Description:
Implement `allow_missing` (but not failed) mode for JWT requirement. In this mode, token is not required for JWT filter to pass. However, if a token is presented, it must be valid.
This PR also change the `allow_missing_or_failed` (and the new `allow_missing`) to consider the provider within the container OR-list, instead of using the global one that have all providers. As a result, each `allow_xxx` will examine the interested tokens list independently. This correct the behavior when the `allow_xxx` is used multiple times, e.g in different ORs of an AND-of-OR requirements.
Risk Level: Medium
The PR changes the existing behavior of `allow_missing_or_failed`
Testing:
Unit tests.
Docs Changes: Added
Release Notes: Added
Signed-off-by: Diem Vu <diemvu@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 74436a6303825e0a6873222efff591ea1001cf87
Setting update_frequency to 0 causes a segfault. Prevent invalid values via validation.
Risk Level: low
Testing: added unit test
Doc Changes: updated
Release Notes: n/a
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3256d60fcb9710f0ffda856e72126fd957796409
Clarify xDS protocol semantics for resources that do not exist.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR.
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a9c5fa15909fe7d7be58ec6446508d061fe467c8
This is a beachhead PR for a Clang Libtooling based workflow that automagically updates Envoy's
source tree to the latest API version for every referenced package. So far, ths tool is only capable
of inferring types and performing header fixups, later PRs will expand this.
Risk level: Low
Testing: Manual cleanup of all headers in source/ test/ and include/, all tests pass.
Part of #8082
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b54d1c366744314dda38aed5f14e7e93323acb41
Adds documentation for on-demand VHDS/RDS.
Signed-off-by: Brian Avery <bavery@redhat.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ea6ccb5c3e28479da1978b7376ddc9cf0c6eb3a
*Description:*
Add a new `--disable-extensions` flag that hides the named extensions
from their corresponding factory registry. The extensions are retained
in the registry factory, but the factory pointer is nulled so that
configuration attempts to use the extensions will fail.
*Risk Level:* Medium
*Testing:* Added unit tests, manual verification.
*Docs Changes:* Added to CLI reference.
*Release Notes:* Added release note.
*Fixes:* #9096
Signed-off-by: James Peach <jpeach@apache.org>
Mirrored from https://github.com/envoyproxy/envoy @ 445d0ee4a64738f1de072537fb364d9096478915
Document incremental xDS semantics about resources that do not exist.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR
Release Notes: N/A
This attempts to clarify the incremental xDS protocol semantics, as per discussion in #7415
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fb89269082397153475319b56341ea6fac3a78cd
The max_request_bytes field is assumed to have a value set that is
greater than zero. The code ASSERTs this and does unpleasent things
if not set. This corrects that built-in assumption. Note that this
field could be a primitive integer with a constraint, but it doesn't
seem worth that churn to fix.
Fixes https://github.com/envoyproxy/envoy/issues/7650
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ a3b15fccf1c4c8318af9493aa263abe07089bfd5
Signed-off-by: William A Rowe Jr <wrowe@pivotal.io>
Signed-off-by: Yechiel Kalmenson <ykalmenson@pivotal.io>
Signed-off-by: Sunjay Bhatia <sbhatia@pivotal.io>
Mirrored from https://github.com/envoyproxy/envoy @ daeb9850dbcd78da21a2e8ff9854564830cefb19
Instead of formatting options heuristically, which will erase new annotations without changing protoxform, use proto descriptor to format options, and enforce its order as well.
Risk Level: Low
Testing: CI
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ dfe687d49574ef7eb1bf84867bf571e805a2bf97
Add a new field sts_service into GoogleGrpc call credential options which support Envoy to exchange token. See grpc/grpc#19032 and grpc/grpc#19587.
Signed-off-by: JimmyCYJ jimmychen.0102@gmail.com
Risk Level: Low
Testing: Unit test
Signed-off-by: Jimmy Chen <jimmychen.0102@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 46e65a498df7c920065a769860753076f9de16e7
* access_log: add ability to generate JSON access logs preserving data types
Using the new typed JSON format mode, numeric values (e.g. request duration,
response codes, bytes sent, etc) are emitted as json numbers instead of as
json strings. In addition, dynamic metadata and filter state are emitted
as nested structs and lists where appropriate.
Risk Level: medium for users of json logs
Testing: unit tests
Doc Changes: included
Release Notes: included
Fixes: #8374
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ c7affbc223fae3a5dd104b8d6be4ea29af4042f6
Make TCP listeners supporting SO_REUSEPORT, then each worker thread will create
and listen on socket using same address and port.
Signed-off-by: lhuang8 <lhuang8@ebay.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8534ac8f810de72961b9e4399e14cf24fade7a60
* api: link to previous message type package in API BUILD files.
We need to include the descriptors from the previous message version in
the build. We opt to do this transitively; when you include v3 of a
package, you get the v2 via a transitive dep. This should work based on
alwayslink semantics for cc_library.
The computation of the deps is based on the previous_message_type
annotation, which will allow cross package migrations.
Part of #8082.
Risk level: Low
Testing: Disabled ip_tagging v2 descriptor hack, observed
version_integration_test. After the BUILD changes, this now passes
again.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7f8fb9509d3189819dd253e25ec76e939ae106e7
Adding property use_tcp_for_dns_lookups to bootstrap and cds config, which will instruct dns resolvers to use tcp for DNS queries.
Risk Level: Medium/Low
Fixes#7965
Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>
Mirrored from https://github.com/envoyproxy/envoy @ b78fc4e0edc696c2395b7eafbca8cbc62cb0f325
This PR avoids having to include an API type database in the Envoy build
by introducing a message annotation option that allows Envoy to
determine earlier corresponding message types via descriptor inspection.
The ApiTypeDb is now ApiTypeOracle and utilizes these annotations.
Risk level: Low
Testing: Existing API and verison upgrade tests pass.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 297f7a73b3f93bccf8af73c0a555ae52bce6cecb
Another bunch of work towards
https://github.com/envoyproxy/envoy/issues/492.
The remaining work is proper wiring up of upstream cluster
management, host health, etc. and documentation. This will
be done in the next PR.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 647c1eeba8622bafdd6add1e7997c1f0bda31be5
Add a mechanism for a filter to define the action for a route.
Risk Level: Low
Testing: N/A
Docs Changes: Inline with proto change.
Release Notes: N/A
Fixes#8953.
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a907cff53f6ffb33d9a87b5ef50934626caa1b9e
serialize stream stats for telemetry
Risk Level: low
Testing: unit
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0c5b3571c2d04f9de973012fd1b346aecb6ca5ba
This reverts commit 80aedc1c4a1aecc1616bd1563450c69d04e9568f.
Revert "config: rename NewGrpcMuxImpl -> GrpcMuxImpl (#8919)"
This reverts commit 6d505533304731fcc97041adce1f735431a703d7.
Revert "config: reinstate #8478 (unification of delta and SotW xDS), reverted by #8939 (#8974)"
This reverts commit a37522cf3f15639c8afeb7402f505044815fcf85.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 38adf1f02e95cf7a7078cdaa39032b62ca1e2ebf
Description: Bypass the CORS preflight request in the JWT filter
Risk Level: Low
Testing: Added unit test and integration test
Docs Changes: n/a
Release Notes: Added `jwt_authn: added to bypass the CORS preflight request.`
Fixes https://github.com/istio/istio/issues/16171
Signed-off-by: Yangmin Zhu <ymzhu@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a29a083d9c260422b314ef47ca264b6815e548ab
Introduce new fallback policy for subset load balancer's selectors: KEYS_SUBSET and related LbSubsetSelector config parameter: fallback_keys_subset.
When context metadata matches given selector on keys, but there is no matching subset and KEYS_SUBSET fallback policy is set for that selector, there will be another attempt on subset selector matching. For that consecutive attempt, the context metadata will be reduced to keys included in fallback_keys_subset.
Risk Level: low (no changes in existing features, adding a new feature that is disabled by default). But there is also a small bugfix that can affect existing behaviour.
Testing: Unit tests and manual testing using envoy with static config
Docs: added
Release Notes: added
Fixes: #8767Fixes: #8874
Signed-off-by: Marcin Falkowski <marcin.falkowski@allegro.pl>
Mirrored from https://github.com/envoyproxy/envoy @ b7bef67c256090919a4585a1a06c42f15d640a09
* Add an explicit threat model to the end user facing docs, link to this from SECURITY.md
* Switch all Envoy extensions to use a new macro `envoy_cc_extension`, mandating that extensions declare a security posture. Extensions can also optionally declare `alpha` or `wip` status.
* Tag all documentation sites with their well-known Envoy names.
* Introduce tooling to automagically populate a list of known trusted/untrusted extensions in the threat model docs.
* Generate API docs for extensions that depend on `google.protobuf.Empty`. This pattern is deprecated as per https://github.com/envoyproxy/envoy/issues/8933, but we need these for tooling support meanwhile.
This work was motivated by oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18370
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 90d1094b32aa017f90cc8efcd379aeb143acabfc
Set the downstream client X.509 certificate in the source Peer AttributeContext
Risk Level: low
Testing: Tests updated and extended.
Docs Changes: New API additions are documented.
Release Notes: Added.
Fixes#8326
Signed-off-by: Steve Larkin <steve.larkin@volvocars.com>
Mirrored from https://github.com/envoyproxy/envoy @ 766f3fb8dbdafce402631c43c16fda46ed003462
This reverts commit 443bc3345b0e3db99a3df03d52f317697b99d5d7.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ df6d3bc453167a8e9fd29662280859b4f56f0af8
This has not been implemented, so hide the API from the docs.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8e368e4bdfa8f220c5f4cb03ca61587ae1a3d118
Updates protoc-gen-validate to a18376249eb51cdd517f67fe8703897322812e6d and
adds tests to the RBAC common filter code to prove that nested validations
work as expected.
Risk Level: low
Testing: unit test
Doc Changes: n/a
Release Notes: n/a
Fixes: #8715, #5324
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 28ce96326e154dba0879b4fa330eb33f29581634
Currently, application logs are not sanitized of c-style escape sequences. If any filter logs a message that contains newline characters, the logs will be printed to a new line. This breaks log formats set by the --log-format option, breaking integration with log viewers.
This change adds a command line option --log-format-escaped to escape c-style escape characters in application logs before they are outputted. Enabling this flag ensures newline characters in logs are ignored, meaning that each call to ENVOY_LOG will result in at most 1 line outputted. This flag works for both Stderr and File loggers.
Risk Level: Low
Testing:
Unit tests
Fuzz test
Manual verification (see comments in PR)
Performance Impact: As long as production environments are running with the default log level, this will only slightly impact startup time (only when --log-format-escaped is set). The critical section for each request/response will not be impacted.
Docs Changes: Added docs to command line options about new flag and possible use cases, like Stackdriver Logging integration on GKE.
Release Notes: Added release notes about new flag
Fixes#8637
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 20ca0ae3bdd9c2a69194203f5e1d2eca92ce2b48
Description:
Adds serialization method to filter state and use from logger if specified.
Risk Level: Low
Testing: CI
Docs Changes: Added
Release Notes: Added
Fixes#8790
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ cf74f816933d1350d7c588a3b8478dd399ce3d18
data-plane-api(CircleCI)