Support setting max requests per downstream connection. By setting max_requests_per_connection, Envoy can actively disconnect the thrift client after reaching a certain number of requests.
Due to the limitations of the thrift protocol itself, we cannot achieve a clean disconnection.
Risk Level: Normal
Testing: Added
Docs Changes: Added
Release Notes: Added
Fixes: #14560
Signed-off-by: wbpcode <comems@msn.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8a2685ee7f0a8b4182574861256ba05fac5f6cd6
Support wildcard match、suffix match and prefix match for dubbo interface name. Check #14765 get more information.
Risk Level: Low
Testing: Unit Test
Fixes#14765
Signed-off-by: wbpcode <comems@msn.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9c2d5360635b46cc6ce4832ac84a9c324162629f
Some of the categories etc added in #14721 were not exactly correct and/or consistent
Also there is now some duplication from where links/info have been added manually previously
This PR should address these issues
Ref #13167
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ f9301ff57f64fd49918a61f6ac305638f065ecfb
Add information about known extension categories (types) to extension documentation
Signed-off-by: Ryan Northey <ryan@synca.io>
Mirrored from https://github.com/envoyproxy/envoy @ 7adc0393221467fcae18052c1f7caf0cb6048d2e
Follow-up on #14715 to allow finer configuration of the strict http request validation behavior. As mentioned in #14972, there are some cases where rejecting unknown paths is undesirable. So we provide more configurability to fit all use cases.
Risk Level:
Low.
This is a breaking API change, but it changes the API introduces < 14 days ago in #14715. This is compliant.
All behavior change only occurs when the option is enabled.
Testing:
Integration tests
Docs Changes:
Proto config changes
Release Notes:
None. #14715 includes release notes that still apply
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Co-authored-by: Yan Tang <tangyan@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ f174fba476a921efb981e80c346faf7e6723c0c4
Support adding response headers on OK authorization checks from ext_authz
Commit Message: ext_authz: support response headers on OK authorization checks
Additional Description:
Risk Level: low (opt-in feature, does nothing by default)
Testing: Added code to existing unit tests
Docs Changes: API protos documented
Release Notes: ext_authz: added :ref:`response_headers_to_add <envoy_v3_api_field_service.auth.v3.OkHttpResponse.response_headers_to_add>` to support sending response headers to downstream clients on OK external authorization checks.
Platform Specific Features:
Fixes#7986
Signed-off-by: John Esmet <john.esmet@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ ac9a2637336decdcc52c24add5e8fc39edebb962
Adds ability to use _starttls_ transport socket to terminate SSL at Envoy and pass unencrypted traffic upstream to Postgres server.
Additional Description:
Risk Level: Low
Testing: Added unit and integration tests.
Docs Changes: Yes.
Release Notes: Yes.
Fixes#10942
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Co-authored-by: Fabrízio de Royes Mello <fabrizio@ongres.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1aa31dd9ca07f88029101bdecca12173930cf342
This allows control planes to tell clients that a given HTTP filter is okay to ignore if it is not supported. This is useful in environments where the clients are not centrally controlled and therefore cannot be upgraded at will, where it is desirable to start using a new filter for clients that do support the new filter without breaking older clients. Unlike a client-capability-based approach, where the client tells the server which filters it supports, this avoids cache pollution and resource-name-based complexity on the server. And because the control plane can set this on a per-filter basis, this approach does not impose risk that clients will silently fail to apply filters that provide mandatory functionality (e.g., authz policies).
Risk Level: Low
Testing: N/A (actual functionality will be implemented in a subsequent PR)
Docs Changes: Included in PR
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9ed95162ce11a09a56c1743d0a6e342d9bbfd2b6
* Add v3 equivalents of v2 configs that were included in v3 due to no
transitive deprecation. This increases consistency and reduces user
confusion. We will continue to support these straggler v2 configs
beyond the v2 turndown due to the late addition of v3 counterparts,
special case code is added to utility.cc to handle this.
* There were two extensions, //envoy/config/cluster/redis and
//envoy/config/retry/previous_priorities, that for some reason were
not upgraded to use v3 config. This is now fixed and I've grepped for
other v2 in //source, none remain.
Risk level: Medium (changes to extension config types and deprecated
config handling).
Testing: Additional unit test added for utility.cc handling, upgraded
configs to v3 for other tests.
Fixes#14735Fixes#12841
Signed-off-by: Harvey Tuch <htuch@google.com>
Co-authored-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ c04a75efe9d601ebcb9650f274b5adde60181f1c
Only adding explicit (hard-configured, or downstream-initiated) HTTP/3. Getting Auto for UDP/TCP is going to take substantially more work. HTTP/3 config will be rejected initially to keep this PR simple as possible.
Risk Level: Low (unused, hidden)
Testing: new unit tests
Docs Changes: n/a
Release Notes: n/a
Part of #14829
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ d06b41c670e29de9d09f0f088e007611f3800db9
Commit Message: compression: add brotli compressor and decompressor
Additional Description: Add new brotli compression extensions in addition to gzip.
Risk Level: Low, no existing functionality is touched
Testing: uni tests, manual tests with curl.
Docs Changes: updated docs for compression and decompression HTTP filters to refer the new available encoder/decoder.
Release Notes: updated current.rst
Fixes#4429
The PR adds a new dependency on https://github.com/google/brotli. Here's the current criteria answers:
| Criteria | Answer |
|---------|---------|
| Cloud Native Computing Foundation (CNCF) approved license | MIT |
| Dependencies must not substantially increase the binary size unless they are optional | brotli's binary size built with `-c opt` is 752K |
| No duplication of existing dependencies | no other dep provides Brotli |
| Hosted on a git repository and the archive fetch must directly reference this repository. | https://github.com/google/brotli |
| CVE history appears reasonable, no pathological CVE arcs | so far 4 CVEs related to brotli have been registered |
| Code review (ideally PRs) before merge | PRs are reviewed before merge |
| Security vulnerability process exists, with contact details and reporting/disclosure process | no policy exists, submitted https://github.com/google/brotli/issues/878 |
| > 1 contributor responsible for a non-trivial number of commits | 75 contributors |
| Tests run in CI | CI set up with AppVeyor and Github actions |
| High test coverage (also static/dynamic analysis, fuzzing) | Fuzzers are run in CI |
| Envoy can obtain advanced notification of vulnerabilities or of security releases | brotli is registered in CPE |
| Do other significant projects have shared fate by using this dependency? | Google Chrome is using the library |
| Releases (with release notes) | https://github.com/google/brotli/releases |
| Commits/releases in last 90 days | last commit 9 days ago |
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 127aa55306c9e4366e10b3a6e26d01df826e2fc0
Fixing "warning: Import ... but not used" warnings from protoc
Risk Level: Low
Testing: manually built protos
Signed-off-by: Chris Heisterkamp <cheister@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 209b8f96498162834856a4330f27deafdf7e0518
This lets the configuration control which calls are made to
the external processor, and also lets the processor temporarily
change the mode for a single request.
Risk Level: Low
Testing: unit test and integration tests, with new tests added to this PR to support the feature
Docs Changes: Removed "not-implemented-hide" from the "processing_mode" configuration parameter
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9976ba92afb3d2153887365260f6704b32ba9499
Commit Message: Add support proxying TCP over HTTP/2 or HTTP/1.1 POST to tcp_proxy. It's controlled by tcp_proxy filter configuration. Also add support adding additional headers to the proxy requests to coordinate with the upstream. In addition, add allo_post config to router, which allow triggering the regular TCP decaping from a POST request payload.
Additional Description: N/A
Risk Level: Low
Testing: Unit tests. Integration tests.
Docs Changes: Added
Release Notes: Added
Platform Specific Features: N/A
Fixes#14234
cc @alyssawilk@mattklein123
Signed-off-by: Wenlei (Frank) He <wlhe@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ effa486d042cd2ac141ee48d8ed54b02b0951c73
Fields `content_length`, `content_type`, `disable_on_etag_header` and
`remove_accept_encoding_header` are valid for APIv2 Gzip filter, not for
APIv3.
Signed-off-by: Pavel Kvasnička <pavel.kvasnicka@firma.seznam.cz>
Mirrored from https://github.com/envoyproxy/envoy @ 542e996eeb78b7a4460b4ef185e85254e19b21f7
When a downstream request's headers do not follow the transcoding specification:
Current behavior: The filter blindly passes the request through to the upstream. This works well when the request is already a gRPC request, but is not ideal if the :path is malformed.
New behavior: For cases where the :path is malformed, the filter will reject the request instead of passing it through. This includes paths that are not registered for transcoding and unknown query parameter variable bindings. gRPC requests are still passed through.
Risk Level: Low. Backwards compatible, new behavior is guarded by option. I cannot think of a case where a client would prefer the old behavior, but let's be safe with breaking changes.
Testing: Integration tests
Platform Specific Features: No
Ref: GoogleCloudPlatform/esp-v2#459
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6ce641fff03ea137e201cfb6e5f52e513551f2df
* fix kill request API validation for header
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 90534ebdaeb05306b3c4ebcfd3b20d8c5c364529
Implement header processing on the response path by sending the
response_headers message to the processor and handling the result.
Also update the docs in the .proto file.
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9753819331d1547c4b8294546a6461a3777958f5
New optional parameter 'auth_scopes' added to the filter. The default value is 'user' (if not provided) to avoid breaking changes to users updating to the latest version.
Signed-off-by: andreyprezotto <andreypp@gmail.com>
Co-authored-by: Nitin Goyal <nitingoyal.dev@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 23a97fbb237b51f10c19c8c228f74faf7ec65370
Introduces the FilterDependency proto. This isn't quite an extension, but it's a common proto to be used by all filter extensions.
Risk Level: Low (proto addition only)
#14470
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2da224f88afe5ec84ba802bd932f73ed13308a92
part of #12841
Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>
Mirrored from https://github.com/envoyproxy/envoy @ 77d7cecb7e68cb41b2f5f7c2aa7f4294c88089ce
Prefer to have operators use Envoy's native Zipkin tracer, since Zipkin
implies libcurl in opencensus. Once we complete a deprecation cycle
here, we should be able to remove this source of libcurl dependency.
Part of #11816.
Risk level: Low
Testing: bazel test //test/...
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 877d8e1f4ddd52f7a4b7bdacd3f95529469de672
The current default window_bits of 12 for the decompressor causes issues while decompressing responses
which were compressed by a compressor with window_size greater than 12.
Default window_bits to 15 to not run into any surprises when the decompressor is deployed with defaults.
Signed-off-by: Bharath Vedartham <vedabharath12345@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ e6700e5257c2da1817145a405b2440b90c3d3747
Commit Message: Making the recently added ProtocolOptionsConfig require explicit configuration
Risk Level: Medium (config breaking, for config which is 7 days old)
Testing: n/a
Docs Changes: inline
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ ff3ef1294a73d36b16a1057b9aaf1d297b7c3090
Adds support for associating a match tree with a HTTP filter, supporting a single "Skip" operation that will have the FM
ignore the filter for the duration of the stream once matched.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 935a6598cd01324f03608ca77ebffc9608f7af81
The connection timeout applies to the idle timeout in the common HTTP
protocol options message in the HttpConnectionManager, not to the
RouteAction idle timeout.
Signed-off-by: Alex Konradi <akonradi@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6246920219ac0ba215bfd0b5462ef78036363b75
The compressor filter adds support for compressing request payloads. Its
configuration is unified with the decompressor filter with two new
fields for different directions - requests and responses. The latter
deprecates the old response-specific fields and, if used, roots the
response-specific stats in
<stat_prefix>.compressor.<compressor_library.name>.<compressor_library_stat_prefix>.response.*
instead of
<stat_prefix>.compressor.<compressor_library.name>.<compressor_library_stat_prefix>.*.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ b0fedbe914092124dbffb0e9d3e8ea8928f74bb9
This patch fixes some examples in the documentation that don't include the mandatory `http_uri.timeout` field and don't add the `tls_transport` field required to fetch JWT signature verification keys from HTTPS servers.
Risk Level: None, docs only
Testing: N/A
Docs Changes: Added
Release Notes: N/A
Fixes#14277
Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com>
Mirrored from https://github.com/envoyproxy/envoy @ 424909395c90d7d68f1afeb3427c26c7c85f2672
This is a followup to #13950 in which the transport API is also
fatal-by-default.
Risk level: High (this will break anyone who is still using v2 and has
not enabled CLI or runtime override)
Testing: Various tests updated as described above. New unit test added
for bootstrap to server_test and to ads_integration_test for
dynamic rejection behavior. api_version_integration_test continues to
provide the definitive cross-version transport API integration test.
Release Notes: Same as #13950.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9093131e2a01d368566741943e112fa629c96725
Add functionality to configure kill header in KillRequest proto. If configured in the proto, it will override the default kill header.
Risk Level: Low, new feature.
Testing: Unit/integration tests.
Docs Changes: Added
Release Notes: Added
Issue: #13978
Signed-off-by: qqustc@gmail.com <qqin@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1d44c27ff7d4ebdfbfd9a6acbcecf9631b107e30
As per discussion summarized in
#13555 (comment), we will not use structured
xdstp:// names/locators in the API initially. Instead, we will re-use existing string fields for
names and special case any name with a xdstp: prefix. We leave open the option of introducing
structured representation, in particular for efficiency wins, at a later point.
Risk level: Low (not in use yet)
Testing: CI
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ d1ded6b381ca92cbacb2e0683adf997239b12272
This introduces a new filter called the "external processing filter." It is intended to allow an external service to be able to operate as if it were part of the filter chain using a gRPC stream. It is intended to support a variety of use cases in which processing of HTTP requests and responses by an external service is desired.
A document that describes the filter can be found here:
https://docs.google.com/document/d/1IZqm5IUnG9gc2VqwGaN5C2TZAD9_QbsY9Vvy5vr9Zmw/edit#heading=h.3zlthggr9vvv
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 98d2f3b553b87c3e935f57ba15b4faf68b45d7f0
Replacing the http-protocol-specific fields in the cluster config with a new plugin
Risk Level: medium
Testing: updated tests to use the new config
Docs Changes: updated docs to use the new config
Release Notes: deprecation notes in the PR
Deprecated: all http-specific cluster config.
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7554d61bccf136638bdfb383c10d049dc8bd3790
Add a KillRequest HTTP filter which can crash Envoy when receiving a Kill request. It will be used to fault inject kill request to Envoy and measure the blast radius.
Risk Level: Low, new feature.
Testing: Unit/integration tests.
Docs Changes: Added
Release Notes: Added
Issue: #13978
Signed-off-by: Qin Qin <qqin@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 237b29d6399953f22a47c6e4d19df74b4fbcee8d
Fixes#13082
Support skip decoding data after metadata in the thrift message.
In payload_passthrough mode, there are some issues:
Envoy cannot detect some errors and exceptions ( e.g. a reply that contains exceptions ). It's possible to improve this by peeking beginning of the payload.
payload_passthrough controls both request and response path. It can be split into two options if we want more fine-grained control.
FilterStatus passthroughData(Buffer::Instance& data, uint64_t bytes_to_passthrough) will not prohibit custom filters to modify buffer. Now it is assumed custom filters won't do that, otherwise behavior is undefined.
Risk Level: Medium
Testing:
unit test:
config
decoder
router
conn_manager
integration:
add an parameter payload_passthrough
manual:
send requests and verify responses
Signed-off-by: Tong Cai <caitong93@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2aee439cd15762cecda768a481b33bd88c999086
As per the decision to move the cncf/udpa repository to cncf/xds branding.
Also updated cncf/udpa hash and updated identifier handling (moved from repeated to a flat string).
Risk level: Low (the only breaking API changes affect not-implemented-hide fields).
Testing: New unit tests for path components.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8c4a3c77a7de016a118aacc4cea933951b85e589
#10526 allowed tracers to use CDS clusters. But zipkin proto doc still says bootstrap cluster is mandatory
Risk Level: Low
Testing: N/A
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6706d4413ad168d58267ee456428e56c9f0f78a5
data-plane-api(Azure Pipelines)