Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WiP] api: annotations for fields that should be set for untrusted en… #11058

Closed
wants to merge 2 commits into from
Closed

[WiP] api: annotations for fields that should be set for untrusted en… #11058

wants to merge 2 commits into from

Commits on May 5, 2020

  1. [WiP] api: annotations for fields that should be set for untrusted en… 

    …vironments.

This PR is an early prototype of a new flow for indicating that fields
needs to be set in the presence of untrusted downstreams/upstreams.

Based on the (yet to be merged)
cncf/udpa#28, a worked example of a YAML example
in bootstrap.proto for overload_manager is provided. The new security
annotations are validated during docs build for correctness and used to
generate inline docs where fields are defined.

This is intended to supplement and eventually replace
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge#best-practices-edge.

Work still to be done:
- Decide if this is the approach we want to take.
- Fix protoformat toolchain to work with fields inside the annotations.
- Annotate remaining fields from
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge#best-practices-edge
- Cleanup protodoc Python for style reasons and make error handling more robust.

Risk level: Low
Testing: Docs inspection

Part of envoyproxy#9087

Signed-off-by: Harvey Tuch <htuch@google.com>
    @htuch
    htuch committed May 5, 2020
    Configuration menu
    Copy the full SHA
    be344fe View commit details
    Browse the repository at this point in the history

  2. Flexible YAML loaders. 

    Signed-off-by: Harvey Tuch <htuch@google.com>
    @htuch
    htuch committed May 5, 2020
    Configuration menu
    Copy the full SHA
    8fe6338 View commit details
    Browse the repository at this point in the history