Adds support for X-RateLimit-* headers described in the draft RFC. The X-RateLimit-Limit header contains the quota-policy per RFC. The descriptor name is included in the quota policy under the name key. X-RateLimit-Reset header is emitted, but it would need a followup in the ratelimit service, which I will do once this is merged.
Signed-off-by: Petr Pchelko <ppchelko@wikimedia.org>
Mirrored from https://github.com/envoyproxy/envoy @ 9f405633b63e71c623d4de81698807fca17debe9
Add authority field in envoy grpc message to override the default host name as cluster name.
Risk Level: Low
Testing:
Docs Changes:
Release Notes:
Fix#12116
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 29b49276db0812b566d143a79996848819248428
An assert failure will occur when `config.route_config.route.cluster_header` contains invalid characters for the HTTP header. Added validation for this field to avoid assert failure and a regression test case in the unit test.
```
[assert] [bazel-out/k8-fastbuild/bin/include/envoy/http/_virtual_includes/header_map_interface/envoy/http/header_map.h:54] assert failure: valid().
```
Risk Level: Low
Testing: Added a regression test case
Fixes#12361
Signed-off-by: jianwen <jianwendong@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 71e9049eb3b22bd53d1651b8a435ed3b4142ee9f
Adding a filter for access logs that will decide whether to log based on dynamic metadata.
Signed-off-by: davidraskin <draskin@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d7c7e9a79eed80afa56a0b05cf6adf0516750d14
Description: Upstream Wasm proto files from envoy-wasm.
Risk Level: Low
Testing: Unit tests in envoy-wasm, integration tests in istio/proxy.
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: John Plevyak <jplevyak@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 26eaa2e85cee69e5c32ab6bf4c5ae3d338fa462f
header-to-metadata filter supports adding a header's value to a metadata key which is later used for subset load balancing.
This PR adds support for extracting a specific cookie value before it's added as metadata.
Signed-off-by: Radha Kumari <rkumari@slack-corp.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4dfa844f56d637b6ec26f415f65035707cdf01c8
Create metadata similar to MySQL based on SQL query sent by Postgres client. The metadata may be used by other filters like RBAC.
Risk Level: Low.
Testing: Added unit tests.
Docs Changes: Yes - updated Postgres section.
Release Notes: Yes.
Fixes#11065
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 7287fad48f49cae45ce897643622fbf989c3c6c8
Implementing per-upstream prefetching, useful for high QPS or latency-sensitive services.
Risk Level: low (off by default)
Testing: new unit tests, integration test
Docs Changes: n/a
Release Notes: not yet
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ f6e90f2966887b25a8b6d5dd7f13ffb32865d66b
This is a docs only change, mostly on how to refer to LuaPerRoute info.
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 3dedf1693f45239c670c5ba7598db44ff2e32c2f
This ensures that the configuration is valid.
Note that this adds stricter validation to an existing proto field, but the field was only added 5 days ago, so only someone running HEAD, using this new config, with invalid/non-sensical config should be affected.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 61c2816f704d11f66a507b76abc8f01c1816fe57
Commit Message: Add proxy proto transport socket
Additional Description: This is the part 1 PR described in #10682. It adds the transports socket / unit tests, a transport socket options struct for the proxy proto header, and does a refactor to make the listener filter use the common proxy proto constants (potentially want to move these now since the proxy proto config api type is not in extensions?)
Risk Level: Small
Testing: Unit
Docs Changes: None
Release Notes: None
Part Of: #1031
Signed-off-by: Weston Carlson <wez470@gmail.com>
Co-authored-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 8972b478e6c9f1e7342e3dbfb57b35317c0cc009
* added generic freamework for testing filters.
This is a fuzzer for testing network-layer(L3/L4) filters.
Now Envoy has 20 network-layer filters which will deal with raw bytes from untrusted networks and thus they are security-critical to some extent. The idea of this is to write a fuzzer which can be applied to different kinds of network filters(potentially cover all the filters), and when new filters are added to Envoy, we won't need to write dedicated fuzzers one by one to give them fuzz coverage.
Signed-off-by: jianwen <jianwendong@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ce26fe19e0f8cd033e16aa3a9145281b0d03b748
Previously, a hard-coded set of buckets were used, which were not appropriate for the range or required precision of some histograms.
Fixes#7599
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0a0fc51e25599665d772f274c54addf3891ef5c7
We will want the same DNS configuration options from the Cluster in
the Dynamic Forward Proxy’s DNS configuration.
Signed-off-by: Justin Mazzola Paluska <justinmp@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ af8aa37c2148c7dc9a064f36e8d14d0859d35cb2
Currently, the HDS specifier proto gives endpoint information organized by their locality and grouped by cluster. This information is retained when doing health checks, however when responding with health statuses from each endpoint locality and cluster information is dropped. This puts all endpoint information into a flat list when returning, making it the responsibility of the receiver to re-structure data by cluster and locality.
This change follows a similar format to the specifier coming into HDS, organizing it in the same way. The proposed changed adds consistency to how messages are flowing in and out of HDS.
Note that his PR only contains the protos changes, and does not include implementation. This is done to get approval from api-shepherds for the changes before continuing.
Risk Level: Low
Testing: No new tests. New tests will be added upon implementation, but for now the fields remain empty.
Docs Changes:
Inline comments in hds.proto.
Release Notes:
N/A - will append to release notes upon implementation completion.
Deprecated:
The endpoints_health field in EndpointHealthResponse should be deprecated in favor of the new cluster_endpoints_health field.
Signed-off-by: Drew S. Ortega <drewortega@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4f1ee95e36ad233aac0d37a8b1d7c4536d4972c7
Created a new struct for optional cluster stats. Moved timeout budget stats and added request response headers and body stats in the new struct.
Risk Level: Low
Testing: Added test cases
Docs Changes: added
Release Notes: added
Fixes#10308 , Fixes#3621
Signed-off-by: Ranjith Kumar <ranjith.dakshana2015@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ a24c95e4fe035ae5d05691ee2b2bd7011093a9e9
Optional buffer on statsd udp
Signed-off-by: John Murray <murray@stripe.com>
Mirrored from https://github.com/envoyproxy/envoy @ 90c6a27bb28b4f8288392a53af8d2e88ef059a8b
WatchDog will now kill if max(2, registered_threads * multi_kill_threshold) threads have gone above the multikill_timeout.
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7f78581116ecdc9dcca319ebe68d4c8ac1d817ba
* fix filter fuzzer crash from OSS fuzz by checking for non-implemented proto fields
This will raise an exception that will be caught and abort the test run when an unimplemented oneof field is hit by the fuzzer
Signed-off-by: Sam Flattery <samflattery@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e6c57fab8022d9df228052f1f517a57584030654
This PR implements fault injection for Redis; specifically delay and error faults (which themselves can have delays added). I chose not to implement a separate filter after discussing with Henry; we concluded that the faults we felt were useful didn't need many levels- just a delay on top of the original fault, if any. In addition, as the Redis protocol doesn't support headers that makes it a bit different again from Envoy's http fault injection.
Signed-off-by: FAYiEKcbD0XFqF2QK2E4viAHg8rMm2VbjYKdjTg <nflacco@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 048583b924e6c5c7812af56ec344ae210c168b3b
Pulling out version to a separate package
Risk Level: Low
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 9a5de98bf26280a3b57882413dfb9084c5dbb2a6
This unifies HTTP/1.1 and HTTP/2 stream error on invalid messaging. Previously HTTP/1.1 defaulted permissive and HTTP/2 defaulted to strict. This defaults both to strict, resetting connections on invalid requests. This will have a major latency impact if downstream is sending a mix of valid and invalid requests over HTTP/1.1
Additional Description:
This change is runtime guarded per default behavioral change rules. It can also be reverted by setting the default to permissive (for prior HTTP/1 behvior) then overriding HTTP/2 to struct (for prior HTTP/2 behavior).
This works in conjunction with #11714, as the HTTP connection manager enforces the strictness, so the responses need to be sent via the HTTP connection manager to have strictness applied correctly.
Risk Level: High (HCM changes)
Testing: new unit tests, updated integration tests
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.hcm_stream_error_on_invalid_message
Fixes#9846
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 88dcb292817946510bb87f8f379a954962cece79
This patch enables ext_authz backed with gRPC service to emit metadata.
The authorization can set the dynamic metadata (an opaque
google.protobuf.Struct) as part of the `CheckResponse` when it is
successful (i.e. when `http_response` is `OkHttpResponse`).
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ ff44d731ecc8d744b971b31aec816ad0b56bad42
This reverts commit ca7dc5344765f3e7fc3c1a47927e8c1e3e6cefd3.
This PGV upgrade is breaking my local build.
Risk Level: Low
Testing: N/a
Signed-off-by: James Buckland <jbuckland@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7feaadb004dc3d577fb1c0f4f383094a0732ee36
* Add support for making Least Requests LB behave like Round Robin in weighted hosts case
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Address feedback
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Perf/logging improvements
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Address feedback and cleanup BUILD file
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Make active requests exponent configurable via CDS/runtime
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Address feedback
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Validate log message
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Update cluster memory test golden values
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Fix method name
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Explicitly initialize active_request_bias_
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Try to make clang-tidy happy
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Use unique_ptr instead of optional
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Update stats integration test
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Check whether memory footprint is reduced without LB changes
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Use plain double for active request bias
Use a plain double instead of a runtime double to store the per-cluster
active request bias.
Note: The goal of this commit is to evaluate the memory overhead of this
approach. A commit with te Least Requests LB changes might follow if we
deem the memory overhead of this approach acceptable.
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Revert back to approved implementation using RuntimeDouble
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Add extra fields to CDS cluster proto to check memory usage
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Revert "Add extra fields to CDS cluster proto to check memory usage"
This reverts commit a6a285dcee9e0fe618286d3dfbfab98c957dd9c7.
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
* Add changelog entry
Signed-off-by: Gastón Kleiman <gkleiman@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9f7d44850310999ecbd0cfbe8fadb70db6f258f9
Modified dynamic_metadata action to now accept an optional default
value for instances where no value is queried from the dynamic metadata.
Signed-off-by: Clara Andrew-Wani <candrewwani@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3afa3b50eacfa39fa5b3518b05b03689dc56ef42
Add CheckedExpr as oneof expression in RBAC proto
Additional Description: CheckedExpr is type check CEL expression. It is future proof and offers better evaluation performance (not for C++ yet, but for other languages). There will be a separate PR to plumb checked expr to RBAC filter.
Risk Level: low
Testing: existing tests
Signed-off-by: jiangtaoli2016 <jiangtao@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3b8c61b5e5eb4dfddf3c4c0cae9e04eafe1ac61a
Added GenericBodyMatcher to tap filter to parse HTTP requests and responses. The matcher may be configured to look for text string or hex bytes.
Risk Level:
Low for tap filter.
Med - modified buffer::search method to limit search to specified number of bytes. This method is used in other parts of the code. Added unit test cases to make sure that there are no side effects.
Testing:
Added unit tests.
Docs Changes:
Yes - updated section with example configs.
Release Notes:
Yes.
Fixes#6107
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 356fe40edd67ddb8181442548241664424d3ac05
Extend hashing via header to support regex substitution.
This is useful when you need to hash on a transformation
of a header value (e.g.: extract a part of `:path`).
Fixes#11811
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 73fc620a34135a16070083f3c94b93d074f6e59f
In the current implementation of the DNS cache, circuit breaker is derived from cluster config. It seems unnatural. In this PR, I implemented the DNS cache specific circuit breaker by adding resource manager to that.
Additional Description:
Risk Level: Mid
Testing: Unit / Integration
Docs Changes: Added
Release Notes: Added
Signed-off-by: shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ de247a8140f4230726eaa4ea732d6d01bc530911
This allows Lua filter to support per-route configuration. This patch enables the configured Lua filter to have multiple registered codes that can be referenced from each per-route config. Disabling running the global Lua filter for a route is also supported.
Signed-off-by: wbpcode <comems@msn.com>
Mirrored from https://github.com/envoyproxy/envoy @ 75930e357165634f69814dcb3e42f75a373b88ba
These are currently set as [#not-implemented-hide:]. There should be enough plumbing here to start
implementing the first roadmap steps in #11264, i.e. some simple delta discovery flows with core
LDS/CDS/RDS/EDS/SDS.
I've punted on VHDS and SRDS until later, as these will require special case mapping of their
resource keys into context parameters.
Risk level: Low (Unused API changes).
Testing: Built docs and proto_format.sh.
Part of #11264.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 99471fd8f4ef7406f50cf41cf1cfa22bbdfeacc7