docs: clarify the use of "/" as a prefix_rewrite
This patch clarifies the use of "/" as a prefix_rewrite in route and redirect prefix rewriting. And also a note on the use of trailing slashes as match value.
Risk Level: Low
Testing: add more input samples to RedirectPrefixRewrite test.
Docs Changes: Update route.proto doc regarding path_rewrite both for redirect and route.
Release Notes: N/A
Fixes#2956
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Mirrored from https://github.com/envoyproxy/envoy @ d20c12df24845e4745682419edbe1add5b4688b1
Added protos to support Role Based Access Control in Envoy.
Also removed existing auth.proto because the new RBAC proto is a replacement of it.
Ealier discussions at
envoyproxy/data-plane-api#586.
Signed-off-by: Limin Wang <liminwang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 13de384ab34428af99c53201f6b3c95991b7ae10
Adds TCP Keepalive support for upstream connections. This can be configured on the cluster manager level, and overridden on the cluster level.
Risk Level: Medium
Testing:
Unit tests have been added. It appears to run and work.
Docs Changes:
envoyproxy/data-plane-api#614Fixesenvoyproxy/envoy#3028
API Changes:
envoyproxy/data-plane-api#614
Signed-off-by: Jonathan Oddy <jonathan.oddy@transferwise.com>
Mirrored from https://github.com/envoyproxy/envoy @ dd953f99945bb7c6b3251f71bffe252a5f6e9e62
Implements the header matching mechanism that was added to the API in #3097 .
Risk Level: Low
Testing: Unit tests were added for the new configuration options.
Docs Changes: #3097.
Release Notes: added release note.
Signed-off-by: Matt Rice <mattrice@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 132b36cdae221dd602ebd920a1025167c3a7753a
This was found via proto fuzzing the server config.
Risk Level: Low
Testing: New utility_test.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a87d265d1c1819926f2b2e8e7e866244fd40f574
Found via proto fuzzing of the server config, unbounded ring sizes can lead to resource exhaustion.
Also bumped PGV version, since even with the bound added to cds.proto, the constraint validation was
skipped due to the bug fixed in https://github.com/lyft/protoc-gen-validate/pull/73.
Risk Level: Medium (PGV bump might result in some configs that passed before failing).
Testing: server_fuzz_test regression.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 176e565eaec82d79ebf28d3f2bd0493f68a95180
Validated the full push-to-master to data-plane-api, so this time it should work.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ bf1073f04db95b674575c9f96fc821a5537774b2
define a access log filter to filter requests based on the
value of a specified header.
This is the initial data plane api change for the issue envoyproxy/envoy#2544.
Signed-off-by: Kevin Chan <kchan@evernote.com>
This patch begins addressing #540, adding per_filter_config fields to both VirtualHost. ClusterWeight and Route configs. A following PR will, as an initial PoC/example, implement vhost/route specific configs for the HTTP buffer filter.
Signed-off-by: Chris Roche <croche@lyft.com>
envoyproxy/envoy#2971 adds warning-checks that mutations should be POSTed. This documents that status. In a future PR, mutations will fail if they are not POSTs.
See envoyproxy/envoy#2763 for more detail.
Signed-off-by: Joshua Marantz <jmarantz@google.com>
This provides an alternative health check port, if set it allows an
upstream host to have different health check address port.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
This unhides request headers to add field for HTTP health check and put a
release note line in the version history.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
This PR includes the necessary modifications in support of envoyproxy/envoy#2828.
Added additional configuration to ext_authz.proto so that the filter is able to call an HTTP/1.1 authorization service.
In external_auth.proto, added a nested message to CheckResponse that allows the authorization service to pass additional HTTP response attributes back to the authz filter.
Signed-off-by: Gabriel <gsagula@gmail.com>
The current build.sh file will attempt to use the default python version (in my case 3.6) instead of python2.7 which seems to be the required version due to the standard library having removed StringIO from python3.
Signed-off-by: Nicholas Johns <nicholas.a.johns5@gmail.com>
These are required to generate xDS responses from a Go binary. If they
don't exist, implementations are required to vendor the data-plane-api
with this change applied.
Signed-off-by: John Millikin <jmillikin@stripe.com>
This follows up from #558 which made IP_FREEBIND a BoolValue for LDS but
not for upstream. I think it makes sense to have it in both places given
the new socket options setup introduce in
https://github.com/envoyproxy/envoy/pull/2734.
Some bonus docs fixups thrown in.
Signed-off-by: Harvey Tuch <htuch@google.com>
data-plane-api(CircleCI)
htuch
Kchan
Marcelo Juchem
Shakti Das
Akhil Thampy
Guy Lichtman
Joe Friedl
Yuval Kohavi
Chris Roche
Joshua Marantz
Bjoern Metzdorf
Dhi Aurrahman
Nicholas Johns
James Sedgwick
Gabriel Sagula
Scott Weiss
Romain Lenglet
Nicolas Thiebaud
jmillikin-stripe
Jarno Rajahalme
Gary Brown