Introduce data inputs for connection matching as part of #18871
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a1181348a4f6df6011843a141814e28840d23eb5
For xDS over the file system, sometimes more control is required over
what directory/file is watched for symbolic link swaps. Specifically,
in order to deliver xDS over a Kubernetes ConfigMap, this extra
configuration is required.
Fixes https://github.com/envoyproxy/envoy/issues/10979
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8670309bce9a488ccfc04a87d0c4367ca59c4179
* [API] Add new field that enables providing the random value through
configuration.
Signed-off-by: Tianyu Xia <tyxia@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5ef1b2f6d73d34f4d3ae7eb15b506342f03f60e3
Risk Level: Should be none, this only changes ruby_package which was broken before.
Testing: Generated the protobufs with the changed package names, and validated that generation succeeds.
Docs Changes: N/A
Release Notes: Pending backport discussions.
Fixes#19814
Signed-off-by: Cynthia <cynthia@coan.dev>
Mirrored from https://github.com/envoyproxy/envoy @ 4e486e1d336fd0e67ea4f1ee27475daaf6291321
I had been trying to figure out a good way to provide more internally-derived feedback from an *ext_proc* implementation to *envoy* (without needing to do things like set response headers or rely on a separate log file), and was led to the discovery that the `ImmediateResponse.Details` field actually populates `%RESPONSE_CODE_DETAILS%` for use in access logging.
Due to how much better this discovery made my life, I am hoping it will make other people's lives better as well.
Signed-off-by: Chet Nichols III <chet@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ e00aa66429181e3973cc69ca57c26da730cc47af
* Fix comments regarding what is and isn't implemented.
* Indicate that "stat_prefix" really is implemented, because it is.
* Re-name two misnamed (but as yet unimplemented) fields in per-route
configuration.
Risk Level: Low
Testing: Existing integration and unit tests
Docs Changes:
Release Notes:
Platform Specific Features:
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c1f3f51156fe6c56216ec10be9e04af8f4a157b6
Replace code in mutation_utils.cc with code that calls into the new
mutation_rules library. Add the ability to keep a counter of failed
header mutations, and also add the ability for an invalid mutation
to cause the HTTP request to fail.
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1bea8aea1590ffab5bb185d32232f9bf265e6b1e
Add Proxy-Status HTTP response header field
Signed-off-by: James Buckland <jbuckland@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fcf2c551465bc5fae280c8fffce6859278842d9b
in #17645 there was a bunch of discussion around the DNS cache returning null addresses and how to handle it. After discussion on #19461 we agreed to keep sending null updates, but to fast-fail if no address was resolved.
Risk Level: Medium (data plane change)
Testing: updated integration tests, unit tests
Docs Changes: n/a
Release Notes: inline
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 2efe480d6b0a1501674780cfd7c343ef332010a1
Risk Level: Medium
Testing: unit test & manual testing
Docs Changes: update sip proxy docs
Release Notes:
Platform Specific Features:
Signed-off-by: Mingling Ding <mingling.ding01@gmail.com>
Co-authored-by: Felix Du <durd07@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7174c148a0763f2ed5863c3ab341d4a9ce01c54b
See #15139 ([cluster] Use alt_stat_name for general observability purposes (access log, tracing, admin)),
which introduced a runtime guarded feature, which has been enabled by default for 6 months, so remove
the old code path.
Risk Level: Low
Testing: n/a
Docs Changes: updated
Release Notes: Deprecate envoy.reloadable_features.use_observable_cluster_name.
Platform Specific Features: n/a
Signed-off-by: Loong <loong.dai@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 198ae65234223f48cbe2284eb145e16598593963
Remove TLS 1.0 and 1.1 from the default server TLS versions. Users can
still explicitly opt-in to 1.0 and 1.1 using tls_minimum_protocol_version.
Signed-off-by: derekguo001 <dong.guo@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ f8baa480ec9c6cbaa7a9d5433102efb04145cfc8
Allowing auto_http to assume some domains support HTTP/3 without trying TCP first.
Risk Level: low
Testing: unit test
Docs Changes: API docs
Release Notes: not yet
Fixes#19427
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7c60c855ba9e1264604ff5e8b7809d99589de03e
This PR adds two new LB policy extension configurations, to be used in gRPC via the new load_balancing_policy field:
* round_robin: This allows configuring the built-in ROUND_ROBIN LB policy via the new extension-based API.
* wrr_locality: This is an extension config for a new policy that does ROUND_ROBIN-style locality picking and then delegates to a child LB policy extension to pick the endpoint within the locality. This will allow users to plugin their own custom endpoint-picking logic without having to reimplement the locality-picking logic.
This is a small step toward moving away from the legacy lb_policy enum. Completing that migration will require work in Envoy to create extension configs for all built-in LB policies and register those extensions.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 65a82d75c3ef1e15fbc4f301c9eacc269a1a6080
Introduce a new stateful session extension. This is a change after #17848#17290.
In #17290, we added a new cross-priority host map for fast host searching. In #17848, we extend `LoadBalancerContext` interface to provide an override host and to select the upstream host by the override host.
Finally, in this change, we expand a new API to allow users to extract the state of the session from the request and change the result of load balancing by setting the override host value.
Related doc: https://docs.google.com/document/d/1IU4b76AgOXijNa4sew1gfBfSiOMbZNiEt5Dhis8QpYg/edit?usp=sharing.
Risk Level: Medium
Testing: Added
Docs Changes: Added
Release Notes: Added
Platform-Specific Features: N/A.
Signed-off-by: wbpcode <wbphub@live.com>
Mirrored from https://github.com/envoyproxy/envoy @ fb2aad0303bbbcb0daabf6940c6ad97252995b98
There are a few tools that require the repository_locations data, currently we are bringing that data into the python by putting the implementation (as opposed to the abstract library) in the envoy repo, this will allow us to instead pass the repo locations data as a file/cli flag, and move the implementation into the upstream tooling
This PR also avoids using the old SourceFileLoader + bzl files method of loading the data, instead loading directly from the write_json rules for the repo files and interpolating
There is a more generic implementation of some of what is required here in #17998
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ f2d3f523ee4170f7ded205523526c592e2550f75
This is an implementation based on the discussion in #19198.
When application/x-protobuf is used the filter will prepend the payload with the gRPC header, as defined by the wire format. Before returning the response the frame is also trimmed. This functionality is behind a configuration setting.
Risk Level: Medium
Testing: Unit tests
Docs Changes: Added
Fixes#19198
Signed-off-by: Stefan Puhlmann <stefanp@spotify.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8feaee6e5801bdbe0837158e5fc499a723b1a108
This protobuf will be used initialy by the ext_proc filter to control
which headers may be changed by an external processing server.
This begins to address #14789 .
If the proto and the location are OK, I'll go on to add a common library to test a proposed header mutation against these rules and then incorporate them into the ext_proc filter.
The eventual result is that, by default, an external processor for ext_proc will be able to modify any header, but there will be controls that an administrator can use when connecting to a processor to control whether that processor is actually allowed to make all possible changes.
Risk Level: Low -- just the proto for now
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a3e50ecd88943536b4ce412c172a246dacb6288a
This allows matching the more lenient behavior of other client-side
networking libraries such as OkHttp or URLSession, especially in cases
where the remote server is not under the client developer's control.
Risk Level: Low, defaults are unaffected, change is opt-in.
Testing: Added unit tests for existing no-transform behavior (there was none) and a new test validating the new configuration flag.
Docs Changes: Updated.
Release Notes: Added.
Signed-off-by: JP Simard <jp@jpsim.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2afb9573ab1915ed57ac8d42203286b224ce95ae
Breaking ground for network property unified matchers with a custom
trie-based matcher.
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d3ef83a5cb822e0ba1a13e4c32abf6f061bdddf1
Normalize QuicProtocolOptions::idle_timout and crypto_handshake_timeout to 1ms and 5s respectively if they are configured smaller than those.
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 199d2f555161cec38b879ad9ca50e3027ff52541
* Fix whitespace typo in transcoder documentation.
The documentation for `convert_grpc_status` had two leading spaces in the text
following a code block, causing the text to be rendered as part of the code block.
* Remove whitespace from transcoder.proto.
Signed-off-by: Pras Velagapudi <psigen@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ e9f36d2c49a3c9176340303b44ef593bd0b78c35
Return 1xx HTTP status by the direct response isn't valid use-case, so refuse the 1xx status from direct response directly.
Risk Level: low
Testing: n/a
Docs Changes: n/a
Release Notes: add note for minor behavior change.
Fixes#19159
Signed-off-by: He Jie Xu <hejie.xu@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9050cfdc683856a7b0c7d43483e6f4152e91206d
Commit Message: c-ares resolver: add option to use name servers as fallback.
Risk Level: low - opt in behavior
Testing: existing and additional tests
Docs Changes: added
Release Notes: added
Signed-off-by: Jose Nino <jnino@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ b1219ef0decc22040d45fe8bf2fa86bd16ea4e3c
* refer #18633 and discussion with @rojkov on this issue adding Note Section here for better clarity for users on max_program_size
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1c1e81217ca5ff5a59eb4384a9cc17f35f73d09f
Mainly update the grpcJsonTranscoder to include the latest path matcher filter change for always checking custom verb no matter if it is registered or not.
Risk Level: Low
Testing: added the unit test
Docs Changes: None
Release Notes: Yes
Signed-off-by: Xuyang Tao <taoxuy@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ c68cf0dddfcea6c9ccf6346ff47b518837b0ca0d
Add a new build option enabling support for Perfetto SDK which can be used to trace Envoy code paths.
Risk Level: low
Testing: manual
Docs Changes: add notes to bazel/PPROF.md
Release Notes: updated current.rst
Platform Specific Features: n/a
Fixes#16988
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4c76813087c07171996d2cd8a9c591604b9124d8
This was caused by a merge race
Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 70a5f295da789610b9d078015f43e39c6a76d4b6
This change introduces a MetaProtocol proxy that provides a framework for layer-7 protocols. The common capabilities, including routing, tracing, metrics, logging, etc., will be built into the MetaProtocol proxy.
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ de51441bfe1b6b5eeab8981037d66cde9ac5b0d7
This PR establishes the ability to filter access log production via CEL expressions over the set of Envoy attributes. This can simply the creation of Envoy access log filters, allowing complex tailoring.
Risk Level: low
Testing: unit
Docs Changes: included
Release Notes: updated
Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 77ca6cc0d9aaf0892aec3e2025fe2ad7cf0c39ff
Signed-off-by: Max Kuznetsov <mkuznetsov@digitalocean.com>
Mirrored from https://github.com/envoyproxy/envoy @ 76a70b40f57bd9a75b50d4783d28dec0e0aa29ae
Risk Level: Low
Testing: new integration test
Docs Changes: made API more clear when requests count as connections :-/
Release Notes: inline
Fixes#19033
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 2bf847854610db8bc5a44ef3046fcc8f3a23518e