Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP health checker: handle GOAWAY from HTTP2 upstreams #13599

Merged
merged 51 commits into from
Jan 12, 2021

Conversation

mpuncel
Copy link
Contributor

@mpuncel mpuncel commented Oct 15, 2020

Makes the HTTP health checker handle GOAWAY properly. When the NO_ERROR
code is received, any in flight request will be allowed to complete, at
which time the connection will be closed and a new connection created on
the next interval.

GOAWAY frames with codes other than NO_ERROR are treated as a health
check failure, and immediately close the connection.

Commit Message:

Makes the HTTP health checker handle GOAWAY properly. When the NO_ERROR
code is received, any in flight request will be allowed to complete, at
which time the connection will be closed and a new connection created on
the next interval.

GOAWAY frames with codes other than NO_ERROR are treated as a health
check failure, and immediately close the connection.
Additional Description:

I verified this locally with the same setup as the described issue, and saw the desired behavior.

Risk Level: Low
Testing: Unit tests
Docs Changes: N/A
Release Notes: Included
Fixes #13544

Makes the HTTP health checker handle GOAWAY properly. When the NO_ERROR
code is received, any in flight request will be allowed to complete, at
which time the connection will be closed and a new connection created on
the next interval.

GOAWAY frames with codes other than NO_ERROR are treated as a health
check failure, and immediately close the connection.

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
@mpuncel
Copy link
Contributor Author

mpuncel commented Oct 16, 2020

It doesn't look like the test failure was likely caused by this?

* master: (22 commits)
  delay health checks until transport socket secrets are ready. (envoyproxy#13516)
  test, oauth2: Make sure config test runs field validation (envoyproxy#13496)
  [http] swap codec implementations to default new (envoyproxy#13579)
  wasm: update proxy-wasm-cpp-host (envoyproxy#13606)
  postgres: do not copy and linearize received data when it is not going to be used (envoyproxy#13393)
  configs: Update configs v2 -> v3 (envoyproxy#13562)
  http2: Remove RELEASE_ASSERTs in sendPendingFrames() error handling (envoyproxy#13546)
  dependencies: track untracked implied dependencies, wrapup dashboard. (envoyproxy#13571)
  listener: add match all filter chain (envoyproxy#13449)
  fix mistakes in docstrings (envoyproxy#13603)
  ratelimit: add route entry metadata to ratelimit actions (envoyproxy#13269)
  cluster manager: avoid immediate activation for dynamic inserted cluster when initialize (envoyproxy#12783)
  ext_authz: Avoid calling check multiple times (envoyproxy#13288)
  docs: Unexclude remaining configs from validation (envoyproxy#13534)
  build: update rules_rust to allow Rustc in RBE (envoyproxy#13595)
  docs: Update sphinxext.rediraffe (envoyproxy#13589)
  Deprecate moonjit support on Windows before beta (envoyproxy#13541)
  dependencies: bump LuaJIT to 2.1 branch HEAD @ e9af1ab. (envoyproxy#13474)
  docs: add TLS stats to cluster stats doc (envoyproxy#13561)
  ci: stop building alpine-debug images in favor of ubuntu-based debug image (envoyproxy#13598)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
@mpuncel
Copy link
Contributor Author

mpuncel commented Oct 19, 2020

@htuch it sounds like Snow is OOO this week, is there someone else who can be assigned to review?

@htuch htuch assigned alyssawilk and unassigned snowp Oct 19, 2020
@htuch
Copy link
Member

htuch commented Oct 19, 2020

Reassigning to @alyssawilk for data plane.

Copy link
Contributor

@alyssawilk alyssawilk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvement to goaway handling! Quick question before I dive in why is NO_ERROR special cased alone here? GOAWAY is generally used to stop establishing new streams while gracefully handling old ones I'd be inclined to say that your "no_error" behavior should be the default.

I'd also be inclined to runtime guard this one per the L7 change policy if it's not too ugly to do so.

@mpuncel
Copy link
Contributor Author

mpuncel commented Oct 20, 2020

@alyssawilk I did that to be consistent with the way the GrpcHealthChecker handles GOAWAY, to be honest I'm not very familiar with the h2 spec. You're probably right that we shouldn't do a local reset of an inflight request if there is a GOAWAY error. If you confirm that's the right thing to do I can make that change.

I'm happy to look into adding a runtime guard as well, will let you know if I think that greatly complicates things.

@alyssawilk
Copy link
Contributor

Huh, consistency is a pretty good argument. cc @snowp @mattklein123 @PiotrSikora on if we should go for GOAWAY consistency, or have this HTTP health checker do graceful goaway for all error codes (and eventually maybe do the same for gRPC)

@mattklein123
Copy link
Member

Huh, consistency is a pretty good argument. cc @snowp @mattklein123 @PiotrSikora on if we should go for GOAWAY consistency, or have this HTTP health checker do graceful goaway for all error codes (and eventually maybe do the same for gRPC)

IMO it's correct treat NO_ERROR as a special case, because it's not a failure, it's just telling the downstream to make a new connection. If a GOAWAY is not NO_ERROR it does indicate an actual problem. I agree you could probably implement either way and it's not a huge deal, but given that gRPC already works like this it seems fine to have it be consistent.

* master: (22 commits)
  ci: various improvements (envoyproxy#13660)
  dns: fix defunct fd bug in apple resolver (envoyproxy#13641)
  build: support ppc64le with wasm (envoyproxy#13657)
  [fuzz] Added random load balancer fuzz (envoyproxy#13400)
  dependencies: compute and check release dates via GitHub API. (envoyproxy#13582)
  mac ci: try ignoring update failure (envoyproxy#13658)
  watchdog: Optimize WatchdogImpl::touch in preparation to more frequent petting of the watchdog. (envoyproxy#13103)
  typos: fix a couple 'enovy' mispellings (envoyproxy#13645)
  lua: Expose stream info downstreamLocalAddress and downstreamDirectRemoteAddress for Lua filter (envoyproxy#13536)
  tap: fix upstream streamed transport socket taps (envoyproxy#13638)
  Revert "delay health checks until transport socket secrets are ready. (envoyproxy#13516)" (envoyproxy#13639)
  Watchdog: use abort action as a default if killing is enabled. (envoyproxy#13523)
  [fuzz] Fixed divide by zero bug (envoyproxy#13545)
  wasm: flip the meaning of the "repository" in envoy_wasm_cc_binary(). (envoyproxy#13621)
  fix: record recovered local address (envoyproxy#13581)
  docs: fix incorrect compressor filter doc (envoyproxy#13611)
  docs: clean up docs for azp migration (envoyproxy#13558)
  wasm: fix building Wasm example. (envoyproxy#13619)
  test: Refactor flood tests into a separate test file (envoyproxy#13556)
  wasm: re-enable tests with precompiled modules. (envoyproxy#13583)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>

// If GOAWAY handling is explicitly disabled via runtime, go back to the old
// behavior of ignoring GOAWAY completely.
if (parent_.runtime_.snapshot().featureEnabled("health_check.disable_goaway_handling", 0UL)) {
Copy link
Contributor Author

@mpuncel mpuncel Oct 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alyssawilk it turned out to be simple to go back to the old behavior. Let me know if I got the defaults the right direction, not sure if you wanted to make this opt-in or opt-out (it's currently opt-out).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

opt-out is fine, but can you please check https://github.com/envoyproxy/envoy/blob/master/CONTRIBUTING.md#runtime-guarding
and go with the naming and such used there?
If you stick the flag in runtime_features.cc it'll go back to opt-out.

Copy link
Contributor

@alyssawilk alyssawilk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, glad the guarding was simple. Just a few more comments and this should be good to go!

@@ -17,6 +17,9 @@ Bug Fixes
---------
*Changes expected to improve the state of the world and are unlikely to have negative effects*

* active health checks: health checks using a TLS transport socket and secrets delivered via :ref:`SDS <config_secret_discovery_service>` will now wait until secrets are loaded before the first health check attempt. This should improve startup times by not having to wait for the :ref:`no_traffic_interval <envoy_v3_api_field_config.core.v3.HealthCheck.no_traffic_interval>` until the next attempt.
* active http health checks: properly handles HTTP/2 GOAWAY frames from the upstream. Previously a GOAWAY frame due to a graceful listener drain could cause improper failed health checks due to streams being refused by the upstream on a connection that is going away.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please call out the runtime guard here


// If GOAWAY handling is explicitly disabled via runtime, go back to the old
// behavior of ignoring GOAWAY completely.
if (parent_.runtime_.snapshot().featureEnabled("health_check.disable_goaway_handling", 0UL)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

opt-out is fine, but can you please check https://github.com/envoyproxy/envoy/blob/master/CONTRIBUTING.md#runtime-guarding
and go with the naming and such used there?
If you stick the flag in runtime_features.cc it'll go back to opt-out.

@@ -345,7 +385,7 @@ bool HttpHealthCheckerImpl::HttpActiveHealthCheckSession::shouldClose() const {
return false;
}

if (!parent_.reuse_connection_) {
if (!parent_.reuse_connection_ || received_no_error_goaway_) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious, could we just set parent_.reuse_connection_ false when get the goaway, and let all the rest of the code proceed as usual? I assume if we're not reusing the connection it would close on stream reset or stream complete.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think we need both because otherwise we wouldn't know what to reset parent_.reuse_connection_ to when we start a new stream

Copy link
Contributor Author

@mpuncel mpuncel Oct 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this is what you meant: one thing I could do is name this variable to reuse_connection_, and at the start of the stream set it to parent.reuse_connection_, and then in set it to false if there is a NO_ERROR GOAWAY. That might make it more clear


// Unhealthy threshold is 1 so first timeout causes unhealthy
EXPECT_CALL(event_logger_, logUnhealthy(_, _, _, true));
EXPECT_CALL(event_logger_, logEjectUnhealthy(_, _, _));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

optional, but do you think it's worth bundling these expect calls into function helper routines which are easier to read/understand? expectUnhealthy()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

…ve erroneous release note accidentally added from another commit

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
ENVOY_CONN_LOG(debug, "connection/stream error health_flags={}", *client_,
HostUtility::healthFlagsToString(*host_));
if (client_ && received_no_error_goaway_) {
client_->close();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alyssawilk this is the one place it might be weird to just use a reuse_connection_ bool, because in the old behavior it looks like it would not close the connection if the stream was reset? That means i'd have to change the behavior a bit, but it also might be a small bug that it wasn't closing the connection before?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll push the commit, we can always revert it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, closing if we can't reuse and the stream is reset seems fine, and it's behind the guard so even if someone gets surprised they can always revert the behavior

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some of this behavior change is not guarded. It looks like the same case came up when implementing GOAWAY handling in gRPC.

There is a slight behavior change if you have connection reuse disabled, and get a reset stream. Previously the connection would be reused! which seems wrong, but is an unguarded behavior change.

Reference PR: #11325

…e with parent_.reuse_connection_ logic

Signed-off-by: Michael Puncel <mpuncel@squareup.com>

// Runtime guard around graceful handling of NO_ERROR GOAWAY handling. The old behavior is to
// ignore GOAWAY completely.
if (!parent_.runtime_.snapshot().featureEnabled(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

runtimeFeatureEnabled() ?

source/common/upstream/health_checker_impl.cc Show resolved Hide resolved
ENVOY_CONN_LOG(debug, "connection/stream error health_flags={}", *client_,
HostUtility::healthFlagsToString(*host_));
if (client_ && received_no_error_goaway_) {
client_->close();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, closing if we can't reuse and the stream is reset seems fine, and it's behind the guard so even if someone gets surprised they can always revert the behavior

Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks at a high level this LGTM. I will take a look again once Alyssa's comments are addressed.

/wait

The real sleep helps avoid a ~1/500 chance of a test flake due to a
race.

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
* master: (49 commits)
  sds: allow multiple init managers share sds target (envoyproxy#14357)
  [http] Remove legacy codecs (envoyproxy#14381)
  http2: Add integration tests for METADATA and RST_STREAM frame flood mitigation for upstream servers (envoyproxy#14365)
  test: start dissolving :printers_include rule. (envoyproxy#14429)
  integration tests: re-enable set_node_on_first_message_only (envoyproxy#14270)
  formatter: add a formatter that returns a google::protobuf::Struct rather than a string (envoyproxy#14258)
  ratelimit: support returning custom response bodies for non-OK responses from the external ratelimit service (envoyproxy#14189)
  deps: update protobuf to 3.14 (envoyproxy#14253)
  stream_info: add setResponseCode and update local_reply to take a normal StreamInfo (envoyproxy#14402)
  http: alpn upstream (envoyproxy#13922)
  Moved starttls integration test to test/extensions/transport_sockets/starttls. (envoyproxy#14425)
  generic conn pool: directly use thread local cluster (envoyproxy#14423)
  wasm: add mathetake to CODEOWNERS (envoyproxy#14427)
  wasm: clear route cache when modifying HTTP request headers. (envoyproxy#14318)
  tls: disable TLS inspector injection (envoyproxy#14404)
  aggregate cluster: cleanups (envoyproxy#14411)
  Mark starttls_integration_test flaky on Windows (envoyproxy#14419)
  tcp: improved unit testing (envoyproxy#14415)
  config: making protocol config explicit (envoyproxy#14362)
  wasm: dead code (envoyproxy#14407)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
@mpuncel mpuncel force-pushed the mpuncel/http2-hc-goaway branch from 3a118c6 to 31c0641 Compare December 16, 2020 21:26
@mpuncel
Copy link
Contributor Author

mpuncel commented Dec 16, 2020

Apologies for the force push, forgot DCO on a commit (and the auto signing has never worked for me for some reason).

// time system to give the health checker time to catch up. If we advance time
// before the health check timer is enabled, the next health check will never
// happen.
timeSystem().realSleepDoNotUseWithoutScrutiny(std::chrono::milliseconds(100));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry to keep going back and forth on this, but maybe we should talk on Slack. It's not OK to use a real sleep here since it will flake. Please either stop using simulated time entirely, or just do what we talked about before and wait on the stat. It's not clear to me that simulated time is the best use for this case? Since you are just waiting for an HC failure to occur and then another reconnect?

/wait

* master: (30 commits)
  Deflaked: Guarddog_impl_test (envoyproxy#14475)
  [fuzz] add fuzz tests for hpack encoding and decoding (envoyproxy#13315)
  [filters] Prevent a filter from sending local reply and continue (envoyproxy#14416)
  oauth2: improving coverage (envoyproxy#14479)
  owners: Change dio email address (envoyproxy#14498)
  macos build: Fix ninja install (envoyproxy#14495)
  http: use OptRef helper to reduce some boilerplate (envoyproxy#14361)
  doc: update test/integration/README.md (envoyproxy#14485)
  server: wait workers to start before draining parent. (envoyproxy#14319)
  api: relax inline_string length limitation in DataSource (envoyproxy#14461)
  oauth: properly stop filter chain when a response was sent (envoyproxy#14476)
  listener: deprecate use_proxy_proto (envoyproxy#14406)
  deps: update cel and remove a patch (envoyproxy#14473)
  preconnect: rename: (envoyproxy#14474)
  coverage: ratcheting limits (envoyproxy#14472)
  grpc mux: fix sending node again after stream is reset (envoyproxy#14080)
  [test] Replace printers_include with printers_lib. (envoyproxy#14442)
  tcp: nodelay in the new pool (envoyproxy#14453)
  test: replace mock_methodn macros with mock_method (envoyproxy#14450)
  tcp: extending tcp integration test (envoyproxy#14451)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
@mattklein123
Copy link
Member

Can you merge main to fix OSX CI and I can take a final pass?

/wait

* master: (48 commits)
  Resolve 14506, avoid libidn2 for our curl dependency (envoyproxy#14601)
  fix new/free mismatch in Mainthread utility (envoyproxy#14596)
  opencensus: deprecate Zipkin configuration. (envoyproxy#14576)
  upstream: clean up code location (envoyproxy#14580)
  configuration impl: add cast for ios compilation (envoyproxy#14590)
  buffer impl: add cast for android compilation (envoyproxy#14589)
  ratelimit: add dynamic metadata to ratelimit response (envoyproxy#14508)
  tcp_proxy: wait for CONNECT response before start streaming data (envoyproxy#14317)
  stream info: cleanup address handling (envoyproxy#14432)
  [deps] update upb to latest commit (envoyproxy#14582)
  Add utility to check whether the execution is in main thread. (envoyproxy#14457)
  listener: undeprecate bind_to_port (envoyproxy#14480)
  Fix data race in overload integration test (envoyproxy#14586)
  deps: update PGV (envoyproxy#14571)
  dependencies: update cve_scan.py for some libcurl 7.74.0 false positives. (envoyproxy#14572)
  Network::Connection: Add L4 crash dumping support (envoyproxy#14509)
  ssl: remember stat names for configured ciphers. (envoyproxy#14534)
  formatter: add custom date formatting to downstream cert start and end dates (envoyproxy#14502)
  feat(lua): allow setting response body when the upstream response body is empty (envoyproxy#14486)
  Generalize the gRPC access logger base classes (envoyproxy#14469)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
@mpuncel
Copy link
Contributor Author

mpuncel commented Jan 11, 2021

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #13599 (comment) was created by @mpuncel.

see: more, trace.

@mattklein123
Copy link
Member

LGTM, needs a main merge since we just cut the release, thanks.

/wait

* master:
  http: support creating filters with match tree (envoyproxy#14430)
  [tls] Expose ServerContextImpl::selectTlsContext (envoyproxy#14592)
  docs: update ext_proc docs to reflect implementation status (envoyproxy#14636)
  filter manager: drop assert (envoyproxy#14633)
  kick off v1.18.0 (envoyproxy#14637)
  1.17.0 release (envoyproxy#14624)
  Implement request header processing in ext_proc (envoyproxy#14385)
  http: expose encoded headers/trailers via callbacks (envoyproxy#14544)
  [fuzz] fix minor fuzz bugs (envoyproxy#14593)
  rate limit: add computed descriptors (envoyproxy#14448)
  tools: fill in the required args for Api::Impl (envoyproxy#14554)
  Bump envoy-build to current images (envoyproxy#14608)

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
@mattklein123
Copy link
Member

/retest

@repokitteh-read-only
Copy link

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #13599 (comment) was created by @mattklein123.

see: more, trace.

@mattklein123 mattklein123 merged commit a836c8e into envoyproxy:master Jan 12, 2021
qinggniq added a commit to qinggniq/envoy that referenced this pull request Jan 25, 2021
Signed-off-by: qinggniq <livewithblank@gmail.com>

add auth helper

Signed-off-by: qinggniq <livewithblank@gmail.com>

refactor mysql server greeting codec

Signed-off-by: qinggniq <livewithblank@gmail.com>

codec encode

Signed-off-by: qinggniq <livewithblank@gmail.com>

add unit test for mysql greeting codec

Signed-off-by: qinggniq <livewithblank@gmail.com>

complete login resp codec

Signed-off-by: qinggniq <livewithblank@gmail.com>

add login message test

Signed-off-by: qinggniq <livewithblank@gmail.com>

feat link error

Signed-off-by: qinggniq <livewithblank@gmail.com>

refactor mysql login resp

Signed-off-by: qinggniq <livewithblank@gmail.com>

pass all codec test

Signed-off-by: qinggniq <livewithblank@gmail.com>

only contain codec change

Signed-off-by: qinggniq <livewithblank@gmail.com>

remove header

Signed-off-by: qinggniq <livewithblank@gmail.com>

http: expose encoded headers/trailers via callbacks (envoyproxy#14544)

In order to support upstream filters passing ownership of headers and
then being able to reference them after the fact, expose a HTTP filter
function that allows reading the header maps back.

Signed-off-by: Snow Pettersen <snowp@lyft.com>

Implement request header processing in ext_proc (envoyproxy#14385)

Send request headers to the server and apply header mutations based
on the response. The rest of the protocol is still ignored.

Signed-off-by: Gregory Brail <gregbrail@google.com>

1.17.0 release (envoyproxy#14624)

Signed-off-by: Matt Klein <mklein@lyft.com>

kick off v1.18.0 (envoyproxy#14637)

Signed-off-by: Matt Klein <mklein@lyft.com>

filter manager: drop assert (envoyproxy#14633)

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

docs: update ext_proc docs to reflect implementation status (envoyproxy#14636)

Signed-off-by: Gregory Brail <gregbrail@google.com>

[tls] Expose ServerContextImpl::selectTlsContext (envoyproxy#14592)

Signed-off-by: Chad Retz <chad.retz@stackpath.com>

http: support creating filters with match tree (envoyproxy#14430)

Adds support for wrapping a HTTP filter with an ExtensionWithMatcher proto to create the filters with an associated match tree.

Under the hood this makes use of a wrapper filter factory that manages creating the match tree and adding it to the FM
alongside the associated filter.

Also includes some code to register factories for input/actions, allowing them to be referenced in the proto configuration.

Signed-off-by: Snow Pettersen <snowp@lyft.com>

fix empty connection debug logs (envoyproxy#14666)

Fixes envoyproxy#14661

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

tcp_proxy: ignore transfer encoding in HTTP/1.1 CONNECT responses (envoyproxy#14623)

Commit Message: Ignore the transfer encoding header in CONNECT responses
Additional Description: NONE
Risk Level: low
Testing: integration test
Docs Changes: NONE
Release Notes: https://github.com/irozzo-1A/envoy/blob/ignore-transfer-encoding/docs/root/version_history/current.rst#new-features
Platform Specific Features: NONE
Fixes envoyproxy#11308

Signed-off-by: Iacopo Rozzo <iacopo@kubermatic.com>

ci: fix docs tag build (envoyproxy#14653)

Signed-off-by: Lizan Zhou <lizan@tetrate.io>

HTTP health checker: handle GOAWAY from HTTP2 upstreams (envoyproxy#13599)

Makes the HTTP health checker handle GOAWAY properly. When the NO_ERROR
code is received, any in flight request will be allowed to complete, at
which time the connection will be closed and a new connection created on
the next interval.

GOAWAY frames with codes other than NO_ERROR are treated as a health
check failure, and immediately close the connection.

Signed-off-by: Michael Puncel <mpuncel@squareup.com>

upstream: clean up feature parsing code (envoyproxy#14629)

Fixing a perfectly safe and fairly terrible version merge in the ALPN pr the "refactor all upstream config" PRs.
the original code created the new options for new config, and parseFeatures handled parsing features from either the new options, or the old config.  I decided that was too complicated, changed the code to always create the new options struct and forgot to clean up parseFeatures to assume the presence of the new options struct and remove handling things the old style way.

Risk Level: low (clean up inaccessible code)
Testing: added one extra unit test just because
Docs Changes: n/a
Release Notes:  n/a

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

upstream: force a full rebuild on host weight changes (envoyproxy#14569)

This will allow us to build load balancers that pre-compute data
structures based on host weights (for example using weighted queues),
to work around some of the deficiencies of EDF scheduling.

This behavior can be temporarily disabled by setting the
envoy.reloadable_features.upstream_host_weight_change_causes_rebuild
feature flag to false.

Fixes envoyproxy#14360

Signed-off-by: Matt Klein <mklein@lyft.com>

access log: add support for command formatter extensions (envoyproxy#14512)

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

test: improving dynamic_forward_proxy coverage (envoyproxy#14672)

Risk Level: n/a (test only)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

access_logs: removing disallow_unbounded_access_logs (envoyproxy#14677)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

wasm: replace the obsolete contents in wasm-cc's README with docs link (envoyproxy#14628)

Signed-off-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

grpc-json-transcoder: support root path (envoyproxy#14585)

Signed-off-by: Xuyang Tao <taoxuy@google.com>

ecds: add config source for network filter configs (envoyproxy#14674)

Signed-off-by: Kuat Yessenov <kuat@google.com>

fix comment for parameters end_stream of decodeData/encodeData. (envoyproxy#14620)

Signed-off-by: wangfakang <fakangwang@gmail.com>

[fuzz] Fix bugs in HPACK fuzz test (envoyproxy#14638)

- Use after free because nghttp2_nv object has pointers to the underlying strings and copying them resulted in a use after free when the copy was used after the original was destroyed
- Fixed sorting issues and tested leading/trailing whitespace headers (I can no longer reproduce an issue I saw where a null byte appeared after decoding whitespace, maybe the former fix fixed this)

Risk Level: Low
Testing: Added regression tests and cases for whitespace headers

Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28880
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28869

Signed-off-by: Asra Ali <asraa@google.com>

v3 packages updates for omit_canary_hosts proto (envoyproxy#14117)

Risk Level: LOW
Testing: unit ( proto_format and docs )

part of envoyproxy#12841

Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>

streaminfo/mocks: delay filter_state_ dereference (envoyproxy#14612)

By dereferencing filter_state_ in the constructor, any test that sets
filter_state_ will dereference an invalid pointer. This may not be a
common use-case, but it came up when writing some microbenchmarks for
a custom filter where I needed to reset the FilterState on each
iteration of the benchmark.

Signed-off-by: Brian Wolfe <brian.wolfe@airbnb.com>

http: support passing match result action to filter (envoyproxy#14462)

Adds support for passing through a match action from a match tree to the associated HTTP filter.

Some care has to be taken here around dual filters, so we introduce an abstraction that moves handling HttpMatchingData
updates and applying the match result into a FilterMatchState object that is shared between all filter wrappers for a given filter.

This should also avoid having to match twice for dual filters: the match result is shared for both filters, instead of both of
them having to independently arrive at it with the same data.

Signed-off-by: Snow Pettersen <snowp@lyft.com>

refactor: use unitfloat in more places (envoyproxy#14396)

Commit Message: Use UnitFloat in place of float in more locations
Additional Description:
UnitFloat represents a floating point value that is guaranteed to be in the range [0, 1]. Use
it in place of floats that also have the same expectation in OverloadActionState and
connection listeners.

This PR introduces no functional changes.

Risk Level: low
Testing: ran affected tests
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: n/a

Signed-off-by: Alex Konradi <akonradi@google.com>

[tls] add missing built in cipher stat names (envoyproxy#14676)

* add missing ciphers

Signed-off-by: Asra Ali <asraa@google.com>

docs: adding coverage walkthroguh (envoyproxy#14688)

Risk Level: n/a
Testing: n/a
Docs Changes: adding developer docs
Release Notes: n/a

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

local ratelimit: Add descriptor support in HTTP Local Rate Limiting (envoyproxy#14588)

Signed-off-by: Kuat Yessenov <kuat@google.com>
Co-authored-by: gargnupur <gargnupur@google.com>

http: prefetch for upstreams (envoyproxy#14143)

Commit Message: Adding predictive prefetch (useful mainly for HTTP/1.1 and TCP proxying) and uncommenting prefetch config.
Additional Description:
Risk Level: low (mostly config guarded)
Testing: unit, integration tests
Docs Changes: APIs unhidden
Release Notes: inline
Fixes envoyproxy#2755

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

docs: Give a hint to specify type_url instead (envoyproxy#14562)

Signed-off-by: Dhi Aurrahman <dio@rockybars.com>

Remove flaky_on_windows tag from proxy_filter_integration_test (envoyproxy#14680)

Testing: Ran proxy_filter_integration_test thousands of times

Signed-off-by: Randy Miller <rmiller14@gmail.com>

upstream: Fix moving EDS hosts between priorities. (envoyproxy#14483)

At present if health checks are enabled and passing then moving an EDS host from P0->P1 is a NOOP, and P1->P0 results in an abort.

In the first case:
* P0 processing treats A as being removed because it's not in P0's list of endpoints anymore.
* P0 marks A's existing Host as PENDING_DYNAMIC_REMOVAL. It marks A as having been updated in this config apply.
* P1 skips over A because it is marked as updated in this update cycle already.

In the second case:
* P0 updates the priority on the existing Host. It is appended to the vector of added hosts.
* P1 marks A's existing Host as PENDING_DYNAMIC_REMOVAL. It does adjust the removed host vector as the host is still pending removal.
* A's Host is now in both priorities and is PENDING_DYNAMIC_REMOVAL. This is wrong, and would cause problems later but doesn't have a chance to because:
* onClusterMemberUpdate fires with A's existing Host in the added vector (remember it wasn't removed from P1!)
* HealthChecker attempts to create a new health check session on A, which results in an abort from the destructor of the already existing one.

This was masked in tests by the tests enabling ignore_health_on_host_removal.

We fix this by passing in the set of addresses that appear in the endpoint update. If a host being considered for removal appears in this set,
and it isn't being duplicated into the current priority as a result of a health check address change, then we assume it's being moved and will
immediately remove it.

To simplify the case where a host's health check address is being changed AND it is being moved between priorities we always apply priority moves in
place before we attempt any other modifications. This means such a case is treated as a separate priority move, followed by the health check address change.

fixes envoyproxy#11517

Signed-off-by: Jonathan Oddy <jonathan.oddy@transferwise.com>

examples: Add TLS SNI sandbox (envoyproxy#13975)

Signed-off-by: Ryan Northey <ryan@synca.io>

[utility]: Change behavior of main thread verification utility (envoyproxy#14660)

Currently, the isMainThread function can only be called during the lifetime of thread local instance because the singleton that store main thread id is initialized in the constructor of tls instance and cleared in the destructor of tls instance. Change the utility so that outside the lifetime of tls instance, the function return true by default because everything is in main thread when threading is off.

Risk Level: low
Testing: change unit to reflect change of behavior.

Signed-off-by: chaoqin-li1123 <chaoqin@uchicago.edu>

Windows build: Add repository cache to CI (envoyproxy#14678)

Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>

ext-proc: Support "immediate_response" options for request headers  (envoyproxy#14652)

This lets ext_proc servers return an immediate HTTP response (such as to indicate an error) in response to a request_headers message.

Signed-off-by: Gregory Brail <gregbrail@google.com>

stats: convert tag extractor regexs to Re2 (envoyproxy#14519)

Risk Level: high, the regexes are updated to match more specific patterns.
Testing: unit tests

Fixes envoyproxy#14439

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>

hcm: removing envoy.reloadable_features.early_errors_via_hcm envoyproxy#14641 (envoyproxy#14684)

Risk Level: Low (removal of deprecated disabled code)
Testing: n/a
Docs Changes: n/a
Release Notes: inline
Fixes envoyproxy#14641

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

test: Fix O(1/32k) flakiness in H2 flood tests that disable writes based on source port of outgoing connections. (envoyproxy#14695)

It is possible for the kernel to assign the same source port to both the client connection used by
the test framework to connect to the Envoy and the Envoy's client connection to the upstream. When
the source port is reused by both connections, the test client times out while trying to send the
request because disabling write on the upstream connection also disabled writes on the test's client
connection.

Signed-off-by: Antonio Vicente <avd@google.com>

tls: add missing stats for signature algorithms. (envoyproxy#14703)

While there, refresh supported cipher suites and add more warnings.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

connection: tighten network connection buffer limits (envoyproxy#14333)

Signed-off-by: Antonio Vicente <avd@google.com>

xdstp: LDS glob collection support. (envoyproxy#14311)

This patch introduces support for LDS xdstp:// collection URLs for glob collections over ADS. Context
parameters are currently computed from node and resource URLs. Followup PRs will add support for
other collection types (CDS, SRDS), non-ADS, provide dynamic context parameter update, extend support to
singleton resources and then other xdstp:// features (list collections, redirects, alternatives,
etc.)

Part of envoyproxy#11264.

Risk level: Low (opt-in)
Testing: ADS integration test added. Various unit tests following implementation.

Signed-off-by: Harvey Tuch <htuch@google.com>

listener manager: avoid unique -> shared conversion (envoyproxy#14693)

buildFilterChainInternal() returns a shared_ptr, so let's make
that instead of unique_ptr.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

proto: re-implement RepeatedPtrUtil::hash(). (envoyproxy#14701)

This changes RepeatedPtrUtil::hash() implementation to match
MessageUtil::hash(), which was re-implemented in envoyproxy#8231.

Reported by Tomoaki Fujii (Google).

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

tcp: setting nodelay on all connections (envoyproxy#14574)

This should have minimal effect, new server side connections had no-delay, codecs set no-delay, and upstream pools set no-delay. Traffic not using the tcp connection pool may be affected as well as raw use of the TCP client.

Risk Level: Medium (data plane)
Testing: new unit tests
Docs Changes: n/a
Release Notes: inline
Runtime guard: envoy.reloadable_features.always_nodelay

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

test: Add multiheader TE + Content-Length test (envoyproxy#14686)

Signed-off-by: Yan Avlasov <yavlasov@google.com>

http2: Flip the upstream H2 frame flood and abuse checks to ON by default (envoyproxy#14443)

Signed-off-by: Yan Avlasov <yavlasov@google.com>

Fix the emsdk patching. (envoyproxy#14673)

If the patch fails, because of `|| true`, bazel continues
the build.

Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com>

test: print test parameters meaningfully (envoyproxy#14604)

Signed-off-by: Alex Konradi <akonradi@google.com>

Migrate v2 thrift_filter to v3 api and corresponding docs changes. (envoyproxy#13885)

part of envoyproxy#12841

Signed-off-by: Abhay Narayan Katare <abhay.katare@india.nec.com>

http: reinstating prior connect timeout behavior (envoyproxy#14685)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Fix typo (envoyproxy#14716)

Signed-off-by: Hu Shuai <hus.fnst@cn.fujitsu.com>

master -> main (envoyproxy#14729)

Various fixes

Signed-off-by: Matt Klein <mklein@lyft.com>

readme: fix logo URL (envoyproxy#14733)

Signed-off-by: Matt Klein <mklein@lyft.com>

Bump nghttp2 to 1.42.0 (envoyproxy#14730)

- Drops nghttp2 PR1468 patch
- Requires bazel_external_cmake to support copts, defines to drop the rest

Risk Level: low
Testing: CI

Fixes envoyproxy#1417

Signed-off-by: William A Rowe Jr <wrowe@vmware.com>

Pick up current bazel-build-tools tag (envoyproxy#14734)

Signed-off-by: William A Rowe Jr <wrowe@vmware.com>

access-logger: support request/response headers size (envoyproxy#14692)

Add following command operator in access logger

%REQUEST_HEADER_BYTES%
%RESPONSE_HEADER_BYTES%
%RESPONSE_TRAILER_BYTES%
Risk Level: Low
Testing: unit test
Docs Changes: done
Release Notes: done

Signed-off-by: Xuyang Tao <taoxuy@google.com>

dynamic_forward_proxy: envoy.reloadable_features.enable_dns_cache_circuit_breakers deprecation (envoyproxy#14683)

* dynamic_forward_proxy:  deprecation

Signed-off-by: Shikugawa <rei@tetrate.io>

Add support for google::protobuf::ListValue formatting (envoyproxy#14518)

Signed-off-by: Itamar Kaminski <itamark@google.com>

tls: improve TLS handshake/read/write error log (envoyproxy#14600)

Signed-off-by: Shikugawa <Shikugawa@gmail.com>

config: switch from std::set to absl::flat_hash_set for resource names. (envoyproxy#14739)

This was a cleanup deferred from the review of envoyproxy#14311. The idea is to switch to the more efficient
unordered absl::flat_hash_set across the resource subscription code base. Internally, we still use
std::set (and even explicitly sort in the http_subscription_impl) to avoid changing any wire
ordering. It seems desirable to preserve this for two reasons: (1) this derisks this PR as an
internal-only change and (2) having deterministic wire ordering makes debug of xDS issues somewhat
easier.

Risk level: Low
Testing: Updated tests.

Signed-off-by: Harvey Tuch <htuch@google.com>

network filters: avoid unnecessary std::shared_ptrs (envoyproxy#14711)

While debugging a crash in:

envoyproxy#13592

I ended up discussing with @lambdai and @mattklein123 whether
network filters can hold references to things owned by their
corresponding FactoryFilterCb. The answer is yes and the HCM
and some other notable filters already use references instead
of std::shared_ptrs.

So let's consistently do this everywhere to avoid someone
else asking this same question in the future. Plus, it's
always nice to create fewer std::shared_ptrs.

Follow-up on: envoyproxy#8633

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

docs: Updated version history with 1.13.8 release notes. (envoyproxy#14742)

Signed-off-by: Christoph Pakulski <christoph@tetrate.io>

Dispatcher: keeps a stack of tracked objects. (envoyproxy#14573)

Dispatcher will now keep a stack of tracked objects; on crash it'll "unwind" and have those objects dump their state. Moreover, it'll invoke fatal actions with the tracked objects. This allows us to dump more information during crash.

See related PR: envoyproxy#14509

Will follow up with another PR dumping information at the codec/parser level.

Signed-off-by: Kevin Baichoo <kbaichoo@google.com>

bootstrap-extensions: fix a crash on http callout (envoyproxy#14478)

Currently when the ServerFactoryContext is passed to bootstrap extensions, it is only partially initialized. Specifically, attempting to access the cluster manager will cause a nullptr access (and hence a crash)

This PR splits the creation and initialized to 2 seperate fucntions. Early creation is required to not break the `default_socket_interface` feature. Once created, the extension will receive the ServerFactoryContext in a different callback (the newly added `serverInitialized`), once they are fully initialized.

Commit Message:
Fix a crash that happens when bootstrap extensions perform http calls.

Additional Description:
Risk Level: Low (small bug-fix)
Testing: Unit tests updated; tested manually with the changes as well.
Docs Changes: N/A
Release Notes: N/A

Fixes envoyproxy#14420

Signed-off-by: Yuval Kohavi <yuval.kohavi@gmail.com>

overload: create scaled timers via the dispatcher (envoyproxy#14679)

Refactor the existing pathway for creating scaled Timer objects away from the
ThreadLocalOverloadState and into the Dispatcher interface. This allows scaled
timers to be created without plumbing through a bunch of extra state.

Signed-off-by: Alex Konradi <akonradi@google.com>

http: removing nvoy.reloadable_features.fix_upgrade_response  envoyproxy#14643 (envoyproxy#14706)

Risk Level: Low (removing deprecated disabled code)
Testing: n/a
Docs Changes: n/a
Release Notes: inline
Fixes envoyproxy#14643

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

http: removing envoy.reloadable_features.fixed_connection_close (envoyproxy#14705)

Risk Level: Low (removing deprecated guarded code)
Testing: n/a
Docs Changes: n/a
Release Notes: inline
Fixes envoyproxy#14645

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Revert "network filters: avoid unnecessary std::shared_ptrs (envoyproxy#14711)" (envoyproxy#14755)

This reverts commit 72db81d.

Per discussion in envoyproxy#14717 and via Slack, we'll come up with a different
approach since using a std::function to keep state presents a few
challenges.

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

Clarify Consecutive Gateway Failure docs (envoyproxy#14738)

It was initially unclear to me that when
split_external_local_origin_errors is in the default setting of false
that local origin failures will be counted as Consecutive Gateway
Failures. It is clear above that they are counted by the Consecutive 5xx
detection type but since I had that disabled I was surprised to find
them counted in Consecutive Gateway Failure. I think the logic makes
sense though so just attempting to clarify the docs here.

Signed-off-by: Matthew Mead-Briggs <mmb@yelp.com>

thrift proxy: fix crash when using payload_passthrough (envoyproxy#14723)

We started seeing crashes triggered by ConnectionManager::passthroughEnabled()
once we enabled `payload_passthrough`. That code assumes that there will
_always_ be an active RPC. However, this is not true after a local response
has been sent (e.g.: no healthy upstream, no cluster, no route, etc.).

Risk Level: low
Testing: unit tests added
Doc Changes: n/a
Release Notes: n/a
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

thrift proxy: add comments explaining local replies (envoyproxy#14754)

Risk Level: low
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

wasm: update V8 to v8.9.255.6. (envoyproxy#14764)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Request headers to add (envoyproxy#14747)

Being consistent about treating Host: and :authority the same way in Envoy header modification.

Risk Level: Medium (changes allowed modifiable headers)
Testing: new unit tests
Docs Changes: yes
Release Notes: inline

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

tls: update BoringSSL to fbbf8781 (4324). (envoyproxy#14763)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

docs: change getting started order (envoyproxy#14774)

Sandboxes are more relevant to new users than the other sections.

Signed-off-by: Matt Klein <mklein@lyft.com>

oauth2: set accept header on access_token request (envoyproxy#14538)

Co-authored-by: Dhi Aurrahman <dio@tetrate.io>
Signed-off-by: Richard Patel <me@terorie.dev>

router: Remove envoy.reloadable_features.consume_all_retry_headers (envoyproxy#14662)

This patch removes the
envoy.reloadable_features.consume_all_retry_headers runtime flag.

Signed-off-by: Martin Matusiak <numerodix@gmail.com>

docs: API review checklist (envoyproxy#14399)

* API review checklist

Signed-off-by: Mark D. Roth <roth@google.com>

[docs] Add guidance on ENVOY_BUG in STYLE.md (envoyproxy#14575)

* Add guidanceon ENVOY_BUG and macro usage to STYLE.md

Signed-off-by: Asra Ali <asraa@google.com>

filters: Add test/server:filter_config_test (envoyproxy#14746)

As part of envoyproxy#14470, I'll be modifying the base filter interface to include an overridable dependencies() function. This is prep work.

Risk Level: Low (test only)
Doc Change: n/a
Release Notes: n/a
Signed-off-by: Auni Ahsan <auni@google.com>

dns: removing envoy.reloadable_features.fix_wildcard_matching envoyproxy#14644 (envoyproxy#14768)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

test: FakeUpstream threading fixes (envoyproxy#14526)

Signed-off-by: Antonio Vicente <avd@google.com>

server: add FIPS mode statistic indicating FIPS compliance (envoyproxy#14719)

Signed-off-by: Ravindra Akella <rakella@rakella-ltm.internal.salesforce.com>

Add error_state to all config dump resources (envoyproxy#14689)

Store the NACKed resource in each resources

Risk Level: None

Fixes: envoyproxy#14431

Signed-off-by: Lidi Zheng <lidiz@google.com>

docs: fix two typos in jwt_authn_filter (envoyproxy#14796)

Signed-off-by: Lukasz Jernas <lukasz.jernas@allegro.pl>

 tcp: adding logs and debug checks (envoyproxy#14771)

Adding some logs and one ENVOY_BUG around the new TCP pool.

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

google_grpc: attempt to reduce lock contention between completionThread() and onCompletedOps() (envoyproxy#14777)

Holding a stream's lock while running handleOpCompletion can result in the completion queue having to wait until the lock is released before adding messages on that stream to completed_ops_. In cases where the completion queue is shared across multiple gRPC streams, delivery of new messages on all streams is blocked until the lock held by the first stream while executing onCompletedOps.

Signed-off-by: Antonio Vicente <avd@google.com>

filters: Add dependencies.proto (envoyproxy#14750)

Introduces the FilterDependency proto. This isn't quite an extension, but it's a common proto to be used by all filter extensions.

Risk Level: Low (proto addition only)

Signed-off-by: Auni Ahsan <auni@google.com>

tools: Syncing api/BUILD file to generated_api_shadow (envoyproxy#14792)

After chatting with @akonradi on Slack, it seems the generated_api_shadow/BUILD file was not being updated by proto_format since PR envoyproxy#9719. This PR copies the api/BUILD file to generated_api_shadow.

Risk Level: Low (relevant for development)

Signed-off-by: Adi Suissa-Peleg <adip@google.com>

Add debug log for slow config updates for GRPC subscriptions (envoyproxy#14343)

Risk Level: Low
Testing:
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Adam Schaub <adamsjob@google.com>

oauth2 filter: Make OAuth scopes configurable.  (envoyproxy#14168)

New optional parameter 'auth_scopes' added to the filter. The default value is 'user' (if not provided) to avoid breaking changes to users updating to the latest version.

Signed-off-by: andreyprezotto <andreypp@gmail.com>

Co-authored-by: Nitin Goyal <nitingoyal.dev@gmail.com>

upstream: Optimize LoadStatsReporter::startLoadReportPeriod implementation (envoyproxy#14803)

cm_.clusters() is not O(1) in part due to it creating maps and returning by value. This means that startLoadReportPeriod was effectively O(n**2) on number of clusters since cm_.clusters() is called for every active cluster.

Risk Level: low, functional no-op
Testing: Existing tests. We may want a benchmark.

Signed-off-by: Antonio Vicente <avd@google.com>

ext_proc: Implement response path for headers only (envoyproxy#14713)

Implement header processing on the response path by sending the
response_headers message to the processor and handling the result.

Also update the docs in the .proto file.

Signed-off-by: Gregory Brail <gregbrail@google.com>

reformat code

Signed-off-by: qinggniq <livewithblank@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api deps Approval required for changes to Envoy's external dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

HTTP health checker does not gracefully handle HTTP2 server shutdown (GOAWAY with NO_ERROR)
8 participants