Default behavior remains unchanged: retries will use the runtime parameter
defaulted to 25ms as the base interval and 250ms as the maximum. Allows
routes to customize the base and maximum intervals.
Risk Level: low (no change to default behavior)
Testing: unit tests
Doc Changes: included, plus updated description of back-off algorithm
Release Notes: added
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5ea103ee0e88cca52f543fdd230ca9f84c518c88
Created OpenRCA service proto file based on ORCA design
Risk Level: Low
Signed-off-by: Chengyuan Zhang <chengyuanzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5cb222964fb691d8cb6cb0f6dd8fdd7b5dbdbb61
Add support for specifying _stale_after timeout as part of ClusterLoadAssignment
Risk Level: Low
Optional Feature that is triggered by the Management Server. Defaults to noop.
Testing: Unit test
Docs Changes: None
Release Notes: None
Fixes#6420
Signed-off-by: Vishal Powar <vishalpowar@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e6a3ce16ff818cc4d5588345fca084efeaa1985d
Change the behavior of the delayed_close_timeout such that it won't trigger unless there
has been at least a delayed_close_timeout period of inactivity after the last write event on
the socket pending to be closed.
This mitigates a race where a slow client and/or low timeout value would cause the socket
to be closed while data was actively being written to the socket. Note that this change does
not eliminate this race since a slow client could still be considered idle by the updated timeout
logic, but this should be very rare when useful values (i.e., >1s to avoid the race condition on
close that this timer addresses) are configured.
Risk Level: Medium
Testing: New unit tests added
Docs Changes: Updated version history and HttpConnectionManager proto doc
Fixes#6392
Signed-off-by: Andres Guedez <aguedez@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ cdaeb1344e4136d8c9ac33507005159c93087a49
Making the following deprecated fields fatal-by-default
UNSUPPORTED_REST_LEGACY from config_source.proto
use_alpha from ext_authz.proto
enabled from route.proto
type from fault.proto
runtime_key from route.proto
Risk Level: High (first time using this process - it will likely cause problems for someone)
Testing: tests pass.
Docs Changes: n/a
Release Notes: no
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 19894aca58f21f73dfbdb939ce8597c58de8a574
The documentation before was misleading; the weights are not actually multiplied together. This change brings the docs here in line with the actual behavior and the docs in other places
Signed-off-by: John Howard <howardjohn@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e03f6f7629ea563a56f8cb024558a8bce0fbfc1d
Read a string value from stream_info.FilterState, and use it to look up a JwtRequirement map in the filter config.
This is the PR to implement #6399
Risk Level: Low
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ abd625a6a77f4831a359416489691f0a81af694c
Description: minor fixes to fix spelling and make clang-tidy happy
Risk Level: low
Testing: unit tests
Signed-off-by: Elisha Ziskind <eziskind@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d44c93a3fcb2e970829051b1a2f39800f652c370
Moved DEPRECATED.md to sphinx docs.
Risk Level: Low - only documentation
Testing: Compiles with sphinx docs without warnings or errors
Docs Changes: deprecated.rst created in intro section of sphinx docs and added to toctree
Release Notes: N/A
Fixes: #6386
Signed-off-by: HashedDan <georgedanielmangum@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ fd7c172af181275693297efbe148fd8bb414ef48
Description: modifies jwt_authn filter's ExtractorImpl extract method to use the from_headers's value_prefix tag more precisely, allowing syntax like "tag=<JWT>,other=xxx" rather than simply taking the remainder of the string as the JWT candidate.
See Issue #6355 for full description. Should be backwards-compatible with existing uses of jwt_authn.
Risk Level: Medium (scope: affects JWT authentication)
Testing: Unit testing was added to test/.../jwt_authn/extractor_test.cc. Since Extractor itself does not validate the JWT, only the parsing is tested.
Docs Changes: see "Further header options" section added to api/envoy/config/filter/http/jwt_authn/v2alpha/README.md
Release Notes:
Adds enhancement per Issue #6355, so that deployments can use a wider variety of HTTP header syntaxes to pass JWTs and have them authenticated by the jwt_authn filter. Backwards-compatible with existing usage.
JWT authentication with the jwt_authn HTTP filter now permits header syntax like the following:
Authorization: Bespoke jwt=eyJhbGciOiJS...ZFnFIw,extra=7,realm=123
Signed-off-by: Larry West <Larry_West@intuit.com>
Mirrored from https://github.com/envoyproxy/envoy @ 03cf28658399a7e411e49f9718782c919578d099
- Redis requests are now redirected to a new upstream connection
upon receipt of an MOVED or ASK error response. If the request
cannot be redirected, then the error is passed downstream unmodified.
The redirection IP (IPv4 or IPv6) address and TCP port specified
in the Redis server error does not need to reference a known host of
the cluster associated with the redis_proxy filter.
- added an enable_redirection boolean to the redis proxy connection
pool settings to control whether or not server redirection errors are
honored or passed downstream unchanged.
- RespValue copy constructor, copy assignment, and equality testing
methods for easier manipulation of RespValues.
- added cluster statistics, upstream_internal_redirect_succeeded_total
and upstream_internal_redirect_failed_total in ClientImpl::onRespValue()
callback
- extended unit tests for Redis connection pool, client, command
splitter, and RespValue copying and equallity testing.
- new basic integration test for redis_proxy: simple request
and response, and invalid request testing (enable_redirection
enabled).
Signed-off-by: Mitch Sukalski <mitch.sukalski@workday.com>
Mirrored from https://github.com/envoyproxy/envoy @ 378d59b43e71e07c36c9ef60b0ee7318ca7f510f
Provide the HTTP path normalization per RFC 3986 (sans case normalization). This addresses CVE-2019-9901.
The config HttpConnectionManager.normalize_path needs to be set for each HCM configuration to enable (default is off). There is also a runtime optione http_connection_manager.normalize_path
to change this default when not set in HCM.
Risk level: Low
Testing: New unit and integration tests added.
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7ed6d2187df94c4cb96f7dccb8643bf764af2ccb
This PR adds support to `ext_authz` filter for buffering the request data. This is useful when the authorization server needs to check the request body, e.g. HMAC validation.
Fixes#5676
*Risk Level*: low
*Testing*: unit
*Docs Changes*: yes
*Release Notes*: yes
Signed-off-by: Gabriel <gsagula@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 075edf802b9ef94bdf26fddc9e775f8bb89df92d
This is not implemented yet.
Fixes#6405.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4ed3afebe9801e40095a68fa135ccf10a474818a
Adds prefix wildcard support (foo.*) in virtual host domains
Risk Level: Low (does not change current behavior)
Testing: Unit tests
Docs Changes: updated domains field documentation in proto file
Release Notes: updated
Fixes#1269
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
Mirrored from https://github.com/envoyproxy/envoy @ af7c845fc5e37ce5b271e1a7b4566f2d1e8ec290
* docs: more snapping fixes
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ c949a8144cf3b0162133dde0c489dea8a4078a47
The change breaks the existing Redis operation, for example redis-cli -p
[WHATEVER] GET 1 crashes Envoy.
This reverts commit 046e98904f6df60f0c548ffe77ffb5f5f980179d.
Signed-off-by: Nicolas Flacco <nflacco@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ bacd89e866b4d81dd316613ce11c0b9c678cc421
We want to limit the number of connection pools per cluster. Add it to
the circut breaker thresholds so we can do it per priority.
Signed-off-by: Kyle Larose <kyle@agilicus.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7de2b39eeb7d0929fecb00e7b81c70236c3a4869
This filter decodes the ZooKeeper wire protocol and emits
stats & metadata about requests, responses and events.
This wire protocol parsing is based on:
https://github.com/twitter/zktraffichttps://github.com/rgs1/zktraffic-cpp
The actual filter structure is based on the Mysql proxy filter.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ b771f99f53142bbb1496dbcddccc5defaaaa8dd8
Update some documentation comments in api/envoy/service/auth/v2/*.proto to
more accurately describe the *current* behavior (without making any
judgment on whether that behavior is "correct" or desirable).
Signed-off-by: Luke Shumaker <lukeshu@datawire.io>
Mirrored from https://github.com/envoyproxy/envoy @ 0ac3706ddf0fda091521bb90cffac7bca8530197
Added an optional alias field to the resource message for use in the implementation of on-demand xDS.
Risk Level: Low
Testing: Validated Yaml
Fixes#6128
Signed-off-by: Brian Avery <bavery@redhat.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4d18f6e893b59a323ed0119016f1c1cbdb4fbcf9
This commit adds cluster stats tracking the resources remaining
until a circuit breaker opens.
Signed-off-by: Spencer Lewis <slewis@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0cd4054747440e019a5acc62f33f0a3b5db4975f
Passes along the Ssl::ConnectionInfo (renamed from Ssl::Connection)
to StreamInfo, allowing it to be read in access loggers. Updates both
the formatter and gRPC access logger with uri san/subject details,
and adds the SNI to the gRPC access log.
Risk Level: Low
Testing: Unit tests
Docs Changes: Added description for new access log formats
Release Notes: n/a
#4926
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 65c05cad96db7f7874e1e5a2b70829dcfad10e88
Update ADS protocol docs to specify a Keep-Alive so others consider adding it in. If the Keep-Alive parameters are not specified, it's very easy to end up in a TCP Half Open state during a network glitch/force disconnect where the Envoy thinks it's connected to the ADS server when it's not.
Risk Level: Low
Testing:
Docs Changes: N/A
Release Notes: N/A
Somewhat addresses: #5173
Signed-off-by: Suhail Patel <me@suhailpatel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0286b82280d33d39b5fec7dbc6be34d2fc943c7d
Introduce new optional configuration parameter initial_fetch_timeout to ConfigSource proto.
This parameter can be used to limit time Envoy spend on initialization of CDS, LDS and RDS.
Enabling this timeout prevents Envoy from being stuck in PRE_INITIALIZING or INITIALIZING phase, as described in #5862.
Risk Level: Low (optional feature, disabled by default)
Testing: manual testing, unit tests
Docs Changes: add new parameter initial_fetch_timeout to ConfigSource proto
Release Notes: Added
Fixes#5862
Signed-off-by: Marcin Falkowski <marcin.falkowski@allegro.pl>
Mirrored from https://github.com/envoyproxy/envoy @ 06576443805cc651a8b404da995aa26f9a8720f5
As a follow-up to #6151 , this PR updates xds docs.
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 06c47cc7c71ef2692a44a981cf5ab93cd8180112
Using proto.MarshalAny results in unstable output due to non-deterministic map ordering. This in turn causes Envoy's diff to reload a config since the hash of the structure changes.
Enable stable marshaler for gogoproto to avoid this problem. See #6252
Risk Level: low
Testing: n/a
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 15a19b9cb1cc8bd5a5ec71d125177b3f6c9a3cf5
1) Add stat to track number of active injected faults
2) Add config/runtime control over how many concurrent
faults can be injected. This is useful in cases where
we want to allow 100% fault injection, but want to
protect against too many concurrent requests using too
many resources.
3) Add stat for faults that overflowed.
4) Misc code cleanup / modernization.
Part of https://github.com/envoyproxy/envoy/issues/5942.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 191c8b02b4908f212f800ed0185f6ee689ba8126