Tsan race cherry-pick.

CODEOWNERS

@@ -1,103 +1 @@
-# TODO(zuercher): determine how we want to deal with auto-assignment
-# By default, @envoyproxy/maintainers own everything.
-#*       @envoyproxy/maintainers
-
-# api
-/api/ @envoyproxy/api-shepherds
-# access loggers
-/*/extensions/access_loggers/common @auni53 @zuercher
-# csrf extension
-/*/extensions/filters/http/csrf @dschaller @mattklein123
-# original_src http filter extension
-/*/extensions/filters/http/original_src @snowp @klarose
-# original_src listener filter extension
-/*/extensions/filters/listener/original_src @snowp @klarose
-# original_src common extension
-extensions/filters/common/original_src @snowp @klarose
-# dubbo_proxy extension
-/*/extensions/filters/network/dubbo_proxy @zyfjeff @lizan
-# thrift_proxy extension
-/*/extensions/filters/network/thrift_proxy @zuercher @brian-pane
-# jwt_authn http filter extension
-/*/extensions/filters/http/jwt_authn @qiwzhang @lizan
-# grpc_http1_reverse_bridge http filter extension
-/*/extensions/filters/http/grpc_http1_reverse_bridge @snowp @zuercher
-# header_to_metadata extension
-/*/extensions/filters/http/header_to_metadata @rgs1 @zuercher
-# alts transport socket extension
-/*/extensions/transport_sockets/alts @htuch @yangminzhu
-# tls transport socket extension
-/*/extensions/transport_sockets/tls @PiotrSikora @lizan
-# sni_cluster extension
-/*/extensions/filters/network/sni_cluster @rshriram @lizan
-# tracers.datadog extension
-/*/extensions/tracers/datadog @cgilmour @palazzem @mattklein123
-# tracers.xray extension
-/*/extensions/tracers/xray @marcomagdy @lavignes @mattklein123
-# mysql_proxy extension
-/*/extensions/filters/network/mysql_proxy @rshriram @venilnoronha @mattklein123
-# quic extension
-/*/extensions/quic_listeners/ @alyssawilk @danzh2010 @mattklein123 @mpwarres @wu-bin
-# zookeeper_proxy extension
-/*/extensions/filters/network/zookeeper_proxy @rgs1 @snowp
-# redis cluster extension
-/*/extensions/clusters/redis @msukalski @henryyyang @mattklein123
-/*/extensions/common/redis @msukalski @henryyyang @mattklein123
-# dynamic forward proxy
-/*/extensions/clusters/dynamic_forward_proxy @mattklein123 @alyssawilk
-/*/extensions/common/dynamic_forward_proxy @mattklein123 @alyssawilk
-/*/extensions/filters/http/dynamic_forward_proxy @mattklein123 @alyssawilk
-# omit_canary_hosts retry predicate
-/*/extensions/retry/host/omit_canary_hosts @sriduth @snowp
-# aws_iam grpc credentials
-/*/extensions/grpc_credentials/aws_iam @lavignes @mattklein123
-/*/extensions/filters/http/common/aws @lavignes @mattklein123
-# adaptive concurrency limit extension.
-/*/extensions/filters/http/adaptive_concurrency @tonya11en @mattklein123
-# http inspector
-/*/extensions/filters/listener/http_inspector @yxue @PiotrSikora @lizan
-# attribute context
-/*/extensions/filters/common/expr @kyessenov @yangminzhu @lizan
-# webassembly access logger extensions
-/*/extensions/access_loggers/wasm @jplevyak @PiotrSikora @lizan
-# webassembly http extensions
-/*/extensions/filters/http/wasm @jplevyak @PiotrSikora @lizan
-# webassembly network extensions
-/*/extensions/filters/network/wasm @jplevyak @PiotrSikora @lizan
-# webassembly common extension
-/*/extensions/common/wasm @jplevyak @PiotrSikora @lizan
-# common crypto extension
-/*/extensions/common/crypto @lizan @PiotrSikora @bdecoste
-/*/extensions/filters/http/grpc_http1_bridge @snowp @jose
-/*/extensions/filters/http/gzip @gsagula @dio
-/*/extensions/filters/http/fault @rshriram @alyssawilk
-/*/extensions/filters/common/fault @rshriram @alyssawilk
-/*/extensions/filters/http/grpc_json_transcoder @qiwzhang @lizan
-/*/extensions/filters/http/router @alyssawilk @mattklein123 @snowp
-/*/extensions/filters/http/ext_authz @gsagula @dio
-/*/extensions/filters/http/grpc_web @fengli79 @lizan
-/*/extensions/filters/http/grpc_stats @kyessenov @lizan
-/*/extensions/filters/http/squash @yuval-k @alyssawilk
-/*/extensions/filters/common/ext_authz @gsagula @dio
-/*/extensions/filters/common/original_src @klarose @snowp
-/*/extensions/filters/listener/tls_inspector @piotrsikora @htuch
-/*/extensions/grpc_credentials/example @wozz @htuch
-/*/extensions/grpc_credentials/file_based_metadata @wozz @htuch
-/*/extensions/stat_sinks/dog_statsd @taiki45 @jmarantz
-/*/extensions/stat_sinks/hystrix @trabetti @jmarantz
-/*/extensions/stat_sinks/metrics_service @ramaraochavali @jmarantz
-/*/extensions/resource_monitors/injected_resource @eziskind @htuch
-/*/extensions/resource_monitors/common @eziskind @htuch
-/*/extensions/resource_monitors/fixed_heap @eziskind @htuch
-/*/extensions/retry/priority @snowp @alyssawilk
-/*/extensions/retry/priority/previous_priorities @snowp @alyssawilk
-/*/extensions/retry/host @snowp @alyssawilk
-/*/extensions/filters/network/http_connection_manager @alyssawilk @mattklein123
-/*/extensions/filters/network/ext_authz @gsagula @dio
-/*/extensions/filters/network/tcp_proxy @alyssawilk @zuercher
-/*/extensions/filters/network/echo @htuch @alyssawilk
-/*/extensions/filters/udp/udp_proxy @mattklein123 @danzh2010
-/*/extensions/clusters/aggregate @yxue @snowp
-# support for on-demand VHDS requests
-/*/extensions/filters/http/on_demand @dmitri-d @htuch @lambdai
-/*/extensions/filters/network/local_ratelimit @mattklein123 @junr03
+* @istio/release-managers-1-5

docs/root/intro/arch_overview/security/rbac_filter.rst

@@ -83,6 +83,7 @@ The following attributes are exposed to the language runtime:
    response.headers, string map, All response headers
    response.trailers, string map, All response trailers
    response.size, int, Size of the response body
+   response.total_size, int, Total size of the response including the approximate uncompressed size of the headers and the trailers
    response.flags, int, Additional details about the response beyond the standard response code
    source.address, string, Downstream connection remote address
    source.port, int, Downstream connection remote port

source/extensions/common/wasm/v8/v8.cc

@@ -14,22 +14,13 @@
 #include "v8-version.h"
 #include "wasm-api/wasm.hh"
 
-namespace v8 {
-namespace internal {
-extern bool FLAG_wasm_opt;
-} // namespace internal
-} // namespace v8
-
 namespace Envoy {
 namespace Extensions {
 namespace Common {
 namespace Wasm {
 namespace V8 {
 
 wasm::Engine* engine() {
-  // Enable Wasm optimizations.
-  v8::internal::FLAG_wasm_opt = true;
-
   static const auto engine = wasm::Engine::make();
   return engine.get();
 }

source/extensions/filters/common/expr/BUILD

@@ -29,6 +29,7 @@ envoy_cc_library(
     hdrs = ["context.h"],
     deps = [
         "//source/common/grpc:common_lib",
+        "//source/common/http:header_map_lib",
         "//source/common/http:utility_lib",
         "//source/common/stream_info:utility_lib",
         "@com_google_cel_cpp//eval/public:cel_value",

source/extensions/filters/common/expr/context.cc

@@ -1,6 +1,7 @@
 #include "extensions/filters/common/expr/context.h"
 
 #include "common/grpc/common.h"
+#include "common/http/header_map_impl.h"
 #include "common/http/utility.h"
 
 #include "absl/strings/numbers.h"
@@ -80,6 +81,9 @@ absl::optional<CelValue> RequestWrapper::operator[](CelValue key) const {
     } else {
       return CelValue::CreateInt64(info_.bytesReceived());
     }
+  } else if (value == TotalSize) {
+    return CelValue::CreateInt64(info_.bytesReceived() +
+                                 (headers_.value_ ? headers_.value_->byteSize() : 0));
   } else if (value == Duration) {
     auto duration = info_.requestComplete();
     if (duration.has_value()) {
@@ -115,8 +119,6 @@ absl::optional<CelValue> RequestWrapper::operator[](CelValue key) const {
       return convertHeaderEntry(headers_.value_->RequestId());
     } else if (value == UserAgent) {
       return convertHeaderEntry(headers_.value_->UserAgent());
-    } else if (value == TotalSize) {
-      return CelValue::CreateInt64(info_.bytesReceived() + headers_.value_->byteSize());
     }
   }
   return {};
@@ -141,12 +143,17 @@ absl::optional<CelValue> ResponseWrapper::operator[](CelValue key) const {
   } else if (value == Flags) {
     return CelValue::CreateInt64(info_.responseFlags());
   } else if (value == GrpcStatus) {
-    auto const& optional_status =
-        Grpc::Common::getGrpcStatus(*(trailers_.value_), *(headers_.value_), info_);
+    auto const& optional_status = Grpc::Common::getGrpcStatus(
+        trailers_.value_ ? *trailers_.value_ : ConstSingleton<Http::HeaderMapImpl>::get(),
+        headers_.value_ ? *headers_.value_ : ConstSingleton<Http::HeaderMapImpl>::get(), info_);
     if (optional_status.has_value()) {
       return CelValue::CreateInt64(optional_status.value());
     }
     return {};
+  } else if (value == TotalSize) {
+    return CelValue::CreateInt64(info_.bytesSent() +
+                                 (headers_.value_ ? headers_.value_->byteSize() : 0) +
+                                 (trailers_.value_ ? trailers_.value_->byteSize() : 0));
   }
   return {};
 }

test/extensions/filters/common/expr/context_test.cc

@@ -32,12 +32,14 @@ TEST(Context, EmptyHeadersAttributes) {
 
 TEST(Context, RequestAttributes) {
   NiceMock<StreamInfo::MockStreamInfo> info;
+  NiceMock<StreamInfo::MockStreamInfo> empty_info;
   Http::TestHeaderMapImpl header_map{
       {":method", "POST"},           {":scheme", "http"},      {":path", "/meow?yes=1"},
       {":authority", "kittens.com"}, {"referer", "dogs.com"},  {"user-agent", "envoy-mobile"},
       {"content-length", "10"},      {"x-request-id", "blah"},
   };
   RequestWrapper request(&header_map, info);
+  RequestWrapper empty_request(nullptr, empty_info);
 
   EXPECT_CALL(info, bytesReceived()).WillRepeatedly(Return(10));
   // "2018-04-03T23:06:09.123Z".
@@ -67,6 +69,12 @@ TEST(Context, RequestAttributes) {
     ASSERT_TRUE(value.value().IsString());
     EXPECT_EQ("http", value.value().StringOrDie().value());
   }
+
+  {
+    auto value = empty_request[CelValue::CreateStringView(Scheme)];
+    EXPECT_FALSE(value.has_value());
+  }
+
   {
     auto value = request[CelValue::CreateStringView(Host)];
     EXPECT_TRUE(value.has_value());
@@ -131,6 +139,14 @@ TEST(Context, RequestAttributes) {
     EXPECT_EQ(138, value.value().Int64OrDie());
   }
 
+  {
+    auto value = empty_request[CelValue::CreateStringView(TotalSize)];
+    EXPECT_TRUE(value.has_value());
+    ASSERT_TRUE(value.value().IsInt64());
+    // this includes the headers size
+    EXPECT_EQ(0, value.value().Int64OrDie());
+  }
+
   {
     auto value = request[CelValue::CreateStringView(Time)];
     EXPECT_TRUE(value.has_value());
@@ -159,12 +175,22 @@ TEST(Context, RequestAttributes) {
     EXPECT_EQ("15ms", absl::FormatDuration(value.value().DurationOrDie()));
   }
 
+  {
+    auto value = empty_request[CelValue::CreateStringView(Duration)];
+    EXPECT_FALSE(value.has_value());
+  }
+
   {
     auto value = request[CelValue::CreateStringView(Protocol)];
     EXPECT_TRUE(value.has_value());
     ASSERT_TRUE(value.value().IsString());
     EXPECT_EQ("HTTP/2", value.value().StringOrDie().value());
   }
+
+  {
+    auto value = empty_request[CelValue::CreateStringView(Protocol)];
+    EXPECT_FALSE(value.has_value());
+  }
 }
 
 TEST(Context, RequestFallbackAttributes) {
@@ -195,12 +221,14 @@ TEST(Context, RequestFallbackAttributes) {
 
 TEST(Context, ResponseAttributes) {
   NiceMock<StreamInfo::MockStreamInfo> info;
+  NiceMock<StreamInfo::MockStreamInfo> empty_info;
   const std::string header_name = "test-header";
   const std::string trailer_name = "test-trailer";
   const std::string grpc_status = "grpc-status";
   Http::TestHeaderMapImpl header_map{{header_name, "a"}};
   Http::TestHeaderMapImpl trailer_map{{trailer_name, "b"}, {grpc_status, "8"}};
   ResponseWrapper response(&header_map, &trailer_map, info);
+  ResponseWrapper empty_response(nullptr, nullptr, empty_info);
 
   EXPECT_CALL(info, responseCode()).WillRepeatedly(Return(404));
   EXPECT_CALL(info, bytesSent()).WillRepeatedly(Return(123));
@@ -223,6 +251,20 @@ TEST(Context, ResponseAttributes) {
     EXPECT_EQ(123, value.value().Int64OrDie());
   }
 
+  {
+    auto value = response[CelValue::CreateStringView(TotalSize)];
+    EXPECT_TRUE(value.has_value());
+    ASSERT_TRUE(value.value().IsInt64());
+    EXPECT_EQ(160, value.value().Int64OrDie());
+  }
+
+  {
+    auto value = empty_response[CelValue::CreateStringView(TotalSize)];
+    EXPECT_TRUE(value.has_value());
+    ASSERT_TRUE(value.value().IsInt64());
+    EXPECT_EQ(0, value.value().Int64OrDie());
+  }
+
   {
     auto value = response[CelValue::CreateStringView(Code)];
     EXPECT_TRUE(value.has_value());
@@ -260,18 +302,26 @@ TEST(Context, ResponseAttributes) {
     ASSERT_TRUE(header.value().IsString());
     EXPECT_EQ("b", header.value().StringOrDie().value());
   }
+
   {
     auto value = response[CelValue::CreateStringView(Flags)];
     EXPECT_TRUE(value.has_value());
     ASSERT_TRUE(value.value().IsInt64());
     EXPECT_EQ(0x1, value.value().Int64OrDie());
   }
+
   {
     auto value = response[CelValue::CreateStringView(GrpcStatus)];
     EXPECT_TRUE(value.has_value());
     ASSERT_TRUE(value.value().IsInt64());
     EXPECT_EQ(0x8, value.value().Int64OrDie());
   }
+
+  {
+    auto value = empty_response[CelValue::CreateStringView(GrpcStatus)];
+    EXPECT_FALSE(value.has_value());
+  }
+
   {
     Http::TestHeaderMapImpl header_map{{header_name, "a"}, {grpc_status, "7"}};
     Http::TestHeaderMapImpl trailer_map{{trailer_name, "b"}};

test/tools/wee8_compile/wee8_compile.cc

@@ -10,12 +10,6 @@
 #include "v8-version.h"
 #include "wasm-api/wasm.hh"
 
-namespace v8 {
-namespace internal {
-extern bool FLAG_wasm_opt;
-} // namespace internal
-} // namespace v8
-
 uint32_t parseVarint(const byte_t*& pos, const byte_t* end) {
   uint32_t n = 0;
   uint32_t shift = 0;
@@ -142,9 +136,6 @@ wasm::vec<byte_t> stripWasmModule(const wasm::vec<byte_t>& module) {
 }
 
 wasm::vec<byte_t> serializeWasmModule(const char* path, const wasm::vec<byte_t>& content) {
-  // Enable Wasm optimizations.
-  v8::internal::FLAG_wasm_opt = true;
-
   const auto engine = wasm::Engine::make();
   if (engine == nullptr) {
     std::cerr << "ERROR: Failed to start V8." << std::endl;