diff --git a/CODEOWNERS b/CODEOWNERS index 989a2c1332e21..85b2325d92be3 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,103 +1 @@ -# TODO(zuercher): determine how we want to deal with auto-assignment -# By default, @envoyproxy/maintainers own everything. -#* @envoyproxy/maintainers - -# api -/api/ @envoyproxy/api-shepherds -# access loggers -/*/extensions/access_loggers/common @auni53 @zuercher -# csrf extension -/*/extensions/filters/http/csrf @dschaller @mattklein123 -# original_src http filter extension -/*/extensions/filters/http/original_src @snowp @klarose -# original_src listener filter extension -/*/extensions/filters/listener/original_src @snowp @klarose -# original_src common extension -extensions/filters/common/original_src @snowp @klarose -# dubbo_proxy extension -/*/extensions/filters/network/dubbo_proxy @zyfjeff @lizan -# thrift_proxy extension -/*/extensions/filters/network/thrift_proxy @zuercher @brian-pane -# jwt_authn http filter extension -/*/extensions/filters/http/jwt_authn @qiwzhang @lizan -# grpc_http1_reverse_bridge http filter extension -/*/extensions/filters/http/grpc_http1_reverse_bridge @snowp @zuercher -# header_to_metadata extension -/*/extensions/filters/http/header_to_metadata @rgs1 @zuercher -# alts transport socket extension -/*/extensions/transport_sockets/alts @htuch @yangminzhu -# tls transport socket extension -/*/extensions/transport_sockets/tls @PiotrSikora @lizan -# sni_cluster extension -/*/extensions/filters/network/sni_cluster @rshriram @lizan -# tracers.datadog extension -/*/extensions/tracers/datadog @cgilmour @palazzem @mattklein123 -# tracers.xray extension -/*/extensions/tracers/xray @marcomagdy @lavignes @mattklein123 -# mysql_proxy extension -/*/extensions/filters/network/mysql_proxy @rshriram @venilnoronha @mattklein123 -# quic extension -/*/extensions/quic_listeners/ @alyssawilk @danzh2010 @mattklein123 @mpwarres @wu-bin -# zookeeper_proxy extension -/*/extensions/filters/network/zookeeper_proxy @rgs1 @snowp -# redis cluster extension -/*/extensions/clusters/redis @msukalski @henryyyang @mattklein123 -/*/extensions/common/redis @msukalski @henryyyang @mattklein123 -# dynamic forward proxy -/*/extensions/clusters/dynamic_forward_proxy @mattklein123 @alyssawilk -/*/extensions/common/dynamic_forward_proxy @mattklein123 @alyssawilk -/*/extensions/filters/http/dynamic_forward_proxy @mattklein123 @alyssawilk -# omit_canary_hosts retry predicate -/*/extensions/retry/host/omit_canary_hosts @sriduth @snowp -# aws_iam grpc credentials -/*/extensions/grpc_credentials/aws_iam @lavignes @mattklein123 -/*/extensions/filters/http/common/aws @lavignes @mattklein123 -# adaptive concurrency limit extension. -/*/extensions/filters/http/adaptive_concurrency @tonya11en @mattklein123 -# http inspector -/*/extensions/filters/listener/http_inspector @yxue @PiotrSikora @lizan -# attribute context -/*/extensions/filters/common/expr @kyessenov @yangminzhu @lizan -# webassembly access logger extensions -/*/extensions/access_loggers/wasm @jplevyak @PiotrSikora @lizan -# webassembly http extensions -/*/extensions/filters/http/wasm @jplevyak @PiotrSikora @lizan -# webassembly network extensions -/*/extensions/filters/network/wasm @jplevyak @PiotrSikora @lizan -# webassembly common extension -/*/extensions/common/wasm @jplevyak @PiotrSikora @lizan -# common crypto extension -/*/extensions/common/crypto @lizan @PiotrSikora @bdecoste -/*/extensions/filters/http/grpc_http1_bridge @snowp @jose -/*/extensions/filters/http/gzip @gsagula @dio -/*/extensions/filters/http/fault @rshriram @alyssawilk -/*/extensions/filters/common/fault @rshriram @alyssawilk -/*/extensions/filters/http/grpc_json_transcoder @qiwzhang @lizan -/*/extensions/filters/http/router @alyssawilk @mattklein123 @snowp -/*/extensions/filters/http/ext_authz @gsagula @dio -/*/extensions/filters/http/grpc_web @fengli79 @lizan -/*/extensions/filters/http/grpc_stats @kyessenov @lizan -/*/extensions/filters/http/squash @yuval-k @alyssawilk -/*/extensions/filters/common/ext_authz @gsagula @dio -/*/extensions/filters/common/original_src @klarose @snowp -/*/extensions/filters/listener/tls_inspector @piotrsikora @htuch -/*/extensions/grpc_credentials/example @wozz @htuch -/*/extensions/grpc_credentials/file_based_metadata @wozz @htuch -/*/extensions/stat_sinks/dog_statsd @taiki45 @jmarantz -/*/extensions/stat_sinks/hystrix @trabetti @jmarantz -/*/extensions/stat_sinks/metrics_service @ramaraochavali @jmarantz -/*/extensions/resource_monitors/injected_resource @eziskind @htuch -/*/extensions/resource_monitors/common @eziskind @htuch -/*/extensions/resource_monitors/fixed_heap @eziskind @htuch -/*/extensions/retry/priority @snowp @alyssawilk -/*/extensions/retry/priority/previous_priorities @snowp @alyssawilk -/*/extensions/retry/host @snowp @alyssawilk -/*/extensions/filters/network/http_connection_manager @alyssawilk @mattklein123 -/*/extensions/filters/network/ext_authz @gsagula @dio -/*/extensions/filters/network/tcp_proxy @alyssawilk @zuercher -/*/extensions/filters/network/echo @htuch @alyssawilk -/*/extensions/filters/udp/udp_proxy @mattklein123 @danzh2010 -/*/extensions/clusters/aggregate @yxue @snowp -# support for on-demand VHDS requests -/*/extensions/filters/http/on_demand @dmitri-d @htuch @lambdai -/*/extensions/filters/network/local_ratelimit @mattklein123 @junr03 +* @istio/release-managers-1-5 diff --git a/docs/root/intro/arch_overview/security/rbac_filter.rst b/docs/root/intro/arch_overview/security/rbac_filter.rst index f9483d8c6e6ce..f5c22ebfef819 100644 --- a/docs/root/intro/arch_overview/security/rbac_filter.rst +++ b/docs/root/intro/arch_overview/security/rbac_filter.rst @@ -83,6 +83,7 @@ The following attributes are exposed to the language runtime: response.headers, string map, All response headers response.trailers, string map, All response trailers response.size, int, Size of the response body + response.total_size, int, Total size of the response including the approximate uncompressed size of the headers and the trailers response.flags, int, Additional details about the response beyond the standard response code source.address, string, Downstream connection remote address source.port, int, Downstream connection remote port diff --git a/source/extensions/common/wasm/v8/v8.cc b/source/extensions/common/wasm/v8/v8.cc index 810c4034b01c7..2d82cf478e5c2 100644 --- a/source/extensions/common/wasm/v8/v8.cc +++ b/source/extensions/common/wasm/v8/v8.cc @@ -14,12 +14,6 @@ #include "v8-version.h" #include "wasm-api/wasm.hh" -namespace v8 { -namespace internal { -extern bool FLAG_wasm_opt; -} // namespace internal -} // namespace v8 - namespace Envoy { namespace Extensions { namespace Common { @@ -27,9 +21,6 @@ namespace Wasm { namespace V8 { wasm::Engine* engine() { - // Enable Wasm optimizations. - v8::internal::FLAG_wasm_opt = true; - static const auto engine = wasm::Engine::make(); return engine.get(); } diff --git a/source/extensions/filters/common/expr/BUILD b/source/extensions/filters/common/expr/BUILD index 014af08fbb9fb..316c36b05b19d 100644 --- a/source/extensions/filters/common/expr/BUILD +++ b/source/extensions/filters/common/expr/BUILD @@ -29,6 +29,7 @@ envoy_cc_library( hdrs = ["context.h"], deps = [ "//source/common/grpc:common_lib", + "//source/common/http:header_map_lib", "//source/common/http:utility_lib", "//source/common/stream_info:utility_lib", "@com_google_cel_cpp//eval/public:cel_value", diff --git a/source/extensions/filters/common/expr/context.cc b/source/extensions/filters/common/expr/context.cc index 010c92784b9da..ac5338cb86e9f 100644 --- a/source/extensions/filters/common/expr/context.cc +++ b/source/extensions/filters/common/expr/context.cc @@ -1,6 +1,7 @@ #include "extensions/filters/common/expr/context.h" #include "common/grpc/common.h" +#include "common/http/header_map_impl.h" #include "common/http/utility.h" #include "absl/strings/numbers.h" @@ -80,6 +81,9 @@ absl::optional RequestWrapper::operator[](CelValue key) const { } else { return CelValue::CreateInt64(info_.bytesReceived()); } + } else if (value == TotalSize) { + return CelValue::CreateInt64(info_.bytesReceived() + + (headers_.value_ ? headers_.value_->byteSize() : 0)); } else if (value == Duration) { auto duration = info_.requestComplete(); if (duration.has_value()) { @@ -115,8 +119,6 @@ absl::optional RequestWrapper::operator[](CelValue key) const { return convertHeaderEntry(headers_.value_->RequestId()); } else if (value == UserAgent) { return convertHeaderEntry(headers_.value_->UserAgent()); - } else if (value == TotalSize) { - return CelValue::CreateInt64(info_.bytesReceived() + headers_.value_->byteSize()); } } return {}; @@ -141,12 +143,17 @@ absl::optional ResponseWrapper::operator[](CelValue key) const { } else if (value == Flags) { return CelValue::CreateInt64(info_.responseFlags()); } else if (value == GrpcStatus) { - auto const& optional_status = - Grpc::Common::getGrpcStatus(*(trailers_.value_), *(headers_.value_), info_); + auto const& optional_status = Grpc::Common::getGrpcStatus( + trailers_.value_ ? *trailers_.value_ : ConstSingleton::get(), + headers_.value_ ? *headers_.value_ : ConstSingleton::get(), info_); if (optional_status.has_value()) { return CelValue::CreateInt64(optional_status.value()); } return {}; + } else if (value == TotalSize) { + return CelValue::CreateInt64(info_.bytesSent() + + (headers_.value_ ? headers_.value_->byteSize() : 0) + + (trailers_.value_ ? trailers_.value_->byteSize() : 0)); } return {}; } diff --git a/test/extensions/common/wasm/test_data/test_rust.wasm b/test/extensions/common/wasm/test_data/test_rust.wasm index 7919d67618f0a..00438a858b827 100755 Binary files a/test/extensions/common/wasm/test_data/test_rust.wasm and b/test/extensions/common/wasm/test_data/test_rust.wasm differ diff --git a/test/extensions/filters/common/expr/context_test.cc b/test/extensions/filters/common/expr/context_test.cc index 7beeafcfaab4d..549bdd842a530 100644 --- a/test/extensions/filters/common/expr/context_test.cc +++ b/test/extensions/filters/common/expr/context_test.cc @@ -32,12 +32,14 @@ TEST(Context, EmptyHeadersAttributes) { TEST(Context, RequestAttributes) { NiceMock info; + NiceMock empty_info; Http::TestHeaderMapImpl header_map{ {":method", "POST"}, {":scheme", "http"}, {":path", "/meow?yes=1"}, {":authority", "kittens.com"}, {"referer", "dogs.com"}, {"user-agent", "envoy-mobile"}, {"content-length", "10"}, {"x-request-id", "blah"}, }; RequestWrapper request(&header_map, info); + RequestWrapper empty_request(nullptr, empty_info); EXPECT_CALL(info, bytesReceived()).WillRepeatedly(Return(10)); // "2018-04-03T23:06:09.123Z". @@ -67,6 +69,12 @@ TEST(Context, RequestAttributes) { ASSERT_TRUE(value.value().IsString()); EXPECT_EQ("http", value.value().StringOrDie().value()); } + + { + auto value = empty_request[CelValue::CreateStringView(Scheme)]; + EXPECT_FALSE(value.has_value()); + } + { auto value = request[CelValue::CreateStringView(Host)]; EXPECT_TRUE(value.has_value()); @@ -131,6 +139,14 @@ TEST(Context, RequestAttributes) { EXPECT_EQ(138, value.value().Int64OrDie()); } + { + auto value = empty_request[CelValue::CreateStringView(TotalSize)]; + EXPECT_TRUE(value.has_value()); + ASSERT_TRUE(value.value().IsInt64()); + // this includes the headers size + EXPECT_EQ(0, value.value().Int64OrDie()); + } + { auto value = request[CelValue::CreateStringView(Time)]; EXPECT_TRUE(value.has_value()); @@ -159,12 +175,22 @@ TEST(Context, RequestAttributes) { EXPECT_EQ("15ms", absl::FormatDuration(value.value().DurationOrDie())); } + { + auto value = empty_request[CelValue::CreateStringView(Duration)]; + EXPECT_FALSE(value.has_value()); + } + { auto value = request[CelValue::CreateStringView(Protocol)]; EXPECT_TRUE(value.has_value()); ASSERT_TRUE(value.value().IsString()); EXPECT_EQ("HTTP/2", value.value().StringOrDie().value()); } + + { + auto value = empty_request[CelValue::CreateStringView(Protocol)]; + EXPECT_FALSE(value.has_value()); + } } TEST(Context, RequestFallbackAttributes) { @@ -195,12 +221,14 @@ TEST(Context, RequestFallbackAttributes) { TEST(Context, ResponseAttributes) { NiceMock info; + NiceMock empty_info; const std::string header_name = "test-header"; const std::string trailer_name = "test-trailer"; const std::string grpc_status = "grpc-status"; Http::TestHeaderMapImpl header_map{{header_name, "a"}}; Http::TestHeaderMapImpl trailer_map{{trailer_name, "b"}, {grpc_status, "8"}}; ResponseWrapper response(&header_map, &trailer_map, info); + ResponseWrapper empty_response(nullptr, nullptr, empty_info); EXPECT_CALL(info, responseCode()).WillRepeatedly(Return(404)); EXPECT_CALL(info, bytesSent()).WillRepeatedly(Return(123)); @@ -223,6 +251,20 @@ TEST(Context, ResponseAttributes) { EXPECT_EQ(123, value.value().Int64OrDie()); } + { + auto value = response[CelValue::CreateStringView(TotalSize)]; + EXPECT_TRUE(value.has_value()); + ASSERT_TRUE(value.value().IsInt64()); + EXPECT_EQ(160, value.value().Int64OrDie()); + } + + { + auto value = empty_response[CelValue::CreateStringView(TotalSize)]; + EXPECT_TRUE(value.has_value()); + ASSERT_TRUE(value.value().IsInt64()); + EXPECT_EQ(0, value.value().Int64OrDie()); + } + { auto value = response[CelValue::CreateStringView(Code)]; EXPECT_TRUE(value.has_value()); @@ -260,18 +302,26 @@ TEST(Context, ResponseAttributes) { ASSERT_TRUE(header.value().IsString()); EXPECT_EQ("b", header.value().StringOrDie().value()); } + { auto value = response[CelValue::CreateStringView(Flags)]; EXPECT_TRUE(value.has_value()); ASSERT_TRUE(value.value().IsInt64()); EXPECT_EQ(0x1, value.value().Int64OrDie()); } + { auto value = response[CelValue::CreateStringView(GrpcStatus)]; EXPECT_TRUE(value.has_value()); ASSERT_TRUE(value.value().IsInt64()); EXPECT_EQ(0x8, value.value().Int64OrDie()); } + + { + auto value = empty_response[CelValue::CreateStringView(GrpcStatus)]; + EXPECT_FALSE(value.has_value()); + } + { Http::TestHeaderMapImpl header_map{{header_name, "a"}, {grpc_status, "7"}}; Http::TestHeaderMapImpl trailer_map{{trailer_name, "b"}}; diff --git a/test/tools/wee8_compile/wee8_compile.cc b/test/tools/wee8_compile/wee8_compile.cc index dad9915d64b68..42cbfea08a18f 100644 --- a/test/tools/wee8_compile/wee8_compile.cc +++ b/test/tools/wee8_compile/wee8_compile.cc @@ -10,12 +10,6 @@ #include "v8-version.h" #include "wasm-api/wasm.hh" -namespace v8 { -namespace internal { -extern bool FLAG_wasm_opt; -} // namespace internal -} // namespace v8 - uint32_t parseVarint(const byte_t*& pos, const byte_t* end) { uint32_t n = 0; uint32_t shift = 0; @@ -142,9 +136,6 @@ wasm::vec stripWasmModule(const wasm::vec& module) { } wasm::vec serializeWasmModule(const char* path, const wasm::vec& content) { - // Enable Wasm optimizations. - v8::internal::FLAG_wasm_opt = true; - const auto engine = wasm::Engine::make(); if (engine == nullptr) { std::cerr << "ERROR: Failed to start V8." << std::endl;