diff --git a/.bazelrc b/.bazelrc index a0bfbcb421d..2a88bcae3ee 100644 --- a/.bazelrc +++ b/.bazelrc @@ -1,13 +1,16 @@ # Copied from https://github.com/envoyproxy/envoy/blob/master/tools/bazel.rc # Envoy specific Bazel build/test options. -build --workspace_status_command=tools/bazel_get_workspace_status # Bazel doesn't need more than 200MB of memory based on memory profiling: # https://docs.bazel.build/versions/master/skylark/performance.html#memory-profiling # Limiting JVM heapsize here to let it do GC more when approaching the limit to # leave room for compiler/linker. startup --host_jvm_args=-Xmx512m +build --workspace_status_command=tools/bazel_get_workspace_status +# enable path normalization by default. See https://github.com/envoyproxy/envoy/pull/6519 +build --define path_normalization_by_default=true + # Basic ASAN/UBSAN that works for gcc build:asan --define ENVOY_CONFIG_ASAN=1 build:asan --copt -fsanitize=address,undefined @@ -54,6 +57,8 @@ build:clang-msan --copt -fsanitize-memory-track-origins=2 # Test options test --test_env=HEAPCHECK=normal --test_env=PPROF_PATH +# enable path normalization by default. See https://github.com/envoyproxy/envoy/pull/6519 +test --define path_normalization_by_default=true # Release builds without debug symbols. build:release -c opt diff --git a/WORKSPACE b/WORKSPACE index 084094530a5..c7e4b643cd0 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -32,6 +32,9 @@ bind( actual = "//external:ssl", ) +# envoy commit date 04/10/2019 +# bazel version: 0.22.0 + # When updating envoy sha manually please update the sha in istio.deps file also # # Determine SHA256 `wget https://github.com/envoyproxy/envoy/archive/COMMIT.tar.gz && sha256sum COMMIT.tar.gz` @@ -41,6 +44,8 @@ ENVOY_SHA = "228a963d1308eb1b06e2e8b7387e0bfa72fe77ea" ENVOY_SHA256 = "6480ed4a526c504dc7c7c6784c7f143183a5481d944b999a45b7a7fb925d8e09" +LOCAL_ENVOY_PROJECT = "/PATH/TO/ENVOY" + http_archive( name = "envoy", sha256 = ENVOY_SHA256, @@ -48,6 +53,13 @@ http_archive( url = "https://github.com/envoyproxy/envoy/archive/" + ENVOY_SHA + ".tar.gz", ) +# TODO(silentdai) Use bazel args to select envoy between local or http +# Uncomment below and comment above http_archive to depends on local envoy. +#local_repository( +# name = "envoy", +# path = LOCAL_ENVOY_PROJECT, +#) + load("@envoy//bazel:api_repositories.bzl", "envoy_api_dependencies") envoy_api_dependencies() diff --git a/protobuf.bzl b/protobuf.bzl new file mode 100644 index 00000000000..3371d6a416c --- /dev/null +++ b/protobuf.bzl @@ -0,0 +1,66 @@ +# Copyright 2017 Istio Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# +load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") + +# Match SHA used by Envoy +PROTOBUF_SHA = "582743bf40c5d3639a70f98f183914a2c0cd0680" +PROTOBUF_SHA256 = "cf9e2fb1d2cd30ec9d51ff1749045208bd641f290f64b85046485934b0e03783" + +def protobuf_repositories(load_repo = True, bind = True): + if load_repo: + http_archive( + name = "com_google_protobuf", + strip_prefix = "protobuf-" + PROTOBUF_SHA, + url = "https://github.com/google/protobuf/archive/" + PROTOBUF_SHA + ".tar.gz", + sha256 = PROTOBUF_SHA256, + ) + + if bind: + native.bind( + name = "protoc", + actual = "@com_google_protobuf//:protoc", + ) + + native.bind( + name = "protocol_compiler", + actual = "@com_google_protobuf//:protoc", + ) + + native.bind( + name = "protobuf", + actual = "@com_google_protobuf//:protobuf", + ) + + native.bind( + name = "cc_wkt_protos", + actual = "@com_google_protobuf//:cc_wkt_protos", + ) + + native.bind( + name = "cc_wkt_protos_genproto", + actual = "@com_google_protobuf//:cc_wkt_protos_genproto", + ) + + native.bind( + name = "protobuf_compiler", + actual = "@com_google_protobuf//:protoc_lib", + ) + + native.bind( + name = "protobuf_clib", + actual = "@com_google_protobuf//:protoc_lib", + ) diff --git a/src/envoy/http/authn/authenticator_base_test.cc b/src/envoy/http/authn/authenticator_base_test.cc index 24a09d3a625..9ac47a3fef1 100644 --- a/src/envoy/http/authn/authenticator_base_test.cc +++ b/src/envoy/http/authn/authenticator_base_test.cc @@ -14,6 +14,7 @@ */ #include "src/envoy/http/authn/authenticator_base.h" + #include "common/common/base64.h" #include "common/protobuf/protobuf.h" #include "envoy/api/v2/core/base.pb.h" @@ -77,9 +78,9 @@ const std::string kExchangedTokenPayloadNoOriginalClaims = class MockAuthenticatorBase : public AuthenticatorBase { public: - MockAuthenticatorBase(FilterContext* filter_context) + MockAuthenticatorBase(FilterContext *filter_context) : AuthenticatorBase(filter_context) {} - MOCK_METHOD1(run, bool(Payload*)); + MOCK_METHOD1(run, bool(Payload *)); }; class ValidateX509Test : public testing::TestWithParam, @@ -108,7 +109,7 @@ class ValidateX509Test : public testing::TestWithParam, protected: iaapi::MutualTls mtls_params_; iaapi::Jwt jwt_; - Payload* payload_; + Payload *payload_; Payload default_payload_; }; @@ -206,7 +207,7 @@ class ValidateJwtTest : public testing::Test, protected: iaapi::MutualTls mtls_params_; iaapi::Jwt jwt_; - Payload* payload_; + Payload *payload_; Payload default_payload_; }; @@ -348,7 +349,7 @@ TEST_F(ValidateJwtTest, OriginalPayloadOfExchangedToken) { // "{\"email\":\"user@example.com\",\"sub\":\"example-subject\",\"iss\":\"https://accounts.example.com\"}" // Therefore, raw_claims is skipped to avoid a flaky test. MessageDifferencer diff; - const google::protobuf::FieldDescriptor* field = + const google::protobuf::FieldDescriptor *field = expected_payload.jwt().GetDescriptor()->FindFieldByName("raw_claims"); diff.IgnoreField(field); EXPECT_TRUE(diff.Compare(expected_payload, *payload_)); diff --git a/src/envoy/utils/utils.cc b/src/envoy/utils/utils.cc index 65474bea320..51e1bec6598 100644 --- a/src/envoy/utils/utils.cc +++ b/src/envoy/utils/utils.cc @@ -14,6 +14,7 @@ */ #include "src/envoy/utils/utils.h" + #include "include/istio/utils/attributes_builder.h" #include "mixer/v1/attributes.pb.h" @@ -36,21 +37,21 @@ const std::string kMetadataDestinationUID("uid"); } // namespace -void ExtractHeaders(const Http::HeaderMap& header_map, - const std::set& exclusives, - std::map& headers) { +void ExtractHeaders(const Http::HeaderMap &header_map, + const std::set &exclusives, + std::map &headers) { struct Context { - Context(const std::set& exclusives, - std::map& headers) + Context(const std::set &exclusives, + std::map &headers) : exclusives(exclusives), headers(headers) {} - const std::set& exclusives; - std::map& headers; + const std::set &exclusives; + std::map &headers; }; Context ctx(exclusives, headers); header_map.iterate( - [](const Http::HeaderEntry& header, - void* context) -> Http::HeaderMap::Iterate { - Context* ctx = static_cast(context); + [](const Http::HeaderEntry &header, + void *context) -> Http::HeaderMap::Iterate { + Context *ctx = static_cast(context); auto key = std::string(header.key().getStringView()); auto value = std::string(header.value().getStringView()); if (ctx->exclusives.count(key) == 0) { @@ -61,21 +62,21 @@ void ExtractHeaders(const Http::HeaderMap& header_map, &ctx); } -void FindHeaders(const Http::HeaderMap& header_map, - const std::set& inclusives, - std::map& headers) { +void FindHeaders(const Http::HeaderMap &header_map, + const std::set &inclusives, + std::map &headers) { struct Context { - Context(const std::set& inclusives, - std::map& headers) + Context(const std::set &inclusives, + std::map &headers) : inclusives(inclusives), headers(headers) {} - const std::set& inclusives; - std::map& headers; + const std::set &inclusives; + std::map &headers; }; Context ctx(inclusives, headers); header_map.iterate( - [](const Http::HeaderEntry& header, - void* context) -> Http::HeaderMap::Iterate { - Context* ctx = static_cast(context); + [](const Http::HeaderEntry &header, + void *context) -> Http::HeaderMap::Iterate { + Context *ctx = static_cast(context); auto key = std::string(header.key().getStringView()); auto value = std::string(header.value().getStringView()); if (ctx->inclusives.count(key) != 0) { @@ -86,30 +87,31 @@ void FindHeaders(const Http::HeaderMap& header_map, &ctx); } -bool GetIpPort(const Network::Address::Ip* ip, std::string* str_ip, int* port) { +bool GetIpPort(const Network::Address::Ip *ip, std::string *str_ip, int *port) { if (ip) { *port = ip->port(); if (ip->ipv4()) { uint32_t ipv4 = ip->ipv4()->address(); - *str_ip = std::string(reinterpret_cast(&ipv4), sizeof(ipv4)); + *str_ip = + std::string(reinterpret_cast(&ipv4), sizeof(ipv4)); return true; } if (ip->ipv6()) { absl::uint128 ipv6 = ip->ipv6()->address(); - *str_ip = std::string(reinterpret_cast(&ipv6), 16); + *str_ip = std::string(reinterpret_cast(&ipv6), 16); return true; } } return false; } -bool GetDestinationUID(const envoy::api::v2::core::Metadata& metadata, - std::string* uid) { +bool GetDestinationUID(const envoy::api::v2::core::Metadata &metadata, + std::string *uid) { const auto filter_it = metadata.filter_metadata().find(kPerHostMetadataKey); if (filter_it == metadata.filter_metadata().end()) { return false; } - const Struct& struct_pb = filter_it->second; + const Struct &struct_pb = filter_it->second; const auto fields_it = struct_pb.fields().find(kMetadataDestinationUID); if (fields_it == struct_pb.fields().end()) { return false; @@ -118,11 +120,11 @@ bool GetDestinationUID(const envoy::api::v2::core::Metadata& metadata, return true; } -bool GetPrincipal(const Network::Connection* connection, bool peer, - std::string* principal) { +bool GetPrincipal(const Network::Connection *connection, bool peer, + std::string *principal) { if (connection) { - Ssl::ConnectionInfo* ssl = - const_cast(connection->ssl()); + Ssl::ConnectionInfo *ssl = + const_cast(connection->ssl()); if (ssl != nullptr) { const std::vector sans = (peer ? ssl->uriSanPeerCertificate() : ssl->uriSanLocalCertificate()); @@ -144,13 +146,13 @@ bool GetPrincipal(const Network::Connection* connection, bool peer, return false; } -bool IsMutualTLS(const Network::Connection* connection) { +bool IsMutualTLS(const Network::Connection *connection) { return connection != nullptr && connection->ssl() != nullptr && connection->ssl()->peerCertificatePresented(); } -bool GetRequestedServerName(const Network::Connection* connection, - std::string* name) { +bool GetRequestedServerName(const Network::Connection *connection, + std::string *name) { if (connection && !connection->requestedServerName().empty()) { *name = std::string(connection->requestedServerName()); return true; @@ -159,20 +161,20 @@ bool GetRequestedServerName(const Network::Connection* connection, return false; } -Status ParseJsonMessage(const std::string& json, Message* output) { +Status ParseJsonMessage(const std::string &json, Message *output) { ::google::protobuf::util::JsonParseOptions options; options.ignore_unknown_fields = true; return ::google::protobuf::util::JsonStringToMessage(json, output, options); } void CheckResponseInfoToStreamInfo( - const istio::mixerclient::CheckResponseInfo& check_response, - StreamInfo::StreamInfo& stream_info) { + const istio::mixerclient::CheckResponseInfo &check_response, + StreamInfo::StreamInfo &stream_info) { if (!check_response.status().ok()) { stream_info.setResponseFlag( StreamInfo::ResponseFlag::UnauthorizedExternalService); ProtobufWkt::Struct metadata; - auto& fields = *metadata.mutable_fields(); + auto &fields = *metadata.mutable_fields(); fields["status"].set_string_value(check_response.status().ToString()); stream_info.setDynamicMetadata(istio::utils::kMixerMetadataKey, metadata); } diff --git a/test/integration/int_client.cc b/test/integration/int_client.cc index 41222bc8ff8..dbc191eef44 100644 --- a/test/integration/int_client.cc +++ b/test/integration/int_client.cc @@ -16,6 +16,7 @@ #include "int_client.h" #include + #include "common/http/http1/codec_impl.h" #include "common/http/http2/codec_impl.h" #include "common/stats/isolated_store_impl.h" diff --git a/test/integration/int_server.cc b/test/integration/int_server.cc index 0fccd8e77ce..4e0bbb59a02 100644 --- a/test/integration/int_server.cc +++ b/test/integration/int_server.cc @@ -14,7 +14,9 @@ */ #include "int_server.h" + #include + #include "common/common/lock_guard.h" #include "common/common/logger.h" #include "common/grpc/codec.h"