* Send x-envoy-immediate-health-check-fail on all responses that the
health check filter processes, not just non-HC responses.
* Exclude hosts from load balancing when x-envoy-immediate-health-check-fail
is received.
* Can be reverted via the envoy.reloadable_features.health_check.immediate_failure_exclude_from_cluster
feature flag.
Fixes https://github.com/envoyproxy/envoy/issues/9246
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ deed328494064bf28e09055c1cda4e3a3cdd6b67
Fix#13799. This means integration with external Apache SkyWalking SDK for C++ and destroyed redundant parts of implementations. Hired library is https://github.com/skyAPM/cpp2sky. But it is not released and some of missing parts of implementations which are necessary to achieve clean integration. Currently working private fork of that SDK here. https://github.com/Shikugawa/cpp2sky-envoy.
Additional Description:
cpp2sky dependency policy check list
### MUST
- [x] Cloud Native Computing Foundation (CNCF) approved license
- [x] Dependencies must not substantially increase the binary size unless they are optional (i.e. confined to specific extensions)
- [x] No duplication of existing dependencies
Maybe, the dependencies are described [here](https://github.com/SkyAPM/cpp2sky/blob/main/bazel/repositories.bzl)
- [x] Hosted on a git repository and the archive fetch must directly reference this repository. We will NOT support intermediate artifacts built by-hand located on GCS, S3, etc.
- [x] CVE history appears reasonable, no pathological CVE arcs
- [x] Code review (ideally PRs) before merge
- [x] Security vulnerability process exists, with contact details and reporting/disclosure process
- [x] Tests run in CI
### SHOULD
- [ ] > 1 contributor responsible for a non-trivial number of commits
- [ ] High test coverage (also static/dynamic analysis, fuzzing)
Parts which is used in Envoy have higher test coverage. But gRPC async segment reporter(which is not used in Envoy) has less test.
- [ ] Envoy can obtain advanced notification of vulnerabilities or of security releases
- [ ] Do other significant projects have shared fate by using this dependency?
- [x] Releases (with release notes)
- [x] Commits/releases in last 90 days
Risk Level: Mid
Testing: Unit/Integration
Docs Changes:
Release Notes:
Platform Specific Features:
Signed-off-by: Shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 032a8e75928304e011833babea2ca231f32866dd
part of #12841
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ f1638fbed36a1416d3b44783eedfb7ef6fb39f17
When a downstream request's headers do not follow the transcoding specification:
Current behavior: The filter blindly passes the request through to the upstream. This works well when the request is already a gRPC request, but is not ideal if the :path is malformed.
New behavior: For cases where the :path is malformed, the filter will reject the request instead of passing it through. This includes paths that are not registered for transcoding and unknown query parameter variable bindings. gRPC requests are still passed through.
Risk Level: Low. Backwards compatible, new behavior is guarded by option. I cannot think of a case where a client would prefer the old behavior, but let's be safe with breaking changes.
Testing: Integration tests
Platform Specific Features: No
Ref: GoogleCloudPlatform/esp-v2#459
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6ce641fff03ea137e201cfb6e5f52e513551f2df
Add support for scaling the transport socket connect timeout with load.
Risk Level: low
Testing: added tests and ran affected tests
Docs Changes: none
Release Notes: none
Platform Specific Features: none
Fixes: #11426
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 88140146696fe09cebad628321020528a7e9ecd0
* fix kill request API validation for header
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 90534ebdaeb05306b3c4ebcfd3b20d8c5c364529
Implement header processing on the response path by sending the
response_headers message to the processor and handling the result.
Also update the docs in the .proto file.
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9753819331d1547c4b8294546a6461a3777958f5
New optional parameter 'auth_scopes' added to the filter. The default value is 'user' (if not provided) to avoid breaking changes to users updating to the latest version.
Signed-off-by: andreyprezotto <andreypp@gmail.com>
Co-authored-by: Nitin Goyal <nitingoyal.dev@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 23a97fbb237b51f10c19c8c228f74faf7ec65370
Introduces the FilterDependency proto. This isn't quite an extension, but it's a common proto to be used by all filter extensions.
Risk Level: Low (proto addition only)
#14470
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2da224f88afe5ec84ba802bd932f73ed13308a92
Store the NACKed resource in each resources
Risk Level: None
Fixes: #14431
Signed-off-by: Lidi Zheng <lidiz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 44b5cb7ed795c38f7d6ad09f351c1716611bc632
* API review checklist
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b501569e116a3d17e93dd19f16b076ee513f90ea
part of #12841
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 77d7cecb7e68cb41b2f5f7c2aa7f4294c88089ce
Risk Level: LOW
Testing: unit ( proto_format and docs )
part of #12841
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ c15193642432291f13c6358ed8c4850fba3a8969
Adds support for wrapping a HTTP filter with an ExtensionWithMatcher proto to create the filters with an associated match tree.
Under the hood this makes use of a wrapper filter factory that manages creating the match tree and adding it to the FM
alongside the associated filter.
Also includes some code to register factories for input/actions, allowing them to be referenced in the proto configuration.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ dcf575aa40ce281398a15e175c41a66c2ade3a7e
Send request headers to the server and apply header mutations based
on the response. The rest of the protocol is still ignored.
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 845f92af869a3aa50856a461265d650ee70d1329
Prefer to have operators use Envoy's native Zipkin tracer, since Zipkin
implies libcurl in opencensus. Once we complete a deprecation cycle
here, we should be able to remove this source of libcurl dependency.
Part of #11816.
Risk level: Low
Testing: bazel test //test/...
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 877d8e1f4ddd52f7a4b7bdacd3f95529469de672
See #5355 (comment) and above for context
Risk Level: Low
Testing: Listener manager unit tests, grep
Docs Changes: Generated documentation for the proto field
Release Notes:
#5355
Deprecated: envoy_v3_api_field_config.listener.v3.Listener.deprecated_v1 (which was already hidden) was deprecated in favor of the new field envoy_v3_api_field_config.listener.v3.Listener.bind_to_port
Signed-off-by: Taylor Barrella <tabarr@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 28e8d7711b91d6fa3b76827441d4285a6cd75717
Specifically interested in
872b28c457
which reduces the startup cost on golang
Signed-off-by: John Howard <howardjohn@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4cb14ea2da6edb9acd4ad96da387d16d859ca4aa
This patch fixes a super tiny typo s/xdS/xDS/ in doc.
Signed-off-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ ad93583ba39f089928a104418155b3f391903eea
The current default window_bits of 12 for the decompressor causes issues while decompressing responses
which were compressed by a compressor with window_size greater than 12.
Default window_bits to 15 to not run into any surprises when the decompressor is deployed with defaults.
Signed-off-by: Bharath Vedartham <vedabharath12345@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ e6700e5257c2da1817145a405b2440b90c3d3747
There is an unfortunate change in 3.14 that changed go_package for WKT, which necessitates updating several go dependencies as well:
protoc-gen-validate to 2020-11-30
transitive dependencies from protoc-gen-validate
gazelle to 0.22.2
rules_go to 0.25.0
go to 1.15.5
Risk Level: low
Signed-off-by: Kuat Yessenov <kuat@google.com>
Co-authored-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ b3bb0f9847497bc97951172d248fad3c88096829
Commit Message: Making the recently added ProtocolOptionsConfig require explicit configuration
Risk Level: Medium (config breaking, for config which is 7 days old)
Testing: n/a
Docs Changes: inline
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ ff3ef1294a73d36b16a1057b9aaf1d297b7c3090
This change is motivated by #14221 where we use a SubstitutionFormatString as a way to define custom HTTP response body rewrites.
Commit Message: formatter: add text_format_source, relax minimum string length on text_format in SubstitutionFormatString
Additional Description: The relaxed field validation on text_format now allows a user to replace something with nothing, e.g. to replace a non-empty HTTP response body with an empty one. The text_format_source field allows for a DataSource to be used to supply text inside of providing it inline.
Risk Level: low (new fields)
Testing: unit test needed for text_format_source
Docs Changes: NEEDED
Release Notes: NEEDED
Platform Specific Features:
Signed-off-by: John Esmet <john.esmet@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 43bf707f9516264f086ded6431e294150fa30b06
See #5355
Risk Level: Low
Testing: Listener unit tests, grep
Docs Changes: Generated documentation for the proto field
Signed-off-by: Taylor Barrella <tabarr@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 357ed13f5d6c12ac0ef15e2d05216afa53953527
Adds support for associating a match tree with a HTTP filter, supporting a single "Skip" operation that will have the FM
ignore the filter for the duration of the stream once matched.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 935a6598cd01324f03608ca77ebffc9608f7af81
Also, update other cases for when breaking changes are permitted.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02357c65f2c6187dedefba8d9bfffcad9f57f2ed
The connection timeout applies to the idle timeout in the common HTTP
protocol options message in the HttpConnectionManager, not to the
RouteAction idle timeout.
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6246920219ac0ba215bfd0b5462ef78036363b75
data-plane-api(Azure Pipelines)