Un-Reverts 048583b, with fix for high cpu consumption.
This PR implements fault injection for Redis; specifically delay and error faults (which themselves can have delays added). I chose not to implement a separate filter after discussing with Henry; we concluded that the faults we felt were useful didn't need many levels- just a delay on top of the original fault, if any. In addition, as the Redis protocol doesn't support headers that makes it a bit different again from Envoy's http fault injection. This PR fixes the issue previously seen with redis fault injection where excessive cpu was used on connection creation.
Faults record metrics on the original request- and the delay fault adds extra latency which is included in the command latency for that request. Also, faults can apply only to certain commands.
Future work: Add several other faults, including cache misses and connection failures.
Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <nflacco@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ e319b7c2a93783cd8bde45fa4c002ae02a4cb13f
Followup for a new feature introduced by #12410 Apologies for not noticing that a later draft was introduced recently. I think we should start with supporting the latest available spec draft, so update version 2 to version 3. The change is technically backwards-incompatible, but the new feature was introduced one day ago, nobody could have been so fast to depend on it.
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 8452f4b749674deb5f4b963d0da78797fb7b1278
Adds support for X-RateLimit-* headers described in the draft RFC. The X-RateLimit-Limit header contains the quota-policy per RFC. The descriptor name is included in the quota policy under the name key. X-RateLimit-Reset header is emitted, but it would need a followup in the ratelimit service, which I will do once this is merged.
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 9f405633b63e71c623d4de81698807fca17debe9
An assert failure will occur when `config.route_config.route.cluster_header` contains invalid characters for the HTTP header. Added validation for this field to avoid assert failure and a regression test case in the unit test.
```
[assert] [bazel-out/k8-fastbuild/bin/include/envoy/http/_virtual_includes/header_map_interface/envoy/http/header_map.h:54] assert failure: valid().
```
Risk Level: Low
Testing: Added a regression test case
Fixes#12361
Signed-off-by: jianwen <jianwendong@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 71e9049eb3b22bd53d1651b8a435ed3b4142ee9f
Description: Upstream Wasm proto files from envoy-wasm.
Risk Level: Low
Testing: Unit tests in envoy-wasm, integration tests in istio/proxy.
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: John Plevyak <jplevyak@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 26eaa2e85cee69e5c32ab6bf4c5ae3d338fa462f
header-to-metadata filter supports adding a header's value to a metadata key which is later used for subset load balancing.
This PR adds support for extracting a specific cookie value before it's added as metadata.
Signed-off-by: Radha Kumari <rkumari@slack-corp.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4dfa844f56d637b6ec26f415f65035707cdf01c8
Create metadata similar to MySQL based on SQL query sent by Postgres client. The metadata may be used by other filters like RBAC.
Risk Level: Low.
Testing: Added unit tests.
Docs Changes: Yes - updated Postgres section.
Release Notes: Yes.
Fixes#11065
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 7287fad48f49cae45ce897643622fbf989c3c6c8
This is a docs only change, mostly on how to refer to LuaPerRoute info.
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 3dedf1693f45239c670c5ba7598db44ff2e32c2f
Commit Message: Add proxy proto transport socket
Additional Description: This is the part 1 PR described in #10682. It adds the transports socket / unit tests, a transport socket options struct for the proxy proto header, and does a refactor to make the listener filter use the common proxy proto constants (potentially want to move these now since the proxy proto config api type is not in extensions?)
Risk Level: Small
Testing: Unit
Docs Changes: None
Release Notes: None
Part Of: #1031
Signed-off-by: Weston Carlson <wez470@gmail.com>
Co-authored-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 8972b478e6c9f1e7342e3dbfb57b35317c0cc009
* added generic freamework for testing filters.
This is a fuzzer for testing network-layer(L3/L4) filters.
Now Envoy has 20 network-layer filters which will deal with raw bytes from untrusted networks and thus they are security-critical to some extent. The idea of this is to write a fuzzer which can be applied to different kinds of network filters(potentially cover all the filters), and when new filters are added to Envoy, we won't need to write dedicated fuzzers one by one to give them fuzz coverage.
Signed-off-by: jianwen <jianwendong@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ce26fe19e0f8cd033e16aa3a9145281b0d03b748
We will want the same DNS configuration options from the Cluster in
the Dynamic Forward Proxy’s DNS configuration.
Signed-off-by: Justin Mazzola Paluska <justinmp@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ af8aa37c2148c7dc9a064f36e8d14d0859d35cb2
This PR implements fault injection for Redis; specifically delay and error faults (which themselves can have delays added). I chose not to implement a separate filter after discussing with Henry; we concluded that the faults we felt were useful didn't need many levels- just a delay on top of the original fault, if any. In addition, as the Redis protocol doesn't support headers that makes it a bit different again from Envoy's http fault injection.
Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <nflacco@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 048583b924e6c5c7812af56ec344ae210c168b3b
This unifies HTTP/1.1 and HTTP/2 stream error on invalid messaging. Previously HTTP/1.1 defaulted permissive and HTTP/2 defaulted to strict. This defaults both to strict, resetting connections on invalid requests. This will have a major latency impact if downstream is sending a mix of valid and invalid requests over HTTP/1.1
Additional Description:
This change is runtime guarded per default behavioral change rules. It can also be reverted by setting the default to permissive (for prior HTTP/1 behvior) then overriding HTTP/2 to struct (for prior HTTP/2 behavior).
This works in conjunction with #11714, as the HTTP connection manager enforces the strictness, so the responses need to be sent via the HTTP connection manager to have strictness applied correctly.
Risk Level: High (HCM changes)
Testing: new unit tests, updated integration tests
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.hcm_stream_error_on_invalid_message
Fixes#9846
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 88dcb292817946510bb87f8f379a954962cece79
In the current implementation of the DNS cache, circuit breaker is derived from cluster config. It seems unnatural. In this PR, I implemented the DNS cache specific circuit breaker by adding resource manager to that.
Additional Description:
Risk Level: Mid
Testing: Unit / Integration
Docs Changes: Added
Release Notes: Added
Signed-off-by: shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ de247a8140f4230726eaa4ea732d6d01bc530911
This allows Lua filter to support per-route configuration. This patch enables the configured Lua filter to have multiple registered codes that can be referenced from each per-route config. Disabling running the global Lua filter for a route is also supported.
Signed-off-by: wbpcode <comems@msn.com>
Mirrored from https://github.com/envoyproxy/envoy @ 75930e357165634f69814dcb3e42f75a373b88ba
These are currently set as [#not-implemented-hide:]. There should be enough plumbing here to start
implementing the first roadmap steps in #11264, i.e. some simple delta discovery flows with core
LDS/CDS/RDS/EDS/SDS.
I've punted on VHDS and SRDS until later, as these will require special case mapping of their
resource keys into context parameters.
Risk level: Low (Unused API changes).
Testing: Built docs and proto_format.sh.
Part of #11264.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 99471fd8f4ef7406f50cf41cf1cfa22bbdfeacc7
This commit adds a new stream flush timeout to guard against a
remote server that does not open window once an entire stream has
been buffered for flushing. Additional stats have also been added
to better understand the codecs view of active streams as well as
amount of data buffered.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0e49a495826ea9e29134c1bd54fdeb31a034f40c
Provides a way to specify dynamic rate limit override in the rate limit descriptor from static value or from dynamic metadata. New type, RateLimitUnit was created to share across config protocol and rate limit service protocol. A PR for the reference implementation of the rate limit service will follow after the API changes are discussed and accepted.
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7ea1f24bd53522408d9bc55316dff9ed1701bc73
Currently, the header-to-metadata filter supports adding
a header's value to a metadata key. This extends this to
support performing a regex match & substitution before
the value is added as metadata.
The use-case we have is extracting parts of a the :path
header and using those as metadata for routing decisions
via the subset LB.
Risk Level: Low
Testing: Unit tests.
Docs Changes: adding in a bit.
Release Notes: added.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5f1348bbc6c530b6adf118f41718bc4200fb55e1
Before this change TLVs are read and discarded in the Proxy Protocol filter. This change is to extend the Proxy Protocol Listener filter to extract TLVs of interest and emit them as metadata which can be consumed by other filters.
Fixes#11336
Signed-off-by: Song <songhu@amazon.com>
Mirrored from https://github.com/envoyproxy/envoy @ f8bfc6a16ffebf1ecb9cdf8eb1265912118ae7bf
Define filter config discovery. Add FDS for HTTP filters (HTTP extensions is where the pain is felt the most). Modelled after RDS with a twist of config override for re-use.
Risk Level: low (not implemented)
Testing:
Docs Changes:
Release Notes:
Issue: #7867
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ bda15c0a5a0390daed991ed4c96a4873ab3ba7d8
Adds an optional username to config and auth commands, and tests
Signed-off-by: bibby <james.bibby@datadoghq.com>
Mirrored from https://github.com/envoyproxy/envoy @ 85491294f335b1e2a4c12247dc87a7545457f0be
The upstream resolver list should not be mandatory as it won't allow Envoy to default
to the ambient DNS resolvers to resolve hosts not found in the static dns table.
Risk Level: Low
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 1cac626ff5473a53b190f4b3c6c5481850edfdcc
This patch adds allowed_upstream_headers_to_append to allow sending multiple headers with the same name to upstream.
Relevant issue: solo-io/gloo#2983.
Risk Level: Low
Testing: Unit tests.
Docs Changes: Added.
Release Notes: Added.
Fixes#11156
Signed-off-by: weixiao-huang <hwx.simle@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ dcf34972d1bc15324835c40dfd7a780e8fc69d72
This adds the option allow_insecure_cluster_options to the dynamic forward proxy's cluster configuration.
Enabling this flag allows disabling auto_sni and auto_san_validation in the cluster's UpstreamHttpProtocolOptions, which was previously disallowed.
This allows use where e.g. automatic adding of an exact SAN matcher for the original authority is undesirable, while preserving the existing "safe
by default" behaviour for most use cases.
Signed-off-by: Jonathan Oddy <jonathan.oddy@transferwise.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3e2686c2bda4cc196db8d083d0dcdf6738c578ac
This PR fixes a TODO in the health check filter by translating the floating point arithmetic to integer arithmetic instead.
Signed-off-by: Martin Matusiak <numerodix@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ b8e9a3599541084efe44c6c91651c6308f90e671
Extend the DNS Filter so that it can resolve queries using external resolvers
Additional Description: The DNS Filter up to this point resolves queries from its local configuration. This change adds the ability to define external name servers and refer queries that cannot be answered from the local config. We also add metrics to gauge the filters behavior and performance.
Signed-off-by: Alvin Baptiste <alvinsb@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ d0e52aade70bf841803476b12657ab6053897745
This patch allows configuring the API version for gRPC external services. This specifies the version of the endpoint and message to be used.
Affected extensions:
- filters/http/ext_authz
- filters/network/ext_authz
- filters/http/ratelimit
- filters/network/ratelimit
- access_loggers/grpc
- stat_sinks/metrics_service
Affected upstream services:
- upstream/health_discovery_service
- upstream/load_stats_reporter
Additional Description:
tap
- TapSinkService is not yet implemented.
- TapDiscoveryService uses theconfig.core.v3.ApiConfigSource and is not yet implemented.
trace
- StreamTraces has no implemented client inside the code-base (implemented externally?)
Risk Level: Low
Testing: Added.
Docs Changes: Added.
Release Notes: Added.
Fixes#10609
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 96920250a05e62095a68fbaf4f77612179e5af32
Note need to install a sufficiently recent libstdc++ version when
setting up clang builds. For example, Ubuntu gcc packages install
libstdc++, but depending on the gcc version libstdc++ might not be
new enough to compile Envoy.
Additional Description:
c.f., https://envoyproxy.slack.com/archives/C7E6C71QB/p1586307917037300
Risk Level: low, docs only
Testing: n/a
Docs Changes: yes
Release Notes: n/a
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ c33e1a4f2882e7494bee424aec8a1dba8671b556
split out from #11327
There's a bit of transitive ugliness: declaring the extensions requires security posture, requires stub build files, requires codeowners before the code move, but it'll be pretty short lived.
Risk Level: Low (mostly only APIs)
Testing: n/a
Docs Changes: some of the new docs
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ e8dc25ecec277c0b94d02151de79353a9ba07b4e
This adds a runtime configuration for `envoy.filters.http.ext_authz` to deny requests when the filter is disabled.
While the risk level is low, it updates the frozen v2 API. It also adds a runtime guard: The runtime flag can be specified via `http.ext_authz.deny_at_disable`. This runtime key will work with `http.ext_authz.filter_enable` flag to deny all filter protected paths without sending RPC requests to the `ext_authz` service.
Signed-off-by: Fangpeng Liu <62083774+fpliu233@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 97ba1684a8c85395fdad43a35615915ff086193c
This extension is used in production and we should treat it as such.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 86caf439d6cae2c8173b19fd4fdc95361565a72d
Commit Message: add generic decompressor filter
Risk Level: low - low as it is an extension, med - for users as this is a brand new filter.
Testing: unit tests, integration tests
Docs Changes: added docs
Release Notes: added release notes
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 48a5b21d9483e7eddac79aeff7daac178d7b7462
data-plane-api(CircleCI)