diff --git a/.yapfignore b/.yapfignore index 0409026f278a..f0b729545dc9 100644 --- a/.yapfignore +++ b/.yapfignore @@ -5,3 +5,4 @@ *_pb2.py *tests* *#* +*intersphinx_custom.py diff --git a/docs/_ext/intersphinx_custom.py b/docs/_ext/intersphinx_custom.py new file mode 100644 index 000000000000..2ce91ca74bdd --- /dev/null +++ b/docs/_ext/intersphinx_custom.py @@ -0,0 +1,435 @@ +# +# This module has been copied from sphinx.ext in order to workaround a +# sphinx issue described here: +# https://github.com/sphinx-doc/sphinx/issues/2068 +# +# using the fix from: +# https://github.com/sphinx-doc/sphinx/pull/8981 +# +# Once upstream is fixed this module should be removed. +# +# Envoy tracking bug is here: +# https://github.com/envoyproxy/envoy/issues/16181 +# +""" + sphinx.ext.intersphinx + ~~~~~~~~~~~~~~~~~~~~~~ + + Insert links to objects documented in remote Sphinx documentation. + + This works as follows: + + * Each Sphinx HTML build creates a file named "objects.inv" that contains a + mapping from object names to URIs relative to the HTML set's root. + + * Projects using the Intersphinx extension can specify links to such mapping + files in the `intersphinx_mapping` config value. The mapping will then be + used to resolve otherwise missing references to objects into links to the + other documentation. + + * By default, the mapping file is assumed to be at the same location as the + rest of the documentation; however, the location of the mapping file can + also be specified individually, e.g. if the docs should be buildable + without Internet access. + + :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS. + :license: BSD, see LICENSE for details. +""" + +import concurrent.futures +import functools +import posixpath +import sys +import time +from os import path +from typing import IO, Any, Dict, List, Tuple +from urllib.parse import urlsplit, urlunsplit + +from docutils import nodes +from docutils.nodes import Element, TextElement +from docutils.utils import relative_path + +import sphinx +from sphinx.application import Sphinx +from sphinx.builders.html import INVENTORY_FILENAME +from sphinx.config import Config +from sphinx.environment import BuildEnvironment +from sphinx.locale import _, __ +from sphinx.util import logging, requests +from sphinx.util.inventory import InventoryFile +from sphinx.util.typing import Inventory + +logger = logging.getLogger(__name__) + + +class InventoryAdapter: + """Inventory adapter for environment""" + + def __init__(self, env: BuildEnvironment) -> None: + self.env = env + + if not hasattr(env, 'intersphinx_cache'): + self.env.intersphinx_cache = {} # type: ignore + self.env.intersphinx_inventory = {} # type: ignore + self.env.intersphinx_named_inventory = {} # type: ignore + + @property + def cache(self) -> Dict[str, Tuple[str, int, Inventory]]: + return self.env.intersphinx_cache # type: ignore + + @property + def main_inventory(self) -> Inventory: + return self.env.intersphinx_inventory # type: ignore + + @property + def named_inventory(self) -> Dict[str, Inventory]: + return self.env.intersphinx_named_inventory # type: ignore + + def clear(self) -> None: + self.env.intersphinx_inventory.clear() # type: ignore + self.env.intersphinx_named_inventory.clear() # type: ignore + + +def _strip_basic_auth(url: str) -> str: + """Returns *url* with basic auth credentials removed. Also returns the + basic auth username and password if they're present in *url*. + + E.g.: https://user:pass@example.com => https://example.com + + *url* need not include basic auth credentials. + + :param url: url which may or may not contain basic auth credentials + :type url: ``str`` + + :return: *url* with any basic auth creds removed + :rtype: ``str`` + """ + frags = list(urlsplit(url)) + # swap out "user[:pass]@hostname" for "hostname" + if '@' in frags[1]: + frags[1] = frags[1].split('@')[1] + return urlunsplit(frags) + + +def _read_from_url(url: str, config: Config = None) -> IO: + """Reads data from *url* with an HTTP *GET*. + + This function supports fetching from resources which use basic HTTP auth as + laid out by RFC1738 § 3.1. See § 5 for grammar definitions for URLs. + + .. seealso: + + https://www.ietf.org/rfc/rfc1738.txt + + :param url: URL of an HTTP resource + :type url: ``str`` + + :return: data read from resource described by *url* + :rtype: ``file``-like object + """ + r = requests.get(url, stream=True, config=config, timeout=config.intersphinx_timeout) + r.raise_for_status() + r.raw.url = r.url + # decode content-body based on the header. + # ref: https://github.com/kennethreitz/requests/issues/2155 + r.raw.read = functools.partial(r.raw.read, decode_content=True) + return r.raw + + +def _get_safe_url(url: str) -> str: + """Gets version of *url* with basic auth passwords obscured. This function + returns results suitable for printing and logging. + + E.g.: https://user:12345@example.com => https://user@example.com + + :param url: a url + :type url: ``str`` + + :return: *url* with password removed + :rtype: ``str`` + """ + parts = urlsplit(url) + if parts.username is None: + return url + else: + frags = list(parts) + if parts.port: + frags[1] = '{}@{}:{}'.format(parts.username, parts.hostname, parts.port) + else: + frags[1] = '{}@{}'.format(parts.username, parts.hostname) + + return urlunsplit(frags) + + +def fetch_inventory(app: Sphinx, uri: str, inv: Any) -> Any: + """Fetch, parse and return an intersphinx inventory file.""" + # both *uri* (base URI of the links to generate) and *inv* (actual + # location of the inventory file) can be local or remote URIs + localuri = '://' not in uri + if not localuri: + # case: inv URI points to remote resource; strip any existing auth + uri = _strip_basic_auth(uri) + try: + if '://' in inv: + f = _read_from_url(inv, config=app.config) + else: + f = open(path.join(app.srcdir, inv), 'rb') + except Exception as err: + err.args = ('intersphinx inventory %r not fetchable due to %s: %s', + inv, err.__class__, str(err)) + raise + try: + if hasattr(f, 'url'): + newinv = f.url # type: ignore + if inv != newinv: + logger.info(__('intersphinx inventory has moved: %s -> %s'), inv, newinv) + + if uri in (inv, path.dirname(inv), path.dirname(inv) + '/'): + uri = path.dirname(newinv) + with f: + try: + join = path.join if localuri else posixpath.join + invdata = InventoryFile.load(f, uri, join) + except ValueError as exc: + raise ValueError('unknown or unsupported inventory version: %r' % exc) from exc + except Exception as err: + err.args = ('intersphinx inventory %r not readable due to %s: %s', + inv, err.__class__.__name__, str(err)) + raise + else: + return invdata + + +def fetch_inventory_group( + name: str, uri: str, invs: Any, cache: Any, app: Any, now: float +) -> bool: + cache_time = now - app.config.intersphinx_cache_limit * 86400 + failures = [] + try: + for inv in invs: + if not inv: + inv = posixpath.join(uri, INVENTORY_FILENAME) + # decide whether the inventory must be read: always read local + # files; remote ones only if the cache time is expired + if '://' not in inv or uri not in cache or cache[uri][1] < cache_time: + safe_inv_url = _get_safe_url(inv) + logger.info(__('loading intersphinx inventory from %s...'), safe_inv_url) + try: + invdata = fetch_inventory(app, uri, inv) + except Exception as err: + failures.append(err.args) + continue + if invdata: + cache[uri] = (name, now, invdata) + return True + return False + finally: + if failures == []: + pass + elif len(failures) < len(invs): + logger.info(__("encountered some issues with some of the inventories," + " but they had working alternatives:")) + for fail in failures: + logger.info(*fail) + else: + issues = '\n'.join([f[0] % f[1:] for f in failures]) + logger.warning(__("failed to reach any of the inventories " + "with the following issues:") + "\n" + issues) + + +def load_mappings(app: Sphinx) -> None: + """Load all intersphinx mappings into the environment.""" + now = int(time.time()) + inventories = InventoryAdapter(app.builder.env) + + with concurrent.futures.ThreadPoolExecutor() as pool: + futures = [] + for name, (uri, invs) in app.config.intersphinx_mapping.values(): + futures.append(pool.submit( + fetch_inventory_group, name, uri, invs, inventories.cache, app, now + )) + updated = [f.result() for f in concurrent.futures.as_completed(futures)] + + if any(updated): + inventories.clear() + + # Duplicate values in different inventories will shadow each + # other; which one will override which can vary between builds + # since they are specified using an unordered dict. To make + # it more consistent, we sort the named inventories and then + # add the unnamed inventories last. This means that the + # unnamed inventories will shadow the named ones but the named + # ones can still be accessed when the name is specified. + cached_vals = list(inventories.cache.values()) + named_vals = sorted(v for v in cached_vals if v[0]) + unnamed_vals = [v for v in cached_vals if not v[0]] + for name, _x, invdata in named_vals + unnamed_vals: + if name: + inventories.named_inventory[name] = invdata + for type, objects in invdata.items(): + inventories.main_inventory.setdefault(type, {}).update(objects) + + +def missing_reference(app: Sphinx, env: BuildEnvironment, node: Element, contnode: TextElement + ) -> nodes.reference: + """Attempt to resolve a missing reference via intersphinx references.""" + target = node['reftarget'] + inventories = InventoryAdapter(env) + objtypes = None # type: List[str] + if node['reftype'] == 'any': + # we search anything! + objtypes = ['%s:%s' % (domain.name, objtype) + for domain in env.domains.values() + for objtype in domain.object_types] + domain = None + else: + domain = node.get('refdomain') + if not domain: + # only objects in domains are in the inventory + return None + objtypes = env.get_domain(domain).objtypes_for_role(node['reftype']) + if not objtypes: + return None + objtypes = ['%s:%s' % (domain, objtype) for objtype in objtypes] + if 'std:cmdoption' in objtypes: + # until Sphinx-1.6, cmdoptions are stored as std:option + objtypes.append('std:option') + if 'py:attribute' in objtypes: + # Since Sphinx-2.1, properties are stored as py:method + objtypes.append('py:method') + to_try = [(inventories.main_inventory, target)] + if domain: + full_qualified_name = env.get_domain(domain).get_full_qualified_name(node) + if full_qualified_name: + to_try.append((inventories.main_inventory, full_qualified_name)) + in_set = None + if ':' in target: + # first part may be the foreign doc set name + setname, newtarget = target.split(':', 1) + if setname in inventories.named_inventory: + in_set = setname + to_try.append((inventories.named_inventory[setname], newtarget)) + if domain: + node['reftarget'] = newtarget + full_qualified_name = env.get_domain(domain).get_full_qualified_name(node) + if full_qualified_name: + to_try.append((inventories.named_inventory[setname], full_qualified_name)) + elif app.config.intersphinx_strict_prefix: + return None + for inventory, target in to_try: + for objtype in objtypes: + if objtype not in inventory or target not in inventory[objtype]: + continue + proj, version, uri, dispname = inventory[objtype][target] + if '://' not in uri and node.get('refdoc'): + # get correct path in case of subdirectories + uri = path.join(relative_path(node['refdoc'], '.'), uri) + if version: + reftitle = _('(in %s v%s)') % (proj, version) + else: + reftitle = _('(in %s)') % (proj,) + newnode = nodes.reference('', '', internal=False, refuri=uri, reftitle=reftitle) + if node.get('refexplicit'): + # use whatever title was given + newnode.append(contnode) + elif dispname == '-' or \ + (domain == 'std' and node['reftype'] == 'keyword'): + # use whatever title was given, but strip prefix + title = contnode.astext() + if in_set and title.startswith(in_set + ':'): + newnode.append(contnode.__class__(title[len(in_set) + 1:], + title[len(in_set) + 1:])) + else: + newnode.append(contnode) + else: + # else use the given display name (used for :ref:) + newnode.append(contnode.__class__(dispname, dispname)) + return newnode + # at least get rid of the ':' in the target if no explicit title given + if in_set is not None and not node.get('refexplicit', True): + if len(contnode) and isinstance(contnode[0], nodes.Text): + contnode[0] = nodes.Text(newtarget, contnode[0].rawsource) + + return None + + +def normalize_intersphinx_mapping(app: Sphinx, config: Config) -> None: + for key, value in config.intersphinx_mapping.copy().items(): + try: + if isinstance(value, (list, tuple)): + # new format + name, (uri, inv) = key, value + if not isinstance(name, str): + logger.warning(__('intersphinx identifier %r is not string. Ignored'), + name) + config.intersphinx_mapping.pop(key) + continue + else: + # old format, no name + name, uri, inv = None, key, value + + if not isinstance(inv, tuple): + config.intersphinx_mapping[key] = (name, (uri, (inv,))) + else: + config.intersphinx_mapping[key] = (name, (uri, inv)) + except Exception as exc: + logger.warning(__('Failed to read intersphinx_mapping[%s], ignored: %r'), key, exc) + config.intersphinx_mapping.pop(key) + + +def setup(app: Sphinx) -> Dict[str, Any]: + app.add_config_value('intersphinx_mapping', {}, True) + app.add_config_value('intersphinx_cache_limit', 5, False) + app.add_config_value('intersphinx_timeout', None, False) + app.add_config_value('intersphinx_strict_prefix', True, True) + app.connect('config-inited', normalize_intersphinx_mapping, priority=800) + app.connect('builder-inited', load_mappings) + app.connect('missing-reference', missing_reference) + return { + 'version': sphinx.__display_version__, + 'env_version': 1, + 'parallel_read_safe': True + } + + +def inspect_main(argv: List[str]) -> None: + """Debug functionality to print out an inventory""" + if len(argv) < 1: + print("Print out an inventory file.\n" + "Error: must specify local path or URL to an inventory file.", + file=sys.stderr) + sys.exit(1) + + class MockConfig: + intersphinx_timeout = None # type: int + intersphinx_strict_prefix = True + tls_verify = False + user_agent = None + + class MockApp: + srcdir = '' + config = MockConfig() + + def warn(self, msg: str) -> None: + print(msg, file=sys.stderr) + + try: + filename = argv[0] + invdata = fetch_inventory(MockApp(), '', filename) # type: ignore + for key in sorted(invdata or {}): + print(key) + for entry, einfo in sorted(invdata[key].items()): + print('\t%-40s %s%s' % (entry, + '%-40s: ' % einfo[3] if einfo[3] != '-' else '', + einfo[2])) + except ValueError as exc: + print(exc.args[0] % exc.args[1:]) + except Exception as exc: + print('Unknown error: %r' % exc) + + +if __name__ == '__main__': + import logging as _logging + _logging.basicConfig() + + inspect_main(argv=sys.argv[1:]) diff --git a/docs/conf.py b/docs/conf.py index f3eebfd4fb1b..5fcc251d0060 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -71,8 +71,9 @@ def setup(app): sys.path.append(os.path.abspath("./_ext")) extensions = [ - 'sphinxcontrib.httpdomain', 'sphinx.ext.extlinks', 'sphinx.ext.ifconfig', 'sphinx_tabs.tabs', - 'sphinx_copybutton', 'validating_code_block', 'sphinxext.rediraffe', 'powershell_lexer' + 'sphinxcontrib.httpdomain', 'sphinx.ext.extlinks', 'sphinx.ext.ifconfig', 'intersphinx_custom', + 'sphinx_tabs.tabs', 'sphinx_copybutton', 'validating_code_block', 'sphinxext.rediraffe', + 'powershell_lexer' ] extlinks = { 'repo': ('https://github.com/envoyproxy/envoy/blob/{}/%s'.format(blob_sha), ''), @@ -286,3 +287,38 @@ def setup(app): # - not sure how diffing will work with main merging in PRs - might need # to be injected dynamically, somehow rediraffe_redirects = "redirects.txt" + +intersphinx_mapping = { + 'v1.5.0': ('https://www.envoyproxy.io/docs/envoy/v1.5.0', None), + 'v1.6.0': ('https://www.envoyproxy.io/docs/envoy/v1.6.0', None), + 'v1.7.0': ('https://www.envoyproxy.io/docs/envoy/v1.7.1', None), + 'v1.8.0': ('https://www.envoyproxy.io/docs/envoy/v1.8.0', None), + 'v1.9.0': ('https://www.envoyproxy.io/docs/envoy/v1.9.0', None), + 'v1.9.1': ('https://www.envoyproxy.io/docs/envoy/v1.9.1', None), + 'v1.10.0': ('https://www.envoyproxy.io/docs/envoy/v1.10.0', None), + 'v1.11.0': ('https://www.envoyproxy.io/docs/envoy/v1.11.0', None), + 'v1.11.1': ('https://www.envoyproxy.io/docs/envoy/v1.11.1', None), + 'v1.11.2': ('https://www.envoyproxy.io/docs/envoy/v1.11.2', None), + 'v1.12.0': ('https://www.envoyproxy.io/docs/envoy/v1.12.0', None), + 'v1.12.2': ('https://www.envoyproxy.io/docs/envoy/v1.12.2', None), + 'v1.12.3': ('https://www.envoyproxy.io/docs/envoy/v1.12.3', None), + 'v1.12.4': ('https://www.envoyproxy.io/docs/envoy/v1.12.4', None), + 'v1.12.5': ('https://www.envoyproxy.io/docs/envoy/v1.12.5', None), + 'v1.12.6': ('https://www.envoyproxy.io/docs/envoy/v1.12.6', None), + 'v1.13.0': ('https://www.envoyproxy.io/docs/envoy/v1.13.0', None), + 'v1.13.1': ('https://www.envoyproxy.io/docs/envoy/v1.13.1', None), + 'v1.13.2': ('https://www.envoyproxy.io/docs/envoy/v1.13.2', None), + 'v1.13.3': ('https://www.envoyproxy.io/docs/envoy/v1.13.3', None), + 'v1.14.0': ('https://www.envoyproxy.io/docs/envoy/v1.14.0', None), + 'v1.14.2': ('https://www.envoyproxy.io/docs/envoy/v1.14.2', None), + 'v1.14.3': ('https://www.envoyproxy.io/docs/envoy/v1.14.3', None), + 'v1.14.7': ('https://www.envoyproxy.io/docs/envoy/v1.14.7', None), + 'v1.15.0': ('https://www.envoyproxy.io/docs/envoy/v1.15.0', None), + 'v1.15.4': ('https://www.envoyproxy.io/docs/envoy/v1.15.4', None), + 'v1.16.0': ('https://www.envoyproxy.io/docs/envoy/v1.16.0', None), + 'v1.16.3': ('https://www.envoyproxy.io/docs/envoy/v1.16.3', None), + 'v1.17.0': ('https://www.envoyproxy.io/docs/envoy/v1.17.0', None), + 'v1.17.1': ('https://www.envoyproxy.io/docs/envoy/v1.17.1', None), + 'v1.17.2': ('https://www.envoyproxy.io/docs/envoy/v1.17.2', None), + 'v1.18.0': ('https://www.envoyproxy.io/docs/envoy/v1.18.2', None) +} diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 8a0cf028173d..08f3ad96f397 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -9,10 +9,10 @@ Minor Behavior Changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* -* http: replaced setting `envoy.reloadable_features.strict_1xx_and_204_response_headers` with settings - `envoy.reloadable_features.require_strict_1xx_and_204_response_headers` +* http: replaced setting ``envoy.reloadable_features.strict_1xx_and_204_response_headers`` with settings + ``envoy.reloadable_features.require_strict_1xx_and_204_response_headers`` (require upstream 1xx or 204 responses to not have Transfer-Encoding or non-zero Content-Length headers) and - `envoy.reloadable_features.send_strict_1xx_and_204_response_headers` + ``envoy.reloadable_features.send_strict_1xx_and_204_response_headers`` (do not send 1xx or 204 responses with these headers). Both are true by default. Bug Fixes @@ -27,11 +27,11 @@ Removed Config or Runtime ------------------------- *Normally occurs at the end of the* :ref:`deprecation period ` -* http: removed `envoy.reloadable_features.allow_500_after_100` runtime guard and the legacy code path. -* http: removed `envoy.reloadable_features.hcm_stream_error_on_invalid_message` for disabling closing HTTP/1.1 connections on error. Connection-closing can still be disabled by setting the HTTP/1 configuration :ref:`override_stream_error_on_invalid_http_message `. -* http: removed `envoy.reloadable_features.overload_manager_disable_keepalive_drain_http2`; Envoy will now always send GOAWAY to HTTP2 downstreams when the :ref:`disable_keepalive ` overload action is active. -* http: removed `envoy.reloadable_features.unify_grpc_handling` runtime guard and legacy code paths. -* tls: removed `envoy.reloadable_features.tls_use_io_handle_bio` runtime guard and legacy code path. +* http: removed ``envoy.reloadable_features.allow_500_after_100`` runtime guard and the legacy code path. +* http: removed ``envoy.reloadable_features.hcm_stream_error_on_invalid_message`` for disabling closing HTTP/1.1 connections on error. Connection-closing can still be disabled by setting the HTTP/1 configuration :ref:`override_stream_error_on_invalid_http_message `. +* http: removed ``envoy.reloadable_features.overload_manager_disable_keepalive_drain_http2``; Envoy will now always send GOAWAY to HTTP2 downstreams when the :ref:`disable_keepalive ` overload action is active. +* http: removed ``envoy.reloadable_features.unify_grpc_handling`` runtime guard and legacy code paths. +* tls: removed ``envoy.reloadable_features.tls_use_io_handle_bio`` runtime guard and legacy code path. New Features ------------ diff --git a/docs/root/version_history/v1.1.0.rst b/docs/root/version_history/v1.1.0.rst index b477be6fa849..4ad2763e52a4 100644 --- a/docs/root/version_history/v1.1.0.rst +++ b/docs/root/version_history/v1.1.0.rst @@ -6,26 +6,26 @@ Changes * Switch from Jannson to RapidJSON for our JSON library (allowing for a configuration schema in 1.2.0). -* Upgrade :ref:`recommended version ` of various other libraries. +* Upgrade :ref:`recommended version ` of various other libraries. * Configurable DNS refresh rate for DNS service discovery types. * Upstream circuit breaker configuration can be :ref:`overridden via runtime - `. -* :ref:`Zone aware routing support `. + `. +* :ref:`Zone aware routing support `. * Generic header matching routing rule. * HTTP/2 graceful connection draining (double GOAWAY). -* DynamoDB filter :ref:`per shard statistics ` (pre-release AWS +* DynamoDB filter :ref:`per shard statistics ` (pre-release AWS feature). -* Initial release of the :ref:`fault injection HTTP filter `. -* HTTP :ref:`rate limit filter ` enhancements (note that the +* Initial release of the :ref:`fault injection HTTP filter `. +* HTTP :ref:`rate limit filter ` enhancements (note that the configuration for HTTP rate limiting is going to be overhauled in 1.2.0). -* Added :ref:`refused-stream retry policy `. -* Multiple :ref:`priority queues ` for upstream clusters +* Added :ref:`refused-stream retry policy `. +* Multiple :ref:`priority queues ` for upstream clusters (configurable on a per route basis, with separate connection pools, circuit breakers, etc.). -* Added max connection circuit breaking to the :ref:`TCP proxy filter `. -* Added :ref:`CLI ` options for setting the logging file flush interval as well +* Added max connection circuit breaking to the :ref:`TCP proxy filter `. +* Added :ref:`CLI ` options for setting the logging file flush interval as well as the drain/shutdown time during hot restart. * A very large number of performance enhancements for core HTTP/TCP proxy flows as well as a few new configuration flags to allow disabling expensive features if they are not needed (specifically request ID generation and dynamic response code stats). -* Support Mongo 3.2 in the :ref:`Mongo sniffing filter `. +* Support Mongo 3.2 in the :ref:`Mongo sniffing filter `. * Lots of other small fixes and enhancements not listed. diff --git a/docs/root/version_history/v1.10.0.rst b/docs/root/version_history/v1.10.0.rst index 27bc0f8555f4..b8616a86a7c5 100644 --- a/docs/root/version_history/v1.10.0.rst +++ b/docs/root/version_history/v1.10.0.rst @@ -5,97 +5,97 @@ Changes ------- * access log: added a new flag for upstream retry count exceeded. -* access log: added a :ref:`gRPC filter ` to allow filtering on gRPC status. +* access log: added a :ref:`gRPC filter ` to allow filtering on gRPC status. * access log: added a new flag for stream idle timeout. -* access log: added a new field for upstream transport failure reason in :ref:`file access logger` and - :ref:`gRPC access logger` for HTTP access logs. +* access log: added a new field for upstream transport failure reason in :ref:`file access logger ` and + :ref:`gRPC access logger ` for HTTP access logs. * access log: added new fields for downstream x509 information (URI sans and subject) to file and gRPC access logger. * admin: the admin server can now be accessed via HTTP/2 (prior knowledge). * admin: changed HTTP response status code from 400 to 405 when attempting to GET a POST-only route (such as /quitquitquit). * buffer: fix vulnerabilities when allocation fails. * build: releases are built with GCC-7 and linked with LLD. -* build: dev docker images :ref:`have been split ` from tagged images for easier +* build: dev docker images :ref:`have been split ` from tagged images for easier discoverability in Docker Hub. Additionally, we now build images for point releases. * config: added support of using google.protobuf.Any in opaque configs for extensions. * config: logging warnings when deprecated fields are in use. * config: removed deprecated --v2-config-only from command line config. -* config: removed deprecated_v1 sds_config from :ref:`Bootstrap config `. -* config: removed the deprecated_v1 config option from :ref:`ring hash `. -* config: removed REST_LEGACY as a valid :ref:`ApiType `. +* config: removed deprecated_v1 sds_config from :ref:`Bootstrap config `. +* config: removed the deprecated_v1 config option from :ref:`ring hash `. +* config: removed REST_LEGACY as a valid :ref:`ApiType `. * config: finish cluster warming only when a named response i.e. ClusterLoadAssignment associated to the cluster being warmed comes in the EDS response. This is a behavioural change from the current implementation where warming of cluster completes on missing load assignments also. * config: use Envoy cpuset size to set the default number or worker threads if :option:`--cpuset-threads` is enabled. -* config: added support for :ref:`initial_fetch_timeout `. The timeout is disabled by default. -* cors: added :ref:`filter_enabled & shadow_enabled RuntimeFractionalPercent flags ` to filter. -* csrf: added :ref:`CSRF filter `. +* config: added support for :ref:`initial_fetch_timeout `. The timeout is disabled by default. +* cors: added :ref:`filter_enabled & shadow_enabled RuntimeFractionalPercent flags ` to filter. +* csrf: added * ext_authz: added support for buffering request body. * ext_authz: migrated from v2alpha to v2 and improved docs. * ext_authz: added a configurable option to make the gRPC service cross-compatible with V2Alpha. Note that this feature is already deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version. * ext_authz: migrated from v2alpha to v2 and improved the documentation. * ext_authz: authorization request and response configuration has been separated into two distinct objects: :ref:`authorization request - ` and :ref:`authorization response - `. In addition, :ref:`client headers - ` and :ref:`upstream headers - ` replaces the previous *allowed_authorization_headers* object. - All the control header lists now support :ref:`string matcher ` instead of standard string. + ` and :ref:`authorization response + `. In addition, :ref:`client headers + ` and :ref:`upstream headers + ` replaces the previous *allowed_authorization_headers* object. + All the control header lists now support :ref:`string matcher ` instead of standard string. * fault: added the :ref:`max_active_faults - ` setting, as well as - :ref:`statistics ` for the number of active faults + ` setting, as well as + :ref:`statistics ` for the number of active faults and the number of faults the overflowed. * fault: added :ref:`response rate limit - ` fault injection. + ` fault injection. * fault: added :ref:`HTTP header fault configuration - ` to the HTTP fault filter. + ` to the HTTP fault filter. * governance: extending Envoy deprecation policy from 1 release (0-3 months) to 2 releases (3-6 months). -* health check: expected response codes in http health checks are now :ref:`configurable `. +* health check: expected response codes in http health checks are now :ref:`configurable `. * http: added new grpc_http1_reverse_bridge filter for converting gRPC requests into HTTP/1.1 requests. * http: fixed a bug where Content-Length:0 was added to HTTP/1 204 responses. -* http: added :ref:`max request headers size `. The default behaviour is unchanged. +* http: added :ref:`max request headers size `. The default behaviour is unchanged. * http: added modifyDecodingBuffer/modifyEncodingBuffer to allow modifying the buffered request/response data. * http: added encodeComplete/decodeComplete. These are invoked at the end of the stream, after all data has been encoded/decoded respectively. Default implementation is a no-op. -* outlier_detection: added support for :ref:`outlier detection event protobuf-based logging `. -* mysql: added a MySQL proxy filter that is capable of parsing SQL queries over MySQL wire protocol. Refer to :ref:`MySQL proxy` for more details. +* outlier_detection: added support for :ref:`outlier detection event protobuf-based logging `. +* mysql: added a MySQL proxy filter that is capable of parsing SQL queries over MySQL wire protocol. Refer to :ref:`MySQL proxy ` for more details. * performance: new buffer implementation (disabled by default; to test it, add "--use-libevent-buffers 0" to the command-line arguments when starting Envoy). -* jwt_authn: added :ref:`filter_state_rules ` to allow specifying requirements from filterState by other filters. +* jwt_authn: added :ref:`filter_state_rules ` to allow specifying requirements from filterState by other filters. * ratelimit: removed deprecated rate limit configuration from bootstrap. -* redis: added :ref:`hashtagging ` to guarantee a given key's upstream. -* redis: added :ref:`latency stats ` for commands. -* redis: added :ref:`success and error stats ` for commands. +* redis: added :ref:`hashtagging ` to guarantee a given key's upstream. +* redis: added :ref:`latency stats ` for commands. +* redis: added :ref:`success and error stats ` for commands. * redis: migrate hash function for host selection to `MurmurHash2 `_ from std::hash. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS. -* redis: added :ref:`latency_in_micros ` to specify the redis commands stats time unit in microseconds. -* router: added ability to configure a :ref:`retry policy ` at the +* redis: added :ref:`latency_in_micros ` to specify the redis commands stats time unit in microseconds. +* router: added ability to configure a :ref:`retry policy ` at the virtual host level. * router: added reset reason to response body when upstream reset happens. After this change, the response body will be of the form `upstream connect error or disconnect/reset before headers. reset reason:` -* router: added :ref:`rq_reset_after_downstream_response_started ` counter stat to router stats. -* router: added per-route configuration of :ref:`internal redirects `. +* router: added :ref:`rq_reset_after_downstream_response_started ` counter stat to router stats. +* router: added per-route configuration of :ref:`internal redirects `. * router: removed deprecated route-action level headers_to_add/remove. -* router: made :ref:`max retries header ` take precedence over the number of retries in route and virtual host retry policies. -* router: added support for prefix wildcards in :ref:`virtual host domains` +* router: made :ref:`max retries header ` take precedence over the number of retries in route and virtual host retry policies. +* router: added support for prefix wildcards in :ref:`virtual host domains ` * stats: added support for histograms in prometheus * stats: added usedonly flag to prometheus stats to only output metrics which have been updated at least once. * stats: added gauges tracking remaining resources before circuit breakers open. -* tap: added new alpha :ref:`HTTP tap filter `. +* tap: added new alpha :ref:`HTTP tap filter `. * tls: enabled TLS 1.3 on the server-side (non-FIPS builds). -* upstream: add hash_function to specify the hash function for :ref:`ring hash` as either xxHash or `murmurHash2 `_. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS. -* upstream: added :ref:`degraded health value` which allows +* upstream: add hash_function to specify the hash function for :ref:`ring hash ` as either xxHash or `murmurHash2 `_. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS. +* upstream: added :ref:`degraded health value ` which allows routing to certain hosts only when there are insufficient healthy hosts available. -* upstream: add cluster factory to allow creating and registering :ref:`custom cluster type`. -* upstream: added a :ref:`circuit breaker ` to limit the number of concurrent connection pools in use. -* tracing: added :ref:`verbose ` to support logging annotations on spans. -* upstream: added support for host weighting and :ref:`locality weighting ` in the :ref:`ring hash load balancer `, and added a :ref:`maximum_ring_size` config parameter to strictly bound the ring size. +* upstream: add cluster factory to allow creating and registering :ref:`custom cluster type `. +* upstream: added a :ref:`circuit breaker ` to limit the number of concurrent connection pools in use. +* tracing: added :ref:`verbose ` to support logging annotations on spans. +* upstream: added support for host weighting and :ref:`locality weighting ` in the :ref:`ring hash load balancer `, and added a :ref:`maximum_ring_size ` config parameter to strictly bound the ring size. * zookeeper: added a ZooKeeper proxy filter that parses ZooKeeper messages (requests/responses/events). - Refer to :ref:`ZooKeeper proxy` for more details. + Refer to :ref:`ZooKeeper proxy ` for more details. * upstream: added configuration option to select any host when the fallback policy fails. * upstream: stopped incrementing upstream_rq_total for HTTP/1 conn pool when request is circuit broken. Deprecated ---------- -* Use of `use_alpha` in :ref:`Ext-Authz Authorization Service ` is deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version. -* Use of `enabled` in `CorsPolicy`, found in - :ref:`route.proto `. - Set the `filter_enabled` field instead. -* Use of the `type` field in the `FaultDelay` message (found in - :ref:`fault.proto `) +* Use of `use_alpha` in :ref:`Ext-Authz Authorization Service ` is deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version. +* Use of ``enabled`` in ``CorsPolicy``, found in + :ref:`route.proto `. + Set the ``filter_enabled`` field instead. +* Use of the ``type`` field in the ``FaultDelay`` message (found in + :ref:`fault.proto `) has been deprecated. It was never used and setting it has no effect. It will be removed in the following release. diff --git a/docs/root/version_history/v1.11.0.rst b/docs/root/version_history/v1.11.0.rst index 10b48736b2db..78c9dce6d7c6 100644 --- a/docs/root/version_history/v1.11.0.rst +++ b/docs/root/version_history/v1.11.0.rst @@ -6,117 +6,117 @@ Changes * access log: added a new field for downstream TLS session ID to file and gRPC access logger. * access log: added a new field for route name to file and gRPC access logger. -* access log: added a new field for response code details in :ref:`file access logger` and :ref:`gRPC access logger`. -* access log: added several new variables for exposing information about the downstream TLS connection to :ref:`file access logger` and :ref:`gRPC access logger`. +* access log: added a new field for response code details in :ref:`file access logger ` and :ref:`gRPC access logger `. +* access log: added several new variables for exposing information about the downstream TLS connection to :ref:`file access logger ` and :ref:`gRPC access logger `. * access log: added a new flag for request rejected due to failed strict header check. -* admin: the administration interface now includes a :ref:`/ready endpoint ` for easier readiness checks. -* admin: extend :ref:`/runtime_modify endpoint ` to support parameters within the request body. -* admin: the :ref:`/listener endpoint ` now returns :ref:`listeners.proto` which includes listener names and ports. +* admin: the administration interface now includes a :ref:`/ready endpoint ` for easier readiness checks. +* admin: extend :ref:`/runtime_modify endpoint ` to support parameters within the request body. +* admin: the :ref:`/listener endpoint ` now returns :ref:`listeners.proto ` which includes listener names and ports. * admin: added host priority to :http:get:`/clusters` and :http:get:`/clusters?format=json` endpoint response -* admin: the :ref:`/clusters endpoint ` now shows hostname +* admin: the :ref:`/clusters endpoint ` now shows hostname for each host, useful for DNS based clusters. * api: track and report requests issued since last load report. * build: releases are built with Clang and linked with LLD. -* config: added :ref:stats_server_version_override` ` in bootstrap, that can be used to override :ref:`server.version statistic `. -* control-plane: management servers can respond with HTTP 304 to indicate that config is up to date for Envoy proxies polling a :ref:`REST API Config Type ` +* config: added :ref:`stats_server_version_override ` in bootstrap, that can be used to override :ref:`server.version statistic `. +* control-plane: management servers can respond with HTTP 304 to indicate that config is up to date for Envoy proxies polling a :ref:`REST API Config Type ` * csrf: added support for allowlisting additional source origins. * dns: added support for getting DNS record TTL which is used by STRICT_DNS/LOGICAL_DNS cluster as DNS refresh rate. -* dubbo_proxy: support the :ref:`dubbo proxy filter `. +* dubbo_proxy: support the :ref:`dubbo proxy filter `. * dynamo_request_parser: adding support for transactions. Adds check for new types of dynamodb operations (TransactWriteItems, TransactGetItems) and awareness for new types of dynamodb errors (IdempotentParameterMismatchException, TransactionCanceledException, TransactionInProgressException). -* eds: added support to specify max time for which endpoints can be used :ref:`gRPC filter `. -* eds: removed max limit for `load_balancing_weight`. -* event: added :ref:`loop duration and poll delay statistics `. -* ext_authz: added a `x-envoy-auth-partial-body` metadata header set to `false|true` indicating if there is a partial body sent in the authorization request message. +* eds: added support to specify max time for which endpoints can be used :ref:`gRPC filter `. +* eds: removed max limit for ``load_balancing_weight``. +* event: added :ref:`loop duration and poll delay statistics `. +* ext_authz: added a ``x-envoy-auth-partial-body`` metadata header set to ``false|true`` indicating if there is a partial body sent in the authorization request message. * ext_authz: added configurable status code that allows customizing HTTP responses on filter check status errors. -* ext_authz: added option to `ext_authz` that allows the filter clearing route cache. +* ext_authz: added option to ``ext_authz`` that allows the filter clearing route cache. * grpc-json: added support for :ref:`auto mapping - `. -* health check: added :ref:`initial jitter ` to add jitter to the first health check in order to prevent thundering herd on Envoy startup. + `. +* health check: added :ref:`initial jitter ` to add jitter to the first health check in order to prevent thundering herd on Envoy startup. * hot restart: stats are no longer shared between hot restart parent/child via shared memory, but rather by RPC. Hot restart version incremented to 11. * http: added the ability to pass a URL encoded PEM encoded peer certificate chain in the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header. * http: fixed a bug where large unbufferable responses were not tracked in stats and logs correctly. * http: fixed a crashing bug where gRPC local replies would cause segfaults when upstream access logging was on. -* http: mitigated a race condition with the :ref:`delayed_close_timeout` where it could trigger while actively flushing a pending write buffer for a downstream connection. -* http: added support for :ref:`preserve_external_request_id` that represents whether the x-request-id should not be reset on edge entry inside mesh -* http: changed `sendLocalReply` to send percent-encoded `GrpcMessage`. -* http: added a :ref:header_prefix` ` configuration option to allow Envoy to send and process x-custom- prefixed headers rather than x-envoy. -* http: added :ref:`dynamic forward proxy ` support. -* http: tracking the active stream and dumping state in Envoy crash handlers. This can be disabled by building with `--define disable_object_dump_on_signal_trace=disabled` +* http: mitigated a race condition with the :ref:`delayed_close_timeout ` where it could trigger while actively flushing a pending write buffer for a downstream connection. +* http: added support for :ref:`preserve_external_request_id ` that represents whether the x-request-id should not be reset on edge entry inside mesh +* http: changed ``sendLocalReply`` to send percent-encoded ``GrpcMessage``. +* http: added a :ref:`header_prefix ` configuration option to allow Envoy to send and process x-custom- prefixed headers rather than x-envoy. +* http: added :ref:`dynamic forward proxy ` support. +* http: tracking the active stream and dumping state in Envoy crash handlers. This can be disabled by building with ``--define disable_object_dump_on_signal_trace=disabled`` * jwt_authn: make filter's parsing of JWT more flexible, allowing syntax like ``jwt=eyJhbGciOiJS...ZFnFIw,extra=7,realm=123`` -* listener: added :ref:`source IP ` - and :ref:`source port ` filter +* listener: added :ref:`source IP ` + and :ref:`source port ` filter chain matching. * lua: exposed functions to Lua to verify digital signature. -* original_src filter: added the :ref:`filter`. -* outlier_detector: added configuration :ref:`outlier_detection.split_external_local_origin_errors` to distinguish locally and externally generated errors. See :ref:`arch_overview_outlier_detection` for full details. +* original_src filter: added the :ref:`filter `. +* outlier_detector: added configuration :ref:`outlier_detection.split_external_local_origin_errors ` to distinguish locally and externally generated errors. See :ref:`arch_overview_outlier_detection` for full details. * rbac: migrated from v2alpha to v2. * redis: add support for Redis cluster custom cluster type. * redis: automatically route commands using cluster slots for Redis cluster. -* redis: added :ref:`prefix routing ` to enable routing commands based on their key's prefix to different upstream. -* redis: added :ref:`request mirror policy ` to enable shadow traffic and/or dual writes. +* redis: added :ref:`prefix routing ` to enable routing commands based on their key's prefix to different upstream. +* redis: added :ref:`request mirror policy ` to enable shadow traffic and/or dual writes. * redis: add support for zpopmax and zpopmin commands. * redis: added - :ref:`max_buffer_size_before_flush ` to batch commands together until the encoder buffer hits a certain size, and - :ref:`buffer_flush_timeout ` to control how quickly the buffer is flushed if it is not full. -* redis: added auth support :ref:`downstream_auth_password ` for downstream client authentication, and :ref:`auth_password ` to configure authentication passwords for upstream server clusters. -* retry: added a retry predicate that :ref:`rejects canary hosts. ` -* router: add support for configuring a :ref:`gRPC timeout offset ` on incoming requests. -* router: added ability to control retry back-off intervals via :ref:`retry policy `. -* router: added ability to issue a hedged retry in response to a per try timeout via a :ref:`hedge policy `. + :ref:`max_buffer_size_before_flush ` to batch commands together until the encoder buffer hits a certain size, and + :ref:`buffer_flush_timeout ` to control how quickly the buffer is flushed if it is not full. +* redis: added auth support :ref:`downstream_auth_password ` for downstream client authentication, and :ref:`auth_password ` to configure authentication passwords for upstream server clusters. +* retry: added a retry predicate that :ref:`rejects canary hosts. ` +* router: add support for configuring a :ref:`gRPC timeout offset ` on incoming requests. +* router: added ability to control retry back-off intervals via :ref:`retry policy `. +* router: added ability to issue a hedged retry in response to a per try timeout via a :ref:`hedge policy `. * router: added a route name field to each http route in route.Route list * router: added several new variables for exposing information about the downstream TLS connection via :ref:`header - formatters `. + formatters `. * router: per try timeouts will no longer start before the downstream request has been received in full by the router.This ensures that the per try timeout does not account for slow downstreams and that will not start before the global timeout. -* router: added :ref:`RouteAction's auto_host_rewrite_header ` to allow upstream host header substitution with some other header's value +* router: added :ref:`RouteAction's auto_host_rewrite_header ` to allow upstream host header substitution with some other header's value * router: added support for UPSTREAM_REMOTE_ADDRESS :ref:`header formatter - `. + `. * router: add ability to reject a request that includes invalid values for - headers configured in :ref:`strict_check_headers ` + headers configured in :ref:`strict_check_headers ` * runtime: added support for :ref:`flexible layering configuration - `. + `. * runtime: added support for statically :ref:`specifying the runtime in the bootstrap configuration - `. -* runtime: :ref:`Runtime Discovery Service (RTDS) ` support added to layered runtime configuration. -* sandbox: added :ref:`CSRF sandbox `. + `. +* runtime: :ref:`Runtime Discovery Service (RTDS) ` support added to layered runtime configuration. +* sandbox: added :ref:`CSRF sandbox `. * server: ``--define manual_stamp=manual_stamp`` was added to allow server stamping outside of binary rules. more info in the `bazel docs `_. -* server: added :ref:`server state ` statistic. -* server: added :ref:`initialization_time_ms` statistic. -* subset: added :ref:`list_as_any` option to +* server: added :ref:`server state ` statistic. +* server: added :ref:`initialization_time_ms ` statistic. +* subset: added :ref:`list_as_any ` option to the subset lb which allows matching metadata against any of the values in a list value on the endpoints. -* tools: added :repo:`proto ` support for :ref:`router check tool ` tests. +* tools: added :repo:`proto ` support for :ref:`router check tool ` tests. * tracing: add trace sampling configuration to the route, to override the route level. -* upstream: added :ref:`upstream_cx_pool_overflow ` for the connection pool circuit breaker. +* upstream: added :ref:`upstream_cx_pool_overflow ` for the connection pool circuit breaker. * upstream: an EDS management server can now force removal of a host that is still passing active health checking by first marking the host as failed via EDS health check and subsequently removing it in a future update. This is a mechanism to work around a race condition in which an EDS implementation may remove a host before it has stopped passing active HC, thus causing the host to become stranded until a future update. -* upstream: added :ref:`an option ` +* upstream: added :ref:`an option ` that allows ignoring new hosts for the purpose of load balancing calculations until they have been health checked for the first time. * upstream: added runtime error checking to prevent setting dns type to STRICT_DNS or LOGICAL_DNS when custom resolver name is specified. -* upstream: added possibility to override fallback_policy per specific selector in :ref:`subset load balancer `. -* upstream: the :ref:`logical DNS cluster ` now +* upstream: added possibility to override fallback_policy per specific selector in :ref:`subset load balancer `. +* upstream: the :ref:`logical DNS cluster ` now displays the current resolved IP address in admin output instead of 0.0.0.0. Deprecated ---------- * The --max-stats and --max-obj-name-len flags no longer has any effect. -* Use of :ref:`cluster ` in :ref:`redis_proxy.proto ` is deprecated. Set a :ref:`catch_all_route ` instead. -* Use of :ref:`catch_all_cluster ` in :ref:`redis_proxy.proto ` is deprecated. Set a :ref:`catch_all_route ` instead. -* Use of json based schema in router check tool tests. The tests should follow validation :repo:`schema`. -* Use of the v1 style route configuration for the :ref:`TCP proxy filter ` - is now fully replaced with listener :ref:`filter chain matching `. +* Use of :ref:`cluster ` in :ref:`redis_proxy.proto ` is deprecated. Set a :ref:`catch_all_route ` instead. +* Use of :ref:`catch_all_cluster ` in :ref:`redis_proxy.proto ` is deprecated. Set a :ref:`catch_all_route ` instead. +* Use of json based schema in router check tool tests. The tests should follow validation :repo:`schema `. +* Use of the v1 style route configuration for the :ref:`TCP proxy filter ` + is now fully replaced with listener :ref:`filter chain matching `. Use this instead. -* Use of :ref:`runtime ` in :ref:`Bootstrap - `. Use :ref:`layered_runtime - ` instead. +* Use of :ref:`runtime ` in :ref:`Bootstrap + `. Use :ref:`layered_runtime + ` instead. * Specifying "deprecated_v1: true" in HTTP and network filter configuration to allow loading JSON configuration is now deprecated and will be removed in a following release. Update any custom filters to use protobuf configuration. A struct can be used for a mostly 1:1 conversion if needed. - The `envoy.deprecated_features.v1_filter_json_config` runtime key can be used to temporarily + The ``envoy.deprecated_features.v1_filter_json_config`` runtime key can be used to temporarily enable this feature once the deprecation becomes fail by default. diff --git a/docs/root/version_history/v1.11.1.rst b/docs/root/version_history/v1.11.1.rst index 6e770baa1e8f..53176eac2b29 100644 --- a/docs/root/version_history/v1.11.1.rst +++ b/docs/root/version_history/v1.11.1.rst @@ -4,16 +4,16 @@ Changes ------- -* http: added mitigation of client initiated attacks that result in flooding of the downstream HTTP/2 connections. Those attacks can be logged at the "warning" level when the runtime feature `http.connection_manager.log_flood_exception` is enabled. The runtime setting defaults to disabled to avoid log spam when under attack. -* http: added :ref:`inbound_empty_frames_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on consecutive inbound frames with an empty payload and no end stream flag. The limit is configured by setting the :ref:`max_consecutive_inbound_frames_with_empty_payload config setting `. - Runtime feature `envoy.reloadable_features.http2_protocol_options.max_consecutive_inbound_frames_with_empty_payload` overrides :ref:`max_consecutive_inbound_frames_with_empty_payload setting `. Large override value (i.e. 2147483647) effectively disables mitigation of inbound frames with empty payload. -* http: added :ref:`inbound_priority_frames_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on inbound PRIORITY frames. The limit is configured by setting the :ref:`max_inbound_priority_frames_per_stream config setting `. - Runtime feature `envoy.reloadable_features.http2_protocol_options.max_inbound_priority_frames_per_stream` overrides :ref:`max_inbound_priority_frames_per_stream setting `. Large override value effectively disables flood mitigation of inbound PRIORITY frames. -* http: added :ref:`inbound_window_update_frames_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on inbound WINDOW_UPDATE frames. The limit is configured by setting the :ref:`max_inbound_window_update_frames_per_data_frame_sent config setting `. - Runtime feature `envoy.reloadable_features.http2_protocol_options.max_inbound_window_update_frames_per_data_frame_sent` overrides :ref:`max_inbound_window_update_frames_per_data_frame_sent setting `. Large override value effectively disables flood mitigation of inbound WINDOW_UPDATE frames. -* http: added :ref:`outbound_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the outbound queue limit. The limit is configured by setting the :ref:`max_outbound_frames config setting ` - Runtime feature `envoy.reloadable_features.http2_protocol_options.max_outbound_frames` overrides :ref:`max_outbound_frames config setting `. Large override value effectively disables flood mitigation of outbound frames of all types. -* http: added :ref:`outbound_control_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the outbound queue limit for PING, SETTINGS and RST_STREAM frames. The limit is configured by setting the :ref:`max_outbound_control_frames config setting `. - Runtime feature `envoy.reloadable_features.http2_protocol_options.max_outbound_control_frames` overrides :ref:`max_outbound_control_frames config setting `. Large override value effectively disables flood mitigation of outbound frames of types PING, SETTINGS and RST_STREAM. -* http: enabled strict validation of HTTP/2 messaging. Previous behavior can be restored using :ref:`stream_error_on_invalid_http_messaging config setting `. - Runtime feature `envoy.reloadable_features.http2_protocol_options.stream_error_on_invalid_http_messaging` overrides :ref:`stream_error_on_invalid_http_messaging config setting `. +* http: added mitigation of client initiated attacks that result in flooding of the downstream HTTP/2 connections. Those attacks can be logged at the "warning" level when the runtime feature ``http.connection_manager.log_flood_exception`` is enabled. The runtime setting defaults to disabled to avoid log spam when under attack. +* http: added :ref:`inbound_empty_frames_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on consecutive inbound frames with an empty payload and no end stream flag. The limit is configured by setting the :ref:`max_consecutive_inbound_frames_with_empty_payload config setting `. + Runtime feature ``envoy.reloadable_features.http2_protocol_options.max_consecutive_inbound_frames_with_empty_payload`` overrides :ref:`max_consecutive_inbound_frames_with_empty_payload setting `. Large override value (i.e. 2147483647) effectively disables mitigation of inbound frames with empty payload. +* http: added :ref:`inbound_priority_frames_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on inbound PRIORITY frames. The limit is configured by setting the :ref:`max_inbound_priority_frames_per_stream config setting `. + Runtime feature ``envoy.reloadable_features.http2_protocol_options.max_inbound_priority_frames_per_stream`` overrides :ref:`max_inbound_priority_frames_per_stream setting `. Large override value effectively disables flood mitigation of inbound PRIORITY frames. +* http: added :ref:`inbound_window_update_frames_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the limit on inbound WINDOW_UPDATE frames. The limit is configured by setting the :ref:`max_inbound_window_update_frames_per_data_frame_sent config setting `. + Runtime feature ``envoy.reloadable_features.http2_protocol_options.max_inbound_window_update_frames_per_data_frame_sent`` overrides :ref:`max_inbound_window_update_frames_per_data_frame_sent setting `. Large override value effectively disables flood mitigation of inbound WINDOW_UPDATE frames. +* http: added :ref:`outbound_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the outbound queue limit. The limit is configured by setting the :ref:`max_outbound_frames config setting ` + Runtime feature ``envoy.reloadable_features.http2_protocol_options.max_outbound_frames`` overrides :ref:`max_outbound_frames config setting `. Large override value effectively disables flood mitigation of outbound frames of all types. +* http: added :ref:`outbound_control_flood ` counter stat to the HTTP/2 codec stats, for tracking number of connections terminated for exceeding the outbound queue limit for PING, SETTINGS and RST_STREAM frames. The limit is configured by setting the :ref:`max_outbound_control_frames config setting `. + Runtime feature ``envoy.reloadable_features.http2_protocol_options.max_outbound_control_frames`` overrides :ref:`max_outbound_control_frames config setting `. Large override value effectively disables flood mitigation of outbound frames of types PING, SETTINGS and RST_STREAM. +* http: enabled strict validation of HTTP/2 messaging. Previous behavior can be restored using :ref:`stream_error_on_invalid_http_messaging config setting `. + Runtime feature ``envoy.reloadable_features.http2_protocol_options.stream_error_on_invalid_http_messaging`` overrides :ref:`stream_error_on_invalid_http_messaging config setting `. diff --git a/docs/root/version_history/v1.11.2.rst b/docs/root/version_history/v1.11.2.rst index 61490a238ef8..77f6b40f118d 100644 --- a/docs/root/version_history/v1.11.2.rst +++ b/docs/root/version_history/v1.11.2.rst @@ -5,17 +5,17 @@ Changes ------- * http: fixed CVE-2019-15226 by adding a cached byte size in HeaderMap. -* http: added :ref:`max headers count ` for http connections. The default limit is 100. -* upstream: runtime feature `envoy.reloadable_features.max_response_headers_count` overrides the default limit for upstream :ref:`max headers count ` -* http: added :ref:`common_http_protocol_options ` - Runtime feature `envoy.reloadable_features.max_request_headers_count` overrides the default limit for downstream :ref:`max headers count ` +* http: added :ref:`max headers count ` for http connections. The default limit is 100. +* upstream: runtime feature `envoy.reloadable_features.max_response_headers_count` overrides the default limit for upstream :ref:`max headers count ` +* http: added :ref:`common_http_protocol_options ` + Runtime feature `envoy.reloadable_features.max_request_headers_count` overrides the default limit for downstream :ref:`max headers count ` * regex: backported safe regex matcher fix for CVE-2019-15225. Deprecated ---------- * Use of :ref:`idle_timeout - ` + ` is deprecated. Use :ref:`common_http_protocol_options - ` + ` instead. diff --git a/docs/root/version_history/v1.12.0.rst b/docs/root/version_history/v1.12.0.rst index 9bc7510639ec..ef1d0050194a 100644 --- a/docs/root/version_history/v1.12.0.rst +++ b/docs/root/version_history/v1.12.0.rst @@ -4,86 +4,86 @@ Changes ------- -* access log: added a new flag for :ref:`downstream protocol error `. -* access log: added :ref:`buffering ` and :ref:`periodical flushing ` support to gRPC access logger. Defaults to 16KB buffer and flushing every 1 second. -* access log: added DOWNSTREAM_DIRECT_REMOTE_ADDRESS and DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT :ref:`access log formatters ` and gRPC access logger. -* access log: gRPC Access Log Service (ALS) support added for :ref:`TCP access logs `. -* access log: reintroduced :ref:`filesystem ` stats and added the `write_failed` counter to track failed log writes. -* admin: added ability to configure listener :ref:`socket options `. -* admin: added config dump support for Secret Discovery Service :ref:`SecretConfigDump `. -* admin: added support for :ref:`draining ` listeners via admin interface. +* access log: added a new flag for :ref:`downstream protocol error `. +* access log: added :ref:`buffering ` and :ref:`periodical flushing ` support to gRPC access logger. Defaults to 16KB buffer and flushing every 1 second. +* access log: added DOWNSTREAM_DIRECT_REMOTE_ADDRESS and DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT :ref:`access log formatters ` and gRPC access logger. +* access log: gRPC Access Log Service (ALS) support added for :ref:`TCP access logs `. +* access log: reintroduced :ref:`filesystem ` stats and added the `write_failed` counter to track failed log writes. +* admin: added ability to configure listener :ref:`socket options `. +* admin: added config dump support for Secret Discovery Service :ref:`SecretConfigDump `. +* admin: added support for :ref:`draining ` listeners via admin interface. * admin: added :http:get:`/stats/recentlookups`, :http:post:`/stats/recentlookups/clear`, :http:post:`/stats/recentlookups/disable`, and :http:post:`/stats/recentlookups/enable` endpoints. -* api: added :ref:`set_node_on_first_message_only ` option to omit the node identifier from the subsequent discovery requests on the same stream. -* buffer filter: now populates content-length header if not present. This behavior can be temporarily disabled using the runtime feature `envoy.reloadable_features.buffer_filter_populate_content_length`. +* api: added :ref:`set_node_on_first_message_only ` option to omit the node identifier from the subsequent discovery requests on the same stream. +* buffer filter: now populates content-length header if not present. This behavior can be temporarily disabled using the runtime feature ``envoy.reloadable_features.buffer_filter_populate_content_length``. * build: official released binary is now PIE so it can be run with ASLR. -* config: added support for :ref:`delta xDS ` (including ADS) delivery. +* config: added support for :ref:`delta xDS ` (including ADS) delivery. * config: enforcing that terminal filters (e.g. HttpConnectionManager for L4, router for L7) be the last in their respective filter chains. -* config: added access log :ref:`extension filter`. +* config: added access log :ref:`extension filter `. * config: added support for :option:`--reject-unknown-dynamic-fields`, providing independent control over whether unknown fields are rejected in static and dynamic configuration. By default, unknown fields in static configuration are rejected and are allowed in dynamic configuration. Warnings are logged for the first use of any unknown field and these occurrences are counted in the - :ref:`server.static_unknown_fields ` and :ref:`server.dynamic_unknown_fields - ` statistics. + :ref:`server.static_unknown_fields ` and :ref:`server.dynamic_unknown_fields + ` statistics. * config: added async data access for local and remote data sources. -* config: changed the default value of :ref:`initial_fetch_timeout ` from 0s to 15s. This is a change in behaviour in the sense that Envoy will move to the next initialization phase, even if the first config is not delivered in 15s. Refer to :ref:`initialization process ` for more details. -* config: added stat :ref:`init_fetch_timeout `. -* config: tls_context in Cluster and FilterChain are deprecated in favor of transport socket. See :ref:`deprecated documentation` for more information. +* config: changed the default value of :ref:`initial_fetch_timeout ` from 0s to 15s. This is a change in behaviour in the sense that Envoy will move to the next initialization phase, even if the first config is not delivered in 15s. Refer to :ref:`initialization process ` for more details. +* config: added stat :ref:`init_fetch_timeout `. +* config: tls_context in Cluster and FilterChain are deprecated in favor of transport socket. See :ref:`deprecated documentation ` for more information. * csrf: added PATCH to supported methods. -* dns: added support for configuring :ref:`dns_failure_refresh_rate ` to set the DNS refresh rate during failures. -* ext_authz: added :ref:`configurable ability ` to send dynamic metadata to the `ext_authz` service. -* ext_authz: added :ref:`filter_enabled RuntimeFractionalPercent flag ` to filter. +* dns: added support for configuring :ref:`dns_failure_refresh_rate ` to set the DNS refresh rate during failures. +* ext_authz: added :ref:`configurable ability ` to send dynamic metadata to the `ext_authz` service. +* ext_authz: added :ref:`filter_enabled RuntimeFractionalPercent flag ` to filter. * ext_authz: added tracing to the HTTP client. -* ext_authz: deprecated :ref:`cluster scope stats ` in favour of filter scope stats. -* fault: added overrides for default runtime keys in :ref:`HTTPFault ` filter. -* grpc: added :ref:`AWS IAM grpc credentials extension ` for AWS-managed xDS. -* grpc: added :ref:`gRPC stats filter ` for collecting stats about gRPC calls and streaming message counts. -* grpc-json: added support for :ref:`ignoring unknown query parameters`. -* grpc-json: added support for :ref:`the grpc-status-details-bin header`. -* header to metadata: added :ref:`PROTOBUF_VALUE ` and :ref:`ValueEncode ` to support protobuf Value and Base64 encoding. -* http: added a default one hour idle timeout to upstream and downstream connections. HTTP connections with no streams and no activity will be closed after one hour unless the default idle_timeout is overridden. To disable upstream idle timeouts, set the :ref:`idle_timeout ` to zero in Cluster :ref:`http_protocol_options`. To disable downstream idle timeouts, either set :ref:`idle_timeout ` to zero in the HttpConnectionManager :ref:`common_http_protocol_options ` or set the deprecated :ref:`connection manager ` field to zero. -* http: added the ability to format HTTP/1.1 header keys using :ref:`header_key_format `. -* http: added the ability to reject HTTP/1.1 requests with invalid HTTP header values, using the runtime feature `envoy.reloadable_features.strict_header_validation`. -* http: changed Envoy to forward existing x-forwarded-proto from upstream trusted proxies. Guarded by `envoy.reloadable_features.trusted_forwarded_proto` which defaults true. -* http: added the ability to configure the behavior of the server response header, via the :ref:`server_header_transformation` field. -* http: added the ability to :ref:`merge adjacent slashes` in the path. -* http: :ref:`AUTO ` codec protocol inference now requires the H2 magic bytes to be the first bytes transmitted by a downstream client. +* ext_authz: deprecated :ref:`cluster scope stats ` in favour of filter scope stats. +* fault: added overrides for default runtime keys in :ref:`HTTPFault ` filter. +* grpc: added :ref:`AWS IAM grpc credentials extension ` for AWS-managed xDS. +* grpc: added :ref:`gRPC stats filter ` for collecting stats about gRPC calls and streaming message counts. +* grpc-json: added support for :ref:`ignoring unknown query parameters `. +* grpc-json: added support for :ref:`the grpc-status-details-bin header `. +* header to metadata: added :ref:`PROTOBUF_VALUE ` and :ref:`ValueEncode ` to support protobuf Value and Base64 encoding. +* http: added a default one hour idle timeout to upstream and downstream connections. HTTP connections with no streams and no activity will be closed after one hour unless the default idle_timeout is overridden. To disable upstream idle timeouts, set the :ref:`idle_timeout ` to zero in Cluster :ref:`http_protocol_options `. To disable downstream idle timeouts, either set :ref:`idle_timeout ` to zero in the HttpConnectionManager :ref:`common_http_protocol_options ` or set the deprecated :ref:`connection manager ` field to zero. +* http: added the ability to format HTTP/1.1 header keys using :ref:`header_key_format `. +* http: added the ability to reject HTTP/1.1 requests with invalid HTTP header values, using the runtime feature ``envoy.reloadable_features.strict_header_validation``. +* http: changed Envoy to forward existing x-forwarded-proto from upstream trusted proxies. Guarded by ``envoy.reloadable_features.trusted_forwarded_proto`` which defaults true. +* http: added the ability to configure the behavior of the server response header, via the :ref:`server_header_transformation ` field. +* http: added the ability to :ref:`merge adjacent slashes ` in the path. +* http: :ref:`AUTO ` codec protocol inference now requires the H2 magic bytes to be the first bytes transmitted by a downstream client. * http: remove h2c upgrade headers for HTTP/1 as h2c upgrades are currently not supported. -* http: absolute URL support is now on by default. The prior behavior can be reinstated by setting :ref:`allow_absolute_url ` to false. -* http: support :ref:`host rewrite ` in the dynamic forward proxy. -* http: support :ref:`disabling the filter per route ` in the grpc http1 reverse bridge filter. -* http: added the ability to :ref:`configure max connection duration ` for downstream connections. -* listeners: added :ref:`continue_on_listener_filters_timeout ` to configure whether a listener will still create a connection when listener filters time out. -* listeners: added :ref:`HTTP inspector listener filter `. -* listeners: added :ref:`connection balancer ` +* http: absolute URL support is now on by default. The prior behavior can be reinstated by setting :ref:`allow_absolute_url ` to false. +* http: support :ref:`host rewrite ` in the dynamic forward proxy. +* http: support :ref:`disabling the filter per route ` in the grpc http1 reverse bridge filter. +* http: added the ability to :ref:`configure max connection duration ` for downstream connections. +* listeners: added :ref:`continue_on_listener_filters_timeout ` to configure whether a listener will still create a connection when listener filters time out. +* listeners: added :ref:`HTTP inspector listener filter `. +* listeners: added :ref:`connection balancer ` configuration for TCP listeners. * listeners: listeners now close the listening socket as part of the draining stage as soon as workers stop accepting their connections. -* lua: extended `httpCall()` and `respond()` APIs to accept headers with entry values that can be a string or table of strings. -* lua: extended `dynamicMetadata:set()` to allow setting complex values. +* lua: extended ``httpCall()`` and ``respond()`` APIs to accept headers with entry values that can be a string or table of strings. +* lua: extended ``dynamicMetadata:set()`` to allow setting complex values. * metrics_service: added support for flushing histogram buckets. -* outlier_detector: added :ref:`support for the grpc-status response header ` by mapping it to HTTP status. Guarded by envoy.reloadable_features.outlier_detection_support_for_grpc_status which defaults to true. +* outlier_detector: added :ref:`support for the grpc-status response header ` by mapping it to HTTP status. Guarded by envoy.reloadable_features.outlier_detection_support_for_grpc_status which defaults to true. * performance: new buffer implementation enabled by default (to disable add "--use-libevent-buffers 1" to the command-line arguments when starting Envoy). * performance: stats symbol table implementation (disabled by default; to test it, add "--use-fake-symbol-table 0" to the command-line arguments when starting Envoy). -* rbac: added support for DNS SAN as :ref:`principal_name `. -* redis: added :ref:`enable_command_stats ` to enable :ref:`per command statistics ` for upstream clusters. -* redis: added :ref:`read_policy ` to allow reading from redis replicas for Redis Cluster deployments. +* rbac: added support for DNS SAN as :ref:`principal_name `. +* redis: added :ref:`enable_command_stats ` to enable :ref:`per command statistics ` for upstream clusters. +* redis: added :ref:`read_policy ` to allow reading from redis replicas for Redis Cluster deployments. * redis: fixed a bug where the redis health checker ignored the upstream auth password. * redis: enable_hashtaging is always enabled when the upstream uses open source Redis cluster protocol. -* regex: introduced new :ref:`RegexMatcher ` type that +* regex: introduced new :ref:`RegexMatcher ` type that provides a safe regex implementation for untrusted user input. This type is now used in all configuration that processes user provided input. See :ref:`deprecated configuration details - ` for more information. -* rbac: added conditions to the policy, see :ref:`condition `. -* router: added :ref:`rq_retry_skipped_request_not_complete ` counter stat to router stats. -* router: :ref:`scoped routing ` is supported. -* router: added new :ref:`retriable-headers ` retry policy. Retries can now be configured to trigger by arbitrary response header matching. + ` for more information. +* rbac: added conditions to the policy, see :ref:`condition `. +* router: added :ref:`rq_retry_skipped_request_not_complete ` counter stat to router stats. +* router: :ref:`scoped routing ` is supported. +* router: added new :ref:`retriable-headers ` retry policy. Retries can now be configured to trigger by arbitrary response header matching. * router: added ability for most specific header mutations to take precedence, see :ref:`route configuration's most specific - header mutations wins flag `. -* router: added :ref:`respect_expected_rq_timeout ` that instructs ingress Envoy to respect :ref:`config_http_filters_router_x-envoy-expected-rq-timeout-ms` header, populated by egress Envoy, when deriving timeout for upstream cluster. -* router: added new :ref:`retriable request headers ` to route configuration, to allow limiting buffering for retries and shadowing. -* router: added new :ref:`retriable request headers ` to retry policies. Retries can now be configured to only trigger on request header match. + header mutations wins flag `. +* router: added :ref:`respect_expected_rq_timeout ` that instructs ingress Envoy to respect :ref:`config_http_filters_router_x-envoy-expected-rq-timeout-ms` header, populated by egress Envoy, when deriving timeout for upstream cluster. +* router: added new :ref:`retriable request headers ` to route configuration, to allow limiting buffering for retries and shadowing. +* router: added new :ref:`retriable request headers ` to retry policies. Retries can now be configured to only trigger on request header match. * router: added the ability to match a route based on whether a TLS certificate has been - :ref:`presented ` by the + :ref:`presented ` by the downstream connection. * router check tool: added coverage reporting & enforcement. * router check tool: added comprehensive coverage reporting. @@ -93,69 +93,69 @@ Changes * router check tool: added coverage reporting for direct response routes. * runtime: allows for the ability to parse boolean values. * runtime: allows for the ability to parse integers as double values and vice-versa. -* sds: added :ref:`session_ticket_keys_sds_secret_config ` for loading TLS Session Ticket Encryption Keys using SDS API. +* sds: added :ref:`session_ticket_keys_sds_secret_config ` for loading TLS Session Ticket Encryption Keys using SDS API. * server: added a post initialization lifecycle event, in addition to the existing startup and shutdown events. -* server: added :ref:`per-handler listener stats ` and - :ref:`per-worker watchdog stats ` to help diagnosing event +* server: added :ref:`per-handler listener stats ` and + :ref:`per-worker watchdog stats ` to help diagnosing event loop imbalance and general performance issues. * stats: added unit support to histogram. * tcp_proxy: the default :ref:`idle_timeout - ` is now 1 hour. + ` is now 1 hour. * thrift_proxy: fixed crashing bug on invalid transport/protocol framing. * thrift_proxy: added support for stripping service name from method when using the multiplexed protocol. * tls: added verification of IP address SAN fields in certificates against configured SANs in the certificate validation context. * tracing: added support to the Zipkin reporter for sending list of spans as Zipkin JSON v2 and protobuf message over HTTP. certificate validation context. * tracing: added tags for gRPC response status and message. -* tracing: added :ref:`max_path_tag_length ` to support customizing the length of the request path included in the extracted `http.url `_ tag. -* upstream: added :ref:`an option ` that allows draining HTTP, TCP connection pools on cluster membership change. -* upstream: added :ref:`transport_socket_matches `, support using different transport socket config when connecting to different upstream endpoints within a cluster. -* upstream: added network filter chains to upstream connections, see :ref:`filters`. -* upstream: added new :ref:`failure-percentage based outlier detection` mode. +* tracing: added :ref:`max_path_tag_length ` to support customizing the length of the request path included in the extracted `http.url `_ tag. +* upstream: added :ref:`an option ` that allows draining HTTP, TCP connection pools on cluster membership change. +* upstream: added :ref:`transport_socket_matches `, support using different transport socket config when connecting to different upstream endpoints within a cluster. +* upstream: added network filter chains to upstream connections, see :ref:`filters `. +* upstream: added new :ref:`failure-percentage based outlier detection ` mode. * upstream: uses p2c to select hosts for least-requests load balancers if all host weights are the same, even in cases where weights are not equal to 1. -* upstream: added :ref:`fail_traffic_on_panic ` to allow failing all requests to a cluster during panic state. +* upstream: added :ref:`fail_traffic_on_panic ` to allow failing all requests to a cluster during panic state. * zookeeper: parses responses and emits latency stats. Deprecated ---------- -* The ORIGINAL_DST_LB :ref:`load balancing policy ` is +* The ORIGINAL_DST_LB :ref:`load balancing policy ` is deprecated, use CLUSTER_PROVIDED policy instead when configuring an :ref:`original destination - cluster `. -* The `regex` field in :ref:`StringMatcher ` has been - deprecated in favor of the `safe_regex` field. -* The `regex` field in :ref:`RouteMatch ` has been - deprecated in favor of the `safe_regex` field. -* The `allow_origin` and `allow_origin_regex` fields in :ref:`CorsPolicy - ` have been deprecated in favor of the - `allow_origin_string_match` field. -* The `pattern` and `method` fields in :ref:`VirtualCluster ` - have been deprecated in favor of the `headers` field. -* The `regex_match` field in :ref:`HeaderMatcher ` has been - deprecated in favor of the `safe_regex_match` field. -* The `value` and `regex` fields in :ref:`QueryParameterMatcher - ` has been deprecated in favor of the `string_match` - and `present_match` fields. + cluster `. +* The `regex` field in :ref:`StringMatcher ` has been + deprecated in favor of the ``safe_regex`` field. +* The `regex` field in :ref:`RouteMatch ` has been + deprecated in favor of the ``safe_regex`` field. +* The ``allow_origin`` and ``allow_origin_regex`` fields in :ref:`CorsPolicy + ` have been deprecated in favor of the + ``allow_origin_string_match`` field. +* The ``pattern`` and ``method`` fields in :ref:`VirtualCluster ` + have been deprecated in favor of the ``headers`` field. +* The `regex_match` field in :ref:`HeaderMatcher ` has been + deprecated in favor of the ``safe_regex_match`` field. +* The ``value`` and ``regex`` fields in :ref:`QueryParameterMatcher + ` has been deprecated in favor of the ``string_match`` + and ``present_match`` fields. * The :option:`--allow-unknown-fields` command-line option, use :option:`--allow-unknown-static-fields` instead. * The use of HTTP_JSON_V1 :ref:`Zipkin collector endpoint version - ` or not explicitly + ` or not explicitly specifying it is deprecated, use HTTP_JSON or HTTP_PROTO instead. * The `operation_name` field in :ref:`HTTP connection manager - ` - has been deprecated in favor of the `traffic_direction` field in - :ref:`Listener `. The latter takes priority if + ` + has been deprecated in favor of the ``traffic_direction`` field in + :ref:`Listener `. The latter takes priority if specified. -* The `tls_context` field in :ref:`Filter chain ` message - and :ref:`Cluster ` message have been deprecated in favor of - `transport_socket` with name `envoy.transport_sockets.tls`. The latter takes priority if specified. -* The `use_http2` field in - :ref:`HTTP health checker ` has been deprecated in - favor of the `codec_client_type` field. -* The use of :ref:`gRPC bridge filter ` for +* The `tls_context` field in :ref:`Filter chain ` message + and :ref:`Cluster ` message have been deprecated in favor of + ``transport_socket`` with name ``envoy.transport_sockets.tls``. The latter takes priority if specified. +* The ``use_http2`` field in + :ref:`HTTP health checker ` has been deprecated in + favor of the ``codec_client_type`` field. +* The use of :ref:`gRPC bridge filter ` for gRPC stats has been deprecated in favor of the dedicated :ref:`gRPC stats - filter ` -* Ext_authz filter stats `ok`, `error`, `denied`, `failure_mode_allowed` in + filter ` +* Ext_authz filter stats ``ok``, ``error``, ``denied``, ``failure_mode_allowed`` in *cluster..ext_authz.* namespace is deprecated. Use *http..ext_authz.* namespace to access same counters instead. * Use of google.protobuf.Struct for extension opaque configs is deprecated. Use google.protobuf.Any instead or pack diff --git a/docs/root/version_history/v1.12.2.rst b/docs/root/version_history/v1.12.2.rst index 041e9d8429c6..d3c5183e23cb 100644 --- a/docs/root/version_history/v1.12.2.rst +++ b/docs/root/version_history/v1.12.2.rst @@ -7,5 +7,5 @@ Changes * http: fixed CVE-2019-18801 by allocating sufficient memory for request headers. * http: fixed CVE-2019-18802 by implementing stricter validation of HTTP/1 headers. * http: trim LWS at the end of header keys, for correct HTTP/1.1 header parsing. -* http: added strict authority checking. This can be reversed temporarily by setting the runtime feature `envoy.reloadable_features.strict_authority_validation` to false. +* http: added strict authority checking. This can be reversed temporarily by setting the runtime feature ``envoy.reloadable_features.strict_authority_validation`` to false. * route config: fixed CVE-2019-18838 by checking for presence of host/path headers. diff --git a/docs/root/version_history/v1.12.3.rst b/docs/root/version_history/v1.12.3.rst index a4e1dff40d27..53b87280ad7b 100644 --- a/docs/root/version_history/v1.12.3.rst +++ b/docs/root/version_history/v1.12.3.rst @@ -5,7 +5,7 @@ Changes ------- * buffer: force copy when appending small slices to OwnedImpl buffer to avoid fragmentation. -* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature `envoy.reloadable_features.http1_flood_protection`. -* listeners: fixed issue where :ref:`TLS inspector listener filter ` could have been bypassed by a client using only TLS 1.3. -* rbac: added :ref:`url_path ` for matching URL path without the query and fragment string. +* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature ``envoy.reloadable_features.http1_flood_protection``. +* listeners: fixed issue where :ref:`TLS inspector listener filter ` could have been bypassed by a client using only TLS 1.3. +* rbac: added :ref:`url_path ` for matching URL path without the query and fragment string. * sds: fixed the SDS vulnerability that TLS validation context (e.g., subject alt name or hash) cannot be effectively validated in some cases. diff --git a/docs/root/version_history/v1.12.4.rst b/docs/root/version_history/v1.12.4.rst index 1635bbb5f000..7b606d34dbce 100644 --- a/docs/root/version_history/v1.12.4.rst +++ b/docs/root/version_history/v1.12.4.rst @@ -4,5 +4,5 @@ Changes ------- -* http: added :ref:`headers_with_underscores_action setting ` to control how client requests with header names containing underscore characters are handled. The options are to allow such headers, reject request or drop headers. The default is to allow headers, preserving existing behavior. +* http: added :ref:`headers_with_underscores_action setting ` to control how client requests with header names containing underscore characters are handled. The options are to allow such headers, reject request or drop headers. The default is to allow headers, preserving existing behavior. * http: fixed CVE-2020-11080 by rejecting HTTP/2 SETTINGS frames with too many parameters. diff --git a/docs/root/version_history/v1.12.5.rst b/docs/root/version_history/v1.12.5.rst index b246e20d885b..dcca35f09aef 100644 --- a/docs/root/version_history/v1.12.5.rst +++ b/docs/root/version_history/v1.12.5.rst @@ -4,8 +4,8 @@ Changes ------- * buffer: fixed CVE-2020-12603 by avoiding fragmentation, and tracking of HTTP/2 data and control frames in the output buffer. -* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` +* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` to also defend against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client. * http: fixed CVE-2020-12605 by including request URL in request header size computation, and rejecting partial headers that exceed configured limits. -* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. -* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. +* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. +* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. diff --git a/docs/root/version_history/v1.12.6.rst b/docs/root/version_history/v1.12.6.rst index b4abcd6ee8da..5d562d587543 100644 --- a/docs/root/version_history/v1.12.6.rst +++ b/docs/root/version_history/v1.12.6.rst @@ -1,3 +1,3 @@ 1.12.6 (July 7, 2020) ===================== -* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature `envoy.reloadable_features.fix_wildcard_matching` to false. +* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature ``envoy.reloadable_features.fix_wildcard_matching`` to false. diff --git a/docs/root/version_history/v1.13.0.rst b/docs/root/version_history/v1.13.0.rst index 1e0416713c48..b29783554703 100644 --- a/docs/root/version_history/v1.13.0.rst +++ b/docs/root/version_history/v1.13.0.rst @@ -4,82 +4,82 @@ Changes ------- -* access log: added FILTER_STATE :ref:`access log formatters ` and gRPC access logger. -* admin: added the ability to filter :ref:`/config_dump `. -* access log: added a :ref:`typed JSON logging mode ` to output access logs in JSON format with non-string values -* access log: fixed UPSTREAM_LOCAL_ADDRESS :ref:`access log formatters ` to work for http requests +* access log: added FILTER_STATE :ref:`access log formatters ` and gRPC access logger. +* admin: added the ability to filter :ref:`/config_dump `. +* access log: added a :ref:`typed JSON logging mode ` to output access logs in JSON format with non-string values +* access log: fixed UPSTREAM_LOCAL_ADDRESS :ref:`access log formatters ` to work for http requests * access log: added HOSTNAME. * api: remove all support for v1 -* api: added ability to specify `mode` for :ref:`Pipe `. +* api: added ability to specify `mode` for :ref:`Pipe `. * api: support for the v3 xDS API added. See :ref:`api_supported_versions`. -* aws_request_signing: added new alpha :ref:`HTTP AWS request signing filter `. +* aws_request_signing: added new alpha HTTP AWS request signing filter * buffer: remove old implementation * build: official released binary is now built against libc++. -* cluster: added :ref:`aggregate cluster ` that allows load balancing between clusters. +* cluster: added :ref:`aggregate cluster ` that allows load balancing between clusters. * config: all category names of internal envoy extensions are prefixed with the 'envoy.' prefix to follow the reverse DNS naming notation. * decompressor: remove decompressor hard assert failure and replace with an error flag. -* ext_authz: added :ref:`configurable ability` to send the :ref:`certificate` to the `ext_authz` service. -* fault: fixed an issue where the http fault filter would repeatedly check the percentage of abort/delay when the `x-envoy-downstream-service-cluster` header was included in the request to ensure that the actual percentage of abort/delay matches the configuration of the filter. +* ext_authz: added :ref:`configurable ability ` to send the :ref:`certificate ` to the `ext_authz` service. +* fault: fixed an issue where the http fault filter would repeatedly check the percentage of abort/delay when the ``x-envoy-downstream-service-cluster`` header was included in the request to ensure that the actual percentage of abort/delay matches the configuration of the filter. * health check: gRPC health checker sets the gRPC deadline to the configured timeout duration. -* health check: added :ref:`TlsOptions ` to allow TLS configuration overrides. -* health check: added :ref:`service_name_matcher ` to better compare the service name patterns for health check identity. -* http: added strict validation that CONNECT is refused as it is not yet implemented. This can be reversed temporarily by setting the runtime feature `envoy.reloadable_features.strict_method_validation` to false. -* http: added support for http1 trailers. To enable use :ref:`enable_trailers `. -* http: added the ability to sanitize headers nominated by the Connection header. This new behavior is guarded by envoy.reloadable_features.connection_header_sanitization which defaults to true. -* http: blocks unsupported transfer-encodings. Can be reverted temporarily by setting runtime feature `envoy.reloadable_features.reject_unsupported_transfer_encodings` to false. -* http: support :ref:`auto_host_rewrite_header` in the dynamic forward proxy. -* jwt_authn: added :ref:`allow_missing` option that accepts request without token but rejects bad request with bad tokens. -* jwt_authn: added :ref:`bypass_cors_preflight` to allow bypassing the CORS preflight request. -* lb_subset_config: new fallback policy for selectors: :ref:`KEYS_SUBSET` -* listeners: added :ref:`reuse_port` option. -* logger: added :ref:`--log-format-escaped ` command line option to escape newline characters in application logs. -* ratelimit: added :ref:`local rate limit ` network filter. -* rbac: added support for matching all subject alt names instead of first in :ref:`principal_name `. +* health check: added :ref:`TlsOptions ` to allow TLS configuration overrides. +* health check: added :ref:`service_name_matcher ` to better compare the service name patterns for health check identity. +* http: added strict validation that CONNECT is refused as it is not yet implemented. This can be reversed temporarily by setting the runtime feature ``envoy.reloadable_features.strict_method_validation`` to false. +* http: added support for http1 trailers. To enable use :ref:`enable_trailers `. +* http: added the ability to sanitize headers nominated by the Connection header. This new behavior is guarded by ``envoy.reloadable_features.connection_header_sanitization`` which defaults to true. +* http: blocks unsupported transfer-encodings. Can be reverted temporarily by setting runtime feature ``envoy.reloadable_features.reject_unsupported_transfer_encodings`` to false. +* http: support :ref:`auto_host_rewrite_header ` in the dynamic forward proxy. +* jwt_authn: added :ref:`allow_missing ` option that accepts request without token but rejects bad request with bad tokens. +* jwt_authn: added :ref:`bypass_cors_preflight ` to allow bypassing the CORS preflight request. +* lb_subset_config: new fallback policy for selectors: :ref:`KEYS_SUBSET ` +* listeners: added :ref:`reuse_port ` option. +* logger: added :ref:`--log-format-escaped ` command line option to escape newline characters in application logs. +* ratelimit: added :ref:`local rate limit ` network filter. +* rbac: added support for matching all subject alt names instead of first in :ref:`principal_name `. * redis: performance improvement for larger split commands by avoiding string copies. * redis: correctly follow MOVE/ASK redirection for mirrored clusters. -* redis: add :ref:`host_degraded_refresh_threshold ` and :ref:`failure_refresh_threshold ` to refresh topology when nodes are degraded or when requests fails. -* router: added histograms to show timeout budget usage to the :ref:`cluster stats `. +* redis: add :ref:`host_degraded_refresh_threshold ` and :ref:`failure_refresh_threshold ` to refresh topology when nodes are degraded or when requests fails. +* router: added histograms to show timeout budget usage to the :ref:`cluster stats `. * router check tool: added support for testing and marking coverage for routes of runtime fraction 0. -* router: added :ref:`request_mirror_policies` to support sending multiple mirrored requests in one route. -* router: added support for REQ(header-name) :ref:`header formatter `. -* router: added support for percentage-based :ref:`retry budgets ` -* router: allow using a :ref:`query parameter ` for HTTP consistent hashing. +* router: added :ref:`request_mirror_policies ` to support sending multiple mirrored requests in one route. +* router: added support for REQ(header-name) :ref:`header formatter `. +* router: added support for percentage-based :ref:`retry budgets ` +* router: allow using a :ref:`query parameter ` for HTTP consistent hashing. * router: exposed DOWNSTREAM_REMOTE_ADDRESS as custom HTTP request/response headers. -* router: added support for :ref:`max_internal_redirects ` for configurable maximum internal redirect hops. +* router: added support for :ref:`max_internal_redirects ` for configurable maximum internal redirect hops. * router: skip the Location header when the response code is not a 201 or a 3xx. -* router: added :ref:`auto_sni ` to support setting SNI to transport socket for new upstream connections based on the downstream HTTP host/authority header. +* router: added :ref:`auto_sni ` to support setting SNI to transport socket for new upstream connections based on the downstream HTTP host/authority header. * router: added support for HOSTNAME :ref:`header formatter - `. + `. * server: added the :option:`--disable-extensions` CLI option, to disable extensions at startup. * server: fixed a bug in config validation for configs with runtime layers. -* server: added :ref:`workers_started ` that indicates whether listeners have been fully initialized on workers. -* tcp_proxy: added :ref:`ClusterWeight.metadata_match`. -* tcp_proxy: added :ref:`hash_policy`. +* server: added :ref:`workers_started ` that indicates whether listeners have been fully initialized on workers. +* tcp_proxy: added :ref:`ClusterWeight.metadata_match `. +* tcp_proxy: added :ref:`hash_policy `. * thrift_proxy: added support for cluster header based routing. * thrift_proxy: added stats to the router filter. * tls: remove TLS 1.0 and 1.1 from client defaults -* tls: added support for :ref:`generic string matcher ` for subject alternative names. -* tracing: added the ability to set custom tags on both the :ref:`HTTP connection manager` and the :ref:`HTTP route `. +* tls: added support for :ref:`generic string matcher ` for subject alternative names. +* tracing: added the ability to set custom tags on both the :ref:`HTTP connection manager ` and the :ref:`HTTP route `. * tracing: added upstream_address tag. -* tracing: added initial support for AWS X-Ray (local sampling rules only) :ref:`X-Ray Tracing `. +* tracing: added initial support for AWS X-Ray (local sampling rules only) :ref:`X-Ray Tracing `. * tracing: added tags for gRPC request path, authority, content-type and timeout. -* udp: added initial support for :ref:`UDP proxy ` +* udp: added initial support for :ref:`UDP proxy ` Deprecated ---------- * The `request_headers_for_tags` field in :ref:`HTTP connection manager - ` + ` has been deprecated in favor of the :ref:`custom_tags - ` field. + ` field. * The `verify_subject_alt_name` field in :ref:`Certificate Validation Context - ` + ` has been deprecated in favor of the :ref:`match_subject_alt_names - ` field. -* The `request_mirror_policy` field in :ref:`RouteMatch ` has been deprecated in - favor of the `request_mirror_policies` field. -* The `service_name` field in - :ref:`HTTP health checker ` has been deprecated in - favor of the `service_name_matcher` field. + ` field. +* The ``request_mirror_policy`` field in :ref:`RouteMatch ` has been deprecated in + favor of the ``request_mirror_policies`` field. +* The ``service_name`` field in + :ref:`HTTP health checker ` has been deprecated in + favor of the ``service_name_matcher`` field. * The v2 xDS API is deprecated. It will be supported by Envoy until EOY 2020. See :ref:`api_supported_versions`. diff --git a/docs/root/version_history/v1.13.1.rst b/docs/root/version_history/v1.13.1.rst index 379edc6fed47..46d05ebc9d5c 100644 --- a/docs/root/version_history/v1.13.1.rst +++ b/docs/root/version_history/v1.13.1.rst @@ -5,7 +5,7 @@ Changes ------- * buffer: force copy when appending small slices to OwnedImpl buffer to avoid fragmentation. -* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature `envoy.reloadable_features.http1_flood_protection`. -* listeners: fixed issue where :ref:`TLS inspector listener filter ` could have been bypassed by a client using only TLS 1.3. -* rbac: added :ref:`url_path ` for matching URL path without the query and fragment string. +* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature ``envoy.reloadable_features.http1_flood_protection``. +* listeners: fixed issue where :ref:`TLS inspector listener filter ` could have been bypassed by a client using only TLS 1.3. +* rbac: added :ref:`url_path ` for matching URL path without the query and fragment string. * sds: fixed the SDS vulnerability that TLS validation context (e.g., subject alt name or hash) cannot be effectively validated in some cases. diff --git a/docs/root/version_history/v1.13.2.rst b/docs/root/version_history/v1.13.2.rst index 641bbaa451d4..5ef942997b7c 100644 --- a/docs/root/version_history/v1.13.2.rst +++ b/docs/root/version_history/v1.13.2.rst @@ -4,5 +4,5 @@ Changes ------- -* http: added :ref:`headers_with_underscores_action setting ` to control how client requests with header names containing underscore characters are handled. The options are to allow such headers, reject request or drop headers. The default is to allow headers, preserving existing behavior. +* http: added :ref:`headers_with_underscores_action setting ` to control how client requests with header names containing underscore characters are handled. The options are to allow such headers, reject request or drop headers. The default is to allow headers, preserving existing behavior. * http: fixed CVE-2020-11080 by rejecting HTTP/2 SETTINGS frames with too many parameters. diff --git a/docs/root/version_history/v1.13.3.rst b/docs/root/version_history/v1.13.3.rst index 6002a62c496b..8cdbfe128c93 100644 --- a/docs/root/version_history/v1.13.3.rst +++ b/docs/root/version_history/v1.13.3.rst @@ -5,8 +5,8 @@ Changes ------- * buffer: fixed CVE-2020-12603 by avoiding fragmentation, and tracking of HTTP/2 data and control frames in the output buffer. -* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` +* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` to also defend against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client. * http: fixed CVE-2020-12605 by including request URL in request header size computation, and rejecting partial headers that exceed configured limits. -* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. -* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. +* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. +* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. diff --git a/docs/root/version_history/v1.13.4.rst b/docs/root/version_history/v1.13.4.rst index 60ca6acece27..03a78e8be6e4 100644 --- a/docs/root/version_history/v1.13.4.rst +++ b/docs/root/version_history/v1.13.4.rst @@ -1,3 +1,3 @@ 1.13.4 (July 7, 2020) ===================== -* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature `envoy.reloadable_features.fix_wildcard_matching` to false. +* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature ``envoy.reloadable_features.fix_wildcard_matching`` to false. diff --git a/docs/root/version_history/v1.14.0.rst b/docs/root/version_history/v1.14.0.rst index 649a34d1cce3..b677dac0f96d 100644 --- a/docs/root/version_history/v1.14.0.rst +++ b/docs/root/version_history/v1.14.0.rst @@ -5,93 +5,93 @@ Changes ------- * access log: access logger extensions use the "envoy.access_loggers" name space. A mapping - of extension names is available in the :ref:`deprecated ` documentation. -* access log: added support for `%DOWNSTREAM_LOCAL_PORT%` :ref:`access log formatters `. -* access log: fixed `%DOWSTREAM_DIRECT_REMOTE_ADDRESS%` when used with PROXY protocol listener filter. -* access log: introduced :ref:`connection-level access loggers`. + of extension names is available in the :ref:`deprecated ` documentation. +* access log: added support for ``%DOWNSTREAM_LOCAL_PORT%`` :ref:`access log formatters `. +* access log: fixed ``%DOWSTREAM_DIRECT_REMOTE_ADDRESS%`` when used with PROXY protocol listener filter. +* access log: introduced :ref:`connection-level access loggers `. * adaptive concurrency: fixed bug that allowed concurrency limits to drop below the configured minimum. * adaptive concurrency: minRTT is now triggered when the minimum concurrency is maintained for 5 consecutive sampling intervals. -* admin: added support for displaying ip address subject alternate names in :ref:`certs` end point. +* admin: added support for displaying ip address subject alternate names in :ref:`certs ` end point. * admin: added :http:post:`/reopen_logs` endpoint to control log rotation. * api: froze v2 xDS API. New feature development in the API should occur in v3 xDS. While the v2 xDS API has been deprecated since 1.13.0, it will continue to be supported by Envoy until EOY 2020. See :ref:`api_supported_versions`. -* aws_lambda: added :ref:`AWS Lambda filter ` that converts HTTP requests to Lambda +* aws_lambda: added :ref:`AWS Lambda filter ` that converts HTTP requests to Lambda invokes. This effectively makes Envoy act as an egress gateway to AWS Lambda. * aws_request_signing: a few fixes so that it works with S3. -* config: added stat :ref:`update_time `. -* config: use type URL to select an extension whenever the config type URL (or its previous versions) uniquely identify a typed extension, see :ref:`extension configuration `. +* config: added stat :ref:`update_time `. +* config: use type URL to select an extension whenever the config type URL (or its previous versions) uniquely identify a typed extension, see :ref:`extension configuration `. * datasource: added retry policy for remote async data source. -* dns: added support for :ref:`dns_failure_refresh_rate ` for the :ref:`dns cache ` to set the DNS refresh rate during failures. +* dns: added support for :ref:`dns_failure_refresh_rate ` for the :ref:`dns cache ` to set the DNS refresh rate during failures. * dns: the STRICT_DNS cluster now only resolves to 0 hosts if DNS resolution successfully returns 0 hosts. -* eds: added :ref:`hostname ` field for endpoints and :ref:`hostname ` field for endpoint's health check config. This enables auto host rewrite and customizing the host header during health checks for eds endpoints. -* ext_authz: disabled the use of lowercase string matcher for headers matching in HTTP-based `ext_authz`. - Can be reverted temporarily by setting runtime feature `envoy.reloadable_features.ext_authz_http_service_enable_case_sensitive_string_matcher` to false. -* fault: added support for controlling abort faults with :ref:`HTTP header fault configuration ` to the HTTP fault filter. +* eds: added :ref:`hostname ` field for endpoints and :ref:`hostname ` field for endpoint's health check config. This enables auto host rewrite and customizing the host header during health checks for eds endpoints. +* ext_authz: disabled the use of lowercase string matcher for headers matching in HTTP-based ``ext_authz``. + Can be reverted temporarily by setting runtime feature ``envoy.reloadable_features.ext_authz_http_service_enable_case_sensitive_string_matcher`` to false. +* fault: added support for controlling abort faults with :ref:`HTTP header fault configuration ` to the HTTP fault filter. * grpc-json: added support for building HTTP request into `google.api.HttpBody `_. * grpc-stats: added option to limit which messages stats are created for. -* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature `envoy.reloadable_features.http1_flood_protection`. -* http: added :ref:`headers_with_underscores_action setting ` to control how client requests with header names containing underscore characters are handled. The options are to allow such headers, reject request or drop headers. The default is to allow headers, preserving existing behavior. -* http: added :ref:`max_stream_duration ` to specify the duration of existing streams. See :ref:`connection and stream timeouts `. +* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature ``envoy.reloadable_features.http1_flood_protection``. +* http: added :ref:`headers_with_underscores_action setting ` to control how client requests with header names containing underscore characters are handled. The options are to allow such headers, reject request or drop headers. The default is to allow headers, preserving existing behavior. +* http: added :ref:`max_stream_duration ` to specify the duration of existing streams. See :ref:`connection and stream timeouts `. * http: connection header sanitizing has been modified to always sanitize if there is no upgrade, including when an h2c upgrade attempt has been removed. * http: fixed a bug that could send extra METADATA frames and underflow memory when encoding METADATA frames on a connection that was dispatching data. * http: fixing a bug in HTTP/1.0 responses where Connection: keep-alive was not appended for connections which were kept alive. * http: http filter extensions use the "envoy.filters.http" name space. A mapping - of extension names is available in the :ref:`deprecated ` documentation. -* http: the runtime feature `http.connection_manager.log_flood_exception` is removed and replaced with a connection access log response code. + of extension names is available in the :ref:`deprecated ` documentation. +* http: the runtime feature ``http.connection_manager.log_flood_exception`` is removed and replaced with a connection access log response code. * http: upgrade parser library, which removes support for "identity" transfer-encoding value. * listener filters: listener filter extensions use the "envoy.filters.listener" name space. A - mapping of extension names is available in the :ref:`deprecated ` documentation. -* listeners: added :ref:`listener filter matcher api ` to disable individual listener filter on matching downstream connections. -* loadbalancing: added support for using hostname for consistent hash loadbalancing via :ref:`consistent_hash_lb_config `. -* loadbalancing: added support for :ref:`retry host predicates ` in conjunction with consistent hashing load balancers (ring hash and maglev). -* lua: added a parameter to `httpCall` that makes it possible to have the call be asynchronous. + mapping of extension names is available in the :ref:`deprecated ` documentation. +* listeners: added :ref:`listener filter matcher api ` to disable individual listener filter on matching downstream connections. +* loadbalancing: added support for using hostname for consistent hash loadbalancing via :ref:`consistent_hash_lb_config `. +* loadbalancing: added support for :ref:`retry host predicates ` in conjunction with consistent hashing load balancers (ring hash and maglev). +* lua: added a parameter to ``httpCall`` that makes it possible to have the call be asynchronous. * lua: added moonjit support. -* mongo: the stat emitted for queries without a max time set in the :ref:`MongoDB filter` was modified to emit correctly for Mongo v3.2+. -* network filters: added a :ref:`direct response filter `. +* mongo: the stat emitted for queries without a max time set in the :ref:`MongoDB filter ` was modified to emit correctly for Mongo v3.2+. +* network filters: added a :ref:`direct response filter `. * network filters: network filter extensions use the "envoy.filters.network" name space. A mapping - of extension names is available in the :ref:`deprecated ` documentation. -* rbac: added :ref:`remote_ip ` and :ref:`direct_remote_ip ` for matching downstream remote IP address. -* rbac: deprecated :ref:`source_ip ` with :ref:`direct_remote_ip ` and :ref:`remote_ip `. -* request_id_extension: added an ability to extend request ID handling at :ref:`HTTP connection manager`. -* retry: added a retry predicate that :ref:`rejects hosts based on metadata. `. + of extension names is available in the :ref:`deprecated ` documentation. +* rbac: added :ref:`remote_ip ` and :ref:`direct_remote_ip ` for matching downstream remote IP address. +* rbac: deprecated :ref:`source_ip ` with :ref:`direct_remote_ip ` and :ref:`remote_ip `. +* request_id_extension: added an ability to extend request ID handling at :ref:`HTTP connection manager `. +* retry: added a retry predicate that :ref:`rejects hosts based on metadata. `. * router: added ability to set attempt count in downstream response, see :ref:`virtual host's include response - attempt count config `. -* router: added additional stats for :ref:`virtual clusters `. -* router: added :ref:`auto_san_validation ` to support overrriding SAN validation to transport socket for new upstream connections based on the downstream HTTP host/authority header. + attempt count config `. +* router: added additional stats for :ref:`virtual clusters `. +* router: added :ref:`auto_san_validation ` to support overrriding SAN validation to transport socket for new upstream connections based on the downstream HTTP host/authority header. * router: added the ability to match a route based on whether a downstream TLS connection certificate has been - :ref:`validated `. + :ref:`validated `. * router: added support for :ref:`regex_rewrite - ` for path rewriting using regular expressions and capture groups. -* router: added support for `%DOWNSTREAM_LOCAL_PORT%` :ref:`header formatter `. -* router: don't ignore :ref:`per_try_timeout ` when the :ref:`global route timeout ` is disabled. -* router: strip whitespace for :ref:`retry_on `, :ref:`grpc-retry-on header ` and :ref:`retry-on header `. -* runtime: enabling the runtime feature `envoy.deprecated_features.allow_deprecated_extension_names` + ` for path rewriting using regular expressions and capture groups. +* router: added support for `%DOWNSTREAM_LOCAL_PORT%` :ref:`header formatter `. +* router: don't ignore :ref:`per_try_timeout ` when the :ref:`global route timeout ` is disabled. +* router: strip whitespace for :ref:`retry_on `, :ref:`grpc-retry-on header ` and :ref:`retry-on header `. +* runtime: enabling the runtime feature ``envoy.deprecated_features.allow_deprecated_extension_names`` disables the use of deprecated extension names. * runtime: integer values may now be parsed as booleans. -* sds: added :ref:`GenericSecret ` to support secret of generic type. -* sds: added :ref:`certificate rotation ` support for certificates in static resources. +* sds: added :ref:`GenericSecret ` to support secret of generic type. +* sds: added :ref:`certificate rotation ` support for certificates in static resources. * server: the SIGUSR1 access log reopen warning now is logged at info level. * stat sinks: stat sink extensions use the "envoy.stat_sinks" name space. A mapping of extension - names is available in the :ref:`deprecated ` documentation. + names is available in the :ref:`deprecated ` documentation. * thrift_proxy: added router filter stats to docs. -* tls: added configuration to disable stateless TLS session resumption :ref:`disable_stateless_session_resumption `. +* tls: added configuration to disable stateless TLS session resumption :ref:`disable_stateless_session_resumption `. * tracing: added gRPC service configuration to the OpenCensus Stackdriver and OpenCensus Agent tracers. * tracing: tracer extensions use the "envoy.tracers" name space. A mapping of extension names is - available in the :ref:`deprecated ` documentation. -* upstream: added ``upstream_rq_retry_limit_exceeded`` to :ref:`cluster `, and :ref:`virtual cluster ` stats. -* upstream: changed load distribution algorithm when all priorities enter :ref:`panic mode`. + available in the :ref:`deprecated ` documentation. +* upstream: added ``upstream_rq_retry_limit_exceeded`` to :ref:`cluster `, and :ref:`virtual cluster ` stats. +* upstream: changed load distribution algorithm when all priorities enter :ref:`panic mode `. * upstream: combined HTTP/1 and HTTP/2 connection pool code. This means that circuit breaker limits for both requests and connections apply to both pool types. Also, HTTP/2 now has the option to limit concurrent requests on a connection, and allow multiple draining connections. The old behavior is deprecated, but can be used during the deprecation - period by disabling runtime feature `envoy.reloadable_features.new_http1_connection_pool_behavior` or - `envoy.reloadable_features.new_http2_connection_pool_behavior` and then re-configure your clusters or + period by disabling runtime feature ``envoy.reloadable_features.new_http1_connection_pool_behavior`` or + ``envoy.reloadable_features.new_http2_connection_pool_behavior`` and then re-configure your clusters or restart Envoy. The behavior will not switch until the connection pools are recreated. The new - circuit breaker behavior is described :ref:`here `. + circuit breaker behavior is described :ref:`here `. * zlib: by default zlib is initialized to use its default strategy (Z_DEFAULT_STRATEGY) instead of the fixed one (Z_FIXED). The difference is that the use of dynamic Huffman codes is enabled now resulting in better compression ratio for normal data. @@ -101,7 +101,7 @@ Deprecated * The previous behavior for upstream connection pool circuit breaking described `here `_ has - been deprecated in favor of the new behavior described :ref:`here `. + been deprecated in favor of the new behavior described :ref:`here `. * Access Logger, Listener Filter, HTTP Filter, Network Filter, Stats Sink, and Tracer names have been deprecated in favor of the extension name from the envoy build system. Disable the runtime feature "envoy.deprecated_features.allow_deprecated_extension_names" to disallow the deprecated @@ -166,27 +166,27 @@ Deprecated * Tracers * The previous behavior of auto ignoring case in headers matching: - :ref:`allowed_headers `, - :ref:`allowed_upstream_headers `, - and :ref:`allowed_client_headers ` - of HTTP-based `ext_authz` has been deprecated in favor of explicitly setting the - :ref:`ignore_case ` field. -* The `header_fields`, `custom_header_fields`, and `additional_headers` fields for the route checker - tool have been deprecated in favor of `request_header_fields`, `response_header_fields`, - `additional_request_headers`, and `additional_response_headers`. -* The `content_length`, `content_type`, `disable_on_etag_header` and `remove_accept_encoding_header` - fields in :ref:`HTTP Gzip filter config ` have - been deprecated in favor of `compressor`. -* The statistics counter `header_gzip` in :ref:`HTTP Gzip filter ` - has been deprecated in favor of `header_compressor_used`. -* Support for the undocumented HTTP/1.1 `:no-chunks` pseudo-header has been removed. If an extension - was using this it can achieve the same behavior via the new `http1StreamEncoderOptions()` API. + :ref:`allowed_headers `, + :ref:`allowed_upstream_headers `, + and :ref:`allowed_client_headers ` + of HTTP-based ``ext_authz`` has been deprecated in favor of explicitly setting the + :ref:`ignore_case ` field. +* The ``header_fields``, ``custom_header_fields``, and ``additional_headers`` fields for the route checker + tool have been deprecated in favor of ``request_header_fields``, ``response_header_fields``, + ``additional_request_headers``, and ``additional_response_headers``. +* The ``content_length``, ``content_type``, ``disable_on_etag_header`` and ``remove_accept_encoding_header`` + fields in :ref:`HTTP Gzip filter config ` have + been deprecated in favor of ``compressor``. +* The statistics counter ``header_gzip`` in :ref:`HTTP Gzip filter ` + has been deprecated in favor of ``header_compressor_used``. +* Support for the undocumented HTTP/1.1 ``:no-chunks`` pseudo-header has been removed. If an extension + was using this it can achieve the same behavior via the new ``http1StreamEncoderOptions()`` API. * The grpc_stats filter behavior of by default creating a new stat for every message type seen is deprecated. The default will switch to only creating a fixed set of stats. The previous behavior can be enabled by enabling - :ref:`stats_for_all_methods `, + :ref:`stats_for_all_methods `, and the previous default can be enabled until the end of the deprecation period by enabling runtime feature - `envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default`. -* The :ref:`source_ip ` field in + ``envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default``. +* The :ref:`source_ip ` field in `RBAC `_ has been deprecated - in favor of :ref:`direct_remote_ip ` and - :ref:`remote_ip `. + in favor of :ref:`direct_remote_ip ` and + :ref:`remote_ip `. diff --git a/docs/root/version_history/v1.14.2.rst b/docs/root/version_history/v1.14.2.rst index c20f93650dca..c7d4731d865b 100644 --- a/docs/root/version_history/v1.14.2.rst +++ b/docs/root/version_history/v1.14.2.rst @@ -5,10 +5,10 @@ Changes ------- * http: fixed CVE-2020-11080 by rejecting HTTP/2 SETTINGS frames with too many parameters. -* http: the :ref:`stream_idle_timeout ` +* http: the :ref:`stream_idle_timeout ` now also defends against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client. -* listener: Add runtime support for `per-listener limits ` on +* listener: Add runtime support for :ref:`per-listener limits ` on active/accepted connections. -* overload management: Add runtime support for :ref:`global limits ` +* overload management: Add runtime support for :ref:`global limits ` on active/accepted connections. diff --git a/docs/root/version_history/v1.14.3.rst b/docs/root/version_history/v1.14.3.rst index 8a3a3d91da08..523a4fc9a607 100644 --- a/docs/root/version_history/v1.14.3.rst +++ b/docs/root/version_history/v1.14.3.rst @@ -4,8 +4,8 @@ Changes ------- * buffer: fixed CVE-2020-12603 by avoiding fragmentation, and tracking of HTTP/2 data and control frames in the output buffer. -* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` +* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` to also defend against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client. * http: fixed CVE-2020-12605 by including request URL in request header size computation, and rejecting partial headers that exceed configured limits. -* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. -* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. +* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. +* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. diff --git a/docs/root/version_history/v1.14.4.rst b/docs/root/version_history/v1.14.4.rst index bc105781c135..4b5a8707c577 100644 --- a/docs/root/version_history/v1.14.4.rst +++ b/docs/root/version_history/v1.14.4.rst @@ -1,3 +1,3 @@ 1.14.4 (July 7, 2020) ===================== -* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature `envoy.reloadable_features.fix_wildcard_matching` to false. +* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature ``envoy.reloadable_features.fix_wildcard_matching`` to false. diff --git a/docs/root/version_history/v1.14.7.rst b/docs/root/version_history/v1.14.7.rst index 3d0584d8ab11..041b5da018f8 100644 --- a/docs/root/version_history/v1.14.7.rst +++ b/docs/root/version_history/v1.14.7.rst @@ -2,7 +2,7 @@ ======================= Changes ------- -* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. +* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. * http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior. * http: fixed bugs in datadog and squash filter's handling of responses with no bodies. * http: fixed URL parsing for HTTP/1.1 fully qualified URLs and connect requests containing IPv6 addresses. diff --git a/docs/root/version_history/v1.15.0.rst b/docs/root/version_history/v1.15.0.rst index d97953aac32c..d565e35bb5cc 100644 --- a/docs/root/version_history/v1.15.0.rst +++ b/docs/root/version_history/v1.15.0.rst @@ -7,31 +7,31 @@ Incompatible Behavior Changes *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* * build: official released binary is now built on Ubuntu 18.04, requires glibc >= 2.27. -* client_ssl_auth: the `auth_ip_white_list` stat has been renamed to - :ref:`auth_ip_allowlist `. +* client_ssl_auth: the ``auth_ip_white_list`` stat has been renamed to + :ref:`auth_ip_allowlist `. * header to metadata: on_header_missing rules with empty values are now rejected (they were skipped before). -* router: path_redirect now keeps query string by default. This behavior may be reverted by setting runtime feature `envoy.reloadable_features.preserve_query_string_in_path_redirects` to false. -* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature `envoy.reloadable_features.fix_wildcard_matching` to false. +* router: path_redirect now keeps query string by default. This behavior may be reverted by setting runtime feature ``envoy.reloadable_features.preserve_query_string_in_path_redirects`` to false. +* tls: fixed a bug where wilcard matching for "\*.foo.com" also matched domains of the form "a.b.foo.com". This behavior can be temporarily reverted by setting runtime feature ``envoy.reloadable_features.fix_wildcard_matching`` to false. Minor Behavior Changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* -* access loggers: applied existing buffer limits to access logs, as well as :ref:`stats ` for logged / dropped logs. This can be reverted temporarily by setting runtime feature `envoy.reloadable_features.disallow_unbounded_access_logs` to false. -* build: runs as non-root inside Docker containers. Existing behaviour can be restored by setting the environment variable `ENVOY_UID` to `0`. `ENVOY_UID` and `ENVOY_GID` can be used to set the envoy user's `uid` and `gid` respectively. -* health check: in the health check filter the :ref:`percentage of healthy servers in upstream clusters ` is now interpreted as an integer. +* access loggers: applied existing buffer limits to access logs, as well as :ref:`stats ` for logged / dropped logs. This can be reverted temporarily by setting runtime feature ``envoy.reloadable_features.disallow_unbounded_access_logs`` to false. +* build: runs as non-root inside Docker containers. Existing behaviour can be restored by setting the environment variable ``ENVOY_UID`` to ``0``. ``ENVOY_UID`` and ``ENVOY_GID`` can be used to set the envoy user's ``uid`` and ``gid`` respectively. +* health check: in the health check filter the :ref:`percentage of healthy servers in upstream clusters ` is now interpreted as an integer. * hot restart: added the option :option:`--use-dynamic-base-id` to select an unused base ID at startup and the option :option:`--base-id-path` to write the base id to a file (for reuse with later hot restarts). -* http: changed early error path for HTTP/1.1 so that responses consistently flow through the http connection manager, and the http filter chains. This behavior may be temporarily reverted by setting runtime feature `envoy.reloadable_features.early_errors_via_hcm` to false. -* http: fixed several bugs with applying correct connection close behavior across the http connection manager, health checker, and connection pool. This behavior may be temporarily reverted by setting runtime feature `envoy.reloadable_features.fix_connection_close` to false. +* http: changed early error path for HTTP/1.1 so that responses consistently flow through the http connection manager, and the http filter chains. This behavior may be temporarily reverted by setting runtime feature ``envoy.reloadable_features.early_errors_via_hcm`` to false. +* http: fixed several bugs with applying correct connection close behavior across the http connection manager, health checker, and connection pool. This behavior may be temporarily reverted by setting runtime feature ``envoy.reloadable_features.fix_connection_close`` to false. * http: fixed a bug where the upgrade header was not cleared on responses to non-upgrade requests. - Can be reverted temporarily by setting runtime feature `envoy.reloadable_features.fix_upgrade_response` to false. -* http: stopped overwriting `date` response headers. Responses without a `date` header will still have the header properly set. This behavior can be temporarily reverted by setting `envoy.reloadable_features.preserve_upstream_date` to false. -* http: stopped adding a synthetic path to CONNECT requests, meaning unconfigured CONNECT requests will now return 404 instead of 403. This behavior can be temporarily reverted by setting `envoy.reloadable_features.stop_faking_paths` to false. -* http: stopped allowing upstream 1xx or 204 responses with Transfer-Encoding or non-zero Content-Length headers. Content-Length of 0 is allowed, but stripped. This behavior can be temporarily reverted by setting `envoy.reloadable_features.strict_1xx_and_204_response_headers` to false. -* http: upstream connections will now automatically set ALPN when this value is not explicitly set elsewhere (e.g. on the upstream TLS config). This behavior may be temporarily reverted by setting runtime feature `envoy.reloadable_features.http_default_alpn` to false. + Can be reverted temporarily by setting runtime feature ``envoy.reloadable_features.fix_upgrade_response`` to false. +* http: stopped overwriting ``date`` response headers. Responses without a ``date`` header will still have the header properly set. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.preserve_upstream_date`` to false. +* http: stopped adding a synthetic path to CONNECT requests, meaning unconfigured CONNECT requests will now return 404 instead of 403. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.stop_faking_paths`` to false. +* http: stopped allowing upstream 1xx or 204 responses with Transfer-Encoding or non-zero Content-Length headers. Content-Length of 0 is allowed, but stripped. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.strict_1xx_and_204_response_headers`` to false. +* http: upstream connections will now automatically set ALPN when this value is not explicitly set elsewhere (e.g. on the upstream TLS config). This behavior may be temporarily reverted by setting runtime feature ``envoy.reloadable_features.http_default_alpn`` to false. * listener: fixed a bug where when a static listener fails to be added to a worker, the listener was not removed from the active listener list. -* router: extended to allow retries of streaming or incomplete requests. This removes stat `rq_retry_skipped_request_not_complete`. -* router: extended to allow retries by default when upstream responds with :ref:`x-envoy-overloaded `. +* router: extended to allow retries of streaming or incomplete requests. This removes stat ``rq_retry_skipped_request_not_complete``. +* router: extended to allow retries by default when upstream responds with :ref:`x-envoy-overloaded `. Bug Fixes --------- @@ -43,124 +43,124 @@ Bug Fixes * buffer: fixed CVE-2020-12603 by avoiding fragmentation, and tracking of HTTP/2 data and control frames in the output buffer. * grpc-json: fixed a bug when in trailers only gRPC response (e.g. error) HTTP status code is not being re-written. * http: fixed a bug in the grpc_http1_reverse_bridge filter where header-only requests were forwarded with a non-zero content length. -* http: fixed a bug where in some cases slash was moved from path to query string when :ref:`merging of adjacent slashes` is enabled. -* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` +* http: fixed a bug where in some cases slash was moved from path to query string when :ref:`merging of adjacent slashes ` is enabled. +* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` to also defend against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client. * http: fixed CVE-2020-12605 by including request URL in request header size computation, and rejecting partial headers that exceed configured limits. -* http: fixed several bugs with applying correct connection close behavior across the http connection manager, health checker, and connection pool. This behavior may be temporarily reverted by setting runtime feature `envoy.reloadable_features.fix_connection_close` to false. -* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. -* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. +* http: fixed several bugs with applying correct connection close behavior across the http connection manager, health checker, and connection pool. This behavior may be temporarily reverted by setting runtime feature ``envoy.reloadable_features.fix_connection_close`` to false. +* listener: fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. +* overload management: fixed CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. * prometheus stats: fixed the sort order of output lines to comply with the standard. -* udp: the :ref:`reuse_port ` listener option must now be +* udp: the :ref:`reuse_port ` listener option must now be specified for UDP listeners if concurrency is > 1. This previously crashed so is considered a bug fix. * upstream: fixed a bug where Envoy would panic when receiving a GRPC SERVICE_UNKNOWN status on the health check. Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` -* http: removed legacy connection pool code and their runtime features: `envoy.reloadable_features.new_http1_connection_pool_behavior` and - `envoy.reloadable_features.new_http2_connection_pool_behavior`. +* http: removed legacy connection pool code and their runtime features: ``envoy.reloadable_features.new_http1_connection_pool_behavior`` and + ``envoy.reloadable_features.new_http2_connection_pool_behavior``. New Features ------------ -* access loggers: added file access logger config :ref:`log_format `. +* access loggers: added file access logger config :ref:`log_format `. * access loggers: added GRPC_STATUS operator on logging format. -* access loggers: added gRPC access logger config added :ref:`API version ` to explicitly set the version of gRPC service endpoint and message to be used. -* access loggers: extended specifier for FilterStateFormatter to output :ref:`unstructured log string `. -* admin: added support for dumping EDS config at :ref:`/config_dump?include_eds `. -* aggregate cluster: made route :ref:`retry_priority ` predicates work with :ref:`this cluster type `. +* access loggers: added gRPC access logger config added :ref:`API version ` to explicitly set the version of gRPC service endpoint and message to be used. +* access loggers: extended specifier for FilterStateFormatter to output :ref:`unstructured log string `. +* admin: added support for dumping EDS config at :ref:`/config_dump?include_eds `. +* aggregate cluster: made route :ref:`retry_priority ` predicates work with :ref:`this cluster type `. * build: official released binary is now built on Ubuntu 18.04, requires glibc >= 2.27. * build: official released binary is now built with Clang 10.0.0. -* cluster: added an extension point for configurable :ref:`upstreams `. -* compressor: exposed generic :ref:`compressor ` filter to users. -* config: added :ref:`identifier ` stat that reflects control plane identifier. -* config: added :ref:`version_text ` stat that reflects xDS version. -* decompressor: exposed generic :ref:`decompressor ` filter to users. -* dynamic forward proxy: added :ref:`SNI based dynamic forward proxy ` support. -* dynamic forward proxy: added configurable :ref:`circuit breakers ` for resolver on DNS cache. - This behavior can be temporarily disabled by the runtime feature `envoy.reloadable_features.enable_dns_cache_circuit_breakers`. - If this runtime feature is disabled, the upstream circuit breakers for the cluster will be used even if the :ref:`DNS Cache circuit breakers ` are configured. -* dynamic forward proxy: added :ref:`allow_insecure_cluster_options` to allow disabling of auto_san_validation and auto_sni. -* ext_authz filter: added :ref:`v2 deny_at_disable `, :ref:`v3 deny_at_disable `. This allows force denying protected paths while filter gets disabled, by setting this key to true. -* ext_authz filter: added API version field for both :ref:`HTTP ` - and :ref:`Network ` filters to explicitly set the version of gRPC service endpoint and message to be used. -* ext_authz filter: added :ref:`v3 allowed_upstream_headers_to_append ` to allow appending multiple header entries (returned by the authorization server) with the same key to the original request headers. +* cluster: added an extension point for configurable :ref:`upstreams `. +* compressor: exposed generic :ref:`compressor ` filter to users. +* config: added :ref:`identifier ` stat that reflects control plane identifier. +* config: added :ref:`version_text ` stat that reflects xDS version. +* decompressor: exposed generic :ref:`decompressor ` filter to users. +* dynamic forward proxy: added :ref:`SNI based dynamic forward proxy ` support. +* dynamic forward proxy: added configurable :ref:`circuit breakers ` for resolver on DNS cache. + This behavior can be temporarily disabled by the runtime feature ``envoy.reloadable_features.enable_dns_cache_circuit_breakers``. + If this runtime feature is disabled, the upstream circuit breakers for the cluster will be used even if the :ref:`DNS Cache circuit breakers ` are configured. +* dynamic forward proxy: added :ref:`allow_insecure_cluster_options ` to allow disabling of auto_san_validation and auto_sni. +* ext_authz filter: added :ref:`v2 deny_at_disable `, :ref:`v3 deny_at_disable `. This allows force denying protected paths while filter gets disabled, by setting this key to true. +* ext_authz filter: added API version field for both :ref:`HTTP ` + and :ref:`Network ` filters to explicitly set the version of gRPC service endpoint and message to be used. +* ext_authz filter: added :ref:`v3 allowed_upstream_headers_to_append ` to allow appending multiple header entries (returned by the authorization server) with the same key to the original request headers. * fault: added support for controlling the percentage of requests that abort, delay and response rate limits faults - are applied to using :ref:`HTTP headers ` to the HTTP fault filter. + are applied to using :ref:`HTTP headers ` to the HTTP fault filter. * fault: added support for specifying grpc_status code in abort faults using - :ref:`HTTP header ` or abort fault configuration in HTTP fault filter. -* filter: added `upstream_rq_time` stats to the GPRC stats filter. - Disabled by default and can be enabled via :ref:`enable_upstream_stats `. -* grpc: added support for Google gRPC :ref:`custom channel arguments `. + :ref:`HTTP header ` or abort fault configuration in HTTP fault filter. +* filter: added ``upstream_rq_time`` stats to the GPRC stats filter. + Disabled by default and can be enabled via :ref:`enable_upstream_stats `. +* grpc: added support for Google gRPC :ref:`custom channel arguments `. * grpc-json: added support for streaming response using `google.api.HttpBody `_. -* grpc-json: send a `x-envoy-original-method` header to grpc services. +* grpc-json: send a ``x-envoy-original-method`` header to grpc services. * gzip filter: added option to set zlib's next output buffer size. * hds: updated to allow to explicitly set the API version of gRPC service endpoint and message to be used. * header to metadata: added support for regex substitutions on header values. -* health checks: allowed configuring health check transport sockets by specifying :ref:`transport socket match criteria `. -* http: added :ref:`local_reply config ` to http_connection_manager to customize :ref:`local reply `. -* http: added :ref:`stripping port from host header ` support. -* http: added support for proxying CONNECT requests, terminating CONNECT requests, and converting raw TCP streams into HTTP/2 CONNECT requests. See :ref:`upgrade documentation` for details. +* health checks: allowed configuring health check transport sockets by specifying :ref:`transport socket match criteria `. +* http: added :ref:`local_reply config ` to http_connection_manager to customize :ref:`local reply `. +* http: added :ref:`stripping port from host header ` support. +* http: added support for proxying CONNECT requests, terminating CONNECT requests, and converting raw TCP streams into HTTP/2 CONNECT requests. See :ref:`upgrade documentation ` for details. * listener: added in place filter chain update flow for tcp listener update which doesn't close connections if the corresponding network filter chain is equivalent during the listener update. - Can be disabled by setting runtime feature `envoy.reloadable_features.listener_in_place_filterchain_update` to false. - Also added additional draining filter chain stat for :ref:`listener manager ` to track the number of draining filter chains and the number of in place update attempts. -* logger: added `--log-format-prefix-with-location` command line option to prefix '%v' with file path and line number. -* lrs: added new *envoy_api_field_service.load_stats.v2.LoadStatsResponse.send_all_clusters* field + Can be disabled by setting runtime feature ``envoy.reloadable_features.listener_in_place_filterchain_update`` to false. + Also added additional draining filter chain stat for :ref:`listener manager ` to track the number of draining filter chains and the number of in place update attempts. +* logger: added ``--log-format-prefix-with-location`` command line option to prefix '%v' with file path and line number. +* lrs: added new ``envoy_api_field_service.load_stats.v2.LoadStatsResponse.send_all_clusters`` field in LRS response, which allows management servers to avoid explicitly listing all clusters it is - interested in; behavior is allowed based on new "envoy.lrs.supports_send_all_clusters" capability - in :ref:`client_features` field. + interested in; behavior is allowed based on new ``envoy.lrs.supports_send_all_clusters`` capability + in :ref:`client_features ` field. * lrs: updated to allow to explicitly set the API version of gRPC service endpoint and message to be used. -* lua: added :ref:`per route config ` for Lua filter. +* lua: added :ref:`per route config ` for Lua filter. * lua: added tracing to the ``httpCall()`` API. -* metrics service: added :ref:`API version ` to explicitly set the version of gRPC service endpoint and message to be used. -* network filters: added a :ref:`postgres proxy filter `. -* network filters: added a :ref:`rocketmq proxy filter `. +* metrics service: added :ref:`API version ` to explicitly set the version of gRPC service endpoint and message to be used. +* network filters: added a :ref:`postgres proxy filter `. +* network filters: added a :ref:`rocketmq proxy filter `. * performance: enabled stats symbol table implementation by default. To disable it, add - `--use-fake-symbol-table 1` to the command-line arguments when starting Envoy. -* ratelimit: added support for use of dynamic metadata :ref:`dynamic_metadata ` as a ratelimit action. -* ratelimit: added :ref:`API version ` to explicitly set the version of gRPC service endpoint and message to be used. -* ratelimit: support specifying dynamic overrides in rate limit descriptors using :ref:`limit override ` config. -* redis: added acl support :ref:`downstream_auth_username ` for downstream client ACL authentication, and :ref:`auth_username ` to configure authentication usernames for upstream Redis 6+ server clusters with ACL enabled. -* regex: added support for enforcing max program size via runtime and stats to monitor program size for :ref:`Google RE2 `. -* request_id: added to :ref:`always_set_request_id_in_response setting ` - to set :ref:`x-request-id ` header in response even if + ``--use-fake-symbol-table 1`` to the command-line arguments when starting Envoy. +* ratelimit: added support for use of dynamic metadata :ref:`dynamic_metadata ` as a ratelimit action. +* ratelimit: added :ref:`API version ` to explicitly set the version of gRPC service endpoint and message to be used. +* ratelimit: support specifying dynamic overrides in rate limit descriptors using :ref:`limit override ` config. +* redis: added acl support :ref:`downstream_auth_username ` for downstream client ACL authentication, and :ref:`auth_username ` to configure authentication usernames for upstream Redis 6+ server clusters with ACL enabled. +* regex: added support for enforcing max program size via runtime and stats to monitor program size for :ref:`Google RE2 `. +* request_id: added to :ref:`always_set_request_id_in_response setting ` + to set :ref:`x-request-id ` header in response even if tracing is not forced. * router: added more fine grained internal redirect configs to the :ref:`internal_redirect_policy - ` field. + ` field. * router: added regex substitution support for header based hashing. * router: added support for RESPONSE_FLAGS and RESPONSE_CODE_DETAILS :ref:`header formatters - `. -* router: allow Rate Limiting Service to be called in case of missing request header for a descriptor if the :ref:`skip_if_absent ` field is set to true. -* runtime: added new gauge :ref:`deprecated_feature_seen_since_process_start ` that gets reset across hot restarts. + `. +* router: allow Rate Limiting Service to be called in case of missing request header for a descriptor if the :ref:`skip_if_absent ` field is set to true. +* runtime: added new gauge :ref:`deprecated_feature_seen_since_process_start ` that gets reset across hot restarts. * server: added the option :option:`--drain-strategy` to enable different drain strategies for DrainManager::drainClose(). -* server: added :ref:`server.envoy_bug_failures ` statistic to count ENVOY_BUG failures. -* stats: added the option to :ref:`report counters as deltas ` to the metrics service stats sink. +* server: added :ref:`server.envoy_bug_failures ` statistic to count ENVOY_BUG failures. +* stats: added the option to :ref:`report counters as deltas ` to the metrics service stats sink. * tracing: made tracing configuration fully dynamic and every HTTP connection manager - can now have a separate :ref:`tracing provider `. -* udp: upgraded :ref:`udp_proxy ` filter to v3 and promoted it out of alpha. + can now have a separate :ref:`tracing provider `. +* udp: upgraded :ref:`udp_proxy ` filter to v3 and promoted it out of alpha. Deprecated ---------- -* Tracing provider configuration as part of :ref:`bootstrap config ` +* Tracing provider configuration as part of :ref:`bootstrap config ` has been deprecated in favor of configuration as part of :ref:`HTTP connection manager - `. -* The :ref:`HTTP Gzip filter ` has been deprecated in favor of - :ref:`Compressor `. -* The * :ref:`GoogleRE2.max_program_size` + `. +* The :ref:`HTTP Gzip filter ` has been deprecated in favor of + :ref:`Compressor `. +* The * :ref:`GoogleRE2.max_program_size ` field is now deprecated. Management servers are expected to validate regexp program sizes instead of expecting the client to do it. Alternatively, the max program size can be enforced by Envoy via runtime. -* The :ref:`internal_redirect_action ` - field and :ref:`max_internal_redirects ` field +* The :ref:`internal_redirect_action ` + field and :ref:`max_internal_redirects ` field are now deprecated. This changes the implemented default cross scheme redirect behavior. All cross scheme redirects are disallowed by default. To restore the previous behavior, set allow_cross_scheme_redirect=true and use - :ref:`safe_cross_scheme`, - in :ref:`predicates `. -* File access logger fields :ref:`format `, :ref:`json_format ` and :ref:`typed_json_format ` are deprecated in favor of :ref:`log_format `. -* A warning is now logged when v2 xDS api is used. This behavior can be temporarily disabled by setting `envoy.reloadable_features.enable_deprecated_v2_api_warning` to `false`. -* Using cluster circuit breakers for DNS Cache is now deprecated in favor of :ref:`DNS cache circuit breakers `. This behavior can be temporarily disabled by setting `envoy.reloadable_features.enable_dns_cache_circuit_breakers` to `false`. + :ref:`safe_cross_scheme `, + in :ref:`predicates `. +* File access logger fields :ref:`format `, :ref:`json_format ` and :ref:`typed_json_format ` are deprecated in favor of :ref:`log_format `. +* A warning is now logged when v2 xDS api is used. This behavior can be temporarily disabled by setting ``envoy.reloadable_features.enable_deprecated_v2_api_warning`` to ``false``. +* Using cluster circuit breakers for DNS Cache is now deprecated in favor of :ref:`DNS cache circuit breakers `. This behavior can be temporarily disabled by setting ``envoy.reloadable_features.enable_dns_cache_circuit_breakers`` to ``false``. diff --git a/docs/root/version_history/v1.15.4.rst b/docs/root/version_history/v1.15.4.rst index 977e24f54c7b..f40b70a69cfd 100644 --- a/docs/root/version_history/v1.15.4.rst +++ b/docs/root/version_history/v1.15.4.rst @@ -4,20 +4,19 @@ Changes ------- -* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. +* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. * http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior. * http: fixed URL parsing for HTTP/1.1 fully qualified URLs and connect requests containing IPv6 addresses. * http: fixed bugs in datadog and squash filter's handling of responses with no bodies. -* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting `envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure` to false. +* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting ``envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure`` to false. * tls: fix detection of the upstream connection close event. Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` New Features ------------ Deprecated ---------- - diff --git a/docs/root/version_history/v1.16.0.rst b/docs/root/version_history/v1.16.0.rst index d9c2d97d7f25..32cb2a70dd23 100644 --- a/docs/root/version_history/v1.16.0.rst +++ b/docs/root/version_history/v1.16.0.rst @@ -5,13 +5,13 @@ Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* -* build: added visibility rules for upstream. If these cause visibility related breakage, see notes in :repo:`BUILD `. -* build: tcmalloc changes require Clang 9. This requirement change can be avoided by building with `--define tcmalloc=gperftools` to use the older tcmalloc code. +* build: added visibility rules for upstream. If these cause visibility related breakage, see notes in :repo:`BUILD `. +* build: tcmalloc changes require Clang 9. This requirement change can be avoided by building with ``--define tcmalloc=gperftools`` to use the older tcmalloc code. * config: additional warnings have been added for the use of v2 APIs. These appear as log messages - and are also captured in the :ref:`deprecated_feature_use ` counter after server + and are also captured in the :ref:`deprecated_feature_use ` counter after server initialization. -* dns: `envoy.restart_features.use_apple_api_for_dns_lookups` is on by default. This flag only affects Apple platforms (macOS, iOS). It is incompatible to have the runtime flag set to true at the same time as specifying the ``use_tcp_for_dns_lookups`` option or custom dns resolvers. Doing so will cause failure. -* watchdog: added two guarddogs, breaking the aggregated stats for the single guarddog system. The aggregated stats for the guarddogs will have the following prefixes: `main_thread` and `workers`. Concretely, anything monitoring `server.watchdog_miss` and `server.watchdog_mega_miss` will need to be updated. +* dns: ``envoy.restart_features.use_apple_api_for_dns_lookups`` is on by default. This flag only affects Apple platforms (macOS, iOS). It is incompatible to have the runtime flag set to true at the same time as specifying the ````use_tcp_for_dns_lookups```` option or custom dns resolvers. Doing so will cause failure. +* watchdog: added two guarddogs, breaking the aggregated stats for the single guarddog system. The aggregated stats for the guarddogs will have the following prefixes: ``main_thread`` and ``workers``. Concretely, anything monitoring ``server.watchdog_miss`` and ``server.watchdog_mega_miss`` will need to be updated. Minor Behavior Changes ---------------------- @@ -19,40 +19,40 @@ Minor Behavior Changes * adaptive concurrency: added a response body / grpc-message header for rejected requests. * async_client: minor change to handling header only responses more similar to header-with-empty-body responses. -* build: an :ref:`Ubuntu based debug image ` is built and published in DockerHub. -* build: the debug information will be generated separately to reduce target size and reduce compilation time when build in compilation mode `dbg` and `opt`. Users will need to build dwp file to debug with gdb. -* compressor: always insert `Vary` headers for compressible resources even if it's decided not to compress a response due to incompatible `Accept-Encoding` value. The `Vary` header needs to be inserted to let a caching proxy in front of Envoy know that the requested resource still can be served with compression applied. +* build: an :ref:`Ubuntu based debug image ` is built and published in DockerHub. +* build: the debug information will be generated separately to reduce target size and reduce compilation time when build in compilation mode ``dbg`` and ``opt``. Users will need to build dwp file to debug with gdb. +* compressor: always insert ``Vary`` headers for compressible resources even if it's decided not to compress a response due to incompatible ``Accept-Encoding`` value. The ``Vary`` header needs to be inserted to let a caching proxy in front of Envoy know that the requested resource still can be served with compression applied. * decompressor: headers-only requests were incorrectly not advertising accept-encoding when configured to do so. This is now fixed. * ext_authz filter: request timeout will now count from the time the check request is created, instead of when it becomes active. This makes sure that the timeout is enforced even if the ext_authz cluster's circuit breaker is engaged. - This behavior can be reverted by setting runtime feature `envoy.reloadable_features.ext_authz_measure_timeout_on_check_created` to false. When enabled, a new `ext_authz.timeout` stat is counted when timeout occurs. See :ref:`stats `. + This behavior can be reverted by setting runtime feature ``envoy.reloadable_features.ext_authz_measure_timeout_on_check_created`` to false. When enabled, a new ``ext_authz.timeout`` stat is counted when timeout occurs. See :ref:`stats `. * grpc reverse bridge: upstream headers will no longer be propagated when the response is missing or contains an unexpected content-type. -* http: added :ref:`contains `, a new string matcher type which matches if the value of the string has the substring mentioned in contains matcher. -* http: added :ref:`contains `, a new header matcher type which matches if the value of the header has the substring mentioned in contains matcher. -* http: added :ref:`headers_to_add ` to :ref:`local reply mapper ` to allow its users to add/append/override response HTTP headers to local replies. -* http: added HCM level configuration of :ref:`error handling on invalid messaging ` which substantially changes Envoy's behavior when encountering invalid HTTP/1.1 defaulting to closing the connection instead of allowing reuse. This can temporarily be reverted by setting `envoy.reloadable_features.hcm_stream_error_on_invalid_message` to false, or permanently reverted by setting the HTTP/1 configuration :ref:`override_stream_error_on_invalid_http_message ` to true to restore prior HTTP/1.1 behavior (i.e. connection isn't terminated) and to retain prior HTTP/2 behavior (i.e. connection is terminated). -* http: added HCM level configuration of :ref:`error handling on invalid messaging ` which substantially changes Envoy's behavior when encountering invalid HTTP/1.1 defaulting to closing the connection instead of allowing reuse. This can temporarily be reverted by setting `envoy.reloadable_features.hcm_stream_error_on_invalid_message` to false, or permanently reverted by setting the :ref:`HCM option ` to true to restore prior HTTP/1.1 beavior and setting the *new* HTTP/2 configuration :ref:`override_stream_error_on_invalid_http_message ` to false to retain prior HTTP/2 behavior. -* http: applying route level header modifications to local replies sent on that route. This behavior may be temporarily reverted by setting `envoy.reloadable_features.always_apply_route_header_rules` to false. -* http: changed Envoy to send GOAWAY to HTTP2 downstreams when the :ref:`disable_keepalive ` overload action is active. This behavior may be temporarily reverted by setting `envoy.reloadable_features.overload_manager_disable_keepalive_drain_http2` to false. -* http: changed Envoy to send error headers and body when possible. This behavior may be temporarily reverted by setting `envoy.reloadable_features.allow_response_for_timeout` to false. -* http: changed empty trailers encoding behavior by sending empty data with ``end_stream`` true (instead of sending empty trailers) for HTTP/2. This behavior can be reverted temporarily by setting runtime feature `envoy.reloadable_features.http2_skip_encoding_empty_trailers` to false. -* http: changed how local replies are processed for requests which transform from grpc to not-grpc, or not-grpc to grpc. Previously the initial generated reply depended on which filter sent the reply, but now the reply is consistently generated the way the downstream expects. This behavior can be temporarily reverted by setting `envoy.reloadable_features.unify_grpc_handling` to false. +* http: added :ref:`contains `, a new string matcher type which matches if the value of the string has the substring mentioned in contains matcher. +* http: added :ref:`contains `, a new header matcher type which matches if the value of the header has the substring mentioned in contains matcher. +* http: added :ref:`headers_to_add ` to :ref:`local reply mapper ` to allow its users to add/append/override response HTTP headers to local replies. +* http: added HCM level configuration of :ref:`error handling on invalid messaging ` which substantially changes Envoy's behavior when encountering invalid HTTP/1.1 defaulting to closing the connection instead of allowing reuse. This can temporarily be reverted by setting ``envoy.reloadable_features.hcm_stream_error_on_invalid_message`` to false, or permanently reverted by setting the HTTP/1 configuration :ref:`override_stream_error_on_invalid_http_message ` to true to restore prior HTTP/1.1 behavior (i.e. connection isn't terminated) and to retain prior HTTP/2 behavior (i.e. connection is terminated). +* http: added HCM level configuration of :ref:`error handling on invalid messaging ` which substantially changes Envoy's behavior when encountering invalid HTTP/1.1 defaulting to closing the connection instead of allowing reuse. This can temporarily be reverted by setting ``envoy.reloadable_features.hcm_stream_error_on_invalid_message`` to false, or permanently reverted by setting the :ref:`HCM option ` to true to restore prior HTTP/1.1 beavior and setting the *new* HTTP/2 configuration :ref:`override_stream_error_on_invalid_http_message ` to false to retain prior HTTP/2 behavior. +* http: applying route level header modifications to local replies sent on that route. This behavior may be temporarily reverted by setting ``envoy.reloadable_features.always_apply_route_header_rules`` to false. +* http: changed Envoy to send GOAWAY to HTTP2 downstreams when the :ref:`disable_keepalive ` overload action is active. This behavior may be temporarily reverted by setting ``envoy.reloadable_features.overload_manager_disable_keepalive_drain_http2`` to false. +* http: changed Envoy to send error headers and body when possible. This behavior may be temporarily reverted by setting ``envoy.reloadable_features.allow_response_for_timeout`` to false. +* http: changed empty trailers encoding behavior by sending empty data with ``end_stream`` true (instead of sending empty trailers) for HTTP/2. This behavior can be reverted temporarily by setting runtime feature ``envoy.reloadable_features.http2_skip_encoding_empty_trailers`` to false. +* http: changed how local replies are processed for requests which transform from grpc to not-grpc, or not-grpc to grpc. Previously the initial generated reply depended on which filter sent the reply, but now the reply is consistently generated the way the downstream expects. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.unify_grpc_handling`` to false. * http: clarified and enforced 1xx handling. Multiple 100-continue headers are coalesced when proxying. 1xx headers other than {100, 101} are dropped. * http: fixed a bug in access logs where early stream termination could be incorrectly tagged as a downstream disconnect, and disconnects after partial response were not flagged. -* http: fixed the 100-continue response path to properly handle upstream failure by sending 5xx responses. This behavior can be temporarily reverted by setting `envoy.reloadable_features.allow_500_after_100` to false. +* http: fixed the 100-continue response path to properly handle upstream failure by sending 5xx responses. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.allow_500_after_100`` to false. * http: the per-stream FilterState maintained by the HTTP connection manager will now provide read/write access to the downstream connection FilterState. As such, code that relies on interacting with this might see a change in behavior. * logging: added fine-grain logging for file level log control with logger management at administration interface. It can be enabled by option :option:`--enable-fine-grain-logging`. -* logging: changed default log format to `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` and default value of `--log-format-prefix-with-location` to `0`. -* logging: nghttp2 log messages no longer appear at trace level unless `ENVOY_NGHTTP2_TRACE` is set +* logging: changed default log format to ``"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"`` and default value of ``--log-format-prefix-with-location`` to ``0``. +* logging: nghttp2 log messages no longer appear at trace level unless ``ENVOY_NGHTTP2_TRACE`` is set in the environment. -* lua: changed the response body returned by `httpCall()` API to raw data. Previously, the returned data was string. -* memory: switched to the `new tcmalloc `_ for linux_x86_64 builds. The `old tcmalloc `_ can still be enabled with the `--define tcmalloc=gperftools` option. +* lua: changed the response body returned by ``httpCall()`` API to raw data. Previously, the returned data was string. +* memory: switched to the `new tcmalloc `_ for linux_x86_64 builds. The `old tcmalloc `_ can still be enabled with the ``--define tcmalloc=gperftools`` option. * postgres: changed log format to tokenize fields of Postgres messages. -* router: added transport failure reason to response body when upstream reset happens. After this change, the response body will be of the form `upstream connect error or disconnect/reset before headers. reset reason:{}, transport failure reason:{}`.This behavior may be reverted by setting runtime feature `envoy.reloadable_features.http_transport_failure_reason_in_body` to false. -* router: now consumes all retry related headers to prevent them from being propagated to the upstream. This behavior may be reverted by setting runtime feature `envoy.reloadable_features.consume_all_retry_headers` to false. -* stats: the fake symbol table implemention has been removed from the binary, and the option `--use-fake-symbol-table` is now a no-op with a warning. +* router: added transport failure reason to response body when upstream reset happens. After this change, the response body will be of the form ``upstream connect error or disconnect/reset before headers. reset reason:{}, transport failure reason:{}``.This behavior may be reverted by setting runtime feature ``envoy.reloadable_features.http_transport_failure_reason_in_body`` to false. +* router: now consumes all retry related headers to prevent them from being propagated to the upstream. This behavior may be reverted by setting runtime feature ``envoy.reloadable_features.consume_all_retry_headers`` to false. +* stats: the fake symbol table implemention has been removed from the binary, and the option ``--use-fake-symbol-table`` is now a no-op with a warning. * thrift_proxy: special characters {'\0', '\r', '\n'} will be stripped from thrift headers. -* watchdog: replaced single watchdog with separate watchdog configuration for worker threads and for the main thread configured via :ref:`Watchdogs`. It works with :ref:`watchdog` by having the worker thread and main thread watchdogs have same config. +* watchdog: replaced single watchdog with separate watchdog configuration for worker threads and for the main thread configured via :ref:`Watchdogs `. It works with :ref:`watchdog ` by having the worker thread and main thread watchdogs have same config. Bug Fixes --------- @@ -60,7 +60,7 @@ Bug Fixes * csrf: fixed issues with regards to origin and host header parsing. * dynamic_forward_proxy: only perform DNS lookups for routes to Dynamic Forward Proxy clusters since other cluster types handle DNS lookup themselves. -* fault: fixed an issue with `active_faults` gauge not being decremented for when abort faults were injected. +* fault: fixed an issue with ``active_faults`` gauge not being decremented for when abort faults were injected. * fault: made the HeaderNameValues::prefix() method const. * grpc-web: fixed an issue with failing HTTP/2 requests on some browsers. Notably, WebKit-based browsers (https://bugs.webkit.org/show_bug.cgi?id=210108), Internet Explorer 11, and Edge (pre-Chromium). * http: fixed CVE-2020-25018 by rolling back the ``GURL`` dependency to previous state (reverted: ``2d69e30``, ``d828958``, and ``c9c4709`` commits) due to potential of crashing when Unicode URIs are present in requests. @@ -74,110 +74,110 @@ Bug Fixes Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` -* http: removed legacy header sanitization and the runtime guard `envoy.reloadable_features.strict_header_validation`. -* http: removed legacy transfer-encoding enforcement and runtime guard `envoy.reloadable_features.reject_unsupported_transfer_encodings`. -* http: removed configurable strict host validation and runtime guard `envoy.reloadable_features.strict_authority_validation`. -* http: removed the connection header sanitization runtime guard `envoy.reloadable_features.connection_header_sanitization`. +* http: removed legacy header sanitization and the runtime guard ``envoy.reloadable_features.strict_header_validation``. +* http: removed legacy transfer-encoding enforcement and runtime guard ``envoy.reloadable_features.reject_unsupported_transfer_encodings``. +* http: removed configurable strict host validation and runtime guard ``envoy.reloadable_features.strict_authority_validation``. +* http: removed the connection header sanitization runtime guard ``envoy.reloadable_features.connection_header_sanitization``. New Features ------------ -* access log: added a :ref:`dynamic metadata filter` for access logs, which filters whether to log based on matching dynamic metadata. -* access log: added support for :ref:`%DOWNSTREAM_PEER_FINGERPRINT_1% ` as a response flag. -* access log: added support for :ref:`%CONNECTION_TERMINATION_DETAILS% ` as a log command operator about why the connection is terminated by Envoy. -* access log: added support for nested objects in :ref:`JSON logging mode `. -* access log: added :ref:`omit_empty_values` option to omit unset value from formatted log. -* access log: added support for :ref:`%CONNECTION_ID% ` for the downstream connection identifier. -* admin: added :ref:`circuit breakers settings ` information to GET /clusters?format=json :ref:`cluster status `. -* admin: added :ref:`node ` information to GET /server_info :ref:`response object `. -* admin: added the ability to dump init manager unready targets information :ref:`/init_dump ` and :ref:`/init_dump?mask={} `. -* admission control: added the :ref:`admission control ` filter for client-side request throttling. -* build: enable building envoy :ref:`arm64 images ` by buildx tool in x86 CI platform. -* cluster: added new :ref:`connection_pool_per_downstream_connection ` flag, which enable creation of a new connection pool for each downstream connection. +* access log: added a :ref:`dynamic metadata filter ` for access logs, which filters whether to log based on matching dynamic metadata. +* access log: added support for :ref:`%DOWNSTREAM_PEER_FINGERPRINT_1% ` as a response flag. +* access log: added support for :ref:`%CONNECTION_TERMINATION_DETAILS% ` as a log command operator about why the connection is terminated by Envoy. +* access log: added support for nested objects in :ref:`JSON logging mode `. +* access log: added :ref:`omit_empty_values ` option to omit unset value from formatted log. +* access log: added support for :ref:`%CONNECTION_ID% ` for the downstream connection identifier. +* admin: added :ref:`circuit breakers settings ` information to GET /clusters?format=json :ref:`cluster status `. +* admin: added :ref:`node ` information to GET /server_info :ref:`response object `. +* admin: added the ability to dump init manager unready targets information :ref:`/init_dump ` and :ref:`/init_dump?mask={} `. +* admission control: added the :ref:`admission control ` filter for client-side request throttling. +* build: enable building envoy :ref:`arm64 images ` by buildx tool in x86 CI platform. +* cluster: added new :ref:`connection_pool_per_downstream_connection ` flag, which enable creation of a new connection pool for each downstream connection. * decompressor filter: reports compressed and uncompressed bytes in trailers. -* dns: added support for doing DNS resolution using Apple's DnsService APIs in Apple platforms (macOS, iOS). This feature is ON by default, and is only configurable via the `envoy.restart_features.use_apple_api_for_dns_lookups` runtime key. Note that this value is latched during server startup and changing the runtime key is a no-op during the lifetime of the process. -* dns_filter: added support for answering :ref:`service record` queries. -* dynamic_forward_proxy: added :ref:`use_tcp_for_dns_lookups` option to use TCP for DNS lookups in order to match the DNS options for :ref:`Clusters`. -* ext_authz filter: added support for emitting dynamic metadata for both :ref:`HTTP ` and :ref:`network ` filters. - The emitted dynamic metadata is set by :ref:`dynamic metadata ` field in a returned :ref:`CheckResponse `. -* ext_authz filter: added :ref:`stat_prefix ` as an optional additional prefix for the statistics emitted from `ext_authz` HTTP filter. -* ext_authz filter: added support for enabling the filter based on :ref:`dynamic metadata `. -* ext_authz filter: added support for letting the authorization server instruct Envoy to remove headers from the original request by setting the new field :ref:`headers_to_remove ` before forwarding it to the upstream. -* ext_authz filter: added support for sending :ref:`raw bytes as request body ` of a gRPC check request by setting :ref:`pack_as_bytes ` to true. -* ext_authz_filter: added :ref:`disable_request_body_buffering ` to disable request data buffering per-route. -* grpc-json: support specifying `response_body` field in for `google.api.HttpBody` message. -* hds: added :ref:`cluster_endpoints_health ` to HDS responses, keeping endpoints in the same groupings as they were configured in the HDS specifier by cluster and locality instead of as a flat list. -* hds: added :ref:`transport_socket_matches ` to HDS cluster health check specifier, so the existing match filter :ref:`transport_socket_match_criteria ` in the repeated field :ref:`health_checks ` has context to match against. This unblocks support for health checks over HTTPS and HTTP/2. +* dns: added support for doing DNS resolution using Apple's DnsService APIs in Apple platforms (macOS, iOS). This feature is ON by default, and is only configurable via the ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime key. Note that this value is latched during server startup and changing the runtime key is a no-op during the lifetime of the process. +* dns_filter: added support for answering :ref:`service record ` queries. +* dynamic_forward_proxy: added :ref:`use_tcp_for_dns_lookups ` option to use TCP for DNS lookups in order to match the DNS options for :ref:`Clusters `. +* ext_authz filter: added support for emitting dynamic metadata for both :ref:`HTTP ` and :ref:`network ` filters. + The emitted dynamic metadata is set by :ref:`dynamic metadata ` field in a returned :ref:`CheckResponse `. +* ext_authz filter: added :ref:`stat_prefix ` as an optional additional prefix for the statistics emitted from `ext_authz` HTTP filter. +* ext_authz filter: added support for enabling the filter based on :ref:`dynamic metadata `. +* ext_authz filter: added support for letting the authorization server instruct Envoy to remove headers from the original request by setting the new field :ref:`headers_to_remove ` before forwarding it to the upstream. +* ext_authz filter: added support for sending :ref:`raw bytes as request body ` of a gRPC check request by setting :ref:`pack_as_bytes ` to true. +* ext_authz_filter: added :ref:`disable_request_body_buffering ` to disable request data buffering per-route. +* grpc-json: support specifying ``response_body`` field in for ``google.api.HttpBody`` message. +* hds: added :ref:`cluster_endpoints_health ` to HDS responses, keeping endpoints in the same groupings as they were configured in the HDS specifier by cluster and locality instead of as a flat list. +* hds: added :ref:`transport_socket_matches ` to HDS cluster health check specifier, so the existing match filter :ref:`transport_socket_match_criteria ` in the repeated field :ref:`health_checks ` has context to match against. This unblocks support for health checks over HTTPS and HTTP/2. * hot restart: added :option:`--socket-path` and :option:`--socket-mode` to configure UDS path in the filesystem and set permission to it. -* http: added HTTP/2 support for :ref:`connection keepalive ` via PING. -* http: added support for :ref:`%DOWNSTREAM_PEER_FINGERPRINT_1% ` as custom header. -* http: added :ref:`allow_chunked_length ` configuration option for HTTP/1 codec to allow processing requests/responses with both Content-Length and Transfer-Encoding: chunked headers. If such message is served and option is enabled - per RFC Content-Length is ignored and removed. -* http: added :ref:`CDN Loop filter ` and :ref:`documentation `. -* http: added :ref:`MaxStreamDuration proto ` for configuring per-route downstream duration timeouts. -* http: introduced new HTTP/1 and HTTP/2 codec implementations that will remove the use of exceptions for control flow due to high risk factors and instead use error statuses. The old behavior is used by default for HTTP/1.1 and HTTP/2 server connections. The new codecs can be enabled for testing by setting the runtime feature `envoy.reloadable_features.new_codec_behavior` to true. The new codecs will be in development for one month, and then enabled by default while the old codecs are deprecated. -* http: modified the HTTP header-map data-structure to use an underlying dictionary and a list (no change to the header-map API). To conform with previous versions, the use of a dictionary is currently disabled. It can be enabled by setting the `envoy.http.headermap.lazy_map_min_size` runtime feature to a non-negative number which defines the minimal number of headers in a request/response/trailers required for using a dictionary in addition to the list. Our current benchmarks suggest that the value 3 is a good threshold for most workloads. -* load balancer: added :ref:`RingHashLbConfig` to configure the table size of Maglev consistent hash. -* load balancer: added a :ref:`configuration` option to specify the active request bias used by the least request load balancer. -* load balancer: added an :ref:`option ` to optimize subset load balancing when there is only one host per subset. -* load balancer: added support for bounded load per host for consistent hash load balancers via :ref:`hash_balance_factor `. -* local_reply config: added :ref:`content_type` field to set content-type. -* lua: added Lua APIs to access :ref:`SSL connection info ` object. -* lua: added Lua API for :ref:`base64 escaping a string `. -* lua: added Lua API for :ref:`setting the current buffer content `. -* lua: added new :ref:`source_code ` field to support the dispatching of inline Lua code in per route configuration of Lua filter. -* overload management: add :ref:`scaling ` trigger for OverloadManager actions. -* postgres network filter: :ref:`metadata ` is produced based on SQL query. -* proxy protocol: added support for generating the header upstream using :ref:`Proxy Protocol Transport Socket `. -* ratelimit: added :ref:`enable_x_ratelimit_headers ` option to enable `X-RateLimit-*` headers as defined in `draft RFC `_. -* ratelimit: added :ref:`per route config ` for rate limit filter. -* ratelimit: added support for optional :ref:`descriptor_key ` to Generic Key action. +* http: added HTTP/2 support for :ref:`connection keepalive ` via PING. +* http: added support for :ref:`%DOWNSTREAM_PEER_FINGERPRINT_1% ` as custom header. +* http: added :ref:`allow_chunked_length ` configuration option for HTTP/1 codec to allow processing requests/responses with both Content-Length and Transfer-Encoding: chunked headers. If such message is served and option is enabled - per RFC Content-Length is ignored and removed. +* http: added :ref:`CDN Loop filter ` and :ref:`documentation `. +* http: added :ref:`MaxStreamDuration proto ` for configuring per-route downstream duration timeouts. +* http: introduced new HTTP/1 and HTTP/2 codec implementations that will remove the use of exceptions for control flow due to high risk factors and instead use error statuses. The old behavior is used by default for HTTP/1.1 and HTTP/2 server connections. The new codecs can be enabled for testing by setting the runtime feature ``envoy.reloadable_features.new_codec_behavior`` to true. The new codecs will be in development for one month, and then enabled by default while the old codecs are deprecated. +* http: modified the HTTP header-map data-structure to use an underlying dictionary and a list (no change to the header-map API). To conform with previous versions, the use of a dictionary is currently disabled. It can be enabled by setting the ``envoy.http.headermap.lazy_map_min_size`` runtime feature to a non-negative number which defines the minimal number of headers in a request/response/trailers required for using a dictionary in addition to the list. Our current benchmarks suggest that the value 3 is a good threshold for most workloads. +* load balancer: added :ref:`RingHashLbConfig ` to configure the table size of Maglev consistent hash. +* load balancer: added a :ref:`configuration ` option to specify the active request bias used by the least request load balancer. +* load balancer: added an :ref:`option ` to optimize subset load balancing when there is only one host per subset. +* load balancer: added support for bounded load per host for consistent hash load balancers via :ref:`hash_balance_factor `. +* local_reply config: added :ref:`content_type ` field to set content-type. +* lua: added Lua APIs to access :ref:`SSL connection info ` object. +* lua: added Lua API for :ref:`base64 escaping a string `. +* lua: added Lua API for :ref:`setting the current buffer content `. +* lua: added new :ref:`source_code ` field to support the dispatching of inline Lua code in per route configuration of Lua filter. +* overload management: add :ref:`scaling ` trigger for OverloadManager actions. +* postgres network filter: :ref:`metadata ` is produced based on SQL query. +* proxy protocol: added support for generating the header upstream using :ref:`Proxy Protocol Transport Socket `. +* ratelimit: added :ref:`enable_x_ratelimit_headers ` option to enable `X-RateLimit-*` headers as defined in `draft RFC `_. +* ratelimit: added :ref:`per route config ` for rate limit filter. +* ratelimit: added support for optional :ref:`descriptor_key ` to Generic Key action. * rbac filter: added the name of the matched policy to the response code detail when a request is rejected by the RBAC filter. -* rbac filter: added a log action to the :ref:`RBAC filter ` which sets dynamic metadata to inform access loggers whether to log. -* redis: added fault injection support :ref:`fault injection for redis proxy `, described further in :ref:`configuration documentation `. -* router: added a new :ref:`rate limited retry back off ` strategy that uses headers like `Retry-After` or `X-RateLimit-Reset` to decide the back off interval. +* rbac filter: added a log action to the :ref:`RBAC filter ` which sets dynamic metadata to inform access loggers whether to log. +* redis: added fault injection support :ref:`fault injection for redis proxy `, described further in :ref:`configuration documentation `. +* router: added a new :ref:`rate limited retry back off ` strategy that uses headers like `Retry-After` or `X-RateLimit-Reset` to decide the back off interval. * router: added new - :ref:`envoy-ratelimited` + :ref:`envoy-ratelimited ` retry policy, which allows retrying envoy's own rate limited responses. -* router: added new :ref:`host_rewrite_path_regex ` +* router: added new :ref:`host_rewrite_path_regex ` option, which allows rewriting Host header based on path. -* router: added support for DYNAMIC_METADATA :ref:`header formatter `. -* router_check_tool: added support for `request_header_matches`, `response_header_matches` to :ref:`router check tool `. +* router: added support for DYNAMIC_METADATA :ref:`header formatter `. +* router_check_tool: added support for ``request_header_matches``, ``response_header_matches`` to :ref:`router check tool `. * signal: added support for calling fatal error handlers without envoy's signal handler, via FatalErrorHandler::callFatalErrorHandlers(). -* stats: added optional histograms to :ref:`cluster stats ` +* stats: added optional histograms to :ref:`cluster stats ` that track headers and body sizes of requests and responses. * stats: allow configuring histogram buckets for stats sinks and admin endpoints that support it. -* tap: added :ref:`generic body matcher` to scan http requests and responses for text or hex patterns. -* tcp_proxy: added :ref:`max_downstream_connection_duration` for downstream connection. When max duration is reached the connection will be closed. +* tap: added :ref:`generic body matcher ` to scan http requests and responses for text or hex patterns. +* tcp_proxy: added :ref:`max_downstream_connection_duration ` for downstream connection. When max duration is reached the connection will be closed. * tcp_proxy: allow earlier network filters to set metadataMatchCriteria on the connection StreamInfo to influence load balancing. -* tls: added OCSP stapling support through the :ref:`ocsp_staple ` and :ref:`ocsp_staple_policy ` configuration options. See :ref:`OCSP Stapling ` for usage and runtime flags. -* tls: introduce new :ref:`extension point` for overriding :ref:`TLS handshaker ` behavior. -* tls: switched from using socket BIOs to using custom BIOs that know how to interact with IoHandles. The feature can be disabled by setting runtime feature `envoy.reloadable_features.tls_use_io_handle_bio` to false. -* tracing: added ability to set some :ref:`optional segment fields` in the AWS X-Ray tracer. -* udp_proxy: added :ref:`hash_policies ` to support hash based routing. -* udp_proxy: added :ref:`use_original_src_ip ` option to replicate the downstream remote address of the packets on the upstream side of Envoy. It is similar to :ref:`original source filter `. -* watchdog: support randomizing the watchdog's kill timeout to prevent synchronized kills via a maximium jitter parameter :ref:`max_kill_timeout_jitter`. -* watchdog: supports an extension point where actions can be registered to fire on watchdog events such as miss, megamiss, kill and multikill. See :ref:`watchdog actions`. -* watchdog: watchdog action extension that does cpu profiling. See :ref:`Profile Action `. -* watchdog: watchdog action extension that sends SIGABRT to the stuck thread to terminate the process. See :ref:`Abort Action `. -* xds: added :ref:`extension config discovery` support for HTTP filters. -* xds: added support for mixed v2/v3 discovery response, which enable type url downgrade and upgrade. This feature is disabled by default and is controlled by runtime guard `envoy.reloadable_features.enable_type_url_downgrade_and_upgrade`. +* tls: added OCSP stapling support through the :ref:`ocsp_staple ` and :ref:`ocsp_staple_policy ` configuration options. See :ref:`OCSP Stapling ` for usage and runtime flags. +* tls: introduce new :ref:`extension point ` for overriding :ref:`TLS handshaker ` behavior. +* tls: switched from using socket BIOs to using custom BIOs that know how to interact with IoHandles. The feature can be disabled by setting runtime feature ``envoy.reloadable_features.tls_use_io_handle_bio`` to false. +* tracing: added ability to set some :ref:`optional segment fields ` in the AWS X-Ray tracer. +* udp_proxy: added :ref:`hash_policies ` to support hash based routing. +* udp_proxy: added :ref:`use_original_src_ip ` option to replicate the downstream remote address of the packets on the upstream side of Envoy. It is similar to :ref:`original source filter `. +* watchdog: support randomizing the watchdog's kill timeout to prevent synchronized kills via a maximium jitter parameter :ref:`max_kill_timeout_jitter `. +* watchdog: supports an extension point where actions can be registered to fire on watchdog events such as miss, megamiss, kill and multikill. See :ref:`watchdog actions `. +* watchdog: watchdog action extension that does cpu profiling. See :ref:`Profile Action `. +* watchdog: watchdog action extension that sends SIGABRT to the stuck thread to terminate the process. See :ref:`Abort Action `. +* xds: added :ref:`extension config discovery ` support for HTTP filters. +* xds: added support for mixed v2/v3 discovery response, which enable type url downgrade and upgrade. This feature is disabled by default and is controlled by runtime guard ``envoy.reloadable_features.enable_type_url_downgrade_and_upgrade``. * zlib: added option to use `zlib-ng `_ as zlib library. Deprecated ---------- -* build: alpine based debug image is deprecated in favor of :ref:`Ubuntu based debug image `. -* cluster: the :ref:`track_timeout_budgets ` - field has been deprecated in favor of `timeout_budgets` part of an :ref:`Optional Configuration `. -* ext_authz: the :ref:`dynamic metadata ` field in :ref:`OkHttpResponse ` has been deprecated in favor of :ref:`dynamic metadata ` field in :ref:`CheckResponse `. -* hds: the :ref:`endpoints_health ` - field has been deprecated in favor of :ref:`cluster_endpoints_health ` to maintain +* build: alpine based debug image is deprecated in favor of :ref:`Ubuntu based debug image `. +* cluster: the :ref:`track_timeout_budgets ` + field has been deprecated in favor of `timeout_budgets` part of an :ref:`Optional Configuration `. +* ext_authz: the :ref:`dynamic metadata ` field in :ref:`OkHttpResponse ` has been deprecated in favor of :ref:`dynamic metadata ` field in :ref:`CheckResponse `. +* hds: the :ref:`endpoints_health ` + field has been deprecated in favor of :ref:`cluster_endpoints_health ` to maintain grouping by cluster and locality. -* router: the :ref:`include_vh_rate_limits ` field has been deprecated in favor of :ref:`vh_rate_limits `. -* router: the :ref:`max_grpc_timeout ` field has been deprecated in favor of :ref:`grpc_timeout_header_max `. -* router: the :ref:`grpc_timeout_offset ` field has been deprecated in favor of :ref:`grpc_timeout_header_offset `. -* tap: the :ref:`match_config ` field has been deprecated in favor of - :ref:`match ` field. -* router_check_tool: `request_header_fields`, `response_header_fields` config deprecated in favor of `request_header_matches`, `response_header_matches`. -* watchdog: :ref:`watchdog ` deprecated in favor of :ref:`watchdogs `. +* router: the :ref:`include_vh_rate_limits ` field has been deprecated in favor of :ref:`vh_rate_limits `. +* router: the :ref:`max_grpc_timeout ` field has been deprecated in favor of :ref:`grpc_timeout_header_max `. +* router: the :ref:`grpc_timeout_offset ` field has been deprecated in favor of :ref:`grpc_timeout_header_offset `. +* tap: the :ref:`match_config ` field has been deprecated in favor of + :ref:`match ` field. +* router_check_tool: ``request_header_fields``, ``response_header_fields`` config deprecated in favor of ``request_header_matches``, ``response_header_matches``. +* watchdog: :ref:`watchdog ` deprecated in favor of :ref:`watchdogs `. diff --git a/docs/root/version_history/v1.16.3.rst b/docs/root/version_history/v1.16.3.rst index e40fe3911d4d..125902e2f67d 100644 --- a/docs/root/version_history/v1.16.3.rst +++ b/docs/root/version_history/v1.16.3.rst @@ -14,9 +14,9 @@ Bug Fixes *Changes expected to improve the state of the world and are unlikely to have negative effects* * aggregate cluster: fixed a crash due to a TLS initialization issue. -* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. +* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. * http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior. -* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting `envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure` to false. +* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting ``envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure`` to false. * lua: fixed crash when Lua script contains streamInfo():downstreamSslConnection(). * overload: fix a bug that can cause use-after-free when one scaled timer disables another one with the same duration. * tls: fix a crash when peer sends a TLS Alert with an unknown code. @@ -24,11 +24,10 @@ Bug Fixes Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` New Features ------------ Deprecated ---------- - diff --git a/docs/root/version_history/v1.17.0.rst b/docs/root/version_history/v1.17.0.rst index 81059460beb6..ace3ea40fd97 100644 --- a/docs/root/version_history/v1.17.0.rst +++ b/docs/root/version_history/v1.17.0.rst @@ -5,7 +5,7 @@ Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* -* config: v2 is now fatal-by-default. This may be overridden by setting :option:`--bootstrap-version` 2 on the CLI for a v2 bootstrap file and also enabling the runtime `envoy.reloadable_features.enable_deprecated_v2_api` feature. +* config: v2 is now fatal-by-default. This may be overridden by setting :option:`--bootstrap-version` 2 on the CLI for a v2 bootstrap file and also enabling the runtime ``envoy.reloadable_features.enable_deprecated_v2_api`` feature. Minor Behavior Changes ---------------------- @@ -13,31 +13,31 @@ Minor Behavior Changes * build: the Alpine based debug images are no longer built in CI, use Ubuntu based images instead. * decompressor: set the default value of window_bits of the decompressor to 15 to be able to decompress responses compressed by a compressor with any window size. -* expr filter: added `connection.termination_details` property support. -* formatter: the :ref:`text_format ` field no longer requires at least one byte, and may now be the empty string. It has also become :ref:`deprecated <1_17_deprecated>`. -* grpc_web filter: if a `grpc-accept-encoding` header is present it's passed as-is to the upstream and if it isn't `grpc-accept-encoding:identity` is sent instead. The header was always overwriten with `grpc-accept-encoding:identity,deflate,gzip` before. +* expr filter: added ``connection.termination_details`` property support. +* formatter: the :ref:`text_format ` field no longer requires at least one byte, and may now be the empty string. It has also become :ref:`deprecated `. +* grpc_web filter: if a ``grpc-accept-encoding`` header is present it's passed as-is to the upstream and if it isn't ``grpc-accept-encoding:identity`` is sent instead. The header was always overwriten with ``grpc-accept-encoding:identity,deflate,gzip`` before. * http: upstream protocol will now only be logged if an upstream stream was established. -* jwt_authn filter: added support of JWT time constraint verification with a clock skew (default to 60 seconds) and added a filter config field :ref:`clock_skew_seconds ` to configure it. -* listener: injection of the :ref:`TLS inspector ` has been disabled by default. This feature is controlled by the runtime guard `envoy.reloadable_features.disable_tls_inspector_injection`. -* lua: added `always_wrap_body` argument to `body()` API to always return a :ref:`buffer object ` even if the body is empty. +* jwt_authn filter: added support of JWT time constraint verification with a clock skew (default to 60 seconds) and added a filter config field :ref:`clock_skew_seconds ` to configure it. +* listener: injection of the :ref:`TLS inspector ` has been disabled by default. This feature is controlled by the runtime guard ``envoy.reloadable_features.disable_tls_inspector_injection``. +* lua: added `always_wrap_body` argument to `body()` API to always return a :ref:`buffer object ` even if the body is empty. * memory: enabled new tcmalloc with restartable sequences for aarch64 builds. -* mongo proxy metrics: swapped network connection remote and local closed counters previously set reversed (`cx_destroy_local_with_active_rq` and `cx_destroy_remote_with_active_rq`). -* outlier detection: added :ref:`max_ejection_time ` to limit ejection time growth when a node stays unhealthy for extended period of time. By default :ref:`max_ejection_time ` limits ejection time to 5 minutes. Additionally, when the node stays healthy, ejection time decreases. See :ref:`ejection algorithm` for more info. Previously, ejection time could grow without limit and never decreased. +* mongo proxy metrics: swapped network connection remote and local closed counters previously set reversed (``cx_destroy_local_with_active_rq`` and ``cx_destroy_remote_with_active_rq``). +* outlier detection: added :ref:`max_ejection_time ` to limit ejection time growth when a node stays unhealthy for extended period of time. By default :ref:`max_ejection_time ` limits ejection time to 5 minutes. Additionally, when the node stays healthy, ejection time decreases. See :ref:`ejection algorithm ` for more info. Previously, ejection time could grow without limit and never decreased. * performance: improved performance when handling large HTTP/1 bodies. -* tcp_proxy: now waits for HTTP tunnel to be established before start streaming the downstream data, the runtime guard `envoy.reloadable_features.http_upstream_wait_connect_response` can be set to "false" to disable this behavior. +* tcp_proxy: now waits for HTTP tunnel to be established before start streaming the downstream data, the runtime guard ``envoy.reloadable_features.http_upstream_wait_connect_response`` can be set to "false" to disable this behavior. * tls: removed RSA key transport and SHA-1 cipher suites from the client-side defaults. -* watchdog: the watchdog action :ref:`abort_action ` is now the default action to terminate the process if watchdog kill / multikill is enabled. +* watchdog: the watchdog action :ref:`abort_action ` is now the default action to terminate the process if watchdog kill / multikill is enabled. * xds: to support TTLs, heartbeating has been added to xDS. As a result, responses that contain empty resources without updating the version will no longer be propagated to the - subscribers. To undo this for VHDS (which is the only subscriber that wants empty resources), the `envoy.reloadable_features.vhds_heartbeats` can be set to "false". + subscribers. To undo this for VHDS (which is the only subscriber that wants empty resources), the ``envoy.reloadable_features.vhds_heartbeats`` can be set to "false". Bug Fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* -* config: validate that upgrade configs have a non-empty :ref:`upgrade_type `, fixing a bug where an errant "-" could result in unexpected behavior. +* config: validate that upgrade configs have a non-empty :ref:`upgrade_type `, fixing a bug where an errant "-" could result in unexpected behavior. * dns: fixed a bug where custom resolvers provided in configuration were not preserved after network issues. * dns_filter: correctly associate DNS response IDs when multiple queries are received. -* grpc mux: fixed sending node again after stream is reset when :ref:`set_node_on_first_message_only ` is set. +* grpc mux: fixed sending node again after stream is reset when :ref:`set_node_on_first_message_only ` is set. * http: fixed URL parsing for HTTP/1.1 fully qualified URLs and connect requests containing IPv6 addresses. * http: reject requests with missing required headers after filter chain processing. * http: sending CONNECT_ERROR for HTTP/2 where appropriate during CONNECT requests. @@ -51,70 +51,70 @@ Bug Fixes Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` -* dispatcher: removed legacy socket read/write resumption code path and runtime guard `envoy.reloadable_features.activate_fds_next_event_loop`. -* ext_authz: removed auto ignore case in HTTP-based `ext_authz` header matching and the runtime guard `envoy.reloadable_features.ext_authz_http_service_enable_case_sensitive_string_matcher`. To ignore case, set the :ref:`ignore_case ` field to true. -* ext_authz: the deprecated field `use_alpha` is no longer supported and cannot be set anymore. -* http: removed `envoy.reloadable_features.http1_flood_protection` and legacy code path for turning flood protection off. -* http: removed `envoy.reloadable_features.new_codec_behavior` and legacy codecs. +* dispatcher: removed legacy socket read/write resumption code path and runtime guard ``envoy.reloadable_features.activate_fds_next_event_loop``. +* ext_authz: removed auto ignore case in HTTP-based ``ext_authz`` header matching and the runtime guard ``envoy.reloadable_features.ext_authz_http_service_enable_case_sensitive_string_matcher``. To ignore case, set the :ref:`ignore_case ` field to true. +* ext_authz: the deprecated field ``use_alpha`` is no longer supported and cannot be set anymore. +* http: removed ``envoy.reloadable_features.http1_flood_protection`` and legacy code path for turning flood protection off. +* http: removed ``envoy.reloadable_features.new_codec_behavior`` and legacy codecs. New Features ------------ -* compression: the :ref:`compressor ` filter added support for compressing request payloads. Its configuration is unified with the :ref:`decompressor ` filter with two new fields for different directions - :ref:`requests ` and :ref:`responses `. The latter deprecates the old response-specific fields and, if used, roots the response-specific stats in `.compressor...response.*` instead of `.compressor...*`. -* config: added ability to flush stats when the admin's :ref:`/stats endpoint ` is hit instead of on a timer via :ref:`stats_flush_on_admin `. -* config: added new runtime feature `envoy.features.enable_all_deprecated_features` that allows the use of all deprecated features. +* compression: the :ref:`compressor ` filter added support for compressing request payloads. Its configuration is unified with the :ref:`decompressor ` filter with two new fields for different directions - :ref:`requests ` and :ref:`responses `. The latter deprecates the old response-specific fields and, if used, roots the response-specific stats in `.compressor...response.*` instead of `.compressor...*`. +* config: added ability to flush stats when the admin's :ref:`/stats endpoint ` is hit instead of on a timer via :ref:`stats_flush_on_admin `. +* config: added new runtime feature ``envoy.features.enable_all_deprecated_features`` that allows the use of all deprecated features. * crash support: added the ability to dump L4 connection data on crash. -* formatter: added new :ref:`text_format_source ` field to support format strings both inline and from a file. -* formatter: added support for custom date formatting to :ref:`%DOWNSTREAM_PEER_CERT_V_START% ` and :ref:`%DOWNSTREAM_PEER_CERT_V_END% `, similar to :ref:`%START_TIME% `. -* grpc: implemented header value syntax support when defining :ref:`initial metadata ` for gRPC-based `ext_authz` :ref:`HTTP ` and :ref:`network ` filters, and :ref:`ratelimit ` filters. -* grpc-json: added support for configuring :ref:`unescaping behavior ` for path components. -* hds: added support for delta updates in the :ref:`HealthCheckSpecifier `, making only the Endpoints and Health Checkers that changed be reconstructed on receiving a new message, rather than the entire HDS. -* health_check: added option to use :ref:`no_traffic_healthy_interval ` which allows a different no traffic interval when the host is healthy. -* http: added HCM :ref:`request_headers_timeout config field ` to control how long a downstream has to finish sending headers before the stream is cancelled. -* http: added frame flood and abuse checks to the upstream HTTP/2 codec. This check is off by default and can be enabled by setting the `envoy.reloadable_features.upstream_http2_flood_checks` runtime key to true. -* http: added :ref:`stripping any port from host header ` support. -* http: clusters added support for selecting HTTP/1 or HTTP/2 based on ALPN, configurable via :ref:`alpn_config ` in the :ref:`http_protocol_options ` message. -* jwt_authn: added support for :ref:`per-route config `. -* jwt_authn: changed config field :ref:`issuer ` to be optional to comply with JWT `RFC `_ requirements. -* kill_request: added new :ref:`HTTP kill request filter `. -* listener: added an optional :ref:`default filter chain `. If this field is supplied, and none of the :ref:`filter_chains ` matches, this default filter chain is used to serve the connection. -* listener: added back the :ref:`use_original_dst field `. -* listener: added the :ref:`Listener.bind_to_port field `. +* formatter: added new :ref:`text_format_source ` field to support format strings both inline and from a file. +* formatter: added support for custom date formatting to :ref:`%DOWNSTREAM_PEER_CERT_V_START% ` and :ref:`%DOWNSTREAM_PEER_CERT_V_END% `, similar to :ref:`%START_TIME% `. +* grpc: implemented header value syntax support when defining :ref:`initial metadata ` for gRPC-based `ext_authz` :ref:`HTTP ` and :ref:`network ` filters, and :ref:`ratelimit ` filters. +* grpc-json: added support for configuring :ref:`unescaping behavior ` for path components. +* hds: added support for delta updates in the :ref:`HealthCheckSpecifier `, making only the Endpoints and Health Checkers that changed be reconstructed on receiving a new message, rather than the entire HDS. +* health_check: added option to use :ref:`no_traffic_healthy_interval ` which allows a different no traffic interval when the host is healthy. +* http: added HCM :ref:`request_headers_timeout config field ` to control how long a downstream has to finish sending headers before the stream is cancelled. +* http: added frame flood and abuse checks to the upstream HTTP/2 codec. This check is off by default and can be enabled by setting the ``envoy.reloadable_features.upstream_http2_flood_checks`` runtime key to true. +* http: added :ref:`stripping any port from host header ` support. +* http: clusters added support for selecting HTTP/1 or HTTP/2 based on ALPN, configurable via :ref:`alpn_config ` in the :ref:`http_protocol_options ` message. +* jwt_authn: added support for :ref:`per-route config `. +* jwt_authn: changed config field :ref:`issuer ` to be optional to comply with JWT `RFC `_ requirements. +* kill_request: added new :ref:`HTTP kill request filter `. +* listener: added an optional :ref:`default filter chain `. If this field is supplied, and none of the :ref:`filter_chains ` matches, this default filter chain is used to serve the connection. +* listener: added back the :ref:`use_original_dst field `. +* listener: added the :ref:`Listener.bind_to_port field `. * log: added a new custom flag ``%_`` to the log pattern to print the actual message to log, but with escaped newlines. -* lua: added `downstreamDirectRemoteAddress()` and `downstreamLocalAddress()` APIs to :ref:`streamInfo() `. -* mongo_proxy: the list of commands to produce metrics for is now :ref:`configurable `. -* network: added a :ref:`transport_socket_connect_timeout config field ` for incoming connections completing transport-level negotiation, including TLS and ALTS hanshakes. -* overload: added :ref:`envoy.overload_actions.reduce_timeouts ` overload action to enable scaling timeouts down with load. Scaling support :ref:`is limited ` to the HTTP connection and stream idle timeouts. -* ratelimit: added support for use of various :ref:`metadata ` as a ratelimit action. -* ratelimit: added :ref:`disable_x_envoy_ratelimited_header ` option to disable `X-Envoy-RateLimited` header. -* ratelimit: added :ref:`body ` field to support custom response bodies for non-OK responses from the external ratelimit service. -* ratelimit: added :ref:`descriptor extensions `. -* ratelimit: added :ref:`computed descriptors `. -* ratelimit: added :ref:`dynamic_metadata ` field to support setting dynamic metadata from the ratelimit service. -* router: added support for regex rewrites during HTTP redirects using :ref:`regex_rewrite `. -* sds: improved support for atomic :ref:`key rotations ` and added configurable rotation triggers for - :ref:`TlsCertificate ` and - :ref:`CertificateValidationContext `. -* signal: added an extension point for custom actions to run on the thread that has encountered a fatal error. Actions are configurable via :ref:`fatal_actions `. -* start_tls: added new :ref:`transport socket` which starts in clear-text but may programatically be converted to use tls. -* tcp: added a new :ref:`envoy.overload_actions.reject_incoming_connections ` action to reject incoming TCP connections. -* thrift_proxy: added a new :ref:`payload_passthrough ` option to skip decoding body in the Thrift message. +* lua: added `downstreamDirectRemoteAddress()` and `downstreamLocalAddress()` APIs to :ref:`streamInfo() `. +* mongo_proxy: the list of commands to produce metrics for is now :ref:`configurable `. +* network: added a :ref:`transport_socket_connect_timeout config field ` for incoming connections completing transport-level negotiation, including TLS and ALTS hanshakes. +* overload: added :ref:`envoy.overload_actions.reduce_timeouts ` overload action to enable scaling timeouts down with load. Scaling support :ref:`is limited ` to the HTTP connection and stream idle timeouts. +* ratelimit: added support for use of various :ref:`metadata ` as a ratelimit action. +* ratelimit: added :ref:`disable_x_envoy_ratelimited_header ` option to disable `X-Envoy-RateLimited` header. +* ratelimit: added :ref:`body ` field to support custom response bodies for non-OK responses from the external ratelimit service. +* ratelimit: added :ref:`descriptor extensions `. +* ratelimit: added :ref:`computed descriptors `. +* ratelimit: added :ref:`dynamic_metadata ` field to support setting dynamic metadata from the ratelimit service. +* router: added support for regex rewrites during HTTP redirects using :ref:`regex_rewrite `. +* sds: improved support for atomic :ref:`key rotations ` and added configurable rotation triggers for + :ref:`TlsCertificate ` and + :ref:`CertificateValidationContext `. +* signal: added an extension point for custom actions to run on the thread that has encountered a fatal error. Actions are configurable via :ref:`fatal_actions `. +* start_tls: added new :ref:`transport socket ` which starts in clear-text but may programatically be converted to use tls. +* tcp: added a new :ref:`envoy.overload_actions.reject_incoming_connections ` action to reject incoming TCP connections. +* thrift_proxy: added a new :ref:`payload_passthrough ` option to skip decoding body in the Thrift message. * tls: added support for RSA certificates with 4096-bit keys in FIPS mode. -* tracing: added :ref:`SkyWalking tracer `. -* tracing: added support for setting the hostname used when sending spans to a Zipkin collector using the :ref:`collector_hostname ` field. -* xds: added support for resource TTLs. A TTL is specified on the :ref:`Resource `. For SotW, a :ref:`Resource ` can be embedded in the list of resources to specify the TTL. +* tracing: added :ref:`SkyWalking tracer `. +* tracing: added support for setting the hostname used when sending spans to a Zipkin collector using the :ref:`collector_hostname ` field. +* xds: added support for resource TTLs. A TTL is specified on the :ref:`Resource `. For SotW, a :ref:`Resource ` can be embedded in the list of resources to specify the TTL. .. _1_17_deprecated: Deprecated ---------- -* cluster: HTTP configuration for upstream clusters has been reworked. HTTP-specific configuration is now done in the new :ref:`http_protocol_options ` message, configured via the cluster's :ref:`extension_protocol_options`. This replaces explicit HTTP configuration in cluster config, including :ref:`upstream_http_protocol_options` :ref:`common_http_protocol_options` :ref:`http_protocol_options` :ref:`http2_protocol_options` and :ref:`protocol_selection`. Examples of before-and-after configuration can be found in the :ref:`http_protocol_options docs ` and all of Envoy's example configurations have been updated to the new style of config. -* compression: the fields :ref:`content_length `, :ref:`content_type `, :ref:`disable_on_etag_header `, :ref:`remove_accept_encoding_header ` and :ref:`runtime_enabled ` of the :ref:`Compressor ` message have been deprecated in favor of :ref:`response_direction_config `. -* formatter: :ref:`text_format ` is now deprecated in favor of :ref:`text_format_source `. To migrate existing text format strings, use the :ref:`inline_string ` field. -* gzip: :ref:`HTTP Gzip filter ` is rejected now unless explicitly allowed with :ref:`runtime override ` `envoy.deprecated_features.allow_deprecated_gzip_http_filter` set to `true`. Use the :ref:`compressor filter `. -* listener: :ref:`use_proxy_proto ` has been deprecated in favor of adding a :ref:`PROXY protocol listener filter ` explicitly. -* logging: the `--log-format-prefix-with-location` option is removed. -* ratelimit: the :ref:`dynamic metadata ` action is deprecated in favor of the more generic :ref:`metadata ` action. -* stats: the `--use-fake-symbol-table` option is removed. -* tracing: OpenCensus :ref:`Zipkin configuration ` is now deprecated, the preferred Zipkin export is via Envoy's :ref:`native Zipkin tracer `. +* cluster: HTTP configuration for upstream clusters has been reworked. HTTP-specific configuration is now done in the new :ref:`http_protocol_options ` message, configured via the cluster's :ref:`extension_protocol_options `. This replaces explicit HTTP configuration in cluster config, including :ref:`upstream_http_protocol_options ` :ref:`common_http_protocol_options ` :ref:`http_protocol_options ` :ref:`http2_protocol_options ` and :ref:`protocol_selection `. Examples of before-and-after configuration can be found in the :ref:`http_protocol_options docs ` and all of Envoy's example configurations have been updated to the new style of config. +* compression: the fields :ref:`content_length `, :ref:`content_type `, :ref:`disable_on_etag_header `, :ref:`remove_accept_encoding_header ` and :ref:`runtime_enabled ` of the :ref:`Compressor ` message have been deprecated in favor of :ref:`response_direction_config `. +* formatter: :ref:`text_format ` is now deprecated in favor of :ref:`text_format_source `. To migrate existing text format strings, use the :ref:`inline_string ` field. +* gzip: :ref:`HTTP Gzip filter ` is rejected now unless explicitly allowed with :ref:`runtime override ` ``envoy.deprecated_features.allow_deprecated_gzip_http_filter`` set to `true`. Use the :ref:`compressor filter `. +* listener: :ref:`use_proxy_proto ` has been deprecated in favor of adding a :ref:`PROXY protocol listener filter ` explicitly. +* logging: the ``--log-format-prefix-with-location`` option is removed. +* ratelimit: the :ref:`dynamic metadata ` action is deprecated in favor of the more generic :ref:`metadata ` action. +* stats: the ``--use-fake-symbol-table`` option is removed. +* tracing: OpenCensus :ref:`Zipkin configuration ` is now deprecated, the preferred Zipkin export is via Envoy's :ref:`native Zipkin tracer `. diff --git a/docs/root/version_history/v1.17.1.rst b/docs/root/version_history/v1.17.1.rst index 0cafd45771a2..35429d90da7b 100644 --- a/docs/root/version_history/v1.17.1.rst +++ b/docs/root/version_history/v1.17.1.rst @@ -18,11 +18,10 @@ Bug Fixes Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` New Features ------------ Deprecated ---------- - diff --git a/docs/root/version_history/v1.17.2.rst b/docs/root/version_history/v1.17.2.rst index 86e7b5a57796..570447c67a04 100644 --- a/docs/root/version_history/v1.17.2.rst +++ b/docs/root/version_history/v1.17.2.rst @@ -13,19 +13,18 @@ Bug Fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* -* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. +* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. * http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior. -* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting `envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure` to false. +* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting ``envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure`` to false. * tls: fix a crash when peer sends a TLS Alert with an unknown code. Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` New Features ------------ -* dispatcher: supports a stack of `Envoy::ScopeTrackedObject` instead of a single tracked object. This will allow Envoy to dump more debug information on crash. +* dispatcher: supports a stack of ``Envoy::ScopeTrackedObject`` instead of a single tracked object. This will allow Envoy to dump more debug information on crash. Deprecated ---------- - diff --git a/docs/root/version_history/v1.18.0.rst b/docs/root/version_history/v1.18.0.rst index d0d33a150f52..10eaf1630225 100644 --- a/docs/root/version_history/v1.18.0.rst +++ b/docs/root/version_history/v1.18.0.rst @@ -6,70 +6,70 @@ Incompatible Behavior Changes *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* * config: the v2 xDS API is no longer supported by the Envoy binary. -* grpc_stats: the default value for :ref:`stats_for_all_methods ` is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature `envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default`. -* http: fixing a standards compliance issue with :scheme. The :scheme header sent upstream is now based on the original URL scheme, rather than set based on the security of the upstream connection. This behavior can be temporarily reverted by setting `envoy.reloadable_features.preserve_downstream_scheme` to false. -* http: http3 is now enabled/disabled via build option `--define http3=disabled` rather than the extension framework. The behavior is the same, but builds may be affected for platforms or build configurations where http3 is not supported. -* http: resolving inconsistencies between :scheme and X-Forwarded-Proto. :scheme will now be set for all HTTP/1.1 requests. This changes the behavior of the gRPC access logger, Wasm filters, CSRF filter and oath2 filter for HTTP/1 traffic, where :scheme was previously not set. This change also validates that for front-line Envoys (Envoys configured with :ref:`xff_num_trusted_hops ` set to 0 and :ref:`use_remote_address ` set to true) that HTTP/1.1 https schemed requests can not be sent over non-TLS connections. All behavioral changes listed here can be temporarily reverted by setting `envoy.reloadable_features.add_and_validate_scheme_header` to false. -* http: when a protocol error is detected in response from upstream, Envoy sends 502 BadGateway downstream and access log entry contains UPE flag. This behavior change can be overwritten to use error code 503 by setting `envoy.reloadable_features.return_502_for_upstream_protocol_errors` to false. +* grpc_stats: the default value for :ref:`stats_for_all_methods ` is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature ``envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default``. +* http: fixing a standards compliance issue with :scheme. The :scheme header sent upstream is now based on the original URL scheme, rather than set based on the security of the upstream connection. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.preserve_downstream_scheme`` to false. +* http: http3 is now enabled/disabled via build option ``--define http3=disabled`` rather than the extension framework. The behavior is the same, but builds may be affected for platforms or build configurations where http3 is not supported. +* http: resolving inconsistencies between :scheme and X-Forwarded-Proto. :scheme will now be set for all HTTP/1.1 requests. This changes the behavior of the gRPC access logger, Wasm filters, CSRF filter and oath2 filter for HTTP/1 traffic, where :scheme was previously not set. This change also validates that for front-line Envoys (Envoys configured with :ref:`xff_num_trusted_hops ` set to 0 and :ref:`use_remote_address ` set to true) that HTTP/1.1 https schemed requests can not be sent over non-TLS connections. All behavioral changes listed here can be temporarily reverted by setting ``envoy.reloadable_features.add_and_validate_scheme_header`` to false. +* http: when a protocol error is detected in response from upstream, Envoy sends 502 BadGateway downstream and access log entry contains UPE flag. This behavior change can be overwritten to use error code 503 by setting ``envoy.reloadable_features.return_502_for_upstream_protocol_errors`` to false. Minor Behavior Changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* -* access_logs: change command operator %UPSTREAM_CLUSTER% to resolve to :ref:`alt_stat_name ` if provided. This behavior can be reverted by disabling the runtime feature `envoy.reloadable_features.use_observable_cluster_name`. +* access_logs: change command operator %UPSTREAM_CLUSTER% to resolve to :ref:`alt_stat_name ` if provided. This behavior can be reverted by disabling the runtime feature ``envoy.reloadable_features.use_observable_cluster_name``. * access_logs: fix substition formatter to recognize commands ending with an integer such as DOWNSTREAM_PEER_FINGERPRINT_256. -* access_logs: set the error flag `NC` for `no cluster found` instead of `NR` if the route is found but the corresponding cluster is not available. -* admin: added :ref:`observability_name ` information to GET /clusters?format=json :ref:`cluster status `. -* dns: both the :ref:`strict DNS ` and - :ref:`logical DNS ` cluster types now honor the - :ref:`hostname ` field if not empty. +* access_logs: set the error flag ``NC`` for ``no cluster found`` instead of ``NR`` if the route is found but the corresponding cluster is not available. +* admin: added :ref:`observability_name ` information to GET /clusters?format=json :ref:`cluster status `. +* dns: both the :ref:`strict DNS ` and + :ref:`logical DNS ` cluster types now honor the + :ref:`hostname ` field if not empty. Previously resolved hosts would have their hostname set to the configured DNS address for use with - logging, :ref:`auto_host_rewrite `, etc. + logging, :ref:`auto_host_rewrite `, etc. Setting the hostname manually allows overriding the internal hostname used for such features while still allowing the original DNS resolution name to be used. * grpc_json_transcoder: the filter now adheres to encoder and decoder buffer limits. Requests and responses that require buffering over the limits will be directly rejected. The behavior can be reverted by - disabling runtime feature `envoy.reloadable_features.grpc_json_transcoder_adhere_to_buffer_limits`. - To reduce or increase the buffer limits the filter adheres to, reference the :ref:`flow control documentation `. -* hds: support custom health check port via :ref:`health_check_config `. -* healthcheck: the :ref:`health check filter ` now sends the - :ref:`x-envoy-immediate-health-check-fail ` header + disabling runtime feature ``envoy.reloadable_features.grpc_json_transcoder_adhere_to_buffer_limits``. + To reduce or increase the buffer limits the filter adheres to, reference the :ref:`flow control documentation `. +* hds: support custom health check port via :ref:`health_check_config `. +* healthcheck: the :ref:`health check filter ` now sends the + :ref:`x-envoy-immediate-health-check-fail ` header for all responses when Envoy is in the health check failed state. Additionally, receiving the - :ref:`x-envoy-immediate-health-check-fail ` - header (either in response to normal traffic or in response to an HTTP :ref:`active health check `) will - cause Envoy to immediately :ref:`exclude ` the host from + :ref:`x-envoy-immediate-health-check-fail ` + header (either in response to normal traffic or in response to an HTTP :ref:`active health check `) will + cause Envoy to immediately :ref:`exclude ` the host from load balancing calculations. This has the useful property that such hosts, which are being explicitly told to disable traffic, will not be counted for panic routing calculations. See the excluded documentation for more information. This behavior can be temporarily reverted by setting - the `envoy.reloadable_features.health_check.immediate_failure_exclude_from_cluster` feature flag + the ``envoy.reloadable_features.health_check.immediate_failure_exclude_from_cluster`` feature flag to false. Note that the runtime flag covers *both* the health check filter responding with - `x-envoy-immediate-health-check-fail` in all cases (versus just non-HC requests) as well as - whether receiving `x-envoy-immediate-health-check-fail` will cause exclusion or not. Thus, + ``x-envoy-immediate-health-check-fail`` in all cases (versus just non-HC requests) as well as + whether receiving ``x-envoy-immediate-health-check-fail`` will cause exclusion or not. Thus, depending on the Envoy deployment, the feature flag may need to be flipped on both downstream and upstream instances, depending on the reason. -* http: added support for internal redirects with bodies. This behavior can be disabled temporarily by setting `envoy.reloadable_features.internal_redirects_with_body` to false. +* http: added support for internal redirects with bodies. This behavior can be disabled temporarily by setting ``envoy.reloadable_features.internal_redirects_with_body`` to false. * http: increase the maximum allowed number of initial connection WINDOW_UPDATE frames sent by the peer from 1 to 5. -* http: no longer adding content-length: 0 for requests which should not have bodies. This behavior can be temporarily reverted by setting `envoy.reloadable_features.dont_add_content_length_for_bodiless_requests` false. -* http: switched the path canonicalizer to `googleurl `_ - instead of `//source/common/chromium_url`. The new path canonicalizer is enabled by default. To +* http: no longer adding content-length: 0 for requests which should not have bodies. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.dont_add_content_length_for_bodiless_requests`` false. +* http: switched the path canonicalizer to ``googleurl `_ + instead of ``//source/common/chromium_url``. The new path canonicalizer is enabled by default. To revert to the legacy path canonicalizer, enable the runtime flag - `envoy.reloadable_features.remove_forked_chromium_url`. + ``envoy.reloadable_features.remove_forked_chromium_url``. * http: upstream flood and abuse checks now increment the count of opened HTTP/2 streams when Envoy sends initial HEADERS frame for the new stream. Before the counter was incrementred when Envoy received response HEADERS frame with the END_HEADERS flag set from upstream server. -* lua: added function `timestamp` to provide millisecond resolution timestamps by passing in `EnvoyTimestampResolution.MILLISECOND`. -* oauth filter: added the optional parameter :ref:`auth_scopes ` with default value of 'user' if not provided. This allows this value to be overridden in the Authorization request to the OAuth provider. +* lua: added function ``timestamp`` to provide millisecond resolution timestamps by passing in ``EnvoyTimestampResolution.MILLISECOND``. +* oauth filter: added the optional parameter :ref:`auth_scopes ` with default value of 'user' if not provided. This allows this value to be overridden in the Authorization request to the OAuth provider. * perf: allow reading more bytes per operation from raw sockets to improve performance. -* router: extended custom date formatting to DOWNSTREAM_PEER_CERT_V_START and DOWNSTREAM_PEER_CERT_V_END when using :ref:`custom request/response header formats `. +* router: extended custom date formatting to DOWNSTREAM_PEER_CERT_V_START and DOWNSTREAM_PEER_CERT_V_END when using :ref:`custom request/response header formats `. * router: made the path rewrite available without finalizing headers, so the filter could calculate the current value of the final url. -* tracing: added `upstream_cluster.name` tag that resolves to resolve to :ref:`alt_stat_name ` if provided (and otherwise the cluster name). -* udp: configuration has been added for :ref:`GRO ` +* tracing: added ``upstream_cluster.name`` tag that resolves to resolve to :ref:`alt_stat_name ` if provided (and otherwise the cluster name). +* udp: configuration has been added for :ref:`GRO ` which used to be force enabled if the OS supports it. The default is now disabled for server sockets and enabled for client sockets (see the new features section for links). * upstream: host weight changes now cause a full load balancer rebuild as opposed to happening atomically inline. This change has been made to support load balancer pre-computation of data structures based on host weight, but may have performance implications if host weight changes - are very frequent. This change can be disabled by setting the `envoy.reloadable_features.upstream_host_weight_change_causes_rebuild` + are very frequent. This change can be disabled by setting the ``envoy.reloadable_features.upstream_host_weight_change_causes_rebuild`` feature flag to false. If setting this flag to false is required in a deployment please open an issue against the project. @@ -77,24 +77,24 @@ Bug Fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* -* active http health checks: properly handles HTTP/2 GOAWAY frames from the upstream. Previously a GOAWAY frame due to a graceful listener drain could cause improper failed health checks due to streams being refused by the upstream on a connection that is going away. To revert to old GOAWAY handling behavior, set the runtime feature `envoy.reloadable_features.health_check.graceful_goaway_handling` to false. +* active http health checks: properly handles HTTP/2 GOAWAY frames from the upstream. Previously a GOAWAY frame due to a graceful listener drain could cause improper failed health checks due to streams being refused by the upstream on a connection that is going away. To revert to old GOAWAY handling behavior, set the runtime feature ``envoy.reloadable_features.health_check.graceful_goaway_handling`` to false. * adaptive concurrency: fixed a bug where concurrent requests on different worker threads could update minRTT back-to-back. * buffer: tighten network connection read and write buffer high watermarks in preparation to more careful enforcement of read limits. Buffer high-watermark is now set to the exact configured value; previously it was set to value + 1. -* cdn_loop: check that the entirety of the :ref:`cdn_id ` field is a valid CDN identifier. +* cdn_loop: check that the entirety of the :ref:`cdn_id ` field is a valid CDN identifier. * cds: fix blocking the update for a warming cluster when the update is the same as the active version. -* ext_authz: emit :ref:`CheckResponse.dynamic_metadata ` when the external authorization response has "Denied" check status. +* ext_authz: emit :ref:`CheckResponse.dynamic_metadata ` when the external authorization response has "Denied" check status. * fault injection: stop counting as active fault after delay elapsed. Previously fault injection filter continues to count the injected delay as an active fault even after it has elapsed. This produces incorrect output statistics and impacts the max number of consecutive faults allowed (e.g., for long-lived streams). This change decreases the active fault count when the delay fault is the only active and has gone finished. * filter_chain: fix filter chain matching with the server name as the case-insensitive way. -* grpc-web: fix local reply and non-proto-encoded gRPC response handling for small response bodies. This fix can be temporarily reverted by setting `envoy.reloadable_features.grpc_web_fix_non_proto_encoded_response_handling` to false. +* grpc-web: fix local reply and non-proto-encoded gRPC response handling for small response bodies. This fix can be temporarily reverted by setting ``envoy.reloadable_features.grpc_web_fix_non_proto_encoded_response_handling`` to false. * grpc_http_bridge: the downstream HTTP status is now correctly set for trailers-only responses from the upstream. -* header map: pick the right delimiter to append multiple header values to the same key. Previouly header with multiple values were coalesced with ",", after this fix cookie headers should be coalesced with " ;". This doesn't affect Http1 or Http2 requests because these 2 codecs coalesce cookie headers before adding it to header map. To revert to the old behavior, set the runtime feature `envoy.reloadable_features.header_map_correctly_coalesce_cookies` to false. +* header map: pick the right delimiter to append multiple header values to the same key. Previouly header with multiple values were coalesced with ",", after this fix cookie headers should be coalesced with " ;". This doesn't affect Http1 or Http2 requests because these 2 codecs coalesce cookie headers before adding it to header map. To revert to the old behavior, set the runtime feature ``envoy.reloadable_features.header_map_correctly_coalesce_cookies`` to false. * http: avoid grpc-status overwrite on when sending local replies if that field has already been set. -* http: disallowing "host:" in request_headers_to_add for behavioral consistency with rejecting :authority header. This behavior can be temporarily reverted by setting `envoy.reloadable_features.treat_host_like_authority` to false. -* http: fixed an issue where Enovy did not handle peer stream limits correctly, and queued streams in nghttp2 rather than establish new connections. This behavior can be temporarily reverted by setting `envoy.reloadable_features.improved_stream_limit_handling` to false. -* http: fixed a bug where setting :ref:`MaxStreamDuration proto ` did not disable legacy timeout defaults. -* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. +* http: disallowing "host:" in request_headers_to_add for behavioral consistency with rejecting :authority header. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.treat_host_like_authority`` to false. +* http: fixed an issue where Enovy did not handle peer stream limits correctly, and queued streams in nghttp2 rather than establish new connections. This behavior can be temporarily reverted by setting ``envoy.reloadable_features.improved_stream_limit_handling`` to false. +* http: fixed a bug where setting :ref:`MaxStreamDuration proto ` did not disable legacy timeout defaults. +* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. * http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior. -* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting `envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure` to false. +* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting ``envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure`` to false. * jwt_authn: reject requests with a proper error if JWT has the wrong issuer when allow_missing is used. Before this change, the requests are accepted. * listener: prevent crashing when an unknown listener config proto is received and debug logging is enabled. * mysql_filter: improve the codec ability of mysql filter at connection phase, it can now decode MySQL5.7+ connection phase protocol packet. @@ -109,87 +109,86 @@ Bug Fixes Removed Config or Runtime ------------------------- -*Normally occurs at the end of the* :ref:`deprecation period ` +*Normally occurs at the end of the* :ref:`deprecation period ` -* access_logs: removed legacy unbounded access logs and runtime guard `envoy.reloadable_features.disallow_unbounded_access_logs`. -* dns: removed legacy buggy wildcard matching path and runtime guard `envoy.reloadable_features.fix_wildcard_matching`. -* dynamic_forward_proxy: removed `envoy.reloadable_features.enable_dns_cache_circuit_breakers` and legacy code path. -* http: removed legacy connect behavior and runtime guard `envoy.reloadable_features.stop_faking_paths`. -* http: removed legacy connection close behavior and runtime guard `envoy.reloadable_features.fixed_connection_close`. -* http: removed legacy HTTP/1.1 error reporting path and runtime guard `envoy.reloadable_features.early_errors_via_hcm`. -* http: removed legacy sanitization path for upgrade response headers and runtime guard `envoy.reloadable_features.fix_upgrade_response`. -* http: removed legacy date header overwriting logic and runtime guard `envoy.reloadable_features.preserve_upstream_date deprecation`. -* http: removed legacy ALPN handling and runtime guard `envoy.reloadable_features.http_default_alpn`. -* listener: removed legacy runtime guard `envoy.reloadable_features.listener_in_place_filterchain_update`. -* router: removed `envoy.reloadable_features.consume_all_retry_headers` and legacy code path. -* router: removed `envoy.reloadable_features.preserve_query_string_in_path_redirects` and legacy code path. +* access_logs: removed legacy unbounded access logs and runtime guard ``envoy.reloadable_features.disallow_unbounded_access_logs``. +* dns: removed legacy buggy wildcard matching path and runtime guard ``envoy.reloadable_features.fix_wildcard_matching``. +* dynamic_forward_proxy: removed ``envoy.reloadable_features.enable_dns_cache_circuit_breakers`` and legacy code path. +* http: removed legacy connect behavior and runtime guard ``envoy.reloadable_features.stop_faking_paths``. +* http: removed legacy connection close behavior and runtime guard ``envoy.reloadable_features.fixed_connection_close``. +* http: removed legacy HTTP/1.1 error reporting path and runtime guard ``envoy.reloadable_features.early_errors_via_hcm``. +* http: removed legacy sanitization path for upgrade response headers and runtime guard ``envoy.reloadable_features.fix_upgrade_response``. +* http: removed legacy date header overwriting logic and runtime guard ``envoy.reloadable_features.preserve_upstream_date deprecation``. +* http: removed legacy ALPN handling and runtime guard ``envoy.reloadable_features.http_default_alpn``. +* listener: removed legacy runtime guard ``envoy.reloadable_features.listener_in_place_filterchain_update``. +* router: removed ``envoy.reloadable_features.consume_all_retry_headers`` and legacy code path. +* router: removed ``envoy.reloadable_features.preserve_query_string_in_path_redirects`` and legacy code path. New Features ------------ -* access log: added a new :ref:`OpenTelemetry access logger ` extension, allowing a flexible log structure with native Envoy access log formatting. -* access log: added the new response flag `NC` for upstream cluster not found. The error flag is set when the http or tcp route is found for the request but the cluster is not available. -* access log: added the :ref:`formatters ` extension point for custom formatters (command operators). -* access log: added support for cross platform writing to :ref:`standard output ` and :ref:`standard error `. +* access log: added a new :ref:`OpenTelemetry access logger ` extension, allowing a flexible log structure with native Envoy access log formatting. +* access log: added the new response flag ``NC`` for upstream cluster not found. The error flag is set when the http or tcp route is found for the request but the cluster is not available. +* access log: added the :ref:`formatters ` extension point for custom formatters (command operators). +* access log: added support for cross platform writing to :ref:`standard output ` and :ref:`standard error `. * access log: support command operator: %FILTER_CHAIN_NAME% for the downstream tcp and http request. * access log: support command operator: %REQUEST_HEADERS_BYTES%, %RESPONSE_HEADERS_BYTES%, and %RESPONSE_TRAILERS_BYTES%. -* admin: added support for :ref:`access loggers ` to the admin interface. -* composite filter: added new :ref:`composite filter ` that can be used to instantiate different filter configuratios based on matching incoming data. -* compression: add brotli :ref:`compressor ` and :ref:`decompressor `. -* compression: extended the compression allow compressing when the content length header is not present. This behavior may be temporarily reverted by setting `envoy.reloadable_features.enable_compression_without_content_length_header` to false. -* config: add `envoy.features.fail_on_any_deprecated_feature` runtime key, which matches the behaviour of compile-time flag `ENVOY_DISABLE_DEPRECATED_FEATURES`, i.e. use of deprecated fields will cause a crash. -* config: the ``Node`` :ref:`dynamic context parameters ` are populated in discovery requests when set on the server instance. -* dispatcher: supports a stack of `Envoy::ScopeTrackedObject` instead of a single tracked object. This will allow Envoy to dump more debug information on crash. -* ext_authz: added :ref:`response_headers_to_add ` to support sending response headers to downstream clients on OK authorization checks via gRPC. -* ext_authz: added :ref:`allowed_client_headers_on_success ` to support sending response headers to downstream clients on OK external authorization checks via HTTP. -* grpc_json_transcoder: added :ref:`request_validation_options ` to reject invalid requests early. +* admin: added support for :ref:`access loggers ` to the admin interface. +* composite filter: added new :ref:`composite filter ` that can be used to instantiate different filter configuratios based on matching incoming data. +* compression: add brotli :ref:`compressor ` and :ref:`decompressor `. +* compression: extended the compression allow compressing when the content length header is not present. This behavior may be temporarily reverted by setting ``envoy.reloadable_features.enable_compression_without_content_length_header`` to false. +* config: add ``envoy.features.fail_on_any_deprecated_feature`` runtime key, which matches the behaviour of compile-time flag ``ENVOY_DISABLE_DEPRECATED_FEATURES``, i.e. use of deprecated fields will cause a crash. +* config: the ``Node`` :ref:`dynamic context parameters ` are populated in discovery requests when set on the server instance. +* dispatcher: supports a stack of ``Envoy::ScopeTrackedObject`` instead of a single tracked object. This will allow Envoy to dump more debug information on crash. +* ext_authz: added :ref:`response_headers_to_add ` to support sending response headers to downstream clients on OK authorization checks via gRPC. +* ext_authz: added :ref:`allowed_client_headers_on_success ` to support sending response headers to downstream clients on OK external authorization checks via HTTP. +* grpc_json_transcoder: added :ref:`request_validation_options ` to reject invalid requests early. * grpc_json_transcoder: filter can now be configured on per-route/per-vhost level as well. Leaving empty list of services in the filter configuration disables transcoding on the specific route. -* http: added support for `Envoy::ScopeTrackedObject` for HTTP/1 and HTTP/2 dispatching. Crashes while inside the dispatching loop should dump debug information. Furthermore, HTTP/1 and HTTP/2 clients now dumps the originating request whose response from the upstream caused Envoy to crash. -* http: added support for :ref:`preconnecting `. Preconnecting is off by default, but recommended for clusters serving latency-sensitive traffic, especially if using HTTP/1.1. -* http: added support for stream filters to mutate the cached route set by HCM route resolution. Useful for filters in a filter chain that want to override specific methods/properties of a route. See :ref:`http route mutation ` docs for more information. -* http: added new runtime config `envoy.reloadable_features.check_unsupported_typed_per_filter_config`, the default value is true. When the value is true, envoy will reject virtual host-specific typed per filter config when the filter doesn't support it. -* http: added the ability to preserve HTTP/1 header case across the proxy. See the :ref:`header casing ` documentation for more information. -* http: change frame flood and abuse checks to the upstream HTTP/2 codec to ON by default. It can be disabled by setting the `envoy.reloadable_features.upstream_http2_flood_checks` runtime key to false. -* http: hash multiple header values instead of only hash the first header value. It can be disabled by setting the `envoy.reloadable_features.hash_multiple_header_values` runtime key to false. See the :ref:`HashPolicy's Header configuration ` for more information. -* json: introduced new JSON parser (https://github.com/nlohmann/json) to replace RapidJSON. The new parser is disabled by default. To test the new RapidJSON parser, enable the runtime feature `envoy.reloadable_features.remove_legacy_json`. -* kill_request: :ref:`Kill Request ` now supports bidirection killing. -* listener: added an optional :ref:`stat_prefix `. -* loadbalancer: added the ability to specify the hash_key for a host when using a consistent hashing loadbalancer (ringhash, maglev) using the :ref:`LbEndpoint.Metadata ` e.g.: ``"envoy.lb": {"hash_key": "..."}``. +* http: added support for ``Envoy::ScopeTrackedObject`` for HTTP/1 and HTTP/2 dispatching. Crashes while inside the dispatching loop should dump debug information. Furthermore, HTTP/1 and HTTP/2 clients now dumps the originating request whose response from the upstream caused Envoy to crash. +* http: added support for :ref:`preconnecting `. Preconnecting is off by default, but recommended for clusters serving latency-sensitive traffic, especially if using HTTP/1.1. +* http: added support for stream filters to mutate the cached route set by HCM route resolution. Useful for filters in a filter chain that want to override specific methods/properties of a route. See :ref:`http route mutation ` docs for more information. +* http: added new runtime config ``envoy.reloadable_features.check_unsupported_typed_per_filter_config``, the default value is true. When the value is true, envoy will reject virtual host-specific typed per filter config when the filter doesn't support it. +* http: added the ability to preserve HTTP/1 header case across the proxy. See the :ref:`header casing ` documentation for more information. +* http: change frame flood and abuse checks to the upstream HTTP/2 codec to ON by default. It can be disabled by setting the ``envoy.reloadable_features.upstream_http2_flood_checks`` runtime key to false. +* http: hash multiple header values instead of only hash the first header value. It can be disabled by setting the ``envoy.reloadable_features.hash_multiple_header_values`` runtime key to false. See the :ref:`HashPolicy's Header configuration ` for more information. +* json: introduced new JSON parser (https://github.com/nlohmann/json) to replace RapidJSON. The new parser is disabled by default. To test the new RapidJSON parser, enable the runtime feature ``envoy.reloadable_features.remove_legacy_json``. +* kill_request: :ref:`Kill Request ` now supports bidirection killing. +* listener: added an optional :ref:`stat_prefix `. +* loadbalancer: added the ability to specify the hash_key for a host when using a consistent hashing loadbalancer (ringhash, maglev) using the :ref:`LbEndpoint.Metadata ` e.g.: ``"envoy.lb": {"hash_key": "..."}``. * log: added a new custom flag ``%j`` to the log pattern to print the actual message to log as JSON escaped string. -* oauth filter: added the optional parameter :ref:`resources `. Set this value to add multiple "resource" parameters in the Authorization request sent to the OAuth provider. This acts as an identifier representing the protected resources the client is requesting a token for. -* original_dst: added support for :ref:`Original Destination ` on Windows. This enables the use of Envoy as a sidecar proxy on Windows. -* overload: add support for scaling :ref:`transport connection timeouts`. This can be used to reduce the TLS handshake timeout in response to overload. -* postgres: added ability to :ref:`terminate SSL`. -* rbac: added :ref:`shadow_rules_stat_prefix ` to allow adding custom prefix to the stats emitted by shadow rules. -* route config: added :ref:`allow_post field ` for allowing POST payload as raw TCP. -* route config: added :ref:`max_direct_response_body_size_bytes ` to set maximum :ref:`direct response body ` size in bytes. If not specified the default remains 4096 bytes. -* server: added *fips_mode* to :ref:`server compilation settings ` related statistic. +* oauth filter: added the optional parameter :ref:`resources `. Set this value to add multiple "resource" parameters in the Authorization request sent to the OAuth provider. This acts as an identifier representing the protected resources the client is requesting a token for. +* original_dst: added support for :ref:`Original Destination ` on Windows. This enables the use of Envoy as a sidecar proxy on Windows. +* overload: add support for scaling :ref:`transport connection timeouts `. This can be used to reduce the TLS handshake timeout in response to overload. +* postgres: added ability to :ref:`terminate SSL `. +* rbac: added :ref:`shadow_rules_stat_prefix ` to allow adding custom prefix to the stats emitted by shadow rules. +* route config: added :ref:`allow_post field ` for allowing POST payload as raw TCP. +* route config: added :ref:`max_direct_response_body_size_bytes ` to set maximum :ref:`direct response body ` size in bytes. If not specified the default remains 4096 bytes. +* server: added *fips_mode* to :ref:`server compilation settings ` related statistic. * server: added :option:`--enable-core-dump` flag to enable core dumps via prctl (Linux-based systems only). -* tcp_proxy: add support for converting raw TCP streams into HTTP/1.1 CONNECT requests. See :ref:`upgrade documentation ` for details. -* tcp_proxy: added a :ref:`use_post field ` for using HTTP POST to proxy TCP streams. -* tcp_proxy: added a :ref:`headers_to_add field ` for setting additional headers to the HTTP requests for TCP proxing. -* thrift_proxy: added a :ref:`max_requests_per_connection field ` for setting maximum requests for per downstream connection. -* thrift_proxy: added per upstream metrics within the :ref:`thrift router ` for messagetype counters in request/response. -* thrift_proxy: added per upstream metrics within the :ref:`thrift router ` for request time histograms. -* tls peer certificate validation: added :ref:`SPIFFE validator ` for supporting isolated multiple trust bundles in a single listener or cluster. -* tracing: added the :ref:`pack_trace_reason ` - field as well as explicit configuration for the built-in :ref:`UuidRequestIdConfig ` +* tcp_proxy: add support for converting raw TCP streams into HTTP/1.1 CONNECT requests. See :ref:`upgrade documentation ` for details. +* tcp_proxy: added a :ref:`use_post field ` for using HTTP POST to proxy TCP streams. +* tcp_proxy: added a :ref:`headers_to_add field ` for setting additional headers to the HTTP requests for TCP proxing. +* thrift_proxy: added a :ref:`max_requests_per_connection field ` for setting maximum requests for per downstream connection. +* thrift_proxy: added per upstream metrics within the :ref:`thrift router ` for messagetype counters in request/response. +* thrift_proxy: added per upstream metrics within the :ref:`thrift router ` for request time histograms. +* tls peer certificate validation: added :ref:`SPIFFE validator ` for supporting isolated multiple trust bundles in a single listener or cluster. +* tracing: added the :ref:`pack_trace_reason ` + field as well as explicit configuration for the built-in :ref:`UuidRequestIdConfig ` request ID implementation. See the trace context propagation :ref:`architecture overview - ` for more information. -* udp: added :ref:`downstream ` and - :ref:`upstream ` statistics for dropped datagrams. -* udp: added :ref:`downstream_socket_config ` + ` for more information. +* udp: added :ref:`downstream ` and + :ref:`upstream ` statistics for dropped datagrams. +* udp: added :ref:`downstream_socket_config ` listener configuration to allow configuration of downstream max UDP datagram size. Also added - :ref:`upstream_socket_config ` + :ref:`upstream_socket_config ` UDP proxy configuration to allow configuration of upstream max UDP datagram size. The defaults for both remain 1500 bytes. * udp: added configuration for :ref:`GRO - `. The default is disabled for - :ref:`downstream sockets ` - and enabled for :ref:`upstream sockets `. + `. The default is disabled for + :ref:`downstream sockets ` + and enabled for :ref:`upstream sockets `. Deprecated ---------- -* admin: :ref:`access_log_path ` is deprecated in favor for :ref:`access loggers `. - +* admin: :ref:`access_log_path ` is deprecated in favor for :ref:`access loggers `. diff --git a/docs/root/version_history/v1.2.0.rst b/docs/root/version_history/v1.2.0.rst index 71e91e37f4b8..eb54093f6906 100644 --- a/docs/root/version_history/v1.2.0.rst +++ b/docs/root/version_history/v1.2.0.rst @@ -4,27 +4,27 @@ Changes ------- -* :ref:`Cluster discovery service (CDS) API `. -* :ref:`Outlier detection ` (passive health checking). +* :ref:`Cluster discovery service (CDS) API `. +* :ref:`Outlier detection ` (passive health checking). * Envoy configuration is now checked against a JSON schema. -* :ref:`Ring hash ` consistent load balancer, as well as HTTP +* :ref:`Ring hash ` consistent load balancer, as well as HTTP consistent hash routing based on a policy. -* Vastly :ref:`enhanced global rate limit configuration ` via the HTTP +* Vastly :ref:`enhanced global rate limit configuration ` via the HTTP rate limiting filter. * HTTP routing to a cluster retrieved from a header. * Weighted cluster HTTP routing. * Auto host rewrite during HTTP routing. * Regex header matching during HTTP routing. * HTTP access log runtime filter. -* LightStep tracer :ref:`parent/child span association `. -* :ref:`Route discovery service (RDS) API `. +* LightStep tracer :ref:`parent/child span association `. +* :ref:`Route discovery service (RDS) API `. * HTTP router :ref:`x-envoy-upstream-rq-timeout-alt-response header - ` support. -* *use_original_dst* and *bind_to_port* :ref:`listener options ` (useful for + ` support. +* *use_original_dst* and *bind_to_port* :ref:`listener options ` (useful for iptables based transparent proxy support). -* TCP proxy filter :ref:`route table support `. +* TCP proxy filter :ref:`route table support `. * Configurable stats flush interval. -* Various :ref:`third party library upgrades `, including using BoringSSL as +* Various :ref:`third party library upgrades `, including using BoringSSL as the default SSL provider. * No longer maintain closed HTTP/2 streams for priority calculations. Leads to substantial memory savings for large meshes. diff --git a/docs/root/version_history/v1.3.0.rst b/docs/root/version_history/v1.3.0.rst index 067ea4ee7627..234be4dbacad 100644 --- a/docs/root/version_history/v1.3.0.rst +++ b/docs/root/version_history/v1.3.0.rst @@ -5,62 +5,62 @@ Changes ------- * As of this release, we now have an official :repo:`breaking change policy - `. Note that there are numerous breaking configuration + `. Note that there are numerous breaking configuration changes in this release. They are not listed here. Future releases will adhere to the policy and have clear documentation on deprecations and changes. * Bazel is now the canonical build system (replacing CMake). There have been a huge number of changes to the development/build/test flow. See :repo:`/bazel/README.md` and :repo:`/ci/README.md` for more information. -* :ref:`Outlier detection ` has been expanded to include success +* :ref:`Outlier detection ` has been expanded to include success rate variance, and all parameters are now configurable in both runtime and in the JSON configuration. * TCP level listener and cluster connections now have configurable receive buffer limits at which point connection level back pressure is applied. Full end to end flow control will be available in a future release. -* :ref:`Redis health checking ` has been added as an active +* :ref:`Redis health checking ` has been added as an active health check type. Full Redis support will be documented/supported in 1.4.0. -* :ref:`TCP health checking ` now supports a +* :ref:`TCP health checking ` now supports a "connect only" mode that only checks if the remote server can be connected to without writing/reading any data. * `BoringSSL `_ is now the only supported TLS provider. The default cipher suites and ECDH curves have been updated with more modern defaults for both listener and cluster connections. -* The `header value match` rate limit action has been expanded to include an `expect - match` parameter. +* The ``header value match`` rate limit action has been expanded to include an ``expect + match`` parameter. * Route level HTTP rate limit configurations now do not inherit the virtual host level - configurations by default. Use `include_vh_rate_limits` to inherit the virtual host + configurations by default. Use ``include_vh_rate_limits`` to inherit the virtual host level options if desired. * HTTP routes can now add request headers on a per route and per virtual host basis via the - :ref:`request_headers_to_add ` option. -* The :ref:`example configurations ` have been refreshed to demonstrate the + :ref:`request_headers_to_add ` option. +* The :ref:`example configurations ` have been refreshed to demonstrate the latest features. -* `per_try_timeout_ms` can now be configured in +* ``per_try_timeout_ms`` can now be configured in a route's retry policy in addition to via the :ref:`x-envoy-upstream-rq-per-try-timeout-ms - ` HTTP header. -* HTTP virtual host matching now includes support for prefix wildcard domains (e.g., `*.lyft.com`). + ` HTTP header. +* HTTP virtual host matching now includes support for prefix wildcard domains (e.g., ``*.lyft.com``). * The default for tracing random sampling has been changed to 100% and is still configurable in - :ref:`runtime `. + :ref:`runtime `. * HTTP tracing configuration has been extended to allow tags to be populated from arbitrary HTTP headers. -* The :ref:`HTTP rate limit filter ` can now be applied to internal, - external, or all requests via the `request_type` option. -* :ref:`Listener binding ` now requires specifying an `address` field. This can be +* The :ref:`HTTP rate limit filter ` can now be applied to internal, + external, or all requests via the ``request_type`` option. +* :ref:`Listener binding ` now requires specifying an `address` field. This can be used to bind a listener to both a specific address as well as a port. -* The :ref:`MongoDB filter ` now emits a stat for queries that - do not have `$maxTimeMS` set. -* The :ref:`MongoDB filter ` now emits logs that are fully valid +* The :ref:`MongoDB filter ` now emits a stat for queries that + do not have ``$maxTimeMS`` set. +* The :ref:`MongoDB filter ` now emits logs that are fully valid JSON. * The CPU profiler output path is now configurable. * A watchdog system has been added that can kill the server if a deadlock is detected. -* A :ref:`route table checking tool ` has been added that can +* A :ref:`route table checking tool ` has been added that can be used to test route tables before use. -* We have added an :ref:`example repo ` that shows how to compile/link a custom filter. +* We have added an :ref:`example repo ` that shows how to compile/link a custom filter. * Added additional cluster wide information related to outlier detection to the :ref:`/clusters - admin endpoint `. -* Multiple SANs can now be verified via the `verify_subject_alt_name` setting. + admin endpoint `. +* Multiple SANs can now be verified via the ``verify_subject_alt_name`` setting. Additionally, URI type SANs can be verified. * HTTP filters can now be passed opaque configuration specified on a per route basis. * By default Envoy now has a built in crash handler that will print a back trace. This behavior can be disabled if desired via the ``--define=signal_trace=disabled`` Bazel option. -* Zipkin has been added as a supported :ref:`tracing provider `. +* Zipkin has been added as a supported :ref:`tracing provider `. * Numerous small changes and fixes not listed here. diff --git a/docs/root/version_history/v1.4.0.rst b/docs/root/version_history/v1.4.0.rst index fb8105538627..3342e4faee54 100644 --- a/docs/root/version_history/v1.4.0.rst +++ b/docs/root/version_history/v1.4.0.rst @@ -4,66 +4,66 @@ Changes ------- -* macOS is :repo:`now supported `. (A few features +* macOS is :repo:`now supported `. (A few features are missing such as hot restart and original destination routing). * YAML is now directly supported for config files. * Added /routes admin endpoint. * End-to-end flow control is now supported for TCP proxy, HTTP/1, and HTTP/2. HTTP flow control that includes filter buffering is incomplete and will be implemented in 1.5.0. -* Log verbosity :repo:`compile time flag ` added. -* Hot restart :repo:`compile time flag ` added. -* Original destination :ref:`cluster ` - and :ref:`load balancer ` added. -* :ref:`WebSocket ` is now supported. +* Log verbosity :repo:`compile time flag ` added. +* Hot restart :repo:`compile time flag ` added. +* Original destination :ref:`cluster ` + and :ref:`load balancer ` added. +* :ref:`WebSocket ` is now supported. * Virtual cluster priorities have been hard removed without deprecation as we are reasonably sure no one is using this feature. -* Route `validate_clusters` option added. -* :ref:`x-envoy-downstream-service-node ` +* Route ``validate_clusters`` option added. +* :ref:`x-envoy-downstream-service-node ` header added. -* :ref:`x-forwarded-client-cert ` header +* :ref:`x-forwarded-client-cert ` header added. * Initial HTTP/1 forward proxy support for absolute URLs has been added. * HTTP/2 codec settings are now configurable. -* gRPC/JSON transcoder :ref:`filter ` added. -* gRPC web :ref:`filter ` added. +* gRPC/JSON transcoder :ref:`filter ` added. +* gRPC web :ref:`filter ` added. * Configurable timeout for the rate limit service call in the :ref:`network - ` and :ref:`HTTP ` rate limit + ` and :ref:`HTTP ` rate limit filters. -* :ref:`x-envoy-retry-grpc-on ` header added. -* :ref:`LDS API ` added. -* TLS :`require_client_certificate` option added. -* :ref:`Configuration check tool ` added. -* :ref:`JSON schema check tool ` added. +* :ref:`x-envoy-retry-grpc-on ` header added. +* :ref:`LDS API ` added. +* TLS :``require_client_certificate`` option added. +* :ref:`Configuration check tool ` added. +* :ref:`JSON schema check tool ` added. * Config validation mode added via the :option:`--mode` option. * :option:`--local-address-ip-version` option added. * IPv6 support is now complete. -* UDP `statsd_ip_address` option added. +* UDP ``statsd_ip_address`` option added. * Per-cluster DNS resolvers added. -* :ref:`Fault filter ` enhancements and fixes. -* Several features are :ref:`deprecated as of the 1.4.0 release `. They +* :ref:`Fault filter ` enhancements and fixes. +* Several features are `deprecated as of the 1.4.0 release `_. They will be removed at the beginning of the 1.5.0 release cycle. We explicitly call out that the - `HttpFilterConfigFactory` filter API has been deprecated in favor of - `NamedHttpFilterConfigFactory`. + ``HttpFilterConfigFactory`` filter API has been deprecated in favor of + ``NamedHttpFilterConfigFactory``. * Many small bug fixes and performance improvements not listed. Deprecated ---------- -* Config option `statsd_local_udp_port` has been deprecated and has been replaced with - `statsd_udp_ip_address`. -* `HttpFilterConfigFactory` filter API has been deprecated in favor of `NamedHttpFilterConfigFactory`. -* Config option `http_codec_options` has been deprecated and has been replaced with `http2_settings`. -* The following log macros have been deprecated: `log_trace`, `log_debug`, `conn_log`, - `conn_log_info`, `conn_log_debug`, `conn_log_trace`, `stream_log`, `stream_log_info`, - `stream_log_debug`, `stream_log_trace`. For replacements, please see +* Config option ``statsd_local_udp_port`` has been deprecated and has been replaced with + ``statsd_udp_ip_address``. +* ``HttpFilterConfigFactory`` filter API has been deprecated in favor of ``NamedHttpFilterConfigFactory``. +* Config option ``http_codec_options`` has been deprecated and has been replaced with ``http2_settings``. +* The following log macros have been deprecated: ``log_trace``, ``log_debug``, ``conn_log``, + ``conn_log_info``, ``conn_log_debug``, ``conn_log_trace``, ``stream_log``, ``stream_log_info``, + ``stream_log_debug``, ``stream_log_trace``. For replacements, please see `logger.h `_. * The connectionId() and ssl() callbacks of StreamFilterCallbacks have been deprecated and replaced with a more general connection() callback, which, when not returning a nullptr, can be used to get the connection id and SSL connection from the returned Connection object pointer. -* The protobuf stub gRPC support via `Grpc::RpcChannelImpl` is now replaced with `Grpc::AsyncClientImpl`. - This no longer uses `protoc` generated stubs but instead utilizes C++ template generation of the - RPC stubs. `Grpc::AsyncClientImpl` supports streaming, in addition to the previous unary, RPCs. +* The protobuf stub gRPC support via ``Grpc::RpcChannelImpl`` is now replaced with ``Grpc::AsyncClientImpl``. + This no longer uses ``protoc`` generated stubs but instead utilizes C++ template generation of the + RPC stubs. ``Grpc::AsyncClientImpl`` supports streaming, in addition to the previous unary, RPCs. * The direction of network and HTTP filters in the configuration will be ignored from 1.4.0 and later removed from the configuration in the v2 APIs. Filter direction is now implied at the C++ type - level. The `type()` methods on the `NamedNetworkFilterConfigFactory` and - `NamedHttpFilterConfigFactory` interfaces have been removed to reflect this. + level. The ``type()`` methods on the ``NamedNetworkFilterConfigFactory`` and + ``NamedHttpFilterConfigFactory`` interfaces have been removed to reflect this. diff --git a/docs/root/version_history/v1.5.0.rst b/docs/root/version_history/v1.5.0.rst index 112019390d03..58e1d3147f7b 100644 --- a/docs/root/version_history/v1.5.0.rst +++ b/docs/root/version_history/v1.5.0.rst @@ -5,75 +5,75 @@ Changes ------- * access log: added fields for :ref:`UPSTREAM_LOCAL_ADDRESS and DOWNSTREAM_ADDRESS - `. -* admin: added :ref:`JSON output ` for stats admin endpoint. -* admin: added basic :ref:`Prometheus output ` for stats admin + `. +* admin: added :ref:`JSON output ` for stats admin endpoint. +* admin: added basic :ref:`Prometheus output ` for stats admin endpoint. Histograms are not currently output. -* admin: added ``version_info`` to the :ref:`/clusters admin endpoint`. -* config: the :ref:`v2 API ` is now considered production ready. +* admin: added ``version_info`` to the :ref:`/clusters admin endpoint `. +* config: the :ref:`v2 API ` is now considered production ready. * config: added --v2-config-only CLI flag. -* cors: added :ref:`CORS filter `. +* cors: added :ref:`CORS filter `. * health check: added :ref:`x-envoy-immediate-health-check-fail - ` header support. -* health check: added :ref:`reuse_connection ` option. -* http: added :ref:`per-listener stats `. + ` header support. +* health check: added :ref:`reuse_connection ` option. +* http: added :ref:`per-listener stats `. * http: end-to-end HTTP flow control is now complete across both connections, streams, and filters. -* load balancer: added :ref:`subset load balancer `. +* load balancer: added :ref:`subset load balancer `. * load balancer: added ring size and hash :ref:`configuration options - `. This used to be configurable via runtime. The runtime + `. This used to be configurable via runtime. The runtime configuration was deleted without deprecation as we are fairly certain no one is using it. * log: added the ability to optionally log to a file instead of stderr via the :option:`--log-path` option. -* listeners: added :ref:`drain_type ` option. -* lua: added experimental :ref:`Lua filter `. -* mongo filter: added :ref:`fault injection `. -* mongo filter: added :ref:`"drain close" ` support. -* outlier detection: added :ref:`HTTP gateway failure type `. - See :ref:`deprecated log ` +* listeners: added :ref:`drain_type ` option. +* lua: added experimental :ref:`Lua filter `. +* mongo filter: added :ref:`fault injection `. +* mongo filter: added :ref:`"drain close" ` support. +* outlier detection: added :ref:`HTTP gateway failure type `. + See `deprecated log `_ for outlier detection stats deprecations in this release. -* redis: the :ref:`redis proxy filter ` is now considered +* redis: the :ref:`redis proxy filter ` is now considered production ready. -* redis: added :ref:`"drain close" ` functionality. -* router: added :ref:`x-envoy-overloaded ` support. -* router: added :ref:`regex ` route matching. -* router: added :ref:`custom request headers ` +* redis: added :ref:`"drain close" ` functionality. +* router: added :ref:`x-envoy-overloaded ` support. +* router: added :ref:`regex ` route matching. +* router: added :ref:`custom request headers ` for upstream requests. * router: added :ref:`downstream IP hashing - ` for HTTP ketama routing. -* router: added :ref:`cookie hashing `. -* router: added :ref:`start_child_span ` option + ` for HTTP ketama routing. +* router: added :ref:`cookie hashing `. +* router: added :ref:`start_child_span ` option to create child span for egress calls. -* router: added optional :ref:`upstream logs `. +* router: added optional :ref:`upstream logs `. * router: added complete :ref:`custom append/override/remove support - ` of request/response headers. + ` of request/response headers. * router: added support to :ref:`specify response code during redirect - `. -* router: added :ref:`configuration ` + `. +* router: added :ref:`configuration ` to return either a 404 or 503 if the upstream cluster does not exist. -* runtime: added :ref:`comment capability `. -* server: change default log level (:option:`-l`) to `info`. +* runtime: added :ref:`comment capability `. +* server: change default log level (:option:`-l`) to ``info``. * stats: maximum stat/name sizes and maximum number of stats are now variable via the - `--max-obj-name-len` and `--max-stats` options. -* tcp proxy: added :ref:`access logging `. + ``--max-obj-name-len`` and ``--max-stats`` options. +* tcp proxy: added :ref:`access logging `. * tcp proxy: added :ref:`configurable connect retries - `. -* tcp proxy: enable use of :ref:`outlier detector `. -* tls: added :ref:`SNI support `. + `. +* tcp proxy: enable use of :ref:`outlier detector `. +* tls: added :ref:`SNI support `. * tls: added support for specifying :ref:`TLS session ticket keys - `. + `. * tls: allow configuration of the :ref:`min - ` and :ref:`max - ` TLS protocol versions. -* tracing: added :ref:`custom trace span decorators `. + ` and :ref:`max + ` TLS protocol versions. +* tracing: added :ref:`custom trace span decorators `. * Many small bug fixes and performance improvements not listed. Deprecated ---------- -* The outlier detection `ejections_total` stats counter has been deprecated and not replaced. Monitor - the individual `ejections_detected_*` counters for the detectors of interest, or - `ejections_enforced_total` for the total number of ejections that actually occurred. -* The outlier detection `ejections_consecutive_5xx` stats counter has been deprecated in favour of - `ejections_detected_consecutive_5xx` and `ejections_enforced_consecutive_5xx`. -* The outlier detection `ejections_success_rate` stats counter has been deprecated in favour of - `ejections_detected_success_rate` and `ejections_enforced_success_rate`. +* The outlier detection ``ejections_total`` stats counter has been deprecated and not replaced. Monitor + the individual ``ejections_detected_*`` counters for the detectors of interest, or + ``ejections_enforced_total`` for the total number of ejections that actually occurred. +* The outlier detection ``ejections_consecutive_5xx`` stats counter has been deprecated in favour of + ``ejections_detected_consecutive_5xx`` and ``ejections_enforced_consecutive_5xx``. +* The outlier detection ``ejections_success_rate`` stats counter has been deprecated in favour of + ``ejections_detected_success_rate`` and ``ejections_enforced_success_rate``. diff --git a/docs/root/version_history/v1.6.0.rst b/docs/root/version_history/v1.6.0.rst index 879eb2f8df77..406ca33b4da9 100644 --- a/docs/root/version_history/v1.6.0.rst +++ b/docs/root/version_history/v1.6.0.rst @@ -5,121 +5,121 @@ Changes ------- * access log: added DOWNSTREAM_REMOTE_ADDRESS, DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT, and - DOWNSTREAM_LOCAL_ADDRESS :ref:`access log formatters `. + DOWNSTREAM_LOCAL_ADDRESS :ref:`access log formatters `. DOWNSTREAM_ADDRESS access log formatter has been deprecated. * access log: added less than or equal (LE) :ref:`comparison filter - `. + `. * access log: added configuration to :ref:`runtime filter - ` to set default sampling rate, divisor, + ` to set default sampling rate, divisor, and whether to use independent randomness or not. -* admin: added :ref:`/runtime ` admin endpoint to read the +* admin: added :ref:`/runtime ` admin endpoint to read the current runtime values. * build: added support for :repo:`building Envoy with exported symbols - `. This change allows scripts loaded with the Lua filter to + `. This change allows scripts loaded with the Lua filter to load shared object libraries such as those installed via `LuaRocks `_. * config: added support for sending error details as `grpc.rpc.Status `_ - in :ref:`DiscoveryRequest `. -* config: added support for :ref:`inline delivery ` of TLS + in :ref:`DiscoveryRequest `. +* config: added support for :ref:`inline delivery ` of TLS certificates and private keys. -* config: added restrictions for the backing :ref:`config sources ` +* config: added restrictions for the backing :ref:`config sources ` of xDS resources. For filesystem based xDS the file must exist at configuration time. For cluster based xDS the backing cluster must be statically defined and be of non-EDS type. * grpc: the Google gRPC C++ library client is now supported as specified in the :ref:`gRPC services - overview ` and :ref:`GrpcService `. + overview ` and :ref:`GrpcService `. * grpc-json: added support for :ref:`inline descriptors - `. -* health check: added :ref:`gRPC health check ` + `. +* health check: added :ref:`gRPC health check ` based on `grpc.health.v1.Health `_ service. * health check: added ability to set :ref:`host header value - ` for http health check. + ` for http health check. * health check: extended the health check filter to support computation of the health check response based on the :ref:`percentage of healthy servers in upstream clusters - `. + `. * health check: added setting for :ref:`no-traffic - interval`. + interval `. * http: added idle timeout for :ref:`upstream http connections - `. + `. * http: added support for :ref:`proxying 100-Continue responses - `. + `. * http: added the ability to pass a URL encoded PEM encoded peer certificate in the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header. * http: added support for trusting additional hops in the :ref:`config_http_conn_man_headers_x-forwarded-for` request header. * http: added support for :ref:`incoming HTTP/1.0 - `. + `. * hot restart: added SIGTERM propagation to children to :ref:`hot-restarter.py - `, which enables using it as a parent of containers. -* ip tagging: added :ref:`HTTP IP Tagging filter`. + `, which enables using it as a parent of containers. +* ip tagging: added :ref:`HTTP IP Tagging filter `. * listeners: added support for :ref:`listening for both IPv4 and IPv6 - ` when binding to ::. + ` when binding to ::. * listeners: added support for listening on :ref:`UNIX domain sockets - `. -* listeners: added support for :ref:`abstract unix domain sockets ` on + `. +* listeners: added support for :ref:`abstract unix domain sockets ` on Linux. The abstract namespace can be used by prepending '@' to a socket path. * load balancer: added cluster configuration for :ref:`healthy panic threshold - ` percentage. -* load balancer: added :ref:`Maglev ` consistent hash + ` percentage. +* load balancer: added :ref:`Maglev ` consistent hash load balancer. * load balancer: added support for - :ref:`LocalityLbEndpoints` priorities. -* lua: added headers :ref:`replace() ` API. -* lua: extended to support :ref:`metadata object ` API. -* redis: added local `PING` support to the :ref:`Redis filter `. -* redis: added `GEORADIUS_RO` and `GEORADIUSBYMEMBER_RO` to the :ref:`Redis command splitter - ` allowlist. + :ref:`LocalityLbEndpoints ` priorities. +* lua: added headers :ref:`replace() ` API. +* lua: extended to support :ref:`metadata object ` API. +* redis: added local `PING` support to the :ref:`Redis filter `. +* redis: added ``GEORADIUS_RO`` and ``GEORADIUSBYMEMBER_RO`` to the :ref:`Redis command splitter + ` allowlist. * router: added DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT, DOWNSTREAM_LOCAL_ADDRESS, DOWNSTREAM_LOCAL_ADDRESS_WITHOUT_PORT, PROTOCOL, and UPSTREAM_METADATA :ref:`header - formatters `. The CLIENT_IP header formatter + formatters `. The CLIENT_IP header formatter has been deprecated. -* router: added gateway-error :ref:`retry-on ` policy. +* router: added gateway-error :ref:`retry-on ` policy. * router: added support for route matching based on :ref:`URL query string parameters - `. + `. * router: added support for more granular weighted cluster routing by allowing the :ref:`total_weight - ` to be specified in configuration. + ` to be specified in configuration. * router: added support for :ref:`custom request/response headers - ` with mixed static and dynamic values. -* router: added support for :ref:`direct responses `. + ` with mixed static and dynamic values. +* router: added support for :ref:`direct responses `. I.e., sending a preconfigured HTTP response without proxying anywhere. * router: added support for :ref:`HTTPS redirects - ` on specific routes. + ` on specific routes. * router: added support for :ref:`prefix_rewrite - ` for redirects. + ` for redirects. * router: added support for :ref:`stripping the query string - ` for redirects. + ` for redirects. * router: added support for downstream request/upstream response - :ref:`header manipulation ` in :ref:`weighted - cluster `. + :ref:`header manipulation ` in :ref:`weighted + cluster `. * router: added support for :ref:`range based header matching - ` for request routing. -* squash: added support for the :ref:`Squash microservices debugger `. + ` for request routing. +* squash: added support for the :ref:`Squash microservices debugger `. Allows debugging an incoming request to a microservice in the mesh. * stats: added metrics service API implementation. -* stats: added native :ref:`DogStatsd ` support. +* stats: added native :ref:`DogStatsd ` support. * stats: added support for :ref:`fixed stats tag values - ` which will be added to all metrics. + ` which will be added to all metrics. * tcp proxy: added support for specifying a :ref:`metadata matcher - ` for upstream + ` for upstream clusters in the tcp filter. * tcp proxy: improved TCP proxy to correctly proxy TCP half-close. * tcp proxy: added :ref:`idle timeout - `. + `. * tcp proxy: access logs now bring an IP address without a port when using DOWNSTREAM_ADDRESS. - Use :ref:`DOWNSTREAM_REMOTE_ADDRESS ` instead. + Use :ref:`DOWNSTREAM_REMOTE_ADDRESS ` instead. * tracing: added support for dynamically loading an :ref:`OpenTracing tracer - `. + `. * tracing: when using the Zipkin tracer, it is now possible for clients to specify the sampling - decision (using the :ref:`x-b3-sampled ` header) and + decision (using the :ref:`x-b3-sampled ` header) and have the decision propagated through to subsequently invoked services. * tracing: when using the Zipkin tracer, it is no longer necessary to propagate the - :ref:`x-ot-span-context ` header. - See more on trace context propagation :ref:`here `. + :ref:`x-ot-span-context ` header. + See more on trace context propagation :ref:`here `. * transport sockets: added transport socket interface to allow custom implementations of transport sockets. A transport socket provides read and write logic with buffer encryption and decryption (if applicable). The existing TLS implementation has been refactored with the interface. * upstream: added support for specifying an :ref:`alternate stats name - ` while emitting stats for clusters. + ` while emitting stats for clusters. * Many small bug fixes and performance improvements not listed. Deprecated @@ -130,5 +130,5 @@ Deprecated * CLIENT_IP header formatter is deprecated. Use DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT instead. * 'use_original_dst' field in the v2 LDS API is deprecated. Use listener filters and filter chain matching instead. -* `value` and `regex` fields in the `HeaderMatcher` message is deprecated. Use the `exact_match` - or `regex_match` oneof instead. +* ``value`` and ``regex`` fields in the ``HeaderMatcher`` message is deprecated. Use the ``exact_match`` + or ``regex_match`` oneof instead. diff --git a/docs/root/version_history/v1.7.0.rst b/docs/root/version_history/v1.7.0.rst index 64949cc9e0e9..8be132e66643 100644 --- a/docs/root/version_history/v1.7.0.rst +++ b/docs/root/version_history/v1.7.0.rst @@ -6,154 +6,154 @@ Changes * access log: added ability to log response trailers. * access log: added ability to format START_TIME. -* access log: added DYNAMIC_METADATA :ref:`access log formatter `. -* access log: added :ref:`HeaderFilter ` +* access log: added DYNAMIC_METADATA :ref:`access log formatter `. +* access log: added :ref:`HeaderFilter ` to filter logs based on request headers. -* access log: added `%([1-9])?f` as one of START_TIME specifiers to render subseconds. +* access log: added ``%([1-9])?f`` as one of START_TIME specifiers to render subseconds. * access log: gRPC Access Log Service (ALS) support added for :ref:`HTTP access logs - `. + `. * access log: improved WebSocket logging. * admin: added :http:get:`/config_dump` for dumping the current configuration and associated xDS version information (if applicable). * admin: added :http:get:`/clusters?format=json` for outputing a JSON-serialized proto detailing the current status of all clusters. * admin: added :http:get:`/stats/prometheus` as an alternative endpoint for getting stats in prometheus format. -* admin: added :ref:`/runtime_modify endpoint ` to add or change runtime values. +* admin: added :ref:`/runtime_modify endpoint ` to add or change runtime values. * admin: mutations must be sent as POSTs, rather than GETs. Mutations include: :http:post:`/cpuprofiler`, :http:post:`/healthcheck/fail`, :http:post:`/healthcheck/ok`, :http:post:`/logging`, :http:post:`/quitquitquit`, :http:post:`/reset_counters`, :http:post:`/runtime_modify?key1=value1&key2=value2&keyN=valueN`. -* admin: removed `/routes` endpoint; route configs can now be found at the :ref:`/config_dump endpoint `. +* admin: removed ``/routes`` endpoint; route configs can now be found at the :ref:`/config_dump endpoint `. * buffer filter: the buffer filter can be optionally - :ref:`disabled ` or - :ref:`overridden ` with + :ref:`disabled ` or + :ref:`overridden ` with route-local configuration. * cli: added --config-yaml flag to the Envoy binary. When set its value is interpreted as a yaml representation of the bootstrap config and overrides --config-path. -* cluster: added :ref:`option ` +* cluster: added :ref:`option ` to close tcp_proxy upstream connections when health checks fail. -* cluster: added :ref:`option ` to drain +* cluster: added :ref:`option ` to drain connections from hosts after they are removed from service discovery, regardless of health status. * cluster: fixed bug preventing the deletion of all endpoints in a priority * debug: added symbolized stack traces (where supported) * ext-authz filter: added support to raw HTTP authorization. * ext-authz filter: added support to gRPC responses to carry HTTP attributes. * grpc: support added for the full set of :ref:`Google gRPC call credentials - `. -* gzip filter: added :ref:`stats ` to the filter. + `. +* gzip filter: added :ref:`stats ` to the filter. * gzip filter: sending *accept-encoding* header as *identity* no longer compresses the payload. * health check: added ability to set :ref:`additional HTTP headers - ` for HTTP health check. + ` for HTTP health check. * health check: added support for EDS delivered :ref:`endpoint health status - `. + `. * health check: added interval overrides for health state transitions from :ref:`healthy to unhealthy - `, :ref:`unhealthy to healthy - ` and for subsequent checks on - :ref:`unhealthy hosts `. -* health check: added support for :ref:`custom health check `. + `, :ref:`unhealthy to healthy + ` and for subsequent checks on + :ref:`unhealthy hosts `. +* health check: added support for :ref:`custom health check `. * health check: health check connections can now be configured to use http/2. * health check http filter: added - :ref:`generic header matching ` + :ref:`generic header matching ` to trigger health check response. Deprecated the endpoint option. * http: filters can now optionally support - :ref:`virtual host `, - :ref:`route `, and - :ref:`weighted cluster ` + :ref:`virtual host `, + :ref:`route `, and + :ref:`weighted cluster ` local configuration. * http: added the ability to pass DNS type Subject Alternative Names of the client certificate in the - :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header. + :ref:`v1.7.0:config_http_conn_man_headers_x-forwarded-client-cert` header. * http: local responses to gRPC requests are now sent as trailers-only gRPC responses instead of plain HTTP responses. Notably the HTTP response code is always "200" in this case, and the gRPC error code is carried in "grpc-status" header, optionally accompanied with a text message in "grpc-message" header. * http: added support for :ref:`via header - ` + ` append. * http: added a :ref:`configuration option - ` + ` to elide *x-forwarded-for* header modifications. * http: fixed a bug in inline headers where addCopy and addViaMove didn't add header values when encountering inline headers with multiple instances. -* listeners: added :ref:`tcp_fast_open_queue_length ` option. -* listeners: added the ability to match :ref:`FilterChain ` using - :ref:`application_protocols ` +* listeners: added :ref:`tcp_fast_open_queue_length ` option. +* listeners: added the ability to match :ref:`FilterChain ` using + :ref:`application_protocols ` (e.g. ALPN for TLS protocol). -* listeners: `sni_domains` has been deprecated/renamed to :ref:`server_names `. +* listeners: ``sni_domains`` has been deprecated/renamed to :ref:`server_names `. * listeners: removed restriction on all filter chains having identical filters. * load balancer: added :ref:`weighted round robin - ` support. The round robin + ` support. The round robin scheduler now respects endpoint weights and also has improved fidelity across picks. * load balancer: :ref:`locality weighted load balancing - ` is now supported. + ` is now supported. * load balancer: ability to configure zone aware load balancer settings :ref:`through the API - `. + `. * load balancer: the :ref:`weighted least request - ` load balancing algorithm has been improved + ` load balancing algorithm has been improved to have better balance when operating in weighted mode. * logger: added the ability to optionally set the log format via the :option:`--log-format` option. -* logger: all :ref:`logging levels ` can be configured +* logger: all :ref:`logging levels ` can be configured at run-time: trace debug info warning error critical. -* rbac http filter: a :ref:`role-based access control http filter ` has been added. +* rbac http filter: a :ref:`role-based access control http filter ` has been added. * router: the behavior of per-try timeouts have changed in the case where a portion of the response has already been proxied downstream when the timeout occurs. Previously, the response would be reset leading to either an HTTP/2 reset or an HTTP/1 closed connection and a partial response. Now, the timeout will be ignored and the response will continue to proxy up to the global request timeout. -* router: changed the behavior of :ref:`source IP routing ` +* router: changed the behavior of :ref:`source IP routing ` to ignore the source port. -* router: added an :ref:`prefix_match ` match type +* router: added an :ref:`prefix_match ` match type to explicitly match based on the prefix of a header value. -* router: added an :ref:`suffix_match ` match type +* router: added an :ref:`suffix_match ` match type to explicitly match based on the suffix of a header value. -* router: added an :ref:`present_match ` match type +* router: added an :ref:`present_match ` match type to explicitly match based on a header's presence. -* router: added an :ref:`invert_match ` config option +* router: added an :ref:`invert_match ` config option which supports inverting all other match types to match based on headers which are not a desired value. -* router: allow :ref:`cookie routing ` to +* router: allow :ref:`cookie routing ` to generate session cookies. * router: added START_TIME as one of supported variables in :ref:`header - formatters `. -* router: added a :ref:`max_grpc_timeout ` + formatters `. +* router: added a :ref:`max_grpc_timeout ` config option to specify the maximum allowable value for timeouts decoded from gRPC header field - `grpc-timeout`. + ``grpc-timeout``. * router: added a :ref:`configuration option - ` to disable *x-envoy-* + ` to disable *x-envoy-* header generation. * router: added 'unavailable' to the retriable gRPC status codes that can be specified - through :ref:`x-envoy-retry-grpc-on `. -* sockets: added :ref:`tap transport socket extension ` to support + through :ref:`x-envoy-retry-grpc-on `. +* sockets: added :ref:`tap transport socket extension ` to support recording plain text traffic and PCAP generation. -* sockets: added `IP_FREEBIND` socket option support for :ref:`listeners - ` and upstream connections via +* sockets: added ``IP_FREEBIND`` socket option support for :ref:`listeners + ` and upstream connections via :ref:`cluster manager wide - ` and - :ref:`cluster specific ` options. -* sockets: added `IP_TRANSPARENT` socket option support for :ref:`listeners - `. -* sockets: added `SO_KEEPALIVE` socket option for upstream connections - :ref:`per cluster `. + ` and + :ref:`cluster specific ` options. +* sockets: added ``IP_TRANSPARENT`` socket option support for :ref:`listeners + `. +* sockets: added ``SO_KEEPALIVE`` socket option for upstream connections + :ref:`per cluster `. * stats: added support for histograms. -* stats: added :ref:`option to configure the statsd prefix`. +* stats: added :ref:`option to configure the statsd prefix `. * stats: updated stats sink interface to flush through a single call. * tls: added support for - :ref:`verify_certificate_spki `. + :ref:`verify_certificate_spki `. * tls: added support for multiple - :ref:`verify_certificate_hash ` + :ref:`verify_certificate_hash ` values. * tls: added support for using - :ref:`verify_certificate_spki ` - and :ref:`verify_certificate_hash ` - without :ref:`trusted_ca `. + :ref:`verify_certificate_spki ` + and :ref:`verify_certificate_hash ` + without :ref:`trusted_ca `. * tls: added support for allowing expired certificates with - :ref:`allow_expired_certificate `. -* tls: added support for :ref:`renegotiation ` + :ref:`allow_expired_certificate `. +* tls: added support for :ref:`renegotiation ` when acting as a client. * tls: removed support for legacy SHA-2 CBC cipher suites. * tracing: the sampling decision is now delegated to the tracers, allowing the tracer to decide when and if - to use it. For example, if the :ref:`x-b3-sampled ` header + to use it. For example, if the :ref:`x-b3-sampled ` header is supplied with the client request, its value will override any sampling decision made by the Envoy proxy. * websocket: support configuring idle_timeout and max_connect_attempts. -* upstream: added support for host override for a request in :ref:`Original destination host request header `. -* header to metadata: added :ref:`HTTP Header to Metadata filter`. +* upstream: added support for host override for a request in :ref:`Original destination host request header `. +* header to metadata: added :ref:`HTTP Header to Metadata filter `. Deprecated ---------- @@ -161,14 +161,14 @@ Deprecated * Admin mutations should be sent as POSTs rather than GETs. HTTP GETs will result in an error status code and will not have their intended effect. Prior to 1.7, GETs can be used for admin mutations, but a warning is logged. -* Rate limit service configuration via the `cluster_name` field is deprecated. Use `grpc_service` +* Rate limit service configuration via the ``cluster_name`` field is deprecated. Use ``grpc_service`` instead. -* gRPC service configuration via the `cluster_names` field in `ApiConfigSource` is deprecated. Use - `grpc_services` instead. Prior to 1.7, a warning is logged. -* Redis health checker configuration via the `redis_health_check` field in `HealthCheck` is - deprecated. Use `custom_health_check` with name `envoy.health_checkers.redis` instead. Prior - to 1.7, `redis_health_check` can be used, but warning is logged. -* `SAN` is replaced by `URI` in the `x-forwarded-client-cert` header. -* The `endpoint` field in the http health check filter is deprecated in favor of the `headers` +* gRPC service configuration via the ``cluster_names`` field in ``ApiConfigSource`` is deprecated. Use + ``grpc_services`` instead. Prior to 1.7, a warning is logged. +* Redis health checker configuration via the ``redis_health_check`` field in ``HealthCheck`` is + deprecated. Use ``custom_health_check`` with name ``envoy.health_checkers.redis`` instead. Prior + to 1.7, ``redis_health_check`` can be used, but warning is logged. +* ``SAN`` is replaced by ``URI`` in the ``x-forwarded-client-cert`` header. +* The ``endpoint`` field in the http health check filter is deprecated in favor of the ``headers`` field where one can specify HeaderMatch objects to match on. -* The `sni_domains` field in the filter chain match was deprecated/renamed to `server_names`. +* The ``sni_domains`` field in the filter chain match was deprecated/renamed to ``server_names``. diff --git a/docs/root/version_history/v1.8.0.rst b/docs/root/version_history/v1.8.0.rst index e99c0e2c459c..4f1d07b22a87 100644 --- a/docs/root/version_history/v1.8.0.rst +++ b/docs/root/version_history/v1.8.0.rst @@ -4,126 +4,126 @@ Changes ------- -* access log: added :ref:`response flag filter ` +* access log: added :ref:`response flag filter ` to filter based on the presence of Envoy response flags. * access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION. * access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http * admin: added :http:get:`/hystrix_event_stream` as an endpoint for monitoring envoy's statistics through `Hystrix dashboard `_. -* cli: added support for :ref:`component log level ` command line option for configuring log levels of individual components. -* cluster: added :ref:`option ` to merge +* cli: added support for :ref:`component log level ` command line option for configuring log levels of individual components. +* cluster: added :ref:`option ` to merge health check/weight/metadata updates within the given duration. * config: regex validation added to limit to a maximum of 1024 characters. * config: v1 disabled by default. v1 support remains available until October via flipping --v2-config-only=false. * config: v1 disabled by default. v1 support remains available until October via deprecated flag --allow-deprecated-v1-api. -* config: fixed stat inconsistency between xDS and ADS implementation. :ref:`update_failure ` - stat is incremented in case of network failure and :ref:`update_rejected ` stat is incremented +* config: fixed stat inconsistency between xDS and ADS implementation. :ref:`update_failure ` + stat is incremented in case of network failure and :ref:`update_rejected ` stat is incremented in case of schema/validation error. -* config: added a stat :ref:`connected_state ` that indicates current connected state of Envoy with +* config: added a stat :ref:`connected_state ` that indicates current connected state of Envoy with management server. -* ext_authz: added support for configuring additional :ref:`authorization headers ` +* ext_authz: added support for configuring additional :ref:`authorization headers ` to be sent from Envoy to the authorization service. -* fault: added support for fractional percentages in :ref:`FaultDelay ` - and in :ref:`FaultAbort `. +* fault: added support for fractional percentages in :ref:`FaultDelay ` + and in :ref:`FaultAbort `. * grpc-json: added support for building HTTP response from `google.api.HttpBody `_. -* health check: added support for :ref:`custom health check `. -* health check: added support for :ref:`specifying jitter as a percentage `. -* health_check: added support for :ref:`health check event logging `. -* health_check: added :ref:`timestamp ` - to the :ref:`health check event ` definition. -* health_check: added support for specifying :ref:`custom request headers ` +* health check: added support for :ref:`custom health check `. +* health check: added support for :ref:`specifying jitter as a percentage `. +* health_check: added support for :ref:`health check event logging `. +* health_check: added :ref:`timestamp ` + to the :ref:`health check event ` definition. +* health_check: added support for specifying :ref:`custom request headers ` to HTTP health checker requests. * http: added support for a :ref:`per-stream idle timeout - `. This applies at both :ref:`connection manager - ` - and :ref:`per-route granularity `. The timeout + `. This applies at both :ref:`connection manager + ` + and :ref:`per-route granularity `. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout. -* http: added upstream_rq_completed counter for :ref:`total requests completed ` to dynamic HTTP counters. -* http: added downstream_rq_completed counter for :ref:`total requests completed `, including on a :ref:`per-listener basis `. +* http: added upstream_rq_completed counter for :ref:`total requests completed ` to dynamic HTTP counters. +* http: added downstream_rq_completed counter for :ref:`total requests completed `, including on a :ref:`per-listener basis `. * http: added generic :ref:`Upgrade support - `. + `. * http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0. * http: fixed missing support for appending to predefined inline headers, e.g. *authorization*, in features that interact with request and response headers, e.g. :ref:`request_headers_to_add - `. For example, a + `. For example, a request header *authorization: token1* will appear as *authorization: token1,token2*, after having :ref:`request_headers_to_add - ` with *authorization: + ` with *authorization: token2* applied. * http: response filters not applied to early error paths such as http_parser generated 400s. * http: restrictions added to reject *:*-prefixed pseudo-headers in :ref:`custom - request headers `. -* http: :ref:`hpack_table_size ` now controls + request headers `. +* http: :ref:`hpack_table_size ` now controls dynamic table size of both: encoder and decoder. * http: added support for removing request headers using :ref:`request_headers_to_remove - `. -* http: added support for a :ref:`delayed close timeout` to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second. + `. +* http: added support for a :ref:`delayed close timeout ` to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second. * jwt-authn filter: add support for per route JWT requirements. -* listeners: added the ability to match :ref:`FilterChain ` using - :ref:`destination_port ` and - :ref:`prefix_ranges `. -* lua: added :ref:`connection() ` wrapper and *ssl()* API. -* lua: added :ref:`streamInfo() ` wrapper and *protocol()* API. -* lua: added :ref:`streamInfo():dynamicMetadata() ` API. -* network: introduced :ref:`sni_cluster ` network filter that forwards connections to the +* listeners: added the ability to match :ref:`FilterChain ` using + :ref:`destination_port ` and + :ref:`prefix_ranges `. +* lua: added :ref:`connection() ` wrapper and *ssl()* API. +* lua: added :ref:`streamInfo() ` wrapper and *protocol()* API. +* lua: added :ref:`streamInfo():dynamicMetadata() ` API. +* network: introduced :ref:`sni_cluster ` network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake. * proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only). * ratelimit: added support for :repo:`api/envoy/service/ratelimit/v2/rls.proto`. Lyft's reference implementation of the `ratelimit `_ service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the - `use_data_plane_proto` boolean flag in the ratelimit configuration. - Support for the legacy proto `source/common/ratelimit/ratelimit.proto` is deprecated and will be removed at the start of the 1.9.0 release cycle. -* ratelimit: added :ref:`failure_mode_deny ` option to control traffic flow in + ``use_data_plane_proto`` boolean flag in the ratelimit configuration. + Support for the legacy proto ``source/common/ratelimit/ratelimit.proto`` is deprecated and will be removed at the start of the 1.9.0 release cycle. +* ratelimit: added :ref:`failure_mode_deny ` option to control traffic flow in case of rate limit service error. -* rbac config: added a :ref:`principal_name ` field and - removed the old `name` field to give more flexibility for matching certificate identity. -* rbac network filter: a :ref:`role-based access control network filter ` has been added. -* rest-api: added ability to set the :ref:`request timeout ` for REST API requests. +* rbac config: added a :ref:`principal_name ` field and + removed the old ``name`` field to give more flexibility for matching certificate identity. +* rbac network filter: a :ref:`role-based access control network filter ` has been added. +* rest-api: added ability to set the :ref:`request timeout ` for REST API requests. * route checker: added v2 config support and removed support for v1 configs. -* router: added ability to set request/response headers at the :ref:`envoy_api_msg_route.Route` level. -* stats: added :ref:`option to configure the DogStatsD metric name prefix` to DogStatsdSink. -* tcp_proxy: added support for :ref:`weighted clusters `. +* router: added ability to set request/response headers at the :ref:`v1.8.0:envoy_api_msg_route.Route` level. +* stats: added :ref:`option to configure the DogStatsD metric name prefix ` to DogStatsdSink. +* tcp_proxy: added support for :ref:`weighted clusters `. * thrift_proxy: introduced thrift routing, moved configuration to correct location * thrift_proxy: introduced thrift configurable decoder filters -* tls: implemented :ref:`Secret Discovery Service `. +* tls: implemented :ref:`Secret Discovery Service `. * tracing: added support for configuration of :ref:`tracing sampling - `. + `. * upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset. -* upstream: require opt-in to use the :ref:`x-envoy-original-dst-host ` header - for overriding destination address when using the :ref:`Original Destination ` +* upstream: require opt-in to use the :ref:`x-envoy-original-dst-host ` header + for overriding destination address when using the :ref:`Original Destination ` load balancing policy. Deprecated ---------- -* Use of the v1 API (including `*.deprecated_v1` fields in the v2 API) is deprecated. +* Use of the v1 API (including ``*.deprecated_v1`` fields in the v2 API) is deprecated. See envoy-announce `email `_. * Use of the legacy `ratelimit.proto `_ is deprecated, in favor of the proto defined in `date-plane-api `_ Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the - `use_data_plane_proto` boolean flag in the `ratelimit configuration `_. + ``use_data_plane_proto`` boolean flag in the `ratelimit configuration `_. However, when using the deprecated client a warning is logged. * Use of the --v2-config-only flag. -* Use of both `use_websocket` and `websocket_config` in +* Use of both ``use_websocket`` and ``websocket_config`` in `route.proto `_ - is deprecated. Please use the new `upgrade_configs` in the + is deprecated. Please use the new ``upgrade_configs`` in the `HttpConnectionManager `_ instead. -* Use of the integer `percent` field in `FaultDelay `_ +* Use of the integer ``percent`` field in `FaultDelay `_ and in `FaultAbort `_ is deprecated in favor - of the new `FractionalPercent` based `percentage` field. -* Setting hosts via `hosts` field in `Cluster` is deprecated. Use `load_assignment` instead. -* Use of `response_headers_to_*` and `request_headers_to_add` are deprecated at the `RouteAction` - level. Please use the configuration options at the `Route` level. -* Use of `runtime` in `RouteMatch`, found in + of the new ``FractionalPercent`` based ``percentage`` field. +* Setting hosts via ``hosts`` field in ``Cluster`` is deprecated. Use ``load_assignment`` instead. +* Use of ``response_headers_to_*`` and ``request_headers_to_add`` are deprecated at the ``RouteAction`` + level. Please use the configuration options at the ``Route`` level. +* Use of ``runtime`` in ``RouteMatch``, found in `route.proto `_. - Set the `runtime_fraction` field instead. -* Use of the string `user` field in `Authenticated` in `rbac.proto `_ - is deprecated in favor of the new `StringMatcher` based `principal_name` field. + Set the ``runtime_fraction`` field instead. +* Use of the string ``user`` field in ``Authenticated`` in `rbac.proto `_ + is deprecated in favor of the new ``StringMatcher`` based ``principal_name`` field. diff --git a/docs/root/version_history/v1.9.0.rst b/docs/root/version_history/v1.9.0.rst index 12614ca1497b..d9056fb3aeb4 100644 --- a/docs/root/version_history/v1.9.0.rst +++ b/docs/root/version_history/v1.9.0.rst @@ -4,110 +4,110 @@ Changes ------- -* access log: added a :ref:`JSON logging mode ` to output access logs in JSON format. +* access log: added a :ref:`JSON logging mode ` to output access logs in JSON format. * access log: added dynamic metadata to access log messages streamed over gRPC. * access log: added DOWNSTREAM_CONNECTION_TERMINATION. * admin: :http:post:`/logging` now responds with 200 while there are no params. -* admin: added support for displaying subject alternate names in :ref:`certs` end point. +* admin: added support for displaying subject alternate names in :ref:`certs ` end point. * admin: added host weight to the :http:get:`/clusters?format=json` end point response. * admin: :http:get:`/server_info` now responds with a JSON object instead of a single string. * admin: :http:get:`/server_info` now exposes what stage of initialization the server is currently in. * admin: added support for displaying command line options in :http:get:`/server_info` end point. * circuit-breaker: added cx_open, rq_pending_open, rq_open and rq_retry_open gauges to expose live - state via :ref:`circuit breakers statistics `. -* cluster: set a default of 1s for :ref:`option `. + state via :ref:`circuit breakers statistics `. +* cluster: set a default of 1s for :ref:`option `. * config: removed support for the v1 API. -* config: added support for :ref:`rate limiting` discovery request calls. -* cors: added :ref:`invalid/valid stats ` to filter. +* config: added support for :ref:`rate limiting ` discovery request calls. +* cors: added :ref:`invalid/valid stats ` to filter. * ext-authz: added support for providing per route config - optionally disable the filter and provide context extensions. * fault: removed integer percentage support. * grpc-json: added support for :ref:`ignoring query parameters - `. -* health check: added :ref:`logging health check failure events `. + `. +* health check: added :ref:`logging health check failure events `. * health check: added ability to set :ref:`authority header value - ` for gRPC health check. -* http: added HTTP/2 WebSocket proxying via :ref:`extended CONNECT `. + ` for gRPC health check. +* http: added HTTP/2 WebSocket proxying via :ref:`extended CONNECT `. * http: added limits to the number and length of header modifications in all fields request_headers_to_add and response_headers_to_add. These limits are very high and should only be used as a last-resort safeguard. -* http: added support for a :ref:`request timeout `. The timeout is disabled by default. +* http: added support for a :ref:`request timeout `. The timeout is disabled by default. * http: no longer adding whitespace when appending X-Forwarded-For headers. **Warning**: this is not compatible with 1.7.0 builds prior to `9d3a4eb4ac44be9f0651fcc7f87ad98c538b01ee `_. See `#3611 `_ for details. -* http: augmented the `sendLocalReply` filter API to accept an optional `GrpcStatus` +* http: augmented the ``sendLocalReply`` filter API to accept an optional ``GrpcStatus`` value to override the default HTTP to gRPC status mapping. * http: no longer close the TCP connection when a HTTP/1 request is retried due to a response with empty body. -* http: added support for more gRPC content-type headers in :ref:`gRPC bridge filter `, like application/grpc+proto. +* http: added support for more gRPC content-type headers in :ref:`gRPC bridge filter `, like application/grpc+proto. * listeners: all listener filters are now governed by the :ref:`listener_filters_timeout - ` setting. The hard coded 15s timeout in - the :ref:`TLS inspector listener filter ` is superseded by + ` setting. The hard coded 15s timeout in + the :ref:`TLS inspector listener filter ` is superseded by this setting. -* listeners: added the ability to match :ref:`FilterChain ` using :ref:`source_type `. -* load balancer: added a `configuration ` option to specify the number of choices made in P2C. +* listeners: added the ability to match :ref:`FilterChain ` using :ref:`source_type `. +* load balancer: added a `configuration ` option to specify the number of choices made in P2C. * logging: added missing [ in log prefix. -* mongo_proxy: added :ref:`dynamic metadata `. -* network: removed the reference to `FilterState` in `Connection` in favor of `StreamInfo`. -* rate-limit: added :ref:`configuration ` - to specify whether the `GrpcStatus` status returned should be `RESOURCE_EXHAUSTED` or - `UNAVAILABLE` when a gRPC call is rate limited. +* mongo_proxy: added :ref:`dynamic metadata `. +* network: removed the reference to ``FilterState`` in ``Connection`` in favor of ``StreamInfo``. +* rate-limit: added :ref:`configuration ` + to specify whether the ``GrpcStatus`` status returned should be ``RESOURCE_EXHAUSTED`` or + ``UNAVAILABLE`` when a gRPC call is rate limited. * rate-limit: removed support for the legacy ratelimit service and made the data-plane-api - :ref:`rls.proto ` based implementation default. -* rate-limit: removed the deprecated cluster_name attribute in :ref:`rate limit service configuration `. -* rate-limit: added :ref:`rate_limit_service ` configuration to filters. + :ref:`rls.proto ` based implementation default. +* rate-limit: removed the deprecated cluster_name attribute in :ref:`rate limit service configuration `. +* rate-limit: added :ref:`rate_limit_service ` configuration to filters. * rbac: added dynamic metadata to the network level filter. -* rbac: added support for permission matching by :ref:`requested server name `. +* rbac: added support for permission matching by :ref:`requested server name `. * redis: static cluster configuration is no longer required. Redis proxy will work with clusters delivered via CDS. -* router: added ability to configure arbitrary :ref:`retriable status codes. ` +* router: added ability to configure arbitrary :ref:`retriable status codes. ` * router: added ability to set attempt count in upstream requests, see :ref:`virtual host's include request - attempt count flag `. -* router: added internal :ref:`grpc-retry-on ` policy. -* router: added :ref:`scheme_redirect ` and - :ref:`port_redirect ` to define the respective + attempt count flag `. +* router: added internal :ref:`grpc-retry-on ` policy. +* router: added :ref:`scheme_redirect ` and + :ref:`port_redirect ` to define the respective scheme and port rewriting RedirectAction. -* router: when :ref:`max_grpc_timeout ` +* router: when :ref:`max_grpc_timeout ` is set, Envoy will now add or update the grpc-timeout header to reflect Envoy's expected timeout. * router: per try timeouts now starts when an upstream stream is ready instead of when the request has been fully decoded by Envoy. -* router: added support for not retrying :ref:`rate limited requests`. Rate limit filter now sets the :ref:`x-envoy-ratelimited` +* router: added support for not retrying :ref:`rate limited requests `. Rate limit filter now sets the :ref:`x-envoy-ratelimited ` header so the rate limited requests that may have been retried earlier will not be retried with this change. -* router: added support for enabling upgrades on a :ref:`per-route ` basis. +* router: added support for enabling upgrades on a :ref:`per-route ` basis. * router: support configuring a default fraction of mirror traffic via - :ref:`runtime_fraction `. -* sandbox: added :ref:`cors sandbox `. -* server: added `SIGINT` (Ctrl-C) handler to gracefully shutdown Envoy like `SIGTERM`. -* stats: added :ref:`stats_matcher ` to the bootstrap config for granular control of stat instantiation. -* stream: renamed the `RequestInfo` namespace to `StreamInfo` to better match + :ref:`runtime_fraction `. +* sandbox: added :ref:`cors sandbox `. +* server: added ``SIGINT`` (Ctrl-C) handler to gracefully shutdown Envoy like ``SIGTERM``. +* stats: added :ref:`stats_matcher ` to the bootstrap config for granular control of stat instantiation. +* stream: renamed the ``RequestInfo`` namespace to ``StreamInfo`` to better match its behaviour within TCP and HTTP implementations. -* stream: renamed `perRequestState` to `filterState` in `StreamInfo`. -* stream: added `downstreamDirectRemoteAddress` to `StreamInfo`. +* stream: renamed ``perRequestState`` to ``filterState`` in ``StreamInfo``. +* stream: added ``downstreamDirectRemoteAddress`` to ``StreamInfo``. * thrift_proxy: introduced thrift rate limiter filter. * tls: added ssl.curves., ssl.sigalgs. and ssl.versions. to - :ref:`listener metrics ` to track TLS algorithms and versions in use. -* tls: added support for :ref:`client-side session resumption `. -* tls: added support for CRLs in :ref:`trusted_ca `. -* tls: added support for :ref:`multiple server TLS certificates `. -* tls: added support for :ref:`password encrypted private keys `. -* tls: added the ability to build :ref:`BoringSSL FIPS ` using ``--define boringssl=fips`` Bazel option. + :ref:`listener metrics ` to track TLS algorithms and versions in use. +* tls: added support for :ref:`client-side session resumption `. +* tls: added support for CRLs in :ref:`trusted_ca `. +* tls: added support for :ref:`multiple server TLS certificates `. +* tls: added support for :ref:`password encrypted private keys `. +* tls: added the ability to build :ref:`BoringSSL FIPS ` using ``--define boringssl=fips`` Bazel option. * tls: removed support for ECDSA certificates with curves other than P-256. * tls: removed support for RSA certificates with keys smaller than 2048-bits. -* tracing: added support to the Zipkin tracer for the :ref:`b3 ` single header format. -* tracing: added support for :ref:`Datadog ` tracer. -* upstream: added :ref:`scale_locality_weight` to enable +* tracing: added support to the Zipkin tracer for the :ref:`b3 ` single header format. +* tracing: added support for :ref:`Datadog ` tracer. +* upstream: added :ref:`scale_locality_weight ` to enable scaling locality weights by number of hosts removed by subset lb predicates. -* upstream: changed how load calculation for :ref:`priority levels` and :ref:`panic thresholds` interact. As long as normalized total health is 100% panic thresholds are disregarded. -* upstream: changed the default hash for :ref:`ring hash ` from std::hash to `xxHash `_. +* upstream: changed how load calculation for :ref:`priority levels ` and :ref:`panic thresholds ` interact. As long as normalized total health is 100% panic thresholds are disregarded. +* upstream: changed the default hash for :ref:`ring hash ` from std::hash to `xxHash `_. * upstream: when using active health checking and STRICT_DNS with several addresses that resolve to the same hosts, Envoy will now health check each host independently. Deprecated ---------- -* Order of execution of the network write filter chain has been reversed. Prior to this release cycle it was incorrect, see `#4599 `_. In the 1.9.0 release cycle we introduced `bugfix_reverse_write_filter_order` in `lds.proto `_ to temporarily support both old and new behaviors. Note this boolean field is deprecated. -* Order of execution of the HTTP encoder filter chain has been reversed. Prior to this release cycle it was incorrect, see `#4599 `_. In the 1.9.0 release cycle we introduced `bugfix_reverse_encode_order` in `http_connection_manager.proto `_ to temporarily support both old and new behaviors. Note this boolean field is deprecated. +* Order of execution of the network write filter chain has been reversed. Prior to this release cycle it was incorrect, see `#4599 `_. In the 1.9.0 release cycle we introduced ``bugfix_reverse_write_filter_order`` in `lds.proto `_ to temporarily support both old and new behaviors. Note this boolean field is deprecated. +* Order of execution of the HTTP encoder filter chain has been reversed. Prior to this release cycle it was incorrect, see `#4599 `_. In the 1.9.0 release cycle we introduced ``bugfix_reverse_encode_order`` in `http_connection_manager.proto `_ to temporarily support both old and new behaviors. Note this boolean field is deprecated. * Use of the v1 REST_LEGACY ApiConfigSource is deprecated. * Use of std::hash in the ring hash load balancer is deprecated. -* Use of `rate_limit_service` configuration in the `bootstrap configuration `_ is deprecated. -* Use of `runtime_key` in `RequestMirrorPolicy`, found in +* Use of ``rate_limit_service`` configuration in the `bootstrap configuration `_ is deprecated. +* Use of ``runtime_key`` in ``RequestMirrorPolicy``, found in `route.proto `_ - is deprecated. Set the `runtime_fraction` field instead. -* Use of buffer filter `max_request_time` is deprecated in favor of the request timeout found in `HttpConnectionManager `_ + is deprecated. Set the ``runtime_fraction`` field instead. +* Use of buffer filter ``max_request_time`` is deprecated in favor of the request timeout found in `HttpConnectionManager `_ diff --git a/docs/root/version_history/v1.9.1.rst b/docs/root/version_history/v1.9.1.rst index 4e8b96be8fe3..7027026e5094 100644 --- a/docs/root/version_history/v1.9.1.rst +++ b/docs/root/version_history/v1.9.1.rst @@ -7,5 +7,5 @@ Changes * http: fixed CVE-2019-9900 by rejecting HTTP/1.x headers with embedded NUL characters. * http: fixed CVE-2019-9901 by normalizing HTTP paths prior to routing or L7 data plane processing. This defaults off and is configurable via either HTTP connection manager :ref:`normalize_path - ` - or the :ref:`runtime `. + ` + or the :ref:`runtime `. diff --git a/tools/code_format/check_format.py b/tools/code_format/check_format.py index dc3761c05df7..ee89224e16c4 100755 --- a/tools/code_format/check_format.py +++ b/tools/code_format/check_format.py @@ -164,7 +164,7 @@ PROTO_VALIDATION_STRING = re.compile(r'\bmin_bytes\b') VERSION_HISTORY_NEW_LINE_REGEX = re.compile("\* ([a-z \-_]+): ([a-z:`]+)") VERSION_HISTORY_SECTION_NAME = re.compile("^[A-Z][A-Za-z ]*$") -RELOADABLE_FLAG_REGEX = re.compile(".*(..)(envoy.reloadable_features.[^ ]*)\s.*") +RELOADABLE_FLAG_REGEX = re.compile(".*(...)(envoy.reloadable_features.[^ ]*)\s.*") INVALID_REFLINK = re.compile(".* ref:.*") OLD_MOCK_METHOD_REGEX = re.compile("MOCK_METHOD\d") # C++17 feature, lacks sufficient support across various libraries / compilers. @@ -527,13 +527,12 @@ def report_error(message): if invalid_reflink_match: report_error("Found text \" ref:\". This should probably be \" :ref:\"\n%s" % line) - # make sure flags are surrounded by ``s + # make sure flags are surrounded by ``s (ie "inline literal") flag_match = RELOADABLE_FLAG_REGEX.match(line) if flag_match: - if not flag_match.groups()[0].startswith(' `'): + if not flag_match.groups()[0].startswith(' ``'): report_error( - "Flag `%s` should be enclosed in a single set of back ticks" - % flag_match.groups()[1]) + "Flag %s should be enclosed in double back ticks" % flag_match.groups()[1]) if line.startswith("* "): if not ends_with_period(prior_line): diff --git a/tools/code_format/format_python_tools.py b/tools/code_format/format_python_tools.py index f36c0c80a16f..d0c5e1e84509 100644 --- a/tools/code_format/format_python_tools.py +++ b/tools/code_format/format_python_tools.py @@ -23,9 +23,11 @@ def collect_files(): for root, dirnames, filenames in os.walk(dirname): dirnames[:] = [d for d in dirnames if d not in EXCLUDE_LIST] for filename in fnmatch.filter(filenames, '*.py'): - if not filename.endswith('_pb2.py') and not filename.endswith('_pb2_grpc.py'): - if "test" not in root: - matches.append(os.path.join(root, filename)) + ignore_file = ( + "test" in root or filename.endswith('_pb2.py') or filename.endswith('_pb2_grpc.py') + or filename.endswith('intersphinx_custom.py')) + if not ignore_file: + matches.append(os.path.join(root, filename)) return matches