router: Add path rewrite via regex

CONTRIBUTING.md

@@ -214,3 +214,17 @@ git push origin -f
 
 Note, that in general rewriting history in this way is a hinderance to the review process and this
 should only be done to correct a DCO mistake.
+
+## Triggering CI re-run without making changes
+
+Sometimes CI test runs fail due to obvious resource problems or other issues
+which are not related to your PR. It may be desirable to re-trigger CI without
+making any code changes. Consider adding an alias into your `.gitconfig` file:
+
+```
+[alias]
+    kick-ci = !"git commit -s --allow-empty -m 'Kick CI' && git push"
+```
+
+Once you add this alias you can issue the command `git kick-ci` and the PR
+will be sent back for a retest.

DEPRECATED.md

@@ -29,6 +29,8 @@ A logged warning is expected for each deprecated item that is in deprecation win
 * Setting hosts via `hosts` field in `Cluster` is deprecated. Use `load_assignment` instead.
 * Use of `response_headers_to_*` and `request_headers_to_add` are deprecated at the `RouteAction`
   level. Please use the configuration options at the `Route` level.
+* Use of the string `user` field in `Authenticated` in [rbac.proto](https://github.com/envoyproxy/envoy/blob/master/api/envoy/config/rbac/v2alpha/rbac.proto)
+  is deprecated in favor of the new `StringMatcher` based `principal_name` field.
 
 ## Version 1.7.0
 

api/docs/BUILD

@@ -58,6 +58,7 @@ proto_library(
         "//envoy/config/ratelimit/v2:rls",
         "//envoy/config/rbac/v2alpha:rbac",
         "//envoy/config/resource_monitor/fixed_heap/v2alpha:fixed_heap",
+        "//envoy/config/resource_monitor/injected_resource/v2alpha:injected_resource",
         "//envoy/config/trace/v2:trace",
         "//envoy/config/transport_socket/capture/v2alpha:capture",
         "//envoy/data/accesslog/v2:accesslog",

api/envoy/admin/v2alpha/BUILD

@@ -31,3 +31,9 @@ api_proto_library_internal(
     srcs = ["metrics.proto"],
     visibility = ["//visibility:public"],
 )
+
+api_proto_library_internal(
+    name = "memory",
+    srcs = ["memory.proto"],
+    visibility = ["//visibility:public"],
+)

api/envoy/admin/v2alpha/clusters.proto

@@ -46,8 +46,8 @@ message HostStatus {
   // Address of this host.
   envoy.api.v2.core.Address address = 1;
 
-  // Mapping from the name of the statistic to the current value.
-  map<string, SimpleMetric> stats = 2;
+  // List of stats specific to this host.
+  repeated SimpleMetric stats = 2;
 
   // The host's current health status.
   HostHealthStatus health_status = 3;

api/envoy/admin/v2alpha/memory.proto

@@ -0,0 +1,19 @@
+syntax = "proto3";
+
+package envoy.admin.v2alpha;
+
+// [#protodoc-title: Memory]
+
+// Proto representation of the internal memory consumption of an Envoy instance. These represent
+// values extracted from an internal TCMalloc instance. For more information, see the section of the
+// docs entitled ["Generic Tcmalloc Status"](http://gperftools.github.io/gperftools/tcmalloc.html).
+message Memory {
+
+  // The number of bytes allocated by the heap for Envoy. This is an alias for
+  // `generic.current_allocated_bytes`.
+  uint64 allocated = 1;
+
+  // The number of bytes reserved by the heap but not necessarily allocated. This is an alias for
+  // `generic.heap_size`.
+  uint64 heap_size = 2;
+}

api/envoy/admin/v2alpha/metrics.proto

@@ -11,9 +11,12 @@ message SimpleMetric {
     GAUGE = 1;
   }
 
-  // Type of metric represented.
+  // Type of the metric represented.
   Type type = 1;
 
   // Current metric value.
   uint64 value = 2;
+
+  // Name of the metric.
+  string name = 3;
 }

api/envoy/api/v2/auth/cert.proto

@@ -232,21 +232,22 @@ message CommonTlsContext {
   //   relaxed in the future.
   repeated TlsCertificate tls_certificates = 2 [(validate.rules).repeated .max_items = 1];
 
-  // [#not-implemented-hide:]
+  // Configs for fetching TLS certificates via SDS API.
   repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6;
 
   oneof validation_context_type {
     // How to validate peer certificates.
     CertificateValidationContext validation_context = 3;
 
-    // [#not-implemented-hide:]
+    // Config for fetching validation context via SDS API.
     SdsSecretConfig validation_context_sds_secret_config = 7;
   }
 
   // Supplies the list of ALPN protocols that the listener should expose. In
   // practice this is likely to be set to one of two values (see the
-  // :ref:`codec_type <config_http_conn_man_codec_type>` parameter in the HTTP connection
-  // manager for more information):
+  // :ref:`codec_type
+  // <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.codec_type>`
+  // parameter in the HTTP connection manager for more information):
   //
   // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
   // * "http/1.1" If the listener is only going to support HTTP/1.1.
@@ -302,7 +303,6 @@ message DownstreamTlsContext {
 }
 
 // [#proto-status: experimental]
-// [#not-implemented-hide:]
 message SdsSecretConfig {
   // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
   // When both name and config are specified, then secret can be fetched and/or reloaded via SDS.
@@ -312,7 +312,6 @@ message SdsSecretConfig {
 }
 
 // [#proto-status: experimental]
-// [#not-implemented-hide:]
 message Secret {
   // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
   string name = 1;

api/envoy/api/v2/core/address.proto

@@ -36,7 +36,7 @@ message SocketAddress {
   // in :ref:`FilterChainMatch <envoy_api_msg_listener.FilterChainMatch>`.] When used
   // within an upstream :ref:`BindConfig <envoy_api_msg_core.BindConfig>`, the address
   // controls the source address of outbound connections. For :ref:`clusters
-  // <config_cluster_manager_cluster>`, the cluster type determines whether the
+  // <envoy_api_msg_Cluster>`, the cluster type determines whether the
   // address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS
   // (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized
   // via :ref:`resolver_name <envoy_api_field_core.SocketAddress.resolver_name>`.

api/envoy/api/v2/core/base.proto

@@ -20,7 +20,7 @@ message Locality {
 
   // Defines the local service zone where Envoy is running. Though optional, it
   // should be set if discovery service routing is used and the discovery
-  // service exposes :ref:`zone data <config_cluster_manager_sds_api_host_az>`,
+  // service exposes :ref:`zone data <envoy_api_field_endpoint.LocalityLbEndpoints.locality>`,
   // either in this message or via :option:`--service-zone`. The meaning of zone
   // is context dependent, e.g. `Availability Zone (AZ)
   // <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html>`_
@@ -49,9 +49,10 @@ message Node {
   // Defines the local service cluster name where Envoy is running. Though
   // optional, it should be set if any of the following features are used:
   // :ref:`statsd <arch_overview_statistics>`, :ref:`health check cluster
-  // verification <config_cluster_manager_cluster_hc_service_name>`,
-  // :ref:`runtime override directory <config_runtime_override_subdirectory>`,
-  // :ref:`user agent addition <config_http_conn_man_add_user_agent>`,
+  // verification <envoy_api_field_core.HealthCheck.HttpHealthCheck.service_name>`,
+  // :ref:`runtime override directory <envoy_api_msg_config.bootstrap.v2.Runtime>`,
+  // :ref:`user agent addition
+  // <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent>`,
   // :ref:`HTTP global rate limiting <config_http_filters_rate_limit>`,
   // :ref:`CDS <config_cluster_manager_cds>`, and :ref:`HTTP tracing
   // <arch_overview_tracing>`, either in this message or via
@@ -170,7 +171,7 @@ message DataSource {
 }
 
 // Configuration for transport socket in :ref:`listeners <config_listeners>` and
-// :ref:`clusters <config_cluster_manager_cluster>`. If the configuration is
+// :ref:`clusters <envoy_api_msg_Cluster>`. If the configuration is
 // empty, a default transport socket implementation and configuration will be
 // chosen based on the platform and existence of tls_context.
 message TransportSocket {

api/envoy/api/v2/core/config_source.proto

@@ -57,8 +57,8 @@ message AggregatedConfigSource {
 }
 
 // Configuration for :ref:`listeners <config_listeners>`, :ref:`clusters
-// <config_cluster_manager_cluster>`, :ref:`routes
-// <config_http_conn_man_route_table>`, :ref:`endpoints
+// <config_cluster_manager>`, :ref:`routes
+// <envoy_api_msg_RouteConfiguration>`, :ref:`endpoints
 // <arch_overview_service_discovery>` etc. may either be sourced from the
 // filesystem or from an xDS API source. Filesystem configs are watched with
 // inotify for updates.

api/envoy/api/v2/core/grpc_service.proto

@@ -44,6 +44,11 @@ message GrpcService {
       DataSource cert_chain = 3;
     }
 
+    // Local channel credentials. Only UDS is supported for now.
+    // See https://github.com/grpc/grpc/pull/15909.
+    message GoogleLocalCredentials {
+    }
+
     // See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call
     // credential types.
     message ChannelCredentials {
@@ -53,6 +58,8 @@ message GrpcService {
 
         // https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61
         google.protobuf.Empty google_default = 2;
+
+        GoogleLocalCredentials local_credentials = 3;
       }
     }
 

api/envoy/api/v2/endpoint/endpoint.proto

@@ -62,7 +62,8 @@ message LbEndpoint {
   // balancer to select endpoints in a cluster for a given request. The filter
   // name should be specified as *envoy.lb*. An example boolean key-value pair
   // is *canary*, providing the optional canary status of the upstream host.
-  // This may be matched against in a route's ForwardAction metadata_match field
+  // This may be matched against in a route's
+  // :ref:`RouteAction <envoy_api_msg_route.RouteAction>` metadata_match field
   // to subset the endpoints considered in cluster load balancing.
   core.Metadata metadata = 3;