Introduces the FilterDependency proto. This isn't quite an extension, but it's a common proto to be used by all filter extensions.
Risk Level: Low (proto addition only)
#14470
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2da224f88afe5ec84ba802bd932f73ed13308a92
part of #12841
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 77d7cecb7e68cb41b2f5f7c2aa7f4294c88089ce
Prefer to have operators use Envoy's native Zipkin tracer, since Zipkin
implies libcurl in opencensus. Once we complete a deprecation cycle
here, we should be able to remove this source of libcurl dependency.
Part of #11816.
Risk level: Low
Testing: bazel test //test/...
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 877d8e1f4ddd52f7a4b7bdacd3f95529469de672
The current default window_bits of 12 for the decompressor causes issues while decompressing responses
which were compressed by a compressor with window_size greater than 12.
Default window_bits to 15 to not run into any surprises when the decompressor is deployed with defaults.
Signed-off-by: Bharath Vedartham <vedabharath12345@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ e6700e5257c2da1817145a405b2440b90c3d3747
Commit Message: Making the recently added ProtocolOptionsConfig require explicit configuration
Risk Level: Medium (config breaking, for config which is 7 days old)
Testing: n/a
Docs Changes: inline
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ ff3ef1294a73d36b16a1057b9aaf1d297b7c3090
Adds support for associating a match tree with a HTTP filter, supporting a single "Skip" operation that will have the FM
ignore the filter for the duration of the stream once matched.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 935a6598cd01324f03608ca77ebffc9608f7af81
The connection timeout applies to the idle timeout in the common HTTP
protocol options message in the HttpConnectionManager, not to the
RouteAction idle timeout.
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6246920219ac0ba215bfd0b5462ef78036363b75
The compressor filter adds support for compressing request payloads. Its
configuration is unified with the decompressor filter with two new
fields for different directions - requests and responses. The latter
deprecates the old response-specific fields and, if used, roots the
response-specific stats in
<stat_prefix>.compressor.<compressor_library.name>.<compressor_library_stat_prefix>.response.*
instead of
<stat_prefix>.compressor.<compressor_library.name>.<compressor_library_stat_prefix>.*.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ b0fedbe914092124dbffb0e9d3e8ea8928f74bb9
This patch fixes some examples in the documentation that don't include the mandatory `http_uri.timeout` field and don't add the `tls_transport` field required to fetch JWT signature verification keys from HTTPS servers.
Risk Level: None, docs only
Testing: N/A
Docs Changes: Added
Release Notes: N/A
Fixes#14277
Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com>
Mirrored from https://github.com/envoyproxy/envoy @ 424909395c90d7d68f1afeb3427c26c7c85f2672
This is a followup to #13950 in which the transport API is also
fatal-by-default.
Risk level: High (this will break anyone who is still using v2 and has
not enabled CLI or runtime override)
Testing: Various tests updated as described above. New unit test added
for bootstrap to server_test and to ads_integration_test for
dynamic rejection behavior. api_version_integration_test continues to
provide the definitive cross-version transport API integration test.
Release Notes: Same as #13950.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9093131e2a01d368566741943e112fa629c96725
Add functionality to configure kill header in KillRequest proto. If configured in the proto, it will override the default kill header.
Risk Level: Low, new feature.
Testing: Unit/integration tests.
Docs Changes: Added
Release Notes: Added
Issue: #13978
Signed-off-by: qqustc@gmail.com <qqin@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1d44c27ff7d4ebdfbfd9a6acbcecf9631b107e30
As per discussion summarized in
#13555 (comment), we will not use structured
xdstp:// names/locators in the API initially. Instead, we will re-use existing string fields for
names and special case any name with a xdstp: prefix. We leave open the option of introducing
structured representation, in particular for efficiency wins, at a later point.
Risk level: Low (not in use yet)
Testing: CI
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d1ded6b381ca92cbacb2e0683adf997239b12272
This introduces a new filter called the "external processing filter." It is intended to allow an external service to be able to operate as if it were part of the filter chain using a gRPC stream. It is intended to support a variety of use cases in which processing of HTTP requests and responses by an external service is desired.
A document that describes the filter can be found here:
https://docs.google.com/document/d/1IZqm5IUnG9gc2VqwGaN5C2TZAD9_QbsY9Vvy5vr9Zmw/edit#heading=h.3zlthggr9vvv
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 98d2f3b553b87c3e935f57ba15b4faf68b45d7f0
Replacing the http-protocol-specific fields in the cluster config with a new plugin
Risk Level: medium
Testing: updated tests to use the new config
Docs Changes: updated docs to use the new config
Release Notes: deprecation notes in the PR
Deprecated: all http-specific cluster config.
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7554d61bccf136638bdfb383c10d049dc8bd3790
Add a KillRequest HTTP filter which can crash Envoy when receiving a Kill request. It will be used to fault inject kill request to Envoy and measure the blast radius.
Risk Level: Low, new feature.
Testing: Unit/integration tests.
Docs Changes: Added
Release Notes: Added
Issue: #13978
Signed-off-by: Qin Qin <qqin@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 237b29d6399953f22a47c6e4d19df74b4fbcee8d
Fixes#13082
Support skip decoding data after metadata in the thrift message.
In payload_passthrough mode, there are some issues:
Envoy cannot detect some errors and exceptions ( e.g. a reply that contains exceptions ). It's possible to improve this by peeking beginning of the payload.
payload_passthrough controls both request and response path. It can be split into two options if we want more fine-grained control.
FilterStatus passthroughData(Buffer::Instance& data, uint64_t bytes_to_passthrough) will not prohibit custom filters to modify buffer. Now it is assumed custom filters won't do that, otherwise behavior is undefined.
Risk Level: Medium
Testing:
unit test:
config
decoder
router
conn_manager
integration:
add an parameter payload_passthrough
manual:
send requests and verify responses
Signed-off-by: Tong Cai <caitong93@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2aee439cd15762cecda768a481b33bd88c999086
As per the decision to move the cncf/udpa repository to cncf/xds branding.
Also updated cncf/udpa hash and updated identifier handling (moved from repeated to a flat string).
Risk level: Low (the only breaking API changes affect not-implemented-hide fields).
Testing: New unit tests for path components.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8c4a3c77a7de016a118aacc4cea933951b85e589
#10526 allowed tracers to use CDS clusters. But zipkin proto doc still says bootstrap cluster is mandatory
Risk Level: Low
Testing: N/A
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6706d4413ad168d58267ee456428e56c9f0f78a5
When verifying Jwt clock constraint, it is recommend to use some clock skew. grpc is using 1 minute clock [skew](4645da201a/src/core/lib/security/credentials/jwt/jwt_verifier.cc (L388-L389)).
[jwt_verify_lib](https://github.com/google/jwt_verify_lib/pull/57) has been updated to add 1 minute clock skew.
In the old code, time constraint verification is done in jwt_authn filter, and jwt_verify_lib::verifyJwt() is doing time constraint verification again.
Change jwt_verify_lib to split the time constraint verification to Jwt class so it can be called separately. And call verify() without the time checking.
Risk Level: None
Testing: unit-test is done in jwt_verify_lib repo
Docs Changes: None
Release Notes: Added
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ cd684e76bda80e140ab90573815f1990ec6f2a6f
Some followup docs tweaks to #13721.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ dac6e58738d64b15ea26d1641906b68c16d55616
There are a few limitations in our existing support for symlink-based
key rotation:
We don't atomically resolve symlinks, so a single snapshot might have
inconsistent symlink resolutions for different watched files.
Watches are on parent directories, e.g. for /foo/bar/baz on /foo/bar,
which doesn't support common key rotation schemes were /foo/new/baz
is rotated via a mv -Tf /foo/new /foo/bar.
The solution is to provide a structured WatchedDirectory for Secrets to
opt into when monitoring DataSources. SDS will used WatchedDirectory
to setup the inotify watch instead of the DataSource path. On update, it will
read key/cert twice, verifying file content hash consistency.
Risk level: Low (opt-in feature)
Testing: Unit and integration tests added.
Fixes#13663Fixes#10979Fixes#13370
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 122257ef6ade0009feafc3c9142d480260fe069f
Add a new config field for an additional timeout that will cancel
streams that take too long to send headers, and implement it in the
HTTP Connection Manager.
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e1c138b427ff9bcdf5ebcb2639cc2d22f98ac1a8
This patch adds a new tracer to support the SkyWalking tracing mechanism and format.
Risk Level: Low, a new extension.
Testing: Unit
Docs Changes: Added
Release Notes: Added
Signed-off-by: wbpcode <comems@msn.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7d0f89b1011503ecd22f28e347cf7f76cba73057
Adding support on per-route config with following goal: not to do RouteMatch twice. Currently the filter is using RouteMatch to match a request with a specific Jwt requirement. But RouteMatch is also performed at routing, so the RouteMatch is done twice.
If a Jwt requirement can be specified at the per-route config, one of RouteMatch can be eliminated.
1) Add a `requirement_map` to associate a requirement_name with a JwtRequirement in the filter config `JwtAuthentication`.
2) Add per-route-config as followings:
* a requirement_name to specify a JwtRequirement. or
* `disabled` flag to bypass Jwt verification if it is true.
Risk Level: None. Added a new feature, old features are not impacted.
Testing: Added unit-tests and integration tests.
Docs Changes: Yes
Release Notes: Added
Platform Specific Features: None
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fe74d85d7d916eb975342e8298f2dc76279c1978
The comment in v3 version was missing the "If specified.." clause from the v2 version of that comment
Risk Level: low
Testing: Ran ./ci/run_envoy_docker.sh './ci/do_ci.sh fix_format'
Docs Changes: comment in a proto file changed
Signed-off-by: Sanjay Pujare <sanjaypujare@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f8e453fb43d5545730ddc90e10da541154d690b6
Use abort action as a default if killing is enabled and we're on a supported platform.
Risk Level: low
Testing: unit tests
Docs Changes: Included
Release Notes: Included
See PR #13208 for context as the reason it's part of core envoy and not an extension.
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 415af040e09a1f6993c15ffc022793d39ecf5e8e
Signed-off-by: András Czigány <andras.czigany@strivacity.com>
Mirrored from https://github.com/envoyproxy/envoy @ dc3460c247538b8f81d49bd7984f46d142f20ba9
This is a follow up to 2c60632.
This forces all callers to think about multiple header values. There may be places that we want
to support multiple values, but none of them are security critical and this change should be
functionally equivalent to what exists today.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4d77fc802c3bc1c517e66c54e9c9507ed7ae8d9b
Signed-off-by: John Plevyak <jplevyak@gmail.com>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 319a9a647f19036d831a75f68350c90e98bfc365
The java_outer_classname must not collide with a type defined within a proto
file in order to compile protos to Java. Additionally, this commit
introduces a format check to prevent this from happening again.
Risk Level: low
Testing: none
Docs Changes:none
Release Notes: none
Fixes#13368
Signed-off-by: Spencer Lewis <slewis@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 03f46bbdafae57a510d3a7fd8aa912efb9c71db3
This patch adds a per-route flag to bypass the request body buffering.
Fixes#13285
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 10e5a47fdc9c3120d24b4d3e5383d49ddeca344a