* inplace change the ImmediateResponse::body type from string to bytes
per discussion this should be a safe swap for c++ Envoy
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
* add a unit test for non-utf8 body in extenal immediate response
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
---------
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ab4b6f70b283905d5fcb5ddb0b0be34562873b51
This adds additional stats for `rules` and `shadow_rules` in the HTTP-based RBAC filter.
Fixes#32129
---------
Signed-off-by: Henry Wang <henry.wang@datadoghq.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5eccc35176a77633c98bd96baa64d15bd3c5fe2f
---------
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ f5bca686eb043e099bd96a8049a38048c402cd36
This picks up a few bug fixes and allows us to remove our build tag
hacks
Signed-off-by: John Howard <john.howard@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 72fe210ed073600019697b5cd8979489584ee43d
cel: Support canonical CEL in xds.type.v3.CelExpression
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 805fc6418681af22716304d007a62fdb6bb45e0e
* mismatch content type should set on_error metadata in json_to_metadata filter
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6aea06a3e9ba5ee7f5537cf0f70a72bdbb35ab72
Signed-off-by: Adam Anderson <6754028+AdamEAnderson@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9a575d82a4186c8cf37ff3d7f0a7002dce412d7d
CORS: Generate local response for preflights with not matching origin.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 5f58f9ac917e82fdfadb771b8de3bb466d9e53ee
There is a case when somebody is uploading a file with "content type: multipart/form-data; boundary=------------------------75b5d728d1539bb5"; since the header value will change every time, we can not write a config to allow it in previous proto. Then we need a regex match to allow it.
Risk Level: low
Testing: unit test
Signed-off-by: Cai Qi <cqi@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 667e96312130ac2bcbb7c1c598f4d63746d6f0c4
* generic proxy: complete the development of HTTP1 codec
Signed-off-by: wbpcode <wbphub@live.com>
* minor update
Signed-off-by: wbpcode <wbphub@live.com>
* add TODOs
Signed-off-by: wbpcode <wbphub@live.com>
* more validation and single frame mode for HTTP
Signed-off-by: wbpcode <wbphub@live.com>
* more test and validation
Signed-off-by: wbpcode <wbphub@live.com>
* handle the 100 continue and the 1xx response
Signed-off-by: wbpcode <wbphub@live.com>
* minor update
Signed-off-by: wbpcode <wbphub@live.com>
* address comments
Signed-off-by: wbpcode <wbphub@live.com>
* address comments
Signed-off-by: wbpcode <wbphub@live.com>
---------
Signed-off-by: wbpcode <wbphub@live.com>
Mirrored from https://github.com/envoyproxy/envoy @ ffcc257e16c9046b2fec7497a6bf9293d8ada286
This is akin to shadow_rules_stat_prefix but for non-shadowing rules.
Since only shadow rules emit dynamic metadata, this prefix only applies
to metrics.
---------
Signed-off-by: Thomas van Noort <thomas.vannoort@datadoghq.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7fec609a507371d7176c61aa4623f445543f294f
Remove `output_to_genfiles = True`.
This is a no-op, as Bazel already enables `--incompatible_merge_genfiles_directory` by default, which makes the distinction between genfiles and bin moot.
Signed-off-by: Tiago Quelhas <tjgq@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 213b757639b2b0c911250e73c6c57ea59cd30ead
Resolves#32119. This allows the option to always log successful health checks. On the first successful health check, only ``logAddHealthy`` is called. On consecutive successful health checks, ``logSuccessfulHealthCheck`` is called.
Risk Level: low (config guarded)
Testing: unit tests
Docs Changes: API docs
Release Notes: added
Platform Specific Features: none
Signed-off-by: ohadvano <ohadvano@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 975d4107061ea92a62e99490c9474ace17d9609a
Adds new max_lifetime config field to restrict token lifetime accepted from a JwtProvider.
Risk Level: Low
Testing: Unit testing
Docs Changes: Added subjects description inline in proto.
Release Notes: Attached
Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md): Feature is opt in, without specifying the config, there's no behavior change.
Fixes#31455
Signed-off-by: Matthew Jones <mattjo@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 63cf70129f06e53f0915e7cefc4ead637784a183
http3: Add support for HTTP/3 METADATA
Adds a new allow_metadata option to Http3ProtocolOptions.
Risk Level: Low, protected by new config option
Testing: New integration tests
Docs Changes: N/A
Release Notes: Updated
Signed-off-by: Ryan Hamilton <rch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 640f016a2e99ab44e97dec71b60afec91404dadd
Adds new `subjects` config field to restrict subjects accepted from a `JwtProvider` partially implementing #31455
Risk Level: Low
Testing: Unit testing
Docs Changes: Added `subjects` description inline in proto.
Release Notes: Attached
Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md): Feature is opt in, without specifying the config, there's no behavior change.
Signed-off-by: Matthew Jones <mattjo@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08231e383fc3fb1c3bb207774d8295995759552a
update-envoy[bot]