This code change allows to redefine fallback policy per specific subset selector. Because of how existing LbSubsetMap trie data structure is organised (mapping subset key to values), is not possible to do lookups for fallback policy only based on subset keys (had to introduce additional trie that maps subset keys to keys and has fallback policy on leaf level). Additional LbSubsetSelectorFallbackPolicy enum required to correctly identify the case when fallback policy is not set for given selector (otherwise it would always default to NO_FALLBACK, breaking backwards compatibility, if field is not set we should use top level fallback policy instead).
Risk Level: Medium
Testing: Done
Docs Changes: Updated related docs
Release Notes: added
Fixes#5130
An error occurred
Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1a60b343665cf2ffb966f37bbe48fed21805df57
Add edge_accept_request_id property for the envoy.http_connection_manager filter. Field added to resolve#6050
An error occurred
and also maintain backward compatibility
Risk: Low - small feature disabled by default and maintaining backward compatibility
Testing: Added 2 additional integration tests in test/common/http/conn_manager_utility_test.c to validate behaviour for:
1. edge request - activated edge_accept_request_id set to true but no x-request-id header sent - expected to generate a new one
2. edge request - activated edge_accept_request_id set to true and sent x-request-id header sent - expected to keep the old one.
3. all previous tests regarding edge requests resetting the x-request-id should still pass
Fixes#6050
The current /listeners admin endpoint only returns a JSON-encoded list of addresses/ports. If a listener config binds to port 0, the endpoint will return the port that was assigned, but if there are multiple listeners binding to port 0, there's no way to tell which listener received which port.
This PR adds a proto that contains the listener's name and address. The /listeners endpoint returns this data in both text and JSON format, similar to the /clusters admin endpoint.
Risk Level: Low (according to #6959
An error occurred
the /listeners admin endpoint is only used for testing)
Testing:
I updated integration_admin_test.cc to test the new output formats for the /listeners endpoint.
I also updated the tools/socket_passing.py script that's used for integration/hotrestart_test.
Docs Changes:
new inline docs in listeners.proto
updated the admin menu description of /listeners
Release Notes:
admin: /listener endpoint now returns :ref:listener.proto<api/envoy/admin/v2alpha/listeners.proto>
Fixes#6959
Description: This adds support for forwarding peer cert chains via the XFCC header.
Risk Level: Low
Testing: Updated existing tests
Docs Changes: Updated XFCC doc
Release Notes: Added a note about the feature
Fixes#6135
They include fixes for future Bazel changes. In particular, the
repository can now build with --incompatible_depset_is_not_iterable,
which will be included in Bazel 0.27.
Description:
Risk Level: low
Testing: bazel build --nobuild ... --incompatible_depset_is_not_iterable
#6995
An error occurred
Signed-off-by: Laurent Le Brun <laurentlb@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0739cd6c9e33d77df2c9ff30c6f43fbb0676e023
Delta services other than DeltaClusters were missing. Also added those services to proto_descriptors.cc. Also added some other things that proto_descriptors.cc was missing. #4991
An error occurred
Risk Level: low
Signed-off-by: Fred Douglas <fredlas@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 40d8b7f68c64591f11d4e62ac429af5e074ed3a7
This PR also fully deprecates the tcp_proxy v1 configuration.
This will be deleted following the standard deprecation cycle.
All new uses should use filter chain matching.
Fixes https://github.com/envoyproxy/envoy/issues/4457
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 866d0438d12ce9d39afb35ba200b0107bf3d6de3
This PR provides the TDS API config. The implementation and docs will be
added in a followup, the idea is to unblock some projects that depend on
the details here.
Risk level: Low
Testing: @envoy_api build
Part of #6708
To support TDS and to provide operator flexibility in how it relates to
existing runtime layering, this PR introduces support for explicit
control over layering. This eliminates the distinguished role of
subdirectory and override_subdirectory, for example, in favor of
arbitrary disk overlay layers.
This PR deprecates the existing runtime configuration in favor of the
new layered variant.
As a bonus, the PR fixes some of the runtime stats and related docs.
Risk level: Low
Testing: various unit tests (including server_test) additions.
Part of #6708
An error occurred
.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4dafba65baaf9769723f895761268eed31af629b
Certain clusters have cluster specific load balancers. This change
allows a cluster to explicitly provide one, both allowing extension
clusters to easily provide a dedicated load balancer, as well as
allowing for future cleanup of the original DST LB configuration.
This change is needed for Redis Cluster as well as
#1606
An error occurred
.
Risk Level: Low
Testing: New UTs and integration tests.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ fcf8a5918dfd20ed4ff52652f9ffd7d1d9d34b28
Add an http filter to extract the original source on a per-http-request basis
Signed-off-by: Kyle Larose <kyle@agilicus.com>
Mirrored from https://github.com/envoyproxy/envoy @ 712a72a718969ef37eb05a57a7e11c94d5fe6253
Implements the hedge_on_per_try_timeout option in HedgePolicy config
which instructs the router filter to not cancel requests that hit the
per try timeout before sending a retry. This means the router must be
able to manage multiple simultaneous upstream requests and handle
deciding which response "wins" and canceling any other in flight
requests.
Fixes#5841
An error occurred
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4d4748ea243e0ab0538bcb0894a64bb0da617b55
) have already been merged.
The API is not yet fully implemented. This PR introduces static and dynamic (xDS config subscription) handling of scoped routing configuration, but the new L7 multi tenant routing logic (see #4704
An error occurred
) has not yet been introduced.
The API is not yet plumbed into the HttpConnectionManager, that will be done in the next PR.
This PR includes unit tests only; integration tests will follow in the next PR.
Risk Level: Low (this DS API is not yet integrated into the HCM and can not be enabled via config).
Testing: Unit tests added.
Docs Changes: N/A.
Signed-off-by: Andres Guedez <aguedez@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 831d0cbb389f241fd4d1a8b224ffa43e4257a680
Removes golang/protobuf dependency. This is an old @sesmith177 TODO and now the version of rules_go we import has the requisite well known types (WKT). Bumping rules_go to the latest version 0.18.4 (release notes) aligns with PGV which is on 0.18.3.
Risk Level: low (I think but there are WKT changes)
Testing: bazel test //test/...
Signed-off-by: Michael Payne <michael@sooper.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7bf53149d137dcb2a7b4eddb4f8c23eda23d66e5
The TLS session ID is now accessible as a method on the Ssl::ConnectionInfo object.
Add a new %DOWNSTREAM_TLS_SESSION_ID% directive to the file access logger, and a
tls_session_id field to the gRPC access logger. Update unit tests to validate the
new access log fields.
Signed-off-by: Mike Grass <mgrass@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ cbd8d57e9fc2921d26236db24b6bf91246ba3b4f
This adds an option to allow hosts to be excluded in lb calculations until they have been health checked
for the first time. This will make it possible to scale up the number of hosts quickly (ie large increase
relative to current host set size) without triggering panic mode/spillover (as long as the initial health check
is succeeds).
While these hosts are excluded from the lb calculations, they are still eligible for routing when panic
mode is triggered.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4c80194bf82193261aa52a4ca64c4e6a461881c0
Moved all of DeltaSubscriptionImpl's existing tests to be DeltaSubscriptionState tests, since that's what they really were. Added tests that test actual DeltaSubscriptionImpl logic. Followup of #6729
An error occurred
.
Risk Level: none, just adding tests
Testing: DeltaSubscriptionState, DeltaSubscriptionImpl
Signed-off-by: Fred Douglas <fredlas@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ae3106b3ee792f697b2098781a0e65d8d73a32ca
Update buildifier from 0.22.0 to 0.25.0 (release notes), bazel-compilation-database from 0.3.2 to 0.3.3 (release notes), bazel-skylib from 0.7.0 to 0.8.0 (release notes) and change to developer provided tar download and protoc-gen-validate from 0.13.0 to 0.14.0 (release notes).
Risk Level: Low
Testing: bazel bazel test //test/...
Docs Changes: none required
Release Notes: none required
Signed-off-by: Michael Payne <michael@sooper.org>
Mirrored from https://github.com/envoyproxy/envoy @ 8b1f6eaa7aa28c14640b2ed779738a8d7be33a34
As a first step towards TDS, add support for proto/JSON representations of the runtime virtual file
system and plumb this into bootstrap.
"numerator" and "denominator" are now reserved keywords and can't be used in runtime keys; this
simplifies parsing significantly. It is not expected that these are widely used, due to the
difficulty of ensuring atomicity if representing fractions, but this is technically a runtime API
breaking change.
Risk level: Medium (due to the reserved word changes).
Testing: Unit and server tests added.
Part of #6708
Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ ecf1085a5b279d1244a02433f204ebba5306d40f
Fix a build warning:
INFO: From ProtoGenValidateCcGenerate external/envoy_api/envoy/service/auth/v2/attribute_context.pb.h:
envoy/service/auth/v2/attribute_context.proto: warning: Import envoy/api/v2/core/base.proto but not used.
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 16e85b1ffc4fceb3c1c3857b96862937126468a8
Description: Adding API support to report Locality proximity information as part of Locality Assignment. This does not need to be documented yet, and should be documented as part of LB algorithm implementation which will use this information.
Risk Level: LOW
Testing: None
Signed-off-by: Vishal Powar <vishalpowar@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5e039a6581cf5fa1f7b70329afeb2e3d35b8189c
When using active health checking, hosts are not removed from
dynamic clusters if they are still passing health checks. This
creates a situation in which hosts might not be removed for a
very long time if the sequence is reversed; removal followed by
health check failure. This change handles the second case so that
any time a host is both removed AND failing active health check,
in any order, it will be removed.
This has been an issue "forever" but is more obvious when using
streaming EDS or very long polling DNS.
Fixes https://github.com/envoyproxy/envoy/issues/6625
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 41eefffcd728d071037a57a1accd402ec188bcd5
data-plane-api(CircleCI)