It's helpful to a client-side LB to know the total endpoint serving QPS when making LB decisions.
This could also be used as a signal for Envoy's least loaded LB.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0d5bfe2db00075d12b163b27f130bbca8539ffbc
Dynamic link tests in ASAN to save disk space. Partially addresses #1407.
Risk Level: Low (ASAN only)
Testing: CI
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 8cca5c2992693ae143834ad0726aa630058f5910
Signed-off-by: Brian Rectanus <brectanus@signalsciences.com>
Mirrored from https://github.com/envoyproxy/envoy @ 77d267eef63edc215f93d140f61bfc711b59a31b
Reintroduce dispatcher stats previously reverted in #6649. Dispatcher stats are now gated on a new bootstrap config parameter, enable_dispatcher_stats, and disabled by default.
Risk Level: Low
Testing: Manually verified that config is respected (see #6582, this still requires integration tests).
Docs Changes: Included a note about how statsd doesn't play well with these high-volume histograms.
Signed-off-by: Dan Rosen <mergeconflict@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 481a127f5ade32e5590b4e8b8271576e44643082
This adds support for modifying the grpc-timeout provided by the
downstream by some offset. This is useful to make sure that Envoy is
able to see timeouts before the gRPC client does, as the client will
cancel the request when the deadline has been exceeded which hides the
timeout from the outlier detector.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 03ae1ef6b9afcfda9545b3d734b54027776254f9
realized that, with the unreliable queue implementation copied from SotW xDS, delta xDS could get into a state where Envoy thinks it has subscribed, but the server hasn't heard the subscription, with no way for either to realize the mistake. I fixed that by converting the queue setup to a cleaner "do I currently want to send a request?" with the request's (un)subscriptions only populated immediately before the request is actually sent into gRPC.
While doing that, I further realized there was a problem when a given resource was subscribed then unsubscribed (or reversed), all in between request sends. I made sure Envoy handles that sensibly, and added explicit requirements to the xDS protocol spec to ensure servers will also handle it sensibly.
Added unit tests for those fixes.
Risk Level: low
Testing: added unit tests for bugs uncovered
#4991
Signed-off-by: Fred Douglas <fredlas@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3abb7d051c55f190d19b531a2fd1360842b334a5
Default behavior remains unchanged: retries will use the runtime parameter
defaulted to 25ms as the base interval and 250ms as the maximum. Allows
routes to customize the base and maximum intervals.
Risk Level: low (no change to default behavior)
Testing: unit tests
Doc Changes: included, plus updated description of back-off algorithm
Release Notes: added
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5ea103ee0e88cca52f543fdd230ca9f84c518c88
Created OpenRCA service proto file based on ORCA design
Risk Level: Low
Signed-off-by: Chengyuan Zhang <chengyuanzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5cb222964fb691d8cb6cb0f6dd8fdd7b5dbdbb61
Add support for specifying _stale_after timeout as part of ClusterLoadAssignment
Risk Level: Low
Optional Feature that is triggered by the Management Server. Defaults to noop.
Testing: Unit test
Docs Changes: None
Release Notes: None
Fixes#6420
Signed-off-by: Vishal Powar <vishalpowar@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e6a3ce16ff818cc4d5588345fca084efeaa1985d
Change the behavior of the delayed_close_timeout such that it won't trigger unless there
has been at least a delayed_close_timeout period of inactivity after the last write event on
the socket pending to be closed.
This mitigates a race where a slow client and/or low timeout value would cause the socket
to be closed while data was actively being written to the socket. Note that this change does
not eliminate this race since a slow client could still be considered idle by the updated timeout
logic, but this should be very rare when useful values (i.e., >1s to avoid the race condition on
close that this timer addresses) are configured.
Risk Level: Medium
Testing: New unit tests added
Docs Changes: Updated version history and HttpConnectionManager proto doc
Fixes#6392
Signed-off-by: Andres Guedez <aguedez@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ cdaeb1344e4136d8c9ac33507005159c93087a49
Making the following deprecated fields fatal-by-default
UNSUPPORTED_REST_LEGACY from config_source.proto
use_alpha from ext_authz.proto
enabled from route.proto
type from fault.proto
runtime_key from route.proto
Risk Level: High (first time using this process - it will likely cause problems for someone)
Testing: tests pass.
Docs Changes: n/a
Release Notes: no
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 19894aca58f21f73dfbdb939ce8597c58de8a574
The documentation before was misleading; the weights are not actually multiplied together. This change brings the docs here in line with the actual behavior and the docs in other places
Signed-off-by: John Howard <howardjohn@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e03f6f7629ea563a56f8cb024558a8bce0fbfc1d
Read a string value from stream_info.FilterState, and use it to look up a JwtRequirement map in the filter config.
This is the PR to implement #6399
Risk Level: Low
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ abd625a6a77f4831a359416489691f0a81af694c
Description: minor fixes to fix spelling and make clang-tidy happy
Risk Level: low
Testing: unit tests
Signed-off-by: Elisha Ziskind <eziskind@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d44c93a3fcb2e970829051b1a2f39800f652c370
Moved DEPRECATED.md to sphinx docs.
Risk Level: Low - only documentation
Testing: Compiles with sphinx docs without warnings or errors
Docs Changes: deprecated.rst created in intro section of sphinx docs and added to toctree
Release Notes: N/A
Fixes: #6386
Signed-off-by: HashedDan <georgedanielmangum@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ fd7c172af181275693297efbe148fd8bb414ef48
Description: modifies jwt_authn filter's ExtractorImpl extract method to use the from_headers's value_prefix tag more precisely, allowing syntax like "tag=<JWT>,other=xxx" rather than simply taking the remainder of the string as the JWT candidate.
See Issue #6355 for full description. Should be backwards-compatible with existing uses of jwt_authn.
Risk Level: Medium (scope: affects JWT authentication)
Testing: Unit testing was added to test/.../jwt_authn/extractor_test.cc. Since Extractor itself does not validate the JWT, only the parsing is tested.
Docs Changes: see "Further header options" section added to api/envoy/config/filter/http/jwt_authn/v2alpha/README.md
Release Notes:
Adds enhancement per Issue #6355, so that deployments can use a wider variety of HTTP header syntaxes to pass JWTs and have them authenticated by the jwt_authn filter. Backwards-compatible with existing usage.
JWT authentication with the jwt_authn HTTP filter now permits header syntax like the following:
Authorization: Bespoke jwt=eyJhbGciOiJS...ZFnFIw,extra=7,realm=123
Signed-off-by: Larry West <Larry_West@intuit.com>
Mirrored from https://github.com/envoyproxy/envoy @ 03cf28658399a7e411e49f9718782c919578d099
- Redis requests are now redirected to a new upstream connection
upon receipt of an MOVED or ASK error response. If the request
cannot be redirected, then the error is passed downstream unmodified.
The redirection IP (IPv4 or IPv6) address and TCP port specified
in the Redis server error does not need to reference a known host of
the cluster associated with the redis_proxy filter.
- added an enable_redirection boolean to the redis proxy connection
pool settings to control whether or not server redirection errors are
honored or passed downstream unchanged.
- RespValue copy constructor, copy assignment, and equality testing
methods for easier manipulation of RespValues.
- added cluster statistics, upstream_internal_redirect_succeeded_total
and upstream_internal_redirect_failed_total in ClientImpl::onRespValue()
callback
- extended unit tests for Redis connection pool, client, command
splitter, and RespValue copying and equallity testing.
- new basic integration test for redis_proxy: simple request
and response, and invalid request testing (enable_redirection
enabled).
Signed-off-by: Mitch Sukalski <mitch.sukalski@workday.com>
Mirrored from https://github.com/envoyproxy/envoy @ 378d59b43e71e07c36c9ef60b0ee7318ca7f510f
Provide the HTTP path normalization per RFC 3986 (sans case normalization). This addresses CVE-2019-9901.
The config HttpConnectionManager.normalize_path needs to be set for each HCM configuration to enable (default is off). There is also a runtime optione http_connection_manager.normalize_path
to change this default when not set in HCM.
Risk level: Low
Testing: New unit and integration tests added.
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7ed6d2187df94c4cb96f7dccb8643bf764af2ccb
This PR adds support to `ext_authz` filter for buffering the request data. This is useful when the authorization server needs to check the request body, e.g. HMAC validation.
Fixes#5676
*Risk Level*: low
*Testing*: unit
*Docs Changes*: yes
*Release Notes*: yes
Signed-off-by: Gabriel <gsagula@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 075edf802b9ef94bdf26fddc9e775f8bb89df92d
This is not implemented yet.
Fixes#6405.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4ed3afebe9801e40095a68fa135ccf10a474818a
Adds prefix wildcard support (foo.*) in virtual host domains
Risk Level: Low (does not change current behavior)
Testing: Unit tests
Docs Changes: updated domains field documentation in proto file
Release Notes: updated
Fixes#1269
Signed-off-by: Bartosz Borkowski <bartebor@wp.pl>
Mirrored from https://github.com/envoyproxy/envoy @ af7c845fc5e37ce5b271e1a7b4566f2d1e8ec290
* docs: more snapping fixes
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ c949a8144cf3b0162133dde0c489dea8a4078a47
The change breaks the existing Redis operation, for example redis-cli -p
[WHATEVER] GET 1 crashes Envoy.
This reverts commit 046e98904f6df60f0c548ffe77ffb5f5f980179d.
Signed-off-by: Nicolas Flacco <nflacco@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ bacd89e866b4d81dd316613ce11c0b9c678cc421
We want to limit the number of connection pools per cluster. Add it to
the circut breaker thresholds so we can do it per priority.
Signed-off-by: Kyle Larose <kyle@agilicus.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7de2b39eeb7d0929fecb00e7b81c70236c3a4869
This filter decodes the ZooKeeper wire protocol and emits
stats & metadata about requests, responses and events.
This wire protocol parsing is based on:
https://github.com/twitter/zktraffichttps://github.com/rgs1/zktraffic-cpp
The actual filter structure is based on the Mysql proxy filter.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ b771f99f53142bbb1496dbcddccc5defaaaa8dd8
Update some documentation comments in api/envoy/service/auth/v2/*.proto to
more accurately describe the *current* behavior (without making any
judgment on whether that behavior is "correct" or desirable).
Signed-off-by: Luke Shumaker <lukeshu@datawire.io>
Mirrored from https://github.com/envoyproxy/envoy @ 0ac3706ddf0fda091521bb90cffac7bca8530197
Added an optional alias field to the resource message for use in the implementation of on-demand xDS.
Risk Level: Low
Testing: Validated Yaml
Fixes#6128
Signed-off-by: Brian Avery <bavery@redhat.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4d18f6e893b59a323ed0119016f1c1cbdb4fbcf9
This commit adds cluster stats tracking the resources remaining
until a circuit breaker opens.
Signed-off-by: Spencer Lewis <slewis@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0cd4054747440e019a5acc62f33f0a3b5db4975f
Passes along the Ssl::ConnectionInfo (renamed from Ssl::Connection)
to StreamInfo, allowing it to be read in access loggers. Updates both
the formatter and gRPC access logger with uri san/subject details,
and adds the SNI to the gRPC access log.
Risk Level: Low
Testing: Unit tests
Docs Changes: Added description for new access log formats
Release Notes: n/a
#4926
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 65c05cad96db7f7874e1e5a2b70829dcfad10e88
Update ADS protocol docs to specify a Keep-Alive so others consider adding it in. If the Keep-Alive parameters are not specified, it's very easy to end up in a TCP Half Open state during a network glitch/force disconnect where the Envoy thinks it's connected to the ADS server when it's not.
Risk Level: Low
Testing:
Docs Changes: N/A
Release Notes: N/A
Somewhat addresses: #5173
Signed-off-by: Suhail Patel <me@suhailpatel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0286b82280d33d39b5fec7dbc6be34d2fc943c7d