Merge release-1.1 to master

.bazelrc

@@ -1,13 +1,16 @@
 # Copied from https://github.com/envoyproxy/envoy/blob/master/tools/bazel.rc
 # Envoy specific Bazel build/test options.
 
-build --workspace_status_command=tools/bazel_get_workspace_status
 # Bazel doesn't need more than 200MB of memory based on memory profiling:
 # https://docs.bazel.build/versions/master/skylark/performance.html#memory-profiling
 # Limiting JVM heapsize here to let it do GC more when approaching the limit to
 # leave room for compiler/linker.
 startup --host_jvm_args=-Xmx512m
 
+build --workspace_status_command=tools/bazel_get_workspace_status
+# enable path normalization by default. See https://github.com/envoyproxy/envoy/pull/6519
+build --define path_normalization_by_default=true
+
 # Basic ASAN/UBSAN that works for gcc
 build:asan --define ENVOY_CONFIG_ASAN=1
 build:asan --copt -fsanitize=address,undefined
@@ -54,6 +57,8 @@ build:clang-msan --copt -fsanitize-memory-track-origins=2
 
 # Test options
 test --test_env=HEAPCHECK=normal --test_env=PPROF_PATH
+# enable path normalization by default. See https://github.com/envoyproxy/envoy/pull/6519
+test --define path_normalization_by_default=true
 
 # Release builds without debug symbols.
 build:release -c opt

WORKSPACE

@@ -32,6 +32,9 @@ bind(
     actual = "//external:ssl",
 )
 
+# envoy commit date 04/10/2019
+# bazel version: 0.22.0
+
 # When updating envoy sha manually please update the sha in istio.deps file also
 #
 # Determine SHA256 `wget https://github.com/envoyproxy/envoy/archive/COMMIT.tar.gz && sha256sum COMMIT.tar.gz`
@@ -41,13 +44,22 @@ ENVOY_SHA = "228a963d1308eb1b06e2e8b7387e0bfa72fe77ea"
 
 ENVOY_SHA256 = "6480ed4a526c504dc7c7c6784c7f143183a5481d944b999a45b7a7fb925d8e09"
 
+LOCAL_ENVOY_PROJECT = "/PATH/TO/ENVOY"
+
 http_archive(
     name = "envoy",
     sha256 = ENVOY_SHA256,
     strip_prefix = "envoy-" + ENVOY_SHA,
     url = "https://github.com/envoyproxy/envoy/archive/" + ENVOY_SHA + ".tar.gz",
 )
 
+# TODO(silentdai) Use bazel args to select envoy between local or http
+# Uncomment below and comment above http_archive to depends on local envoy.
+#local_repository(
+#     name = "envoy",
+#     path = LOCAL_ENVOY_PROJECT,
+#)
+
 load("@envoy//bazel:api_repositories.bzl", "envoy_api_dependencies")
 
 envoy_api_dependencies()

protobuf.bzl

@@ -0,0 +1,66 @@
+# Copyright 2017 Istio Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+#
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+# Match SHA used by Envoy
+PROTOBUF_SHA = "582743bf40c5d3639a70f98f183914a2c0cd0680"
+PROTOBUF_SHA256 = "cf9e2fb1d2cd30ec9d51ff1749045208bd641f290f64b85046485934b0e03783"
+
+def protobuf_repositories(load_repo = True, bind = True):
+    if load_repo:
+        http_archive(
+            name = "com_google_protobuf",
+            strip_prefix = "protobuf-" + PROTOBUF_SHA,
+            url = "https://github.com/google/protobuf/archive/" + PROTOBUF_SHA + ".tar.gz",
+            sha256 = PROTOBUF_SHA256,
+        )
+
+    if bind:
+        native.bind(
+            name = "protoc",
+            actual = "@com_google_protobuf//:protoc",
+        )
+
+        native.bind(
+            name = "protocol_compiler",
+            actual = "@com_google_protobuf//:protoc",
+        )
+
+        native.bind(
+            name = "protobuf",
+            actual = "@com_google_protobuf//:protobuf",
+        )
+
+        native.bind(
+            name = "cc_wkt_protos",
+            actual = "@com_google_protobuf//:cc_wkt_protos",
+        )
+
+        native.bind(
+            name = "cc_wkt_protos_genproto",
+            actual = "@com_google_protobuf//:cc_wkt_protos_genproto",
+        )
+
+        native.bind(
+            name = "protobuf_compiler",
+            actual = "@com_google_protobuf//:protoc_lib",
+        )
+
+        native.bind(
+            name = "protobuf_clib",
+            actual = "@com_google_protobuf//:protoc_lib",
+        )

src/envoy/http/authn/authenticator_base_test.cc

@@ -14,6 +14,7 @@
  */
 
 #include "src/envoy/http/authn/authenticator_base.h"
+
 #include "common/common/base64.h"
 #include "common/protobuf/protobuf.h"
 #include "envoy/api/v2/core/base.pb.h"
@@ -77,9 +78,9 @@ const std::string kExchangedTokenPayloadNoOriginalClaims =
 
 class MockAuthenticatorBase : public AuthenticatorBase {
  public:
-  MockAuthenticatorBase(FilterContext* filter_context)
+  MockAuthenticatorBase(FilterContext *filter_context)
       : AuthenticatorBase(filter_context) {}
-  MOCK_METHOD1(run, bool(Payload*));
+  MOCK_METHOD1(run, bool(Payload *));
 };
 
 class ValidateX509Test : public testing::TestWithParam<iaapi::MutualTls::Mode>,
@@ -108,7 +109,7 @@ class ValidateX509Test : public testing::TestWithParam<iaapi::MutualTls::Mode>,
  protected:
   iaapi::MutualTls mtls_params_;
   iaapi::Jwt jwt_;
-  Payload* payload_;
+  Payload *payload_;
   Payload default_payload_;
 };
 
@@ -206,7 +207,7 @@ class ValidateJwtTest : public testing::Test,
  protected:
   iaapi::MutualTls mtls_params_;
   iaapi::Jwt jwt_;
-  Payload* payload_;
+  Payload *payload_;
   Payload default_payload_;
 };
 
@@ -348,7 +349,7 @@ TEST_F(ValidateJwtTest, OriginalPayloadOfExchangedToken) {
   // "{\"email\":\"user@example.com\",\"sub\":\"example-subject\",\"iss\":\"https://accounts.example.com\"}"
   // Therefore, raw_claims is skipped to avoid a flaky test.
   MessageDifferencer diff;
-  const google::protobuf::FieldDescriptor* field =
+  const google::protobuf::FieldDescriptor *field =
       expected_payload.jwt().GetDescriptor()->FindFieldByName("raw_claims");
   diff.IgnoreField(field);
   EXPECT_TRUE(diff.Compare(expected_payload, *payload_));

src/envoy/utils/utils.cc

@@ -14,6 +14,7 @@
  */
 
 #include "src/envoy/utils/utils.h"
+
 #include "include/istio/utils/attributes_builder.h"
 #include "mixer/v1/attributes.pb.h"
 
@@ -36,21 +37,21 @@ const std::string kMetadataDestinationUID("uid");
 
 }  // namespace
 
-void ExtractHeaders(const Http::HeaderMap& header_map,
-                    const std::set<std::string>& exclusives,
-                    std::map<std::string, std::string>& headers) {
+void ExtractHeaders(const Http::HeaderMap &header_map,
+                    const std::set<std::string> &exclusives,
+                    std::map<std::string, std::string> &headers) {
   struct Context {
-    Context(const std::set<std::string>& exclusives,
-            std::map<std::string, std::string>& headers)
+    Context(const std::set<std::string> &exclusives,
+            std::map<std::string, std::string> &headers)
         : exclusives(exclusives), headers(headers) {}
-    const std::set<std::string>& exclusives;
-    std::map<std::string, std::string>& headers;
+    const std::set<std::string> &exclusives;
+    std::map<std::string, std::string> &headers;
   };
   Context ctx(exclusives, headers);
   header_map.iterate(
-      [](const Http::HeaderEntry& header,
-         void* context) -> Http::HeaderMap::Iterate {
-        Context* ctx = static_cast<Context*>(context);
+      [](const Http::HeaderEntry &header,
+         void *context) -> Http::HeaderMap::Iterate {
+        Context *ctx = static_cast<Context *>(context);
         auto key = std::string(header.key().getStringView());
         auto value = std::string(header.value().getStringView());
         if (ctx->exclusives.count(key) == 0) {
@@ -61,21 +62,21 @@ void ExtractHeaders(const Http::HeaderMap& header_map,
       &ctx);
 }
 
-void FindHeaders(const Http::HeaderMap& header_map,
-                 const std::set<std::string>& inclusives,
-                 std::map<std::string, std::string>& headers) {
+void FindHeaders(const Http::HeaderMap &header_map,
+                 const std::set<std::string> &inclusives,
+                 std::map<std::string, std::string> &headers) {
   struct Context {
-    Context(const std::set<std::string>& inclusives,
-            std::map<std::string, std::string>& headers)
+    Context(const std::set<std::string> &inclusives,
+            std::map<std::string, std::string> &headers)
         : inclusives(inclusives), headers(headers) {}
-    const std::set<std::string>& inclusives;
-    std::map<std::string, std::string>& headers;
+    const std::set<std::string> &inclusives;
+    std::map<std::string, std::string> &headers;
   };
   Context ctx(inclusives, headers);
   header_map.iterate(
-      [](const Http::HeaderEntry& header,
-         void* context) -> Http::HeaderMap::Iterate {
-        Context* ctx = static_cast<Context*>(context);
+      [](const Http::HeaderEntry &header,
+         void *context) -> Http::HeaderMap::Iterate {
+        Context *ctx = static_cast<Context *>(context);
         auto key = std::string(header.key().getStringView());
         auto value = std::string(header.value().getStringView());
         if (ctx->inclusives.count(key) != 0) {
@@ -86,30 +87,31 @@ void FindHeaders(const Http::HeaderMap& header_map,
       &ctx);
 }
 
-bool GetIpPort(const Network::Address::Ip* ip, std::string* str_ip, int* port) {
+bool GetIpPort(const Network::Address::Ip *ip, std::string *str_ip, int *port) {
   if (ip) {
     *port = ip->port();
     if (ip->ipv4()) {
       uint32_t ipv4 = ip->ipv4()->address();
-      *str_ip = std::string(reinterpret_cast<const char*>(&ipv4), sizeof(ipv4));
+      *str_ip =
+          std::string(reinterpret_cast<const char *>(&ipv4), sizeof(ipv4));
       return true;
     }
     if (ip->ipv6()) {
       absl::uint128 ipv6 = ip->ipv6()->address();
-      *str_ip = std::string(reinterpret_cast<const char*>(&ipv6), 16);
+      *str_ip = std::string(reinterpret_cast<const char *>(&ipv6), 16);
       return true;
     }
   }
   return false;
 }
 
-bool GetDestinationUID(const envoy::api::v2::core::Metadata& metadata,
-                       std::string* uid) {
+bool GetDestinationUID(const envoy::api::v2::core::Metadata &metadata,
+                       std::string *uid) {
   const auto filter_it = metadata.filter_metadata().find(kPerHostMetadataKey);
   if (filter_it == metadata.filter_metadata().end()) {
     return false;
   }
-  const Struct& struct_pb = filter_it->second;
+  const Struct &struct_pb = filter_it->second;
   const auto fields_it = struct_pb.fields().find(kMetadataDestinationUID);
   if (fields_it == struct_pb.fields().end()) {
     return false;
@@ -118,11 +120,11 @@ bool GetDestinationUID(const envoy::api::v2::core::Metadata& metadata,
   return true;
 }
 
-bool GetPrincipal(const Network::Connection* connection, bool peer,
-                  std::string* principal) {
+bool GetPrincipal(const Network::Connection *connection, bool peer,
+                  std::string *principal) {
   if (connection) {
-    Ssl::ConnectionInfo* ssl =
-        const_cast<Ssl::ConnectionInfo*>(connection->ssl());
+    Ssl::ConnectionInfo *ssl =
+        const_cast<Ssl::ConnectionInfo *>(connection->ssl());
     if (ssl != nullptr) {
       const std::vector<std::string> sans =
           (peer ? ssl->uriSanPeerCertificate() : ssl->uriSanLocalCertificate());
@@ -144,13 +146,13 @@ bool GetPrincipal(const Network::Connection* connection, bool peer,
   return false;
 }
 
-bool IsMutualTLS(const Network::Connection* connection) {
+bool IsMutualTLS(const Network::Connection *connection) {
   return connection != nullptr && connection->ssl() != nullptr &&
          connection->ssl()->peerCertificatePresented();
 }
 
-bool GetRequestedServerName(const Network::Connection* connection,
-                            std::string* name) {
+bool GetRequestedServerName(const Network::Connection *connection,
+                            std::string *name) {
   if (connection && !connection->requestedServerName().empty()) {
     *name = std::string(connection->requestedServerName());
     return true;
@@ -159,20 +161,20 @@ bool GetRequestedServerName(const Network::Connection* connection,
   return false;
 }
 
-Status ParseJsonMessage(const std::string& json, Message* output) {
+Status ParseJsonMessage(const std::string &json, Message *output) {
   ::google::protobuf::util::JsonParseOptions options;
   options.ignore_unknown_fields = true;
   return ::google::protobuf::util::JsonStringToMessage(json, output, options);
 }
 
 void CheckResponseInfoToStreamInfo(
-    const istio::mixerclient::CheckResponseInfo& check_response,
-    StreamInfo::StreamInfo& stream_info) {
+    const istio::mixerclient::CheckResponseInfo &check_response,
+    StreamInfo::StreamInfo &stream_info) {
   if (!check_response.status().ok()) {
     stream_info.setResponseFlag(
         StreamInfo::ResponseFlag::UnauthorizedExternalService);
     ProtobufWkt::Struct metadata;
-    auto& fields = *metadata.mutable_fields();
+    auto &fields = *metadata.mutable_fields();
     fields["status"].set_string_value(check_response.status().ToString());
     stream_info.setDynamicMetadata(istio::utils::kMixerMetadataKey, metadata);
   }

test/integration/int_client.cc

@@ -16,6 +16,7 @@
 #include "int_client.h"
 
 #include <future>
+
 #include "common/http/http1/codec_impl.h"
 #include "common/http/http2/codec_impl.h"
 #include "common/stats/isolated_store_impl.h"

test/integration/int_server.cc

@@ -14,7 +14,9 @@
  */
 
 #include "int_server.h"
+
 #include <future>
+
 #include "common/common/lock_guard.h"
 #include "common/common/logger.h"
 #include "common/grpc/codec.h"