Merge branch 'master' into gh-5808

CODEOWNERS

@@ -31,9 +31,9 @@ extensions/filters/common/original_src @snowp @klarose
 # sni_cluster extension
 /*/extensions/filters/network/sni_cluster @rshriram @lizan
 # tracers.datadog extension
-/*/extensions/tracers/datadog @cgilmour @palazzem
+/*/extensions/tracers/datadog @cgilmour @palazzem @mattklein123
 # tracers.xray extension
-/*/extensions/tracers/xray @marcomagdy @lavignes
+/*/extensions/tracers/xray @marcomagdy @lavignes @mattklein123
 # mysql_proxy extension
 /*/extensions/filters/network/mysql_proxy @rshriram @venilnoronha @mattklein123
 # quic extension
@@ -57,9 +57,9 @@ extensions/filters/common/original_src @snowp @klarose
 # http inspector
 /*/extensions/filters/listener/http_inspector @yxue @PiotrSikora @lizan
 # attribute context
-/*/extensions/filters/common/expr @kyessenov @yangminzhu
+/*/extensions/filters/common/expr @kyessenov @yangminzhu @lizan
 # webassembly common extension
-/*/extensions/common/wasm @jplevyak @PiotrSikora
+/*/extensions/common/wasm @jplevyak @PiotrSikora @lizan
 # common crypto extension
 /*/extensions/common/crypto @lizan @PiotrSikora @bdecoste
 /*/extensions/filters/http/grpc_http1_bridge @snowp @jose

api/API_VERSIONING.md

@@ -141,8 +141,7 @@ guided by annotations in protobuf.
   field or enum value. No field may be marked as deprecated unless a replacement for this
   functionality exists and the corresponding Envoy implementation is production ready.
 
-* Renames are specified with a `[#rename-at-next-major-version: <new name>]` protobuf comment
-  annotation.
+* Renames are specified with a `[(udpa.annotations.field_migrate).rename = "<new name>"]` annotation.
 
 * We anticipate that `protoxform` will also support `oneof` promotion, package movement, etc. via
   similar annotations.

api/bazel/repository_locations.bzl

@@ -1,5 +1,5 @@
-BAZEL_SKYLIB_RELEASE = "0.8.0"
-BAZEL_SKYLIB_SHA256 = "2ef429f5d7ce7111263289644d233707dba35e39696377ebab8b0bc701f7818e"
+BAZEL_SKYLIB_RELEASE = "0.9.0"
+BAZEL_SKYLIB_SHA256 = "1dde365491125a3db70731e25658dfdd3bc5dbdfd11b840b3e987ecf043c7ca0"
 
 OPENCENSUS_PROTO_GIT_SHA = "5cec5ea58c3efa81fa808f2bd38ce182da9ee731"  # Jul 25, 2019
 OPENCENSUS_PROTO_SHA256 = "faeb93f293ff715b0cb530d273901c0e2e99277b9ed1c0a0326bca9ec5774ad2"
@@ -24,7 +24,7 @@ ZIPKINAPI_SHA256 = "688c4fe170821dd589f36ec45aaadc03a618a40283bc1f97da8fa11686fc
 REPOSITORY_LOCATIONS = dict(
     bazel_skylib = dict(
         sha256 = BAZEL_SKYLIB_SHA256,
-        urls = ["https://github.com/bazelbuild/bazel-skylib/releases/download/" + BAZEL_SKYLIB_RELEASE + "/bazel-skylib." + BAZEL_SKYLIB_RELEASE + ".tar.gz"],
+        urls = ["https://github.com/bazelbuild/bazel-skylib/releases/download/" + BAZEL_SKYLIB_RELEASE + "/bazel_skylib-" + BAZEL_SKYLIB_RELEASE + ".tar.gz"],
     ),
     com_envoyproxy_protoc_gen_validate = dict(
         sha256 = PGV_SHA256,

api/envoy/api/v2/route/BUILD

@@ -10,5 +10,6 @@ api_proto_package(
         "//envoy/type:pkg",
         "//envoy/type/matcher:pkg",
         "//envoy/type/tracing/v2:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],
 )

api/envoy/api/v2/route/route.proto

@@ -18,6 +18,7 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
 // [#protodoc-title: HTTP route]
@@ -749,9 +750,7 @@ message RouteAction {
   oneof host_rewrite_specifier {
     // Indicates that during forwarding, the host header will be swapped with
     // this value.
-    //
-    // [#next-major-version: host_rewrite_literal]
-    string host_rewrite = 6;
+    string host_rewrite = 6 [(udpa.annotations.field_migrate).rename = "host_rewrite_literal"];
 
     // Indicates that during forwarding, the host header will be swapped with
     // the hostname of the upstream host chosen by the cluster manager. This
@@ -768,9 +767,8 @@ message RouteAction {
     //
     //   Pay attention to the potential security implications of using this option. Provided header
     //   must come from trusted source.
-    //
-    // [#next-major-version: host_rewrite_header]
-    string auto_host_rewrite_header = 29;
+    string auto_host_rewrite_header = 29
+        [(udpa.annotations.field_migrate).rename = "host_rewrite_header"];
   }
 
   // Specifies the upstream timeout for the route. If not specified, the default is 15s. This

api/envoy/api/v3alpha/route/route.proto

@@ -734,9 +734,7 @@ message RouteAction {
   oneof host_rewrite_specifier {
     // Indicates that during forwarding, the host header will be swapped with
     // this value.
-    //
-    // [#next-major-version: host_rewrite_literal]
-    string host_rewrite = 6;
+    string host_rewrite_literal = 6;
 
     // Indicates that during forwarding, the host header will be swapped with
     // the hostname of the upstream host chosen by the cluster manager. This
@@ -753,9 +751,7 @@ message RouteAction {
     //
     //   Pay attention to the potential security implications of using this option. Provided header
     //   must come from trusted source.
-    //
-    // [#next-major-version: host_rewrite_header]
-    string auto_host_rewrite_header = 29;
+    string host_rewrite_header = 29;
   }
 
   // Specifies the upstream timeout for the route. If not specified, the default is 15s. This

api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/BUILD

@@ -5,5 +5,8 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 
 api_proto_package(
-    deps = ["//envoy/config/common/dynamic_forward_proxy/v2alpha:pkg"],
+    deps = [
+        "//envoy/config/common/dynamic_forward_proxy/v2alpha:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
 )

api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto

@@ -8,6 +8,7 @@ option java_multiple_files = true;
 
 import "envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto";
 
+import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
 // [#protodoc-title: Dynamic forward proxy]
@@ -35,9 +36,7 @@ message PerRouteConfig {
     // :ref:`HCM host rewrite <envoy_api_field_route.RouteAction.host_rewrite>` given that the
     // value set here would be used for DNS lookups whereas the value set in the HCM would be used
     // for host header forwarding which is not the desired outcome.
-    //
-    // [#next-major-version: host_rewrite_literal]
-    string host_rewrite = 1;
+    string host_rewrite = 1 [(udpa.annotations.field_migrate).rename = "host_rewrite_literal"];
 
     // Indicates that before DNS lookup, the host header will be swapped with
     // the value of this header. If not set or empty, the original host header
@@ -48,8 +47,7 @@ message PerRouteConfig {
     // :ref:`HCM host rewrite header <envoy_api_field_route.RouteAction.auto_host_rewrite_header>`
     // given that the value set here would be used for DNS lookups whereas the value set in the HCM
     // would be used for host header forwarding which is not the desired outcome.
-    //
-    // [#next-major-version: host_rewrite_header]
-    string auto_host_rewrite_header = 2;
+    string auto_host_rewrite_header = 2
+        [(udpa.annotations.field_migrate).rename = "host_rewrite_header"];
   }
 }

api/envoy/config/filter/http/dynamic_forward_proxy/v3alpha/dynamic_forward_proxy.proto

@@ -43,9 +43,7 @@ message PerRouteConfig {
     // :ref:`HCM host rewrite <envoy_api_field_api.v3alpha.route.RouteAction.host_rewrite>` given
     // that the value set here would be used for DNS lookups whereas the value set in the HCM would
     // be used for host header forwarding which is not the desired outcome.
-    //
-    // [#next-major-version: host_rewrite_literal]
-    string host_rewrite = 1;
+    string host_rewrite_literal = 1;
 
     // Indicates that before DNS lookup, the host header will be swapped with
     // the value of this header. If not set or empty, the original host header
@@ -57,8 +55,6 @@ message PerRouteConfig {
     // <envoy_api_field_api.v3alpha.route.RouteAction.auto_host_rewrite_header>` given that the
     // value set here would be used for DNS lookups whereas the value set in the HCM would be used
     // for host header forwarding which is not the desired outcome.
-    //
-    // [#next-major-version: host_rewrite_header]
-    string auto_host_rewrite_header = 2;
+    string host_rewrite_header = 2;
   }
 }

api/envoy/service/ratelimit/v2/BUILD

@@ -9,5 +9,6 @@ api_proto_package(
     deps = [
         "//envoy/api/v2/core:pkg",
         "//envoy/api/v2/ratelimit:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],
 )

api/envoy/service/ratelimit/v2/rls.proto

@@ -10,6 +10,7 @@ option java_generic_services = true;
 import "envoy/api/v2/core/base.proto";
 import "envoy/api/v2/ratelimit/ratelimit.proto";
 
+import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
 // [#protodoc-title: Rate Limit Service (RLS)]
@@ -102,8 +103,8 @@ message RateLimitResponse {
   repeated DescriptorStatus statuses = 2;
 
   // A list of headers to add to the response
-  // [#next-major-version: rename to response_headers_to_add]
-  repeated api.v2.core.HeaderValue headers = 3;
+  repeated api.v2.core.HeaderValue headers = 3
+      [(udpa.annotations.field_migrate).rename = "response_headers_to_add"];
 
   // A list of headers to add to the request when forwarded
   repeated api.v2.core.HeaderValue request_headers_to_add = 4;

api/envoy/service/ratelimit/v3alpha/rls.proto

@@ -116,8 +116,7 @@ message RateLimitResponse {
   repeated DescriptorStatus statuses = 2;
 
   // A list of headers to add to the response
-  // [#next-major-version: rename to response_headers_to_add]
-  repeated api.v3alpha.core.HeaderValue headers = 3;
+  repeated api.v3alpha.core.HeaderValue response_headers_to_add = 3;
 
   // A list of headers to add to the request when forwarded
   repeated api.v3alpha.core.HeaderValue request_headers_to_add = 4;

bazel/dependency_imports.bzl

@@ -6,7 +6,7 @@ load("@build_bazel_rules_apple//apple:repositories.bzl", "apple_rules_dependenci
 load("@upb//bazel:repository_defs.bzl", upb_bazel_version_repository = "bazel_version_repository")
 
 # go version for rules_go
-GO_VERSION = "1.13.3"
+GO_VERSION = "1.13.5"
 
 def envoy_dependency_imports(go_version = GO_VERSION):
     rules_foreign_cc_dependencies()

bazel/repository_locations.bzl

@@ -1,29 +1,29 @@
 REPOSITORY_LOCATIONS = dict(
     bazel_compdb = dict(
-        sha256 = "801b35d996a097d223e028815fdba8667bf62bc5efb353486603d31fc2ba6ff9",
-        strip_prefix = "bazel-compilation-database-0.4.1",
-        urls = ["https://github.com/grailbio/bazel-compilation-database/archive/0.4.1.tar.gz"],
+        sha256 = "87e376a685eacfb27bcc0d0cdf5ded1d0b99d868390ac50f452ba6ed781caffe",
+        strip_prefix = "bazel-compilation-database-0.4.2",
+        urls = ["https://github.com/grailbio/bazel-compilation-database/archive/0.4.2.tar.gz"],
     ),
     bazel_gazelle = dict(
-        sha256 = "41bff2a0b32b02f20c227d234aa25ef3783998e5453f7eade929704dcff7cd4b",
-        urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.19.0/bazel-gazelle-v0.19.0.tar.gz"],
+        sha256 = "86c6d481b3f7aedc1d60c1c211c6f76da282ae197c3b3160f54bd3a8f847896f",
+        urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.19.1/bazel-gazelle-v0.19.1.tar.gz"],
     ),
     bazel_toolchains = dict(
-        sha256 = "83352b6e68fa797184071f35e3b67c7c8815efadcea81bb9cdb6bbbf2e07d389",
-        strip_prefix = "bazel-toolchains-1.1.3",
+        sha256 = "ca8aa49ceb47e9bee04dd67f0bec0b010032b37ebbe67147b535237e801d9a87",
+        strip_prefix = "bazel-toolchains-1.2.2",
         urls = [
-            "https://github.com/bazelbuild/bazel-toolchains/releases/download/1.1.3/bazel-toolchains-1.1.3.tar.gz",
-            "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/1.1.3.tar.gz",
+            "https://github.com/bazelbuild/bazel-toolchains/releases/download/1.2.2/bazel-toolchains-1.2.2.tar.gz",
+            "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/1.2.2.tar.gz",
         ],
     ),
     build_bazel_rules_apple = dict(
-        urls = ["https://github.com/bazelbuild/rules_apple/archive/b869b0d3868d78a1d4ffd866ccb304fb68aa12c3.tar.gz"],
-        strip_prefix = "rules_apple-b869b0d3868d78a1d4ffd866ccb304fb68aa12c3",
-        sha256 = "bdc8e66e70b8a75da23b79f1f8c6207356df07d041d96d2189add7ee0780cf4e",
+        sha256 = "7a7afdd4869bb201c9352eed2daf37294d42b093579b70423490c1b4d4f6ce42",
+        urls = ["https://github.com/bazelbuild/rules_apple/releases/download/0.19.0/rules_apple.0.19.0.tar.gz"],
     ),
     envoy_build_tools = dict(
         sha256 = "a81ff3a12adedfc4641a926c9b167c53bea62784a81ac9ced7893436c709b60b",
         strip_prefix = "envoy-build-tools-07314d549e27e9a4033af6236888d2a9ee0ad443",
+        # 2019-11-22
         urls = ["https://github.com/envoyproxy/envoy-build-tools/archive/07314d549e27e9a4033af6236888d2a9ee0ad443.tar.gz"],
     ),
     boringssl = dict(
@@ -234,8 +234,8 @@ REPOSITORY_LOCATIONS = dict(
         urls = ["https://github.com/grpc-ecosystem/grpc-httpjson-transcoding/archive/2feabd5d64436e670084091a937855972ee35161.tar.gz"],
     ),
     io_bazel_rules_go = dict(
-        sha256 = "842ec0e6b4fbfdd3de6150b61af92901eeb73681fd4d185746644c338f51d4c0",
-        urls = ["https://github.com/bazelbuild/rules_go/releases/download/v0.20.1/rules_go-v0.20.1.tar.gz"],
+        sha256 = "e88471aea3a3a4f19ec1310a55ba94772d087e9ce46e41ae38ecebe17935de7b",
+        urls = ["https://github.com/bazelbuild/rules_go/releases/download/v0.20.3/rules_go-v0.20.3.tar.gz"],
     ),
     rules_foreign_cc = dict(
         sha256 = "3184c244b32e65637a74213fc448964b687390eeeca42a36286f874c046bba15",
@@ -267,9 +267,9 @@ REPOSITORY_LOCATIONS = dict(
         urls = ["https://github.com/census-instrumentation/opencensus-cpp/archive/13b1a2f29f541b6b2c4cb8bc3f6fbf3589d44227.tar.gz"],
     ),
     com_github_curl = dict(
-        sha256 = "d0393da38ac74ffac67313072d7fe75b1fa1010eb5987f63f349b024a36b7ffb",
-        strip_prefix = "curl-7.66.0",
-        urls = ["https://github.com/curl/curl/releases/download/curl-7_66_0/curl-7.66.0.tar.gz"],
+        sha256 = "52af3361cf806330b88b4fe6f483b6844209d47ae196ac46da4de59bb361ab02",
+        strip_prefix = "curl-7.67.0",
+        urls = ["https://github.com/curl/curl/releases/download/curl-7_67_0/curl-7.67.0.tar.gz"],
     ),
     com_googlesource_chromium_v8 = dict(
         # This archive was created using https://storage.googleapis.com/envoyproxy-wee8/wee8-archive.sh
@@ -289,9 +289,9 @@ REPOSITORY_LOCATIONS = dict(
         urls = ["https://github.com/google/cel-cpp/archive/4767e5de36c5701fa8ea46d7de3765161ef98353.tar.gz"],
     ),
     com_googlesource_code_re2 = dict(
-        sha256 = "b0382aa7369f373a0148218f2df5a6afd6bfa884ce4da2dfb576b979989e615e",
-        strip_prefix = "re2-2019-09-01",
-        urls = ["https://github.com/google/re2/archive/2019-09-01.tar.gz"],
+        sha256 = "7268e1b4254d9ffa5ccf010fee954150dbb788fd9705234442e7d9f0ee5a42d3",
+        strip_prefix = "re2-2019-12-01",
+        urls = ["https://github.com/google/re2/archive/2019-12-01.tar.gz"],
     ),
     # Included to access FuzzedDataProvider.h. This is compiler agnostic but
     # provided as part of the compiler-rt source distribution. We can't use the
@@ -307,8 +307,9 @@ REPOSITORY_LOCATIONS = dict(
         urls = ["https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.76/fuzzit_Linux_x86_64.zip"],
     ),
     upb = dict(
-        sha256 = "61d0417abd60e65ed589c9deee7c124fe76a4106831f6ad39464e1525cef1454",
-        strip_prefix = "upb-9effcbcb27f0a665f9f345030188c0b291e32482",
-        urls = ["https://github.com/protocolbuffers/upb/archive/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz"],
+        sha256 = "e9f281c56ab1eb1f97a80ca8a83bb7ef73d230eabb8591f83876f4e7b85d9b47",
+        strip_prefix = "upb-8a3ae1ef3e3e3f26b45dec735c5776737fc7247f",
+        # 2019-11-19
+        urls = ["https://github.com/protocolbuffers/upb/archive/8a3ae1ef3e3e3f26b45dec735c5776737fc7247f.tar.gz"],
     ),
 )

ci/verify_examples.sh

@@ -23,8 +23,8 @@ cd ../
 
 # Test grpc bridge example
 # install go
-curl -O https://storage.googleapis.com/golang/go1.13.3.linux-amd64.tar.gz
-tar -xf go1.13.3.linux-amd64.tar.gz
+curl -O https://storage.googleapis.com/golang/go1.13.5.linux-amd64.tar.gz
+tar -xf go1.13.5.linux-amd64.tar.gz
 sudo mv go /usr/local
 export PATH=$PATH:/usr/local/go/bin
 export GOPATH=$HOME/go

docs/root/configuration/best_practices/best_practices.rst

@@ -5,3 +5,5 @@ Configuration best practices
   :maxdepth: 2
 
   edge
+  level_two
+

docs/root/configuration/best_practices/level_two.rst

@@ -0,0 +1,37 @@
+.. _best_practices_level2:
+
+Configuring Envoy as a level two proxy
+======================================
+
+Envoy is a production-ready proxy, however, the default settings that are tailored for the
+edge use case may need to be adjusted when using Envoy in a multi-level deployment as a
+"level two" HTTP/2 proxy.
+
+.. image:: /_static/multilevel_deployment.svg
+
+**In summary, if you run level two Envoy version 1.11.1 or greater which terminates 
+HTTP/2, we strongly advise you to change the HTTP/2 configuration of your level 
+two Envoy, by setting its downstream
+:ref:`validation of HTTP/2 messaging option <envoy_api_field_core.Http2ProtocolOptions.stream_error_on_invalid_http_messaging>`
+to true.**
+
+If there is an invalid HTTP/2 request and this option is not set, the Envoy in 
+question will reset the entire connection. This behavior was changed as part of 
+the 1.11.1 security release, to increase the security of Edge Envoys. Unfortunately, 
+because there are no guarantees that edge proxies will enforce HTTP/1 or HTTP/2 
+standards compliance as rigorously as Envoy’s HTTP/2 stack does, this can result 
+in a problem as follows. If one client sends a request that for example passes 
+level one proxy's validation checks, and it is forwarded over an upstream multiplexed 
+HTTP/2 connection (potentially shared with other clients) the strict enforcement on 
+the level two Envoy HTTP/2 will reset all the streams on that connection, causing 
+a service disruption to the clients sharing that L1-L2 connection. If a malicious 
+user has insight into what traffic will bypass level one checks, they could spray
+“bad” traffic across the level one fleet, causing serious disruption to other users’ 
+traffic.
+
+Please note that the
+:ref:`validation of HTTP/2 messaging option <envoy_api_field_core.Http2ProtocolOptions.stream_error_on_invalid_http_messaging>`
+is planned to be deprecated and replaced with mandatory configuration in the HttpConnectionManager, to ensure
+that what is now an easily overlooked option would need to be configured, ideally
+appropriately for the given Envoy deployment. Please refer to the
+https://github.com/envoyproxy/envoy/issues/9285 for more information.

docs/root/configuration/http/http_conn_man/traffic_splitting.rst

@@ -109,6 +109,7 @@ to each upstream cluster.
          - match: { prefix: / }
            route:
              weighted_clusters:
+               runtime_key_prefix: routing.traffic_split.helloworld
                clusters:
                  - name: helloworld_v1
                    weight: 33

docs/root/faq/configuration/level_two.rst

@@ -0,0 +1,7 @@
+.. _faq_level2:
+
+How do I configure Envoy as a level two proxy?
+==============================================
+
+Refer to :ref:`configuring Envoy as a level two proxy <best_practices_level2>`
+for an example of the level 2 proxy configuration.

docs/root/faq/overview.rst

@@ -27,6 +27,7 @@ Configuration
   :maxdepth: 2
 
   configuration/edge
+  configuration/level_two
   configuration/sni
   configuration/zone_aware_routing
   configuration/zipkin_tracing