Sync Fork from Upstream Repo #20

Signed-off-by: Elisha Ziskind <[email protected]>

Description: Make Redis example use catch_all_route. Risk Level: Low. Testing: Done. docker-compose up --build brings up envoy proxy and I was able to run Redis commands using redis-cli. Signed-off-by: Raju Kadam <[email protected]>

Signed-off-by: Dan Zhang <[email protected]>

#8236). (#8239) Description: Allow a no-scope request to pass through the filter chain, so that some special queries (e.g., data plane health-check ) can be processed by the customized filter-chain. By default, the behavior is the same (404). Risk Level: LOW Testing: unit test and integration test. Docs Changes: N/A Release Notes: N/A Fixes #8236 Signed-off-by: Xin Zhuang <[email protected]>

Description: Move common/crypto impl (i.e. utility.cc) to extensions to make it clear that the impl is ssl-impl specific (e.g. boringgsl vs openssl) and easier to plug in an openssl impl. Risk Level: Low Testing: Passes all standard tests Docs Changes: None Release Notes: None Signed-off-by: William DeCoste <[email protected]>

Per #8042, update documentation to clarify authentication required for SDS connections, and add notes about credential types in use today. Risk Level: Low Testing: Previewed content layout using RST parser. Docs Changes: See description. Signed-off-by: Brian Celenza <[email protected]>

This change defines C++ grpc bindings for the external AuthZ interface. In the istio Security WG we're planning on using this interface to provide transparent authentication of requests. As this interface lies on the data plane we wish to implement it in C++ to maintain consistent and predictable performance The changes allow a C++ implementation built using bazel to import Envoy as a workspace dependency and generate the C++ gRPC bindings directly without the need for complex import and generation scripts. Signed-off-by: Nick A. Smith <[email protected]>

Signed-off-by: Lizan Zhou <[email protected]>

Configured via 'retriable-headers' retry policy and 'retriable_headers' list of headers (both can be set via config or request headers) . If the upstream response has any of the retriable headers set, retry will be triggered. Signed-off-by: Oleg Shaldibin <[email protected]>

Fix the header path error introudced in pr #8166 Risk Level: LOW Testing: N/A Signed-off-by: Xin Zhuang <[email protected]>

Description: Rename h2 to h2c to respect the standard Risk Level: Low Testing: Unit test Docs Changes: N/A Release Notes: N/A Signed-off-by: crazyxy <[email protected]>

Signed-off-by: Lisa Lu <[email protected]>

Signed-off-by: Kuat Yessenov <[email protected]>

This change updated the following dependencies: - protobuf - 3.9.1 - grpc - 1.22.1 And introduces the new dependencies, needed by the new protobuf: - rules_proto Risk Level: Medium Testing: Unit and integration tests. Docs Changes: N/A Release Notes: N/A Signed-off-by: Michal Rostecki <[email protected]>

Description: There is one behavior change. This PR watch Closed type event. `Closed` indicates a FIN is received on the OS supporting this event. Upon `Closed` event http inspector would parse the last round. If the parser cannot determine the protocol is http this listener would give up since there is no more data from client. Previous behavior: watch only READ event and hoping peek would return errno. With this PR: 1. A poll cycle is saved. 2. A client stream "ping"+FIN flag could pass the listener filter. Not sure this is very useful in production but it helps me debug with ping-pong client server. And this behavior is less surprising. Risk Level: MID Testing: UT Docs Changes: Release Notes: Signed-off-by: Yuchen Dai <[email protected]>

This PR adds tracing support to the HTTP client in the external authorization filter. So far, only gRPC client was able to trace requests from the filter to an authorization service. Risk Level: Low Testing: yes Docs Changes: N/A Release Notes: Added Fixes #6520 Signed-off-by: Gabriel Linden Sagula <[email protected]>

We want to have just vN and vNalpha going forward as part of the v3 work. Signed-off-by: Harvey Tuch <[email protected]>

Support tags[] arg for more specific build control. Where the underlying bazel primitives support tags[], envoy_() should support them. Risk Level: Low Testing: Local on Windows and Linux CI Signed-off-by: Yechiel Kalmenson <[email protected]>

This existed for the v1 -> v2 migration and is no longer relevant. Signed-off-by: Harvey Tuch <[email protected]>

This string constant is not constant when ads_integration_test is parameterized on delta/SotW. Risk Level: none Testing: test-only change Doc Changes: n /a Release Notes: n/a Signed-off-by: Fred Douglas <[email protected]>

- Better default deadlines. - Better error messages. Signed-off-by: Emil Mikulic <[email protected]>

Description: Fix a test flake. If crypto error option is set in the signing test, just leave the digest to zeroes instead of trying to modify it. The digest modification might just cause ASN object structure changes. BoringSSL source appears to have a similar test where the ASN structure is parsed before modification: https://github.com/google/boringssl/blob/a7d9ac2af4684747c4524cbeba9737b04dce3e3e/crypto/fipsmodule/ecdsa/ecdsa_test.cc#L143 Risk Level: low Testing: `bazel test //test/extensions/transport_sockets/tls:ssl_socket_test --runs_per_test=1000` Docs Changes: N/A Release Notes: N/A Fixes: #8255 Signed-off-by: Ismo Puustinen <[email protected]>

http: only accept HTTP client magic at the start of buffer Risk Level: low Testing: added test case Docs Changes: n/a Release Notes: updated Fixes: #8229 Signed-off-by: Stephan Zuercher <[email protected]>

Checks for the reopen flag when the log flush timer fires and issues the reopen even if no data is pending. This prevents Envoy from holding a file descriptor on rotated but seldom written log files until the next write. Risk Level: low Testing: add unit test Docs Changes: n/a Release Notes: n/a Fixes: #8249 Signed-off-by: Stephan Zuercher <[email protected]>

Signed-off-by: Lizan Zhou <[email protected]>

#8288) Signed-off-by: Xin Zhuang <[email protected]>

#8091) Signed-off-by: Dan Zhang <[email protected]>

…8152) Currently, if gRPC config stream disconnected while Envoy waiting for initial xDS response, xDS implementations' onConfigUpdateFailed() will allow Envoy startup to continue. This may cause Envoy begins taking traffics while route/cluster/endpoint config are still missing and return "404 NR" or "503 NR". This change makes Envoy waiting for initial xDS response until initial_fetch_timeout if specified. Risk Level: Medium Testing: existing test cases updated Fixes #8046 Signed-off-by: lhuang8 <[email protected]>

Adds a script to create a go module from the generated protobufs as part of #8151. The module appears to build with the following module declaration: module github.com/envoyproxy/data-plane-api/api go 1.12 require ( github.com/census-instrumentation/opencensus-proto v0.2.1 github.com/envoyproxy/protoc-gen-validate v0.1.0 github.com/gogo/protobuf v1.3.0 github.com/golang/protobuf v1.3.2 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 google.golang.org/grpc v1.23.0 ) Add CI automation to trigger the script after the merge to master in envoyproxy. Risk Level: low Testing: local build Docs Changes: none Release Notes: none Fixes #8151 Signed-off-by: Kuat Yessenov <[email protected]>

…8009) When trailer indicates a gRPC error and there was no HTTP body, with the `convert_grpc_status option` enabled, take `google.rpc.Status` from the `grpc-status-details-bin` header and use it as a JSON body. If there was no such header, make `google.rpc.Status` out of the `grpc-status` and `grpc-message` headers. This also adds `google.rpc.Status` to user-provided protobuf descriptor. Risk Level: Small-medium Testing: Added unit and integration tests tests, tested manually. Docs Changes: Added field description in api/envoy/config/filter/http/transcoder/v2/transcoder.proto Release Notes: Fixes #3383 Signed-off-by: Anatoly Scheglov <[email protected]>

Fixes To: field of security email templates Risk level: Low Testing: n/a Doc Changes: yes Release Notes: n/a Signed-off-by: Asra Ali <[email protected]>

Adds a debug log line when a cluster is skipped from CDS response. Risk Level: Low (debug logging) Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: Rama Chavali <[email protected]>

Some example regexes were rendered incorrectly on envoyproxy.io. I chose to try to find all the example regexes and make them literal text. This way the regexes are syntactically correct both in the raw proto and on the doc site. Also found an H2 protocol option with a missing paragraph due to a blank line vs. empty comment line. Risk: low, comment-only Testing: n/a Docs: updated Release Notes: n/a Signed-off-by: Stephan Zuercher <[email protected]>

… lookup, which should have a fallback and avoid locks (#8243) * Split StatNameSet API into explicit Dynamic and Builtin requests, with a required fallback stat-name for Builtins rather than a potential lock. Signed-off-by: Joshua Marantz <[email protected]>

…8300) * Move trailing detached comments that protoc ignores to some anchored place. In the near future, this will be enforced by check_format. * Remove comments on reserved fields; we won't be using reserved in v3 and it's a bit of a pain preserving them. Risk level: Low Testing: Docs build, diff inspection, comparison against output of proto transform tool. Signed-off-by: Harvey Tuch <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sync Fork from Upstream Repo #20

Sync Fork from Upstream Repo #20

Commits on Sep 16, 2019

Commits on Sep 17, 2019

Commits on Sep 18, 2019

Commits on Sep 19, 2019

Commits on Sep 20, 2019