Merge branch 'master' into sds_api

DEPRECATED.md

@@ -17,6 +17,7 @@ A logged warning is expected for each deprecated item that is in deprecation win
   Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the
   `use_data_plane_proto` boolean flag in the [ratelimit configuration](https://github.com/envoyproxy/envoy/blob/master/api/envoy/config/ratelimit/v2/rls.proto).
   However, when using the deprecated client a warning is logged.
+* Use of the --v2-config-only flag.
 
 ## Version 1.7.0
 

api/bazel/api_build_system.bzl

@@ -31,6 +31,7 @@ def api_py_proto_library(name, srcs = [], deps = [], has_services = 0):
         protoc = "@com_google_protobuf//:protoc",
         deps = [_LibrarySuffix(d, _PY_SUFFIX) for d in deps] + [
             "@com_lyft_protoc_gen_validate//validate:validate_py",
+            "@googleapis//:api_httpbody_protos_py",
             "@googleapis//:http_api_protos_py",
             "@googleapis//:rpc_status_protos_py",
             "@com_github_gogo_protobuf//:gogo_proto_py",
@@ -106,6 +107,7 @@ def api_proto_library(name, visibility = ["//visibility:private"], srcs = [], de
             "@com_google_protobuf//:struct_proto",
             "@com_google_protobuf//:timestamp_proto",
             "@com_google_protobuf//:wrappers_proto",
+            "@googleapis//:api_httpbody_protos_proto",
             "@googleapis//:http_api_protos_proto",
             "@googleapis//:rpc_status_protos_lib",
             "@com_github_gogo_protobuf//:gogo_proto",

api/bazel/repositories.bzl

@@ -17,18 +17,67 @@ def api_dependencies():
         name = "googleapis",
         strip_prefix = "googleapis-" + GOOGLEAPIS_SHA,
         url = "https://github.com/googleapis/googleapis/archive/" + GOOGLEAPIS_SHA + ".tar.gz",
+        # TODO(dio): Consider writing a Skylark macro for importing Google API proto.
         build_file_content = """
 load("@com_google_protobuf//:protobuf.bzl", "cc_proto_library", "py_proto_library")
 load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library")
 
+filegroup(
+    name = "api_httpbody_protos_src",
+    srcs = [
+        "google/api/httpbody.proto",
+    ],
+    visibility = ["//visibility:public"],
+)
+
+proto_library(
+    name = "api_httpbody_protos_proto",
+    srcs = [":api_httpbody_protos_src"],
+    deps = ["@com_google_protobuf//:descriptor_proto"],
+    visibility = ["//visibility:public"],
+)
+
+cc_proto_library(
+    name = "api_httpbody_protos",
+    srcs = [
+        "google/api/httpbody.proto",
+    ],
+    default_runtime = "@com_google_protobuf//:protobuf",
+    protoc = "@com_google_protobuf//:protoc",
+    deps = ["@com_google_protobuf//:cc_wkt_protos"],
+    visibility = ["//visibility:public"],
+)
+
+py_proto_library(
+    name = "api_httpbody_protos_py",
+    srcs = [
+        "google/api/httpbody.proto",
+    ],
+    include = ".",
+    default_runtime = "@com_google_protobuf//:protobuf_python",
+    protoc = "@com_google_protobuf//:protoc",
+    visibility = ["//visibility:public"],
+    deps = ["@com_google_protobuf//:protobuf_python"],
+)
+
+go_proto_library(
+    name = "api_httpbody_go_proto",
+    importpath = "google.golang.org/genproto/googleapis/api/httpbody",
+    proto = ":api_httpbody_protos_proto",
+    visibility = ["//visibility:public"],
+    deps = [
+      ":descriptor_go_proto",
+    ],
+)
+
 filegroup(
     name = "http_api_protos_src",
     srcs = [
         "google/api/annotations.proto",
         "google/api/http.proto",
     ],
     visibility = ["//visibility:public"],
- )
+)
 
 go_proto_library(
     name = "descriptor_go_proto",
@@ -93,6 +142,7 @@ proto_library(
      deps = ["@com_google_protobuf//:any_proto"],
      visibility = ["//visibility:public"],
 )
+
 cc_proto_library(
      name = "rpc_status_protos",
      srcs = ["google/rpc/status.proto"],

api/envoy/api/v2/cds.proto

@@ -345,6 +345,18 @@ message Cluster {
     // weighted cluster contains the same keys and values as the subset's
     // metadata. The same host may appear in multiple subsets.
     repeated LbSubsetSelector subset_selectors = 3;
+
+    // If true, routing to subsets will take into account the localities and locality weights of the
+    // endpoints when making the routing decision.
+    //
+    // There are some potential pitfalls associated with enabling this feature, as the resulting
+    // traffic split after applying both a subset match and locality weights might be undesirable.
+    //
+    // Consider for example a situation in which you have 50/50 split across two localities X/Y
+    // which have 100 hosts each without subsetting. If the subset LB results in X having only 1
+    // host selected but Y having 100, then a lot more load is being dumped on the single host in X
+    // than originally anticipated in the load balancing assignment delivered via EDS.
+    bool locality_weight_aware = 4;
   }
 
   // Configuration for load balancing subsetting.

api/envoy/api/v2/cluster/circuit_breaker.proto

@@ -2,6 +2,7 @@ syntax = "proto3";
 
 package envoy.api.v2.cluster;
 option go_package = "cluster";
+option csharp_namespace = "Envoy.Api.V2.ClusterNS";
 
 import "envoy/api/v2/core/base.proto";
 

api/envoy/api/v2/cluster/outlier_detection.proto

@@ -1,6 +1,7 @@
 syntax = "proto3";
 
 package envoy.api.v2.cluster;
+option csharp_namespace = "Envoy.Api.V2.ClusterNS";
 
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";

api/envoy/api/v2/listener/listener.proto

@@ -2,6 +2,7 @@ syntax = "proto3";
 
 package envoy.api.v2.listener;
 option go_package = "listener";
+option csharp_namespace = "Envoy.Api.V2.ListenerNS";
 
 import "envoy/api/v2/core/address.proto";
 import "envoy/api/v2/auth/cert.proto";
@@ -54,10 +55,11 @@ message Filter {
 //
 // The following order applies:
 //
-// [#comment:TODO(PiotrSikora): destination IP / ranges are going to be 1.]
-// 1. Server name (e.g. SNI for TLS protocol),
-// 2. Transport protocol.
-// 3. Application protocols (e.g. ALPN for TLS protocol).
+// 1. Destination port.
+// 2. Destination IP address.
+// 3. Server name (e.g. SNI for TLS protocol),
+// 4. Transport protocol.
+// 5. Application protocols (e.g. ALPN for TLS protocol).
 //
 // For criterias that allow ranges or wildcards, the most specific value in any
 // of the configured filter chains that matches the incoming connection is going
@@ -70,9 +72,12 @@ message Filter {
 //
 // [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules]
 message FilterChainMatch {
+  // Optional destination port to consider when use_original_dst is set on the
+  // listener in determining a filter chain match.
+  google.protobuf.UInt32Value destination_port = 8 [(validate.rules).uint32 = {gte: 1, lte: 65535}];
+
   // If non-empty, an IP address and prefix length to match addresses when the
   // listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
-  // [#not-implemented-hide:]
   repeated core.CidrRange prefix_ranges = 3;
 
   // If non-empty, an IP address and suffix length to match addresses when the
@@ -96,11 +101,6 @@ message FilterChainMatch {
   // [#not-implemented-hide:]
   repeated google.protobuf.UInt32Value source_ports = 7;
 
-  // Optional destination port to consider when use_original_dst is set on the
-  // listener in determining a filter chain match.
-  // [#not-implemented-hide:]
-  google.protobuf.UInt32Value destination_port = 8;
-
   // If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
   // a filter chain match. Those values will be compared against the server names of a new
   // connection, when detected by one of the listener filters.

bazel/envoy_build_system.bzl

@@ -383,6 +383,10 @@ def envoy_proto_library(
     cc_proto_deps = []
     py_proto_deps = ["@com_google_protobuf//:protobuf_python"]
 
+    if "api_httpbody_protos" in external_deps:
+        cc_proto_deps.append("@googleapis//:api_httpbody_protos")
+        py_proto_deps.append("@googleapis//:api_httpbody_protos_py")
+
     if "http_api_protos" in external_deps:
         cc_proto_deps.append("@googleapis//:http_api_protos")
         py_proto_deps.append("@googleapis//:http_api_protos_py")
@@ -420,6 +424,10 @@ def envoy_proto_descriptor(name, out, srcs = [], external_deps = []):
     input_files = ["$(location " + src + ")" for src in srcs]
     include_paths = [".", PACKAGE_NAME]
 
+    if "api_httpbody_protos" in external_deps:
+        srcs.append("@googleapis//:api_httpbody_protos_src")
+        include_paths.append("external/googleapis")
+
     if "http_api_protos" in external_deps:
         srcs.append("@googleapis//:http_api_protos_src")
         include_paths.append("external/googleapis")

bazel/repositories.bzl

@@ -192,6 +192,10 @@ def _envoy_api_deps():
     if "envoy_api" not in native.existing_rules().keys():
         _default_envoy_api(name = "envoy_api")
 
+    native.bind(
+        name = "api_httpbody_protos",
+        actual = "@googleapis//:api_httpbody_protos",
+    )
     native.bind(
         name = "http_api_protos",
         actual = "@googleapis//:http_api_protos",

docs/root/configuration/http_filters/grpc_json_transcoder_filter.rst

@@ -62,3 +62,16 @@ match the incoming request path, set `match_incoming_request_route` to true.
       };
     }
   }
+
+Sending arbitrary content
+-------------------------
+
+By default, when transcoding occurs, gRPC-JSON encodes the message output of a gRPC service method into
+JSON and sets the HTTP response `Content-Type` header to `application/json`. To send abritrary content,
+a gRPC service method can use
+`google.api.HttpBody <https://github.com/googleapis/googleapis/blob/master/google/api/httpbody.proto>`_
+as its output message type. The implementation needs to set
+`content_type <https://github.com/googleapis/googleapis/blob/master/google/api/httpbody.proto#L68>`_
+(which sets the value of the HTTP response `Content-Type` header) and
+`data <https://github.com/googleapis/googleapis/blob/master/google/api/httpbody.proto#L71>`_
+(which sets the HTTP response body) accordingly.

docs/root/configuration/listener_filters/listener_filters.rst

@@ -9,4 +9,5 @@ Envoy has the follow builtin listener filters.
   :maxdepth: 2
 
   original_dst_filter
+  proxy_protocol
   tls_inspector

docs/root/configuration/listener_filters/proxy_protocol.rst

@@ -0,0 +1,26 @@
+.. _config_listener_filters_proxy_protocol:
+
+Proxy Protocol
+==============
+
+This listener filter adds support for
+`HAProxy Proxy Protocol <http://www.haproxy.org/download/1.9/doc/proxy-protocol.txt>`_.
+
+In this mode, the upstream connection is assumed to come from a proxy
+which places the original coordinates (IP, PORT) into a connection-string.
+Envoy then extracts these and uses them as the remote address.
+
+In Proxy Protocol v2 there exists the concept of extensions (TLV)
+tags that are optional. This implementation skips over these without
+using them.
+
+This implementation supports both version 1 and version 2, it
+automatically determines on a per-connection basis which of the two
+versions is present. Note: if the filter is enabled, the Proxy Protocol
+must be present on the connection (either version 1 or version 2),
+the standard does not allow parsing to determine if it is present or not.
+
+If there is a protocol error or an unsupported address family
+(e.g. AF_UNIX) the connection will be closed and an error thrown.
+
+* :ref:`v2 API reference <envoy_api_field_listener.Filter.name>`

docs/root/configuration/overview/v2_overview.rst

@@ -37,12 +37,9 @@ flag, i.e.:
 
 .. code-block:: console
 
-  ./envoy -c <path to config>.{json,yaml,pb,pb_text} --v2-config-only
+  ./envoy -c <path to config>.{json,yaml,pb,pb_text}
 
-where the extension reflects the underlying v2 config representation. The
-:option:`--v2-config-only` flag is not strictly required as Envoy will attempt
-to autodetect the config file version, but this option provides an enhanced
-debug experience when configuration parsing fails.
+where the extension reflects the underlying v2 config representation.
 
 The :ref:`Bootstrap <envoy_api_msg_config.bootstrap.v2.Bootstrap>` message is the root of the
 configuration. A key concept in the :ref:`Bootstrap <envoy_api_msg_config.bootstrap.v2.Bootstrap>`

docs/root/intro/version_history.rst

@@ -7,14 +7,21 @@ Version history
   to filter based on the presence of Envoy response flags.
 * admin: added :http:get:`/hystrix_event_stream` as an endpoint for monitoring envoy's statistics
   through `Hystrix dashboard <https://github.com/Netflix-Skunkworks/hystrix-dashboard/wiki>`_.
+* grpc-json: added support for building HTTP response from
+  `google.api.HttpBody <https://github.com/googleapis/googleapis/blob/master/google/api/httpbody.proto>`_.
 * config: v1 disabled by default. v1 support remains available until October via flipping --v2-config-only=false.
+* config: v1 disabled by default. v1 support remains available until October via setting :option:`--allow-deprecated-v1-api`.
 * health check: added support for :ref:`custom health check <envoy_api_field_core.HealthCheck.custom_health_check>`.
 * health check: added support for :ref:`specifying jitter as a percentage <envoy_api_field_core.HealthCheck.interval_jitter_percent>`.
 * health_check: added support for :ref:`health check event logging <arch_overview_health_check_logging>`.
 * http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
 * http: response filters not applied to early error paths such as http_parser generated 400s.
+* proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
 * http: added generic +:ref:`Upgrade support 
   <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.upgrade_configs>`
+* listeners: added the ability to match :ref:`FilterChain <envoy_api_msg_listener.FilterChain>` using
+  :ref:`destination_port <envoy_api_field_listener.FilterChainMatch.destination_port>` and
+  :ref:`prefix_ranges <envoy_api_field_listener.FilterChainMatch.prefix_ranges>`.
 * lua: added :ref:`connection() <config_http_filters_lua_connection_wrapper>` wrapper and *ssl()* API.
 * lua: added :ref:`requestInfo() <config_http_filters_lua_request_info_wrapper>` wrapper and *protocol()* API.
 * ratelimit: added support for :repo:`api/envoy/service/ratelimit/v2/rls.proto`.
@@ -25,6 +32,8 @@ Version history
   Support for the legacy proto :repo:`source/common/ratelimit/ratelimit.proto` is deprecated and will be removed at the start of the 1.9.0 release cycle.
 * tracing: added support for configuration of :ref:`tracing sampling
   <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.tracing>`.
+* upstream: added configuration option to the subset load balancer to take locality weights into account when
+  selecting a host from a subset.
 
 1.7.0
 ===============

docs/root/operations/cli.rst

@@ -11,8 +11,8 @@ following are the command line options that Envoy supports.
   *(optional)* The path to the v1 or v2 :ref:`JSON/YAML/proto3 configuration
   file <config>`. If this flag is missing, :option:`--config-yaml` is required.
   This will be parsed as a :ref:`v2 bootstrap configuration file
-  <config_overview_v2_bootstrap>` and on failure, subject to
-  :option:`--v2-config-only`, will be considered as a :ref:`v1 JSON
+  <config_overview_v2_bootstrap>`. On failure, if :option:`--allow-deprecated-v1-api`,
+  is set, it will be considered as a :ref:`v1 JSON
   configuration file <config_overview_v1>`. For v2 configuration files, valid
   extensions are ``.json``, ``.yaml``, ``.pb`` and ``.pb_text``, which indicate
   JSON, YAML, `binary proto3
@@ -34,9 +34,14 @@ following are the command line options that Envoy supports.
 
 .. option:: --v2-config-only
 
+  *(deprecated)* This flag used to allow opting into only using a
+  :ref:`v2 bootstrap configuration file <config_overview_v2_bootstrap>`. This is now set by default.
+
+.. option:: --allow-deprecated-v1-api
+
   *(optional)* This flag determines whether the configuration file should only
   be parsed as a :ref:`v2 bootstrap configuration file
-  <config_overview_v2_bootstrap>`. If false (default), when a v2 bootstrap
+  <config_overview_v2_bootstrap>`. If specified when a v2 bootstrap
   config parse fails, a second attempt to parse the config as a :ref:`v1 JSON
   configuration file <config_overview_v1>` will be made.
 

include/envoy/api/os_sys_calls.h

@@ -1,5 +1,6 @@
 #pragma once
 
+#include <sys/ioctl.h>
 #include <sys/mman.h>   // for mode_t
 #include <sys/socket.h> // for sockaddr
 #include <sys/stat.h>
@@ -22,6 +23,11 @@ class OsSysCalls {
    */
   virtual int bind(int sockfd, const sockaddr* addr, socklen_t addrlen) PURE;
 
+  /**
+   * @see ioctl (man 2 ioctl)
+   */
+  virtual int ioctl(int sockfd, unsigned long int request, void* argp) PURE;
+
   /**
    * Open file by full_path with given flags and mode.
    * @return file descriptor.

include/envoy/server/BUILD

@@ -111,6 +111,7 @@ envoy_cc_library(
     hdrs = ["options.h"],
     deps = [
         "//include/envoy/network:address_interface",
+        "//include/envoy/stats:stats_interface",
     ],
 )
 

include/envoy/server/options.h

@@ -6,6 +6,7 @@
 
 #include "envoy/common/pure.h"
 #include "envoy/network/address.h"
+#include "envoy/stats/stats.h"
 
 #include "spdlog/spdlog.h"
 
@@ -149,10 +150,10 @@ class Options {
   virtual uint64_t maxStats() const PURE;
 
   /**
-   * @return uint64_t the maximum name length of the name field in
+   * @return StatsOptions& the max stat name / suffix lengths for stats.
    * router/cluster/listener.
    */
-  virtual uint64_t maxObjNameLength() const PURE;
+  virtual const Stats::StatsOptions& statsOptions() const PURE;
 
   /**
    * @return bool indicating whether the hot restart functionality has been disabled via cli flags.