Config Dump for Secret Discovery Service.#7365
Merged
lizan merged 31 commits intoenvoyproxy:masterfrom Jul 24, 2019
incfly:sds-cfg
Merged
Config Dump for Secret Discovery Service.#7365lizan merged 31 commits intoenvoyproxy:masterfrom incfly:sds-cfg
lizan merged 31 commits intoenvoyproxy:masterfrom
incfly:sds-cfg
Conversation
added 2 commits
June 22, 2019 04:32
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Contributor
Author
|
/cc @lizan @JimmyCYJ @PiotrSikora Still some rough edges and some questions that I'm unsure, but it should be ready to take a look, thanks! |
incfly
commented
Jun 22, 2019
Member
|
fix builds? I think this is on the right track. |
added 7 commits
June 24, 2019 21:05
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Contributor
Author
|
@lizan all tests pass, PTAL, thanks! |
incfly
changed the title
Contributor
Author
|
Friendly ping :) |
quanjielin
reviewed
Jun 29, 2019
quanjielin
reviewed
Jun 29, 2019
incfly
commented
Jul 8, 2019
…-cfg Signed-off-by: Jianfei Hu <jianfeih@google.com>
lizan
reviewed
Jul 9, 2019
Member
lizan
left a comment
lizan
left a comment
There was a problem hiding this comment.
This is in right direction, can you clear your own TODOs and questions from code and merge master?
added 4 commits
July 10, 2019 22:19
…-cfg Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
PiotrSikora
reviewed
Jul 12, 2019
| // TODO(incfly): switch to more generic scrubbing mechanism once | ||
| // https://github.com/envoyproxy/envoy/issues/4757 is resolved. | ||
| tls_certificate->clear_private_key(); | ||
| tls_certificate->clear_password(); |
Contributor
There was a problem hiding this comment.
Perhaps set those to "[redacted]" (for non-empty values) to make it possible to distinguish between value being removed for security reasons vs not being set in the first place?
Contributor
There was a problem hiding this comment.
Also, while you're at it, could you make similar change to LDS and CDS config dumps? Separate PR is fine.
Contributor
Author
There was a problem hiding this comment.
Not sure what you mean? The inlined_string typed key/password from tls_certificate used in LDS/CDS dump?
added 4 commits
July 12, 2019 17:49
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
added 2 commits
July 22, 2019 01:19
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
added 2 commits
July 22, 2019 17:36
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Contributor
Author
|
@lizan @mattklein123 is there anything that I need to merge this PR? Thanks! |
lizan
previously approved these changes
Jul 22, 2019
Signed-off-by: Jianfei Hu <jianfeih@google.com>
added 2 commits
July 22, 2019 23:16
Signed-off-by: Jianfei Hu <jianfeih@google.com>
Signed-off-by: Jianfei Hu <jianfeih@google.com>
lizan
approved these changes
Jul 23, 2019
Signed-off-by: Jianfei Hu <jianfeih@google.com>
lizan
reviewed
Jul 24, 2019
docs/root/intro/version_history.rst
Outdated
| * config: changed the default value of :ref:`initial_fetch_timeout <envoy_api_field_core.ConfigSource.initial_fetch_timeout>` from 0s to 15s. This is a change in behaviour in the sense that Envoy will move to the next initialization phase, even if the first config is not delivered in 15s. Refer to :ref:`initialization process <arch_overview_initialization>` for more details. | ||
| * listeners: added :ref:`HTTP inspector listener filter <config_listener_filters_http_inspector>`. | ||
| * http: added the ability to reject HTTP/1.1 requests with invalid HTTP header values, using the runtime feature `envoy.reloadable_features.strict_header_validation`. | ||
| * admin: added config dump support for Secret Discovery Service :ref:`SecretConfigDump <envoy_api_msg_admin.v2alpha.SecretConfigDump>`. |
Signed-off-by: Jianfei Hu <jianfeih@google.com>
lizan
approved these changes
Jul 24, 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Description: Config Dump
Risk Level: Small?
Testing: Unit Test
Docs Changes: N/A(Is config_dump auto gen doc enough?)
Release Notes: config_dump handler prints out Secret Discovery Service information
[Optional Fixes #Issue] #7111