Merged
Conversation
* Improve performance by removing MD5 for check cache keys (istio#2002) * Improve performance by removing MD5 for check cache keys Signed-off-by: Wayne Zhang <qiwzhang@google.com> * not to allocate memory from stack Signed-off-by: Wayne Zhang <qiwzhang@google.com> * Make debug string readable Signed-off-by: Wayne Zhang <qiwzhang@google.com> * alts: remove ALTS (istio#2003) Signed-off-by: Lizan Zhou <lizan@tetrate.io> * Use std::hash for check cache. (istio#2009) Signed-off-by: Wayne Zhang <qiwzhang@google.com> * Remove tests to compare signature values (istio#2015) Signed-off-by: Wayne Zhang <qiwzhang@google.com> * update sample envoy config to latest version (istio#2016) * Add a new TCP cluster rewrite filter (istio#2017) * Add a new TCP cluster rewrite filter This commit adds a new TCP cluster rewrite filter which allows users to rewrite TCP cluster names obtained via TLS SNI by matching via regex configuration. Signed-off-by: Venil Noronha <veniln@vmware.com> * Make TCP cluster rewrite stackable on SNI filter This commit updates the TCP Cluster Rewrite filter to be stackable on the SNI Cluster filter. Signed-off-by: Venil Noronha <veniln@vmware.com> * Update TCP Cluster Rewrite filter name (istio#2019) This commit updates the TCP Cluster Rewrite filter name to envoy.filters.network.tcp_cluster_rewrite. Signed-off-by: Venil Noronha <veniln@vmware.com> * Enable TCP Cluster Rewrite filter registration (istio#2021) This commit enables the static registration of the TCP Cluster Rewrite filter by updating the build configuration. Signed-off-by: Venil Noronha <veniln@vmware.com> * Update Envoy SHA to 4ef8562 (istio#2023) Envoy /server_info API was inconsistent intermittently causing errors on a Proxy update on Istio. This update will bring in the API fix to Istio. Signed-off-by: Venil Noronha <veniln@vmware.com> * add proxy postsubmit periodic (istio#2025) * Update Envoy SHA to c41fa71 (istio#2029) * Update Envoy SHA Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com> * Fix format. Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com> * bazel: Allow to distdir all dependencies (istio#2034) To use --distdir option of Bazel (which allows to use previously fetched tarballs instead of downloading dependencies during build), all dependencies should use http instead of git and need to have sha256 sums specified. Signed-off-by: Michal Rostecki <mrostecki@suse.de> * bazel: Remove BoringSSL repository (istio#2035) Pull request istio#2002 removed signature calculation which was using BoringSSL as a dependency. BoringSSL is not needed anymore. Signed-off-by: Michal Rostecki <mrostecki@suse.de> * Update Envoy SHA to fcc68f1 (istio#2037) * Update Envoy SHA to fcc68f1 Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com> * Update SHA256 Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com>
* Enable caching of dynamic metadata in mixer filter This enables caching of dynamic metadata in the onData call in the mixer filter and returns the same during the GetDynamicFilterState call. Signed-off-by: Venil Noronha <veniln@vmware.com> * Update cloning to reflect Mongo format updates This updates the deep cloning logic in the mixer filter to reflect the latest changes in the Mongo proxy filter's dynamic metadata format. Signed-off-by: Venil Noronha <veniln@vmware.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
* Bump enoy version to pickup json access log fix Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com> * Add sha256sum and note about how to retrieve the sum Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
* update envoy sha * update envoy SHA to 48b161e (istio#2041) * update envoy SHA to 48b161e * use Http::AsyncClient::RequestOptions() in AsyncClient::send() * PerConnectionCluster::Key -> PerConnectionCluster::key() * use Http::AsyncClient::RequestOptions() in AsyncClient::send() in the test * fix format * Forward Downstream SNI filter (istio#2045) * initial implementation of forward_downstream_api filter * fix the license message in BUILD (sh comments) * add missing dependencies * add definition of config_lib to BUILD * remove public visibility from forward_downstream_sni_lib * remove envoy_cc_binary dependency * StreamInfo::UpstreamServerName -> Network::UpstreamServerName * fix namespace (Extensions -> Tcp) * remove config_test
* Copy the network_level_sni_reader filter * Add SniVerifier filter based on NetworkLevelSniReader * Add extra details to log * refactoring, tests, make buf_ non-static, handle data in chunks * add credit to TLS inspector of Envoy * add ERR_clear_error()
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
* Authenticate an exchanged token * Change issuer name and jwt-authn output with key being original issuer * Revised the code based on the discussion * Address review comments and add a test * Address new review comments * Add integration tests and address review comments * Fix a flaky test and address new review comments * Small grammar fixes * Revise the function of finding the token header * Use case-insensitive compare for the header name * Change the name of a variable * Revise log statements
* support passing jwt token with prefix * format * address comments
* address comment * search from start
* update envoy sha * library bug fixes * bug fix * lint fixes * lint fixes * lint fixes * test fixes
…nge (istio#2076) * rename rbac permissive related attributes key due to envoy recent change * rename
googlebot
added
the
cla: yes
Collaborator
|
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the |
googlebot
added
cla: no
hklai
added
cla: yes
Collaborator
|
A Googler has manually verified that the CLAs look good. (Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.) |
Contributor
|
/lgtm |
Collaborator
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: hklai, kyessenov If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Member
|
The macos test failure is weird. But I think it is fine as the test passes in release-1.1 recently. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.