A fuzz failure indicated a divide-by-zero in HealthCheckerImplBase::interval(). Beyond this, on
inspection, it seems we allow zero retry intervals, which can live lock the main thread. This PR
fixes these issues.
Fixes oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10786.
Risk Level: Low
Testing: Additional unit test and a corpus entry added.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b61b28fe7ae9927452477a0f4e337c53830a7070
Introduces a rate limiter filter for thrift requests, implemented as a
decoder filter that works in conjunction with the thrift router filter.
Risk Level: low
Testing: unit tests
Doc Changes: inline with proto definitions
Release notes: updated
Signed-off-by: Stephan Zuercher <stephan@turbinelabs.io>
Mirrored from https://github.com/envoyproxy/envoy @ 6ac936f2750c39a8b4fb232d6ddc4802f4e6aeee
Now that Envoy can function without an admin listener (#4486), there's no need to specify path or
even an empty admin message, so relax this requirement.
Risk Level: Low
Testing: bazel test //test/...
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 570a403b8882ea34309bbe73209fee41417fa10e
This commit adds support for SNI based permissions by matching over a
connection's requested server name.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 811ee0dc52951acf2f66190587f92394473c245c
limiting user defined header alterations to 25 alterations (add/remove request/response headers) and 1024 bytes per alteration.
Risk Level: medium (if someone needs higher limits we can roll back and roll forward with new values)
Testing: new unit tests of one of the 17 fields affected
Release Notes: noted the new limitations
Fixes#4268
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ b9bee1e649399f838b23cb1cedfba888e1925605
*Description*: Adds support for displaying Subject Alternate Names as a comma separated list of string in `/certs` admin end point
*Risk Level*: Low
*Testing*: Automated
*Docs Changes*: Updated
*Release Notes*: Updated
Signed-off-by: Rama <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7403314b0b255a89ab284b7ed0eead5a5f4aecfd
This adds the ability to list arbitrary status codes as retryable.
Part of #4103
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3b00c8ee37caddca2215c5f61489d17ed2733890
This commit removes support for the previously deprecated integer
percentages in the fault subsystem.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7ccf67db45db8c4e9bc406488c8f1f2a8566f506
Description: While working on certs changes, I realized that memory proto doc links were missing. This PR adds them.
Risk Level: Low
Signed-off-by: Rama <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7600419d74aaa0d52c5f56f1a2b35c7ce05a76a0
Re-enable the changes reverted in 9d32e5c2a14cd9ab96b6e77fb04f7bd77b2c0d71, which were originally merged as part of #4382.
Signed-off-by: Andres Guedez <aguedez@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b16f5299e45ca71a36ec6f7fc006ed311b58a843
Implements a RetryPriority which will keep track of attempted
priorities and attempt to route retry requests to other priorities. The
update frequency is configurable, allowing multiple requests to hit each
priority if desired.
As a fallback, when no healthy priorities remain, the list of attempted
priorities will be reset and a host will selected again using the
original priority load.
Extracts out the recalculatePerPriorityState from LoadBalancerBase to
recompute the priority load with the same code used by the LB.
Signed-off-by: Snow Pettersen snowp@squareup.com
Risk Level: Medium, new extension
Testing: unit tests
Docs Changes: n/a
Release Notes: n/a
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ ba5d3f0c130bb21958cf093c368af0526a4740b7
update doc for jwt_authn http filter
format config.proto comment for doc
add a new rst file: docs/root/configuration/http_filters/jwt_authn_filter.rst
Risk Level: None
Docs Changes: Yes
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d101ae7decfdae148f53ea9d2220444c726dfbfd
This PR reverts #4382. When deploying at Lyft we noticed crashes on here where we might be derefencing the connection_stats_ pointer after the point has been reset.
Note: this PR keeps the changes to the API made in the original PR but tags the field as not implemented. This is what we have done in the past for reverts that involve changes that change the API.
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9d32e5c2a14cd9ab96b6e77fb04f7bd77b2c0d71
This patch reintroduces PR #4217.
Signed-off-by: Tony Allen <tallen@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ bcc7a96d9e66bc0f70e3ed52161ec3471f835bdb
This should unblock Windows, fix the long CLI issue and also fuzz weak link problems.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 92971047ca0b8a97c1004e3b5196916203f9185b
Correct commonly misspelled English words
Signed-off-by: zyfjeff <tianqian.zyf@alibaba-inc.com>
Mirrored from https://github.com/envoyproxy/envoy @ 31d0611d0ffb982414974adaf6940afd1863fa95
Related to #4415. Some of example codes in docs are still following v1 SDS API, so I update them.
The description part of EDS in the service_discovery.rst is brought from here: 2783fad783/API_OVERVIEW.md (apis)
Risk Level: N/A, documentaion only.
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Taiki Ono <taiki-ono@cookpad.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7a97f9635ec71bfcd6ef2699ad2e136581de23fd
Accept bootstrap configs that don't specify an admin port, and simply
don't run the admin server in that case.
Signed-off-by: Fred Douglas <fredlas@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0fb5efc50ef2b03ab0073f947ebfcf886c4a32b1
Add SDS feature in the doc.
For #4471
Risk Level: None
Testing: None
Docs Changes:
Yes, update the doc
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ef690f25af83a6bfcd6c2af4fe82a94918ccd161
Mitigate client read/close race issues on downstream HTTP connections by adding a new connection
close type 'FlushWriteAndDelay'. This new close type flushes the write buffer on a connection but
does not immediately close after emptying the buffer (unlike ConnectionCloseType::FlushWrite).
A timer has been added to track delayed closes for both 'FlushWrite' and 'FlushWriteAndDelay'. Upon
triggering, the socket will be closed and the connection will be cleaned up.
Delayed close processing can be disabled by setting the newly added HCM 'delayed_close_timeout'
config option to 0.
Risk Level: Medium (changes common case behavior for closing of downstream HTTP connections)
Testing: Unit tests and integration tests added.
Fixes#2929.
Signed-off-by: Andres Guedez <aguedez@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ aa9478f06d613cd7b845e609a8c20c1ce116dad5
Adds optional configuration to ext_authz filter allowing to specify http headers to add to the request from Envoy to external authorization service.
Risk Level: Low
Testing: unit test
Docs Changes: added
Release Notes: added
Signed-off-by: David Kowalski <dkowalski@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 031501b1680d7544ab585b06ea459e94f9972f46
* hcm: allow unix sockets to be considered internal addresses
Adds a config option that treats unix socket addresses as internal for
the purpose of stats/header santization.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ abf17919e363a1c9a2ce6dec85cda8cd6ba725dc
Adds configuration option to zipkin tracer config to determine whether shared span context should be used.
Resolves#4397
Risk Level: Medium
Testing:
Currently defined unit tests but will try on some examples early next week.
Docs Changes:
Config option defined in proto.
Signed-off-by: Gary Brown <gary@brownuk.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2ddebc626920f05697c8f2582a683b03c0b10991
This reverts commit 75e54d072fa190ab78b9795f9ed7a98e1d2d33a3.
This was breaking Mac CI due to known PGV CLI limits.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ba41eea553232bdfab90d9aa32ab4b72ca6fb31
This adds the option to match on gRPC requests directly instead of
indrectly doing so through header matchers. It provides a more robust
matching mechanism, as it incorporates the gRPC content-type variations
into the check.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 701618f65a7513e2453d04ff1bc5cb2cc864c401
While there, move header modification in some tests from
route action level (deprecated in #3838) to route level.
*Risk Level*: Low
*Testing*: bazel test //test/...
*Docs Changes*: Added
*Release Notes*: Added
Fixes#4249.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6ce3e1f45005c37e4a951470ee0bcf0381738e76
Implements the Twitter variant of the Thrift binary protocol,
as implemented by the finagle library.
*Risk Level*: low
*Testing*: unit tests
*Docs Changes*: updated API docs
*Release Notes*: n/a
Signed-off-by: Stephan Zuercher <stephan@turbinelabs.io>
Mirrored from https://github.com/envoyproxy/envoy @ 21c6d13243b5d3c9decf1b24a49b72e66232953e
To encourage users to use v2 configuration. Related to #2100.
Risk Level: N/A, documentation change.
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Taiki Ono <taiki-ono@cookpad.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1d46c75024ebe3c5449647f8bbb9d5dcc532f836
Refactor SdsApi to support dynamic certificate validation context, and support Envoy to fetch certificate validation context from remote server via SDS API.
Risk Level: Low
Testing: Unit tests and integration tests.
Fixes#1194
Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 15cfc5ad1a4d622126f642fa70699af753a2d310
Ext_Authz HTTP client has been modified so that 5xx errors received from the authorization server will set the filter response status to error instead of denied and HTTP status code field to Forbidden. The gRPC client has been also modified in order to return HTTP status code Forbidden whenever an error between the client and the authorization server occurs.
Risk Level: low
Testing: unit tests, manual tests.
Docs Changes: not needed.
Fixes issue: #4124.
Signed-off-by: Gabriel <gsagula@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ d646949e0534557084196dea850c26599e53f1b8
Add a new field local_credentail into GoogleGrpc which supports Envoy to use gRPC local channel credentials.
Updated gRPC library to 1.15.0 release, which provides new methods that we need in order to use local channel credentials. See grpc/grpc#15909.
Certain Google gRPC features, such as passing Google default call credential, only works with a valid channel credential. Local credential is a valid channel credential.
Risk Level: Low
Testing: Unit test
Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 23e8e12fd77b08b87007a819b5683a5289883b46
This change adds the ability to attach metadata to the clusters and weighted clusters to allow users to filter a down to instances that match metadata criteria provided. This is used only when the subset load balancer is enabled and leverages what exists already for http metadata matching.
Changes include:
- construct MetadataMatchCriteria objects from protobufs
- expose through Thrift::Router::RouteEntry and use in router impl
Risk Level: LOW
Testing: tests, new and old, pass
Docs Changes: added description for new proto fields. docs build successfully.
Release Notes: n/a
Signed-off-by: Brian Ramos <brirams@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ c32aed93f5d27e8cbd17c1c47cf928d7e8115af4
Making this change so others can depend on metadatamatchcriteria_impl without needing
config_impl. Also update comments on metadata_match to specify that these fields only apply for the subset load balancer.
Context: https://github.com/envoyproxy/envoy/pull/4402/files#r216856765
Risk Level: low
Testing: tests, new and old, pass
Doc Changes: clarified docs
Release Notes: n/a
Signed-off-by: Brian Ramos <brirams@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3b3c28a1dd6be6e1dd11e543227b23891c234fe8
Description: * is being rendered out off of the docs. This fixes that.
Risk Level: low
Testing: generated docs locally.
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5c3169f863c4fc492f5a6a3220aef852451719ec
This adds the necessary configuration and interfaces to register
implementations of RetryPriority and RetryHostPredicate, which will
allow configuring smarter host selection during retries.
Part of #3958
Risk Level: low, api changes
Testing: n/a
Doc Changes: inline
Release Notes:n/a
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ f75577daab6bcd98f191ad915dd21eb341dd3b95
Adding the ability to add weighted clusters to the thrift router's RouteAction proto. This works much like the http one and borrows a great deal of code from it. Since the thrift_proxy Route and RouteEntry interfaces are much more bare bones, was able to implement the WeightedClusterEntry class.
Risk Level: Low
Testing: Tests, new and old, pass
Doc Changes: inline
Release Notes: n/a
Signed-off-by: Brian Ramos <brirams@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ a50ac3747623a7fa74a5dbd33eacf0808dbf4d0c
Adds a /memory endpoint to the admin panel for fast inspection of Envoy::Memory's heap statistics, without needing to query stats.
Risk Level: Low
Testing: Added a test to admin_test.cc.
Docs Changes: Added a description of the option to admin.rst.
Release Notes: N/A
Signed-off-by: James Buckland <jbuckland@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b5ba7f89a4433d283549c61a659c4e61ed564d16
This allows injecting a synthetic resource pressure from a file, primarily intended for use in integration tests to force envoy into an overloaded state.
Testing: unit tests
Docs Changes: docs updated to reference new resource monitor
Signed-off-by: Elisha Ziskind eziskind@google.com
Mirrored from https://github.com/envoyproxy/envoy @ 12957a29bd2627bc0bba921603bd5869a449be47
Add a terminal attribute to request hash policy.
Think about a case where customers want to hash on a cookie if it's present but if it's not present, do best-effort sticky based on something like IP so the customer has a stable hash.
This "terminal" allows request hashing to have the ability of "if A not working, fallback to B.", which also saves time to generate the hash.
Changes:
* Add a terminal attribute to HashMethod, which shortcircuit the hash generating process if a policy is marked terminal and there is a hash computed already.
Signed-off-by: Xin Zhuang stevenzzz@google.com
Description: Add terminal attribute to request hash.
Risk Level: Low
Testing: unit tests.
Mirrored from https://github.com/envoyproxy/envoy @ ee710d0a92b476cc3d7a0f99f11b62675d1a4e01