actions to run based on Watch Dog Events.
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8c312f2c5b40b5ce7f6f68a1f9d4b0e98ef3829e
Added an node field to csds request to identify the CSDS client to the CSDS server, and removed the [#not-implemented-hide:] for the endpoint_config since it has been implemented in #11577
Risk Level: Low
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Yutong Li <yutongli@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 90a97c7ef3d67e213980db6b0ebeff284a938837
Un-Reverts 048583b, with fix for high cpu consumption.
This PR implements fault injection for Redis; specifically delay and error faults (which themselves can have delays added). I chose not to implement a separate filter after discussing with Henry; we concluded that the faults we felt were useful didn't need many levels- just a delay on top of the original fault, if any. In addition, as the Redis protocol doesn't support headers that makes it a bit different again from Envoy's http fault injection. This PR fixes the issue previously seen with redis fault injection where excessive cpu was used on connection creation.
Faults record metrics on the original request- and the delay fault adds extra latency which is included in the command latency for that request. Also, faults can apply only to certain commands.
Future work: Add several other faults, including cache misses and connection failures.
Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <nflacco@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ e319b7c2a93783cd8bde45fa4c002ae02a4cb13f