diff --git a/api/envoy/api/v2/core/config_source.proto b/api/envoy/api/v2/core/config_source.proto index 7032b2c10d87..6cf44dbe9bbd 100644 --- a/api/envoy/api/v2/core/config_source.proto +++ b/api/envoy/api/v2/core/config_source.proto @@ -26,10 +26,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/api/envoy/config/accesslog/v4alpha/accesslog.proto b/api/envoy/config/accesslog/v4alpha/accesslog.proto index 0714b614c41d..73769ca8aea9 100644 --- a/api/envoy/config/accesslog/v4alpha/accesslog.proto +++ b/api/envoy/config/accesslog/v4alpha/accesslog.proto @@ -47,9 +47,9 @@ message AccessLog { // #. "envoy.access_loggers.file": :ref:`FileAccessLog // ` // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig - // ` + // ` // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig - // ` + // ` oneof config_type { google.protobuf.Any typed_config = 4; } diff --git a/api/envoy/config/core/v3/config_source.proto b/api/envoy/config/core/v3/config_source.proto index 549177aa0524..9de03625dce2 100644 --- a/api/envoy/config/core/v3/config_source.proto +++ b/api/envoy/config/core/v3/config_source.proto @@ -27,10 +27,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/api/envoy/config/core/v4alpha/config_source.proto b/api/envoy/config/core/v4alpha/config_source.proto index 74419775d894..121a20e6ed85 100644 --- a/api/envoy/config/core/v4alpha/config_source.proto +++ b/api/envoy/config/core/v4alpha/config_source.proto @@ -24,13 +24,14 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // xDS API and non-xDS services version. This is used to describe both resource and transport // protocol versions (in distinct configuration fields). enum ApiVersion { + reserved 1; + + reserved "V2"; + // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; - - // Use xDS v2 API. - V2 = 1; + DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/api/envoy/config/ratelimit/v4alpha/BUILD b/api/envoy/config/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..f335ebe20e6b --- /dev/null +++ b/api/envoy/config/ratelimit/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/config/ratelimit/v4alpha/rls.proto b/api/envoy/config/ratelimit/v4alpha/rls.proto new file mode 100644 index 000000000000..7a13efd7395e --- /dev/null +++ b/api/envoy/config/ratelimit/v4alpha/rls.proto @@ -0,0 +1,34 @@ +syntax = "proto3"; + +package envoy.config.ratelimit.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.ratelimit.v4alpha"; +option java_outer_classname = "RlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit service] + +// Rate limit :ref:`configuration overview `. +message RateLimitServiceConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.ratelimit.v3.RateLimitServiceConfig"; + + reserved 1, 3; + + // Specifies the gRPC service that hosts the rate limit service. The client + // will connect to this cluster when it needs to make rate limit service + // requests. + core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}]; + + // API version for rate limit transport protocol. This describes the rate limit gRPC endpoint and + // version of messages used on the wire. + core.v4alpha.ApiVersion transport_api_version = 4 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/api/envoy/extensions/access_loggers/grpc/v4alpha/BUILD b/api/envoy/extensions/access_loggers/grpc/v4alpha/BUILD new file mode 100644 index 000000000000..83758c9e0b82 --- /dev/null +++ b/api/envoy/extensions/access_loggers/grpc/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/extensions/access_loggers/grpc/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/access_loggers/grpc/v4alpha/als.proto b/api/envoy/extensions/access_loggers/grpc/v4alpha/als.proto new file mode 100644 index 000000000000..c7bf15948b23 --- /dev/null +++ b/api/envoy/extensions/access_loggers/grpc/v4alpha/als.proto @@ -0,0 +1,89 @@ +syntax = "proto3"; + +package envoy.extensions.access_loggers.grpc.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.access_loggers.grpc.v4alpha"; +option java_outer_classname = "AlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC Access Log Service (ALS)] + +// Configuration for the built-in *envoy.access_loggers.http_grpc* +// :ref:`AccessLog `. This configuration will +// populate :ref:`StreamAccessLogsMessage.http_logs +// `. +// [#extension: envoy.access_loggers.http_grpc] +message HttpGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig"; + + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; + + // Additional request headers to log in :ref:`HTTPRequestProperties.request_headers + // `. + repeated string additional_request_headers_to_log = 2; + + // Additional response headers to log in :ref:`HTTPResponseProperties.response_headers + // `. + repeated string additional_response_headers_to_log = 3; + + // Additional response trailers to log in :ref:`HTTPResponseProperties.response_trailers + // `. + repeated string additional_response_trailers_to_log = 4; +} + +// Configuration for the built-in *envoy.access_loggers.tcp_grpc* type. This configuration will +// populate *StreamAccessLogsMessage.tcp_logs*. +// [#extension: envoy.access_loggers.tcp_grpc] +message TcpGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig"; + + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; +} + +// Common configuration for gRPC access logs. +// [#next-free-field: 7] +message CommonGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.CommonGrpcAccessLogConfig"; + + // The friendly name of the access log to be returned in :ref:`StreamAccessLogsMessage.Identifier + // `. This allows the + // access log server to differentiate between different access logs coming from the same Envoy. + string log_name = 1 [(validate.rules).string = {min_len: 1}]; + + // The gRPC service for the access log service. + config.core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}]; + + // API version for access logs service transport protocol. This describes the access logs service + // gRPC endpoint and version of messages used on the wire. + config.core.v4alpha.ApiVersion transport_api_version = 6 + [(validate.rules).enum = {defined_only: true}]; + + // Interval for flushing access logs to the gRPC stream. Logger will flush requests every time + // this interval is elapsed, or when batch size limit is hit, whichever comes first. Defaults to + // 1 second. + google.protobuf.Duration buffer_flush_interval = 3 [(validate.rules).duration = {gt {}}]; + + // Soft size limit in bytes for access log entries buffer. Logger will buffer requests until + // this limit it hit, or every time flush interval is elapsed, whichever comes first. Setting it + // to zero effectively disables the batching. Defaults to 16384. + google.protobuf.UInt32Value buffer_size_bytes = 4; + + // Additional filter state objects to log in :ref:`filter_state_objects + // `. + // Logger will call `FilterState::Object::serializeAsProto` to serialize the filter state object. + repeated string filter_state_objects_to_log = 5; +} diff --git a/api/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD b/api/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..329e11fc5017 --- /dev/null +++ b/api/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/ratelimit/v4alpha:pkg", + "//envoy/extensions/filters/http/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto b/api/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000000..688be29e6aab --- /dev/null +++ b/api/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,125 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.http.ratelimit] + +// [#next-free-field: 10] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.ratelimit.v3.RateLimit"; + + // Defines the version of the standard to use for X-RateLimit headers. + enum XRateLimitHeadersRFCVersion { + // X-RateLimit headers disabled. + OFF = 0; + + // Use `draft RFC Version 03 `_. + DRAFT_VERSION_03 = 1; + } + + // The rate limit domain to use when calling the rate limit service. + string domain = 1 [(validate.rules).string = {min_len: 1}]; + + // Specifies the rate limit configurations to be applied with the same + // stage number. If not set, the default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}]; + + // The type of requests the filter should apply to. The supported + // types are *internal*, *external* or *both*. A request is considered internal if + // :ref:`x-envoy-internal` is set to true. If + // :ref:`x-envoy-internal` is not set or false, a + // request is considered external. The filter defaults to *both*, and it will apply to all request + // types. + string request_type = 3 + [(validate.rules).string = {in: "internal" in: "external" in: "both" in: ""}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 4; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + bool failure_mode_deny = 5; + + // Specifies whether a `RESOURCE_EXHAUSTED` gRPC code must be returned instead + // of the default `UNAVAILABLE` gRPC code for a rate limited gRPC call. The + // HTTP code will be 200 for a gRPC response. + bool rate_limited_as_resource_exhausted = 6; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 7 + [(validate.rules).message = {required: true}]; + + // Defines the standard version to use for X-RateLimit headers emitted by the filter: + // + // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the + // client in the current time-window followed by the description of the + // quota policy. The values are returned by the rate limiting service in + // :ref:`current_limit` + // field. Example: `10, 10;w=1;name="per-ip", 1000;w=3600`. + // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the + // current time-window. The values are returned by the rate limiting service + // in :ref:`limit_remaining` + // field. + // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of + // the current time-window. The values are returned by the rate limiting service + // in :ref:`duration_until_reset` + // field. + // + // In case rate limiting policy specifies more then one time window, the values + // above represent the window that is closest to reaching its limit. + // + // For more information about the headers specification see selected version of + // the `draft RFC `_. + // + // Disabled by default. + XRateLimitHeadersRFCVersion enable_x_ratelimit_headers = 8 + [(validate.rules).enum = {defined_only: true}]; + + // Disables emitting the :ref:`x-envoy-ratelimited` header + // in case of rate limiting (i.e. 429 responses). + // Having this header not present potentially makes the request retriable. + bool disable_x_envoy_ratelimited_header = 9; +} + +message RateLimitPerRoute { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute"; + + enum VhRateLimitsOptions { + // Use the virtual host rate limits unless the route has a rate limit policy. + OVERRIDE = 0; + + // Use the virtual host rate limits even if the route has a rate limit policy. + INCLUDE = 1; + + // Ignore the virtual host rate limits even if the route does not have a rate limit policy. + IGNORE = 2; + } + + // Specifies if the rate limit filter should include the virtual host rate limits. + VhRateLimitsOptions vh_rate_limits = 1 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/api/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD b/api/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..d9d0ca109526 --- /dev/null +++ b/api/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/ratelimit/v4alpha:pkg", + "//envoy/extensions/common/ratelimit/v3:pkg", + "//envoy/extensions/filters/network/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto b/api/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000000..b53cb3bcc1d0 --- /dev/null +++ b/api/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,53 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; +import "envoy/extensions/common/ratelimit/v3/ratelimit.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.network.ratelimit] + +// [#next-free-field: 7] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.ratelimit.v3.RateLimit"; + + // The prefix to use when emitting :ref:`statistics `. + string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; + + // The rate limit domain to use in the rate limit service request. + string domain = 2 [(validate.rules).string = {min_len: 1}]; + + // The rate limit descriptor list to use in the rate limit service request. + repeated common.ratelimit.v3.RateLimitDescriptor descriptors = 3 + [(validate.rules).repeated = {min_items: 1}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 4; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 5; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 6 + [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD b/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..a58bc9ebda54 --- /dev/null +++ b/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/ratelimit/v4alpha:pkg", + "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto b/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000000..ed49380f8318 --- /dev/null +++ b/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.thrift.ratelimit] + +// [#next-free-field: 6] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3.RateLimit"; + + // The rate limit domain to use in the rate limit service request. + string domain = 1 [(validate.rules).string = {min_len: 1}]; + + // Specifies the rate limit configuration stage. Each configured rate limit filter performs a + // rate limit check using descriptors configured in the + // :ref:`envoy_api_msg_extensions.filters.network.thrift_proxy.v4alpha.RouteAction` for the request. + // Only those entries with a matching stage number are used for a given filter. If not set, the + // default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 3; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 4; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 5 + [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/service/accesslog/v4alpha/als.proto b/api/envoy/service/accesslog/v4alpha/als.proto index e7e96583fd2c..e2c8bbbc8068 100644 --- a/api/envoy/service/accesslog/v4alpha/als.proto +++ b/api/envoy/service/accesslog/v4alpha/als.proto @@ -49,7 +49,7 @@ message StreamAccessLogsMessage { config.core.v4alpha.Node node = 1 [(validate.rules).message = {required: true}]; // The friendly name of the log configured in :ref:`CommonGrpcAccessLogConfig - // `. + // `. string log_name = 2 [(validate.rules).string = {min_len: 1}]; } diff --git a/configs/envoy_front_proxy.template.yaml b/configs/envoy_front_proxy.template.yaml index 274d95bb9292..974fae913d82 100644 --- a/configs/envoy_front_proxy.template.yaml +++ b/configs/envoy_front_proxy.template.yaml @@ -62,6 +62,7 @@ domain: envoy_front request_type: external rate_limit_service: + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ratelimit diff --git a/configs/envoy_service_to_service.template.yaml b/configs/envoy_service_to_service.template.yaml index 108e680866b6..1a88dc2718dc 100644 --- a/configs/envoy_service_to_service.template.yaml +++ b/configs/envoy_service_to_service.template.yaml @@ -159,6 +159,7 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit domain: envoy_service_to_service rate_limit_service: + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ratelimit @@ -182,8 +183,10 @@ static_resources: stat_prefix: egress_http rds: config_source: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: "rds" @@ -220,6 +223,7 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit domain: envoy_service_to_service rate_limit_service: + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ratelimit @@ -554,8 +558,10 @@ static_resources: protocol: TCP dynamic_resources: cds_config: + resource_api_version: V3 api_config_source: api_type: REST + transport_api_version: V3 cluster_names: - cds_cluster refresh_delay: 30s diff --git a/configs/routing_helper.template.yaml b/configs/routing_helper.template.yaml index 02b1a92346f9..42bea30dd86c 100644 --- a/configs/routing_helper.template.yaml +++ b/configs/routing_helper.template.yaml @@ -15,8 +15,10 @@ type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 api_config_source: api_type: REST + transport_api_version: V3 cluster_names: - sds refresh_delay: 30s diff --git a/docs/root/configuration/overview/examples.rst b/docs/root/configuration/overview/examples.rst index efa3e01a4ad8..de55b3d4093f 100644 --- a/docs/root/configuration/overview/examples.rst +++ b/docs/root/configuration/overview/examples.rst @@ -99,8 +99,10 @@ on 127.0.0.1:5678 is provided below: type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: - envoy_grpc: cluster_name: xds_cluster @@ -178,14 +180,18 @@ below: dynamic_resources: lds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: - envoy_grpc: cluster_name: xds_cluster cds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: - envoy_grpc: cluster_name: xds_cluster @@ -238,8 +244,10 @@ The management server could respond to LDS requests with: rds: route_config_name: local_route config_source: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: - envoy_grpc: cluster_name: xds_cluster @@ -274,8 +282,10 @@ The management server could respond to CDS requests with: type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: - envoy_grpc: cluster_name: xds_cluster diff --git a/docs/root/configuration/overview/extension.rst b/docs/root/configuration/overview/extension.rst index 91001530d50b..fc89b934ccc1 100644 --- a/docs/root/configuration/overview/extension.rst +++ b/docs/root/configuration/overview/extension.rst @@ -21,8 +21,10 @@ filter configuration snippet is permitted: rds: route_config_name: local_route config_source: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster @@ -49,9 +51,11 @@ follows: codec_type: AUTO rds: route_config_name: local_route + resource_api_version: V3 config_source: api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster diff --git a/docs/root/configuration/overview/xds_api.rst b/docs/root/configuration/overview/xds_api.rst index 3217c000b209..6a85db46d0ed 100644 --- a/docs/root/configuration/overview/xds_api.rst +++ b/docs/root/configuration/overview/xds_api.rst @@ -25,9 +25,10 @@ as a client when .. code-block:: yaml cds_config: + resource_api_version: V3 api_config_source: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_xds_cluster @@ -46,9 +47,10 @@ for the service definition. This is used by Envoy as a client when .. code-block:: yaml eds_config: + resource_api_version: V3 api_config_source: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_xds_cluster @@ -67,9 +69,10 @@ for the service definition. This is used by Envoy as a client when .. code-block:: yaml lds_config: + resource_api_version: V3 api_config_source: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_xds_cluster @@ -89,9 +92,10 @@ for the service definition. This is used by Envoy as a client when route_config_name: some_route_name config_source: + resource_api_version: V3 api_config_source: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_xds_cluster @@ -112,10 +116,11 @@ for the service definition. This is used by Envoy as a client when name: some_scoped_route_name scoped_rds: + resource_api_version: V3 config_source: api_config_source: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_xds_cluster @@ -136,9 +141,10 @@ for the service definition. This is used by Envoy as a client when name: some_secret_name config_source: + resource_api_version: V3 api_config_source: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_xds_cluster @@ -157,9 +163,10 @@ for the service definition. This is used by Envoy as a client when name: some_runtime_layer_name config_source: + resource_api_version: V3 api_config_source: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_xds_cluster @@ -180,9 +187,10 @@ for the service definition. This is used by Envoy as a client when .. code-block:: yaml cds_config: + resource_api_version: V3 api_config_source: api_type: REST - transport_api_version: + transport_api_version: V3 cluster_names: [some_xds_cluster] is set in the :ref:`dynamic_resources @@ -199,9 +207,10 @@ for the service definition. This is used by Envoy as a client when .. code-block:: yaml eds_config: + resource_api_version: V3 api_config_source: api_type: REST - transport_api_version: + transport_api_version: V3 cluster_names: [some_xds_cluster] is set in the :ref:`eds_cluster_config @@ -218,9 +227,10 @@ for the service definition. This is used by Envoy as a client when .. code-block:: yaml lds_config: + resource_api_version: V3 api_config_source: api_type: REST - transport_api_version: + transport_api_version: V3 cluster_names: [some_xds_cluster] is set in the :ref:`dynamic_resources @@ -238,9 +248,10 @@ for the service definition. This is used by Envoy as a client when route_config_name: some_route_name config_source: + resource_api_version: V3 api_config_source: api_type: REST - transport_api_version: + transport_api_version: V3 cluster_names: [some_xds_cluster] is set in the :ref:`rds @@ -295,7 +306,7 @@ for the service definition. This is used by Envoy as a client when ads_config: api_type: GRPC - transport_api_version: + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: some_ads_cluster @@ -310,8 +321,10 @@ be set to use the ADS channel. For example, a LDS config could be changed from .. code-block:: yaml lds_config: + resource_api_version: V3 api_config_source: api_type: REST + transport_api_version: V3 cluster_names: [some_xds_cluster] to @@ -369,4 +382,4 @@ within the response, while for SotW xDS the server may wrap individual resources :ref:`Resource ` in order to specify a TTL value. The server can refresh or modify the TTL by issuing another response for the same version. In this case the resource -itself does not have to be included. \ No newline at end of file +itself does not have to be included. diff --git a/docs/root/configuration/security/secret.rst b/docs/root/configuration/security/secret.rst index c9ebf2b746d4..7dc43d4f2d75 100644 --- a/docs/root/configuration/security/secret.rst +++ b/docs/root/configuration/security/secret.rst @@ -177,8 +177,10 @@ This example shows how to configure secrets fetched from remote SDS servers: tls_certificate_sds_secret_configs: - name: client_cert sds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: google_grpc: target_uri: unix:/tmp/uds_path @@ -193,16 +195,20 @@ This example shows how to configure secrets fetched from remote SDS servers: tls_certificate_sds_secret_configs: - name: server_cert sds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: sds_server_mtls validation_context_sds_secret_config: name: validation_context sds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: sds_server_uds diff --git a/docs/root/faq/api/envoy_upgrade_v3.rst b/docs/root/faq/api/envoy_upgrade_v3.rst index 5f6d08334277..01bde9d01336 100644 --- a/docs/root/faq/api/envoy_upgrade_v3.rst +++ b/docs/root/faq/api/envoy_upgrade_v3.rst @@ -2,7 +2,9 @@ If I upgrade to Envoy 1.13+, do I need to use the v3 API? ========================================================= The v2 API is deprecated in the 1.13.0 release (January 2020). It will be fully supported for the -duration of 2020 and then all support for v2 will be removed from Envoy at EOY 2020. +duration of 2020 and then all support for v2 will be removed from Envoy during Q1 2021. It is +disabled by default, see this :ref:`entry ` for further details. + All existing v2 boostrap and xDS configuration should continue to work seamlessly in 1.13.0 and for the duration of 2020. Envoy internally operates at v3+, but does so by transparently upgrading diff --git a/docs/root/faq/api/envoy_v2_support.rst b/docs/root/faq/api/envoy_v2_support.rst index f9a2f9778646..d02a99afc866 100644 --- a/docs/root/faq/api/envoy_v2_support.rst +++ b/docs/root/faq/api/envoy_v2_support.rst @@ -1,6 +1,6 @@ How long will the v2 APIs be supported? ======================================= -The v2 xDS APIs are deprecated and will be removed form Envoy at the end of 2020, as per the +The v2 xDS APIs are deprecated and will be removed form Envoy in Q1 2021, as per the :repo:`API versioning policy `. diff --git a/docs/root/faq/api/envoy_v3.rst b/docs/root/faq/api/envoy_v3.rst index 0cf4c803c90c..841fd02b11e9 100644 --- a/docs/root/faq/api/envoy_v3.rst +++ b/docs/root/faq/api/envoy_v3.rst @@ -1,3 +1,5 @@ +.. _faq_api_v3_config: + How do I configure Envoy to use the v3 API? =========================================== @@ -18,10 +20,11 @@ distinction is as follows: ` indicates whether a v2 or v3 resource, e.g. v2 *RouteConfiguration* or v3 *RouteConfiguration*, is delivered. +The API version must be set for both transport and resource API versions. + It is possible to use a mixture of transport API and resource API versions, e.g. to deliver v2 *Listener* resources and v3 *RouteConfiguration* resources over a v2 ADS transport. This is an intentional feature designed to provide for gradual migration of Envoy deployments from v2 to v3. -There may be some operational advantage in having vM resources delivered over vN endpoints, so we -provide the flexibility to make this call by appropriate configuration of :ref:`config sources -`. +If you see a warning or error with ``V2 (and AUTO) xDS transport protocol versions are deprecated``, +it is likely that you are missing explicit V3 configuration of the transport API version. diff --git a/docs/root/faq/api/transition.rst b/docs/root/faq/api/transition.rst new file mode 100644 index 000000000000..ebd28c0d4151 --- /dev/null +++ b/docs/root/faq/api/transition.rst @@ -0,0 +1,15 @@ +.. _faq_api_version_transition: + +How do I continue to use the v2 xDS API until Q1 2021? +====================================================== + +The v2 xDS API is deprecated and disabled-by-default in Envoy. Envoy support for v2 xDS will be +removed during Q1 2021. + +In the interim, you can continue to use the v2 API for the this transitional period by: + +* Setting :option:`--bootstrap-version` 2 on the CLI for a v2 bootstrap file. +* Enabling the runtime `envoy.reloadable_features.enable_deprecated_v2_api` feature. This is + implicitly enabled if a v2 :option:`--bootstrap-version` is set. + +See this :ref:`entry ` for guidance on how to configure the v3 API. diff --git a/docs/root/faq/overview.rst b/docs/root/faq/overview.rst index d8225f95933e..2bfff2ec223b 100644 --- a/docs/root/faq/overview.rst +++ b/docs/root/faq/overview.rst @@ -17,6 +17,7 @@ API .. toctree:: :maxdepth: 2 + api/transition api/envoy_v2_support api/envoy_v3 api/envoy_upgrade_v3 diff --git a/docs/root/start/sandboxes/ext_authz.rst b/docs/root/start/sandboxes/ext_authz.rst index 35114beca8ea..27bcd4310b2d 100644 --- a/docs/root/start/sandboxes/ext_authz.rst +++ b/docs/root/start/sandboxes/ext_authz.rst @@ -137,7 +137,7 @@ as the authorization server. To run this example: $ docker-compose pull $ # Tearing down the currently running setup $ docker-compose down - $ FRONT_ENVOY_YAML=config/opa-service/v2.yaml docker-compose up --build -d + $ FRONT_ENVOY_YAML=config/opa-service/v3.yaml docker-compose up --build -d And sending a request to the upstream service (via the Front Envoy) gives: diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 96d0f9a734a9..e8fd3fa205c9 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -5,7 +5,8 @@ Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* -* config: v2 is now fatal-by-default. This may be overridden by setting :option:`--bootstrap-version` 2 on the CLI for a v2 bootstrap file and also enabling the runtime `envoy.reloadable_features.enable_deprecated_v2_api` feature. +* config: v2 is now fatal-by-default. This may be overridden by setting :option:`--bootstrap-version` 2 on the CLI for a v2 bootstrap file and also enabling the runtime `envoy.reloadable_features.enable_deprecated_v2_api` feature. See + the :ref:`FAQ entry ` for further details. Minor Behavior Changes ---------------------- diff --git a/examples/ext_authz/auth/grpc-service/main.go b/examples/ext_authz/auth/grpc-service/main.go index 6861bce06055..bbfaf9a989d6 100644 --- a/examples/ext_authz/auth/grpc-service/main.go +++ b/examples/ext_authz/auth/grpc-service/main.go @@ -6,12 +6,10 @@ import ( "log" "net" - envoy_service_auth_v2 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2" envoy_service_auth_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" "google.golang.org/grpc" "github.com/envoyproxy/envoy/examples/ext_authz/auth/grpc-service/pkg/auth" - auth_v2 "github.com/envoyproxy/envoy/examples/ext_authz/auth/grpc-service/pkg/auth/v2" auth_v3 "github.com/envoyproxy/envoy/examples/ext_authz/auth/grpc-service/pkg/auth/v3" ) @@ -32,9 +30,7 @@ func main() { } gs := grpc.NewServer() - // Serve v3 and v2. envoy_service_auth_v3.RegisterAuthorizationServer(gs, auth_v3.New(users)) - envoy_service_auth_v2.RegisterAuthorizationServer(gs, auth_v2.New(users)) log.Printf("starting gRPC server on: %d\n", *port) diff --git a/examples/ext_authz/auth/grpc-service/pkg/auth/v2/auth.go b/examples/ext_authz/auth/grpc-service/pkg/auth/v2/auth.go deleted file mode 100644 index 3b16c6c5cb9f..000000000000 --- a/examples/ext_authz/auth/grpc-service/pkg/auth/v2/auth.go +++ /dev/null @@ -1,68 +0,0 @@ -package v2 - -import ( - "context" - "log" - "strings" - - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_service_auth_v2 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2" - "github.com/golang/protobuf/ptypes/wrappers" - "google.golang.org/genproto/googleapis/rpc/code" - "google.golang.org/genproto/googleapis/rpc/status" - - "github.com/envoyproxy/envoy/examples/ext_authz/auth/grpc-service/pkg/auth" -) - -type server struct { - users auth.Users -} - -var _ envoy_service_auth_v2.AuthorizationServer = &server{} - -// New creates a new authorization server. -func New(users auth.Users) envoy_service_auth_v2.AuthorizationServer { - return &server{users} -} - -// Check implements authorization's Check interface which performs authorization check based on the -// attributes associated with the incoming request. -func (s *server) Check( - ctx context.Context, - req *envoy_service_auth_v2.CheckRequest) (*envoy_service_auth_v2.CheckResponse, error) { - authorization := req.Attributes.Request.Http.Headers["authorization"] - log.Println(authorization) - - extracted := strings.Fields(authorization) - if len(extracted) == 2 && extracted[0] == "Bearer" { - valid, user := s.users.Check(extracted[1]) - if valid { - return &envoy_service_auth_v2.CheckResponse{ - HttpResponse: &envoy_service_auth_v2.CheckResponse_OkResponse{ - OkResponse: &envoy_service_auth_v2.OkHttpResponse{ - Headers: []*envoy_api_v2_core.HeaderValueOption{ - { - Append: &wrappers.BoolValue{Value: false}, - Header: &envoy_api_v2_core.HeaderValue{ - // For a successful request, the authorization server sets the - // x-current-user value. - Key: "x-current-user", - Value: user, - }, - }, - }, - }, - }, - Status: &status.Status{ - Code: int32(code.Code_OK), - }, - }, nil - } - } - - return &envoy_service_auth_v2.CheckResponse{ - Status: &status.Status{ - Code: int32(code.Code_PERMISSION_DENIED), - }, - }, nil -} diff --git a/examples/ext_authz/config/grpc-service/v2.yaml b/examples/ext_authz/config/grpc-service/v2.yaml deleted file mode 100644 index 94c6af03169e..000000000000 --- a/examples/ext_authz/config/grpc-service/v2.yaml +++ /dev/null @@ -1,65 +0,0 @@ -static_resources: - listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 8000 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - codec_type: auto - stat_prefix: ingress_http - route_config: - name: local_route - virtual_hosts: - - name: upstream - domains: - - "*" - routes: - - match: - prefix: "/" - route: - cluster: upstream-service - http_filters: - - name: envoy.filters.http.ext_authz - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz - grpc_service: - envoy_grpc: - cluster_name: ext_authz-grpc-service - timeout: 0.250s - transport_api_version: V2 - - name: envoy.filters.http.router - typed_config: {} - - clusters: - - name: upstream-service - connect_timeout: 0.250s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: upstream-service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: upstream-service - port_value: 8080 - - - name: ext_authz-grpc-service - connect_timeout: 0.250s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: ext_authz-grpc-service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: ext_authz-grpc-service - port_value: 9001 diff --git a/examples/ext_authz/config/http-service.yaml b/examples/ext_authz/config/http-service.yaml index 6a7ddb11f1ee..566b0ea8bc92 100644 --- a/examples/ext_authz/config/http-service.yaml +++ b/examples/ext_authz/config/http-service.yaml @@ -26,6 +26,7 @@ static_resources: - name: envoy.filters.http.ext_authz typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz + transport_api_version: V3 http_service: server_uri: uri: ext_authz diff --git a/examples/ext_authz/config/opa-service/policy.rego b/examples/ext_authz/config/opa-service/policy.rego index 2f9bdf5d2db9..484f01923c22 100644 --- a/examples/ext_authz/config/opa-service/policy.rego +++ b/examples/ext_authz/config/opa-service/policy.rego @@ -1,9 +1,11 @@ -package istio.authz +package envoy.authz + +import input.attributes.request.http as http_request default allow = false allow = response { - input.attributes.request.http.method == "GET" + http_request.method == "GET" response := { "allowed": true, "headers": {"x-current-user": "OPA"} diff --git a/examples/ext_authz/config/opa-service/v2.yaml b/examples/ext_authz/config/opa-service/v3.yaml similarity index 97% rename from examples/ext_authz/config/opa-service/v2.yaml rename to examples/ext_authz/config/opa-service/v3.yaml index b12bd2e0381e..e0b4d0b4b0af 100644 --- a/examples/ext_authz/config/opa-service/v2.yaml +++ b/examples/ext_authz/config/opa-service/v3.yaml @@ -30,7 +30,7 @@ static_resources: envoy_grpc: cluster_name: ext_authz-opa-service timeout: 0.250s - transport_api_version: V2 + transport_api_version: V3 - name: envoy.filters.http.router typed_config: {} diff --git a/examples/ext_authz/docker-compose.yaml b/examples/ext_authz/docker-compose.yaml index f7e2687756d6..1805409cc65d 100644 --- a/examples/ext_authz/docker-compose.yaml +++ b/examples/ext_authz/docker-compose.yaml @@ -33,7 +33,7 @@ services: - envoymesh ext_authz-opa-service: - image: openpolicyagent/opa:0.21.0-istio + image: openpolicyagent/opa:0.25.1-istio volumes: - ./config/opa-service/policy.rego:/etc/policy.rego command: diff --git a/examples/ext_authz/verify.sh b/examples/ext_authz/verify.sh index 60cef4b1c581..77171640101c 100755 --- a/examples/ext_authz/verify.sh +++ b/examples/ext_authz/verify.sh @@ -27,9 +27,9 @@ responds_with_header \ -H "Authorization: Bearer token1" \ http://localhost:8000/service -run_log "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v2.yaml" +run_log "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v3.yaml" docker-compose down -FRONT_ENVOY_YAML=config/opa-service/v2.yaml docker-compose up -d +FRONT_ENVOY_YAML=config/opa-service/v3.yaml docker-compose up -d sleep 10 run_log "Test OPA service responds with 200" diff --git a/examples/load-reporting-service/service-envoy-w-lrs.yaml b/examples/load-reporting-service/service-envoy-w-lrs.yaml index 50ab094dee05..daec03aab7ec 100644 --- a/examples/load-reporting-service/service-envoy-w-lrs.yaml +++ b/examples/load-reporting-service/service-envoy-w-lrs.yaml @@ -56,6 +56,7 @@ static_resources: cluster_manager: load_stats_config: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: load_reporting_cluster diff --git a/generated_api_shadow/envoy/api/v2/core/config_source.proto b/generated_api_shadow/envoy/api/v2/core/config_source.proto index 7032b2c10d87..6cf44dbe9bbd 100644 --- a/generated_api_shadow/envoy/api/v2/core/config_source.proto +++ b/generated_api_shadow/envoy/api/v2/core/config_source.proto @@ -26,10 +26,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/generated_api_shadow/envoy/config/accesslog/v4alpha/accesslog.proto b/generated_api_shadow/envoy/config/accesslog/v4alpha/accesslog.proto index 0714b614c41d..73769ca8aea9 100644 --- a/generated_api_shadow/envoy/config/accesslog/v4alpha/accesslog.proto +++ b/generated_api_shadow/envoy/config/accesslog/v4alpha/accesslog.proto @@ -47,9 +47,9 @@ message AccessLog { // #. "envoy.access_loggers.file": :ref:`FileAccessLog // ` // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig - // ` + // ` // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig - // ` + // ` oneof config_type { google.protobuf.Any typed_config = 4; } diff --git a/generated_api_shadow/envoy/config/core/v3/config_source.proto b/generated_api_shadow/envoy/config/core/v3/config_source.proto index d072a6f1ed20..650ccd1af27f 100644 --- a/generated_api_shadow/envoy/config/core/v3/config_source.proto +++ b/generated_api_shadow/envoy/config/core/v3/config_source.proto @@ -27,10 +27,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/generated_api_shadow/envoy/config/core/v4alpha/config_source.proto b/generated_api_shadow/envoy/config/core/v4alpha/config_source.proto index 725da27f27e8..e5a7381181b9 100644 --- a/generated_api_shadow/envoy/config/core/v4alpha/config_source.proto +++ b/generated_api_shadow/envoy/config/core/v4alpha/config_source.proto @@ -27,10 +27,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + hidden_envoy_deprecated_AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + hidden_envoy_deprecated_V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/generated_api_shadow/envoy/config/ratelimit/v4alpha/BUILD b/generated_api_shadow/envoy/config/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..f335ebe20e6b --- /dev/null +++ b/generated_api_shadow/envoy/config/ratelimit/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/config/ratelimit/v4alpha/rls.proto b/generated_api_shadow/envoy/config/ratelimit/v4alpha/rls.proto new file mode 100644 index 000000000000..7a13efd7395e --- /dev/null +++ b/generated_api_shadow/envoy/config/ratelimit/v4alpha/rls.proto @@ -0,0 +1,34 @@ +syntax = "proto3"; + +package envoy.config.ratelimit.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.ratelimit.v4alpha"; +option java_outer_classname = "RlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit service] + +// Rate limit :ref:`configuration overview `. +message RateLimitServiceConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.ratelimit.v3.RateLimitServiceConfig"; + + reserved 1, 3; + + // Specifies the gRPC service that hosts the rate limit service. The client + // will connect to this cluster when it needs to make rate limit service + // requests. + core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}]; + + // API version for rate limit transport protocol. This describes the rate limit gRPC endpoint and + // version of messages used on the wire. + core.v4alpha.ApiVersion transport_api_version = 4 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/generated_api_shadow/envoy/extensions/access_loggers/grpc/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/access_loggers/grpc/v4alpha/BUILD new file mode 100644 index 000000000000..83758c9e0b82 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/access_loggers/grpc/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/extensions/access_loggers/grpc/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/access_loggers/grpc/v4alpha/als.proto b/generated_api_shadow/envoy/extensions/access_loggers/grpc/v4alpha/als.proto new file mode 100644 index 000000000000..c7bf15948b23 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/access_loggers/grpc/v4alpha/als.proto @@ -0,0 +1,89 @@ +syntax = "proto3"; + +package envoy.extensions.access_loggers.grpc.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.access_loggers.grpc.v4alpha"; +option java_outer_classname = "AlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC Access Log Service (ALS)] + +// Configuration for the built-in *envoy.access_loggers.http_grpc* +// :ref:`AccessLog `. This configuration will +// populate :ref:`StreamAccessLogsMessage.http_logs +// `. +// [#extension: envoy.access_loggers.http_grpc] +message HttpGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig"; + + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; + + // Additional request headers to log in :ref:`HTTPRequestProperties.request_headers + // `. + repeated string additional_request_headers_to_log = 2; + + // Additional response headers to log in :ref:`HTTPResponseProperties.response_headers + // `. + repeated string additional_response_headers_to_log = 3; + + // Additional response trailers to log in :ref:`HTTPResponseProperties.response_trailers + // `. + repeated string additional_response_trailers_to_log = 4; +} + +// Configuration for the built-in *envoy.access_loggers.tcp_grpc* type. This configuration will +// populate *StreamAccessLogsMessage.tcp_logs*. +// [#extension: envoy.access_loggers.tcp_grpc] +message TcpGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig"; + + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; +} + +// Common configuration for gRPC access logs. +// [#next-free-field: 7] +message CommonGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.CommonGrpcAccessLogConfig"; + + // The friendly name of the access log to be returned in :ref:`StreamAccessLogsMessage.Identifier + // `. This allows the + // access log server to differentiate between different access logs coming from the same Envoy. + string log_name = 1 [(validate.rules).string = {min_len: 1}]; + + // The gRPC service for the access log service. + config.core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}]; + + // API version for access logs service transport protocol. This describes the access logs service + // gRPC endpoint and version of messages used on the wire. + config.core.v4alpha.ApiVersion transport_api_version = 6 + [(validate.rules).enum = {defined_only: true}]; + + // Interval for flushing access logs to the gRPC stream. Logger will flush requests every time + // this interval is elapsed, or when batch size limit is hit, whichever comes first. Defaults to + // 1 second. + google.protobuf.Duration buffer_flush_interval = 3 [(validate.rules).duration = {gt {}}]; + + // Soft size limit in bytes for access log entries buffer. Logger will buffer requests until + // this limit it hit, or every time flush interval is elapsed, whichever comes first. Setting it + // to zero effectively disables the batching. Defaults to 16384. + google.protobuf.UInt32Value buffer_size_bytes = 4; + + // Additional filter state objects to log in :ref:`filter_state_objects + // `. + // Logger will call `FilterState::Object::serializeAsProto` to serialize the filter state object. + repeated string filter_state_objects_to_log = 5; +} diff --git a/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..329e11fc5017 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/ratelimit/v4alpha:pkg", + "//envoy/extensions/filters/http/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto b/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000000..688be29e6aab --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,125 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.http.ratelimit] + +// [#next-free-field: 10] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.ratelimit.v3.RateLimit"; + + // Defines the version of the standard to use for X-RateLimit headers. + enum XRateLimitHeadersRFCVersion { + // X-RateLimit headers disabled. + OFF = 0; + + // Use `draft RFC Version 03 `_. + DRAFT_VERSION_03 = 1; + } + + // The rate limit domain to use when calling the rate limit service. + string domain = 1 [(validate.rules).string = {min_len: 1}]; + + // Specifies the rate limit configurations to be applied with the same + // stage number. If not set, the default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}]; + + // The type of requests the filter should apply to. The supported + // types are *internal*, *external* or *both*. A request is considered internal if + // :ref:`x-envoy-internal` is set to true. If + // :ref:`x-envoy-internal` is not set or false, a + // request is considered external. The filter defaults to *both*, and it will apply to all request + // types. + string request_type = 3 + [(validate.rules).string = {in: "internal" in: "external" in: "both" in: ""}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 4; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + bool failure_mode_deny = 5; + + // Specifies whether a `RESOURCE_EXHAUSTED` gRPC code must be returned instead + // of the default `UNAVAILABLE` gRPC code for a rate limited gRPC call. The + // HTTP code will be 200 for a gRPC response. + bool rate_limited_as_resource_exhausted = 6; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 7 + [(validate.rules).message = {required: true}]; + + // Defines the standard version to use for X-RateLimit headers emitted by the filter: + // + // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the + // client in the current time-window followed by the description of the + // quota policy. The values are returned by the rate limiting service in + // :ref:`current_limit` + // field. Example: `10, 10;w=1;name="per-ip", 1000;w=3600`. + // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the + // current time-window. The values are returned by the rate limiting service + // in :ref:`limit_remaining` + // field. + // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of + // the current time-window. The values are returned by the rate limiting service + // in :ref:`duration_until_reset` + // field. + // + // In case rate limiting policy specifies more then one time window, the values + // above represent the window that is closest to reaching its limit. + // + // For more information about the headers specification see selected version of + // the `draft RFC `_. + // + // Disabled by default. + XRateLimitHeadersRFCVersion enable_x_ratelimit_headers = 8 + [(validate.rules).enum = {defined_only: true}]; + + // Disables emitting the :ref:`x-envoy-ratelimited` header + // in case of rate limiting (i.e. 429 responses). + // Having this header not present potentially makes the request retriable. + bool disable_x_envoy_ratelimited_header = 9; +} + +message RateLimitPerRoute { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute"; + + enum VhRateLimitsOptions { + // Use the virtual host rate limits unless the route has a rate limit policy. + OVERRIDE = 0; + + // Use the virtual host rate limits even if the route has a rate limit policy. + INCLUDE = 1; + + // Ignore the virtual host rate limits even if the route does not have a rate limit policy. + IGNORE = 2; + } + + // Specifies if the rate limit filter should include the virtual host rate limits. + VhRateLimitsOptions vh_rate_limits = 1 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..d9d0ca109526 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/ratelimit/v4alpha:pkg", + "//envoy/extensions/common/ratelimit/v3:pkg", + "//envoy/extensions/filters/network/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto b/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000000..b53cb3bcc1d0 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,53 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; +import "envoy/extensions/common/ratelimit/v3/ratelimit.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.network.ratelimit] + +// [#next-free-field: 7] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.ratelimit.v3.RateLimit"; + + // The prefix to use when emitting :ref:`statistics `. + string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; + + // The rate limit domain to use in the rate limit service request. + string domain = 2 [(validate.rules).string = {min_len: 1}]; + + // The rate limit descriptor list to use in the rate limit service request. + repeated common.ratelimit.v3.RateLimitDescriptor descriptors = 3 + [(validate.rules).repeated = {min_items: 1}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 4; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 5; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 6 + [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD new file mode 100644 index 000000000000..a58bc9ebda54 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/ratelimit/v4alpha:pkg", + "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000000..ed49380f8318 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.thrift.ratelimit] + +// [#next-free-field: 6] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3.RateLimit"; + + // The rate limit domain to use in the rate limit service request. + string domain = 1 [(validate.rules).string = {min_len: 1}]; + + // Specifies the rate limit configuration stage. Each configured rate limit filter performs a + // rate limit check using descriptors configured in the + // :ref:`envoy_api_msg_extensions.filters.network.thrift_proxy.v4alpha.RouteAction` for the request. + // Only those entries with a matching stage number are used for a given filter. If not set, the + // default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 3; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 4; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 5 + [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/service/accesslog/v4alpha/als.proto b/generated_api_shadow/envoy/service/accesslog/v4alpha/als.proto index e7e96583fd2c..e2c8bbbc8068 100644 --- a/generated_api_shadow/envoy/service/accesslog/v4alpha/als.proto +++ b/generated_api_shadow/envoy/service/accesslog/v4alpha/als.proto @@ -49,7 +49,7 @@ message StreamAccessLogsMessage { config.core.v4alpha.Node node = 1 [(validate.rules).message = {required: true}]; // The friendly name of the log configured in :ref:`CommonGrpcAccessLogConfig - // `. + // `. string log_name = 2 [(validate.rules).string = {min_len: 1}]; } diff --git a/source/common/config/subscription_factory_impl.cc b/source/common/config/subscription_factory_impl.cc index c59c73f58150..bb07b4d72d96 100644 --- a/source/common/config/subscription_factory_impl.cc +++ b/source/common/config/subscription_factory_impl.cc @@ -30,16 +30,6 @@ SubscriptionPtr SubscriptionFactoryImpl::subscriptionFromConfigSource( Config::Utility::checkLocalInfo(type_url, local_info_); std::unique_ptr result; SubscriptionStats stats = Utility::generateStats(scope); - auto& runtime_snapshot = runtime_.snapshot(); - - const auto transport_api_version = config.api_config_source().transport_api_version(); - if (transport_api_version == envoy::config::core::v3::ApiVersion::V2 && - runtime_snapshot.runtimeFeatureEnabled( - "envoy.reloadable_features.enable_deprecated_v2_api_warning")) { - runtime_.countDeprecatedFeatureUse(); - ENVOY_LOG(warn, - "xDS of version v2 has been deprecated and will be removed in subsequent versions"); - } switch (config.config_source_specifier_case()) { case envoy::config::core::v3::ConfigSource::ConfigSourceSpecifierCase::kPath: { @@ -51,6 +41,23 @@ SubscriptionPtr SubscriptionFactoryImpl::subscriptionFromConfigSource( const envoy::config::core::v3::ApiConfigSource& api_config_source = config.api_config_source(); Utility::checkApiConfigSourceSubscriptionBackingCluster(cm_.primaryClusters(), api_config_source); + const auto transport_api_version = api_config_source.transport_api_version(); + if (transport_api_version == envoy::config::core::v3::ApiVersion::AUTO || + transport_api_version == envoy::config::core::v3::ApiVersion::V2) { + runtime_.countDeprecatedFeatureUse(); + const std::string& warning = fmt::format( + "V2 (and AUTO) xDS transport protocol versions are deprecated in {}. " + "The v2 xDS major version is deprecated and disabled by default. Support for v2 will be " + "removed from Envoy at the start of Q1 2021. You may make use of v2 in Q4 2020 by " + "following the advice in https://www.envoyproxy.io/docs/envoy/latest/faq/api/transition.", + config.DebugString()); + ENVOY_LOG(warn, warning); + auto& runtime_snapshot = runtime_.snapshot(); + if (!runtime_snapshot.runtimeFeatureEnabled( + "envoy.reloadable_features.enable_deprecated_v2_api")) { + throw DeprecatedMajorVersionException(warning); + } + } switch (api_config_source.api_type()) { case envoy::config::core::v3::ApiConfigSource::hidden_envoy_deprecated_UNSUPPORTED_REST_LEGACY: diff --git a/source/common/protobuf/utility.cc b/source/common/protobuf/utility.cc index e7842b35706e..abea1a600c80 100644 --- a/source/common/protobuf/utility.cc +++ b/source/common/protobuf/utility.cc @@ -304,9 +304,9 @@ void MessageUtil::onVersionUpgradeDeprecation(absl::string_view desc, bool rejec !Runtime::runtimeFeatureEnabled("envoy.reloadable_features.enable_deprecated_v2_api")) { throw DeprecatedMajorVersionException(fmt::format( "The v2 xDS major version is deprecated and disabled by default. Support for v2 will be " - "removed from Envoy at the start of Q1 2021. You may make use of v2 in Q3 2020 by setting " - "'--bootstrap-version 2' on the CLI for a v2 bootstrap file and also enabling the runtime " - "envoy.reloadable_features.enable_deprecated_v2_api flag. ({})", + "removed from Envoy at the start of Q1 2021. You may make use of v2 in Q4 2020 by " + "following " + "the advice in https://www.envoyproxy.io/docs/envoy/latest/faq/api/transition. ({})", desc)); } } diff --git a/source/common/runtime/runtime_features.cc b/source/common/runtime/runtime_features.cc index 48189941e999..74a3ce75f845 100644 --- a/source/common/runtime/runtime_features.cc +++ b/source/common/runtime/runtime_features.cc @@ -65,7 +65,6 @@ constexpr const char* runtime_features[] = { "envoy.reloadable_features.check_ocsp_policy", "envoy.reloadable_features.disallow_unbounded_access_logs", "envoy.reloadable_features.early_errors_via_hcm", - "envoy.reloadable_features.enable_deprecated_v2_api_warning", "envoy.reloadable_features.enable_dns_cache_circuit_breakers", "envoy.reloadable_features.fix_upgrade_response", "envoy.reloadable_features.fix_wildcard_matching", diff --git a/source/server/config_validation/server.cc b/source/server/config_validation/server.cc index 877e7293f293..00010de29587 100644 --- a/source/server/config_validation/server.cc +++ b/source/server/config_validation/server.cc @@ -88,7 +88,7 @@ void ValidationInstance::initialize(const Options& options, bootstrap.node(), local_address, options.serviceZone(), options.serviceClusterName(), options.serviceNodeName()); - Configuration::InitialImpl initial_config(bootstrap); + Configuration::InitialImpl initial_config(bootstrap, options); overload_manager_ = std::make_unique( dispatcher(), stats(), threadLocal(), bootstrap.overload_manager(), messageValidationContext().staticValidationVisitor(), *api_); diff --git a/source/server/configuration_impl.cc b/source/server/configuration_impl.cc index c0b3524adcff..5ab9061a81ae 100644 --- a/source/server/configuration_impl.cc +++ b/source/server/configuration_impl.cc @@ -174,7 +174,9 @@ WatchdogImpl::WatchdogImpl(const envoy::config::bootstrap::v3::Watchdog& watchdo actions_ = watchdog.actions(); } -InitialImpl::InitialImpl(const envoy::config::bootstrap::v3::Bootstrap& bootstrap) { +InitialImpl::InitialImpl(const envoy::config::bootstrap::v3::Bootstrap& bootstrap, + const Options& options) + : enable_deprecated_v2_api_(options.bootstrapVersion() == 2) { const auto& admin = bootstrap.admin(); admin_.access_log_path_ = admin.access_log_path(); admin_.profile_path_ = @@ -201,6 +203,14 @@ InitialImpl::InitialImpl(const envoy::config::bootstrap::v3::Bootstrap& bootstra } else { Config::translateRuntime(bootstrap.hidden_envoy_deprecated_runtime(), layered_runtime_); } + if (enable_deprecated_v2_api_) { + auto* enabled_deprecated_v2_api_layer = layered_runtime_.add_layers(); + enabled_deprecated_v2_api_layer->set_name("enabled_deprecated_v2_api (auto-injected)"); + auto* static_layer = enabled_deprecated_v2_api_layer->mutable_static_layer(); + ProtobufWkt::Value val; + val.set_bool_value(true); + (*static_layer->mutable_fields())["envoy.reloadable_features.enable_deprecated_v2_api"] = val; + } } } // namespace Configuration diff --git a/source/server/configuration_impl.h b/source/server/configuration_impl.h index dc7a893ab629..41cb45b930ac 100644 --- a/source/server/configuration_impl.h +++ b/source/server/configuration_impl.h @@ -152,7 +152,7 @@ class WatchdogImpl : public Watchdog { */ class InitialImpl : public Initial { public: - InitialImpl(const envoy::config::bootstrap::v3::Bootstrap& bootstrap); + InitialImpl(const envoy::config::bootstrap::v3::Bootstrap& bootstrap, const Options& options); // Server::Configuration::Initial Admin& admin() override { return admin_; } @@ -175,6 +175,7 @@ class InitialImpl : public Initial { Network::Socket::OptionsSharedPtr socket_options_; }; + const bool enable_deprecated_v2_api_; AdminImpl admin_; absl::optional flags_path_; envoy::config::bootstrap::v3::LayeredRuntime layered_runtime_; diff --git a/source/server/server.cc b/source/server/server.cc index 9b9606b3f4e1..59e9220583af 100644 --- a/source/server/server.cc +++ b/source/server/server.cc @@ -403,7 +403,7 @@ void InstanceImpl::initialize(const Options& options, bootstrap_.node(), local_address, options.serviceZone(), options.serviceClusterName(), options.serviceNodeName()); - Configuration::InitialImpl initial_config(bootstrap_); + Configuration::InitialImpl initial_config(bootstrap_, options); // Learn original_start_time_ if our parent is still around to inform us of it. restarter_.sendParentAdminShutdownRequest(original_start_time_); diff --git a/test/common/config/subscription_factory_impl_test.cc b/test/common/config/subscription_factory_impl_test.cc index 734aabb6499b..81f68727a7a8 100644 --- a/test/common/config/subscription_factory_impl_test.cc +++ b/test/common/config/subscription_factory_impl_test.cc @@ -108,6 +108,7 @@ TEST_F(SubscriptionFactoryTest, RestClusterSingleton) { Upstream::ClusterManager::ClusterSet primary_clusters; config.mutable_api_config_source()->set_api_type(envoy::config::core::v3::ApiConfigSource::REST); + config.mutable_api_config_source()->set_transport_api_version(envoy::config::core::v3::V3); config.mutable_api_config_source()->mutable_refresh_delay()->set_seconds(1); config.mutable_api_config_source()->add_cluster_names("static_cluster"); primary_clusters.insert("static_cluster"); @@ -122,6 +123,7 @@ TEST_F(SubscriptionFactoryTest, GrpcClusterSingleton) { Upstream::ClusterManager::ClusterSet primary_clusters; config.mutable_api_config_source()->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + config.mutable_api_config_source()->set_transport_api_version(envoy::config::core::v3::V3); config.mutable_api_config_source()->mutable_refresh_delay()->set_seconds(1); config.mutable_api_config_source()->add_grpc_services()->mutable_envoy_grpc()->set_cluster_name( "static_cluster"); @@ -227,6 +229,7 @@ TEST_F(SubscriptionFactoryTest, LegacySubscription) { auto* api_config_source = config.mutable_api_config_source(); api_config_source->set_api_type( envoy::config::core::v3::ApiConfigSource::hidden_envoy_deprecated_UNSUPPORTED_REST_LEGACY); + api_config_source->set_transport_api_version(envoy::config::core::v3::V3); api_config_source->add_cluster_names("static_cluster"); Upstream::ClusterManager::ClusterSet primary_clusters; primary_clusters.insert("static_cluster"); @@ -239,6 +242,7 @@ TEST_F(SubscriptionFactoryTest, HttpSubscriptionCustomRequestTimeout) { envoy::config::core::v3::ConfigSource config; auto* api_config_source = config.mutable_api_config_source(); api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::REST); + api_config_source->set_transport_api_version(envoy::config::core::v3::V3); api_config_source->add_cluster_names("static_cluster"); api_config_source->mutable_refresh_delay()->set_seconds(1); api_config_source->mutable_request_timeout()->set_seconds(5); @@ -257,6 +261,7 @@ TEST_F(SubscriptionFactoryTest, HttpSubscription) { envoy::config::core::v3::ConfigSource config; auto* api_config_source = config.mutable_api_config_source(); api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::REST); + api_config_source->set_transport_api_version(envoy::config::core::v3::V3); api_config_source->add_cluster_names("static_cluster"); api_config_source->mutable_refresh_delay()->set_seconds(1); Upstream::ClusterManager::ClusterSet primary_clusters; @@ -269,7 +274,7 @@ TEST_F(SubscriptionFactoryTest, HttpSubscription) { const Http::AsyncClient::RequestOptions&) { EXPECT_EQ("POST", request->headers().getMethodValue()); EXPECT_EQ("static_cluster", request->headers().getHostValue()); - EXPECT_EQ("/v2/discovery:endpoints", request->headers().getPathValue()); + EXPECT_EQ("/v3/discovery:endpoints", request->headers().getPathValue()); return &http_request_; })); EXPECT_CALL(http_request_, cancel()); @@ -281,6 +286,7 @@ TEST_F(SubscriptionFactoryTest, HttpSubscriptionNoRefreshDelay) { envoy::config::core::v3::ConfigSource config; auto* api_config_source = config.mutable_api_config_source(); api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::REST); + api_config_source->set_transport_api_version(envoy::config::core::v3::V3); api_config_source->add_cluster_names("static_cluster"); Upstream::ClusterManager::ClusterSet primary_clusters; primary_clusters.insert("static_cluster"); @@ -294,6 +300,7 @@ TEST_F(SubscriptionFactoryTest, GrpcSubscription) { envoy::config::core::v3::ConfigSource config; auto* api_config_source = config.mutable_api_config_source(); api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + api_config_source->set_transport_api_version(envoy::config::core::v3::V3); api_config_source->add_grpc_services()->mutable_envoy_grpc()->set_cluster_name("static_cluster"); envoy::config::core::v3::GrpcService expected_grpc_service; expected_grpc_service.mutable_envoy_grpc()->set_cluster_name("static_cluster"); @@ -317,27 +324,54 @@ TEST_F(SubscriptionFactoryTest, GrpcSubscription) { subscriptionFromConfigSource(config)->start({"static_cluster"}); } -TEST_F(SubscriptionFactoryTest, LogWarningOnDeprecatedApi) { +// Use of the V2 transport fails by default. +TEST_F(SubscriptionFactoryTest, LogWarningOnDeprecatedV2Transport) { envoy::config::core::v3::ConfigSource config; config.mutable_api_config_source()->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); config.mutable_api_config_source()->set_transport_api_version( envoy::config::core::v3::ApiVersion::V2); + config.mutable_api_config_source()->add_grpc_services()->mutable_envoy_grpc()->set_cluster_name( + "static_cluster"); + NiceMock snapshot; + EXPECT_CALL(runtime_, snapshot()).WillRepeatedly(ReturnRef(snapshot)); + EXPECT_CALL(snapshot, runtimeFeatureEnabled(_)).WillOnce(Return(false)); + EXPECT_CALL(runtime_, countDeprecatedFeatureUse()); + + Upstream::ClusterManager::ClusterSet primary_clusters; + primary_clusters.insert("static_cluster"); + EXPECT_CALL(cm_, primaryClusters()).WillOnce(ReturnRef(primary_clusters)); + + EXPECT_THROW_WITH_REGEX(subscription_factory_.subscriptionFromConfigSource( + config, Config::TypeUrl::get().ClusterLoadAssignment, stats_store_, + callbacks_, resource_decoder_), + EnvoyException, + "V2 .and AUTO. xDS transport protocol versions are deprecated in"); +} + +// Use of AUTO transport fails by default. This will encourage folks to upgrade to explicit V3. +TEST_F(SubscriptionFactoryTest, LogWarningOnDeprecatedAutoTransport) { + envoy::config::core::v3::ConfigSource config; + + config.mutable_api_config_source()->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + config.mutable_api_config_source()->set_transport_api_version( + envoy::config::core::v3::ApiVersion::AUTO); + config.mutable_api_config_source()->add_grpc_services()->mutable_envoy_grpc()->set_cluster_name( + "static_cluster"); NiceMock snapshot; EXPECT_CALL(runtime_, snapshot()).WillRepeatedly(ReturnRef(snapshot)); - EXPECT_CALL(snapshot, runtimeFeatureEnabled(_)).WillOnce(Return(true)); + EXPECT_CALL(snapshot, runtimeFeatureEnabled(_)).WillOnce(Return(false)); EXPECT_CALL(runtime_, countDeprecatedFeatureUse()); Upstream::ClusterManager::ClusterSet primary_clusters; primary_clusters.insert("static_cluster"); EXPECT_CALL(cm_, primaryClusters()).WillOnce(ReturnRef(primary_clusters)); - EXPECT_LOG_CONTAINS( - "warn", "xDS of version v2 has been deprecated", try { - subscription_factory_.subscriptionFromConfigSource( - config, Config::TypeUrl::get().ClusterLoadAssignment, stats_store_, callbacks_, - resource_decoder_); - } catch (EnvoyException&){/* expected, we pass an empty configuration */}); + EXPECT_THROW_WITH_REGEX(subscription_factory_.subscriptionFromConfigSource( + config, Config::TypeUrl::get().ClusterLoadAssignment, stats_store_, + callbacks_, resource_decoder_), + EnvoyException, + "V2 .and AUTO. xDS transport protocol versions are deprecated in"); } INSTANTIATE_TEST_SUITE_P(SubscriptionFactoryTestApiConfigSource, diff --git a/test/common/grpc/grpc_client_integration.h b/test/common/grpc/grpc_client_integration.h index a7bd2ee4b5d7..13683282d37e 100644 --- a/test/common/grpc/grpc_client_integration.h +++ b/test/common/grpc/grpc_client_integration.h @@ -109,6 +109,17 @@ class DeltaSotwIntegrationParamTest return; \ } +// For VersionedGrpcClientIntegrationParamTest, skip when testing with +// ENVOY_DISABLE_DEPRECATED_FEATURES. +#ifdef ENVOY_DISABLE_DEPRECATED_FEATURES +#define XDS_DEPRECATED_FEATURE_TEST_SKIP \ + if (apiVersion() != envoy::config::core::v3::ApiVersion::V3) { \ + return; \ + } +#else +#define XDS_DEPRECATED_FEATURE_TEST_SKIP +#endif // ENVOY_DISABLE_DEPRECATED_FEATURES + #ifdef ENVOY_GOOGLE_GRPC #define GRPC_CLIENT_INTEGRATION_PARAMS \ testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), \ @@ -140,4 +151,4 @@ class DeltaSotwIntegrationParamTest #endif // ENVOY_GOOGLE_GRPC } // namespace Grpc -} // namespace Envoy \ No newline at end of file +} // namespace Envoy diff --git a/test/common/router/rds_impl_test.cc b/test/common/router/rds_impl_test.cc index 5d6b2e406e2e..06f0b01c3492 100644 --- a/test/common/router/rds_impl_test.cc +++ b/test/common/router/rds_impl_test.cc @@ -298,8 +298,10 @@ TEST_F(RdsImplTest, VHDSandRDSupdateTogether) { ], "vhds": { "config_source": { + "resource_api_version": "V3", "api_config_source": { "api_type": "DELTA_GRPC", + "transport_api_version": "V3", "grpc_services": { "envoy_grpc": { "cluster_name": "xds_cluster" @@ -344,8 +346,10 @@ TEST_F(RdsImplTest, VirtualHostUpdateWhenProviderHasBeenDeallocated) { rds: route_config_name: my_route config_source: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster @@ -394,8 +398,10 @@ TEST_F(RdsRouteConfigSubscriptionTest, CreatesNoopInitManager) { const std::string rds_config = R"EOF( route_config_name: my_route config_source: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster diff --git a/test/common/upstream/cds_api_impl_test.cc b/test/common/upstream/cds_api_impl_test.cc index a914225dd9d0..5f6a65696c52 100644 --- a/test/common/upstream/cds_api_impl_test.cc +++ b/test/common/upstream/cds_api_impl_test.cc @@ -91,6 +91,7 @@ version_info: '0' type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 path: eds path )EOF"; auto response1 = @@ -262,12 +263,14 @@ version_info: '0' type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 path: eds path - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster name: cluster2 type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 path: eds path )EOF"; auto response1 = @@ -291,12 +294,14 @@ version_info: '1' type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 path: eds path - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster name: cluster3 type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 path: eds path )EOF"; auto response2 = @@ -327,12 +332,14 @@ version_info: '0' type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 path: eds path - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster name: cluster1 type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 path: eds path )EOF"; auto response1 = diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index d5a93208f31c..17404a5c8ae5 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -408,6 +408,7 @@ TEST_F(ClusterManagerImplTest, PrimaryClusters) { eds_config: api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: static_cluster diff --git a/test/config/integration/server_xds.bootstrap.udpa.yaml b/test/config/integration/server_xds.bootstrap.udpa.yaml index a0fb99eaced3..d5734ce1d84a 100644 --- a/test/config/integration/server_xds.bootstrap.udpa.yaml +++ b/test/config/integration/server_xds.bootstrap.udpa.yaml @@ -1,6 +1,7 @@ dynamic_resources: lds_resources_locator: file:///{{ lds_json_path }} cds_config: + resource_api_version: V3 path: {{ cds_json_path }} admin: access_log_path: {{ null_device_path }} diff --git a/test/config/integration/server_xds.bootstrap.yaml b/test/config/integration/server_xds.bootstrap.yaml index 70c4302e3725..4e73304d5027 100644 --- a/test/config/integration/server_xds.bootstrap.yaml +++ b/test/config/integration/server_xds.bootstrap.yaml @@ -1,7 +1,9 @@ dynamic_resources: lds_config: + resource_api_version: V3 path: {{ lds_json_path }} cds_config: + resource_api_version: V3 path: {{ cds_json_path }} admin: access_log_path: {{ null_device_path }} diff --git a/test/config/integration/server_xds.cds.with_unknown_field.yaml b/test/config/integration/server_xds.cds.with_unknown_field.yaml index 3e2294b72710..7b94528c68d0 100644 --- a/test/config/integration/server_xds.cds.with_unknown_field.yaml +++ b/test/config/integration/server_xds.cds.with_unknown_field.yaml @@ -5,7 +5,9 @@ resources: connect_timeout: { seconds: 5 } type: EDS eds_cluster_config: - eds_config: { path: {{ eds_json_path }} } + eds_config: + resource_api_version: V3 + path: {{ eds_json_path }} lb_policy: ROUND_ROBIN typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: diff --git a/test/config/integration/server_xds.cds.yaml b/test/config/integration/server_xds.cds.yaml index 64d65af9e8b9..84694a9b7d25 100644 --- a/test/config/integration/server_xds.cds.yaml +++ b/test/config/integration/server_xds.cds.yaml @@ -5,7 +5,9 @@ resources: connect_timeout: { seconds: 5 } type: EDS eds_cluster_config: - eds_config: { path: {{ eds_json_path }} } + eds_config: + resource_api_version: V3 + path: {{ eds_json_path }} lb_policy: ROUND_ROBIN typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: diff --git a/test/config/integration/server_xds.lds.typed_struct.yaml b/test/config/integration/server_xds.lds.typed_struct.yaml index a071845edd81..9e704231cb01 100644 --- a/test/config/integration/server_xds.lds.typed_struct.yaml +++ b/test/config/integration/server_xds.lds.typed_struct.yaml @@ -18,5 +18,7 @@ resources: stat_prefix: router rds: route_config_name: route_config_0 - config_source: { path: {{ rds_json_path }} } + config_source: + resource_api_version: V3 + path: {{ rds_json_path }} http_filters: [{ name: envoy.filters.http.router }] diff --git a/test/config/integration/server_xds.lds.udpa.list_collection.yaml b/test/config/integration/server_xds.lds.udpa.list_collection.yaml index 8b139c62b8f3..cd134ea54831 100644 --- a/test/config/integration/server_xds.lds.udpa.list_collection.yaml +++ b/test/config/integration/server_xds.lds.udpa.list_collection.yaml @@ -22,5 +22,7 @@ resource: stat_prefix: router rds: route_config_name: route_config_0 - config_source: { path: {{ rds_json_path }} } + config_source: + resource_api_version: V3 + path: {{ rds_json_path }} http_filters: [{ name: envoy.filters.http.router }] diff --git a/test/config/integration/server_xds.lds.with_unknown_field.typed_struct.yaml b/test/config/integration/server_xds.lds.with_unknown_field.typed_struct.yaml index bbde037eb8ae..f68b3e46d9b7 100644 --- a/test/config/integration/server_xds.lds.with_unknown_field.typed_struct.yaml +++ b/test/config/integration/server_xds.lds.with_unknown_field.typed_struct.yaml @@ -18,6 +18,8 @@ resources: stat_prefix: router rds: route_config_name: route_config_0 - config_source: { path: {{ rds_json_path }} } + config_source: + resource_api_version: V3 + path: {{ rds_json_path }} http_filters: [{ name: envoy.filters.http.router }] foo: bar diff --git a/test/config/integration/server_xds.lds.with_unknown_field.yaml b/test/config/integration/server_xds.lds.with_unknown_field.yaml index e5bc253395dc..a759f06a2408 100644 --- a/test/config/integration/server_xds.lds.with_unknown_field.yaml +++ b/test/config/integration/server_xds.lds.with_unknown_field.yaml @@ -16,6 +16,9 @@ resources: stat_prefix: router rds: route_config_name: route_config_0 - config_source: { path: {{ rds_json_path }} } + transport_api_version: V3 + config_source: + resource_api_version: V3 + path: {{ rds_json_path }} http_filters: [{ name: envoy.filters.http.router }] foo: bar diff --git a/test/config/integration/server_xds.lds.yaml b/test/config/integration/server_xds.lds.yaml index 29d31ecd3e84..0bebb732ecd4 100644 --- a/test/config/integration/server_xds.lds.yaml +++ b/test/config/integration/server_xds.lds.yaml @@ -16,5 +16,7 @@ resources: stat_prefix: router rds: route_config_name: route_config_0 - config_source: { path: {{ rds_json_path }} } + config_source: + resource_api_version: V3 + path: {{ rds_json_path }} http_filters: [{ name: envoy.filters.http.router }] diff --git a/test/config/utility.cc b/test/config/utility.cc index e27a922b5326..a13793bf1222 100644 --- a/test/config/utility.cc +++ b/test/config/utility.cc @@ -40,6 +40,7 @@ std::string ConfigHelper::baseConfig() { port_value: 0 dynamic_resources: lds_config: + resource_api_version: V3 path: {} static_resources: secrets: @@ -262,6 +263,7 @@ std::string ConfigHelper::discoveredClustersBootstrap(const std::string& api_typ resource_api_version: V3 api_config_source: api_type: {} + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: my_cds_cluster diff --git a/test/config_test/config_test.cc b/test/config_test/config_test.cc index 414bb2068c91..01dd62447612 100644 --- a/test/config_test/config_test.cc +++ b/test/config_test/config_test.cc @@ -86,7 +86,7 @@ class ConfigTest { envoy::config::bootstrap::v3::Bootstrap bootstrap; Server::InstanceUtil::loadBootstrapConfig( bootstrap, options_, server_.messageValidationContext().staticValidationVisitor(), *api_); - Server::Configuration::InitialImpl initial_config(bootstrap); + Server::Configuration::InitialImpl initial_config(bootstrap, options); Server::Configuration::MainImpl main_config; cluster_manager_factory_ = std::make_unique( diff --git a/test/extensions/access_loggers/grpc/http_grpc_access_log_integration_test.cc b/test/extensions/access_loggers/grpc/http_grpc_access_log_integration_test.cc index 91f4c842d67b..9b702dc35564 100644 --- a/test/extensions/access_loggers/grpc/http_grpc_access_log_integration_test.cc +++ b/test/extensions/access_loggers/grpc/http_grpc_access_log_integration_test.cc @@ -127,6 +127,7 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsCientType, AccessLogIntegrationTest, // Test a basic full access logging flow. TEST_P(AccessLogIntegrationTest, BasicAccessLogFlow) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; testRouterNotFound(); ASSERT_TRUE(waitForAccessLogConnection()); ASSERT_TRUE(waitForAccessLogStream()); diff --git a/test/extensions/access_loggers/grpc/tcp_grpc_access_log_integration_test.cc b/test/extensions/access_loggers/grpc/tcp_grpc_access_log_integration_test.cc index 47ef99b4916d..98541158c3c6 100644 --- a/test/extensions/access_loggers/grpc/tcp_grpc_access_log_integration_test.cc +++ b/test/extensions/access_loggers/grpc/tcp_grpc_access_log_integration_test.cc @@ -127,6 +127,7 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsCientType, TcpGrpcAccessLogIntegrationTest, // Test a basic full access logging flow. TEST_P(TcpGrpcAccessLogIntegrationTest, BasicAccessLogFlow) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); IntegrationTcpClientPtr tcp_client = makeTcpConnection(lookupPort("tcp_proxy")); diff --git a/test/extensions/clusters/aggregate/cluster_integration_test.cc b/test/extensions/clusters/aggregate/cluster_integration_test.cc index 5e153e0165fb..57bd1b731fb0 100644 --- a/test/extensions/clusters/aggregate/cluster_integration_test.cc +++ b/test/extensions/clusters/aggregate/cluster_integration_test.cc @@ -41,6 +41,7 @@ const std::string& config() { resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: my_cds_cluster diff --git a/test/extensions/filters/http/dynamic_forward_proxy/proxy_filter_integration_test.cc b/test/extensions/filters/http/dynamic_forward_proxy/proxy_filter_integration_test.cc index 8079e78a660c..1332c9c11a60 100644 --- a/test/extensions/filters/http/dynamic_forward_proxy/proxy_filter_integration_test.cc +++ b/test/extensions/filters/http/dynamic_forward_proxy/proxy_filter_integration_test.cc @@ -38,6 +38,8 @@ name: dynamic_forward_proxy config_helper_.addConfigModifier([this](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { // Switch predefined cluster_0 to CDS filesystem sourcing. + bootstrap.mutable_dynamic_resources()->mutable_cds_config()->set_resource_api_version( + envoy::config::core::v3::ApiVersion::V3); bootstrap.mutable_dynamic_resources()->mutable_cds_config()->set_path(cds_helper_.cds_path()); bootstrap.mutable_static_resources()->clear_clusters(); }); diff --git a/test/extensions/filters/http/ext_authz/config_test.cc b/test/extensions/filters/http/ext_authz/config_test.cc index bff444e127cb..ba587f599aff 100644 --- a/test/extensions/filters/http/ext_authz/config_test.cc +++ b/test/extensions/filters/http/ext_authz/config_test.cc @@ -23,6 +23,7 @@ namespace { void expectCorrectProtoGrpc(envoy::config::core::v3::ApiVersion api_version) { std::string yaml = R"EOF( + transport_api_version: V3 grpc_service: google_grpc: target_uri: ext_authz_server @@ -60,14 +61,17 @@ void expectCorrectProtoGrpc(envoy::config::core::v3::ApiVersion api_version) { } // namespace TEST(HttpExtAuthzConfigTest, CorrectProtoGrpc) { +#ifndef ENVOY_DISABLE_DEPRECATED_FEATURES expectCorrectProtoGrpc(envoy::config::core::v3::ApiVersion::AUTO); expectCorrectProtoGrpc(envoy::config::core::v3::ApiVersion::V2); +#endif expectCorrectProtoGrpc(envoy::config::core::v3::ApiVersion::V3); } TEST(HttpExtAuthzConfigTest, CorrectProtoHttp) { std::string yaml = R"EOF( stat_prefix: "wall" + transport_api_version: V3 http_service: server_uri: uri: "ext_authz:9000" @@ -150,6 +154,7 @@ TEST(HttpExtAuthzConfigTest, DEPRECATED_FEATURE_TEST(UseAlphaFieldIsNoLongerSupp auto google_grpc = new envoy::config::core::v3::GrpcService_GoogleGrpc(); google_grpc->set_stat_prefix("grpc"); google_grpc->set_target_uri("http://example.com"); + proto_config.set_transport_api_version(envoy::config::core::v3::ApiVersion::V3); proto_config.mutable_grpc_service()->set_allocated_google_grpc(google_grpc); testing::StrictMock context; diff --git a/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc b/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc index ac34dd79db31..953c431d7320 100644 --- a/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc +++ b/test/extensions/filters/http/ext_authz/ext_authz_integration_test.cc @@ -529,6 +529,7 @@ class ExtAuthzHttpIntegrationTest : public HttpIntegrationTest, const Http::LowerCaseString case_sensitive_header_name_{"x-case-sensitive-header"}; const std::string case_sensitive_header_value_{"Case-Sensitive"}; const std::string default_config_ = R"EOF( + transport_api_version: V3 http_service: server_uri: uri: "ext_authz:9000" @@ -561,30 +562,35 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsCientType, ExtAuthzGrpcIntegrationTest, // Verifies that the request body is included in the CheckRequest when the downstream protocol is // HTTP/1.1. TEST_P(ExtAuthzGrpcIntegrationTest, HTTP1DownstreamRequestWithBody) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectCheckRequestWithBody(Http::CodecClient::Type::HTTP1, 4); } // Verifies that the request body is included in the CheckRequest when the downstream protocol is // HTTP/1.1 and the size of the request body is larger than max_request_bytes. TEST_P(ExtAuthzGrpcIntegrationTest, HTTP1DownstreamRequestWithLargeBody) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectCheckRequestWithBody(Http::CodecClient::Type::HTTP1, 2048); } // Verifies that the request body is included in the CheckRequest when the downstream protocol is // HTTP/2. TEST_P(ExtAuthzGrpcIntegrationTest, HTTP2DownstreamRequestWithBody) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectCheckRequestWithBody(Http::CodecClient::Type::HTTP2, 4); } // Verifies that the request body is included in the CheckRequest when the downstream protocol is // HTTP/2 and the size of the request body is larger than max_request_bytes. TEST_P(ExtAuthzGrpcIntegrationTest, HTTP2DownstreamRequestWithLargeBody) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectCheckRequestWithBody(Http::CodecClient::Type::HTTP2, 2048); } // Verifies that the original request headers will be added and appended when the authorization // server returns headers_to_add and headers_to_append in OkResponse message. TEST_P(ExtAuthzGrpcIntegrationTest, SendHeadersToAddAndToAppendToUpstream) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectCheckRequestWithBodyWithHeaders( Http::CodecClient::Type::HTTP1, 4, /*headers_to_add=*/Headers{{"header1", "header1"}}, @@ -597,18 +603,22 @@ TEST_P(ExtAuthzGrpcIntegrationTest, SendHeadersToAddAndToAppendToUpstream) { } TEST_P(ExtAuthzGrpcIntegrationTest, AllowAtDisable) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectFilterDisableCheck(/*deny_at_disable=*/false, /*disable_with_metadata=*/false, "200"); } TEST_P(ExtAuthzGrpcIntegrationTest, AllowAtDisableWithMetadata) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectFilterDisableCheck(/*deny_at_disable=*/false, /*disable_with_metadata=*/true, "200"); } TEST_P(ExtAuthzGrpcIntegrationTest, DenyAtDisable) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectFilterDisableCheck(/*deny_at_disable=*/true, /*disable_with_metadata=*/false, "403"); } TEST_P(ExtAuthzGrpcIntegrationTest, DenyAtDisableWithMetadata) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; expectFilterDisableCheck(/*deny_at_disable=*/true, /*disable_with_metadata=*/true, "403"); } @@ -665,6 +675,7 @@ TEST_P(ExtAuthzLocalReplyIntegrationTest, DeniedHeaderTest) { envoy::extensions::filters::http::ext_authz::v3::ExtAuthz proto_config; const std::string ext_authz_config = R"EOF( + transport_api_version: V3 http_service: server_uri: uri: "ext_authz:9000" @@ -735,6 +746,7 @@ TEST_P(ExtAuthzLocalReplyIntegrationTest, DeniedHeaderTest) { } TEST_P(ExtAuthzGrpcIntegrationTest, GoogleAsyncClientCreation) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initializeConfig(); setDownstreamProtocol(Http::CodecClient::Type::HTTP2); HttpIntegrationTest::initialize(); diff --git a/test/extensions/filters/http/ext_authz/ext_authz_test.cc b/test/extensions/filters/http/ext_authz/ext_authz_test.cc index 32dda5457d14..a850dcc8314a 100644 --- a/test/extensions/filters/http/ext_authz/ext_authz_test.cc +++ b/test/extensions/filters/http/ext_authz/ext_authz_test.cc @@ -112,7 +112,9 @@ envoy::extensions::filters::http::ext_authz::v3::ExtAuthz GetFilterConfig() { )EOF"; const std::string grpc_config = R"EOF( + transport_api_version: V3 grpc_service: + transport_api_version: V3 envoy_grpc: cluster_name: "ext_authz_server" )EOF"; @@ -172,6 +174,7 @@ TEST_F(HttpFilterTest, StatsWithPrefix) { initialize(fmt::format(R"EOF( stat_prefix: "{}" + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -218,6 +221,7 @@ TEST_F(HttpFilterTest, ErrorFailClose) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -254,6 +258,7 @@ TEST_F(HttpFilterTest, ErrorCustomStatusCode) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -295,6 +300,7 @@ TEST_F(HttpFilterTest, ErrorOpen) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -328,6 +334,7 @@ TEST_F(HttpFilterTest, ImmediateErrorOpen) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -364,6 +371,7 @@ TEST_F(HttpFilterTest, ImmediateErrorOpen) { // Check a bad configuration results in validation exception. TEST_F(HttpFilterTest, BadConfig) { const std::string filter_config = R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: {} failure_mode_allow: true @@ -381,6 +389,7 @@ TEST_F(HttpFilterTest, RequestDataIsTooLarge) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -411,6 +420,7 @@ TEST_F(HttpFilterTest, RequestDataWithPartialMessage) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -452,6 +462,7 @@ TEST_F(HttpFilterTest, RequestDataWithPartialMessageThenContinueDecoding) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -507,6 +518,7 @@ TEST_F(HttpFilterTest, RequestDataWithSmallBuffer) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -536,6 +548,7 @@ TEST_F(HttpFilterTest, AuthWithRequestData) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -572,6 +585,7 @@ TEST_F(HttpFilterTest, AuthWithNonUtf8RequestData) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -613,6 +627,7 @@ TEST_F(HttpFilterTest, HeaderOnlyRequest) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -637,6 +652,7 @@ TEST_F(HttpFilterTest, UpgradeWebsocketRequest) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -666,6 +682,7 @@ TEST_F(HttpFilterTest, H2UpgradeRequest) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -695,6 +712,7 @@ TEST_F(HttpFilterTest, HeaderOnlyRequestWithStream) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -730,6 +748,7 @@ TEST_F(HttpFilterTest, HeadersToRemoveRemovesHeadersExceptSpecialHeaders) { request_headers_.addCopy("remove-me", "upstream-should-not-see-me"); initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -783,6 +802,7 @@ TEST_F(HttpFilterTest, ClearCache) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -827,6 +847,7 @@ TEST_F(HttpFilterTest, ClearCacheRouteHeadersToAppendOnly) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -868,6 +889,7 @@ TEST_F(HttpFilterTest, ClearCacheRouteHeadersToAddOnly) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -909,6 +931,7 @@ TEST_F(HttpFilterTest, ClearCacheRouteHeadersToRemoveOnly) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -951,6 +974,7 @@ TEST_F(HttpFilterTest, NoClearCacheRoute) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -987,6 +1011,7 @@ TEST_F(HttpFilterTest, NoClearCacheRouteConfig) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1024,6 +1049,7 @@ TEST_F(HttpFilterTest, NoClearCacheRouteDeniedResponse) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1059,6 +1085,7 @@ TEST_F(HttpFilterTest, NoClearCacheRouteDeniedResponse) { // Verifies that specified metadata is passed along in the check request TEST_F(HttpFilterTest, MetadataContext) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1121,6 +1148,7 @@ TEST_F(HttpFilterTest, MetadataContext) { // Test that filter can be disabled via the filter_enabled field. TEST_F(HttpFilterTest, FilterDisabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1145,6 +1173,7 @@ TEST_F(HttpFilterTest, FilterDisabled) { // Test that filter can be enabled via the filter_enabled field. TEST_F(HttpFilterTest, FilterEnabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1172,6 +1201,7 @@ TEST_F(HttpFilterTest, FilterEnabled) { // Test that filter can be disabled via the filter_enabled_metadata field. TEST_F(HttpFilterTest, MetadataDisabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1203,6 +1233,7 @@ TEST_F(HttpFilterTest, MetadataDisabled) { // Test that filter can be enabled via the filter_enabled_metadata field. TEST_F(HttpFilterTest, MetadataEnabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1238,6 +1269,7 @@ TEST_F(HttpFilterTest, MetadataEnabled) { // is disabled. TEST_F(HttpFilterTest, FilterEnabledButMetadataDisabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1281,6 +1313,7 @@ TEST_F(HttpFilterTest, FilterEnabledButMetadataDisabled) { // is disabled. TEST_F(HttpFilterTest, FilterDisabledButMetadataEnabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1324,6 +1357,7 @@ TEST_F(HttpFilterTest, FilterDisabledButMetadataEnabled) { // is enabled. TEST_F(HttpFilterTest, FilterEnabledAndMetadataEnabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1369,6 +1403,7 @@ TEST_F(HttpFilterTest, FilterEnabledAndMetadataEnabled) { // Test that filter can deny for protected path when filter is disabled via filter_enabled field. TEST_F(HttpFilterTest, FilterDenyAtDisable) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1401,6 +1436,7 @@ TEST_F(HttpFilterTest, FilterDenyAtDisable) { // Test that filter allows for protected path when filter is disabled via filter_enabled field. TEST_F(HttpFilterTest, FilterAllowAtDisable) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1518,6 +1554,7 @@ TEST_P(HttpFilterTestParam, DisabledOnRouteWithRequestBody) { auto test_disable = [&](bool disabled) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -1917,6 +1954,7 @@ TEST_F(HttpFilterTest, EmitDynamicMetadata) { InSequence s; initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" @@ -2019,6 +2057,7 @@ TEST_P(HttpFilterTestParam, DisableRequestBodyBufferingOnRoute) { auto test_disable_request_body_buffering = [&](bool bypass) { initialize(R"EOF( + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: "ext_authz_server" diff --git a/test/extensions/filters/http/lua/lua_integration_test.cc b/test/extensions/filters/http/lua/lua_integration_test.cc index f312497cfa5a..23b4c2ebe2e6 100644 --- a/test/extensions/filters/http/lua/lua_integration_test.cc +++ b/test/extensions/filters/http/lua/lua_integration_test.cc @@ -120,6 +120,7 @@ class LuaIntegrationTest : public testing::TestWithParammutable_config_source()->mutable_api_config_source(); rds_api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + rds_api_config_source->set_transport_api_version(envoy::config::core::v3::V3); envoy::config::core::v3::GrpcService* grpc_service = rds_api_config_source->add_grpc_services(); grpc_service->mutable_envoy_grpc()->set_cluster_name("xds_cluster"); diff --git a/test/extensions/filters/http/ratelimit/config_test.cc b/test/extensions/filters/http/ratelimit/config_test.cc index a611082d4383..232dcebf416f 100644 --- a/test/extensions/filters/http/ratelimit/config_test.cc +++ b/test/extensions/filters/http/ratelimit/config_test.cc @@ -20,8 +20,10 @@ namespace { TEST(RateLimitFilterConfigTest, ValidateFail) { NiceMock context; - EXPECT_THROW(RateLimitFilterConfig().createFilterFactoryFromProto( - envoy::extensions::filters::http::ratelimit::v3::RateLimit(), "stats", context), + envoy::extensions::filters::http::ratelimit::v3::RateLimit config; + config.mutable_rate_limit_service()->set_transport_api_version( + envoy::config::core::v3::ApiVersion::V3); + EXPECT_THROW(RateLimitFilterConfig().createFilterFactoryFromProto(config, "stats", context), ProtoValidationException); } @@ -30,6 +32,7 @@ TEST(RateLimitFilterConfigTest, RatelimitCorrectProto) { domain: test timeout: 2s rate_limit_service: + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ratelimit_cluster diff --git a/test/extensions/filters/http/ratelimit/ratelimit_integration_test.cc b/test/extensions/filters/http/ratelimit/ratelimit_integration_test.cc index 00b8d0da8faf..80928a3da073 100644 --- a/test/extensions/filters/http/ratelimit/ratelimit_integration_test.cc +++ b/test/extensions/filters/http/ratelimit/ratelimit_integration_test.cc @@ -27,7 +27,10 @@ class RatelimitIntegrationTest : public Grpc::VersionedGrpcClientIntegrationPara public: RatelimitIntegrationTest() : HttpIntegrationTest(Http::CodecClient::Type::HTTP1, ipVersion()) {} - void SetUp() override { initialize(); } + void SetUp() override { + XDS_DEPRECATED_FEATURE_TEST_SKIP; + initialize(); + } void createUpstreams() override { HttpIntegrationTest::createUpstreams(); @@ -235,9 +238,13 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsClientType, RatelimitFilterEnvoyRatelimitedHeaderDisabledIntegrationTest, VERSIONED_GRPC_CLIENT_INTEGRATION_PARAMS); -TEST_P(RatelimitIntegrationTest, Ok) { basicFlow(); } +TEST_P(RatelimitIntegrationTest, Ok) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; + basicFlow(); +} TEST_P(RatelimitIntegrationTest, OkWithHeaders) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); Http::TestResponseHeaderMapImpl ratelimit_response_headers{{"x-ratelimit-limit", "1000"}, @@ -270,6 +277,7 @@ TEST_P(RatelimitIntegrationTest, OkWithHeaders) { } TEST_P(RatelimitIntegrationTest, OverLimit) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); sendRateLimitResponse(envoy::service::ratelimit::v3::RateLimitResponse::OVER_LIMIT, {}, @@ -288,6 +296,7 @@ TEST_P(RatelimitIntegrationTest, OverLimit) { } TEST_P(RatelimitIntegrationTest, OverLimitWithHeaders) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); Http::TestResponseHeaderMapImpl ratelimit_response_headers{ @@ -315,6 +324,7 @@ TEST_P(RatelimitIntegrationTest, OverLimitWithHeaders) { } TEST_P(RatelimitIntegrationTest, Error) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); ratelimit_request_->encodeHeaders(Http::TestResponseHeaderMapImpl{{":status", "404"}}, true); @@ -329,6 +339,7 @@ TEST_P(RatelimitIntegrationTest, Error) { } TEST_P(RatelimitIntegrationTest, Timeout) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); switch (clientType()) { @@ -352,6 +363,7 @@ TEST_P(RatelimitIntegrationTest, Timeout) { } TEST_P(RatelimitIntegrationTest, ConnectImmediateDisconnect) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); ASSERT_TRUE(fake_upstreams_[1]->waitForHttpConnection(*dispatcher_, fake_ratelimit_connection_)); ASSERT_TRUE(fake_ratelimit_connection_->close()); @@ -363,6 +375,7 @@ TEST_P(RatelimitIntegrationTest, ConnectImmediateDisconnect) { } TEST_P(RatelimitIntegrationTest, FailedConnect) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; // Do not reset the fake upstream for the ratelimiter, but have it stop listening. // If we reset, the Envoy will continue to send H2 to the original rate limiter port, which may // be used by another test, and data sent to that port "unexpectedly" will cause problems for @@ -375,6 +388,7 @@ TEST_P(RatelimitIntegrationTest, FailedConnect) { } TEST_P(RatelimitFailureModeIntegrationTest, ErrorWithFailureModeOff) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); ratelimit_request_->encodeHeaders(Http::TestResponseHeaderMapImpl{{":status", "503"}}, true); @@ -389,6 +403,7 @@ TEST_P(RatelimitFailureModeIntegrationTest, ErrorWithFailureModeOff) { } TEST_P(RatelimitFilterHeadersEnabledIntegrationTest, OkWithFilterHeaders) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); @@ -424,6 +439,7 @@ TEST_P(RatelimitFilterHeadersEnabledIntegrationTest, OkWithFilterHeaders) { } TEST_P(RatelimitFilterHeadersEnabledIntegrationTest, OverLimitWithFilterHeaders) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); @@ -461,6 +477,7 @@ TEST_P(RatelimitFilterHeadersEnabledIntegrationTest, OverLimitWithFilterHeaders) TEST_P(RatelimitFilterEnvoyRatelimitedHeaderDisabledIntegrationTest, OverLimitWithoutEnvoyRatelimitedHeader) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initiateClientConnection(); waitForRatelimitRequest(); sendRateLimitResponse(envoy::service::ratelimit::v3::RateLimitResponse::OVER_LIMIT, {}, diff --git a/test/extensions/filters/network/ext_authz/config_test.cc b/test/extensions/filters/network/ext_authz/config_test.cc index d1093ccdb483..a96e02ee918e 100644 --- a/test/extensions/filters/network/ext_authz/config_test.cc +++ b/test/extensions/filters/network/ext_authz/config_test.cc @@ -22,6 +22,7 @@ namespace ExtAuthz { namespace { void expectCorrectProto(envoy::config::core::v3::ApiVersion api_version) { std::string yaml = R"EOF( + transport_api_version: V3 grpc_service: google_grpc: target_uri: ext_authz_server @@ -51,14 +52,17 @@ void expectCorrectProto(envoy::config::core::v3::ApiVersion api_version) { TEST(ExtAuthzFilterConfigTest, ValidateFail) { NiceMock context; - EXPECT_THROW(ExtAuthzConfigFactory().createFilterFactoryFromProto( - envoy::extensions::filters::network::ext_authz::v3::ExtAuthz(), context), + envoy::extensions::filters::network::ext_authz::v3::ExtAuthz config; + config.set_transport_api_version(envoy::config::core::v3::ApiVersion::V3); + EXPECT_THROW(ExtAuthzConfigFactory().createFilterFactoryFromProto(config, context), ProtoValidationException); } TEST(ExtAuthzFilterConfigTest, ExtAuthzCorrectProto) { +#ifndef ENVOY_DISABLE_DEPRECATED_FEATURES expectCorrectProto(envoy::config::core::v3::ApiVersion::AUTO); expectCorrectProto(envoy::config::core::v3::ApiVersion::V2); +#endif expectCorrectProto(envoy::config::core::v3::ApiVersion::V3); } diff --git a/test/extensions/filters/network/ext_authz/ext_authz_test.cc b/test/extensions/filters/network/ext_authz/ext_authz_test.cc index 39e875028e25..bea5c4ae9359 100644 --- a/test/extensions/filters/network/ext_authz/ext_authz_test.cc +++ b/test/extensions/filters/network/ext_authz/ext_authz_test.cc @@ -129,6 +129,7 @@ class ExtAuthzFilterTest : public testing::Test { Network::Address::InstanceConstSharedPtr addr_; Filters::Common::ExtAuthz::RequestCallbacks* request_callbacks_{}; const std::string default_yaml_string_ = R"EOF( +transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ext_authz_server @@ -137,6 +138,7 @@ failure_mode_allow: true stat_prefix: name )EOF"; const std::string metadata_yaml_string_ = R"EOF( +transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ext_authz_server @@ -154,6 +156,7 @@ stat_prefix: name TEST_F(ExtAuthzFilterTest, BadExtAuthzConfig) { std::string yaml_string = R"EOF( +transport_api_version: V3 grpc_service: {} stat_prefix: name )EOF"; diff --git a/test/extensions/filters/network/http_connection_manager/config_test.cc b/test/extensions/filters/network/http_connection_manager/config_test.cc index 4ea0f671d523..83c65187572f 100644 --- a/test/extensions/filters/network/http_connection_manager/config_test.cc +++ b/test/extensions/filters/network/http_connection_manager/config_test.cc @@ -1766,7 +1766,7 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } apply_default_config_without_warming: true type_urls: - type.googleapis.com/envoy.extensions.filters.http.router.v3.Router @@ -1794,7 +1794,7 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } default_config: "@type": type.googleapis.com/google.protobuf.Value type_urls: @@ -1824,7 +1824,7 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } default_config: "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck type_urls: @@ -1854,7 +1854,7 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } default_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router type_urls: @@ -1884,7 +1884,7 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } default_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.router.v3.Router @@ -1916,7 +1916,7 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } type_urls: - type.googleapis.com/google.protobuf.Value )EOF"; @@ -1943,7 +1943,7 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } default_config: "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck pass_through_mode: false @@ -2008,12 +2008,12 @@ stat_prefix: router http_filters: - name: foo config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } type_urls: - type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck - name: bar config_discovery: - config_source: { ads: {} } + config_source: { resource_api_version: V3, ads: {} } type_urls: - type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck - name: envoy.filters.http.router diff --git a/test/extensions/filters/network/ratelimit/config_test.cc b/test/extensions/filters/network/ratelimit/config_test.cc index ab6b01d753c8..279dafdf000e 100644 --- a/test/extensions/filters/network/ratelimit/config_test.cc +++ b/test/extensions/filters/network/ratelimit/config_test.cc @@ -20,8 +20,10 @@ namespace RateLimitFilter { TEST(RateLimitFilterConfigTest, ValidateFail) { NiceMock context; - EXPECT_THROW(RateLimitConfigFactory().createFilterFactoryFromProto( - envoy::extensions::filters::network::ratelimit::v3::RateLimit(), context), + envoy::extensions::filters::network::ratelimit::v3::RateLimit rate_limit; + rate_limit.mutable_rate_limit_service()->set_transport_api_version( + envoy::config::core::v3::ApiVersion::V3); + EXPECT_THROW(RateLimitConfigFactory().createFilterFactoryFromProto(rate_limit, context), ProtoValidationException); } @@ -35,6 +37,7 @@ TEST(RateLimitFilterConfigTest, CorrectProto) { value: my_value timeout: 2s rate_limit_service: + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ratelimit_cluster diff --git a/test/extensions/filters/network/sni_dynamic_forward_proxy/proxy_filter_integration_test.cc b/test/extensions/filters/network/sni_dynamic_forward_proxy/proxy_filter_integration_test.cc index 1559f7e5aa61..e99cebd25cc4 100644 --- a/test/extensions/filters/network/sni_dynamic_forward_proxy/proxy_filter_integration_test.cc +++ b/test/extensions/filters/network/sni_dynamic_forward_proxy/proxy_filter_integration_test.cc @@ -31,6 +31,8 @@ class SniDynamicProxyFilterIntegrationTest config_helper_.addConfigModifier([this, max_hosts, max_pending_requests]( envoy::config::bootstrap::v3::Bootstrap& bootstrap) { // Switch predefined cluster_0 to CDS filesystem sourcing. + bootstrap.mutable_dynamic_resources()->mutable_cds_config()->set_resource_api_version( + envoy::config::core::v3::ApiVersion::V3); bootstrap.mutable_dynamic_resources()->mutable_cds_config()->set_path(cds_helper_.cds_path()); bootstrap.mutable_static_resources()->clear_clusters(); diff --git a/test/extensions/filters/network/thrift_proxy/filters/ratelimit/config_test.cc b/test/extensions/filters/network/thrift_proxy/filters/ratelimit/config_test.cc index 98bcf3d482db..30c4f38d12c8 100644 --- a/test/extensions/filters/network/thrift_proxy/filters/ratelimit/config_test.cc +++ b/test/extensions/filters/network/thrift_proxy/filters/ratelimit/config_test.cc @@ -41,6 +41,7 @@ TEST(RateLimitFilterConfigTest, RateLimitFilterCorrectProto) { domain: "test" timeout: "1.337s" rate_limit_service: + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: ratelimit_cluster diff --git a/test/extensions/stats_sinks/metrics_service/metrics_service_integration_test.cc b/test/extensions/stats_sinks/metrics_service/metrics_service_integration_test.cc index e31bde1fd1fc..8fc20ca8390a 100644 --- a/test/extensions/stats_sinks/metrics_service/metrics_service_integration_test.cc +++ b/test/extensions/stats_sinks/metrics_service/metrics_service_integration_test.cc @@ -149,6 +149,7 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsClientType, MetricsServiceIntegrationTest, // Test a basic metric service flow. TEST_P(MetricsServiceIntegrationTest, BasicFlow) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Send an empty request so that histogram values merged for cluster_0. codec_client_ = makeHttpConnection(makeClientConnection(lookupPort("http"))); diff --git a/test/integration/ads_integration_test.cc b/test/integration/ads_integration_test.cc index fc86aee90c91..90e2b56230d9 100644 --- a/test/integration/ads_integration_test.cc +++ b/test/integration/ads_integration_test.cc @@ -311,6 +311,24 @@ TEST_P(AdsIntegrationTest, DuplicateWarmingListeners) { test_server_->waitForCounterGe("listener_manager.lds.update_rejected", 1); } +// Validate that the use of V2 transport version is rejected by default. +TEST_P(AdsIntegrationTest, DEPRECATED_FEATURE_TEST(RejectV2TransportConfigByDefault)) { + initialize(); + + EXPECT_TRUE(compareDiscoveryRequest(Config::TypeUrl::get().Cluster, "", {}, {}, {}, true)); + auto cluster = buildCluster("cluster_0"); + auto* api_config_source = + cluster.mutable_eds_cluster_config()->mutable_eds_config()->mutable_api_config_source(); + api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + api_config_source->set_transport_api_version(envoy::config::core::v3::V2); + envoy::config::core::v3::GrpcService* grpc_service = api_config_source->add_grpc_services(); + setGrpcService(*grpc_service, "ads_cluster", xds_upstream_->localAddress()); + sendDiscoveryResponse(Config::TypeUrl::get().Cluster, + {cluster}, {cluster}, {}, "1"); + test_server_->waitForCounterGe("cluster_manager.cds.update_rejected", 1); + EXPECT_GE(test_server_->gauge("runtime.deprecated_feature_seen_since_process_start")->value(), 1); +} + // Regression test for the use-after-free crash when processing RDS update (#3953). TEST_P(AdsIntegrationTest, RdsAfterLdsWithNoRdsChanges) { initialize(); @@ -1017,6 +1035,7 @@ class AdsConfigIntegrationTest : public Grpc::DeltaSotwIntegrationParamTest, ads_eds_cluster->set_type(envoy::config::cluster::v3::Cluster::EDS); auto* eds_cluster_config = ads_eds_cluster->mutable_eds_cluster_config(); auto* eds_config = eds_cluster_config->mutable_eds_config(); + eds_config->set_resource_api_version(envoy::config::core::v3::ApiVersion::V3); eds_config->mutable_ads(); }); setUpstreamProtocol(FakeHttpConnection::Type::HTTP2); @@ -1183,6 +1202,7 @@ class AdsClusterFromFileIntegrationTest : public Grpc::DeltaSotwIntegrationParam const std::string eds_path = TestEnvironment::temporaryFileSubstitute( "test/config/integration/server_xds.eds.ads_cluster.yaml", port_map_, version_); ads_cluster_eds_config->set_path(eds_path); + ads_cluster_eds_config->set_resource_api_version(envoy::config::core::v3::ApiVersion::V3); // Add EDS static Cluster that uses ADS as config Source. auto* ads_eds_cluster = bootstrap.mutable_static_resources()->add_clusters(); @@ -1394,6 +1414,7 @@ TEST_P(AdsClusterV2Test, DEPRECATED_FEATURE_TEST(RejectV2ConfigByDefault)) { sendDiscoveryResponse( cds_type_url, {buildCluster("cluster_0")}, {buildCluster("cluster_0")}, {}, "1", true); test_server_->waitForCounterGe("cluster_manager.cds.update_rejected", 1); + EXPECT_EQ(1, test_server_->gauge("runtime.deprecated_feature_seen_since_process_start")->value()); } // Verify CDS is paused during cluster warming. diff --git a/test/integration/api_version_integration_test.cc b/test/integration/api_version_integration_test.cc index 1516a8835adb..a477475d27a4 100644 --- a/test/integration/api_version_integration_test.cc +++ b/test/integration/api_version_integration_test.cc @@ -22,6 +22,8 @@ class ApiVersionIntegrationTest : public testing::TestWithParam, tls_xds_upstream_ = false; defer_listener_finalization_ = true; skipPortUsageValidation(); + // Keep using V2 bootstrap for now to allow V2 transport version. + v2_bootstrap_ = true; } static bool hasHiddenEnvoyDeprecated(const Protobuf::Message& message) { @@ -268,7 +270,7 @@ INSTANTIATE_TEST_SUITE_P( envoy::config::core::v3::ApiVersion::V3)), ApiVersionIntegrationTest::paramsToString); -TEST_P(ApiVersionIntegrationTest, Lds) { +TEST_P(ApiVersionIntegrationTest, DEPRECATED_FEATURE_TEST(Lds)) { config_helper_.addConfigModifier([this](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { setupConfigSource(*bootstrap.mutable_dynamic_resources()->mutable_lds_config()); }); @@ -282,7 +284,7 @@ TEST_P(ApiVersionIntegrationTest, Lds) { "type.googleapis.com/envoy.config.listener.v3.Listener")); } -TEST_P(ApiVersionIntegrationTest, Cds) { +TEST_P(ApiVersionIntegrationTest, DEPRECATED_FEATURE_TEST(Cds)) { config_helper_.addConfigModifier([this](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { setupConfigSource(*bootstrap.mutable_dynamic_resources()->mutable_cds_config()); }); @@ -296,7 +298,7 @@ TEST_P(ApiVersionIntegrationTest, Cds) { "type.googleapis.com/envoy.config.cluster.v3.Cluster")); } -TEST_P(ApiVersionIntegrationTest, Eds) { +TEST_P(ApiVersionIntegrationTest, DEPRECATED_FEATURE_TEST(Eds)) { config_helper_.addConfigModifier([this](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { auto* cluster = bootstrap.mutable_static_resources()->add_clusters(); cluster->MergeFrom(bootstrap.static_resources().clusters(0)); @@ -314,7 +316,7 @@ TEST_P(ApiVersionIntegrationTest, Eds) { "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment")); } -TEST_P(ApiVersionIntegrationTest, Rtds) { +TEST_P(ApiVersionIntegrationTest, DEPRECATED_FEATURE_TEST(Rtds)) { config_helper_.addConfigModifier([this](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { if (bootstrap.mutable_layered_runtime()->layers_size() == 0) { auto* admin_layer = bootstrap.mutable_layered_runtime()->add_layers(); @@ -335,7 +337,7 @@ TEST_P(ApiVersionIntegrationTest, Rtds) { "type.googleapis.com/envoy.service.runtime.v3.Runtime")); } -TEST_P(ApiVersionIntegrationTest, Rds) { +TEST_P(ApiVersionIntegrationTest, DEPRECATED_FEATURE_TEST(Rds)) { // TODO(htuch): this segfaults, this is likely some untested existing issue. if (apiType() == envoy::config::core::v3::ApiConfigSource::DELTA_GRPC) { return; @@ -362,7 +364,7 @@ TEST_P(ApiVersionIntegrationTest, Rds) { // TEST_P(ApiVersionIntegrationTest, Vhds) { // } -TEST_P(ApiVersionIntegrationTest, Srds) { +TEST_P(ApiVersionIntegrationTest, DEPRECATED_FEATURE_TEST(Srds)) { config_helper_.addConfigModifier( [this]( envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager& @@ -395,7 +397,7 @@ TEST_P(ApiVersionIntegrationTest, Srds) { "type.googleapis.com/envoy.config.route.v3.ScopedRouteConfiguration")); } -TEST_P(ApiVersionIntegrationTest, Sds) { +TEST_P(ApiVersionIntegrationTest, DEPRECATED_FEATURE_TEST(Sds)) { config_helper_.addConfigModifier([this](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { auto* listener = bootstrap.mutable_static_resources()->mutable_listeners(0); auto* transport_socket = listener->mutable_filter_chains(0)->mutable_transport_socket(); diff --git a/test/integration/base_integration_test.cc b/test/integration/base_integration_test.cc index 5a7ae18a91be..806a8a3d4d06 100644 --- a/test/integration/base_integration_test.cc +++ b/test/integration/base_integration_test.cc @@ -159,6 +159,8 @@ void BaseIntegrationTest::createEnvoy() { std::string lds_path = TestEnvironment::temporaryPath(TestUtility::uniqueFilename()); config_helper_.addConfigModifier( [lds_path](envoy::config::bootstrap::v3::Bootstrap& bootstrap) -> void { + bootstrap.mutable_dynamic_resources()->mutable_lds_config()->set_resource_api_version( + envoy::config::core::v3::V3); bootstrap.mutable_dynamic_resources()->mutable_lds_config()->set_path(lds_path); }); } diff --git a/test/integration/cds_integration_test.cc b/test/integration/cds_integration_test.cc index 08e32d2a392c..35887e265617 100644 --- a/test/integration/cds_integration_test.cc +++ b/test/integration/cds_integration_test.cc @@ -104,9 +104,10 @@ class CdsIntegrationTest : public Grpc::DeltaSotwIntegrationParamTest, public Ht void verifyGrpcServiceMethod() { EXPECT_TRUE(xds_stream_->waitForHeadersComplete()); Envoy::Http::LowerCaseString path_string(":path"); - std::string expected_method(sotwOrDelta() == Grpc::SotwOrDelta::Sotw - ? "/envoy.api.v2.ClusterDiscoveryService/StreamClusters" - : "/envoy.api.v2.ClusterDiscoveryService/DeltaClusters"); + std::string expected_method( + sotwOrDelta() == Grpc::SotwOrDelta::Sotw + ? "/envoy.service.cluster.v3.ClusterDiscoveryService/StreamClusters" + : "/envoy.service.cluster.v3.ClusterDiscoveryService/DeltaClusters"); EXPECT_EQ(xds_stream_->headers().get(path_string)[0]->value(), expected_method); } diff --git a/test/integration/eds_integration_test.cc b/test/integration/eds_integration_test.cc index b8ca3c6f07c2..b25905dec58b 100644 --- a/test/integration/eds_integration_test.cc +++ b/test/integration/eds_integration_test.cc @@ -98,6 +98,8 @@ class EdsIntegrationTest : public testing::TestWithParammutable_cds_config()->set_resource_api_version( + envoy::config::core::v3::ApiVersion::V3); bootstrap.mutable_dynamic_resources()->mutable_cds_config()->set_path(cds_helper_.cds_path()); bootstrap.mutable_static_resources()->clear_clusters(); }); @@ -112,6 +114,8 @@ class EdsIntegrationTest : public testing::TestWithParammutable_eds_config()->set_resource_api_version( + envoy::config::core::v3::ApiVersion::V3); eds_cluster_config->mutable_eds_config()->set_path(eds_helper_.eds_path()); if (http_active_hc) { auto* health_check = cluster_.add_health_checks(); diff --git a/test/integration/extension_discovery_integration_test.cc b/test/integration/extension_discovery_integration_test.cc index 5e4af865b648..b671e6f94bd9 100644 --- a/test/integration/extension_discovery_integration_test.cc +++ b/test/integration/extension_discovery_integration_test.cc @@ -46,6 +46,8 @@ class ExtensionDiscoveryIntegrationTest : public Grpc::GrpcClientIntegrationPara discovery->mutable_default_config()->PackFrom(default_configuration); } discovery->set_apply_default_config_without_warming(apply_without_warming); + discovery->mutable_config_source()->set_resource_api_version( + envoy::config::core::v3::ApiVersion::V3); auto* api_config_source = discovery->mutable_config_source()->mutable_api_config_source(); api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); api_config_source->set_transport_api_version(envoy::config::core::v3::ApiVersion::V3); diff --git a/test/integration/hds_integration_test.cc b/test/integration/hds_integration_test.cc index 948376d4df44..378538f2fcb0 100644 --- a/test/integration/hds_integration_test.cc +++ b/test/integration/hds_integration_test.cc @@ -43,6 +43,7 @@ class HdsIntegrationTest : public Grpc::VersionedGrpcClientIntegrationParamTest, // Setup hds and corresponding gRPC cluster. auto* hds_config = bootstrap.mutable_hds_config(); hds_config->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + hds_config->set_transport_api_version(envoy::config::core::v3::ApiVersion::V3); hds_config->add_grpc_services()->mutable_envoy_grpc()->set_cluster_name("hds_cluster"); hds_config->set_transport_api_version(apiVersion()); auto* hds_cluster = bootstrap.mutable_static_resources()->add_clusters(); @@ -375,6 +376,7 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsClientType, HdsIntegrationTest, // Tests Envoy HTTP health checking a single healthy endpoint and reporting that it is // indeed healthy to the server. TEST_P(HdsIntegrationTest, SingleEndpointHealthyHttp) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Server <--> Envoy @@ -410,6 +412,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointHealthyHttp) { // Tests Envoy HTTP health checking a single endpoint that times out and reporting // that it is unhealthy to the server. TEST_P(HdsIntegrationTest, SingleEndpointTimeoutHttp) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); server_health_check_specifier_ = makeHttpHealthCheckSpecifier(envoy::type::v3::CodecClientType::HTTP1, false); @@ -451,6 +454,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointTimeoutHttp) { // Tests Envoy HTTP health checking a single unhealthy endpoint and reporting that it is // indeed unhealthy to the server. TEST_P(HdsIntegrationTest, SingleEndpointUnhealthyHttp) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); server_health_check_specifier_ = makeHttpHealthCheckSpecifier(envoy::type::v3::CodecClientType::HTTP1, false); @@ -484,6 +488,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointUnhealthyHttp) { // Tests Envoy TCP health checking an endpoint that doesn't respond and reporting that it is // unhealthy to the server. TEST_P(HdsIntegrationTest, SingleEndpointTimeoutTcp) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Server <--> Envoy @@ -524,6 +529,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointTimeoutTcp) { // Tests Envoy TCP health checking a single healthy endpoint and reporting that it is // indeed healthy to the server. TEST_P(HdsIntegrationTest, SingleEndpointHealthyTcp) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Server <--> Envoy @@ -554,6 +560,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointHealthyTcp) { // Tests Envoy TCP health checking a single unhealthy endpoint and reporting that it is // indeed unhealthy to the server. TEST_P(HdsIntegrationTest, SingleEndpointUnhealthyTcp) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Server <--> Envoy @@ -588,6 +595,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointUnhealthyTcp) { // Tests that Envoy can HTTP health check two hosts that are in the same cluster, and // the same locality and report back the correct health statuses. TEST_P(HdsIntegrationTest, TwoEndpointsSameLocality) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); server_health_check_specifier_ = @@ -647,6 +655,7 @@ TEST_P(HdsIntegrationTest, TwoEndpointsSameLocality) { // Tests that Envoy can HTTP health check two hosts that are in the same cluster, and // different localities and report back the correct health statuses. TEST_P(HdsIntegrationTest, TwoEndpointsDifferentLocality) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); server_health_check_specifier_ = makeHttpHealthCheckSpecifier(envoy::type::v3::CodecClientType::HTTP1, false); @@ -715,6 +724,7 @@ TEST_P(HdsIntegrationTest, TwoEndpointsDifferentLocality) { // Tests that Envoy can HTTP health check two hosts that are in different clusters, and // report back the correct health statuses. TEST_P(HdsIntegrationTest, TwoEndpointsDifferentClusters) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); server_health_check_specifier_ = makeHttpHealthCheckSpecifier(envoy::type::v3::CodecClientType::HTTP1, false); @@ -783,6 +793,7 @@ TEST_P(HdsIntegrationTest, TwoEndpointsDifferentClusters) { // Tests Envoy HTTP health checking a single endpoint, receiving an update // message from the management server and health checking a new endpoint TEST_P(HdsIntegrationTest, TestUpdateMessage) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Server <--> Envoy @@ -864,6 +875,7 @@ TEST_P(HdsIntegrationTest, TestUpdateMessage) { // Tests Envoy HTTP health checking a single endpoint, receiving an update // message from the management server and reporting in a new interval TEST_P(HdsIntegrationTest, TestUpdateChangesTimer) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Server <--> Envoy @@ -904,6 +916,7 @@ TEST_P(HdsIntegrationTest, TestUpdateChangesTimer) { // Tests Envoy HTTP health checking a single endpoint when interval hasn't been defined TEST_P(HdsIntegrationTest, TestDefaultTimer) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); // Server <--> Envoy @@ -931,6 +944,7 @@ TEST_P(HdsIntegrationTest, TestDefaultTimer) { // Health checks a single endpoint over TLS with HTTP/2 TEST_P(HdsIntegrationTest, SingleEndpointHealthyTlsHttp2) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; // Change member variable to specify host streams to have tls transport socket. tls_hosts_ = true; @@ -971,6 +985,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointHealthyTlsHttp2) { // Health checks a single endpoint over TLS with HTTP/1 TEST_P(HdsIntegrationTest, SingleEndpointHealthyTlsHttp1) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; // Change member variable to specify host streams to have tls transport socket. tls_hosts_ = true; @@ -1008,6 +1023,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointHealthyTlsHttp1) { // Attempts to health check a TLS endpoint over plaintext, which should fail. TEST_P(HdsIntegrationTest, SingleEndpointUnhealthyTlsMissingSocketMatch) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; // Make the endpoints expect communication over TLS. tls_hosts_ = true; @@ -1048,6 +1064,7 @@ TEST_P(HdsIntegrationTest, SingleEndpointUnhealthyTlsMissingSocketMatch) { } TEST_P(HdsIntegrationTest, UpdateEndpoints) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); server_health_check_specifier_ = makeHttpHealthCheckSpecifier(envoy::type::v3::CodecClientType::HTTP1, false); diff --git a/test/integration/header_integration_test.cc b/test/integration/header_integration_test.cc index 09cb6f15b7c2..9cdf7e0f7203 100644 --- a/test/integration/header_integration_test.cc +++ b/test/integration/header_integration_test.cc @@ -220,6 +220,7 @@ class HeaderIntegrationTest resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: "eds-cluster" diff --git a/test/integration/http2_upstream_integration_test.cc b/test/integration/http2_upstream_integration_test.cc index 15b2de0d22b0..fe2ef4137d7f 100644 --- a/test/integration/http2_upstream_integration_test.cc +++ b/test/integration/http2_upstream_integration_test.cc @@ -468,6 +468,7 @@ name: router "@type": type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig common_config: log_name: foo + transport_api_version: V3 grpc_service: envoy_grpc: cluster_name: cluster_0 diff --git a/test/integration/listener_lds_integration_test.cc b/test/integration/listener_lds_integration_test.cc index e53cb03ddc7e..cdcf60bf8331 100644 --- a/test/integration/listener_lds_integration_test.cc +++ b/test/integration/listener_lds_integration_test.cc @@ -65,6 +65,7 @@ class ListenerIntegrationTest : public HttpIntegrationTest, envoy::config::core::v3::ApiConfigSource* rds_api_config_source = rds_config->mutable_config_source()->mutable_api_config_source(); rds_api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + rds_api_config_source->set_transport_api_version(envoy::config::core::v3::V3); envoy::config::core::v3::GrpcService* grpc_service = rds_api_config_source->add_grpc_services(); setGrpcService(*grpc_service, "rds_cluster", getRdsFakeUpstream().localAddress()); @@ -84,6 +85,7 @@ class ListenerIntegrationTest : public HttpIntegrationTest, lds_config_source->set_resource_api_version(envoy::config::core::v3::ApiVersion::V3); auto* lds_api_config_source = lds_config_source->mutable_api_config_source(); lds_api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + lds_api_config_source->set_transport_api_version(envoy::config::core::v3::V3); envoy::config::core::v3::GrpcService* grpc_service = lds_api_config_source->add_grpc_services(); setGrpcService(*grpc_service, "lds_cluster", getLdsFakeUpstream().localAddress()); diff --git a/test/integration/load_stats_integration_test.cc b/test/integration/load_stats_integration_test.cc index 81ed87e1ccf8..f7b007fa9a69 100644 --- a/test/integration/load_stats_integration_test.cc +++ b/test/integration/load_stats_integration_test.cc @@ -127,6 +127,8 @@ class LoadStatsIntegrationTest : public Grpc::VersionedGrpcClientIntegrationPara auto* cluster_0 = bootstrap.mutable_static_resources()->mutable_clusters(0); cluster_0->set_type(envoy::config::cluster::v3::Cluster::EDS); auto* eds_cluster_config = cluster_0->mutable_eds_cluster_config(); + eds_cluster_config->mutable_eds_config()->set_resource_api_version( + envoy::config::core::v3::ApiVersion::V3); eds_cluster_config->mutable_eds_config()->set_path(eds_helper_.eds_path()); eds_cluster_config->set_service_name("service_name_0"); if (locality_weighted_lb_) { @@ -390,6 +392,7 @@ INSTANTIATE_TEST_SUITE_P(IpVersionsClientType, LoadStatsIntegrationTest, // Validate the load reports for successful requests as cluster membership // changes. TEST_P(LoadStatsIntegrationTest, Success) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); waitForLoadStatsStream(); @@ -497,6 +500,7 @@ TEST_P(LoadStatsIntegrationTest, Success) { // weighted LB. This serves as a de facto integration test for locality weighted // LB. TEST_P(LoadStatsIntegrationTest, LocalityWeighted) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; locality_weighted_lb_ = true; initialize(); @@ -532,6 +536,7 @@ TEST_P(LoadStatsIntegrationTest, LocalityWeighted) { // Validate the load reports for requests when all endpoints are non-local. TEST_P(LoadStatsIntegrationTest, NoLocalLocality) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; sub_zone_ = "summer"; initialize(); @@ -566,6 +571,7 @@ TEST_P(LoadStatsIntegrationTest, NoLocalLocality) { // Validate the load reports for successful/error requests make sense. TEST_P(LoadStatsIntegrationTest, Error) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); waitForLoadStatsStream(); @@ -592,6 +598,7 @@ TEST_P(LoadStatsIntegrationTest, Error) { // Validate the load reports for in-progress make sense. TEST_P(LoadStatsIntegrationTest, InProgress) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; initialize(); waitForLoadStatsStream(); @@ -615,6 +622,7 @@ TEST_P(LoadStatsIntegrationTest, InProgress) { // Validate the load reports for dropped requests make sense. TEST_P(LoadStatsIntegrationTest, Dropped) { + XDS_DEPRECATED_FEATURE_TEST_SKIP; config_helper_.addConfigModifier([](envoy::config::bootstrap::v3::Bootstrap& bootstrap) { auto* cluster_0 = bootstrap.mutable_static_resources()->mutable_clusters(0); auto* thresholds = cluster_0->mutable_circuit_breakers()->add_thresholds(); diff --git a/test/integration/rtds_integration_test.cc b/test/integration/rtds_integration_test.cc index 17a355351905..7eb9ccd28f31 100644 --- a/test/integration/rtds_integration_test.cc +++ b/test/integration/rtds_integration_test.cc @@ -58,6 +58,7 @@ std::string tdsBootstrapConfig(absl::string_view api_type) { resource_api_version: V3 api_config_source: api_type: {} + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: rtds_cluster diff --git a/test/integration/sds_dynamic_integration_test.cc b/test/integration/sds_dynamic_integration_test.cc index 7b71cffce247..6023882ab9d6 100644 --- a/test/integration/sds_dynamic_integration_test.cc +++ b/test/integration/sds_dynamic_integration_test.cc @@ -67,6 +67,7 @@ class SdsDynamicIntegrationBaseTest : public Grpc::GrpcClientIntegrationParamTes config_source->set_resource_api_version(envoy::config::core::v3::ApiVersion::V3); auto* api_config_source = config_source->mutable_api_config_source(); api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + api_config_source->set_transport_api_version(envoy::config::core::v3::V3); auto* grpc_service = api_config_source->add_grpc_services(); setGrpcService(*grpc_service, "sds_cluster", fake_upstreams_.back()->localAddress()); } diff --git a/test/integration/sds_generic_secret_integration_test.cc b/test/integration/sds_generic_secret_integration_test.cc index dc00c43361bd..cc08861ff8ac 100644 --- a/test/integration/sds_generic_secret_integration_test.cc +++ b/test/integration/sds_generic_secret_integration_test.cc @@ -61,6 +61,7 @@ class SdsGenericSecretTestFilterConfig config_source_.set_resource_api_version(envoy::config::core::v3::ApiVersion::V3); auto* api_config_source = config_source_.mutable_api_config_source(); api_config_source->set_api_type(envoy::config::core::v3::ApiConfigSource::GRPC); + api_config_source->set_transport_api_version(envoy::config::core::v3::V3); auto* grpc_service = api_config_source->add_grpc_services(); grpc_service->mutable_envoy_grpc()->set_cluster_name("sds_cluster"); } diff --git a/test/integration/vhds_integration_test.cc b/test/integration/vhds_integration_test.cc index 225c68c1f7ca..5113f065145c 100644 --- a/test/integration/vhds_integration_test.cc +++ b/test/integration/vhds_integration_test.cc @@ -87,6 +87,7 @@ const std::string& config() { resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster @@ -112,6 +113,7 @@ name: my_route resource_api_version: V3 api_config_source: api_type: DELTA_GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster @@ -130,6 +132,7 @@ name: my_route resource_api_version: V3 api_config_source: api_type: DELTA_GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster diff --git a/test/server/configuration_impl_test.cc b/test/server/configuration_impl_test.cc index 9db37657d066..1c9781081f0b 100644 --- a/test/server/configuration_impl_test.cc +++ b/test/server/configuration_impl_test.cc @@ -28,7 +28,9 @@ #include "gtest/gtest.h" #include "udpa/type/v1/typed_struct.pb.h" +using testing::NiceMock; using testing::Return; +using testing::ReturnRef; namespace Envoy { namespace Server { @@ -441,7 +443,8 @@ TEST(InitialImplTest, LayeredRuntime) { admin_layer: {} )EOF"; const auto bootstrap = TestUtility::parseYaml(yaml); - InitialImpl config(bootstrap); + NiceMock options; + InitialImpl config(bootstrap, options); EXPECT_THAT(config.runtime(), ProtoEq(bootstrap.layered_runtime())); } @@ -452,7 +455,8 @@ TEST(InitialImplTest, EmptyLayeredRuntime) { )EOF"; const auto bootstrap = TestUtility::parseYaml(bootstrap_yaml); - InitialImpl config(bootstrap); + NiceMock options; + InitialImpl config(bootstrap, options); const std::string expected_yaml = R"EOF( layers: @@ -466,7 +470,8 @@ TEST(InitialImplTest, EmptyLayeredRuntime) { // An empty deprecated Runtime has an empty static and admin layer injected. TEST(InitialImplTest, EmptyDeprecatedRuntime) { const auto bootstrap = TestUtility::parseYaml("{}"); - InitialImpl config(bootstrap); + NiceMock options; + InitialImpl config(bootstrap, options); const std::string expected_yaml = R"EOF( layers: @@ -494,7 +499,8 @@ TEST(InitialImplTest, DeprecatedRuntimeTranslation) { )EOF"; const auto bootstrap = TestUtility::parseYaml(bootstrap_yaml); - InitialImpl config(bootstrap); + NiceMock options; + InitialImpl config(bootstrap, options); const std::string expected_yaml = R"EOF( layers: @@ -514,6 +520,29 @@ TEST(InitialImplTest, DeprecatedRuntimeTranslation) { EXPECT_THAT(config.runtime(), ProtoEq(expected_runtime)); } +// A v2 bootstrap implies runtime override for API features. +TEST(InitialImplTest, V2BootstrapRuntimeInjection) { + const auto bootstrap = TestUtility::parseYaml("{}"); + NiceMock options; + absl::optional version{2}; + EXPECT_CALL(options, bootstrapVersion()).WillOnce(ReturnRef(version)); + InitialImpl config(bootstrap, options); + + const std::string expected_yaml = R"EOF( + layers: + - name: base + static_layer: {} + - name: admin + admin_layer: {} + - name: "enabled_deprecated_v2_api (auto-injected)" + static_layer: + envoy.reloadable_features.enable_deprecated_v2_api: true + )EOF"; + const auto expected_runtime = + TestUtility::parseYaml(expected_yaml); + EXPECT_THAT(config.runtime(), ProtoEq(expected_runtime)); +} + TEST_F(ConfigurationImplTest, AdminSocketOptions) { std::string json = R"EOF( { @@ -544,7 +573,8 @@ TEST_F(ConfigurationImplTest, AdminSocketOptions) { )EOF"; auto bootstrap = Upstream::parseBootstrapFromV3Json(json); - InitialImpl config(bootstrap); + NiceMock options; + InitialImpl config(bootstrap, options); Network::MockListenSocket socket_mock; ASSERT_EQ(config.admin().socketOptions()->size(), 2); diff --git a/test/server/server_test.cc b/test/server/server_test.cc index 1db932a7c8c4..cff76b9d5daf 100644 --- a/test/server/server_test.cc +++ b/test/server/server_test.cc @@ -658,11 +658,13 @@ TEST_P(ServerInstanceImplTest, BootstrapNode) { expectCorrectBuildVersion(server_->localInfo().node().user_agent_build_version()); } -// Validate that bootstrap pb_text loads. -TEST_P(ServerInstanceImplTest, LoadsBootstrapFromPbText) { - EXPECT_LOG_NOT_CONTAINS("trace", "Configuration does not parse cleanly as v3", - initialize("test/server/test_data/server/node_bootstrap.pb_text")); - EXPECT_EQ("bootstrap_id", server_->localInfo().node().id()); +// Validate that bootstrap with v2 dynamic transport is rejected when --bootstrap-version is not +// set. +TEST_P(ServerInstanceImplTest, + DEPRECATED_FEATURE_TEST(FailToLoadV2TransportWithoutExplicitVersion)) { + EXPECT_THROW_WITH_REGEX(initialize("test/server/test_data/server/dynamic_v2.yaml"), + DeprecatedMajorVersionException, + "V2 .and AUTO. xDS transport protocol versions are deprecated in.*"); } // Validate that bootstrap v2 is rejected when --bootstrap-version is not set. @@ -671,8 +673,7 @@ TEST_P(ServerInstanceImplTest, EXPECT_THROW_WITH_REGEX( initialize("test/server/test_data/server/valid_v2_but_invalid_v3_bootstrap.pb_text"), DeprecatedMajorVersionException, - "Support for v2 will be removed from Envoy at the start of Q1 2021. You may make use of v2 " - "in Q3 2020 by setting"); + "Support for v2 will be removed from Envoy at the start of Q1 2021."); } // Validate that bootstrap v2 pb_text with deprecated fields loads when --bootstrap-version is set. @@ -789,7 +790,7 @@ TEST_P(ServerInstanceImplTest, FailToLoadV2ConfigWhenV3SelectedFromPbText) { } // Validate that bootstrap v2 YAML with deprecated fields loads fails if V3 config is specified. -TEST_P(ServerInstanceImplTest, FailToLoadV2ConfigWhenV3SelectedFromYaml) { +TEST_P(ServerInstanceImplTest, DEPRECATED_FEATURE_TEST(FailToLoadV2ConfigWhenV3SelectedFromYaml)) { options_.bootstrap_version_ = 3; EXPECT_THROW_WITH_REGEX( @@ -797,6 +798,19 @@ TEST_P(ServerInstanceImplTest, FailToLoadV2ConfigWhenV3SelectedFromYaml) { EnvoyException, "has unknown fields"); } +// Validate that bootstrap with v2 dynamic transport loads when --bootstrap-version is set. +TEST_P(ServerInstanceImplTest, DEPRECATED_FEATURE_TEST(LoadsV2TransportWithoutExplicitVersion)) { + options_.bootstrap_version_ = 2; + initialize("test/server/test_data/server/dynamic_v2.yaml"); +} + +// Validate that bootstrap pb_text loads. +TEST_P(ServerInstanceImplTest, LoadsBootstrapFromPbText) { + EXPECT_LOG_NOT_CONTAINS("trace", "Configuration does not parse cleanly as v3", + initialize("test/server/test_data/server/node_bootstrap.pb_text")); + EXPECT_EQ("bootstrap_id", server_->localInfo().node().id()); +} + // Validate that we blow up on invalid version number. TEST_P(ServerInstanceImplTest, InvalidBootstrapVersion) { options_.bootstrap_version_ = 1; diff --git a/test/server/test_data/server/bad_sds_config_source.yaml b/test/server/test_data/server/bad_sds_config_source.yaml index f5dab6740008..f4face09489f 100644 --- a/test/server/test_data/server/bad_sds_config_source.yaml +++ b/test/server/test_data/server/bad_sds_config_source.yaml @@ -24,8 +24,10 @@ static_resources: tls_certificate_sds_secret_configs: - name: default sds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: "sds-grpc" diff --git a/test/server/test_data/server/dynamic_v2.yaml b/test/server/test_data/server/dynamic_v2.yaml new file mode 100644 index 000000000000..bf924ec1639e --- /dev/null +++ b/test/server/test_data/server/dynamic_v2.yaml @@ -0,0 +1,16 @@ +node: + id: bootstrap_id + cluster: bootstrap_cluster +static_resources: + clusters: + - name: dummy_cluster + connect_timeout: 1s +dynamic_resources: + lds_config: + resource_api_version: V3 + api_config_source: + api_type: GRPC + transport_api_version: V2 + grpc_services: + envoy_grpc: + cluster_name: "dummy_cluster" diff --git a/test/server/test_data/server/runtime_bootstrap_ads_eds.yaml b/test/server/test_data/server/runtime_bootstrap_ads_eds.yaml index 9bd1730bf927..c538aeadf61e 100644 --- a/test/server/test_data/server/runtime_bootstrap_ads_eds.yaml +++ b/test/server/test_data/server/runtime_bootstrap_ads_eds.yaml @@ -16,14 +16,17 @@ static_resources: type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: "dummy_cluster" dynamic_resources: ads_config: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: ads_cluster @@ -34,5 +37,5 @@ layered_runtime: rtds_layer: name: foobar rtds_config: + resource_api_version: V3 ads: {} - diff --git a/test/server/test_data/server/runtime_bootstrap_eds.yaml b/test/server/test_data/server/runtime_bootstrap_eds.yaml index c74b692288e1..df04b1e326d9 100644 --- a/test/server/test_data/server/runtime_bootstrap_eds.yaml +++ b/test/server/test_data/server/runtime_bootstrap_eds.yaml @@ -16,8 +16,10 @@ static_resources: type: EDS eds_cluster_config: eds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: "dummy_cluster" @@ -27,9 +29,10 @@ layered_runtime: rtds_layer: name: foobar rtds_config: + resource_api_version: V3 api_config_source: api_type: GRPC + transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: rtds_cluster -