diff --git a/WORKSPACE b/WORKSPACE index f16ce1285bd..fd87526d5b1 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -34,14 +34,14 @@ bind( # When updating envoy sha manually please update the sha in istio.deps file also # -# Determine SHA256 `wget https://github.com/envoyproxy/envoy/archive/COMMIT.zip && sha256sum COMMIT.zip` -ENVOY_SHA = "2a2ad48a7d4b57512bc10a9593e852fe950b1c8d" -ENVOY_SHA256 = "a86dd396bd3db8401d45f9d387d3177ba1eb8298520ef684c1deaf7b91a1af1d" +# Determine SHA256 `wget https://github.com/envoyproxy/envoy/archive/COMMIT.tar.gz && sha256sum COMMIT.tar.gz` +ENVOY_SHA = "bbf5674c2c9a901ec4e964e4dd1d845516e672b2" +ENVOY_SHA256 = "a4e56688cd274db367a5ab905e4d02da6d271189c564ae05e87812c63790c7d6" http_archive( name = "envoy", strip_prefix = "envoy-" + ENVOY_SHA, - url = "https://github.com/envoyproxy/envoy/archive/" + ENVOY_SHA + ".zip", + url = "https://github.com/envoyproxy/envoy/archive/" + ENVOY_SHA + ".tar.gz", sha256 = ENVOY_SHA256, ) diff --git a/istio.deps b/istio.deps index 4c497bdc97e..929694f3ab5 100644 --- a/istio.deps +++ b/istio.deps @@ -11,6 +11,6 @@ "name": "ENVOY_SHA", "repoName": "envoyproxy/envoy", "file": "WORKSPACE", - "lastStableSHA": "2a2ad48a7d4b57512bc10a9593e852fe950b1c8d" + "lastStableSHA": "bbf5674c2c9a901ec4e964e4dd1d845516e672b2" } ] diff --git a/protobuf.bzl b/protobuf.bzl index b556cdbfb91..786bb25f222 100644 --- a/protobuf.bzl +++ b/protobuf.bzl @@ -17,8 +17,8 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") # Match SHA used by Envoy -PROTOBUF_SHA = "fa252ec2a54acb24ddc87d48fed1ecfd458445fd" -PROTOBUF_SHA256 = "3d610ac90f8fa16e12490088605c248b85fdaf23114ce4b3605cdf81f7823604" +PROTOBUF_SHA = "7492b5681231c79f0265793fa57dc780ae2481d6" +PROTOBUF_SHA256 = "46f1da3a6a6db66dd240cf95a5553198f7c6e98e6ac942fceb8a1cf03291d96e" def protobuf_repositories(load_repo=True, bind=True): if load_repo: diff --git a/src/envoy/http/jwt_auth/integration_test/envoy.conf b/src/envoy/http/jwt_auth/integration_test/envoy.conf index 225c4db7023..763be2a7a97 100644 --- a/src/envoy/http/jwt_auth/integration_test/envoy.conf +++ b/src/envoy/http/jwt_auth/integration_test/envoy.conf @@ -1,65 +1,85 @@ { - "listeners": [ - { - "address": "tcp://{{ ip_loopback_address }}:0", - "bind_to_port": true, - "filters": [ - { - "type": "read", - "name": "http_connection_manager", - "config": { - "codec_type": "auto", - "stat_prefix": "ingress_http", - "route_config": { - "virtual_hosts": [ - { - "name": "backend", - "domains": ["*"], - "routes": [ + "admin": { + "access_log_path": "/dev/null", + "address": { + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": 0 + } + } + }, + "static_resources": { + "listeners": [ + { + "address": { + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": 0 + } + }, + "bind_to_port": true, + "filter_chains": [ + { + "filters": [ + { + "type": "read", + "name": "envoy.http_connection_manager", + "config": { + "codec_type": "auto", + "stat_prefix": "ingress_http", + "route_config": { + "virtual_hosts": [ + { + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "service1" + } + } + ] + } + ] + }, + "access_log": [ + { + "name": "envoy.file_access_log", + "config": { + "path": "/dev/null" + } + } + ], + "http_filters": [ { - "prefix": "/", - "cluster": "service1" + "name": "jwt-auth", + "config": {} + }, + { + "name": "envoy.router", + "config": {} } ] } - ] - }, - "access_log": [ - { - "path": "/dev/stdout" - } - ], - "filters": [ - { - "type": "decoder", - "name": "jwt-auth", - "config": {} - }, - { - "type": "decoder", - "name": "router", - "config": {} } ] } - } - ] - } - ], - "admin": { - "access_log_path": "/dev/stdout", - "address": "tcp://{{ ip_loopback_address }}:0" - }, - "cluster_manager": { + ] + } + ], "clusters": [ { "name": "service1", - "connect_timeout_ms": 5000, + "connect_timeout": "5s", "type": "static", - "lb_type": "round_robin", + "lb_policy": "round_robin", "hosts": [ { - "url": "tcp://{{ ip_loopback_address }}:{{ upstream_0 }}" + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": "{{ upstream_0 }}" + } } ] } diff --git a/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk b/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk index e78dbc395aa..8a547c855a0 100644 --- a/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk +++ b/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk @@ -1,97 +1,123 @@ { - "listeners": [ - { - "address": "tcp://{{ ip_loopback_address }}:0", - "bind_to_port": true, - "filters": [ - { - "name": "http_connection_manager", - "config": { - "codec_type": "auto", - "stat_prefix": "ingress_http", - "route_config": { - "virtual_hosts": [ - { - "name": "backend", - "domains": ["*"], - "routes": [ - { - "prefix": "/", - "cluster": "service1" - } - ] - } - ] - }, - "access_log": [ - { - "path": "/dev/null" - } - ], + "admin": { + "access_log_path": "/dev/null", + "address": { + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": 0 + } + } + }, + "static_resources": { + "listeners": [ + { + "address": { + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": 0 + } + }, + "filter_chains": [ + { "filters": [ { - "type": "decoder", - "name": "jwt-auth", + "name": "envoy.http_connection_manager", "config": { - "rules": [ - { - "issuer": "https://example.com", - "audiences": [ - "example_service" - ], - "remote_jwks": { - "http_uri": { - "uri": "http://example.com/foobar_cert", - "cluster": "example_issuer" + "codec_type": "auto", + "stat_prefix": "ingress_http", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "service1" + } } - }, - "forward_payload_header": "test-jwt-payload-output" - } - ] - } - }, - { - "type": "decoder", - "name": "router", - "config": {} + ] + } + ] + }, + "access_log": [ + { + "name": "envoy.file_access_log", + "config": { + "path": "/dev/null" + } + } + ], + "http_filters": [ + { + "name": "jwt-auth", + "config": { + "rules": [ + { + "issuer": "https://example.com", + "audiences": [ + "example_service" + ], + "remote_jwks": { + "http_uri": { + "uri": "http://example.com/foobar_cert", + "cluster": "example_issuer" + } + }, + "forward_payload_header": "test-jwt-payload-output" + } + ] + } + }, + { + "name": "envoy.router", + "config": {} + } + ] + } } ] } - } - ] - } - ], - "admin": { - "access_log_path": "/dev/null", - "address": "tcp://{{ ip_loopback_address }}:0" - }, - "cluster_manager": { + ] + } + ], "clusters": [ { "name": "service1", - "connect_timeout_ms": 5000, + "connect_timeout": "5s", "type": "static", - "lb_type": "round_robin", + "lb_policy": "round_robin", "hosts": [ { - "url": "tcp://{{ ip_loopback_address }}:{{ upstream_0 }}" + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": "{{ upstream_0 }}" + } } ] }, { "name": "example_issuer", - "connect_timeout_ms": 5000, + "connect_timeout": "5s", "type": "static", - "circuit_breakers": { - "default": { - "max_pending_requests": 10000, - "max_requests": 10000 - } - }, - "lb_type": "round_robin", + "circuit_breakers": { + "thresholds": { + "max_pending_requests": 10000, + "max_requests": 10000 + } + }, + "lb_policy": "round_robin", "hosts": [ { - "url": "tcp://{{ ip_loopback_address }}:{{ upstream_1 }}" + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": "{{ upstream_1 }}" + } } ] } diff --git a/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk b/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk index a6ce794147d..9f49cc80f5c 100644 --- a/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk +++ b/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk @@ -1,98 +1,124 @@ { - "listeners": [ - { - "address": "tcp://{{ ip_loopback_address }}:0", - "bind_to_port": true, - "filters": [ - { - "name": "http_connection_manager", - "config": { - "codec_type": "auto", - "stat_prefix": "ingress_http", - "route_config": { - "virtual_hosts": [ - { - "name": "backend", - "domains": ["*"], - "routes": [ - { - "prefix": "/", - "cluster": "service1" - } - ] - } - ] - }, - "access_log": [ - { - "path": "/dev/null" - } - ], + "admin": { + "access_log_path": "/dev/null", + "address": { + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": 0 + } + } + }, + "static_resources": { + "listeners": [ + { + "address": { + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": 0 + } + }, + "filter_chains": [ + { "filters": [ { - "type": "decoder", - "name": "jwt-auth", + "name": "envoy.http_connection_manager", "config": { - "rules": [ - { - "issuer": "https://example.com", - "audiences": [ - "example_service" - ], - "remote_jwks": { - "http_uri": { - "uri": "http://example.com/foobar_cert", - "cluster": "example_issuer" - } - }, - "forward_payload_header": "test-jwt-payload-output" + "codec_type": "auto", + "stat_prefix": "ingress_http", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "service1" + } + } + ] } - ], - "allow_missing_or_failed": true - } - }, - { - "type": "decoder", - "name": "router", - "config": {} + ] + }, + "access_log": [ + { + "name": "envoy.file_access_log", + "config": { + "path": "/dev/null" + } + } + ], + "http_filters": [ + { + "name": "jwt-auth", + "config": { + "rules": [ + { + "issuer": "https://example.com", + "audiences": [ + "example_service" + ], + "remote_jwks": { + "http_uri": { + "uri": "http://example.com/foobar_cert", + "cluster": "example_issuer" + } + }, + "forward_payload_header": "test-jwt-payload-output" + } + ], + "allow_missing_or_failed": true + } + }, + { + "name": "envoy.router", + "config": {} + } + ] + } } ] } - } - ] - } - ], - "admin": { - "access_log_path": "/dev/null", - "address": "tcp://{{ ip_loopback_address }}:0" - }, - "cluster_manager": { + ] + } + ], "clusters": [ { "name": "service1", - "connect_timeout_ms": 5000, + "connect_timeout": "5s", "type": "static", - "lb_type": "round_robin", + "lb_policy": "round_robin", "hosts": [ { - "url": "tcp://{{ ip_loopback_address }}:{{ upstream_0 }}" + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": "{{ upstream_0 }}" + } } ] }, { "name": "example_issuer", - "connect_timeout_ms": 5000, + "connect_timeout": "5s", "type": "static", - "circuit_breakers": { - "default": { - "max_pending_requests": 10000, - "max_requests": 10000 - } - }, - "lb_type": "round_robin", + "circuit_breakers": { + "thresholds": { + "max_pending_requests": 10000, + "max_requests": 10000 + } + }, + "lb_policy": "round_robin", "hosts": [ { - "url": "tcp://{{ ip_loopback_address }}:{{ upstream_1 }}" + "socket_address": { + "address": "{{ ntop_ip_loopback_address }}", + "port_value": "{{ upstream_1 }}" + } } ] }