Adds new `subjects` config field to restrict subjects accepted from a `JwtProvider` partially implementing #31455
Risk Level: Low
Testing: Unit testing
Docs Changes: Added `subjects` description inline in proto.
Release Notes: Attached
Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md): Feature is opt in, without specifying the config, there's no behavior change.
Signed-off-by: Matthew Jones <mattjo@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08231e383fc3fb1c3bb207774d8295995759552a
* add dr response flag
Signed-off-by: Boteng Yao <boteng@google.com>
* add tests
Signed-off-by: Boteng Yao <boteng@google.com>
* fix assertion
Signed-off-by: Boteng Yao <boteng@google.com>
* fix format
Signed-off-by: Boteng Yao <boteng@google.com>
* fix proto
Signed-off-by: Boteng Yao <boteng@google.com>
* fix test
Signed-off-by: Boteng Yao <boteng@google.com>
* fix test
Signed-off-by: Boteng Yao <boteng@google.com>
* add change logs
Signed-off-by: Boteng Yao <boteng@google.com>
---------
Signed-off-by: Boteng Yao <boteng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0cb0b01b7f44399085e511085e51e8222132982e
Added new parameter `ajax_request_matcher` to optionally not allow OAuth2 authorization redirect when all tokens are expired. Such redirect usually redirects the user to a login page (in authorization code flow) and this behavior is not desired in Ajax requests.
Signed-off-by: Samuel Valis <samuel.valis@innovatrics.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8318716d9aedfc6277cd605a41b606a86f3feb52
* Change udpa renaming workaround to not compile the same archive twice
---------
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0d3bdfe471fa78d9b16bae67550e1424f596613e
* API for defining HTTP errors, locally originated errors and database errors.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Adjusted next free field.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Use Any for monitor extensions.
Moved proto for errors and consecutive errors monitor to envoy/extensions.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Adjusted main api's BUILD file.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Renamed common to error_types.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Fixed docs.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Used TypedExtensionConfig instead of user-define message.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Redesign ErrorBucket to avoid using oneof.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
* Renamed error buckets.
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
---------
Signed-off-by: Christoph Pakulski <paker8848@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6e71eb87e5d1c5b1853763afce64738bce13b586
---------
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 32dd29468e136392d31cc75acc3c296d3bf76eb9
Commit Message: Set QUIC network idle timeout to 30s for Envoy Mobile.
Additional Description: A proto knob was added to modify the QUIC config on idle network timeout. The proto is only set for mobile.
Risk Level: Low
Testing: unit tests
Docs Changes: n/a
Release Notes: n/a
Signed-off-by: Renjie Tang <renjietang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 56a034b447672bd97d7c48c12ff5ee27b78be4d0
Add FULL_SCAN mode to least request load balancer.
By default, the least request load balancer returns the host with the fewest
active requests from a set of N randomly selected hosts.
This introduces a new "full scan" selection method that returns the host with
the fewest number of active requests from all hosts. If multiple hosts are
tied for "least", one of the tied hosts is randomly chosen.
Added selection_method option to the least request load balancer. If set to
FULL_SCAN, Envoy will select the host with the fewest active requests from
the entire host set rather than choice_count random choices.
Risk Level: low, existing code path unchanged
Testing: unit tests add
Docs Changes: protobuf docs
Release Notes: added
Signed-off-by: Jared Kirschner <jkirschner@hashicorp.com>
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
Co-authored-by: Leonardo da Mata <barroca@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1995d9291835e3292895a34bf009c683f578e75a
---------
Signed-off-by: Juan Manuel Ollé <jolle@mulesoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c636750f00038d3fdbb67e6a27fa7861097d7e2
Lowering API limits so we can more easily test dns refresh.
Adding a bunch of e2e DNS refresh tests.
Risk Level: low
Testing: yes
Docs Changes: inline
Release Notes:
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 72c15547a7dea9735235e65e2323219d59b6a9dd
Commit Message: Cluster: make happy eyeballs algorithm configurable. Implemented configure options to specify first address family version and count in RFC8305#section-4.
Additional Description:
Risk Level: low, added a small feature guarded by runtime guard
Testing: added new unit tests
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:] added false runtime guard: envoy_reloadable_features_enable_universal_header_validator
Signed-off-by: Ting Pan <panting@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a862674c6fc9323c24d6df6207ed405204e2c88f
chore: remove `append_x_forwarded_host` runtime flag
Signed-off-by: River Phillips <riverphillips1@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6762bf3e17512bdb3b49c748dc75dd2000494606
Added uri_template with envoy.path.match extension category to allow matching with URI templates in RBAC.
Risk Level: low
Testing: unit, integration
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
Fixes#30724
Signed-off-by: kozjan <jan.kozlowski@allegro.com>
Mirrored from https://github.com/envoyproxy/envoy @ 20c7368afa9d686a109f9601ae1b9b6028b74b0a
Introduce the ability to send dynamic metadata in the External Processing Request. Also implements the API for returning dynamic metadata as part of the External Processing Response.
---------
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 8f95f9ec501febe91e3f7688a3f85e33a2052d7a
Introduce the ability to send attributes in the External Processing Request
---------
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 6952f5477cce549126cb9f12b9f62c079548fed7
---------
Signed-off-by: Antonio Leonti <leonti@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1eaaedf9aa361eea5219b911ad1de725d0da069b
See envoyproxy/go-control-plane#824 for more information
This PR adds the vtprotobuf protoc plugin for Go. This works on top of the existing protoc-gen-go, to add optimized marshal functions that callers can opt in to using. This is not like gogo, which was a very invasive change -- everything is layered and opt-in. See issue for benchmarks, etc.
Additionally, to avoid possible binary size increase, the entire new code is protected under a go build tag. Users will need to opt-in at build time (-tags=vtprotobuf). By default, there is no impact for users at all.
Risk Level: Low - only additional opt-in code
Testing: Manually tested in Istio codebase
Signed-off-by: John Howard <howardjohn@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 21b52ba73d8ebbb51834d529a68f55ea2ec5e614
Additional Description: The CryptoMB private key provider only supports RSA at the time, the patch adds ECDSA support to it.
Risk Level: Low (as contrib extension)
Testing: Unit and integration tests
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: Requires AVX512 or equivalent CPU instruction set
Signed-off-by: Xie Zhihao <zhihao.xie@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8dcb3165334b8d9fdec7bb9f5f0b103d97f858d3
* accesslog: add field to TLSProperties in data.accesslog.v3.AccessLogCommon
Signed-off-by: Li <wanxuli@ebay.com>
* Update changelogs/current.yaml
Signed-off-by: code <wangbaiping@corp.netease.com>
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
* fix intergration_test for issuer
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
* fix missing value for issuerPeerCertificate in test case
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
---------
Signed-off-by: Li <wanxuli@ebay.com>
Signed-off-by: Li <929683467@qq.com>
Co-authored-by: Li <wanxuli@ebay.com>
Co-authored-by: code <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ 24ffda3f4f4d6aa310a20d9e4c77887581dbfce3
Commit Message: add an option to use a generic string object for the value
Additional Description:
Risk Level: low (new oneof but a recent extension)
Testing: done
Docs Changes: none
Release Notes: none
Mirrored from https://github.com/envoyproxy/envoy @ 5e4967ee54d2904cdfad853d201d2110e49eaf95
update-envoy[bot]