This is a followup to #13950 in which the transport API is also
fatal-by-default.
Risk level: High (this will break anyone who is still using v2 and has
not enabled CLI or runtime override)
Testing: Various tests updated as described above. New unit test added
for bootstrap to server_test and to ads_integration_test for
dynamic rejection behavior. api_version_integration_test continues to
provide the definitive cross-version transport API integration test.
Release Notes: Same as #13950.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9093131e2a01d368566741943e112fa629c96725
Pulling out version to a separate package
Risk Level: Low
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 9a5de98bf26280a3b57882413dfb9084c5dbb2a6
To resolve#10274, adding max stream duration for upstream connection.
Signed-off-by: shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 6151a69f9c0dc4aa7938d987036ec00eedb818d5
Also remove some stale comments around delta xDS in ConfigSource.
Fixes#10836
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4ee310ec07a4e0e775626fe8c652726b4151b8e9
This patch performs a major version freeze and bump by modifying
package_version_status, using the tooling developed in #10636.
Specifically:
v2 APIs are frozen (except for where they are the latest in their
package history and still active)
v3 APIs are transitioned to be active
Candidate v4alpha APIs are generated (not used by Envoy yet)
Fixes#10355
Risk level: medium (entire API's files are modified, visually verified
to ensure things look sane, all tests pass)
Testing: CI
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 549164c42cae84b59154ca4c36009e408aa10b52
This patch adds the RuntimeDouble helper class, similar to the
RuntimeUint32 class.
Signed-off-by: Tony Allen <tony@allen.gg>
Mirrored from https://github.com/envoyproxy/envoy @ 15330aa60bd6da79be02f00b8130b527f11eb0fa
Allow using a custom host name for endpoints and health checks. This enables auto host re-write to work with EDS
Risk Level: Low, new opt in field.
Testing: Unit tests
Docs Changes: inline docs in the protocs.
Release Notes: added to version_history.rst
Fixes#10408
Signed-off-by: Yuval Kohavi <yuval.kohavi@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ b5a3405b2725e979a93e7410fce7c57a0c66d8db
Add options to either put all methods into the same per-cluster
stat, or to whitelist which methods to create stats for.
Additionally, start a deprecation process for the default mode
being to create a stat for all methods, to remove an unsafe
default.
Risk Level: Low
Testing: Unit tests added
Docs Changes: done
Release Notes: added
Fixes#10445
Deprecated: added
Mirrored from https://github.com/envoyproxy/envoy @ 715992f3ac891d87e67566ffbfd6b3af8d8a4e1d
Part of https://github.com/envoyproxy/envoy/issues/10355, this patch introduces additional
annotations to the API to support automatic inference (and developer documentation) of where the
active developer editable version of a file is, and which files are frozen or machine generated.
Risk level: Low (API annotations only)
Testing: CI
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4c5f4310bb8a19a38e5377d7a2d2dc6aa4560f47
This enables "non-strict" header validations, that match the ones in place with Envoy's ASSERT(valid()) code. The default strict: true checks checked for RFC-compliance, which may break previously valid configs.
Part of #10318
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 97a76d991766d96df2e84a1f2e33b69cae844471
Implement a retry policy for remote data sources.
Risk Level: Low
Testing: Unit test
Docs Changes: N/A
Release Notes: added
Fixes: #9438
Signed-off-by: Yan Xue <yxyan@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ bd7c97858556c2851589d7fb73a25e99b8687df3
Ignores RST code blocks, double-backtick literals, and links.
Ignores single-, double- or asterisk-quoted words containing
letters, numbers, hyphens and periods. Single- and double-quoted
words may contain asterisks as well. Ignores code-like expressions
in single backticks (e.g. `namespace::template<T>`). Ignores
tuple-like expressions. Better smart quote handling. Prefix and
suffixes can be stored in the word list but are handled specially.
Risk Level: low, build only
Testing: unit tests
Docs Changes: cleanup
Release Notes: n/a
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 56cfb638edd241887338816eecda12fc66f57e9e
Modifies the well-known-names of the built-in http filters
to use the same names as the extension build system.
Handles transition of per-filter-configs.
Risk Level: low, previous name is still accepted
Testing: existing tests + deprecated tests for old names
Docs Changes: updated names
Release Notes: updated
Deprecated: old names are logged as deprecated
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ c5c1e5bb6570f81f30dd48d8b379392c84e81fe0
This PR introduces a parallel v3 API reference documentation tree to the
existing v2 one.
The docs/root/api-v3/ tree was copied from docs/root/api-v2 and the
necessary package path fixups were made manually. As a result, the tree
largely resembles the v2 docs. Long term this is likely to evolve to
reflect the shape of the new extensions tree.
The message type, field and enum anchors are sed'ed to be distinct and
self-consistent inside api-v3/.
There were a number of API proto changes that were made to obtain a
successful Sphinx build:
* References to deprecated fields were replaced by references to the replacement field.
* clang-format line wrapping in protoxform was removed, this breaks RST in some v3 protos.
* Some packages (type/metadata/v2, data/cluster/v2alpha) were force upgraded to v3, to deal with references to types that are distinct in v2/v3. This is OK as these packages probably make sense to bump for v3, in general we're going to have to think about how to do this more
cleanly, supporting dual v2/v3 references alongside each other.
* Some evil hacks for field renaming added to migrate.py for RouteAction.
There's also some additional machinery added to compute distinct v3/v3
build targets to point protodoc at.
Risk level: Low
Testing: Docs build, manual inspection.
Fixes#8087
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ac88316892cd47b6a9b58e3736e20e8863cd0d27
In which we convert every v3alpha reference to v3. In future revs of the
stable API versioning policy, we will develop better tooling to support
> 2 alpha and stable versions. For v3, it seems reasonable to just mv
v3alpha to v3, since there should be no external consumers yet.
Risk level: Low
Testing: bazel test //test/..., CI.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5248a4fb7d4c2a3d1fa151f944d3a63f6b7a06cf
This PR makes the following fatal by default:
from cluster.proto: ORIGINAL_DST_LB, tls_context, extension_protocol_options
from health_check.proto: use_http2
from route_components.proto: allow_origin regex, pattern, method, regex_match, value
from http_connection_manager.proto: operation_name
from trace.proto: HTTP_JSON_V1
from string.proto: regex
Risk Level: Medium (who knows who is using them)
Testing: test framework updates
Docs Changes: n/a
Release Notes: n/a
Originally #8847
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 33100e8bbeca057e23d07e46e42c51376700f872
Changing from relative name to absolute name, and fixing the fatal-by-defaults that were broken by the v3 switch.
The old way to allow fatal-by-defaults was
envoy.deprecated_features:proto_file.proto:field_name
the new way is
envoy.deprecated_features:full.namespace.field_name
When we switched to v3, all the hard-coded v2 names stopped working. This reinstates them via hopefully more permanent proto annotation.
The only remaining ugly bit is that unfortunately the full namespace and field name are the v3 versions even if the original config was v2. Between @htuch and I we should fix that before merging.
Risk Level: Medium
Testing: added new unit tests
Docs Changes: updated
Release Notes: n/a
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 156d7c90083c196a206c07fc03b2de6be8260bd3
This is a followup to #9301, where it was not possible to deprecate a
field on DiscoveryRequest as we were previously assuming identical v2/v3
transport protocols. After this deprecation, build_version can't appear
in v3 messages, and we need to convert back to a true v2
DiscoveryRequest prior to JSON serializing for REST.
There's more work to be done in the future, when we add new v3-only
fields, but this should work for 1.13.0. Future work tracked at
https://github.com/envoyproxy/envoy/issues/9619.
Risk level: Low
Testing: coverage of the behaviors for both gRPC and REST config sources
is provided by api_version_integration_test (failing previously as soon
as build_version was deprecated).
Fixes#9604
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0ee6212b02bdab7b3d66e868449ac93556e63118
Description: add auto_sni flag on cluster that executes to change sni field on sni field automatically.
Risk Level: Low
Testing: Unit Test
Docs Changes: Added
Release Notes: Added
Signed-off-by: shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 18ec59136e7a265556ca1d660dd7eb103182ea3a
Report extension information in the Node message.
Risk Level: Low
Testing: Unit Tests
Docs Changes: N/A
Release Notes: N/A
Fixes: #8332
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f5efe4a9bedf0ef7b03324f9bfda50118a0555c4
This PR extends #9468 to support a distinct notion of transport and
resource API version. The intuition here is that the opaque resources
(and their type URLs) can be delivered via either v2 or v3 xDS, and the
DiscoveryRequest etc. messages have their own versioning.
Currently, the v2 and v3 transport protocols are indistinguishable
modulo service endpoint. As v3 evolves, e.g. with #9301, differences
will be introduced. At this point it will be necessary to have enhanced
support in the gRPC mux and HTTP subscription modules to handle the
protocol differences.
This is technically a breaking v2 API change, but since the field it
breaks was only added today, I think it's safe to assume it is not in
use yet.
Risk level: Low
Testing: Integration tests added to validate service endpoint and type
URL selection based on transport/resource version.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ df0582765f8cc01a2f5901b068783f6bba9366f0
Description:
Move packages around for #8120 and #8121
Risk Level: Med around messing up build.
Testing: CI
Docs Changes: in API/STYLE.md
Release Notes: N/A (v3alpha is not in use yet)
Fixes#8120
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 1371f2ef46582a72b5b3971147bd87c534011731
Fixes server_fuzz_test fuzz bugs:
* QUIC upstream not implemented in prod, so the fuzzer removes the HTTP3 codec types for http health checks
* PGV validate throws a not yet implemented error on URIs. I removed this check for now and replaced with a TODO. If I catch the std::exception that is thrown and bypass it with a warning statement in the logs, we skip over other validations, which means that any fuzz test or user using this uri field will be in danger of failing because of other invalid fields @JimmyCYJ. PGV issue tracked: envoyproxy/protoc-gen-validate#303
Fixes OSS-Fuzz Issues:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19614https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19689
Signed-off-by: Asra Ali <asraa@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b7dcf083876f5d34d0dde5df535989a81dfa8023
It enables to specify API versioning for xDS for #8421, allow to write like this config
eds_cluster_config:
eds_config:
version: V2
api_config_source:
api_type: GRPC
grpc_services:
envoy_grpc:
cluster_name: eds_cluster
Risk Level: Low
Testing: unit test(maybe it is needed to add integration test)
Signed-off-by: shikugawa <rei@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ e3717b54b8d91d1862b096f73efbe96086862183
Modifies the protodoc tool to tag required duration fields as required.
Adds documentation around HttpHealthCheck.expected_statuses to clarify
what's expected of the Int64Range. Tags two Uint32Value fields as required
since they were implicitly treated as such (and generated missing field
exceptions when unset).
Risk Level: low
Testing: existing tests pass
Docs Changes: yes
Release Notes: n/a
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9263763e0a68961ee10fe63bc534d2546ed38376
In order to get file level move annotation, import has to be before options.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 062c895f499382ae61dead16db2a7e78b9146525
Instead of formatting options heuristically, which will erase new annotations without changing protoxform, use proto descriptor to format options, and enforce its order as well.
Risk Level: Low
Testing: CI
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ dfe687d49574ef7eb1bf84867bf571e805a2bf97
Add a new field sts_service into GoogleGrpc call credential options which support Envoy to exchange token. See grpc/grpc#19032 and grpc/grpc#19587.
Signed-off-by: JimmyCYJ jimmychen.0102@gmail.com
Risk Level: Low
Testing: Unit test
Signed-off-by: Jimmy Chen <jimmychen.0102@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 46e65a498df7c920065a769860753076f9de16e7
This reverts commit 80aedc1c4a1aecc1616bd1563450c69d04e9568f.
Revert "config: rename NewGrpcMuxImpl -> GrpcMuxImpl (#8919)"
This reverts commit 6d505533304731fcc97041adce1f735431a703d7.
Revert "config: reinstate #8478 (unification of delta and SotW xDS), reverted by #8939 (#8974)"
This reverts commit a37522cf3f15639c8afeb7402f505044815fcf85.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 38adf1f02e95cf7a7078cdaa39032b62ca1e2ebf