Merged
Conversation
Before this, when a gRPC server sends out DeniedResponse as a check response for a request but without setting the HttpResponse.DeniedResponse.Status, HTTP ext_authz filter translates that as "0" (empty/unknown HTTP status code). This patch makes sure we reply with a valid 403 Forbidden HTTP status code (the current default status code for denied response). Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Signed-off-by: David Schinazi <dschinazi@google.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>
* build(deps): bump deprecated in /.github/actions/pr_notifier Bumps [deprecated](https://github.com/tantale/deprecated) from 1.2.12 to 1.2.13. - [Release notes](https://github.com/tantale/deprecated/releases) - [Changelog](https://github.com/tantale/deprecated/blob/master/CHANGELOG.rst) - [Commits](laurent-laporte-pro/deprecated@v1.2.12...v1.2.13) --- updated-dependencies: - dependency-name: deprecated dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * build(deps): bump deprecated from 1.2.12 to 1.2.13 in /tools/dependency Bumps [deprecated](https://github.com/tantale/deprecated) from 1.2.12 to 1.2.13. - [Release notes](https://github.com/tantale/deprecated/releases) - [Changelog](https://github.com/tantale/deprecated/blob/master/CHANGELOG.rst) - [Commits](laurent-laporte-pro/deprecated@v1.2.12...v1.2.13) --- updated-dependencies: - dependency-name: deprecated dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * build(deps): bump deprecated in /tools/deprecate_version Bumps [deprecated](https://github.com/tantale/deprecated) from 1.2.12 to 1.2.13. - [Release notes](https://github.com/tantale/deprecated/releases) - [Changelog](https://github.com/tantale/deprecated/blob/master/CHANGELOG.rst) - [Commits](laurent-laporte-pro/deprecated@v1.2.12...v1.2.13) --- updated-dependencies: - dependency-name: deprecated dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * build(deps): bump setuptools from 57.4.0 to 58.0.4 in /tools/base Bumps [setuptools](https://github.com/pypa/setuptools) from 57.4.0 to 58.0.4. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](pypa/setuptools@v57.4.0...v58.0.4) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: wbpcode <wbphub@live.com>
…18102) Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
…tion (#18056) Commit Message: Quic connection might get closed due to write error during connect(). This will cause the client gets disconnected during creation while assuming it's connecting. This PR fixes it by explicitly checking connection state and fail client creation and checking for early detaching in various place during initialize(). Additional Message: Use getSystemErrorCode() which returns the actual errno in convertToQuicWriteResult() instead of getErrorCode() which returns the corresponding Envoy enum. Risk Level: low Testing: added new conn_pool_grid unit tests Signed-off-by: Dan Zhang <danzh@google.com>
This docs https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/cdn_loop_filter#configuration has an 404 link. It seems to need :ref: tag but also the link should point to extensions.filters.http.cdn_loop.v3alpha.CdnLoopConfig. This patch fixes it. Risk Level: low Testing: n/a Docs Changes: yes Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
This includes validation for upgrade connects per Ryan's offline advice. n.b. this should be a no-op for HTTP (where there is no mechanism to send both) and HTTP/2 (where nghttp2 validates) so not currently calling out in release notes. Risk Level: low Testing: new integration tests Docs Changes: inline Release Notes: n/a (quic alpha) co-author: @DavidSchinazi Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
Clean up inspired by #17745 Risk Level: low (interface refactor) Testing: n/a Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
…ng upstream SNI (#17995) Adds a new optional param called override_auto_sni_header which can be used to populate the upstream SNI value from an arbitrary header other than Host/Authority. Signed-off-by: Rohit Agrawal <rohit.agrawal@databricks.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
…id backticks (#18116) tools: Improve the error message in tools/docs/rst_check.py for invalid backticks Risk Level: Low Testing: None Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Ryan Hamilton <rch@google.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Allows ensuring continual progress of individual request attempts. Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
) These two are missed in the [doc](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/response_code_details#per-codec-details). Risk Level: low Testing: n/a Docs Changes: yes Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
* admin: optimize prometheus format endopint. Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io> * format_value can be const. Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
As discussed on #18034 Risk Level: medium Testing: n/a Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Samra Belachew <sbelachew@lyft.com>
Signed-off-by: chaojiang <chao.jiang@longbridge.sg> Signed-off-by: Patrick <patrickjiang0530@gmail.com>
This was built for Envoy Mobile, but will allow generic modification of router behavior between retries. Currently it only supports modifying upstream socket options (to in practice impact interface binding), but in the future is likely to be extended to modify timeouts, retry back off times, request headers, etc. Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
… to reflect what it's testing Commit Message: For most of its lifetime, Thread::isMainThread() also returned true if run from the TestThread. This PR just renames the function to state what it's doing. Additional Description: Risk Level: low Testing: //test/... Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Joshua Marantz <jmarantz@google.com>
Risk Level: n/a (test only) Testing: n/a Docs Changes: n/a Release Notes: n/a #9953 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Matt Klein <mklein@lyft.com>
Prior work on LEDS saved the ClusterLoadAssignment for future use (needed when LEDS updates arrive). This PR makes the field optional, and it will only be used when LEDS is configured. Risk Level: low - only impacts deployments using LEDS. Testing: Added an integration test. Docs Changes: N/A. Release Notes: N/A. Platform Specific Features: N/A. Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Adds a new API field for http health checks that allows specifying ranges of status codes that are considered retriable. If these status codes are received, those failures will contribute towards the configured unhealthy threshold rather that immediately considering the cluster member unhealthy as is the case today. Signed-off-by: Weston Carlson <wez470@gmail.com>
Signed-off-by: Dan Zhang <danzh@google.com> Co-authored-by: Dan Zhang <danzh@google.com>
Signed-off-by: Jose Nino <jnino@lyft.com>
…o port (#18421) Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Felix Du <durd07@gmail.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
This includes some more go_package annotations in the protos Signed-off-by: Keith Smiley <keithbsmiley@gmail.com>
Signed-off-by: Le Yao <le.yao@intel.com>
Signed-off-by: Tarun Sharma <starun.1998@gmail.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
Commit Message: Adds assertions that any 'main threads' have completely quiesced between test methods. I am not certain this can be an issue given the rest of Envoy test infrastructure (e.g. memory leaks from unjoined threads), but testing this is essentially free, and it's hard to be certain. This doesn't happen normally when I test on my machine, but maybe such a delayed closing out of a MainThread might be responsible for rare flakes. Additional Description: Risk Level: low (test changes only) Testing: //test/... Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Joshua Marantz <jmarantz@google.com>
…rors runtime guard. (#18509) Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
…18309) Signed-off-by: Dan Zhang <danzh@google.com>
Commit Message: syscall - add getifaddrs to os syscalls Additional Description: formalize getifaddrs into os syscalls. Risk Level: low Testing: existing calling code and UT over that code. Signed-off-by: Jose Nino <jnino@lyft.com>
…n using a gRPC authorization server (#18009) This PR currently only implements query string modifications when using a gRPC authorization server. Signed-off-by: John Esmet <john.esmet@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
[Optional API Considerations:]