From 9a3b54136e8f22bc5a62c479036c61f54bd417f1 Mon Sep 17 00:00:00 2001 From: phlax Date: Tue, 1 Nov 2022 12:58:36 +0000 Subject: [PATCH] repo: Yaml cleanups (#23654) Signed-off-by: Ryan Northey --- .yamllint | 13 +- .zuul.yaml | 2 +- api/buf.yaml | 28 ++-- changelogs/1.13.0.yaml | 2 +- changelogs/1.19.5.yaml | 1 - changelogs/1.20.4.yaml | 1 - changelogs/1.20.5.yaml | 1 - changelogs/1.20.6.yaml | 1 - changelogs/1.20.7.yaml | 1 - changelogs/1.21.2.yaml | 1 - changelogs/1.21.3.yaml | 1 - changelogs/1.21.4.yaml | 1 - changelogs/1.21.5.yaml | 1 - changelogs/1.22.1.yaml | 1 - changelogs/1.22.2.yaml | 1 - changelogs/1.22.3.yaml | 1 - changelogs/1.22.4.yaml | 1 - changelogs/1.22.5.yaml | 1 - changelogs/1.23.0.yaml | 1 - changelogs/1.23.1.yaml | 1 - changelogs/1.23.2.yaml | 1 - changelogs/1.24.0.yaml | 1 - changelogs/current.yaml | 55 ++++--- .../encapsulate_http_in_http2_connect.yaml | 6 +- configs/internal_listener_proxy.yaml | 6 +- configs/terminate_http1_connect.yaml | 6 +- configs/terminate_http_in_http2_connect.yaml | 6 +- configs/upstream-filters.yaml | 21 ++- distribution/distros.yaml | 1 - .../_include/admission-control-filter.yaml | 5 +- .../_include/header-to-metadata-filter.yaml | 8 +- ...local-rate-limit-global-configuration.yaml | 12 +- ...te-limit-route-specific-configuration.yaml | 16 +- .../local-rate-limit-with-descriptors.yaml | 8 +- .../_include/header-to-metadata-filter.yaml | 8 +- .../intro/_include/life-of-a-request.yaml | 1 - .../_include/listener_complicated.yaml | 2 +- .../matching/_include/listener_tls.yaml | 2 +- .../matching/_include/listener_vip.yaml | 2 +- examples/brotli/brotli-envoy.yaml | 4 +- examples/kafka/envoy.yaml | 4 +- examples/local_ratelimit/ratelimit-envoy.yaml | 16 +- .../locality-load-balancing/envoy-proxy.yaml | 74 +++++----- examples/wasm-cc/docker-compose.yaml | 2 +- examples/zstd/zstd-envoy.yaml | 4 +- source/extensions/extensions_metadata.yaml | 34 ++--- test/config/integration/server.yaml | 2 +- .../server_multiple_addresses.yaml | 2 +- test/config/integration/server_xds.lds.yaml | 1 - .../filters/http/ext_authz/ext_authz.yaml | 138 +++++++++--------- .../server/access_log_filter_bootstrap.yaml | 2 +- tools/code_format/config.yaml | 14 +- tools/dependency/cve.yaml | 1 - tools/extensions/extensions_schema.yaml | 1 - 54 files changed, 254 insertions(+), 273 deletions(-) diff --git a/.yamllint b/.yamllint index 05a553539fa2..01b057f6aa8e 100644 --- a/.yamllint +++ b/.yamllint @@ -1,9 +1,16 @@ extends: default rules: - line-length: - max: 200 - level: warning + document-start: false indentation: spaces: consistent indent-sequences: false + line-length: + max: 200 + level: warning + truthy: + allowed-values: + - "yes" + - "no" + - "true" + - "false" diff --git a/.zuul.yaml b/.zuul.yaml index e1e01e446e6b..1d02dbd13331 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -2,7 +2,7 @@ name: envoyproxy/envoy check: jobs: - - envoy-build-arm64 + - envoy-build-arm64 - job: name: envoy-build-arm64 diff --git a/api/buf.yaml b/api/buf.yaml index f5373484ed71..ef4031f27f28 100644 --- a/api/buf.yaml +++ b/api/buf.yaml @@ -1,22 +1,22 @@ version: v1 deps: - - buf.build/googleapis/googleapis:62f35d8aed1149c291d606d958a7ce32 - - buf.build/opencensus/opencensus - - buf.build/beta/prometheus - - buf.build/opentelemetry/opentelemetry - - buf.build/gogo/protobuf - - buf.build/cncf/xds +- buf.build/googleapis/googleapis:62f35d8aed1149c291d606d958a7ce32 +- buf.build/opencensus/opencensus +- buf.build/beta/prometheus +- buf.build/opentelemetry/opentelemetry +- buf.build/gogo/protobuf +- buf.build/cncf/xds breaking: ignore_unstable_packages: true use: - - FIELD_SAME_ONEOF - - FIELD_SAME_JSON_NAME - - FIELD_SAME_NAME - - FIELD_SAME_TYPE - - FIELD_SAME_LABEL - - FILE_SAME_PACKAGE - - FIELD_NO_DELETE_UNLESS_NUMBER_RESERVED - - FIELD_NO_DELETE_UNLESS_NAME_RESERVED + - FIELD_SAME_ONEOF + - FIELD_SAME_JSON_NAME + - FIELD_SAME_NAME + - FIELD_SAME_TYPE + - FIELD_SAME_LABEL + - FILE_SAME_PACKAGE + - FIELD_NO_DELETE_UNLESS_NUMBER_RESERVED + - FIELD_NO_DELETE_UNLESS_NAME_RESERVED lint: use: - IMPORT_USED diff --git a/changelogs/1.13.0.yaml b/changelogs/1.13.0.yaml index 3cf1cd1cf44f..c87cea183762 100644 --- a/changelogs/1.13.0.yaml +++ b/changelogs/1.13.0.yaml @@ -181,7 +181,7 @@ changes: added initial support for :ref:`UDP proxy `. deprecated: -- area: tracing +- area: tracing change: | The ``request_headers_for_tags`` field in :ref:`HTTP connection manager ` diff --git a/changelogs/1.19.5.yaml b/changelogs/1.19.5.yaml index 2551a80fd395..192362911c32 100644 --- a/changelogs/1.19.5.yaml +++ b/changelogs/1.19.5.yaml @@ -16,4 +16,3 @@ bug_fixes: - area: router change: | fixed CVE-2022-29227 which caused an internal redirect crash for requests with body/trailers. Envoy would previously crash in some cases when processing internal redirects for requests with bodies or trailers if the redirect prompts an Envoy-generated local reply. - diff --git a/changelogs/1.20.4.yaml b/changelogs/1.20.4.yaml index 9b64e0a99c12..07f1f0563f05 100644 --- a/changelogs/1.20.4.yaml +++ b/changelogs/1.20.4.yaml @@ -21,4 +21,3 @@ bug_fixes: - area: router change: | fixed CVE-2022-29227 which caused an internal redirect crash for requests with body/trailers. Envoy would previously crash in some cases when processing internal redirects for requests with bodies or trailers if the redirect prompts an Envoy-generated local reply. - diff --git a/changelogs/1.20.5.yaml b/changelogs/1.20.5.yaml index 28840d608589..fd4743af389b 100644 --- a/changelogs/1.20.5.yaml +++ b/changelogs/1.20.5.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: docker change: | update Docker images (``distroless`` -> ``d65ac1a``) to resolve CVE issues in container packages. - diff --git a/changelogs/1.20.6.yaml b/changelogs/1.20.6.yaml index 0ecb7c0ed1b8..78e8eb86de4a 100644 --- a/changelogs/1.20.6.yaml +++ b/changelogs/1.20.6.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: ci change: | fix disk space issue that have prevented publication. - diff --git a/changelogs/1.20.7.yaml b/changelogs/1.20.7.yaml index 6ac0de7a6974..34bc53be01c3 100644 --- a/changelogs/1.20.7.yaml +++ b/changelogs/1.20.7.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: docker change: | update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages. - diff --git a/changelogs/1.21.2.yaml b/changelogs/1.21.2.yaml index ddc79f2e889b..3088f16e0c37 100644 --- a/changelogs/1.21.2.yaml +++ b/changelogs/1.21.2.yaml @@ -7,4 +7,3 @@ minor_behavior_changes: - area: perf change: | ssl contexts are now tracked without scan based garbage collection and greatly improved the performance on secret update. - diff --git a/changelogs/1.21.3.yaml b/changelogs/1.21.3.yaml index 2551a80fd395..192362911c32 100644 --- a/changelogs/1.21.3.yaml +++ b/changelogs/1.21.3.yaml @@ -16,4 +16,3 @@ bug_fixes: - area: router change: | fixed CVE-2022-29227 which caused an internal redirect crash for requests with body/trailers. Envoy would previously crash in some cases when processing internal redirects for requests with bodies or trailers if the redirect prompts an Envoy-generated local reply. - diff --git a/changelogs/1.21.4.yaml b/changelogs/1.21.4.yaml index 12d26a39644e..0fde0fa89c2a 100644 --- a/changelogs/1.21.4.yaml +++ b/changelogs/1.21.4.yaml @@ -9,4 +9,3 @@ bug_fixes: - area: docker change: | update Docker images (``distroless`` -> ``d65ac1a``) to resolve CVE issues in container packages. - diff --git a/changelogs/1.21.5.yaml b/changelogs/1.21.5.yaml index 8fdd33ca99b1..763d5ed61dbc 100644 --- a/changelogs/1.21.5.yaml +++ b/changelogs/1.21.5.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: docker change: | update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages. - diff --git a/changelogs/1.22.1.yaml b/changelogs/1.22.1.yaml index 2551a80fd395..192362911c32 100644 --- a/changelogs/1.22.1.yaml +++ b/changelogs/1.22.1.yaml @@ -16,4 +16,3 @@ bug_fixes: - area: router change: | fixed CVE-2022-29227 which caused an internal redirect crash for requests with body/trailers. Envoy would previously crash in some cases when processing internal redirects for requests with bodies or trailers if the redirect prompts an Envoy-generated local reply. - diff --git a/changelogs/1.22.2.yaml b/changelogs/1.22.2.yaml index d96714974c4a..e4b68b85dfe3 100644 --- a/changelogs/1.22.2.yaml +++ b/changelogs/1.22.2.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: ci change: | fixes/workarounds for CI that prevented publication of version 1.22.1. - diff --git a/changelogs/1.22.3.yaml b/changelogs/1.22.3.yaml index ff1c2ec6ab67..0c150fedb34b 100644 --- a/changelogs/1.22.3.yaml +++ b/changelogs/1.22.3.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: docker change: | update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages. - diff --git a/changelogs/1.22.4.yaml b/changelogs/1.22.4.yaml index 148d077d6a98..181a8b9f4c5b 100644 --- a/changelogs/1.22.4.yaml +++ b/changelogs/1.22.4.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: repo change: | fix version to resolve release issue. - diff --git a/changelogs/1.22.5.yaml b/changelogs/1.22.5.yaml index 078f5e6925a4..f5167cd25be3 100644 --- a/changelogs/1.22.5.yaml +++ b/changelogs/1.22.5.yaml @@ -10,4 +10,3 @@ bug_fixes: - area: transport_socket change: | fixed a bug that prevented the tcp stats to be retrieved when running on kernels different than the kernel where Envoy was built. - diff --git a/changelogs/1.23.0.yaml b/changelogs/1.23.0.yaml index 1c79156662b7..53b20fb10ff6 100644 --- a/changelogs/1.23.0.yaml +++ b/changelogs/1.23.0.yaml @@ -423,4 +423,3 @@ deprecated: change: | deprecated :ref:`inline_code `. Please use :ref:`default_source_code `. - diff --git a/changelogs/1.23.1.yaml b/changelogs/1.23.1.yaml index 2ce1355c4694..182b73722a39 100644 --- a/changelogs/1.23.1.yaml +++ b/changelogs/1.23.1.yaml @@ -4,4 +4,3 @@ bug_fixes: - area: listener change: | fixed a bug that doesn't handle of an update for a listener with IPv4-mapped address correctly and that will lead to a memory leak. - diff --git a/changelogs/1.23.2.yaml b/changelogs/1.23.2.yaml index f697487b15f3..f57623e4226f 100644 --- a/changelogs/1.23.2.yaml +++ b/changelogs/1.23.2.yaml @@ -5,4 +5,3 @@ bug_fixes: change: | fixed a bug causing response headers set by a Lua script to not be sent in the response (https://github.com/envoyproxy/envoy/issues/22401). This bug was introduced in Envoy v1.23.0. - diff --git a/changelogs/1.24.0.yaml b/changelogs/1.24.0.yaml index 86cfd82011eb..a88b0d14b0db 100644 --- a/changelogs/1.24.0.yaml +++ b/changelogs/1.24.0.yaml @@ -310,4 +310,3 @@ deprecated: :ref:`Route.typed_per_filter_config` or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config` to configure the CORS HTTP filter by the type :ref:`CorsPolicy in filter `. - diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 9e7f4441a4c3..9d0837f1630c 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -26,34 +26,33 @@ bug_fixes: removed_config_or_runtime: # *Normally occurs at the end of the* :ref:`deprecation period ` - - - area: eds - change: | - removed ``envoy.reloadable_features.support_locality_update_on_eds_cluster_endpoints`` and legacy code paths. - - area: listener - change: | - removed ``envoy.reloadable_features.strict_check_on_ipv4_compat`` and legacy code paths. - - area: http - change: | - removed ``envoy.reloadable_features.deprecate_global_ints`` and legacy code paths. - - area: http - change: | - removed ``envoy.reloadable_features.allow_adding_content_type_in_local_replies`` and legacy code paths. - - area: http - change: | - removed ``envoy.reloadable_features.allow_upstream_inline_write`` and legacy code paths. - - area: http - change: | - removed ``envoy.reloadable_features.append_or_truncate`` and legacy code paths. - - area: http - change: | - removed ``envoy.reloadable_features.use_new_codec_wrapper`` and legacy code paths. - removed ``envoy.reloadable_features.append_to_accept_content_encoding_only_once`` and legacy code paths. - removed ``envoy.reloadable_features.http1_lazy_read_disable`` and legacy code paths. - - area: http - change: | - removed ``envoy.reloadable_features.http_100_continue_case_insensitive`` and legacy code paths. - removed ``envoy.reloadable_features.override_request_timeout_by_gateway_timeout`` and legacy code paths. +- area: eds + change: | + removed ``envoy.reloadable_features.support_locality_update_on_eds_cluster_endpoints`` and legacy code paths. +- area: listener + change: | + removed ``envoy.reloadable_features.strict_check_on_ipv4_compat`` and legacy code paths. +- area: http + change: | + removed ``envoy.reloadable_features.deprecate_global_ints`` and legacy code paths. +- area: http + change: | + removed ``envoy.reloadable_features.allow_adding_content_type_in_local_replies`` and legacy code paths. +- area: http + change: | + removed ``envoy.reloadable_features.allow_upstream_inline_write`` and legacy code paths. +- area: http + change: | + removed ``envoy.reloadable_features.append_or_truncate`` and legacy code paths. +- area: http + change: | + removed ``envoy.reloadable_features.use_new_codec_wrapper`` and legacy code paths. + removed ``envoy.reloadable_features.append_to_accept_content_encoding_only_once`` and legacy code paths. + removed ``envoy.reloadable_features.http1_lazy_read_disable`` and legacy code paths. +- area: http + change: | + removed ``envoy.reloadable_features.http_100_continue_case_insensitive`` and legacy code paths. + removed ``envoy.reloadable_features.override_request_timeout_by_gateway_timeout`` and legacy code paths. new_features: - area: generic_proxy diff --git a/configs/encapsulate_http_in_http2_connect.yaml b/configs/encapsulate_http_in_http2_connect.yaml index d4bd8f38666e..adbe66d1c3aa 100644 --- a/configs/encapsulate_http_in_http2_connect.yaml +++ b/configs/encapsulate_http_in_http2_connect.yaml @@ -1,9 +1,9 @@ # This configuration takes incoming HTTP requests on port 10000 and encapsulates it in a CONNECT # request which is sent upstream port 10001. bootstrap_extensions: - - name: envoy.bootstrap.internal_listener - typed_config: - "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener +- name: envoy.bootstrap.internal_listener + typed_config: + "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener static_resources: listeners: - name: http diff --git a/configs/internal_listener_proxy.yaml b/configs/internal_listener_proxy.yaml index 254201dd9084..945a3adc2f34 100644 --- a/configs/internal_listener_proxy.yaml +++ b/configs/internal_listener_proxy.yaml @@ -1,9 +1,9 @@ # This configuration listens on port 9999 and creates TCP connections to port 10000 using an # intermediate internal listener. bootstrap_extensions: - - name: envoy.bootstrap.internal_listener - typed_config: - "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener +- name: envoy.bootstrap.internal_listener + typed_config: + "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener static_resources: listeners: - name: ingress diff --git a/configs/terminate_http1_connect.yaml b/configs/terminate_http1_connect.yaml index 21170910ca9a..9f1c7650b358 100644 --- a/configs/terminate_http1_connect.yaml +++ b/configs/terminate_http1_connect.yaml @@ -36,9 +36,9 @@ static_resources: connect_matcher: {} headers: - - name: foo - string_match: - exact: bar + - name: foo + string_match: + exact: bar route: cluster: local_original_dst upgrade_configs: diff --git a/configs/terminate_http_in_http2_connect.yaml b/configs/terminate_http_in_http2_connect.yaml index 332b7ff4824a..ebe0867ad7cf 100644 --- a/configs/terminate_http_in_http2_connect.yaml +++ b/configs/terminate_http_in_http2_connect.yaml @@ -1,9 +1,9 @@ # This configuration terminates h2 CONNECT on port 10001 and then chains an HTTP filter that always responds with 200 using # an internal listener. bootstrap_extensions: - - name: envoy.bootstrap.internal_listener - typed_config: - "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener +- name: envoy.bootstrap.internal_listener + typed_config: + "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener static_resources: listeners: - name: listener_0 diff --git a/configs/upstream-filters.yaml b/configs/upstream-filters.yaml index d1dfdbb06a91..b6e68c8e4303 100644 --- a/configs/upstream-filters.yaml +++ b/configs/upstream-filters.yaml @@ -59,13 +59,13 @@ static_resources: http2_protocol_options: {} http_filters: - - name: buffer - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer - max_request_bytes: 5242880 - - name: envoy.filters.http.upstream_codec - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.upstream_codec.v3.UpstreamCodec + - name: buffer + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer + max_request_bytes: 5242880 + - name: envoy.filters.http.upstream_codec + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.upstream_codec.v3.UpstreamCodec transport_socket: name: envoy.transport_sockets.tls typed_config: @@ -73,7 +73,6 @@ static_resources: sni: www.envoyproxy.io layered_runtime: layers: - - name: static_layer - static_layer: - envoy.reloadable_features.allow_upstream_filters: true - + - name: static_layer + static_layer: + envoy.reloadable_features.allow_upstream_filters: true diff --git a/distribution/distros.yaml b/distribution/distros.yaml index 08fff5d5893f..6dc239ad27a1 100644 --- a/distribution/distros.yaml +++ b/distribution/distros.yaml @@ -1,4 +1,3 @@ - debian_bullseye: image: debian:bullseye-slim ext: bullseye.changes diff --git a/docs/root/configuration/http/http_filters/_include/admission-control-filter.yaml b/docs/root/configuration/http/http_filters/_include/admission-control-filter.yaml index 32d689c85f94..65d26495d8ea 100644 --- a/docs/root/configuration/http/http_filters/_include/admission-control-filter.yaml +++ b/docs/root/configuration/http/http_filters/_include/admission-control-filter.yaml @@ -1,4 +1,3 @@ - static_resources: listeners: - address: @@ -54,8 +53,8 @@ static_resources: - '*' name: local_service routes: - - match: { prefix: "/" } - route: { cluster: default_service } + - match: {prefix: "/"} + route: {cluster: default_service} clusters: - name: default_service load_assignment: diff --git a/docs/root/configuration/http/http_filters/_include/header-to-metadata-filter.yaml b/docs/root/configuration/http/http_filters/_include/header-to-metadata-filter.yaml index 9a594749b234..a273d7baea17 100644 --- a/docs/root/configuration/http/http_filters/_include/header-to-metadata-filter.yaml +++ b/docs/root/configuration/http/http_filters/_include/header-to-metadata-filter.yaml @@ -49,10 +49,10 @@ static_resources: lb_subset_config: fallback_policy: ANY_ENDPOINT subset_selectors: - - keys: - - default - - keys: - - version + - keys: + - default + - keys: + - version load_assignment: cluster_name: versioned-cluster endpoints: diff --git a/docs/root/configuration/http/http_filters/_include/local-rate-limit-global-configuration.yaml b/docs/root/configuration/http/http_filters/_include/local-rate-limit-global-configuration.yaml index 69370957efac..99e003a1a638 100644 --- a/docs/root/configuration/http/http_filters/_include/local-rate-limit-global-configuration.yaml +++ b/docs/root/configuration/http/http_filters/_include/local-rate-limit-global-configuration.yaml @@ -30,10 +30,10 @@ static_resources: numerator: 100 denominator: HUNDRED response_headers_to_add: - - append_action: OVERWRITE_IF_EXISTS_OR_ADD - header: - key: x-local-rate-limit - value: 'true' + - append_action: OVERWRITE_IF_EXISTS_OR_ADD + header: + key: x-local-rate-limit + value: 'true' local_rate_limit_per_downstream_connection: false - name: envoy.filters.http.router typed_config: @@ -44,8 +44,8 @@ static_resources: - name: local_service domains: ["*"] routes: - - match: { prefix: "/" } - route: { cluster: default_service } + - match: {prefix: "/"} + route: {cluster: default_service} clusters: - name: default_service load_assignment: diff --git a/docs/root/configuration/http/http_filters/_include/local-rate-limit-route-specific-configuration.yaml b/docs/root/configuration/http/http_filters/_include/local-rate-limit-route-specific-configuration.yaml index 3f1293ebba51..163084e4be8a 100644 --- a/docs/root/configuration/http/http_filters/_include/local-rate-limit-route-specific-configuration.yaml +++ b/docs/root/configuration/http/http_filters/_include/local-rate-limit-route-specific-configuration.yaml @@ -24,8 +24,8 @@ static_resources: - name: local_service domains: ["*"] routes: - - match: { prefix: "/path/with/rate/limit" } - route: { cluster: service_protected_by_rate_limit } + - match: {prefix: "/path/with/rate/limit"} + route: {cluster: service_protected_by_rate_limit} typed_per_filter_config: envoy.filters.http.local_ratelimit: "@type": type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit @@ -45,12 +45,12 @@ static_resources: numerator: 100 denominator: HUNDRED response_headers_to_add: - - append_action: OVERWRITE_IF_EXISTS_OR_ADD - header: - key: x-local-rate-limit - value: 'true' - - match: { prefix: "/" } - route: { cluster: default_service } + - append_action: OVERWRITE_IF_EXISTS_OR_ADD + header: + key: x-local-rate-limit + value: 'true' + - match: {prefix: "/"} + route: {cluster: default_service} clusters: - name: default_service load_assignment: diff --git a/docs/root/configuration/http/http_filters/_include/local-rate-limit-with-descriptors.yaml b/docs/root/configuration/http/http_filters/_include/local-rate-limit-with-descriptors.yaml index 0bb198019cbc..c8a75aeae5fb 100644 --- a/docs/root/configuration/http/http_filters/_include/local-rate-limit-with-descriptors.yaml +++ b/docs/root/configuration/http/http_filters/_include/local-rate-limit-with-descriptors.yaml @@ -24,11 +24,11 @@ static_resources: - name: local_service domains: ["*"] routes: - - match: { prefix: "/foo" } + - match: {prefix: "/foo"} route: cluster: service_protected_by_rate_limit rate_limits: - - actions: # any actions in here + - actions: # any actions in here - request_headers: header_name: x-envoy-downstream-service-cluster descriptor_key: client_cluster @@ -77,8 +77,8 @@ static_resources: max_tokens: 100 tokens_per_fill: 100 fill_interval: 60s - - match: { prefix: "/" } - route: { cluster: default_service } + - match: {prefix: "/"} + route: {cluster: default_service} clusters: - name: default_service load_assignment: diff --git a/docs/root/configuration/other_protocols/thrift_filters/_include/header-to-metadata-filter.yaml b/docs/root/configuration/other_protocols/thrift_filters/_include/header-to-metadata-filter.yaml index fbf000891bde..f8a1e6dd89e5 100644 --- a/docs/root/configuration/other_protocols/thrift_filters/_include/header-to-metadata-filter.yaml +++ b/docs/root/configuration/other_protocols/thrift_filters/_include/header-to-metadata-filter.yaml @@ -41,10 +41,10 @@ static_resources: lb_subset_config: fallback_policy: NO_FALLBACK subset_selectors: - - keys: - - default - - keys: - - version + - keys: + - default + - keys: + - version load_assignment: cluster_name: versioned-cluster endpoints: diff --git a/docs/root/intro/_include/life-of-a-request.yaml b/docs/root/intro/_include/life-of-a-request.yaml index ef67b812cd00..aa54f4453580 100644 --- a/docs/root/intro/_include/life-of-a-request.yaml +++ b/docs/root/intro/_include/life-of-a-request.yaml @@ -1,4 +1,3 @@ - static_resources: listeners: # There is a single listener bound to port 443. diff --git a/docs/root/intro/arch_overview/advanced/matching/_include/listener_complicated.yaml b/docs/root/intro/arch_overview/advanced/matching/_include/listener_complicated.yaml index 771699290b9c..7564b169114f 100644 --- a/docs/root/intro/arch_overview/advanced/matching/_include/listener_complicated.yaml +++ b/docs/root/intro/arch_overview/advanced/matching/_include/listener_complicated.yaml @@ -54,7 +54,7 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: tls cluster: some_service -# Snippet: 58-102 + # Snippet: 58-102 filter_chain_matcher: matcher_tree: input: diff --git a/docs/root/intro/arch_overview/advanced/matching/_include/listener_tls.yaml b/docs/root/intro/arch_overview/advanced/matching/_include/listener_tls.yaml index 7c7337cb04a3..2f8185f948f4 100644 --- a/docs/root/intro/arch_overview/advanced/matching/_include/listener_tls.yaml +++ b/docs/root/intro/arch_overview/advanced/matching/_include/listener_tls.yaml @@ -33,7 +33,7 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: plaintext cluster: some_service -# Snippet: 37-56 + # Snippet: 37-56 filter_chain_matcher: matcher_tree: input: diff --git a/docs/root/intro/arch_overview/advanced/matching/_include/listener_vip.yaml b/docs/root/intro/arch_overview/advanced/matching/_include/listener_vip.yaml index 261fa84469a7..d982d9f8c3b8 100644 --- a/docs/root/intro/arch_overview/advanced/matching/_include/listener_vip.yaml +++ b/docs/root/intro/arch_overview/advanced/matching/_include/listener_vip.yaml @@ -25,7 +25,7 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: default cluster: original_dst -# Snippet: 29-48 + # Snippet: 29-48 filter_chain_matcher: matcher_tree: input: diff --git a/examples/brotli/brotli-envoy.yaml b/examples/brotli/brotli-envoy.yaml index fab33e347c2e..703af847b73b 100644 --- a/examples/brotli/brotli-envoy.yaml +++ b/examples/brotli/brotli-envoy.yaml @@ -29,7 +29,7 @@ static_resources: common_config: min_content_length: 100 content_type: - - application/json + - application/json disable_on_etag_header: true compressor_library: name: text_optimized @@ -131,7 +131,7 @@ static_resources: common_config: min_content_length: 100 content_type: - - text/plain + - text/plain disable_on_etag_header: true compressor_library: name: text_optimized diff --git a/examples/kafka/envoy.yaml b/examples/kafka/envoy.yaml index f6d762e594fa..a0425882565f 100644 --- a/examples/kafka/envoy.yaml +++ b/examples/kafka/envoy.yaml @@ -2,8 +2,8 @@ static_resources: listeners: - address: socket_address: - address: 0.0.0.0 # Host that Kafka clients should connect to. - port_value: 10000 # Port that Kafka clients should connect to. + address: 0.0.0.0 # Host that Kafka clients should connect to. + port_value: 10000 # Port that Kafka clients should connect to. filter_chains: - filters: - name: envoy.filters.network.kafka_broker diff --git a/examples/local_ratelimit/ratelimit-envoy.yaml b/examples/local_ratelimit/ratelimit-envoy.yaml index 92cdde6ea62c..a81273a65ca4 100644 --- a/examples/local_ratelimit/ratelimit-envoy.yaml +++ b/examples/local_ratelimit/ratelimit-envoy.yaml @@ -41,10 +41,10 @@ static_resources: numerator: 100 denominator: HUNDRED response_headers_to_add: - - append_action: OVERWRITE_IF_EXISTS_OR_ADD - header: - key: x-local-rate-limit - value: 'true' + - append_action: OVERWRITE_IF_EXISTS_OR_ADD + header: + key: x-local-rate-limit + value: 'true' local_rate_limit_per_downstream_connection: false - name: envoy.filters.http.router typed_config: @@ -90,10 +90,10 @@ static_resources: numerator: 100 denominator: HUNDRED response_headers_to_add: - - append_action: OVERWRITE_IF_EXISTS_OR_ADD - header: - key: x-local-rate-limit - value: 'true' + - append_action: OVERWRITE_IF_EXISTS_OR_ADD + header: + key: x-local-rate-limit + value: 'true' local_rate_limit_per_downstream_connection: false - name: envoy.filters.http.router typed_config: diff --git a/examples/locality-load-balancing/envoy-proxy.yaml b/examples/locality-load-balancing/envoy-proxy.yaml index 66b07a09d5e2..189cee7df2cf 100644 --- a/examples/locality-load-balancing/envoy-proxy.yaml +++ b/examples/locality-load-balancing/envoy-proxy.yaml @@ -40,14 +40,14 @@ static_resources: type: STRICT_DNS lb_policy: ROUND_ROBIN health_checks: - - interval: 2s - timeout: 3s - no_traffic_interval: 4s - no_traffic_healthy_interval: 4s - unhealthy_threshold: 1 - healthy_threshold: 1 - http_health_check: - path: "/" + - interval: 2s + timeout: 3s + no_traffic_interval: 4s + no_traffic_healthy_interval: 4s + unhealthy_threshold: 1 + healthy_threshold: 1 + http_health_check: + path: "/" load_assignment: cluster_name: backend endpoints: @@ -55,55 +55,55 @@ static_resources: region: local zone: zone-1 load_balancing_weight: 1 - priority: 0 # highest + priority: 0 # highest lb_endpoints: - - endpoint: - address: - socket_address: - address: backend-local-1 - port_value: 8000 - health_check_config: + - endpoint: + address: + socket_address: + address: backend-local-1 port_value: 8000 - hostname: backend-local-1 + health_check_config: + port_value: 8000 + hostname: backend-local-1 - locality: region: local zone: zone-2 load_balancing_weight: 1 priority: 1 lb_endpoints: - - endpoint: - address: - socket_address: - address: backend-local-2 - port_value: 8000 - health_check_config: + - endpoint: + address: + socket_address: + address: backend-local-2 port_value: 8000 - hostname: backend-local-2 + health_check_config: + port_value: 8000 + hostname: backend-local-2 - locality: region: remote zone: zone-1 load_balancing_weight: 1 priority: 1 lb_endpoints: - - endpoint: - address: - socket_address: - address: backend-remote-1 - port_value: 8000 - health_check_config: + - endpoint: + address: + socket_address: + address: backend-remote-1 port_value: 8000 - hostname: backend-remote-1 + health_check_config: + port_value: 8000 + hostname: backend-remote-1 - locality: region: remote zone: zone-2 load_balancing_weight: 1 priority: 2 lb_endpoints: - - endpoint: - address: - socket_address: - address: backend-remote-2 - port_value: 8000 - health_check_config: + - endpoint: + address: + socket_address: + address: backend-remote-2 port_value: 8000 - hostname: backend-remote-2 + health_check_config: + port_value: 8000 + hostname: backend-remote-2 diff --git a/examples/wasm-cc/docker-compose.yaml b/examples/wasm-cc/docker-compose.yaml index 8080ddeef42f..b514110f2cfd 100644 --- a/examples/wasm-cc/docker-compose.yaml +++ b/examples/wasm-cc/docker-compose.yaml @@ -12,6 +12,6 @@ services: web_service: environment: - - PORT=9000 + - PORT=9000 build: context: ../shared/echo diff --git a/examples/zstd/zstd-envoy.yaml b/examples/zstd/zstd-envoy.yaml index 4656a6349eb5..b3862468db75 100644 --- a/examples/zstd/zstd-envoy.yaml +++ b/examples/zstd/zstd-envoy.yaml @@ -29,7 +29,7 @@ static_resources: common_config: min_content_length: 100 content_type: - - application/json + - application/json disable_on_etag_header: true compressor_library: name: text_optimized @@ -131,7 +131,7 @@ static_resources: common_config: min_content_length: 100 content_type: - - text/plain + - text/plain disable_on_etag_header: true compressor_library: name: text_optimized diff --git a/source/extensions/extensions_metadata.yaml b/source/extensions/extensions_metadata.yaml index ed3aecce4bae..e0fcb8dd201d 100644 --- a/source/extensions/extensions_metadata.yaml +++ b/source/extensions/extensions_metadata.yaml @@ -771,21 +771,21 @@ envoy.matching.matchers.ip: type_urls: - envoy.extensions.matching.input_matchers.ip.v3.Ip envoy.path.match.uri_template.uri_template_matcher: - categories: - - envoy.path.match - security_posture: robust_to_untrusted_downstream_and_upstream - status: stable - undocumented: true - type_urls: - - envoy.extensions.path.match.uri_template.v3.UriTemplateMatchConfig + categories: + - envoy.path.match + security_posture: robust_to_untrusted_downstream_and_upstream + status: stable + undocumented: true + type_urls: + - envoy.extensions.path.match.uri_template.v3.UriTemplateMatchConfig envoy.path.rewrite.uri_template.uri_template_rewriter: - categories: - - envoy.path.rewrite - security_posture: robust_to_untrusted_downstream_and_upstream - status: stable - undocumented: true - type_urls: - - envoy.extensions.path.rewrite.uri_template.v3.UriTemplateRewriteConfig + categories: + - envoy.path.rewrite + security_posture: robust_to_untrusted_downstream_and_upstream + status: stable + undocumented: true + type_urls: + - envoy.extensions.path.rewrite.uri_template.v3.UriTemplateRewriteConfig envoy.quic.proof_source.filter_chain: categories: - envoy.quic.proof_source @@ -1096,17 +1096,17 @@ envoy.wasm.runtime.v8: envoy.wasm.runtime.wamr: categories: - envoy.wasm.runtime - security_posture: unknown # "This may never change from unknown until the threat model at https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions is updated to capture additional Wasm runtimes". + security_posture: unknown # "This may never change from unknown until the threat model at https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions is updated to capture additional Wasm runtimes". status: alpha envoy.wasm.runtime.wasmtime: categories: - envoy.wasm.runtime - security_posture: unknown # "This may never change from unknown until the threat model at https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions is updated to capture additional Wasm runtimes". + security_posture: unknown # "This may never change from unknown until the threat model at https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions is updated to capture additional Wasm runtimes". status: alpha envoy.wasm.runtime.wavm: categories: - envoy.wasm.runtime - security_posture: unknown # "This may never change from unknown until the threat model at https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions is updated to capture additional Wasm runtimes". + security_posture: unknown # "This may never change from unknown until the threat model at https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions is updated to capture additional Wasm runtimes". status: alpha envoy.watchdog.profile_action: categories: diff --git a/test/config/integration/server.yaml b/test/config/integration/server.yaml index e35a6acbf0c8..ff742cdbebff 100644 --- a/test/config/integration/server.yaml +++ b/test/config/integration/server.yaml @@ -4,7 +4,7 @@ static_resources: socket_address: address: "{{ ip_loopback_address }}" port_value: 0 - enable_reuse_port: {{ enable_reuse_port }} + enable_reuse_port: "{{ enable_reuse_port }}" filter_chains: - filters: - name: http diff --git a/test/config/integration/server_multiple_addresses.yaml b/test/config/integration/server_multiple_addresses.yaml index e38216f5a435..20d61e64dce0 100644 --- a/test/config/integration/server_multiple_addresses.yaml +++ b/test/config/integration/server_multiple_addresses.yaml @@ -9,7 +9,7 @@ static_resources: socket_address: address: "{{ ip_loopback_address }}" port_value: 0 - enable_reuse_port: {{ enable_reuse_port }} + enable_reuse_port: "{{ enable_reuse_port }}" filter_chains: - filters: - name: http diff --git a/test/config/integration/server_xds.lds.yaml b/test/config/integration/server_xds.lds.yaml index 9e92a1ee6fb0..78c3238302f5 100644 --- a/test/config/integration/server_xds.lds.yaml +++ b/test/config/integration/server_xds.lds.yaml @@ -24,4 +24,3 @@ resources: - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - diff --git a/test/extensions/filters/http/ext_authz/ext_authz.yaml b/test/extensions/filters/http/ext_authz/ext_authz.yaml index 19916536b4a3..c777d971d1aa 100644 --- a/test/extensions/filters/http/ext_authz/ext_authz.yaml +++ b/test/extensions/filters/http/ext_authz/ext_authz.yaml @@ -1,76 +1,76 @@ # Regression test for https://github.com/envoyproxy/envoy/issues/17344 static_resources: listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 8080 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: - prefix: "/" - route: - cluster: local_service - http_filters: - - name: envoy.ext_authz - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz - failure_mode_allow: false - transport_api_version: V3 - status_on_error: - code: 503 - grpc_service: - envoy_grpc: - cluster_name: ext_authz-service - timeout: 0.5s - with_request_body: - max_request_bytes: 10240 - allow_partial_message: true - pack_as_bytes: false - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + - address: + socket_address: + address: 0.0.0.0 + port_value: 8080 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: local_service + domains: ["*"] + routes: + - match: + prefix: "/" + route: + cluster: local_service + http_filters: + - name: envoy.ext_authz + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz + failure_mode_allow: false + transport_api_version: V3 + status_on_error: + code: 503 + grpc_service: + envoy_grpc: + cluster_name: ext_authz-service + timeout: 0.5s + with_request_body: + max_request_bytes: 10240 + allow_partial_message: true + pack_as_bytes: false + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - - name: local_service - connect_timeout: 30s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: local_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: main - port_value: 8080 - - name: ext_authz-service - type: STRICT_DNS - lb_policy: ROUND_ROBIN - typed_extension_protocol_options: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicit_http_config: - http2_protocol_options: {} - load_assignment: - cluster_name: ext_authz-service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: opa - port_value: 80 + - name: local_service + connect_timeout: 30s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: local_service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: main + port_value: 8080 + - name: ext_authz-service + type: STRICT_DNS + lb_policy: ROUND_ROBIN + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicit_http_config: + http2_protocol_options: {} + load_assignment: + cluster_name: ext_authz-service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: opa + port_value: 80 admin: address: socket_address: diff --git a/test/server/test_data/server/access_log_filter_bootstrap.yaml b/test/server/test_data/server/access_log_filter_bootstrap.yaml index ffe1133512a7..92c05b6c6946 100644 --- a/test/server/test_data/server/access_log_filter_bootstrap.yaml +++ b/test/server/test_data/server/access_log_filter_bootstrap.yaml @@ -5,7 +5,7 @@ admin: "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog path: "{{ null_device_path }}" filter: - not_health_check_filter: {} + not_health_check_filter: {} address: socket_address: address: "{{ ntop_ip_loopback_address }}" diff --git a/tools/code_format/config.yaml b/tools/code_format/config.yaml index e344e65a757b..04e1647c4869 100644 --- a/tools/code_format/config.yaml +++ b/tools/code_format/config.yaml @@ -217,13 +217,13 @@ paths: - test/test_common/wasm_base.h dir_order: - - envoy - - common - - source - - exe - - server - - extensions - - test +- envoy +- common +- source +- exe +- server +- extensions +- test re: codeowners_contrib: (/contrib/[^@]*\s+)(@.*) diff --git a/tools/dependency/cve.yaml b/tools/dependency/cve.yaml index dfe60fad67bb..8fff58bc9ed7 100644 --- a/tools/dependency/cve.yaml +++ b/tools/dependency/cve.yaml @@ -1,4 +1,3 @@ - # We only look back a few years, since we shouldn't have any ancient deps. start_year: 2018 diff --git a/tools/extensions/extensions_schema.yaml b/tools/extensions/extensions_schema.yaml index d51644e2a696..d85c9ac503d6 100644 --- a/tools/extensions/extensions_schema.yaml +++ b/tools/extensions/extensions_schema.yaml @@ -1,4 +1,3 @@ - builtin: - envoy.request_id.uuid - envoy.upstreams.tcp.generic