Update envoy to 06/09/2021

WORKSPACE

@@ -39,9 +39,9 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # 3) Check if envoy_build_config/extensions_build_config.bzl is up-to-date.
 # Try to match it with the one in source/extensions and comment out unneeded extensions.
 
-ENVOY_SHA1 = "98c1c9e9a40804b93b074badad1cdf284b47d58b"  # 2021-05-11: v1.18.3
+ENVOY_SHA1 = "9ebffc61cfd2ea11807757b12a4ae7b92ab0dc8c"  # 2021-06-09: top of the tree
 
-ENVOY_SHA256 = "27e6820614e1f7dbb259e698f20bd15ac71fdda74a880fafd24ce86d352bc4f7"
+ENVOY_SHA256 = "fbdc0419e4fee3c651375553150496ad1bccd7d8b5174a0a99bdaa66d0423199"
 
 http_archive(
     name = "envoy",

bazel/service_control.bzl

@@ -14,14 +14,14 @@
 
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
-SERVICE_CONTROL_CLIENT_GIT_SHA = "a4a960746cee29366ecfc7f194bc5cba6e11b5a1"
-SERVICE_CONTROL_CLIENT_SHA = "c2a0a5c5fe907361b6c004c8a2bae7d6dc5e9f1b8fcace8c44b0bd3eb6fb7325"
+SERVICE_CONTROL_CLIENT_GIT_SHA = "fe31b51ebd60b8e2741ad1feb844e982a7c61fd1"
+SERVICE_CONTROL_CLIENT_SHA = "d8611b90b9e401770987c838afa8a79dd3d5af47b76bf77e9c59dcd6a38ef201"
 
 def service_control_client_repositories(bind = True):
     http_archive(
         name = "servicecontrol_client_git",
         sha256 = SERVICE_CONTROL_CLIENT_SHA,
-        strip_prefix = "service-control-client-cxx-" + SERVICE_CONTROL_CLIENT_GIT_SHA,
+        strip_prefix = "service-control-client-cxx-" + SERVICE_CONTROL_CLIENT_GIT_SHA, # 2021-06-09
         urls = ["https://github.com/cloudendpoints/service-control-client-cxx/archive/" + SERVICE_CONTROL_CLIENT_GIT_SHA + ".tar.gz"],
         #TODO(taoxuy): remove this mapping once Envoy googleapis_git is updated to use the version with servicecontrol_proto change
         repo_mapping = {"@googleapis_git": "@com_github_googleapis_googleapis"},

src/api_proxy/path_matcher/path_matcher_node.cc

@@ -91,7 +91,7 @@ const typename Collection::value_type::second_type* Find2KeysOrNull(
 PathMatcherNode::PathInfo::Builder&
 PathMatcherNode::PathInfo::Builder::AppendLiteralNode(std::string name) {
   if (name == HttpTemplate::kSingleParameterKey) {
-    //    status_.Update(util::Status(util::error::INVALID_ARGUMENT,
+    //    status_.Update(util::Status(util::StatusCode::kInvalidArgument,
     //                          StrCat(name, " is a reserved node name.")));
   }
   path_.emplace_back(name);

src/api_proxy/service_control/check_response_convert_utils.cc

@@ -24,8 +24,9 @@ using ::google::api::servicecontrol::v1::CheckError_Code_Name;
 using ::google::api::servicecontrol::v1::CheckResponse;
 using ::google::api::servicecontrol::v1::
     CheckResponse_ConsumerInfo_ConsumerType;
+using ::google::protobuf::util::OkStatus;
 using ::google::protobuf::util::Status;
-using ::google::protobuf::util::error::Code;
+using ::google::protobuf::util::StatusCode;
 
 Status ConvertCheckResponse(const CheckResponse& check_response,
                             const std::string& service_name,
@@ -50,7 +51,7 @@ Status ConvertCheckResponse(const CheckResponse& check_response,
   }
 
   if (check_response.check_errors().empty()) {
-    return Status::OK;
+    return OkStatus();
   }
 
   // TODO: aggregate status responses for all errors (including error.detail)
@@ -67,64 +68,65 @@ Status ConvertCheckResponse(const CheckResponse& check_response,
   switch (error.code()) {
     case CheckError::NOT_FOUND:
       check_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::INVALID_ARGUMENT,
+      return Status(StatusCode::kInvalidArgument,
                     "Client project not found. Please pass a valid project.");
     case CheckError::RESOURCE_EXHAUSTED:
       check_error.type = ScResponseErrorType::CONSUMER_QUOTA;
-      return Status(Code::RESOURCE_EXHAUSTED, "Quota check failed.");
+      return Status(StatusCode::kResourceExhausted, "Quota check failed.");
     case CheckError::API_TARGET_BLOCKED:
       check_error.type = ScResponseErrorType::CONSUMER_BLOCKED;
-      return Status(Code::PERMISSION_DENIED,
+      return Status(StatusCode::kPermissionDenied,
                     " The API targeted by this request is invalid for the "
                     "given API key.");
     case CheckError::API_KEY_NOT_FOUND:
       check_error.type = ScResponseErrorType::API_KEY_INVALID;
-      return Status(Code::INVALID_ARGUMENT,
+      return Status(StatusCode::kInvalidArgument,
                     "API key not found. Please pass a valid API key.");
     case CheckError::API_KEY_EXPIRED:
       check_error.type = ScResponseErrorType::API_KEY_INVALID;
-      return Status(Code::INVALID_ARGUMENT,
+      return Status(StatusCode::kInvalidArgument,
                     "API key expired. Please renew the API key.");
     case CheckError::API_KEY_INVALID:
       check_error.type = ScResponseErrorType::API_KEY_INVALID;
-      return Status(Code::INVALID_ARGUMENT,
+      return Status(StatusCode::kInvalidArgument,
                     "API key not valid. Please pass a valid API key.");
     case CheckError::SERVICE_NOT_ACTIVATED:
       check_error.type = ScResponseErrorType::SERVICE_NOT_ACTIVATED;
-      return Status(Code::PERMISSION_DENIED,
+      return Status(StatusCode::kPermissionDenied,
                     absl::StrCat("API ", service_name,
                                  " is not enabled for the project."));
     case CheckError::PERMISSION_DENIED:
       check_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::PERMISSION_DENIED, "Permission denied.");
+      return Status(StatusCode::kPermissionDenied, "Permission denied.");
     case CheckError::IP_ADDRESS_BLOCKED:
       check_error.type = ScResponseErrorType::CONSUMER_BLOCKED;
-      return Status(Code::PERMISSION_DENIED, "IP address blocked.");
+      return Status(StatusCode::kPermissionDenied, "IP address blocked.");
     case CheckError::REFERER_BLOCKED:
       check_error.type = ScResponseErrorType::CONSUMER_BLOCKED;
-      return Status(Code::PERMISSION_DENIED, "Referer blocked.");
+      return Status(StatusCode::kPermissionDenied, "Referer blocked.");
     case CheckError::CLIENT_APP_BLOCKED:
       check_error.type = ScResponseErrorType::CONSUMER_BLOCKED;
-      return Status(Code::PERMISSION_DENIED, "Client application blocked.");
+      return Status(StatusCode::kPermissionDenied,
+                    "Client application blocked.");
     case CheckError::PROJECT_DELETED:
       check_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::PERMISSION_DENIED, "Project has been deleted.");
+      return Status(StatusCode::kPermissionDenied, "Project has been deleted.");
     case CheckError::PROJECT_INVALID:
       check_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::INVALID_ARGUMENT,
+      return Status(StatusCode::kInvalidArgument,
                     "Client project not valid. Please pass a valid project.");
     case CheckError::BILLING_DISABLED:
       check_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::PERMISSION_DENIED,
+      return Status(StatusCode::kPermissionDenied,
                     absl::StrCat("API ", service_name,
                                  " has billing disabled. Please enable it."));
     case CheckError::INVALID_CREDENTIAL:
       check_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::PERMISSION_DENIED,
+      return Status(StatusCode::kPermissionDenied,
                     "The credential in the request can not be verified.");
     case CheckError::CONSUMER_INVALID:
       check_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::PERMISSION_DENIED,
+      return Status(StatusCode::kPermissionDenied,
                     "The consumer from the API key does not represent"
                     " a valid consumer folder or organization.");
 
@@ -133,24 +135,24 @@ Status ConvertCheckResponse(const CheckResponse& check_response,
     case CheckError::BILLING_STATUS_UNAVAILABLE:
     case CheckError::CLOUD_RESOURCE_MANAGER_BACKEND_UNAVAILABLE:
       return Status(
-          Code::UNAVAILABLE,
+          StatusCode::kUnavailable,
           "One or more Google Service Control backends are unavailable.");
 
     default:
-      return Status(Code::INTERNAL,
+      return Status(StatusCode::kInternal,
                     std::string("Request blocked due to unsupported error code "
                                 "in Google Service Control Check response: ") +
                         std::to_string(error.code()));
   }
-  return Status::OK;
+  return OkStatus();
 }
 
 Status ConvertAllocateQuotaResponse(
     const ::google::api::servicecontrol::v1::AllocateQuotaResponse& response,
     const std::string&, QuotaResponseInfo* quota_response_info) {
   // response.operation_id()
   if (response.allocate_errors().empty()) {
-    return Status::OK;
+    return OkStatus();
   }
 
   const ::google::api::servicecontrol::v1::QuotaError& error =
@@ -170,32 +172,32 @@ Status ConvertAllocateQuotaResponse(
       // Quota allocation failed.
       // Same as [google.rpc.Code.RESOURCE_EXHAUSTED][].
       quota_error.type = ScResponseErrorType::CONSUMER_QUOTA;
-      return Status(Code::RESOURCE_EXHAUSTED, error.description());
+      return Status(StatusCode::kResourceExhausted, error.description());
 
     case ::google::api::servicecontrol::v1::QuotaError::BILLING_NOT_ACTIVE:
       // Consumer cannot access the service because billing is disabled.
       quota_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::PERMISSION_DENIED, error.description());
+      return Status(StatusCode::kPermissionDenied, error.description());
 
     case ::google::api::servicecontrol::v1::QuotaError::PROJECT_DELETED:
       // Consumer's project has been marked as deleted (soft deletion).
       quota_error.type = ScResponseErrorType::CONSUMER_ERROR;
-      return Status(Code::INVALID_ARGUMENT, error.description());
+      return Status(StatusCode::kInvalidArgument, error.description());
 
     case ::google::api::servicecontrol::v1::QuotaError::API_KEY_INVALID:
       // Specified API key is invalid.
     case ::google::api::servicecontrol::v1::QuotaError::API_KEY_EXPIRED:
       // Specified API Key has expired.
       quota_error.type = ScResponseErrorType::API_KEY_INVALID;
-      return Status(Code::INVALID_ARGUMENT, error.description());
+      return Status(StatusCode::kInvalidArgument, error.description());
 
     default:
-      return Status(Code::INTERNAL, error.description());
+      return Status(StatusCode::kInternal, error.description());
   }
 
-  return Status::OK;
+  return OkStatus();
 }
 
 }  // namespace service_control
 }  // namespace api_proxy
-}  // namespace espv2
+}  // namespace espv2

src/api_proxy/service_control/check_response_convert_utils_test.cc

@@ -27,12 +27,13 @@ using ::google::api::servicecontrol::v1::CheckError_Code_Name;
 using ::google::api::servicecontrol::v1::CheckResponse;
 using ::google::api::servicecontrol::v1::
     CheckResponse_ConsumerInfo_ConsumerType;
+using ::google::protobuf::util::OkStatus;
 using ::google::protobuf::util::Status;
-using ::google::protobuf::util::error::Code;
+using ::google::protobuf::util::StatusCode;
 
 class CheckResponseConverterTest : public ::testing::Test {
  protected:
-  void runTest(CheckError_Code got_check_error_code, Code want_code,
+  void runTest(CheckError_Code got_check_error_code, StatusCode want_code,
                ScResponseErrorType want_error_type) {
     CheckResponseInfo info;
     CheckResponse response;
@@ -48,109 +49,110 @@ class CheckResponseConverterTest : public ::testing::Test {
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithInvalidArgumentWhenRespIsKeyInvalid) {
-  runTest(CheckError::API_KEY_INVALID, Code::INVALID_ARGUMENT,
+  runTest(CheckError::API_KEY_INVALID, StatusCode::kInvalidArgument,
           ScResponseErrorType::API_KEY_INVALID);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithInvalidArgumentWhenRespIsKeyExpired) {
-  runTest(CheckError::API_KEY_EXPIRED, Code::INVALID_ARGUMENT,
+  runTest(CheckError::API_KEY_EXPIRED, StatusCode::kInvalidArgument,
           ScResponseErrorType::API_KEY_INVALID);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithInvalidArgumentWhenRespIsBlockedWithKeyNotFound) {
-  runTest(CheckError::API_KEY_NOT_FOUND, Code::INVALID_ARGUMENT,
+  runTest(CheckError::API_KEY_NOT_FOUND, StatusCode::kInvalidArgument,
           ScResponseErrorType::API_KEY_INVALID);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithInvalidArgumentWhenRespIsBlockedWithNotFound) {
-  runTest(CheckError::NOT_FOUND, Code::INVALID_ARGUMENT,
+  runTest(CheckError::NOT_FOUND, StatusCode::kInvalidArgument,
           ScResponseErrorType::CONSUMER_ERROR);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithPermissionDeniedWhenRespIsBlockedWithPermissionDenied) {
-  runTest(CheckError::PERMISSION_DENIED, Code::PERMISSION_DENIED,
+  runTest(CheckError::PERMISSION_DENIED, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_ERROR);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithPermissionDeniedWhenRespIsBlockedWithIpAddressBlocked) {
-  runTest(CheckError::IP_ADDRESS_BLOCKED, Code::PERMISSION_DENIED,
+  runTest(CheckError::IP_ADDRESS_BLOCKED, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_BLOCKED);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithPermissionDeniedWhenRespIsBlockedWithRefererBlocked) {
-  runTest(CheckError::REFERER_BLOCKED, Code::PERMISSION_DENIED,
+  runTest(CheckError::REFERER_BLOCKED, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_BLOCKED);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithPermissionDeniedWhenRespIsBlockedWithClientAppBlocked) {
-  runTest(CheckError::CLIENT_APP_BLOCKED, Code::PERMISSION_DENIED,
+  runTest(CheckError::CLIENT_APP_BLOCKED, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_BLOCKED);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithPermissionDeniedWhenResponseIsBlockedWithProjectDeleted) {
-  runTest(CheckError::PROJECT_DELETED, Code::PERMISSION_DENIED,
+  runTest(CheckError::PROJECT_DELETED, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_ERROR);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithPermissionDeniedWhenResponseIsBlockedWithProjectInvalid) {
-  runTest(CheckError::PROJECT_INVALID, Code::INVALID_ARGUMENT,
+  runTest(CheckError::PROJECT_INVALID, StatusCode::kInvalidArgument,
           ScResponseErrorType::CONSUMER_ERROR);
 }
 
 TEST_F(CheckResponseConverterTest,
        AbortedWithPermissionDeniedWhenResponseIsBlockedWithBillingDisabled) {
-  runTest(CheckError::BILLING_DISABLED, Code::PERMISSION_DENIED,
+  runTest(CheckError::BILLING_DISABLED, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_ERROR);
 }
 
 TEST_F(CheckResponseConverterTest, WhenResponseIsBlockedWithInvalidCredentail) {
-  runTest(CheckError::INVALID_CREDENTIAL, Code::PERMISSION_DENIED,
+  runTest(CheckError::INVALID_CREDENTIAL, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_ERROR);
 }
 
 TEST_F(CheckResponseConverterTest, WhenResponseIsBlockedWithConsumerInvalid) {
-  runTest(CheckError::CONSUMER_INVALID, Code::PERMISSION_DENIED,
+  runTest(CheckError::CONSUMER_INVALID, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_ERROR);
 }
 
 TEST_F(CheckResponseConverterTest, WhenResponseIsBlockedWithResourceExhuasted) {
-  runTest(CheckError::RESOURCE_EXHAUSTED, Code::RESOURCE_EXHAUSTED,
+  runTest(CheckError::RESOURCE_EXHAUSTED, StatusCode::kResourceExhausted,
           ScResponseErrorType::CONSUMER_QUOTA);
 }
 
 TEST_F(CheckResponseConverterTest, WhenResponseIsBlockedWithApiTargetBlocked) {
-  runTest(CheckError::API_TARGET_BLOCKED, Code::PERMISSION_DENIED,
+  runTest(CheckError::API_TARGET_BLOCKED, StatusCode::kPermissionDenied,
           ScResponseErrorType::CONSUMER_BLOCKED);
 }
 
 TEST_F(CheckResponseConverterTest, WhenResponseIsBlockedWithNamespaceLookup) {
-  runTest(CheckError::NAMESPACE_LOOKUP_UNAVAILABLE, Code::UNAVAILABLE,
+  runTest(CheckError::NAMESPACE_LOOKUP_UNAVAILABLE, StatusCode::kUnavailable,
           ScResponseErrorType::ERROR_TYPE_UNSPECIFIED);
 }
 
 TEST_F(CheckResponseConverterTest, WhenResponseIsBlockedWithBillingStatus) {
-  runTest(CheckError::BILLING_STATUS_UNAVAILABLE, Code::UNAVAILABLE,
+  runTest(CheckError::BILLING_STATUS_UNAVAILABLE, StatusCode::kUnavailable,
           ScResponseErrorType::ERROR_TYPE_UNSPECIFIED);
 }
 
 TEST_F(CheckResponseConverterTest, WhenResponseIsBlockedWithServiceStatus) {
-  runTest(CheckError::SERVICE_STATUS_UNAVAILABLE, Code::UNAVAILABLE,
+  runTest(CheckError::SERVICE_STATUS_UNAVAILABLE, StatusCode::kUnavailable,
           ScResponseErrorType::ERROR_TYPE_UNSPECIFIED);
 }
 
 TEST_F(CheckResponseConverterTest,
        WhenResponseIsBlockedWithCloudResourceManager) {
   runTest(CheckError::CLOUD_RESOURCE_MANAGER_BACKEND_UNAVAILABLE,
-          Code::UNAVAILABLE, ScResponseErrorType::ERROR_TYPE_UNSPECIFIED);
+          StatusCode::kUnavailable,
+          ScResponseErrorType::ERROR_TYPE_UNSPECIFIED);
 }
 
 TEST_F(CheckResponseConverterTest,
@@ -163,7 +165,7 @@ TEST_F(CheckResponseConverterTest,
 
   Status result = ConvertCheckResponse(response, "api_xxxx", &info);
 
-  EXPECT_EQ(Code::PERMISSION_DENIED, result.code());
+  EXPECT_EQ(StatusCode::kPermissionDenied, result.code());
   EXPECT_EQ(result.message(), "API api_xxxx is not enabled for the project.");
   EXPECT_EQ(info.error.type, ScResponseErrorType::SERVICE_NOT_ACTIVATED);
 }