fix(translator): ext-proc full duplex streamed trailers and validation by guydc · Pull Request #6323 · envoyproxy/gateway

guydc · 2025-06-16T20:29:51Z

What type of PR is this?

What this PR does / why we need it:
fix ext proc validation and trailer management for full duplex streamed mode

Which issue(s) this PR fixes:

Fixes #6270

Release Notes: Yes

…ed mode Signed-off-by: Guy Daich <guy.daich@sap.com>

codecov · 2025-06-16T20:39:05Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.73%. Comparing base (16747d4) to head (b1b6b5c).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6323      +/-   ##
==========================================
- Coverage   70.76%   70.73%   -0.04%     
==========================================
  Files         220      220              
  Lines       37059    37069      +10     
==========================================
- Hits        26225    26220       -5     
- Misses       9299     9311      +12     
- Partials     1535     1538       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

arkodg · 2025-06-16T20:43:17Z

internal/xds/translator/extproc.go


 	if extProc.ResponseBodyProcessingMode != nil {
 		config.ProcessingMode.ResponseBodyMode = buildExtProcBodyProcessingMode(extProc.ResponseBodyProcessingMode)
+		if config.ProcessingMode.ResponseBodyMode == extprocv3.ProcessingMode_FULL_DUPLEX_STREAMED {


should this be moved into buildExtProcBodyProcessingMode ?

created a dedicated function for handling all the processing mode translation.

api/v1alpha1/ext_proc_types.go

Signed-off-by: Guy Daich <guy.daich@sap.com>

arkodg

LGTM thanks !

arkodg · 2025-06-17T20:52:42Z

/retest

Signed-off-by: Guy Daich <guy.daich@sap.com>

envoyproxy#6323) * fix ext proc validation and trailer management for full duplex streamed mode Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com>

* fix(translator): ext-proc full duplex streamed trailers and validation (#6323) * fix ext proc validation and trailer management for full duplex streamed mode Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: disable automountServiceAccountToken for proxy and ratelimit (#6364) Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> * bugfix: make EnvoyPatchPolicy able to replace telemetry cluster (#6367) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: add validation of section name for Gateway listener (#6343) * add validation of section name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update error status reason Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * refactor: define as function of validate section name for gateway listener Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: add configMap indexers for EEP reconciler (#6369) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: use buildEndpointType for access and tracing (#6370) Signed-off-by: zirain <zirain2009@gmail.com> * fix: default accesslog not working (#6441) * fix default accesslog Signed-off-by: zirain <zirain2009@gmail.com> * release notes Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * chore: fix cve (#6446) * fix cve Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> * fix: Do not set backendRequestTimeout when Retries are set (#6421) * fix: Do not set backendRequestTimeout when Retries are set Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * fix: update comment Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> --------- Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * gatewayapi: don't append gwcResource if there's invalid GatewayClass (#6379) * gatewayapi: don't process gloabal resources when acceptedGateways is 0 Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> * fix test Signed-off-by: zirain <zirain2009@gmail.com> * don't skip gateways Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix testdata Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix k8s provider controller Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: retry reconcile on transient errors during reconcile (#6299) * fix: add isTransientError helper to classify retryable errors Introduces isTransientError to detect transient Kubernetes errors and enable proper reconciliation retries. Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> handle errors from processing BackendRefs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> handle errors from processing ConfigMap Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * skip invalid GatewayClass Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * handle all transient errors Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * don't skip failed GCs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 71ce56f) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: fix bug in hostname overlap detection (#6332) fix bug in hostname overlap detection Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> (cherry picked from commit e78e268) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix telemetry with host port not working (#6460) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit c0a2ce7) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * bugfix: BackendTlsPolicy should not reference across namespace (#6309) * bugfix: BackendTlsPolicy should not reference across namespace Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 9925189) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Jeff Davis <mr.jefedavis@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: Sudipto Baral <sudiptobaral.me@gmail.com> Co-authored-by: Patryk Rostkowski <48490105+patrostkowski@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* fix(translator): ext-proc full duplex streamed trailers and validation (envoyproxy#6323) * fix ext proc validation and trailer management for full duplex streamed mode Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: disable automountServiceAccountToken for proxy and ratelimit (envoyproxy#6364) Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> * bugfix: make EnvoyPatchPolicy able to replace telemetry cluster (envoyproxy#6367) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: add validation of section name for Gateway listener (envoyproxy#6343) * add validation of section name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update error status reason Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * refactor: define as function of validate section name for gateway listener Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: add configMap indexers for EEP reconciler (envoyproxy#6369) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: use buildEndpointType for access and tracing (envoyproxy#6370) Signed-off-by: zirain <zirain2009@gmail.com> * fix: default accesslog not working (envoyproxy#6441) * fix default accesslog Signed-off-by: zirain <zirain2009@gmail.com> * release notes Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * chore: fix cve (envoyproxy#6446) * fix cve Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> * fix: Do not set backendRequestTimeout when Retries are set (envoyproxy#6421) * fix: Do not set backendRequestTimeout when Retries are set Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * fix: update comment Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> --------- Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * gatewayapi: don't append gwcResource if there's invalid GatewayClass (envoyproxy#6379) * gatewayapi: don't process gloabal resources when acceptedGateways is 0 Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> * fix test Signed-off-by: zirain <zirain2009@gmail.com> * don't skip gateways Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix testdata Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix k8s provider controller Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: retry reconcile on transient errors during reconcile (envoyproxy#6299) * fix: add isTransientError helper to classify retryable errors Introduces isTransientError to detect transient Kubernetes errors and enable proper reconciliation retries. Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> handle errors from processing BackendRefs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> handle errors from processing ConfigMap Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * skip invalid GatewayClass Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * handle all transient errors Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * don't skip failed GCs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 71ce56f) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: fix bug in hostname overlap detection (envoyproxy#6332) fix bug in hostname overlap detection Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> (cherry picked from commit e78e268) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix telemetry with host port not working (envoyproxy#6460) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit c0a2ce7) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * bugfix: BackendTlsPolicy should not reference across namespace (envoyproxy#6309) * bugfix: BackendTlsPolicy should not reference across namespace Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 9925189) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Jeff Davis <mr.jefedavis@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: Sudipto Baral <sudiptobaral.me@gmail.com> Co-authored-by: Patryk Rostkowski <48490105+patrostkowski@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com>

fix ext proc validation and trailer management for full duplex stream…

6372533

…ed mode Signed-off-by: Guy Daich <guy.daich@sap.com>

guydc requested a review from a team as a code owner June 16, 2025 20:29

arkodg reviewed Jun 16, 2025

View reviewed changes

api/v1alpha1/ext_proc_types.go Show resolved Hide resolved

guydc added 5 commits June 16, 2025 17:32

Merge branch 'main' into extproc-fullduplex-trailers-fix

c1f8dca

move processing mode handling to dedicated method

0e1f404

Signed-off-by: Guy Daich <guy.daich@sap.com>

Merge branch 'main' into extproc-fullduplex-trailers-fix

0dc5d82

Signed-off-by: Guy Daich <guy.daich@sap.com>

Merge branch 'main' into extproc-fullduplex-trailers-fix

5c8c4fc

Merge branch 'main' into extproc-fullduplex-trailers-fix

f64ca7d

arkodg previously approved these changes Jun 17, 2025

View reviewed changes

arkodg requested review from a team June 17, 2025 20:52

zirain previously approved these changes Jun 19, 2025

View reviewed changes

Merge branch 'main' into extproc-fullduplex-trailers-fix

b1b6b5c

Signed-off-by: Guy Daich <guy.daich@sap.com>

guydc dismissed stale reviews from zirain and arkodg via b1b6b5c June 19, 2025 12:27

arkodg approved these changes Jun 20, 2025

View reviewed changes

arkodg merged commit f72f615 into envoyproxy:main Jun 20, 2025
48 of 50 checks passed

guydc added the cherrypick/release-v1.4.2 label Jun 20, 2025

sanjaypujare mentioned this pull request Jun 20, 2025

Envoy complains about request_trailer_mode not being set to SEND with 1.4.1 #6270

Closed

arkodg mentioned this pull request Jul 18, 2025

Unable to set failOpen in EEP in v1.4.2 #6559

Closed

BrewTestBot mentioned this pull request Aug 8, 2025

egctl 1.5.0 Homebrew/homebrew-core#232799

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(translator): ext-proc full duplex streamed trailers and validation#6323

fix(translator): ext-proc full duplex streamed trailers and validation#6323
arkodg merged 7 commits intoenvoyproxy:mainfrom
guydc:extproc-fullduplex-trailers-fix

guydc commented Jun 16, 2025

Uh oh!

codecov bot commented Jun 16, 2025 •

edited

Loading

Uh oh!

arkodg Jun 16, 2025

Uh oh!

guydc Jun 16, 2025

Uh oh!

Uh oh!

arkodg left a comment

Uh oh!

arkodg commented Jun 17, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

guydc commented Jun 16, 2025

Uh oh!

codecov bot commented Jun 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

arkodg Jun 16, 2025

Choose a reason for hiding this comment

Uh oh!

guydc Jun 16, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

arkodg left a comment

Choose a reason for hiding this comment

Uh oh!

arkodg commented Jun 17, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov bot commented Jun 16, 2025 •

edited

Loading