Merge branch 'master' into add-windows-threads

Signed-off-by: Sam Smith <[email protected]>

.circleci/config.yml

@@ -4,7 +4,7 @@ executors:
   ubuntu-build:
     description: "A regular build executor based on ubuntu image"
     docker:
-      - image: envoyproxy/envoy-build:f60886c04253d9a096503b949696cbdc8f82fa4d
+      - image: envoyproxy/envoy-build:78b316f48a391bdcb2961f0560a0bfea475254f6
     resource_class: xlarge
     working_directory: /source
 
@@ -98,7 +98,10 @@ jobs:
      steps:
        - run: rm -rf /home/circleci/project/.git # CircleCI git caching is likely broken
        - checkout
-       - run: ci/do_circle_ci.sh bazel.clang_tidy
+       - run:
+           command:
+             ci/do_circle_ci.sh bazel.clang_tidy
+           no_output_timeout: 60m
 
    format:
      executor: ubuntu-build

DEPRECATED.md

@@ -12,6 +12,10 @@ A logged warning is expected for each deprecated item that is in deprecation win
 * Order of execution of the HTTP encoder filter chain has been reversed. Prior to this release cycle it was incorrect, see [#4599](https://github.com/envoyproxy/envoy/issues/4599). In the 1.9.0 release cycle we introduced `bugfix_reverse_encode_order` in [http_connection_manager.proto] (https://github.com/envoyproxy/envoy/blob/master/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto) to temporarily support both old and new behaviors. Note this boolean field is deprecated.
 * Use of the v1 REST_LEGACY ApiConfigSource is deprecated.
 * Use of std::hash in the ring hash load balancer is deprecated.
+* Use of `rate_limit_service` configuration in the [bootstrap configuration](https://github.com/envoyproxy/envoy/blob/master/api/envoy/config/bootstrap/v2/bootstrap.proto) is deprecated.
+* Use of `runtime_key` in `RequestMirrorPolicy`, found in
+  [route.proto](https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/route/route.proto)
+  is deprecated. Set the `runtime_fraction` field instead.
 
 ## Version 1.8.0 (Oct 4, 2018)
 

api/bazel/repositories.bzl

@@ -4,17 +4,17 @@ BAZEL_SKYLIB_SHA256 = "b5f6abe419da897b7901f90cbab08af958b97a8f3575b0d3dd062ac7c
 GOGOPROTO_RELEASE = "1.1.1"
 GOGOPROTO_SHA256 = "9f8c2ad49849ab063cd9fef67e77d49606640044227ecf7f3617ea2c92ef147c"
 
-PGV_RELEASE = "0.0.11"
-PGV_SHA256 = "d92c7f22929f495cf9f7d825c44f9190eda1d8256af321e3e8692570181b28a6"
+PGV_RELEASE = "0.0.12"
+PGV_SHA256 = "3be735345d1953d6d4c1cb89ace739cd6c98873d08b11218e181b0d3b0441627"
 
 GOOGLEAPIS_GIT_SHA = "d642131a6e6582fc226caf9893cb7fe7885b3411"  # May 23, 2018
 GOOGLEAPIS_SHA = "16f5b2e8bf1e747a32f9a62e211f8f33c94645492e9bbd72458061d9a9de1f63"
 
 PROMETHEUS_GIT_SHA = "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c"  # Nov 17, 2017
 PROMETHEUS_SHA = "783bdaf8ee0464b35ec0c8704871e1e72afa0005c3f3587f65d9d6694bf3911b"
 
-OPENCENSUS_GIT_SHA = "ab82e5fdec8267dc2a726544b10af97675970847"  # May 23, 2018
-OPENCENSUS_SHA = "1950f844d9f338ba731897a9bb526f9074c0487b3f274ce2ec3b4feaf0bef7e2"
+OPENCENSUS_GIT_SHA = "7f2434bc10da710debe5c4315ed6d4df454b4024"  # Nov 3, 2018 (tag v0.1.0)
+OPENCENSUS_SHA = "6f67ee4d5f4208f9711573423ae30860d6a7e66e9e150f97dda9d0e0665a34df"
 
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
@@ -286,7 +286,7 @@ go_proto_library(
 
     http_archive(
         name = "io_opencensus_trace",
-        strip_prefix = "opencensus-proto-" + OPENCENSUS_GIT_SHA + "/opencensus/proto/trace",
+        strip_prefix = "opencensus-proto-" + OPENCENSUS_GIT_SHA + "/src/opencensus/proto/trace/v1",
         url = "https://github.com/census-instrumentation/opencensus-proto/archive/" + OPENCENSUS_GIT_SHA + ".tar.gz",
         sha256 = OPENCENSUS_SHA,
         build_file_content = """

api/envoy/api/v2/auth/cert.proto

@@ -41,7 +41,9 @@ message TlsParameters {
 
   // If specified, the TLS listener will only support the specified `cipher list
   // <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_.
-  // If not specified, the default list:
+  // If not specified, the default list will be used.
+  //
+  // In non-FIPS builds, the default cipher list is:
   //
   // .. code-block:: none
   //
@@ -58,11 +60,39 @@ message TlsParameters {
   //   AES256-GCM-SHA384
   //   AES256-SHA
   //
-  // will be used.
+  // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:
+  //
+  // .. code-block:: none
+  //
+  //   ECDHE-ECDSA-AES128-GCM-SHA256
+  //   ECDHE-RSA-AES128-GCM-SHA256
+  //   ECDHE-ECDSA-AES128-SHA
+  //   ECDHE-RSA-AES128-SHA
+  //   AES128-GCM-SHA256
+  //   AES128-SHA
+  //   ECDHE-ECDSA-AES256-GCM-SHA384
+  //   ECDHE-RSA-AES256-GCM-SHA384
+  //   ECDHE-ECDSA-AES256-SHA
+  //   ECDHE-RSA-AES256-SHA
+  //   AES256-GCM-SHA384
+  //   AES256-SHA
   repeated string cipher_suites = 3;
 
   // If specified, the TLS connection will only support the specified ECDH
-  // curves. If not specified, the default curves (X25519, P-256) will be used.
+  // curves. If not specified, the default curves will be used.
+  //
+  // In non-FIPS builds, the default curves are:
+  //
+  // .. code-block:: none
+  //
+  //   X25519
+  //   P-256
+  //
+  // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
+  //
+  // .. code-block:: none
+  //
+  //   P-256
   repeated string ecdh_curves = 4;
 }
 
@@ -227,16 +257,17 @@ message CommonTlsContext {
   // TLS protocol versions, cipher suites etc.
   TlsParameters tls_params = 1;
 
-  // Multiple TLS certificates can be associated with the same context.
-  // E.g. to allow both RSA and ECDSA certificates, two TLS certificates can be configured.
+  // :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
+  // same context to allow both RSA and ECDSA certificates.
   //
   // Only a single TLS certificate is supported in client contexts. In server contexts, the first
   // RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
   // used for clients that support ECDSA.
   repeated TlsCertificate tls_certificates = 2;
 
   // Configs for fetching TLS certificates via SDS API.
-  repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6;
+  repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6
+      [(validate.rules).repeated .max_items = 1];
 
   message CombinedCertificateValidationContext {
     // How to validate peer certificates.

api/envoy/api/v2/core/health_check.proto

@@ -146,6 +146,11 @@ message HealthCheck {
     // message. See `gRPC health-checking overview
     // <https://github.com/grpc/grpc/blob/master/doc/health-checking.md>`_ for more information.
     string service_name = 1;
+
+    // The value of the :authority header in the gRPC health check request. If
+    // left empty (default value), the name of the cluster this health check is associated
+    // with will be used.
+    string authority = 2;
   }
 
   // Custom health check.

api/envoy/api/v2/eds.proto

@@ -89,7 +89,12 @@ message ClusterLoadAssignment {
     // multiplied by the overprovisioning factor drops below 100.
     // With the default value 140(1.4), Envoy doesn't consider a priority level
     // or a locality unhealthy until their percentage of healthy hosts drops
-    // below 72%.
+    // below 72%. For example:
+    //
+    // .. code-block:: json
+    //
+    //  { "overprovisioning_factor": 100 }
+    //
     // Read more at :ref:`priority levels <arch_overview_load_balancing_priority_levels>` and
     // :ref:`localities <arch_overview_load_balancing_locality_weighted_lb>`.
     google.protobuf.UInt32Value overprovisioning_factor = 3 [(validate.rules).uint32.gt = 0];

api/envoy/api/v2/lds.proto

@@ -86,7 +86,23 @@ message Listener {
   // Listener metadata.
   core.Metadata metadata = 6;
 
-  reserved 7;
+  // [#not-implemented-hide:]
+  message DeprecatedV1 {
+    // Whether the listener should bind to the port. A listener that doesn’t
+    // bind can only receive connections redirected from other listeners that
+    // set use_original_dst parameter to true. Default is true.
+    //
+    // [V2-API-DIFF] This is deprecated in v2, all Listeners will bind to their
+    // port. An additional filter chain must be created for every original
+    // destination port this listener may redirect to in v2, with the original
+    // port specified in the FilterChainMatch destination_port field.
+    //
+    // [#comment:TODO(PiotrSikora): Remove this once verified that we no longer need it.]
+    google.protobuf.BoolValue bind_to_port = 1;
+  }
+
+  // [#not-implemented-hide:]
+  DeprecatedV1 deprecated_v1 = 7;
 
   enum DrainType {
     // Drain in response to calling /healthcheck/fail admin endpoint (along with the health check

api/envoy/api/v2/route/route.proto

@@ -346,7 +346,7 @@ message RouteMatch {
   // .. note::
   //
   //    Parsing this field is implemented such that the runtime key's data may be represented
-  //    as a FractionalPercent proto represented as JSON/YAM and may also be represented as an
+  //    as a FractionalPercent proto represented as JSON/YAML and may also be represented as an
   //    integer with the assumption that the value is an integral percentage out of 100. For
   //    instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent
   //    whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics.
@@ -615,7 +615,35 @@ message RouteAction {
     // 0.01% of requests to be mirrored. If the runtime key is specified in the
     // configuration but not present in runtime, 0 is the default and thus 0% of
     // requests will be mirrored.
-    string runtime_key = 2;
+    //
+    // .. attention::
+    //
+    //   **This field is deprecated**. Set the
+    //   :ref:`runtime_fraction
+    //   <envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_fraction>` field instead.
+    string runtime_key = 2 [deprecated = true];
+
+    // If both :ref:`runtime_key
+    // <envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_key>` and this field are not
+    // specified, all requests to the target cluster will be mirrored.
+    //
+    // If specified, this field takes precedence over the `runtime_key` field and requests must also
+    // fall under the percentage of matches indicated by this field.
+    //
+    // For some fraction N/D, a random number in the range [0,D) is selected. If the
+    // number is <= the value of the numberator N, or if the key is not present, the default
+    // value, the request will be mirrored.
+    //
+    // .. note::
+    //
+    //   Parsing this field is implemented such that the runtime key's data may be represented
+    //   as a :ref:`FractionalPercent <envoy_api_msg_type.FractionalPercent>` proto represented
+    //   as JSON/YAML and may also be represented as an integer with the assumption that the value
+    //   is an integral percentage out of 100. For instance, a runtime key lookup returning the
+    //   value "42" would parse as a `FractionalPercent` whose numerator is 42 and denominator is
+    //   HUNDRED. This is behaviour is different to that of the deprecated `runtime_key` field,
+    //   where the implicit denominator is 10000.
+    core.RuntimeFractionalPercent runtime_fraction = 3;
   }
 
   // Indicates that the route has a request mirroring policy.

api/envoy/config/bootstrap/v2/bootstrap.proto

@@ -114,7 +114,7 @@ message Bootstrap {
   // Configuration for an external rate limit service provider. If not
   // specified, any calls to the rate limit service will immediately return
   // success.
-  envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 10;
+  envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 10 [deprecated = true];
 
   // Configuration for the runtime configuration provider. If not specified, a
   // “null” provider will be used which will result in all defaults being used.

api/envoy/config/filter/http/rate_limit/v2/BUILD

@@ -5,4 +5,7 @@ licenses(["notice"])  # Apache 2
 api_proto_library_internal(
     name = "rate_limit",
     srcs = ["rate_limit.proto"],
+    deps = [
+        "//envoy/config/ratelimit/v2:rls",
+    ],
 )

api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto

@@ -3,6 +3,8 @@ syntax = "proto3";
 package envoy.config.filter.http.rate_limit.v2;
 option go_package = "v2";
 
+import "envoy/config/ratelimit/v2/rls.proto";
+
 import "google/protobuf/duration.proto";
 
 import "validate/validate.proto";
@@ -45,4 +47,11 @@ message RateLimit {
   // of the default `UNAVAILABLE` gRPC code for a rate limited gRPC call. The
   // HTTP code will be 200 for a gRPC response.
   bool rate_limited_as_resource_exhausted = 6;
+
+  // Configuration for an external rate limit service provider. If not
+  // specified, any calls to the rate limit service will immediately return
+  // success.
+  // [#comment:TODO(ramaraochavali): Make this required as part of cleanup of deprecated ratelimit
+  // service config in bootstrap.]
+  envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 7;
 }

api/envoy/config/filter/http/transcoder/v2/transcoder.proto

@@ -61,4 +61,31 @@ message GrpcJsonTranscoder {
   // the match the upstream gRPC service. Note: This means that routes for gRPC services that are
   // not transcoded cannot be used in combination with *match_incoming_request_route*.
   bool match_incoming_request_route = 5;
+
+  // A list of query parameters to be ignored for transcoding method mapping.
+  // By default, the transcoder filter will not transcode a request if there are any
+  // unknown/invalid query parameters.
+  //
+  // Example :
+  //
+  // .. code-block:: proto
+  //
+  //     service Bookstore {
+  //       rpc GetShelf(GetShelfRequest) returns (Shelf) {
+  //         option (google.api.http) = {
+  //           get: "/shelves/{shelf}"
+  //         };
+  //       }
+  //     }
+  //
+  //     message GetShelfRequest {
+  //       int64 shelf = 1;
+  //     }
+  //
+  //     message Shelf {}
+  //
+  // The request ``/shelves/100?foo=bar`` will not be mapped to ``GetShelf``` because variable
+  // binding for ``foo`` is not defined. Adding ``foo`` to ``ignored_query_parameters`` will allow
+  // the same request to be mapped to ``GetShelf``.
+  repeated string ignored_query_parameters = 6;
 }

api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto

@@ -5,8 +5,9 @@ option go_package = "v2";
 
 import "validate/validate.proto";
 
-// [#protodoc-title: Extensions Thrift Proxy]
-// Thrift Proxy filter configuration.
+// [#protodoc-title: Dubbo Proxy]
+// Dubbo Proxy filter configuration.
+
 message DubboProxy {
   // The human readable prefix to use when emitting statistics.
   string stat_prefix = 1 [(validate.rules).string.min_bytes = 1];

api/envoy/config/filter/network/rate_limit/v2/BUILD

@@ -5,5 +5,8 @@ licenses(["notice"])  # Apache 2
 api_proto_library_internal(
     name = "rate_limit",
     srcs = ["rate_limit.proto"],
-    deps = ["//envoy/api/v2/ratelimit"],
+    deps = [
+        "//envoy/api/v2/ratelimit",
+        "//envoy/config/ratelimit/v2:rls",
+    ],
 )

api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto

@@ -4,6 +4,8 @@ package envoy.config.filter.network.rate_limit.v2;
 option go_package = "v2";
 
 import "envoy/api/v2/ratelimit/ratelimit.proto";
+import "envoy/config/ratelimit/v2/rls.proto";
+
 import "google/protobuf/duration.proto";
 
 import "validate/validate.proto";
@@ -32,4 +34,11 @@ message RateLimit {
   // communication failure between rate limiting service and the proxy.
   // Defaults to false.
   bool failure_mode_deny = 5;
+
+  // Configuration for an external rate limit service provider. If not
+  // specified, any calls to the rate limit service will immediately return
+  // success.
+  // [#comment:TODO(ramaraochavali): Make this required as part of cleanup of deprecated ratelimit
+  // service config in bootstrap.]
+  envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 6;
 }

api/envoy/config/filter/thrift/rate_limit/v2alpha1/BUILD

@@ -5,5 +5,8 @@ licenses(["notice"])  # Apache 2
 api_proto_library_internal(
     name = "rate_limit",
     srcs = ["rate_limit.proto"],
-    deps = ["//envoy/api/v2/ratelimit"],
+    deps = [
+        "//envoy/api/v2/ratelimit",
+        "//envoy/config/ratelimit/v2:rls",
+    ],
 )

api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto

@@ -3,6 +3,8 @@ syntax = "proto3";
 package envoy.config.filter.thrift.rate_limit.v2alpha1;
 option go_package = "v2alpha1";
 
+import "envoy/config/ratelimit/v2/rls.proto";
+
 import "google/protobuf/duration.proto";
 
 import "validate/validate.proto";
@@ -36,4 +38,11 @@ message RateLimit {
   // communication failure between rate limiting service and the proxy.
   // Defaults to false.
   bool failure_mode_deny = 4;
+
+  // Configuration for an external rate limit service provider. If not
+  // specified, any calls to the rate limit service will immediately return
+  // success.
+  // [#comment:TODO(ramaraochavali): Make this required as part of cleanup of deprecated ratelimit
+  // service config in bootstrap.]
+  envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 5;
 }

api/envoy/config/ratelimit/v2/BUILD

@@ -5,9 +5,7 @@ licenses(["notice"])  # Apache 2
 api_proto_library_internal(
     name = "rls",
     srcs = ["rls.proto"],
-    visibility = [
-        "//envoy/config/bootstrap/v2:__pkg__",
-    ],
+    visibility = ["//visibility:public"],
     deps = [
         "//envoy/api/v2/core:grpc_service",
     ],

api/envoy/service/trace/v2/trace_service.proto

@@ -38,5 +38,5 @@ message StreamTracesMessage {
   Identifier identifier = 1;
 
   // A list of Span entries
-  repeated opencensus.proto.trace.Span spans = 2;
+  repeated opencensus.proto.trace.v1.Span spans = 2;
 }