diff --git a/.bazelrc b/.bazelrc index 261dc371a1..b143b8447a 100644 --- a/.bazelrc +++ b/.bazelrc @@ -68,3 +68,5 @@ build:release-android --compilation_mode=opt # Instrument Envoy Mobile's c++ code for coverage build:coverage --instrumentation_filter="//library/common[/:]" +build:coverage --host_javabase=@bazel_tools//tools/jdk:remote_jdk11 +build:coverage --javabase=@bazel_tools//tools/jdk:remote_jdk11 diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index a12b3d4fab..6c14f29a03 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -7,32 +7,6 @@ on: pull_request: jobs: - linuxdist: - name: linux_dist - runs-on: ubuntu-18.04 - timeout-minutes: 90 - steps: - - uses: actions/checkout@v1 - with: - submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - - name: 'Build envoy.aar distributable' - run: | - export PATH=/usr/lib/llvm-10/bin:$PATH - export CC=clang - export CXX=clang++ - export ANDROID_NDK_HOME=/usr/local/lib/android/sdk/ndk-bundle - bazelisk build --fat_apk_cpu=x86 //:android_dist_ci - # TODO: parallelize these two jobs - - name: 'Build Java app' - run: | - export ANDROID_NDK_HOME=/usr/local/lib/android/sdk/ndk-bundle - bazelisk build --fat_apk_cpu=x86 //examples/java/hello_world:hello_envoy - - name: 'Build kotlin app' - run: | - export ANDROID_NDK_HOME=/usr/local/lib/android/sdk/ndk-bundle - bazelisk build --fat_apk_cpu=x86 //examples/kotlin/hello_world:hello_envoy_kt macdist: name: mac_dist runs-on: macOS-latest @@ -50,7 +24,7 @@ jobs: name: 'Install dependencies' - name: 'Build envoy.aar distributable' run: bazelisk build --fat_apk_cpu=x86 //:android_dist_ci - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v2 with: name: envoy.aar path: dist/envoy.aar @@ -70,7 +44,7 @@ jobs: architecture: x64 - run: ./ci/mac_ci_setup.sh name: 'Install dependencies' - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v2 with: name: envoy.aar path: dist/ @@ -103,7 +77,7 @@ jobs: architecture: x64 - run: ./ci/mac_ci_setup.sh name: 'Install dependencies' - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v2 with: name: envoy.aar path: dist/ @@ -122,25 +96,31 @@ jobs: name: 'Check liveliness' kotlintests: name: kotlin_tests - runs-on: ubuntu-18.04 + runs-on: macOS-latest timeout-minutes: 90 steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - - run: bazelisk test --test_output=all --build_tests_only //library/kotlin/test/... + - uses: actions/setup-java@v1 + with: + java-version: '8' + java-package: jdk + architecture: x64 + - run: bazel test --test_output=all --build_tests_only //library/kotlin/test/... name: 'Run Kotlin library tests' javatests: name: java_tests - runs-on: ubuntu-18.04 + runs-on: macOS-latest timeout-minutes: 90 steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - - run: bazelisk test --test_output=all --build_tests_only //library/java/test/... + - uses: actions/setup-java@v1 + with: + java-version: '8' + java-package: jdk + architecture: x64 + - run: bazel test --test_output=all --build_tests_only //library/java/test/... name: 'Run Java library tests' diff --git a/.github/workflows/artifacts.yml b/.github/workflows/artifacts.yml index e097c8fe14..925eda1d6a 100644 --- a/.github/workflows/artifacts.yml +++ b/.github/workflows/artifacts.yml @@ -10,27 +10,28 @@ on: jobs: main_android_dist_ci: name: main_android_dist_ci - runs-on: ubuntu-18.04 + runs-on: macOS-latest timeout-minutes: 120 steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh + - uses: actions/setup-java@v1 + with: + java-version: '8' + java-package: jdk + architecture: x64 + - run: ./ci/mac_ci_setup.sh + name: 'Install dependencies' - name: 'Build envoy.aar distributable' run: | - export PATH=/usr/lib/llvm-10/bin:$PATH - export CC=clang - export CXX=clang++ - export ANDROID_NDK_HOME=/usr/local/lib/android/sdk/ndk-bundle current_short_commit=$(git rev-parse --short HEAD) bazelisk build \ --config=release-android \ --fat_apk_cpu=x86,armeabi-v7a,arm64-v8a \ --define=pom_version=main-$current_short_commit \ //:android_dist_ci - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v2 with: name: envoy_android_aar_sources path: bazel-bin/envoy_mobile.zip @@ -50,7 +51,7 @@ jobs: run: mkdir -p dist/ios_artifact/Envoy.framework - name: 'Move artifact to directory for zipping' run: mv dist/Envoy.framework/* dist/ios_artifact/Envoy.framework - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v2 with: name: envoy_ios_framework path: dist/ios_artifact @@ -65,7 +66,7 @@ jobs: submodules: true - name: 'Install dependencies' run: ./ci/mac_ci_setup.sh - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v2 with: name: envoy_ios_framework path: dist/envoy_ios_cocoapods @@ -75,7 +76,7 @@ jobs: run: mkdir -p dist/envoy_ios_cocoapods/Envoy.framework/Swift - name: 'Create empty Swift file to force Swift libraries to link properly' run: touch dist/envoy_ios_cocoapods/Envoy.framework/Swift/Empty.swift - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v2 with: name: envoy_ios_cocoapods path: dist/envoy_ios_cocoapods diff --git a/.github/workflows/core.yml b/.github/workflows/core.yml index 1c72d04457..4c53ed630d 100644 --- a/.github/workflows/core.yml +++ b/.github/workflows/core.yml @@ -23,31 +23,30 @@ jobs: name: tsan runs-on: ubuntu-18.04 timeout-minutes: 90 + container: + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 + env: + CC: /opt/llvm/bin/clang + CXX: /opt/llvm/bin/clang++ steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh + - run: echo $PATH - name: 'Run tests' - run: | - export PATH=/usr/lib/llvm-10/bin:$PATH - export CC=clang - export CXX=clang++ - bazelisk test --config=clang-tsan --test_output=all //test/... + run: bazel test --config=clang-tsan --test_output=all --test_env=ENVOY_IP_TEST_VERSIONS=v4only //test/... asan: name: asan runs-on: ubuntu-18.04 timeout-minutes: 120 + container: + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 + env: + CC: /opt/llvm/bin/clang + CXX: /opt/llvm/bin/clang++ steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - name: 'Run tests' - run: | - export PATH=/usr/lib/llvm-10/bin:$PATH - export CC=clang - export CXX=clang++ - bazelisk test --config=clang-asan --test_output=all //test/... + run: bazel test --config=clang-asan --test_output=all --test_env=ENVOY_IP_TEST_VERSIONS=v4only //test/... diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index b784ef12a6..05e71bf8d3 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -14,24 +14,24 @@ jobs: name: coverage runs-on: ubuntu-18.04 timeout-minutes: 120 + container: + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 + env: + BAZEL_BUILD_OPTIONS: "--test_env=ENVOY_IP_TEST_VERSIONS=v4only" + CC: /opt/llvm/bin/clang + CXX: /opt/llvm/bin/clang++ + COVERAGE_THRESHOLD: 95 steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - name: 'Run coverage' continue-on-error: true - run: | - export PATH=/usr/lib/llvm-10/bin:$PATH - export CC=clang - export CXX=clang++ - export COVERAGE_THRESHOLD=95 - ./envoy/test/run_envoy_bazel_coverage.sh //test/... + run: "PATH=/opt/llvm/bin:${PATH} ./envoy/test/run_envoy_bazel_coverage.sh //test/..." - name: 'package coverage' run: | tar -czvf coverage.tar.gz generated/coverage - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v2 with: name: coverage.tar.gz path: coverage.tar.gz diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index e8e1354826..44e6d88980 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -12,19 +12,18 @@ jobs: runs-on: ubuntu-18.04 timeout-minutes: 45 container: - image: envoyproxy/envoy-build-ubuntu:04f06115b6ee7cfea74930353fb47a41149cbec3 + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 + env: + CLANG_FORMAT: /opt/llvm/bin/clang-format + BUILDIFIER_BIN: /usr/local/bin/buildifier + BUILDOZER_BIN: /usr/local/bin/buildozer + ENVOY_BAZEL_PREFIX: "@envoy" steps: - uses: actions/checkout@v1 with: submodules: true - name: 'Run formatters' - run: | - export PATH=/opt/llvm/bin:$PATH - export CLANG_FORMAT=clang-format - export BUILDIFIER_BIN=/usr/local/bin/buildifier - export BUILDOZER_BIN=/usr/local/bin/buildozer - export ENVOY_BAZEL_PREFIX=@envoy - ./tools/check_format.sh + run: ./tools/check_format.sh precommit: name: precommit runs-on: macOS-latest @@ -47,19 +46,24 @@ jobs: run: swiftlint lint --strict kotlinlint: name: kotlin_lint - runs-on: ubuntu-18.04 + runs-on: macOS-latest timeout-minutes: 45 steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh + - uses: actions/setup-java@v1 + with: + java-version: '8' + java-package: jdk + architecture: x64 + - run: ./ci/mac_ci_setup.sh + name: 'Install dependencies' - name: 'Run Kotlin Lint (Detekt)' run: | - bazelisk build \ + bazel build \ //library/kotlin/src/io/envoyproxy/envoymobile:envoy_lib_lint \ //examples/kotlin/hello_world:hello_envoy_kt_lint - name: 'Run Kotlin Formatter (ktlint)' run: | - bazelisk build kotlin_format + bazel build kotlin_format diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml index 4c7177a44a..6ffc9e706f 100644 --- a/.github/workflows/ios.yml +++ b/.github/workflows/ios.yml @@ -22,7 +22,7 @@ jobs: - name: 'Zip Envoy.framework.zip distributable' run: zip -r dist/Envoy.framework.zip dist/Envoy.framework - run: ls -lh dist/ - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v2 with: name: Envoy.framework.zip path: dist/Envoy.framework.zip @@ -37,7 +37,7 @@ jobs: submodules: true - name: 'Install dependencies' run: ./ci/mac_ci_setup.sh - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v2 with: name: Envoy.framework.zip path: dist/ @@ -61,7 +61,7 @@ jobs: submodules: true - name: 'Install dependencies' run: ./ci/mac_ci_setup.sh - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v2 with: name: Envoy.framework.zip path: dist/ diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index cb6857f90f..8a8472c722 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -11,19 +11,18 @@ jobs: name: size_current runs-on: ubuntu-18.04 timeout-minutes: 60 + container: + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 + env: + CC: /opt/llvm/bin/clang + CXX: /opt/llvm/bin/clang++ steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - name: 'Build test binary' - run: | - export PATH=/usr/lib/llvm-10/bin:$PATH - export CC=clang - export CXX=clang++ - bazelisk build //test/performance:test_binary_size --config=sizeopt - - uses: actions/upload-artifact@v1 + run: bazel build //test/performance:test_binary_size --config=sizeopt + - uses: actions/upload-artifact@v2 with: name: sizecurrent path: bazel-bin/test/performance/test_binary_size @@ -31,20 +30,20 @@ jobs: name: size_main runs-on: ubuntu-18.04 timeout-minutes: 60 + container: + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 + env: + CC: /opt/llvm/bin/clang + CXX: /opt/llvm/bin/clang++ steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - name: 'Build test binary' run: | git checkout main && git pull origin main && git submodule update - export PATH=/usr/lib/llvm-10/bin:$PATH - export CC=clang - export CXX=clang++ - bazelisk build //test/performance:test_binary_size --config=sizeopt - - uses: actions/upload-artifact@v1 + bazel build //test/performance:test_binary_size --config=sizeopt + - uses: actions/upload-artifact@v2 with: name: sizemain path: bazel-bin/test/performance/test_binary_size @@ -53,15 +52,15 @@ jobs: needs: [sizecurrent, sizemain] runs-on: ubuntu-18.04 timeout-minutes: 30 + container: + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 steps: - uses: actions/checkout@v1 - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v2 with: name: sizecurrent path: dist/sizecurrent - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v2 with: name: sizemain path: dist/sizemain diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f128bff50..bda25c30c2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,12 +10,12 @@ jobs: name: android_deploy runs-on: ubuntu-18.04 timeout-minutes: 240 + container: + image: envoyproxy/envoy-build-ubuntu:11efa5680d987fff33fde4af3cc5ece105015d04 steps: - uses: actions/checkout@v1 with: submodules: true - - name: 'Install dependencies' - run: ./ci/linux_ci_setup.sh - name: 'Configure envoy-bot git user' run: | # Switch global user to be envoy-bot for deployment @@ -30,7 +30,7 @@ jobs: # Build and create the artifacts current_release_tag=$(git describe --tags --abbrev=0 --exact-match) - bazelisk build \ + bazel build \ --config=release-android \ --fat_apk_cpu=x86,armeabi-v7a,arm64-v8a \ --define=pom_version="${current_release_tag:1}" \ diff --git a/bazel/envoy_mobile_repositories.bzl b/bazel/envoy_mobile_repositories.bzl index 77ab36331b..a2eb41136f 100644 --- a/bazel/envoy_mobile_repositories.bzl +++ b/bazel/envoy_mobile_repositories.bzl @@ -28,9 +28,9 @@ def upstream_envoy_overrides(): "@envoy//bazel:protobuf.patch", "@envoy_mobile//bazel:protobuf.patch", ], - sha256 = "d7cfd31620a352b2ee8c1ed883222a0d77e44346643458e062e86b1d069ace3e", - strip_prefix = "protobuf-3.10.1", - urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v3.10.1/protobuf-all-3.10.1.tar.gz"], + sha256 = "6dd0f6b20094910fbb7f1f7908688df01af2d4f6c5c21331b9f636048674aebf", + strip_prefix = "protobuf-3.14.0", + urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/protobuf-all-3.14.0.tar.gz"], ) # Workaround old NDK version breakages https://github.com/lyft/envoy-mobile/issues/934 diff --git a/bazel/protobuf.patch b/bazel/protobuf.patch index 649f9263d3..384713b39d 100644 --- a/bazel/protobuf.patch +++ b/bazel/protobuf.patch @@ -1,8 +1,8 @@ diff --git a/BUILD b/BUILD -index efc3d8e7f..425eb15d5 100644 +index 112432160..5d4c9de35 100644 --- a/BUILD +++ b/BUILD -@@ -247,36 +247,38 @@ cc_library( +@@ -292,36 +292,37 @@ cc_library( # Map of all well known protos. # name => (include path, imports) WELL_KNOWN_PROTO_MAP = { @@ -46,15 +46,14 @@ index efc3d8e7f..425eb15d5 100644 - "wrappers": ("src/google/protobuf/wrappers.proto", []), + "wrappers": ("google/protobuf/wrappers.proto", []), } ++RELATIVE_WELL_KNOWN_PROTOS = [proto[1][0] for proto in WELL_KNOWN_PROTO_MAP.items()] -WELL_KNOWN_PROTOS = [value[0] for value in WELL_KNOWN_PROTO_MAP.values()] -+RELATIVE_WELL_KNOWN_PROTOS = [proto[1][0] for proto in WELL_KNOWN_PROTO_MAP.items()] -+ +WELL_KNOWN_PROTOS = ["src/" + s for s in RELATIVE_WELL_KNOWN_PROTOS] filegroup( name = "well_known_protos", -@@ -306,10 +308,17 @@ cc_proto_library( +@@ -353,10 +354,17 @@ cc_library( # ) ################################################################################ @@ -73,7 +72,7 @@ index efc3d8e7f..425eb15d5 100644 visibility = ["//visibility:public"], deps = [dep + "_proto" for dep in proto[1][1]], ) for proto in WELL_KNOWN_PROTO_MAP.items()] -@@ -869,7 +878,7 @@ internal_copied_filegroup( +@@ -850,7 +858,7 @@ internal_copied_filegroup( # TODO(dzc): Remove this once py_proto_library can have labels in srcs, in # which case we can simply add :protos_python in srcs. @@ -82,7 +81,7 @@ index efc3d8e7f..425eb15d5 100644 py_proto_library( name = "protobuf_python", -@@ -988,7 +997,7 @@ cc_library( +@@ -968,7 +976,7 @@ cc_library( proto_lang_toolchain( name = "cc_toolchain", diff --git a/ci/linux_ci_setup.sh b/ci/linux_ci_setup.sh index 52c2466b7b..103d9a958e 100755 --- a/ci/linux_ci_setup.sh +++ b/ci/linux_ci_setup.sh @@ -23,7 +23,7 @@ sudo apt-get install -y wget software-properties-common make cmake git \ # clang 10 wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - -sudo apt-add-repository "deb https://apt.llvm.org/xenial/ llvm-toolchain-xenial-10 main" +sudo apt-add-repository "deb https://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main" sudo apt-get update sudo apt-get install -y clang-10 lld-10 libc++-10-dev libc++abi-10-dev diff --git a/envoy b/envoy index a55ae7ee8b..6338dcbf2b 160000 --- a/envoy +++ b/envoy @@ -1 +1 @@ -Subproject commit a55ae7ee8b83b64be90ae788e624efcebe29ed5d +Subproject commit 6338dcbf2bf2bca8515c85b4c04762290286186e diff --git a/library/common/config_template.cc b/library/common/config_template.cc index 4805404086..e6202834b9 100644 --- a/library/common/config_template.cc +++ b/library/common/config_template.cc @@ -199,6 +199,7 @@ stats_flush_interval: {{ stats_flush_interval_seconds }}s - name: envoy.metrics_service typed_config: "@type": type.googleapis.com/envoy.config.metrics.v3.MetricsServiceConfig + transport_api_version: V3 report_counters_as_deltas: true grpc_service: envoy_grpc: diff --git a/library/common/extensions/filters/http/assertion/BUILD b/library/common/extensions/filters/http/assertion/BUILD index dab7201cc8..7384cfee6f 100644 --- a/library/common/extensions/filters/http/assertion/BUILD +++ b/library/common/extensions/filters/http/assertion/BUILD @@ -1,21 +1,30 @@ -load("@envoy//bazel:envoy_build_system.bzl", "envoy_cc_library") -load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") +load( + "@envoy//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_extension_package", + "envoy_proto_library", +) licenses(["notice"]) # Apache 2 -package(default_visibility = ["//visibility:public"]) +envoy_extension_package() -api_proto_package( - deps = ["@envoy_api//envoy/config/common/matcher/v3:pkg"], +envoy_proto_library( + name = "filter", + srcs = ["filter.proto"], + deps = [ + "@envoy_api//envoy/config/common/matcher/v3:pkg", + ], ) -envoy_cc_library( +envoy_cc_extension( name = "assertion_filter_lib", srcs = ["filter.cc"], hdrs = ["filter.h"], repository = "@envoy", + security_posture = "requires_trusted_downstream_and_upstream", deps = [ - ":pkg_cc_proto", + "filter_cc_proto", "@envoy//include/envoy/http:codes_interface", "@envoy//include/envoy/http:filter_interface", "@envoy//source/common/http:header_map_lib", @@ -24,14 +33,14 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], repository = "@envoy", + security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":assertion_filter_lib", - ":pkg_cc_proto", "@envoy//source/extensions/filters/http/common:factory_base_lib", ], ) diff --git a/library/common/extensions/filters/http/local_error/BUILD b/library/common/extensions/filters/http/local_error/BUILD index 6ada249cfb..9e897df088 100644 --- a/library/common/extensions/filters/http/local_error/BUILD +++ b/library/common/extensions/filters/http/local_error/BUILD @@ -1,19 +1,27 @@ -load("@envoy//bazel:envoy_build_system.bzl", "envoy_cc_library") -load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") +load( + "@envoy//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_extension_package", + "envoy_proto_library", +) licenses(["notice"]) # Apache 2 -package(default_visibility = ["//visibility:public"]) +envoy_extension_package() -api_proto_package() +envoy_proto_library( + name = "filter", + srcs = ["filter.proto"], +) -envoy_cc_library( +envoy_cc_extension( name = "local_error_filter_lib", srcs = ["filter.cc"], hdrs = ["filter.h"], repository = "@envoy", + security_posture = "requires_trusted_downstream_and_upstream", deps = [ - ":pkg_cc_proto", + ":filter_cc_proto", "//library/common/http:internal_headers_lib", "//library/common/types:c_types_lib", "@envoy//include/envoy/http:codes_interface", @@ -26,14 +34,14 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], repository = "@envoy", + security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":local_error_filter_lib", - ":pkg_cc_proto", "@envoy//source/extensions/filters/http/common:factory_base_lib", ], ) diff --git a/library/common/extensions/filters/http/platform_bridge/BUILD b/library/common/extensions/filters/http/platform_bridge/BUILD index 663d938a04..fe24abc5a5 100644 --- a/library/common/extensions/filters/http/platform_bridge/BUILD +++ b/library/common/extensions/filters/http/platform_bridge/BUILD @@ -1,13 +1,20 @@ -load("@envoy//bazel:envoy_build_system.bzl", "envoy_cc_library") -load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") +load( + "@envoy//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_extension_package", + "envoy_proto_library", +) licenses(["notice"]) # Apache 2 -package(default_visibility = ["//visibility:public"]) +envoy_extension_package() -api_proto_package() +envoy_proto_library( + name = "filter", + srcs = ["filter.proto"], +) -envoy_cc_library( +envoy_cc_extension( name = "platform_bridge_filter_lib", srcs = [ "c_type_definitions.h", @@ -18,8 +25,9 @@ envoy_cc_library( "filter.h", ], repository = "@envoy", + security_posture = "requires_trusted_downstream_and_upstream", deps = [ - ":pkg_cc_proto", + ":filter_cc_proto", "//library/common/api:external_api_lib", "//library/common/buffer:utility_lib", "//library/common/http:header_utility_lib", @@ -31,13 +39,13 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], repository = "@envoy", + security_posture = "requires_trusted_downstream_and_upstream", deps = [ - ":pkg_cc_proto", ":platform_bridge_filter_lib", "@envoy//source/extensions/filters/http/common:factory_base_lib", ], diff --git a/test/common/extensions/filters/http/assertion/BUILD b/test/common/extensions/filters/http/assertion/BUILD index 90c83aefdd..220cd0731c 100644 --- a/test/common/extensions/filters/http/assertion/BUILD +++ b/test/common/extensions/filters/http/assertion/BUILD @@ -15,7 +15,7 @@ envoy_extension_cc_test( repository = "@envoy", deps = [ "//library/common/extensions/filters/http/assertion:config", - "//library/common/extensions/filters/http/assertion:pkg_cc_proto", + "//library/common/extensions/filters/http/assertion:filter_cc_proto", "@envoy//test/mocks/http:http_mocks", "@envoy//test/mocks/server:factory_context_mocks", "@envoy//test/test_common:utility_lib", diff --git a/test/common/extensions/filters/http/platform_bridge/BUILD b/test/common/extensions/filters/http/platform_bridge/BUILD index 65c6529ab8..3b506506c6 100644 --- a/test/common/extensions/filters/http/platform_bridge/BUILD +++ b/test/common/extensions/filters/http/platform_bridge/BUILD @@ -16,7 +16,7 @@ envoy_extension_cc_test( deps = [ "//library/common/api:external_api_lib", "//library/common/extensions/filters/http/platform_bridge:config", - "//library/common/extensions/filters/http/platform_bridge:pkg_cc_proto", + "//library/common/extensions/filters/http/platform_bridge:filter_cc_proto", "@envoy//test/mocks/event:event_mocks", "@envoy//test/mocks/http:http_mocks", "@envoy//test/test_common:utility_lib", diff --git a/test/common/extensions/filters/http/platform_bridge/platform_bridge_filter_test.cc b/test/common/extensions/filters/http/platform_bridge/platform_bridge_filter_test.cc index 459ade5fb7..6d1ff5d2f0 100644 --- a/test/common/extensions/filters/http/platform_bridge/platform_bridge_filter_test.cc +++ b/test/common/extensions/filters/http/platform_bridge/platform_bridge_filter_test.cc @@ -288,7 +288,7 @@ platform_filter_name: StopOnRequestHeadersThenResumeOnResumeDecoding Event::PostCb resume_post_cb; EXPECT_CALL(dispatcher_, post(_)).WillOnce(SaveArg<0>(&resume_post_cb)); - EXPECT_CALL(decoder_callbacks_, continueDecoding()).Times(1); + EXPECT_CALL(decoder_callbacks_, continueDecoding()); filter_->resumeDecoding(); resume_post_cb(); EXPECT_EQ(invocations.on_resume_request_calls, 1); @@ -898,7 +898,7 @@ platform_filter_name: StopOnRequestHeadersThenBufferThenResumeOnResumeDecoding Event::PostCb resume_post_cb; EXPECT_CALL(dispatcher_, post(_)).WillOnce(SaveArg<0>(&resume_post_cb)); - EXPECT_CALL(decoder_callbacks_, continueDecoding()).Times(1); + EXPECT_CALL(decoder_callbacks_, continueDecoding()); filter_->resumeDecoding(); resume_post_cb(); EXPECT_EQ(invocations.on_resume_request_calls, 1); @@ -1061,7 +1061,7 @@ platform_filter_name: StopOnResponseHeadersThenResumeOnResumeEncoding Event::PostCb resume_post_cb; EXPECT_CALL(dispatcher_, post(_)).WillOnce(SaveArg<0>(&resume_post_cb)); - EXPECT_CALL(encoder_callbacks_, continueEncoding()).Times(1); + EXPECT_CALL(encoder_callbacks_, continueEncoding()); filter_->resumeEncoding(); resume_post_cb(); EXPECT_EQ(invocations.on_resume_response_calls, 1); @@ -1670,7 +1670,7 @@ platform_filter_name: StopOnResponseHeadersThenBufferThenResumeOnResumeEncoding Event::PostCb resume_post_cb; EXPECT_CALL(dispatcher_, post(_)).WillOnce(SaveArg<0>(&resume_post_cb)); - EXPECT_CALL(encoder_callbacks_, continueEncoding()).Times(1); + EXPECT_CALL(encoder_callbacks_, continueEncoding()); filter_->resumeEncoding(); resume_post_cb(); EXPECT_EQ(invocations.on_resume_response_calls, 1); diff --git a/test/common/http/dispatcher_test.cc b/test/common/http/dispatcher_test.cc index ede015f3f6..87d0836e99 100644 --- a/test/common/http/dispatcher_test.cc +++ b/test/common/http/dispatcher_test.cc @@ -167,8 +167,8 @@ TEST_F(DispatcherTest, SetDestinationCluster) { send_headers_post_cb3(); // Encode response headers. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "200"}}; response_encoder_->encodeHeaders(response_headers, true); ASSERT_EQ(cc.on_headers_calls, 1); @@ -300,8 +300,8 @@ TEST_F(DispatcherTest, SetDestinationClusterUpstreamProtocol) { send_headers_post_cb4(); // Encode response headers. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "200"}}; response_encoder_->encodeHeaders(response_headers, true); ASSERT_EQ(cc.on_headers_calls, 1); @@ -363,8 +363,8 @@ TEST_F(DispatcherTest, Queueing) { send_headers_post_cb(); // Encode response headers. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "200"}}; response_encoder_->encodeHeaders(response_headers, true); ASSERT_EQ(cc.on_headers_calls, 1); @@ -424,8 +424,8 @@ TEST_F(DispatcherTest, BasicStreamHeaders) { send_headers_post_cb(); // Encode response headers. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "200"}}; response_encoder_->encodeHeaders(response_headers, true); ASSERT_EQ(cc.on_headers_calls, 1); @@ -484,8 +484,8 @@ TEST_F(DispatcherTest, BasicStreamData) { data_post_cb(); // Encode response data. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); Buffer::InstancePtr response_data{new Buffer::OwnedImpl("response body")}; response_encoder_->encodeData(*response_data, true); ASSERT_EQ(cc.on_data_calls, 1); @@ -544,8 +544,8 @@ TEST_F(DispatcherTest, BasicStreamTrailers) { trailers_post_cb(); // Encode response trailers. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseTrailerMapImpl response_trailers{{"x-test-trailer", "test_trailer"}}; response_encoder_->encodeTrailers(response_trailers); ASSERT_EQ(cc.on_trailers_calls, 1); @@ -643,8 +643,8 @@ TEST_F(DispatcherTest, MultipleDataStream) { response_encoder_->encodeData(*response_data, false); ASSERT_EQ(cc.on_data_calls, 1); - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); Buffer::InstancePtr response_data2{new Buffer::OwnedImpl("response body2")}; response_encoder_->encodeData(*response_data2, true); ASSERT_EQ(cc.on_data_calls, 2); @@ -756,8 +756,8 @@ TEST_F(DispatcherTest, MultipleStreams) { send_headers_post_cb2(); // Finish stream 2. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers2{{":status", "200"}}; response_encoder2->encodeHeaders(response_headers2, true); ASSERT_EQ(cc2.on_headers_calls, 1); @@ -765,8 +765,8 @@ TEST_F(DispatcherTest, MultipleStreams) { ASSERT_EQ(cc2.on_complete_calls, 1); // Finish stream 1. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "200"}}; response_encoder_->encodeHeaders(response_headers, true); ASSERT_EQ(cc.on_headers_calls, 1); @@ -831,8 +831,8 @@ TEST_F(DispatcherTest, EnvoyLocalReplyNotAnError) { // Encode response headers. A non-200 code triggers an on_error callback chain. In particular, a // 503 should have an ENVOY_CONNECTION_FAILURE error code. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "503"}}; response_encoder_->encodeHeaders(response_headers, true); // Ensure that the callbacks on the bridge_callbacks were called. @@ -899,8 +899,8 @@ TEST_F(DispatcherTest, EnvoyLocalReplyNon503NotAnError) { // Encode response headers. A non-200 code triggers an on_error callback chain. In particular, a // non-503 should have an ENVOY_UNDEFINED_ERROR error code. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "504"}}; response_encoder_->encodeHeaders(response_headers, true); // Ensure that the callbacks on the bridge_callbacks were called. @@ -974,8 +974,8 @@ TEST_F(DispatcherTest, EnvoyResponseWithErrorCode) { // Encode response headers. A non-200 code triggers an on_error callback chain. In particular, a // 503 should have an ENVOY_CONNECTION_FAILURE error code. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{ {":status", "218"}, {"x-internal-error-code", std::to_string(ENVOY_CONNECTION_FAILURE)}, @@ -1031,8 +1031,8 @@ TEST_F(DispatcherTest, ResetStreamLocal) { EXPECT_CALL(event_dispatcher_, post(_)).WillOnce(SaveArg<0>(&cancel_stream_post_cb)); ASSERT_EQ(http_dispatcher_.cancelStream(stream), ENVOY_SUCCESS); - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); cancel_stream_post_cb(); ASSERT_EQ(cc.on_cancel_calls, 1); ASSERT_EQ(cc.on_error_calls, 0); @@ -1086,8 +1086,8 @@ TEST_F(DispatcherTest, DoubleResetStreamLocal) { EXPECT_CALL(event_dispatcher_, post(_)).WillOnce(SaveArg<0>(&cancel_stream_post_cb2)); ASSERT_EQ(http_dispatcher_.cancelStream(stream), ENVOY_SUCCESS); - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); cancel_stream_post_cb(); cancel_stream_post_cb2(); @@ -1178,8 +1178,8 @@ TEST_F(DispatcherTest, RemoteResetAfterStreamStart) { // runResetCallbacks. The Http::ConnectionManager depends on the Http::Dispatcher::DirectStream // firing this tight loop to let the Http::ConnectionManager clean up its stream state. EXPECT_CALL(callbacks, onResetStream(StreamResetReason::RemoteReset, _)); - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); response_encoder_->getStream().resetStream(StreamResetReason::RemoteReset); // Ensure that the on_error on the bridge_callbacks was called. ASSERT_EQ(cc.on_error_calls, 1); @@ -1243,8 +1243,8 @@ TEST_F(DispatcherTest, StreamResetAfterOnComplete) { send_headers_post_cb(); // Encode response headers. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "200"}}; response_encoder_->encodeHeaders(response_headers, true); ASSERT_EQ(cc.on_headers_calls, 1); @@ -1298,8 +1298,8 @@ TEST_F(DispatcherTest, ResetWhenRemoteClosesBeforeLocal) { start_stream_post_cb(); // Encode response headers. - EXPECT_CALL(event_dispatcher_, isThreadSafe()).Times(1).WillRepeatedly(Return(true)); - EXPECT_CALL(event_dispatcher_, deferredDelete_(_)).Times(1); + EXPECT_CALL(event_dispatcher_, isThreadSafe()).WillOnce(Return(true)); + EXPECT_CALL(event_dispatcher_, deferredDelete_(_)); TestResponseHeaderMapImpl response_headers{{":status", "200"}}; response_encoder_->encodeHeaders(response_headers, true); ASSERT_EQ(cc.on_headers_calls, 1); diff --git a/test/integration/BUILD b/test/integration/BUILD index 9dd4f53845..ba860c8551 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -10,7 +10,7 @@ envoy_cc_test( repository = "@envoy", deps = [ "//library/common/extensions/filters/http/local_error:config", - "//library/common/extensions/filters/http/local_error:pkg_cc_proto", + "//library/common/extensions/filters/http/local_error:filter_cc_proto", "//library/common/http:dispatcher_lib", "//library/common/http:header_utility_lib", "//library/common/types:c_types_lib",