auto-merge envoyproxy/envoy[main] into envoyproxy/envoy-openssl[main] #263
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![update-openssl-envoy[bot]](https://avatars.githubusercontent.com/u/30125649?s=60&v=4){kind=small}
Risk Level: low Testing: n/a Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Fredy Wijaya <fredyw@google.com>
Commit Message: Handle encode metadata after recreated stream Risk Level: Low Testing: Integration test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A --------- Signed-off-by: tyxia <tyxia@google.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
5cf8d67
to
316e292
Compare
The filter state reflection provides a great feature to access the inner status/property of filter state. However, it has two limitations: 1. It requires the object key be same with the factory key. This limitation make we cannot set multiple objects that with same type. 2. It is a little complex to enable the Field support. We need to define additional reflection class and a factory class. This PR make things much simpler. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
316e292
to
a7af80e
Compare
Without this, when building in the envoy docker without RBE, I see gcc trying to use `lld` instead, and it's (a) not in `$PATH` and (b) counter to what we had set in `--linkopt` for the gcc config. Risk Level: low Testing: local build in envoy docker Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
a7af80e
to
78a2237
Compare
Update QUICHE from 171f6f89a to eaeaa74b2
https://github.com/google/quiche/compare/171f6f89a..eaeaa74b2
```
$ git log 171f6f89a..eaeaa74b2 --date=short --no-merges --format="%ad
%al %s"
2024-10-02 wub Deprecate
--gfe2_reloadable_flag_quic_new_error_code_when_packets_buffered_too_long.
2024-10-02 fayang No public description
2024-10-02 fayang No public description
2024-10-01 birenroy Adds test cases exercising
response-complete-before-request for nghttp2 and oghttp2.
2024-10-01 martinduke Add parser/framer support for SUBSCRIBE_NAMESPACE,
SUBSCRIBE_NAMESPACE_OK, SUBSCRIBE_NAMESPACE_ERROR,
UNSUBSCRIBE_NAMESPACE.
2024-10-01 birenroy Removes the last library in //third_party/spdy/core,
and deletes the package.
2024-10-01 wub Add QUIC connection options for testing: - CHP1: Add
1-packet padding to CHLO. - CHP2: Add 2-packet padding to CHLO.
2024-09-30 asedeno Don't set IPv4 socket options on dual-stack sockets
on `__APPLE__` platforms.
2024-09-30 vasilvv Update WebTransport header names.
2024-09-30 vasilvv Simplify some of the framing code.
2024-09-30 vasilvv Record QUIC traces in moqt_simulator.
2024-09-30 martinduke Implement MoQT Peeps and Object message changes
for draft-06. This is the minimum for interoperability; this code always
sends subgroup_id = 0 and ignores the incoming subgroup_id.
2024-09-30 martinduke Update existing messages for draft-06. This is
mostly turning track_namespace into a tuple. Also generalizes Subscribe
parameters.
```
Risk Level: low,
Testing: existing tests passed
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
---------
Signed-off-by: Dan Zhang <danzh@google.com>
Co-authored-by: Dan Zhang <danzh@google.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
2 times, most recently
from
8af0a9a
to
d86631e
Compare
Commit Message: xds: make certificate provider instance name required Additional Description: The comment saying that there is a default value for this field is misleading. All existing gRPC implementations have this as a required field. Note that this change does not affect Envoy, since Envoy does not yet support this field. However, I've added a PGV annotation (used by Envoy but not by gRPC) to avoid confusion when Envoy eventually adds support for this field. Risk Level: Low Testing: N/A Docs Changes: Included in PR Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Mark D. Roth <roth@google.com>
…#36439) Also, update docs and tests for similar runtime overrides that already existed This is a followup to #36231 Risk Level: Low Testing: New tests, plus more tests for existing untested code Docs Changes: Updated proto docs, including adding docs for existing feature Release Notes: updated Signed-off-by: Greg Greenway <ggreenway@apple.com>
The false positive warnings have been resolved in current versions of gcc. Risk Level: low Testing: CI Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
d86631e
to
ca0fada
Compare
Add `ENVOY_EXECUTION_SCOPE` to mark the start and end of a Envoy::Tracing::Span or Http::FilterContext, which is active in the current thread. This macro only takes effect when `ENVOY_ENABLE_EXECUTION_SCOPE` is defined. Commit Message: Add `ENVOY_EXECUTION_SCOPE`. Additional Description: Risk Level: No. It is no-op unless `ENVOY_ENABLE_EXECUTION_SCOPE` is defined. Testing: Unit test in test/common/common/execution_context_test.cc. Docs Changes: N/A Release Notes: N/A Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Bin Wu <wub@google.com>
Commit Message: Add support for multiple formats of ORCA headers. Additional Description: Add support for multiple formats of ORCA headers. ORCA parsing introduced in envoyproxy/envoy#35422 [Original Design Proposal](envoyproxy/envoy#6614) [Using ORCA load reports in Envoy](https://docs.google.com/document/d/1gb_2pcNnEzTgo1EJ6w1Ol7O-EH-O_Ysu5o215N9MTAg/edit#heading=h.bi4e79pb39fe) Risk Level: Low Testing: See included unit tests. Docs Changes: N/A Release Notes: N/A Platform Specific Features: JSON format unsupported on Mobile. CC @efimki @adisuissa @wbpcode --------- Signed-off-by: blake-snyder <blakesnyder@google.com>
Commit Message: local rate limit: add new rate_limits api to the filter's api Additional Description: In the previous local rate limit, the [rate_limits](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-virtualhost-rate-limits) field of route is used to generate the descriptor entries. Then the generated entries will be used to match a token bucket which is configured in the filter configs (route level, vhost level, etc). However, it make the configuration very complex, and cannot cover some common scenarios easily. For example, give a specific virtual host X and a special route Y that under this virtual host X. We want to provides a virtual host level rate limit for the specific virtual host X, and a route level rate limit for the specific route Y. We hope the configuration of virtual host could works for all routes except the Y. For most filters, this requirement could be achieved by getting the most specific filter config and applying it. But for the local rate limit, thing become very complex. Because the rate limit configuration is split into `rate_limits` field of route and the filter config. The local rate limit need to handle these relationship carefully. This PR try to simplify it. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com> Signed-off-by: code <wbphub@gmail.com> Co-authored-by: Matt Klein <mattklein123@gmail.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
2 times, most recently
from
3d28138
to
e6c83a2
Compare
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…(#36429) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
//test/extensions/load_balancing_policies/client_side_weighted_round_robin:integration_test Risk Level: low Testing: CI Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>
Commit Message: utility: new utility method to convert proto value to string Additional Description: New utility method to convert the proto value to json. This could work even the `ENVOY_ENABLE_YAML` is not set and is exception free. Risk Level: low. Testing: unit test. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com>
…" (#36437) Commit Message: removed the static_assert as it is expected that some platform, especially some iOS versions supports neither of the socket options. In this case, Envoy wont' set DF bit. Additional Description: reland #36341 Risk Level: low Testing: new unit tests Docs Changes: N/A Release Notes: Yes Platform Specific Features: N/A Runtime guard: envoy.reloadable_features.udp_set_do_not_fragment --------- Signed-off-by: Dan Zhang <danzh@google.com> Co-authored-by: Dan Zhang <danzh@google.com>
…r (#36454) This will be used by a subsequent change to test the Apple PAC proxy resolver. Signed-off-by: Ali Beyad <abeyad@google.com>
Also add one additional patch to CEL to handle `absl::StrCat` and friends moving to `absl/string/str_cat.h`. Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
2 times, most recently
from
c15f27a
to
3e4b8dc
Compare
a step towards fixing #36326 Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… /contrib/golang/filters/http/test/test_data/access_log in the contrib-golang group (#36479) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… /contrib/golang/filters/http/test/test_data/echo in the contrib-golang group (#36481) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… /contrib/golang/filters/http/test/test_data/metric in the contrib-golang group (#36485) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…36487) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… /contrib/golang/filters/http/test/test_data/routeconfig in the contrib-golang group (#36488) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… /contrib/golang/router/cluster_specifier/test/test_data/simple in the contrib-golang group (#36480) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…se (#36558) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…o DFPCluster removed (#35848) Commit Message: - Add an optional argument called `ignore_removal` to `ClusterManagerImpl::addOrUpdateCluster` and `ClusterManagerImpl::loadCluster`. This argument defaults to `false`, so it won't affect any existing flows. We'll be setting this in Cluster Data. - If the `ignore_removal` value is `true`, then the cluster won't be removed when `ClusterManagerImpl::removeCluster` is called. - To remove a cluster that has been added with `ignore_removal` set to `true`, the `remove_ignored` argument must be set to `true` when `ClusterManagerImpl::removeCluster` is called. This helps to manage clusters whose lifecycle is managed by custom implementations similar to DFP clusters. Additional Description: - Currently clusters that are dynamically added with custom implementations from filters, etc. are removed when a CDS event is triggered. This is because these dynamically created clusters will come in diff of CDS and will be removed by the cluster manager. Risk Level: low Testing: unit test Docs Changes: no Release Notes: no
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Commit Message: minor opt: minor optimization to the orca parser Additional Description: By this way, the parser needn't to scan the whole header value if the header value has invalid format. And the we needn't create a copy of the header value for json format now. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com>
This patch adds around 160 test cases based on the aws signer test corpus from https://github.com/awslabs/aws-c-auth/tree/main/tests/aws-signing-test-suite Adding these test cases uncovered the following bugs, which have also been fixed in this patch: - Incorrect handling of UTF8 encoded parameters - Incorrect path canonicalisation of paths containing /./ - Incorrect date calculation (missing seconds from the date formatter) - Invalid handling of tilde within query parameters (also reported by Animal Logic leading to this patch) - Invalid handling of other query parameter encodings Commit Message: aws: add sigv4/a test corpuses and test cases Additional Description: Risk Level: Low Testing: Unit Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Nigel Brittain <nbaws@amazon.com>
--------- Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: alyssawilk <alyssar@google.com> Co-authored-by: phlax <phlax@users.noreply.github.com>
…36553) <!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) --> Commit Message: lua: mention that body should be consumed before fetching trailers Additional Description: Risk Level: Zero Testing: N/A Docs Changes: lua_filter.rst Release Notes: Platform Specific Features: [Optional Runtime guard:] Fixes envoyproxy/envoy#36507 [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] Signed-off-by: spacewander <spacewanderlzx@gmail.com>
Risk Level: n/a Testing: yes Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: alyssawilk <alyssar@google.com> Co-authored-by: phlax <phlax@users.noreply.github.com>
This PR updates the DNS resolution details from `apple_dns_success` to `apple_dns_immediate_success` for an immediate success and from `not_set` to `apple_dns_success` for a successful case. This PR also adds missing test cases for the Apple DNS resolution details. Risk Level: low Testing: unit tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: apple_dns --------- Signed-off-by: Fredy Wijaya <fredyw@google.com>
* upstream/main: apple_dns: Update the Apple DNS resolution details (#36536) docs: clarifying security posture (#36570) tools: renaming deprecate version (#36572) coverage: adding cache test and updating coverage (#36569) lua: mention that body should be consumed before fetching trailers (#36553) docs: cleanups for release (#36535) aws: add sigv4/a test corpuses (#36463) minor opt: minor optimization to the orca parser (#36492) map matcher: removing exceptions (#36514) dynamic_forward_proxy: fix sub_cluster_confg stuck with warm up due to DFPCluster removed (#35848) build(deps): bump envoy-code-check from 0.5.13 to 0.5.14 in /tools/base (#36558) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/router/cluster_specifier/test/test_data/simple in the contrib-golang group (#36480) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/routeconfig in the contrib-golang group (#36488) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#36487) build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#36483) build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#36484) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/metric in the contrib-golang group (#36485) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/echo in the contrib-golang group (#36481) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/access_log in the contrib-golang group (#36479) build(deps): bump icalendar from 6.0.0 to 6.0.1 in /tools/base (#36560) build(deps): bump yarl from 1.13.1 to 1.15.2 in /tools/base (#36559) build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 (#36528) build(deps): bump frozendict from 2.4.5 to 2.4.6 in /tools/base (#36561) ci/bazel: Add CI reporting tool (#36539) build(deps): bump aiohttp from 3.10.9 to 3.10.10 in /tools/base (#36544) ci: Remove redundant AZP gc (#36541) coverage: ratcheting (#36518) mobile: Update the Apple proxy settings polling to 10s (#36538) deps: Fix (renamed) ipp-crypto repo hash (#36540) ext_proc: skip timeout timer on trailer in async mode. (#36524) proto util: change the input string ref to string view (#36525) getaddrinfo: Fix TSAN issue when trace is enabled (#36503) ci: change googleurl dep (#36515) xds-failover: disable moving to primary after fallback responds (#36386) ext_proc: remove unnecessary watermark (#36468) upstream: reducing exceptions (#36497) Upstream: removing exceptions from hostimp (#35499) tls: improve validation that context is successfully created (#36512) http_11_proxy: Make inner transport_socket config optional (#36414) xds: internal refactor using absl::span instead of Protobuf::RepeatedPtrField (#36316) substitution formatter: reducing exceptions (#36407) [mobile]expose onNetworkTypeChanged API to Engine (#36504) docs: updating governance (#36498) rlqs: Updated RLQS Response handling to not reset TokenBucket state (#36478) fips build: fixed an issue when tar is running as root (#36476) Disable bazel's layering_check feature during CodeQL build. (#36500) listener manager: removing exceptions (#36314) mobile: fixing a flow control bug for multiple large uploads (#36474) test: fixing a Flake (#36475) Add getter for last downstream header byte received (#36472) ext_proc: fix typo in log (#36449) getaddrinfo: Add trace info in the DNS resolution details (#36312) Make DownstreamTiming a struct, instead of a class (#36473) Update QUICHE from eaeaa74b2 to de8f411c1 (#36470) stream info: add bool string serlalizer (#36451) Bump abseil to LTS 20240722.0. (#36317) mobile: Enable integration tests to run both a HTTP and a proxy server (#36454) Reapply "udp: set Don't Fragment(DF) bit in IP packet header (#36341)" (#36437) utility: new utility method to convert proto value to string (#36334) Adjust RBE resources for a memory-hungry test (#36453) build(deps): bump kafka-python-ng from 2.2.2 to 2.2.3 in /tools/base (#36429) build(deps): bump frozendict from 2.4.4 to 2.4.5 in /tools/base (#36460) build(deps): bump icalendar from 5.0.13 to 6.0.0 in /tools/base (#36378) build(deps): bump aiohttp from 3.10.6 to 3.10.9 in /tools/base (#36461) build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 (#36443) build(deps): bump yarl from 1.13.0 to 1.13.1 in /tools/base (#36376) local rate limit: add new rate_limits support to the filter (#36099) Add support for multiple formats of ORCA headers. (#35894) Add `ENVOY_EXECUTION_SCOPE`. (#36056) gcc: remove -Wdangling-reference workaround (#36452) http: allow runtime override of default for max response headers kb (#36439) xds: make certificate provider instance name required (#36441) Update QUICHE from 171f6f89a to eaeaa74b2 (#36440) gcc: add a `--host_linkopt` to use `gold` too (#36438) refactoring: refactored the FilterState object field support (#36399) Handle encode metadata after recreated stream (#36427) mobile: Fix broken link (#36436) Signed-off-by: tedjpoole <97459248+tedjpoole@users.noreply.github.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
3e4b8dc
to
b17b9bb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by envoy-sync-receive.sh