Commit Message: add the proto for the new http filter GrpcFieldExtraction we are going to contribute.
Additional Description: please see the proto comments for this filter's behavior. Thanks @yanavlasov who is willing to be the sponsor.
Risk Level:NA
Testing:NA
Docs Changes:NA
Release Notes:NA
Mirrored from https://github.com/envoyproxy/envoy @ 46a05a6e79b17b64406c83930d3065a545a04cbd
This is to address a use case when a header should be modified only when it exists and should not be added when it does not exist.
Risk Level: Low
Testing: Unit tests.
Docs Changes: Yes.
Release Notes: Yes
Platform Specific Features: No
Fixes#27907
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ d9ba9d17016296c50069584905dee1a19427d42e
This is to address issue: #28243
The value_bytes proto is added by #27865.
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8a2d9502638789b1d078f06f48b51918589a1f4a
Boring SSL team is going to set `enforce_rsa_key_usage` to true very soon. If it is true, the handshake will fail if the keyUsage extension is present and incompatible with the TLS usage. However, the backend services/VMs might not be ready for this change and it had caused outage. I think this is also applicable to OSS Envoy customer since their certificate may not be ready as well.
Change:
- Add the config field to control `enforce_rsa_key_usage`. It is false by default now but can be changed to true (which is aligned with Boring SSL's request) later once the customers are ready.
- Set it when ClientContext's SSL object is created. This ssl object will be used later in ssl handshake.
- It is added in `upstreamTlsContext` proto and set in `ClientContext` because this change in Boring SSL only affects Envoy->Backend (Upstream TLS) but not Client-> Envoy (Downstream TLS)
- Add stats to track/report the invalid use case by leveraging SSL_was_key_usage_invalid API introduced [here](a614d46d40)
- Improve the error handling/report for `SSL_ERROR_SYSCALL`
Signed-off-by: tyxia <tyxia@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c5d578bdf109b90c1b93e888dae6cb45de6309f7
One can specify a MetadataKey with a path selector to pick up a host
from the dynamic metadata of the request or downstream. Selected
value can either be a string or a list with at least a single
element of string type. Request metadata is considered first.
Signed-off-by: Andrii Chabykin <chabster@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 10468b320421cb14d7911b4e6d139cc18780fb1a
* Turn ext_proc into API stable.
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4e5031013746a0768e9a3065dbab08b70eaf3c05
Commit Message:
This commit adds CONNECT-UDP (RFC 9298) support. UdpConnPool is added to create a UDP socket for a new CONNECT-UDP request, and UDPUpstream is added to maintain the socket and other relevant data associated with UDP upstreams.
We added an integration test for the terminating CONNECT-UDP proxy, but not the forwarding proxy in this commit. We are going to add test cases to cover the forwarding proxy scenario in a subsequent commit.
Additional Description:
Risk Level: Medium, the feature can only be enabled by the new configuration added in this commit.
Testing: Integration test
Runtime guard: envoy.reloadable_features.enable_connect_udp_support
Release Notes: added support for CONNECT-UDP (RFC 9298). Can be disabled by setting runtime feature envoy.reloadable_features.enable_connect_udp_support to false.
Signed-off-by: Jeongseok Son <jeongseok.son@gmail.com>
Co-authored-by: asingh-g <abhisinghx@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b4f37553d6887447f942a1aedbc8c2dacae45537
* Fix ext_proc filter can not send non-utf8 character by gRPC
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9c6e75062ebdd8c8382c671662fb096569d9eaa9
This computes the health of a priority level by using load balancing weight
instead of the count of healthy hosts.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 842d1b2ae9b7f73a5055f2117df6f7d086b9e40d
Commit Message:
With lots of clusters and route-tables in a cloud proxy, we are seeing tons of RAM been spent on stats while most of the stats are never inc-ed due to traffic pattern(or long tail). We are thinking that we can lazy init cluster stats() so that the RAM is only allocated when it's required.
To achieve that we need to have finer grained stats group, e.g. configUpdateStats() are frequently updated by config management server, while upstream_xxx are only required when there is traffic for the cluster, for this sub-group we can save RAM by lazy init it.
Introduce a new stats utility in this PR such that the nested StatsStruct is only instantiated when any of "->" or "*xx." operator is used.
Cribbed from PR #23921
Please see that PR for how it is used.
Additional Description:
Risk Level: LOW,utility lib not used yet.
Testing: unit test and speed test.
Docs Changes:
Release Notes:
Platform Specific Features:
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7801df6af9000ae31bdd89b080e0d797501cbd18
* Bound the number of connections that can be accepted per socket event on
listeners.
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ef9387f7336d136c5d1525f9c75176a4ae87cb75
Adding per route match tree resolution to the extension with matcher.
Risk Level: Low
Testing: test/common/http/match_delegate/match_delegate_integration_test.cc, test/extensions/filters/http/composite/composite_filter_integration_test.cc, test/common/http/match_delegate/config_test.cc
Docs Changes: matching_api.rst
Release Notes: changelogs/current.yaml
Platform Specific Features: N/A
Signed-off-by: Joseph Straceski <jstraceski@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c6a9a24987ebaab94a529fbd1da1ab89ec480d81
add bootstrap option to set log format
Signed-off-by: ohadvano <ohadvano@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08dd6fedf0c433c341e74e689194beb23540932c
Commit Message: application_logs: add bootstrap option to write logs in JSON format
Additional Description: Adds an option in bootstrap config to write application logs in JSON format, while supporting all the log-format flags as defined in the CLI --log-format option. Related to #25959 - this is the first step in the implementation for supporting custom JSON properties, while printing the application logs output in JSON format.
Risk Level: Low (all new code paths are only enabled by config option)
Testing: Unit tests
Docs Changes: API, Application logs docs
Release Notes: None
Platform Specific Features: None
Signed-off-by: ohadvano <ohadvano@gmail.com>
Signed-off-by: ohadvano <49730675+ohadvano@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ a9ec898d6dfdb4875a5b3684a6ee84afd4bb9663
* add access log to health check
Signed-off-by: Boteng Yao <boteng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 881bc030a8f1cdc904311de6c1cdba38ef8cc98a
Aids in decorating access logs for requests that are subjected to ext_proc and fault calls. In ext_proc, the struct is copied into the filter state object that contains per grpc exchange stats. In fault case, it is copied into dynamicMetadata under the namespace matching the filter config name.
Risk Level: Low
Testing: Unit tests
Signed-off-by: Shriram Rajagopalan <shriramr@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c2ae2211196a48b12d2e36d00c6c2889ae2f434a
API definition for scrubbing request headers sending from ext_proc filter to ext_proc server
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7d1b1d0040054093575dcda742099be9641e3a64
Commit Message: [ZK filter] emit fast/slow response metrics for error budget SLI calculation
Additional Description: Emit fast/slow response counter metrics for each opcode used for error budget SLI calculation.
Risk Level: low
Testing: unit tests
Docs Changes: This diff will update these two docs ZooKeeper proxy introduction doc and ZooKeeper proxy proto doc.
Release Notes: [ZK filter] emit fast/slow response metrics for error budget SLI calculation
Platform Specific Features: N/A
API Considerations: Did not find a good way to make repeated message unique (LatencyThreshold in this case) with proto validation. Also found that enum cannot be the key of the proto map.
Signed-off-by: Zhewei Hu <zhu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ a170b03435c4b12c0b6e46b6b9800f08dba2bdd5
Commit Message: accesslog: support CEL command in the formatter
Risk Level: low
Testing: unit
Docs Changes: none
Release Notes: yes
Mirrored from https://github.com/envoyproxy/envoy @ 8cfeabd5bd0b15b5e6ef029bf9fef4dcaa1c8254
update-envoy[bot]
data-plane-api(Azure Pipelines)