Revert some commits and update to latest upstream 1.32 #287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tedjpoole
approved these changes
Dec 19, 2024
…se (#36558) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Dario Cillerai <[email protected]>
…o DFPCluster removed (#35848) Commit Message: - Add an optional argument called `ignore_removal` to `ClusterManagerImpl::addOrUpdateCluster` and `ClusterManagerImpl::loadCluster`. This argument defaults to `false`, so it won't affect any existing flows. We'll be setting this in Cluster Data. - If the `ignore_removal` value is `true`, then the cluster won't be removed when `ClusterManagerImpl::removeCluster` is called. - To remove a cluster that has been added with `ignore_removal` set to `true`, the `remove_ignored` argument must be set to `true` when `ClusterManagerImpl::removeCluster` is called. This helps to manage clusters whose lifecycle is managed by custom implementations similar to DFP clusters. Additional Description: - Currently clusters that are dynamically added with custom implementations from filters, etc. are removed when a CDS event is triggered. This is because these dynamically created clusters will come in diff of CDS and will be removed by the cluster manager. Risk Level: low Testing: unit test Docs Changes: no Release Notes: no Signed-off-by: Dario Cillerai <[email protected]>
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Commit Message: minor opt: minor optimization to the orca parser Additional Description: By this way, the parser needn't to scan the whole header value if the header value has invalid format. And the we needn't create a copy of the header value for json format now. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
This patch adds around 160 test cases based on the aws signer test corpus from https://github.com/awslabs/aws-c-auth/tree/main/tests/aws-signing-test-suite Adding these test cases uncovered the following bugs, which have also been fixed in this patch: - Incorrect handling of UTF8 encoded parameters - Incorrect path canonicalisation of paths containing /./ - Incorrect date calculation (missing seconds from the date formatter) - Invalid handling of tilde within query parameters (also reported by Animal Logic leading to this patch) - Invalid handling of other query parameter encodings Commit Message: aws: add sigv4/a test corpuses and test cases Additional Description: Risk Level: Low Testing: Unit Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Nigel Brittain <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
--------- Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: alyssawilk <[email protected]> Co-authored-by: phlax <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
…36553) <!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing [email protected] where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) --> Commit Message: lua: mention that body should be consumed before fetching trailers Additional Description: Risk Level: Zero Testing: N/A Docs Changes: lua_filter.rst Release Notes: Platform Specific Features: [Optional Runtime guard:] Fixes envoyproxy/envoy#36507 [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] Signed-off-by: spacewander <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Risk Level: n/a Testing: yes Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: alyssawilk <[email protected]> Co-authored-by: phlax <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
This PR updates the DNS resolution details from `apple_dns_success` to `apple_dns_immediate_success` for an immediate success and from `not_set` to `apple_dns_success` for a successful case. This PR also adds missing test cases for the Apple DNS resolution details. Risk Level: low Testing: unit tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: apple_dns --------- Signed-off-by: Fredy Wijaya <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Commit Message: wasm: Add data buffering for chunks Additional Description: In HTTP/2 connections, the last chunk, which contains the end_of_stream flag, is not used to call the Wasm callback. This fix addresses the issue by dumping the data into the buffer before calling the Wasm callback, ensuring that the data is now present. Risk Level: Low Testing: yes Docs Changes: n/a Release Notes: yes Platform Specific Features: n/a Fixes envoyproxy/envoy#35884 --------- Signed-off-by: Juan Manuel Ollé <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Dario Cillerai <[email protected]>
… /contrib/golang/filters/http/test/test_data/buffer in the contrib-golang group (#36486) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Dario Cillerai <[email protected]>
…(#36593) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Dario Cillerai <[email protected]>
fix #36588 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
…ctory (#36534) Commit Message: reduce data plane stats contention by moving the stats to the factory Additional Description: Risk Level: low Testing: Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Commit Message: fix potential null dereference in ext_authz Additional Description: Previously, if ext_authz had emit filter state stats set to true and another filter added filter state under the ext authz filter's name, it would result in a null dereference. The member logging_info_ would not be set in initiateCall after seeing there was already data there. Later, we would dereference logging_info_ to update the stats as if it were initialized already. I've added a check for a null logging_info_ and added logging & a stat for when there's a filter state naming collision. I also made some readability improvements to the ext_authz test. Risk Level: low Testing: unit tested Docs Changes: none Release Notes: none Platform Specific Features: none --------- Signed-off-by: antoniovleonti <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
**Summary of changes**:
* Envoy now logs warnings when `internal_address_config` is not set. If
you see this logged warning and wish to retain trusted status for
internal addresses you must explicitly configure
`internal_address_config` (which will turn off the warning) before the
next Envoy release.
* Removed support for (long deprecated) opentracing.
* Added a configuration setting for the maximum size of response headers
in responses.
* Added support for `connection_pool_per_downstream_connection` flag in
tcp connection pool.
* For the strict DNS and logical DNS cluster types, the `dns_jitter`
field allows spreading out DNS refresh requests
* Added dynamic metadata matcher support `dynamic metadata input` and
`dynamic metadata input matcher`.
* The xff original IP detection method now supports using a list of
trusted CIDRs when parsing `x-forwarded-for`.
* QUIC server and client support certificate compression, which can in
some cases reduce the number of round trips required to setup a
connection.
* Added the ability to monitor CPU utilization in Linux based systems
via `cpu utilization monitor` in overload manager.
* Added new access log command operators (`%START_TIME_LOCAL%` and
`%EMIT_TIME_LOCAL%`) formatters (`%UPSTREAM_CLUSTER_RAW%`
`%DOWNSTREAM_PEER_CHAIN_FINGERPRINTS_256%`, and
`%DOWNSTREAM_PEER_CHAIN_SERIALS%`) as well as significant boosts to json
parsing. See release notes for details
* Added support for `%BYTES_RECEIVED%`, `%BYTES_SENT%`,
`%UPSTREAM_HEADER_BYTES_SENT%`, `%UPSTREAM_HEADER_BYTES_RECEIVED%`,
`%UPSTREAM_WIRE_BYTES_SENT%`, `%UPSTREAM_WIRE_BYTES_RECEIVED%` and
access log substitution strings for UDP tunneling flows.
* Added ECDS support for UDP session filters.
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.32.0
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.32.0/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.32.0/version_history/v1.32/v1.32.0
**Full changelog**:
envoyproxy/envoy@v1.31.0...v1.32.0
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Currently this breaks running `bazel aquery "deps(...)"` - not sure why Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Signed-off-by: Dario Cillerai <[email protected]>
…r in CustomHeaderIPDetection (#37194) This PR restores the original behavior prior to #31831, by explicitly setting `skip_xff_append` to `true`, as appending the `XFF` header from the custom header extension is not required. See #37171 for more details. --- **Commit Message:** original_ip_detection: revert unintended XFF header appending behavior in CustomHeaderIPDetection **Additional Description:** This PR restores the pre #31831 behavior by explicitly setting `skip_xff_append` to `true`, as appending the `XFF` header from the custom header extension is not required. **Risk Level:** Low **Testing:** Added Unit Tests **Docs Changes:** N/A **Release Notes:** Added Signed-off-by: Rohit Agrawal <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
…74f326` in /ci (#37119) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Ensure that calculated sampling exponent stays below a certain limit Risk Level: Low Testing: Unit test, manual Docs Changes: N/A Release Notes: N/A Platform Specific Features: Fixes #37199 Signed-off-by: thomas.ebner <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Fixes envoyproxy/envoy#36808 --------- Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
c-ares is currently behind on upgrades due to incompatibility with gRPC. Patching c-ares CVE-2024-25629 to avoid scanner complaints. Signed-off-by: Yan Avlasov <[email protected]> Signed-off-by: yanavlasov <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
…a803cc` in /ci (#37410) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Steven Jin Xuan <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Steven Jin Xuan <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
**Summary of changes**:
- Minor bug fixes
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.32.2
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.32.2/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.32.2/version_history/v1.32/v1.32.2
**Full changelog**:
envoyproxy/envoy@v1.32.1...v1.32.2
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Dario Cillerai <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Dario Cillerai <[email protected]>
dcillera
force-pushed
the
revert-and-update
branch
from
5827414 to
441e10a
Compare
Signed-off-by: Dario Cillerai <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some commits, which had been made to make the tests work in Builder 3.0 (Rockylinux:9) have been reverted (successful tests will be obtained by modifying OpenSSL policy) and all latest commits from the Upstream 1.32 have been merged.