Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

config: distinct CLI options for strict/permissive checking of static… #7857

Merged
merged 11 commits into from
Aug 19, 2019

Conversation

htuch
Copy link
Member

@htuch htuch commented Aug 7, 2019

…/dynamic config.

As per #6651, this PR plumbs in CLI options to allow independent control over static/dynamic unknown
field validation.

The defaults are the same for static as today (strict) and for dynamic we are by default permissive.
This permits easy rollout of new API minor versions, including those related to security fixes.

Fixes a regression that occurred in #7200 where strict/permissive checking CLI options were
inverted.

As per #6818, added stats/warning for any unknown fields encountered.

Risk level: Low (strictly more permissive by default)
Testing: additional unit and integration tests added, exercising both permissive/strict checking
over various parts of the API (bootstrap, listeners, clusters, xDS, network filters, etc).

Fixes #6651
Fixed #6818

Signed-off-by: Harvey Tuch htuch@google.com

…/dynamic config.

As per envoyproxy#6651, this PR plumbs in CLI options to allow independent control over static/dynamic unknown
field validation.

The defaults are the same for static as today (strict) and for dynamic we are by default permissive.
This permits easy rollout of new API minor versions, including those related to security fixes.

Fixes a regression that occurred in envoyproxy#7200 where strict/permissive checking CLI options were
inverted.

Risk level: Low (strictly more permissive by default)
Testing: additional unit and integration tests added, exercising both permissive/strict checking
  over various parts of the API (bootstrap, listeners, clusters, xDS, network filters, etc).

Fixes envoyproxy#6651

Signed-off-by: Harvey Tuch <htuch@google.com>
@htuch htuch requested review from mattklein123 and dio August 7, 2019 20:47
Signed-off-by: Harvey Tuch <htuch@google.com>
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks this is super awesome. Some small comments but looks great and I think this will be incredibly useful.

/wait

docs/root/intro/version_history.rst Outdated Show resolved Hide resolved
include/envoy/server/options.h Outdated Show resolved Hide resolved
source/server/config_validation/server.cc Outdated Show resolved Hide resolved
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

Signed-off-by: Harvey Tuch <htuch@google.com>
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

@htuch htuch requested a review from mattklein123 August 16, 2019 11:13
mattklein123
mattklein123 previously approved these changes Aug 16, 2019
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, this is awesome. A couple of optional small items, TIOLI.

source/common/protobuf/message_validator_impl.cc Outdated Show resolved Hide resolved
source/server/server.cc Outdated Show resolved Hide resolved
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@htuch htuch merged commit 0418a85 into envoyproxy:master Aug 19, 2019
@htuch htuch deleted the validator-options branch August 19, 2019 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Log and count unknown proto fields bootstrap and xDS should have separate support for allow unknown fields
3 participants