Setting `disabled = true` on a route should disable the virtual host global rate limit policy by shadialtarsha · Pull Request #5657 · projectcontour/contour

shadialtarsha · 2023-08-07T14:20:41Z

Envoy has extensions.filters.http.ratelimit.v3.RateLimitPerRoute API which allows control over the Vhost Rate Limits on the route level.

This is very useful to disable the vhost rate limits for example on specific routes like /health routes.

HTTPProxy example:

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: echo
spec:
  virtualhost:
    fqdn: local.projectcontour.io
    rateLimitPolicy:
      global:
        disabled: true
      local:
        requests: 100
        unit: hour
        burst: 20
  routes:
    - conditions:
        - prefix: /
      services:
        - name: ingress-conformance-echo
          port: 80
    - conditions:
        - prefix: /foo
      rateLimitPolicy:
        global:
          disabled: true
      services:
        - name: ingress-conformance-echo
          port: 80

Fixes #5685

codecov · 2023-08-08T10:58:50Z

Codecov Report

Merging #5657 (d77620f) into main (9ad7ac5) will increase coverage by 0.00%.
The diff coverage is 86.36%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5657   +/-   ##
=======================================
  Coverage   78.56%   78.57%           
=======================================
  Files         138      138           
  Lines       19164    19184   +20     
=======================================
+ Hits        15057    15074   +17     
- Misses       3820     3822    +2     
- Partials      287      288    +1

Files Changed	Coverage Δ
internal/dag/dag.go	`98.70% <ø> (ø)`
internal/envoy/v3/route.go	`80.37% <0.00%> (-0.31%)`	⬇️
internal/dag/httpproxy_processor.go	`91.91% <100.00%> (+0.06%)`	⬆️
internal/envoy/v3/ratelimit.go	`100.00% <100.00%> (ø)`

changelogs/unreleased/5657-shadialtarsha-minor.md

internal/envoy/v3/ratelimit.go

internal/dag/policy_test.go

davinci26

implementation lgtm, I am not quite sure about the API here and how it is different than the existing API

clayton-gonsalves

Question: doesnt this https://projectcontour.io/docs/main/config/api/#projectcontour.io/v1.GlobalRateLimitPolicy
disabled solve the use case you are trying to achieve?

skriss

Thanks @shadialtarsha, I think this makes sense, had a few clarifications for the changelog

changelogs/unreleased/5363-shadialtarsha-minor.md

changelogs/unreleased/5657-shadialtarsha-minor.md

clayton-gonsalves · 2023-08-18T09:41:47Z

internal/dag/dag.go

 	RateLimitPolicy *RateLimitPolicy

+	// RateLimitPerRoute defines how the route should handle rate limits defined by the virtual host.
+	RateLimitPerRoute *RateLimitPerRoute


I think we should be able to reuse RateLimitPolicy.disabled. which will allow us to not introduce new fields.

So dag. RateLimitPolicy doesn't really have disabled on it, this noob is only on the API.

I don't believe introducing this switch to DAG is a good idea as DAG is closer to Envoy than to the HTTPProxy API and also RateLimitPerRoute is native to Envoy's struct for doing exactly this.

clayton-gonsalves · 2023-08-18T09:43:11Z

internal/dag/dag.go

+	VhRateLimitsOverride VhRateLimitsType = iota
+
+	// VhRateLimitsInclude will use the virtual host rate limits even if the route has a rate limit policy.
+	VhRateLimitsInclude


Do we need VhRateLimitsInclude for this case?

I don't have a strong opinion here.
I kept them just in case someone wants to extend the implementation and supports another mode.

test/e2e/httpproxy/global_rate_limiting_test.go

test/e2e/httpproxy/default_global_rate_limiting_test.go

shadialtarsha · 2023-09-05T15:51:20Z

Sorry took me a bit of time to address changes here as we were busy with many other things.
will follow up immediately with the next round

shadialtarsha · 2023-09-12T09:10:38Z

@skriss would appreciate another round once you have time 🙏🏻

shadialtarsha · 2023-09-20T17:29:00Z

Hey folks sorry another ping for this @skriss and @sunjayBhatia

skriss · 2023-09-05T19:55:42Z

changelogs/unreleased/5363-shadialtarsha-minor.md

@@ -0,0 +1,28 @@
+## Default Global RateLimit Policy


Sorry, but this file can be removed now since we included it in the 1.26 release notes and then cleared out the individual files from changelogs/unreleased.

skriss · 2023-09-21T19:54:07Z

Otherwise LGTM, thanks @shadialtarsha

Signed-off-by: shadi-altarsha <shadi.altarsha@reddit.com>

Co-authored-by: Steve Kriss <stephen.kriss@gmail.com> Signed-off-by: shadi-altarsha <shadi.altarsha@reddit.com>

Signed-off-by: shadi-altarsha <shadi.altarsha@reddit.com>

skriss

LGTM, thanks @shadialtarsha

* provisioner: add field overloadMaxHeapSize for envoy (projectcontour#5699) * add field overloadMaxHeapSize Signed-off-by: yy <yang.yang@daocloud.io> * add changelog Signed-off-by: yy <yang.yang@daocloud.io> * update changelog and configuration.md Signed-off-by: yangyang <yang.yang@daocloud.io> --------- Signed-off-by: yy <yang.yang@daocloud.io> Signed-off-by: yangyang <yang.yang@daocloud.io> * build(deps): bump sigs.k8s.io/gateway-api from 0.8.0 to 0.8.1 (projectcontour#5757) * build(deps): bump sigs.k8s.io/gateway-api from 0.8.0 to 0.8.1 Bumps [sigs.k8s.io/gateway-api](https://github.com/kubernetes-sigs/gateway-api) from 0.8.0 to 0.8.1. - [Release notes](https://github.com/kubernetes-sigs/gateway-api/releases) - [Changelog](https://github.com/kubernetes-sigs/gateway-api/blob/main/CHANGELOG.md) - [Commits](kubernetes-sigs/gateway-api@v0.8.0...v0.8.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/gateway-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * make generate Signed-off-by: Steve Kriss <krisss@vmware.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Steve Kriss <krisss@vmware.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Steve Kriss <krisss@vmware.com> * build(deps): bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.12.1 (projectcontour#5781) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.12.0 to 2.12.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.12.0...v2.12.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 (projectcontour#5780) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.1 to 1.58.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.58.1...v1.58.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/vektra/mockery/v2 from 2.33.2 to 2.34.0 (projectcontour#5779) Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.33.2 to 2.34.0. - [Release notes](https://github.com/vektra/mockery/releases) - [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md) - [Commits](vektra/mockery@v2.33.2...v2.34.0) --- updated-dependencies: - dependency-name: github.com/vektra/mockery/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Setting `disabled = true` on a route should disable the virtual host global rate limit policy (projectcontour#5657) Support disabling global rate limiting on individual routes by setting disabled=true. Fixes projectcontour#5685. Signed-off-by: shadi-altarsha <shadi.altarsha@reddit.com> * update Go to 1.21.1 (projectcontour#5783) Signed-off-by: Steve Kriss <krisss@vmware.com> * Fixup: Sort path matches based on length rather than lexi (projectcontour#5752) Since Envoy is greedy matching path routes, order is important. Contour decides to sort the routes in a way that is not really intuitive and can lead to suprises. In particular even tho the comment in the code state that routes are ordered based on legnth the reality is that they are sorted based on string comparison. This PR fixes this. * I think the current behaviour doesnt make much sense and it is a bit brittle. * Updating the behaviour has significant update risk since there might be folks that rely on this routing behaviour without really knowing it. * Should we even merge this PR? I am of two minds and I would like some input: 1. Option (1): Merge it as and make a clear changelog/announcement about the fix 2. Option (2): Create a config flag with a feature-flag e.g. `route_sorting_strategy` and switch the implementation to not do sorting when the flag is present. That way it allows folks to opt-out from the sorting as they need to. Longest path based matching kinda makes sense to me now that I know about it, but it is rough edge than needs users to be familiar with contour and it is harder to socialize in larger teams. Signed-off-by: Sotiris Nanopoulos <sotiris.nanopoulos@reddit.com> * build(deps): bump github.com/onsi/gomega from 1.27.10 to 1.28.0 (projectcontour#5792) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.10 to 1.28.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.27.10...v1.28.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/cert-manager/cert-manager (projectcontour#5791) Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Commits](cert-manager/cert-manager@v1.13.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/vektra/mockery/v2 from 2.34.0 to 2.34.2 (projectcontour#5793) Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.34.0 to 2.34.2. - [Release notes](https://github.com/vektra/mockery/releases) - [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md) - [Commits](vektra/mockery@v2.34.0...v2.34.2) --- updated-dependencies: - dependency-name: github.com/vektra/mockery/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/prometheus/client_golang (projectcontour#5790) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.16.0...v1.17.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * HTTPProxy: allow dynamic Host header rewrite (projectcontour#5678) Allows the Host header to be rewritten to the value of another header while forwarding the request to the upstream. This is possible at the route level only. Fixes projectcontour#5673. Signed-off-by: Clayton Gonsalves <clayton.gonsalves@reddit.com> * fix spelling errors (projectcontour#5798) Signed-off-by: Steve Kriss <krisss@vmware.com> * hack: bump codespell version to match GH action (projectcontour#5799) Signed-off-by: Steve Kriss <krisss@vmware.com> * gateway provisioner: add flags to enable running provisioner out of cluster (projectcontour#5686) Adds --incluster and --kubeconfig flags to the gateway provisioner to enable running outside of the cluster. Signed-off-by: gang.liu <gang.liu@daocloud.io> * site: Bump Hugo to 0.119.0 (projectcontour#5795) - Also implement more consistent toml file indenting for readability - Asset optimization is deprecated by netlify, see: https://answers.netlify.com/t/please-read-deprecation-of-post-processing-asset-optimization/96657 Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * internal/dag: default Listener ResolvedRefs to true (projectcontour#5804) Sets Gateway Listeners' ResolvedRefs condition to true by default, to pass updated conformance. Closes projectcontour#5648. Signed-off-by: Steve Kriss <krisss@vmware.com> * build(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (projectcontour#5810) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.12.0 to 0.13.0. - [Commits](golang/oauth2@v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/vektra/mockery/v2 from 2.34.2 to 2.35.2 (projectcontour#5809) Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.34.2 to 2.35.2. - [Release notes](https://github.com/vektra/mockery/releases) - [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md) - [Commits](vektra/mockery@v2.34.2...v2.35.2) --- updated-dependencies: - dependency-name: github.com/vektra/mockery/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/prometheus/client_model (projectcontour#5811) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/commits/v0.5.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * switch to github.com/distribution/parse (projectcontour#5818) Signed-off-by: Steve Kriss <krisss@vmware.com> * deps: Bump logrusr to v4.0.0 (projectcontour#5806) Fixes data races found in projectcontour#5805 Also remove testing around V().Info() logrusr has changed behavior since v3.0.0, it now tries to mimic logrus log levels with the V() level, see: bombsimon/logrusr@9f3fd50 In practice client-go checks if a certain verbosity level is enabled and initializes a different logger based on that and then uses Info(f) logs, rather than the V().Info() construction. This commit removes the testing of log lines written with V() guarding them and rather just tests the expected verbosity is enabled or not. Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * wait for cache sync and DAG build before starting xDS server (projectcontour#5672) Prevents starting the XDS server and building the DAG until the cache is synced with the initial list of k8s objects and these events are processed by the event handler Signed-off-by: Ahmad Karimi <ak12hastam@gmail.com> * internal/xdscache: Generate uuid for snapshot version (projectcontour#5819) Snapshotter had a data race reading/writing the snapshot version between threads. This version is not in practice used for the contour xDS server DiscoveryResponse versions but is in the go-control-plane version. Fixes: projectcontour#5482 Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * Bump Envoy to 1.27.1 (projectcontour#5821) See release notes: https://www.envoyproxy.io/docs/envoy/v1.27.1/version_history/v1.27/v1.27.1 Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (projectcontour#5829) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](golang/net@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (projectcontour#5833) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.58.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.58.2...v1.58.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/onsi/ginkgo/v2 from 2.12.1 to 2.13.0 (projectcontour#5831) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.12.1 to 2.13.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.12.1...v2.13.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/vektra/mockery/v2 from 2.35.2 to 2.35.4 (projectcontour#5834) Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.35.2 to 2.35.4. - [Release notes](https://github.com/vektra/mockery/releases) - [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md) - [Commits](vektra/mockery@v2.35.2...v2.35.4) --- updated-dependencies: - dependency-name: github.com/vektra/mockery/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (projectcontour#5832) Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](google/go-cmp@v0.5.9...v0.6.0) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump go to 1.21.3 (projectcontour#5841) Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * Add configurability for HTTP requests per IO cycle (projectcontour#5827) An additional mitigation to CVE-2023-44487 available in Envoy 1.27.1. This change allows configuring the http.max_requests_per_io_cycle Envoy runtime setting via Contour configuration to allow administrators of Contour to prevent abusive connections from starving resources from others. The default is left as the existing behavior, that is no limit, so as not to impact existing valid traffic. See the Envoy release notes for more information: https://www.envoyproxy.io/docs/envoy/v1.27.1/version_history/v1.27/v1.27.1 Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * provisioner: fix envoy-max-heapsize not set (projectcontour#5814) * fix envoy-max-heapsize not set Signed-off-by: yangyang <yang.yang@daocloud.io> * add ut Signed-off-by: yangyang <yang.yang@daocloud.io> * update ut Signed-off-by: yangyang <yang.yang@daocloud.io> --------- Signed-off-by: yangyang <yang.yang@daocloud.io> * HTTP/2 max concurrent streams can be configured (projectcontour#5850) Adds a global Listener configuration field for admins to be able to protect their installations of Contour/Envoy with a limit. Default is no limit to ensure existing behavior is not impacted for valid traffic. This field can be used for tuning resource usage or mitigated DOS attacks like in CVE-2023-44487. Also fixes omitempty tags on MaxRequestsPerIOCycle field. Fixes: projectcontour#5846 Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * Bump Envoy to v1.27.2 (projectcontour#5863) See release notes: https://www.envoyproxy.io/docs/envoy/v1.27.2/version_history/v1.27/v1.27.2 Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * site: 1.26.1, 1.25.3, 1.24.6 patch releases (projectcontour#5859) Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * test/e2e: Add race detection in e2e tests (projectcontour#5805) Compile contour binary with -race flag and look for "DATA RACE" in stderr. Fails test if found. Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * golangci-lint: Fix revive rules (projectcontour#5857) When we enabled the use-any rule we disabled all the default rules that are run by revive (see: https://revive.run/docs#golangci-lint) This change grabs all the default rules from https://github.com/mgechev/revive/blob/master/defaults.toml and adds the use-any rule Also fixes outstanding lint issues Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> * crd/ContourDeployment: Add field 'podLabels' for contour (#2) * add pod labels field to contourDeployment --------- Signed-off-by: yy <yang.yang@daocloud.io> Signed-off-by: yangyang <yang.yang@daocloud.io> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Steve Kriss <krisss@vmware.com> Signed-off-by: shadi-altarsha <shadi.altarsha@reddit.com> Signed-off-by: Sotiris Nanopoulos <sotiris.nanopoulos@reddit.com> Signed-off-by: Clayton Gonsalves <clayton.gonsalves@reddit.com> Signed-off-by: gang.liu <gang.liu@daocloud.io> Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> Signed-off-by: Ahmad Karimi <ak12hastam@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Steve Kriss <krisss@vmware.com> Co-authored-by: Shadi Altarsha <61504589+shadialtarsha@users.noreply.github.com> Co-authored-by: Sotiris Nanopoulos <sotiris.nanopoulos@reddit.com> Co-authored-by: Clayton Gonsalves <101868649+clayton-gonsalves@users.noreply.github.com> Co-authored-by: izturn <44051386+izturn@users.noreply.github.com> Co-authored-by: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Co-authored-by: Ahmad Karimi <39967326+therealak12@users.noreply.github.com>

shadialtarsha marked this pull request as ready for review August 8, 2023 12:36

shadialtarsha requested a review from a team as a code owner August 8, 2023 12:36

shadialtarsha requested review from skriss and stevesloka and removed request for a team August 8, 2023 12:36

clayton-gonsalves self-requested a review August 8, 2023 12:37

clayton-gonsalves added the release-note/minor A minor change that needs about a paragraph of explanation in the release notes. label Aug 8, 2023