Hello community, here is the log from the commit of package envoy-proxy for openSUSE:Factory checked in at 2020-02-15 22:25:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/envoy-proxy (Old) and /work/SRC/openSUSE:Factory/.envoy-proxy.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "envoy-proxy" Sat Feb 15 22:25:16 2020 rev:5 rq:774412 version:1.12.2+git.20200109 Changes: -------- --- /work/SRC/openSUSE:Factory/envoy-proxy/envoy-proxy.changes 2019-04-05 12:06:31.106569065 +0200 +++ /work/SRC/openSUSE:Factory/.envoy-proxy.new.26092/envoy-proxy.changes 2020-02-15 22:25:38.567316942 +0100 @@ -1,0 +2,134 @@ +Tue Feb 4 14:18:09 UTC 2020 - Michał Rostecki <[email protected]> + +- Remove nanopb from requirements. + +------------------------------------------------------------------- +Thu Jan 16 23:58:08 UTC 2020 - Michał Rostecki <[email protected]> + +- Add patches which allow an access to TransportSocketFactoryContext + from a Filter context. Needed for cilium-proxy to work properly: + * 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch + * 0002-test-Fix-mocks.patch + * 0003-test-Fix-format.patch + * 0004-server-Add-comments-pointing-out-implementation-deta.patch + * 0005-server-Move-setInitManager-to-TransportSocketFactory.patch + * 0006-fix-format.patch + +------------------------------------------------------------------- +Tue Jan 14 22:04:24 UTC 2020 - Michał Rostecki <[email protected]> + +- Update to version 1.12.2+git.20200109: + * http: fixed CVE-2019-18801 by allocating sufficient memory for + request headers. + * http: fixed CVE-2019-18802 by implementing stricter validation + of HTTP/1 headers. + * http: trim LWS at the end of header keys, for correct HTTP/1.1 + header parsing. + * http: added strict authority checking. This can be reversed + temporarily by setting the runtime feature + envoy.reloadable_features.strict_authority_validation to false. + * route config: fixed CVE-2019-18838 by checking for presence of + host/path headers. + * listener: fixed CVE-2019-18836 by clearing accept filters + before connection creation. +- Switch from Maistra to envoy-openssl as the way of replacing + BoringSSL with OpenSSL. +- Add source package to build cilium-proxy separately, with + envoy-proxy-source as a build depencency. +- Add patch which fixes dynamic linking of OpenSSL: + * bazel-Fix-optional-dynamic-linking-of-OpenSSL.patch +- Add patch which adds backwards compatibility with TLS 1.2 and + OpenSSL 1.1.0: + * compatibility-with-TLS-1.2-and-OpenSSL-1.1.0.patch +- Add patch for compatibility with fmt 6.1.0 and spdlog 1.5.0: + * logger-Use-spdlog-memory_buf_t-instead-of-fmt-memory.patch +- Remove patches which are not needed anymore: + * 0001-bazel-Update-protobuf-and-other-needed-dependencies.patch + * 0002-bazel-Update-grpc-to-1.23.0.patch + * 0003-tracing-update-googleapis-use-SetName-for-operation-.patch + +------------------------------------------------------------------- +Fri Dec 13 12:46:45 UTC 2019 - Michał Rostecki <[email protected]> + +- Replace lua51-luajit with moonjit. + +------------------------------------------------------------------- +Wed Nov 6 21:11:18 UTC 2019 - Michał Rostecki <[email protected]> + +- Do not bundle any dependencies, move everything to separate + packages. +- Add patch which makes envoy-proxy compatible with newer + googleapis: + * 0003-tracing-update-googleapis-use-SetName-for-operation-.patch + +------------------------------------------------------------------- +Fri Nov 1 13:30:50 UTC 2019 - Michał Rostecki <[email protected]> + +- Do not use global optflags (temporarily) - enabling them causes + linker errors. + +------------------------------------------------------------------- +Fri Oct 18 14:47:16 UTC 2019 - Michał Rostecki <[email protected]> + +- Disable incompatible_bzl_disallow_load_after_statement check in + Bazel - some dependencies still do not pass it. + +------------------------------------------------------------------- +Thu Oct 17 15:48:01 UTC 2019 - Richard Brown <[email protected]> + +- Remove obsolete Groups tag (fate#326485) + +------------------------------------------------------------------- +Wed Oct 16 07:57:15 UTC 2019 - Michał Rostecki <[email protected]> + +- Remove duplicate tarball of golang-org-x-tools and unneeded + tarballs of msgpack and http-parser. + +------------------------------------------------------------------- +Tue Oct 15 09:34:40 UTC 2019 - Michał Rostecki <[email protected]> + +- Update to version 1.11.1: + * http: added mitigation of client initiated attacks that result + in flooding of the downstream HTTP/2 connections. Those attacks + can be logged at the “warning” level when the runtime feature + http.connection_manager.log_flood_exception is enabled. The + runtime setting defaults to disabled to avoid log spam when + under attack. + * http: added inbound_empty_frames_flood counter stat to the + HTTP/2 codec stats, for tracking number of connections + terminated for exceeding the limit on consecutive inbound + frames with an empty payload and no end stream flag. The limit + is configured by setting the + max_consecutive_inbound_frames_with_empty_payload config + setting. + * http: added inbound_priority_frames_flood counter stat to the + HTTP/2 codec stats, for tracking number of connections + terminated for exceeding the limit on inbound PRIORITY frames. + The limit is configured by setting the + max_inbound_priority_frames_per_stream config setting. + * http: added inbound_window_update_frames_flood counter stat + to the HTTP/2 codec stats, for tracking number of connections + terminated for exceeding the limit on inbound WINDOW_UPDATE + frames. + * http: added outbound_flood counter stat to the HTTP/2 codec + stats, for tracking number of connections terminated for + exceeding the outbound queue limit. + * http: added outbound_control_flood counter stat to the HTTP/2 + codec stats, for tracking number of connections terminated + for exceeding the outbound queue limit for PING, SETTINGS and + RST_STREAM frames. + * http: enabled strict validation of HTTP/2 messaging. Previous + behavior can be restored using + stream_error_on_invalid_http_messaging config setting. +- Add sources of envoy-openssl project which makes use of OpenSSL + instead of BoringSSL. +- Add patches which makes Envoy compatible with versions of + libraries available in openSUSE: + * 0001-bazel-Update-protobuf-and-other-needed-dependencies.patch + * 0002-bazel-Update-grpc-to-1.23.0.patch +- Remove patches which are not needed anymore: + * 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch + * 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch + * 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch + +------------------------------------------------------------------- Old: ---- 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch cilium-proxy-20181115.tar.xz cilium-proxy-WORKSPACE cilium-proxy.changes cilium-proxy.spec envoy-proxy-1.8.0+git20181105.tar.xz envoy-proxy-BUILD envoy-proxy-WORKSPACE envoy-proxy-api-repositories.bzl envoy-proxy-repositories.bzl envoy-proxy-target_recipes.bzl istio-api-1.1.0snapshot.2+git20181102.tar.xz istio-proxy-1.1.0snapshot.2+git20181106.tar.xz istio-proxy-BUILD istio-proxy-WORKSPACE istio-proxy-repositories.bzl istio-proxy.changes istio-proxy.spec java_grpc_library.bzl New: ---- 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch 0002-test-Fix-mocks.patch 0003-test-Fix-format.patch 0004-server-Add-comments-pointing-out-implementation-deta.patch 0005-server-Move-setInitManager-to-TransportSocketFactory.patch 0006-fix-format.patch bazel-Fix-optional-dynamic-linking-of-OpenSSL.patch compatibility-with-TLS-1.2-and-OpenSSL-1.1.0.patch envoy-proxy-1.12.2+git.20200109.obscpio envoy-proxy-rpmlintrc envoy-proxy.obsinfo logger-Use-spdlog-memory_buf_t-instead-of-fmt-memory.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ envoy-proxy.spec ++++++ --- /var/tmp/diff_new_pack.pRhlQG/_old 2020-02-15 22:25:40.031317734 +0100 +++ /var/tmp/diff_new_pack.pRhlQG/_new 2020-02-15 22:25:40.035317736 +0100 @@ -1,7 +1,7 @@ # # spec file for package envoy-proxy # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,38 +16,54 @@ # +%define src_install_dir /usr/src/%{name} + Name: envoy-proxy -Version: 1.8.0+git20181105 +Version: 1.12.2+git.20200109 Release: 0 Summary: L7 proxy and communication bus License: Apache-2.0 -Group: Productivity/Networking/Web/Proxy -Url: https://www.envoyproxy.io/ +URL: https://www.envoyproxy.io/ Source0: %{name}-%{version}.tar.xz -Source1: envoy-proxy-WORKSPACE -Source2: envoy-proxy-api-repositories.bzl -Source3: envoy-proxy-repositories.bzl -Source4: envoy-proxy-target_recipes.bzl -Source5: envoy-proxy-BUILD -Source6: java_grpc_library.bzl -Patch0: 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch -Patch1: 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch -Patch2: 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch -BuildRequires: abseil-cpp-devel +Source1: %{name}-rpmlintrc +Patch0: bazel-Fix-optional-dynamic-linking-of-OpenSSL.patch +Patch1: compatibility-with-TLS-1.2-and-OpenSSL-1.1.0.patch +Patch2: logger-Use-spdlog-memory_buf_t-instead-of-fmt-memory.patch +Patch3: 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch +Patch4: 0002-test-Fix-mocks.patch +Patch5: 0003-test-Fix-format.patch +Patch6: 0004-server-Add-comments-pointing-out-implementation-deta.patch +Patch7: 0005-server-Move-setInitManager-to-TransportSocketFactory.patch +Patch8: 0006-fix-format.patch +BuildRequires: abseil-cpp-source BuildRequires: backward-cpp-devel -BuildRequires: bazel +BuildRequires: bazel-apple-support-source BuildRequires: bazel-gazelle-source +BuildRequires: bazel-platforms +BuildRequires: bazel-rules-apple-source +BuildRequires: bazel-rules-cc-source +BuildRequires: bazel-rules-foreign-cc-source BuildRequires: bazel-rules-go-source +BuildRequires: bazel-rules-java-source +BuildRequires: bazel-rules-proto-source +BuildRequires: bazel-rules-swift-source BuildRequires: bazel-skylib-source +BuildRequires: bazel-toolchains-source +BuildRequires: bazel-workspaces +BuildRequires: bazel2.0 BuildRequires: benchmark-devel -BuildRequires: boringssl-devel BuildRequires: c-ares-devel +BuildRequires: cel-cpp-source BuildRequires: cmake BuildRequires: dd-opentracing-cpp-devel +BuildRequires: envoy-build-tools +BuildRequires: envoy-protoc-gen-validate-source +BuildRequires: fdupes BuildRequires: fmt-devel BuildRequires: gcc-c++ BuildRequires: gcovr BuildRequires: git +BuildRequires: golang-github-golang-protobuf BuildRequires: golang-org-x-tools BuildRequires: golang-packaging BuildRequires: googleapis-source @@ -56,37 +72,41 @@ BuildRequires: grpc-source BuildRequires: gtest BuildRequires: http-parser-devel -BuildRequires: jwt_verify_lib-devel +BuildRequires: jwt_verify_lib-source +BuildRequires: kafka-source BuildRequires: libcircllhist-devel +BuildRequires: libcurl-devel BuildRequires: libevent-devel BuildRequires: libnghttp2-devel BuildRequires: libprotobuf-mutator-devel BuildRequires: libtool BuildRequires: lightstep-tracer-cpp-source -BuildRequires: lua51-luajit-devel +BuildRequires: moonjit-devel BuildRequires: msgpack-devel -BuildRequires: nanopb-source +BuildRequires: nghttp2-devel +BuildRequires: ninja +BuildRequires: opencensus-cpp-source +BuildRequires: opencensus-proto-source BuildRequires: opentracing-cpp-source BuildRequires: prometheus-client-model-source BuildRequires: protobuf-source -BuildRequires: protoc-gen-go-source BuildRequires: protoc-gen-gogo-source -BuildRequires: protoc-gen-validate-source -BuildRequires: python -BuildRequires: python2-Jinja2 -BuildRequires: python2-MarkupSafe -BuildRequires: python2-six -BuildRequires: python2-thrift -BuildRequires: python2-twitter.common.finagle-thrift -BuildRequires: python2-twitter.common.lang -BuildRequires: python2-twitter.common.rpc +BuildRequires: python3 +BuildRequires: python3-Jinja2 +BuildRequires: python3-MarkupSafe BuildRequires: rapidjson-devel +BuildRequires: re2-devel BuildRequires: spdlog-devel +BuildRequires: sql-parser-devel BuildRequires: tclap +BuildRequires: udpa-source +BuildRequires: upb-source +BuildRequires: vim BuildRequires: xxhash-devel BuildRequires: yaml-cpp-devel +BuildRequires: zipkin-api-source BuildRequires: zlib-devel -BuildRequires: golang(API) >= 1.10.4 +BuildRequires: golang(API) >= 1.12 BuildRequires: pkgconfig(openssl) ExcludeArch: %ix86 @@ -94,42 +114,47 @@ Envoy is an L7 proxy and communication bus designed for large modern service oriented architectures. +%package source +Summary: Source code of bazel-rules-cc + +%description source +Envoy is an L7 proxy and communication bus designed for large modern service +oriented architectures. + +This package contains source code of Envoy. + %prep -# Prepare golang-org-x-tools sources. -mkdir golang-org-x-tools -cp -r /usr/share/go/1.11/contrib/src/golang.org/x/tools/* golang-org-x-tools -pushd golang-org-x-tools -patch -p1 < /usr/src/bazel-rules-go/third_party/org_golang_x_tools-gazelle.patch -patch -p1 < /usr/src/bazel-rules-go/third_party/org_golang_x_tools-extras.patch -touch WORKSPACE -popd - -# Prepare a fake grpc-java repository. googleapis Bazel rules require -# grpc-java, but we don't build any Java modules. -mkdir grpc-java -cp %{SOURCE6} ./grpc-java - -%setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 - -# Copy our custom Bazel rules. -cp %{SOURCE1} ./WORKSPACE -cp %{SOURCE2} ./api/bazel/repositories.bzl -cp %{SOURCE3} ./bazel/repositories.bzl -cp %{SOURCE4} ./bazel/target_recipes.bzl -cp %{SOURCE5} ./ci/prebuilt/BUILD - -# To avoid conflicts with openssl development files, boringssl package in -# openSUSE installs headers to /usr/include/boringssl. -find . -type f -exec sed -i 's|openssl|boringssl|' "{}" + +%autosetup -p1 -# Bump the version of luajit. -sed -i 's|luajit-2.0|luajit-5_1-2.1|g' ./source/extensions/filters/common/lua/lua.h -# path_matched is a part of grpc_transcoding which we link dynamically. -sed -i '/path_matcher/d' ./source/extensions/filters/http/grpc_json_transcoder/BUILD +# Tell Bazel to look for Python dependencies on Python 3 environment from host. +PATH_JINJA2=$(python3 -c "import jinja2; print(jinja2.__path__[0])") +PATH_MARKUPSAGE=$(python3 -c "import markupsafe; print(markupsafe.__path__[0])") +cat <<EOF >> WORKSPACE + +new_local_repository( + name = "com_github_pallets_jinja", + path = "${PATH_JINJA2}", + build_file_content = """py_library( + name = "jinja2", + srcs = glob(["**/*.py"]), + visibility = ["//visibility:public"], +) +""", +) + +new_local_repository( + name = "com_github_pallets_markupsafe", + path = "${PATH_MARKUPSAFE}", + build_file_content = """py_library( + name = "markupsafe", + srcs = glob(["**/*.py"]), + visibility = ["//visibility:public"], +) +""", +) +EOF +# Envoy has to be built as a git repository, so let's create one... git config --global user.email "[email protected]" git config --global user.name "Your Name" git init @@ -138,29 +163,143 @@ GIT_AUTHOR_DATE=2000-01-01T01:01:01 GIT_COMMITTER_DATE=2000-01-01T01:01:01 \ git commit -m "Dummy commit just to satisfy bazel" &> /dev/null +# Tell Bazel to use Go from host. +sed -i -e "s|1.13.5|host|" envoy/bazel/dependency_imports.bzl + +# Get rid of: +# - Bazel rules for Python dependencies - to use them from host Python instead +# of creating a separate Python environment. +# - Dependencies using "foreign_cc" utility - thanks to our bazel-workspaces +# project, we can just link those C/C++ libraries dynamically. +sed -i \ + -e "/ _python_deps()/d" \ + -e "s|@envoy//bazel/foreign_cc:ares|@com_github_c_ares_c_ares//:ares|" \ + -e "s|@envoy//bazel/foreign_cc:yaml|@com_github_jbeder_yaml_cpp//:all|" \ + -e "s|@envoy//bazel/foreign_cc:event|@com_github_libevent_libevent//:libevent|" \ + -e "s|@envoy//bazel/foreign_cc:zlib|@zlib//:zlib|" \ + -e "s|@envoy//bazel/foreign_cc:nghttp2|@com_github_nghttp2_nghttp2//:all|" \ + -e "s|@envoy//bazel/foreign_cc:curl|@com_github_curl//:curl|" \ + -e "s|@envoy//bazel/foreign_cc:luajit|@com_github_luajit_luajit//:luajit|" \ + -e "s|@envoy//bazel/foreign_cc:gperftools|@com_github_gperftools_gperftools//:gperftools|" \ + envoy/bazel/repositories.bzl + +# Bump the version of luajit. +sed -i "s|luajit-2.1|luajit-5_1-2.1|g" envoy/source/extensions/filters/common/lua/lua.h + +# Fix includes of sqlparser headers. +find . -type f "(" -name "*.cc" -o -name "*.h" ")" -exec sed -i -e "s|include/sqlparser|sqlparser|" {} + + +# Link OpenSSL dynamically. +sed -i \ + -e "s|openssl_repository()|# openssl_repository|" \ + -e "s|# openssl_shared_repository()|openssl_shared_repository()|" \ + WORKSPACE +sed -i "s|/usr/lib/x86_64-linux-gnu|%{_libdir}|g" openssl.bzl + +# Fix shebangs in scripts. +find . -type f -exec sed -i \ + -e "s|#!/usr/bin/env bash.*$|#!/bin/bash|" \ + -e "s|#!/usr/bin/env python.*$|#!/usr/bin/python3|" \ + -e "s|#!/usr/bin/env sh.*$|#!/bin/sh|" \ + "{}" + + +# Adjust envoy-openssl code to getTransportSocketFactoryContext changes. +sed -i \ + "s|context.statsScope|context.scope|" \ + source/extensions/transport_sockets/tls/config.cc + +# Yes, someone seriously added an executable bit to a header file... +find . -type f -name "*.h" -exec chmod -x "{}" + + %build # TODO(mrostecki): Create a macro in bazel package. +GO_PROTOBUF_DIR=$(find %{_datadir}/go -name protobuf -type d | grep -v vendor) +GO_TOOLS_DIR=$(find %{_datadir}/go -name tools -type d | grep -v vendor) +cat WORKSPACE bazel build \ -c dbg \ --color=no \ - %(for opt in %{optflags}; do echo -e "--copt=${opt} \c"; done) \ + --copt="-Wno-unused-parameter" \ + --cxxopt="-Wno-unused-parameter" \ --curses=no \ - --distdir=%{_sourcedir} \ - --genrule_strategy=standalone \ - --spawn_strategy=standalone \ + --host_force_python=PY3 \ + --incompatible_bzl_disallow_load_after_statement=false \ + --override_repository="bazel_gazelle=/usr/src/bazel-gazelle" \ + --override_repository="bazel_skylib=/usr/src/bazel-skylib" \ + --override_repository="bazel_toolchains=/usr/src/bazel-toolchains" \ + --override_repository="bssl_wrapper=%{_datadir}/bazel-workspaces/bsslwrapper" \ + --override_repository="build_bazel_apple_support=/usr/src/bazel-apple-support" \ + --override_repository="build_bazel_rules_apple=/usr/src/bazel-rules-apple" \ + --override_repository="build_bazel_rules_swift=/usr/src/bazel-rules-swift" \ + --override_repository="com_envoyproxy_protoc_gen_validate=/usr/src/envoy-protoc-gen-validate" \ + --override_repository="com_lightstep_tracer_cpp=/usr/src/lightstep-tracer-cpp" \ + --override_repository="com_github_c_ares_c_ares=%{_datadir}/bazel-workspaces/c-ares" \ + --override_repository="com_github_circonus_labs_libcircllhist=%{_datadir}/bazel-workspaces/libcircllhist" \ + --override_repository="com_github_cncf_udpa=/usr/src/udpa" \ + --override_repository="com_github_curl=%{_datadir}/bazel-workspaces/curl" \ + --override_repository="com_github_cyan4973_xxhash=%{_datadir}/bazel-workspaces/xxhash" \ + --override_repository="com_github_datadog_dd_opentracing_cpp=%{_datadir}/bazel-workspaces/dd-opentracing-cpp" \ + --override_repository="com_github_mirror_tclap=%{_datadir}/bazel-workspaces/tclap" \ + --override_repository="com_github_eile_tclap=%{_datadir}/bazel-workspaces/tclap" \ + --override_repository="com_github_envoyproxy_sqlparser=%{_datadir}/bazel-workspaces/sql-parser" \ + --override_repository="com_github_fmtlib_fmt=%{_datadir}/bazel-workspaces/fmtlib" \ + --override_repository="com_github_gabime_spdlog=%{_datadir}/bazel-workspaces/spdlog" \ + --override_repository="com_github_gogo_protobuf=/usr/src/protoc-gen-gogo" \ + --override_repository="com_github_golang_protobuf=${GO_PROTOBUF_DIR}" \ + --override_repository="com_github_google_jwt_verify=/usr/src/jwt_verify_lib" \ + --override_repository="com_github_google_jwt_verify_patched=/usr/src/jwt_verify_lib" \ + --override_repository="com_github_google_libprotobuf_mutator=%{_datadir}/bazel-workspaces/libprotobuf-mutator" \ + --override_repository="com_github_gperftools_gperftools=%{_datadir}/bazel-workspaces/gperftools" \ + --override_repository="com_github_grpc_grpc=/usr/src/grpc" \ + --override_repository="com_github_jbeder_yaml_cpp=%{_datadir}/bazel-workspaces/yaml-cpp" \ + --override_repository="com_github_libevent_libevent=%{_datadir}/bazel-workspaces/libevent" \ + --override_repository="com_github_luajit_luajit=%{_datadir}/bazel-workspaces/luajit" \ + --override_repository="com_github_nghttp2_nghttp2=%{_datadir}/bazel-workspaces/nghttp2" \ + --override_repository="com_github_nodejs_http_parser=%{_datadir}/bazel-workspaces/http-parser" \ + --override_repository="com_github_openzipkin_zipkinapi=/usr/src/zipkin-api" \ + --override_repository="com_github_tencent_rapidjson=%{_datadir}/bazel-workspaces/rapidjson" \ + --override_repository="com_google_absl=/usr/src/abseil-cpp" \ + --override_repository="com_google_cel_cpp=/usr/src/cel-cpp" \ + --override_repository="com_google_googleapis=/usr/src/googleapis" \ + --override_repository="com_google_protobuf=/usr/src/protobuf" \ + --override_repository="com_googlesource_code_re2=%{_datadir}/bazel-workspaces/re2" \ + --override_repository="envoy_build_tools=%{_datadir}/envoy-build-tools" \ + --override_repository="grpc_httpjson_transcoding=/usr/src/grpc-httpjson-transcoding" \ + --override_repository="io_bazel_rules_go=/usr/src/bazel-rules-go" \ + --override_repository="io_opencensus_cpp=/usr/src/opencensus-cpp" \ + --override_repository="io_opentracing_cpp=/usr/src/opentracing-cpp" \ + --override_repository="kafka_source=/usr/src/kafka" \ + --override_repository="opencensus_proto=/usr/src/opencensus-proto/src" \ + --override_repository="openssl_cbs=%{_datadir}/bazel-workspaces/openssl-cbs" \ + --override_repository="org_golang_x_tools=${GO_TOOLS_DIR}" \ + --override_repository="platforms=/usr/share/bazel-platforms" \ + --override_repository="prometheus_metrics_model=/usr/src/prometheus-client-model" \ + --override_repository="rules_cc=/usr/src/bazel-rules-cc" \ + --override_repository="rules_foreign_cc=/usr/src/bazel-rules-foreign-cc" \ + --override_repository="rules_java=/usr/src/bazel-rules-java" \ + --override_repository="rules_proto=/usr/src/bazel-rules-proto" \ + --override_repository="upb=/usr/src/upb" \ + --override_repository="zlib=%{_datadir}/bazel-workspaces/zlib" \ --strip=never \ --verbose_failures \ - //source/exe:envoy + //:envoy bazel shutdown %install -# The binary name "envoy-static" is just defined in Envoy's buildsystem, but -# after applying our downstream patches libraries are linked dynamically. -install -D -m0755 bazel-bin/source/exe/envoy-static %{buildroot}%{_bindir}/envoy-proxy +install -D -m0755 bazel-bin/envoy %{buildroot}%{_bindir}/envoy-proxy + +# Install sources +rm -rf .git bazel-* +mkdir -p %{buildroot}%{src_install_dir} +cp -r * %{buildroot}%{src_install_dir} +fdupes %{buildroot}%{src_install_dir} %files %license LICENSE %doc README.md %{_bindir}/envoy-proxy +%files source +%{src_install_dir} + %changelog ++++++ 0001-server-add-getTransportSocketFactoryContext-to-Filte.patch ++++++ >From 8b1e561e0a700b11d9bc0ac25b2cce57a198ae84 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme <[email protected]> Date: Tue, 3 Dec 2019 13:40:39 -0800 Subject: [PATCH 1/6] server: add getTransportSocketFactoryContext() to Filter context Add getTransportSocketFactoryContext() that returns a TransportSocketFactoryContext with a lifetime at least as long as the one of the server. This can be used by extensions to create ssl contexts that can be shared across listeners. Implementation of this required harmonization of method names and constness of some of the methods in class TransportSocketFactoryContext, so that implementing classes would not need to re-implement similar methods with different names. ServerFactoryContextImpl is extended to implement TransportSocketFactoryContext in addition to ServerFactoryContext; this allows for minimal implementation and avoids duplication of code. It may might be possible to combine these interfaces as a future enhancement. The existing TransportSocketFactoryContextImpl is still used as before, as it allows for listener specific stats scopes and listener specific init manager to be used. TransportSocketFactoryContext returned by the new getTransportSocketFactoryContext() returns Server's stats scope and the Server's init manager. Signed-off-by: Jarno Rajahalme <[email protected]> --- envoy/include/envoy/server/filter_config.h | 7 +++++++ envoy/include/envoy/server/instance.h | 5 +++++ envoy/include/envoy/server/transport_socket_config.h | 4 ++-- envoy/source/extensions/transport_sockets/tls/config.cc | 6 +++--- envoy/source/server/config_validation/server.h | 3 +++ envoy/source/server/listener_impl.cc | 4 ++++ envoy/source/server/listener_impl.h | 1 + envoy/source/server/server.h | 21 ++++++++++++++++++++- envoy/source/server/transport_socket_config_impl.h | 4 ++-- envoy/test/mocks/server/mocks.cc | 2 ++ envoy/test/mocks/server/mocks.h | 10 +++++++--- 11 files changed, 56 insertions(+), 11 deletions(-) diff --git a/envoy/include/envoy/server/filter_config.h b/envoy/include/envoy/server/filter_config.h index 89cce4b54..fc50e5701 100644 --- a/envoy/include/envoy/server/filter_config.h +++ b/envoy/include/envoy/server/filter_config.h @@ -105,6 +105,8 @@ public: ~ServerFactoryContext() override = default; }; +class TransportSocketFactoryContext; + /** * Context passed to network and HTTP filters to access server resources. * TODO(mattklein123): When we lock down visibility of the rest of the code, filters should only @@ -119,6 +121,11 @@ public: */ virtual ServerFactoryContext& getServerFactoryContext() const PURE; + /** + * @return TransportSocketFactoryContext which lifetime is no shorter than the server. + */ + virtual TransportSocketFactoryContext& getTransportSocketFactoryContext() const PURE; + /** * @return AccessLogManager for use by the entire server. */ diff --git a/include/envoy/server/instance.h b/include/envoy/server/instance.h index 59e3a9a8b..88d1ae1b1 100644 --- a/envoy/include/envoy/server/instance.h +++ b/envoy/include/envoy/server/instance.h @@ -229,6 +229,11 @@ public: * @return Configuration::ServerFactoryContext& factory context for filters. */ virtual Configuration::ServerFactoryContext& serverFactoryContext() PURE; + + /** + * @return Configuration::TransportSocketFactoryContext& factory context for transport sockets. + */ + virtual Configuration::TransportSocketFactoryContext& transportSocketFactoryContext() PURE; }; } // namespace Server diff --git a/include/envoy/server/transport_socket_config.h b/include/envoy/server/transport_socket_config.h index b0c22e786..253c23775 100644 --- a/envoy/include/envoy/server/transport_socket_config.h +++ b/envoy/include/envoy/server/transport_socket_config.h @@ -40,7 +40,7 @@ public: /** * @return Stats::Scope& the transport socket's stats scope. */ - virtual Stats::Scope& statsScope() const PURE; + virtual Stats::Scope& scope() PURE; /** * Return the instance of secret manager. @@ -55,7 +55,7 @@ public: /** * @return information about the local environment the server is running in. */ - virtual const LocalInfo::LocalInfo& localInfo() PURE; + virtual const LocalInfo::LocalInfo& localInfo() const PURE; /** * @return Event::Dispatcher& the main thread's dispatcher. diff --git a/source/extensions/transport_sockets/tls/config.cc b/source/extensions/transport_sockets/tls/config.cc index 9e617ebef..2ae8fa283 100644 --- a/envoy/source/extensions/transport_sockets/tls/config.cc +++ b/envoy/source/extensions/transport_sockets/tls/config.cc @@ -20,8 +20,8 @@ Network::TransportSocketFactoryPtr UpstreamSslSocketFactory::createTransportSock MessageUtil::downcastAndValidate<const envoy::api::v2::auth::UpstreamTlsContext&>( message, context.messageValidationVisitor()), context); - return std::make_unique<ClientSslSocketFactory>( - std::move(client_config), context.sslContextManager(), context.statsScope()); + return std::make_unique<ClientSslSocketFactory>(std::move(client_config), + context.sslContextManager(), context.scope()); } ProtobufTypes::MessagePtr UpstreamSslSocketFactory::createEmptyConfigProto() { @@ -39,7 +39,7 @@ Network::TransportSocketFactoryPtr DownstreamSslSocketFactory::createTransportSo message, context.messageValidationVisitor()), context); return std::make_unique<ServerSslSocketFactory>( - std::move(server_config), context.sslContextManager(), context.statsScope(), server_names); + std::move(server_config), context.sslContextManager(), context.scope(), server_names); } ProtobufTypes::MessagePtr DownstreamSslSocketFactory::createEmptyConfigProto() { diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h index 97a6e8933..df28728a5 100644 --- a/envoy/source/server/config_validation/server.h +++ b/envoy/source/server/config_validation/server.h @@ -107,6 +107,9 @@ public: return validation_context_; } Configuration::ServerFactoryContext& serverFactoryContext() override { return server_context_; } + Configuration::TransportSocketFactoryContext& transportSocketFactoryContext() override { + return server_context_; + } // Server::ListenerComponentFactory LdsApiPtr createLdsApi(const envoy::api::v2::core::ConfigSource& lds_config) override { diff --git a/source/server/listener_impl.cc b/source/server/listener_impl.cc index 21c5d6c15..4298a35b6 100644 --- a/envoy/source/server/listener_impl.cc +++ b/envoy/source/server/listener_impl.cc @@ -341,6 +341,10 @@ OptProcessContextRef ListenerImpl::processContext() { return parent_.server_.pro Configuration::ServerFactoryContext& ListenerImpl::getServerFactoryContext() const { return parent_.server_.serverFactoryContext(); } +Configuration::TransportSocketFactoryContext& +ListenerImpl::getTransportSocketFactoryContext() const { + return parent_.server_.transportSocketFactoryContext(); +} bool ListenerImpl::createNetworkFilterChain( Network::Connection& connection, diff --git a/source/server/listener_impl.h b/source/server/listener_impl.h index 013d423ed..9dbf5f58b 100644 --- a/envoy/source/server/listener_impl.h +++ b/envoy/source/server/listener_impl.h @@ -177,6 +177,7 @@ public: ServerLifecycleNotifier& lifecycleNotifier() override; OptProcessContextRef processContext() override; Configuration::ServerFactoryContext& getServerFactoryContext() const override; + Configuration::TransportSocketFactoryContext& getTransportSocketFactoryContext() const override; void ensureSocketOptions() { if (!listen_socket_options_) { diff --git a/source/server/server.h b/source/server/server.h index 884cec832..7b5c5c2b4 100644 --- a/envoy/source/server/server.h +++ b/envoy/source/server/server.h @@ -14,6 +14,7 @@ #include "envoy/server/instance.h" #include "envoy/server/process_context.h" #include "envoy/server/tracer_config.h" +#include "envoy/server/transport_socket_config.h" #include "envoy/ssl/context_manager.h" #include "envoy/stats/stats_macros.h" #include "envoy/stats/timespan.h" @@ -143,11 +144,13 @@ private: Event::SignalEventPtr sig_hup_; }; -class ServerFactoryContextImpl : public Configuration::ServerFactoryContext { +class ServerFactoryContextImpl : public Configuration::ServerFactoryContext, + public Configuration::TransportSocketFactoryContext { public: explicit ServerFactoryContextImpl(Instance& server) : server_(server), server_scope_(server_.stats().createScope("")) {} + // Configuration::ServerFactoryContext Upstream::ClusterManager& clusterManager() override { return server_.clusterManager(); } Event::Dispatcher& dispatcher() override { return server_.dispatcher(); } const LocalInfo::LocalInfo& localInfo() const override { return server_.localInfo(); } @@ -160,6 +163,18 @@ public: TimeSource& timeSource() override { return api().timeSource(); } Api::Api& api() override { return server_.api(); } + // Configuration::TransportSocketFactoryContext + Ssl::ContextManager& sslContextManager() override { return server_.sslContextManager(); } + Secret::SecretManager& secretManager() override { return server_.secretManager(); } + Stats::Store& stats() override { return server_.stats(); } + void setInitManager(Init::Manager&) override {} + Init::Manager* initManager() override { return &server_.initManager(); } + ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { + return initManager()->state() == Init::Manager::State::Initialized + ? server_.messageValidationContext().dynamicValidationVisitor() + : server_.messageValidationContext().staticValidationVisitor(); + } + private: Instance& server_; Stats::ScopePtr server_scope_; @@ -225,6 +240,10 @@ public: Configuration::ServerFactoryContext& serverFactoryContext() override { return server_context_; } + Configuration::TransportSocketFactoryContext& transportSocketFactoryContext() override { + return server_context_; + } + std::chrono::milliseconds statsFlushInterval() const override { return config_.statsFlushInterval(); } diff --git a/source/server/transport_socket_config_impl.h b/source/server/transport_socket_config_impl.h index 374b36afc..c1868cb4b 100644 --- a/envoy/source/server/transport_socket_config_impl.h +++ b/envoy/source/server/transport_socket_config_impl.h @@ -26,12 +26,12 @@ public: // TransportSocketFactoryContext Server::Admin& admin() override { return admin_; } Ssl::ContextManager& sslContextManager() override { return context_manager_; } - Stats::Scope& statsScope() const override { return stats_scope_; } + Stats::Scope& scope() override { return stats_scope_; } Secret::SecretManager& secretManager() override { return cluster_manager_.clusterManagerFactory().secretManager(); } Upstream::ClusterManager& clusterManager() override { return cluster_manager_; } - const LocalInfo::LocalInfo& localInfo() override { return local_info_; } + const LocalInfo::LocalInfo& localInfo() const override { return local_info_; } Event::Dispatcher& dispatcher() override { return dispatcher_; } Envoy::Runtime::RandomGenerator& random() override { return random_; } Stats::Store& stats() override { return stats_; } diff --git a/test/mocks/server/mocks.cc b/test/mocks/server/mocks.cc index 16ea2134d..8f5153a4a 100644 --- a/envoy/test/mocks/server/mocks.cc +++ b/envoy/test/mocks/server/mocks.cc @@ -170,6 +170,8 @@ MockInstance::MockInstance() ON_CALL(*this, overloadManager()).WillByDefault(ReturnRef(overload_manager_)); ON_CALL(*this, messageValidationContext()).WillByDefault(ReturnRef(validation_context_)); ON_CALL(*this, serverFactoryContext()).WillByDefault(ReturnRef(*server_factory_context_)); + ON_CALL(*this, transportSocketFactoryContext()) + .WillByDefault(ReturnRef(*transport_socket_factory_context_)); } MockInstance::~MockInstance() = default; diff --git a/test/mocks/server/mocks.h b/test/mocks/server/mocks.h index 097e2382e..de0efffe4 100644 --- a/envoy/test/mocks/server/mocks.h +++ b/envoy/test/mocks/server/mocks.h @@ -55,7 +55,8 @@ namespace Server { namespace Configuration { class MockServerFactoryContext; -} +class MockTransportSocketFactoryContext; +} // namespace Configuration class MockOptions : public Options { public: @@ -397,6 +398,7 @@ public: MOCK_CONST_METHOD0(statsFlushInterval, std::chrono::milliseconds()); MOCK_METHOD0(messageValidationContext, ProtobufMessage::ValidationContext&()); MOCK_METHOD0(serverFactoryContext, Configuration::ServerFactoryContext&()); + MOCK_METHOD0(transportSocketFactoryContext, Configuration::TransportSocketFactoryContext&()); TimeSource& timeSource() override { return time_system_; } @@ -429,6 +431,8 @@ public: testing::NiceMock<ProtobufMessage::MockValidationContext> validation_context_; std::shared_ptr<testing::NiceMock<Configuration::MockServerFactoryContext>> server_factory_context_; + std::shared_ptr<testing::NiceMock<Configuration::MockTransportSocketFactoryContext>> + transport_socket_factory_context_; }; namespace Configuration { @@ -552,9 +556,9 @@ public: MOCK_METHOD0(admin, Server::Admin&()); MOCK_METHOD0(sslContextManager, Ssl::ContextManager&()); - MOCK_CONST_METHOD0(statsScope, Stats::Scope&()); + MOCK_METHOD0(scope, Stats::Scope&()); MOCK_METHOD0(clusterManager, Upstream::ClusterManager&()); - MOCK_METHOD0(localInfo, const LocalInfo::LocalInfo&()); + MOCK_CONST_METHOD0(localInfo, const LocalInfo::LocalInfo&()); MOCK_METHOD0(dispatcher, Event::Dispatcher&()); MOCK_METHOD0(random, Envoy::Runtime::RandomGenerator&()); MOCK_METHOD0(stats, Stats::Store&()); -- 2.16.4 ++++++ 0002-test-Fix-mocks.patch ++++++ >From c5a9c41602328ef380ffc40144d4eca3672beb0c Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme <[email protected]> Date: Tue, 3 Dec 2019 15:45:42 -0800 Subject: [PATCH 2/6] test: Fix mocks Add missing mocks. Signed-off-by: Jarno Rajahalme <[email protected]> --- envoy/test/mocks/server/mocks.cc | 4 +++- envoy/test/mocks/server/mocks.h | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/envoy/test/mocks/server/mocks.cc b/envoy/test/mocks/server/mocks.cc index 8f5153a4a..be811c276 100644 --- a/envoy/test/mocks/server/mocks.cc +++ b/envoy/test/mocks/server/mocks.cc @@ -144,7 +144,9 @@ MockInstance::MockInstance() singleton_manager_(new Singleton::ManagerImpl(Thread::threadFactoryForTest())), grpc_context_(stats_store_.symbolTable()), http_context_(stats_store_.symbolTable()), server_factory_context_( - std::make_shared<NiceMock<Configuration::MockServerFactoryContext>>()) { + std::make_shared<NiceMock<Configuration::MockServerFactoryContext>>()), + transport_socket_factory_context_( + std::make_shared<NiceMock<Configuration::MockTransportSocketFactoryContext>>()){ ON_CALL(*this, threadLocal()).WillByDefault(ReturnRef(thread_local_)); ON_CALL(*this, stats()).WillByDefault(ReturnRef(stats_store_)); ON_CALL(*this, grpcContext()).WillByDefault(ReturnRef(grpc_context_)); diff --git a/test/mocks/server/mocks.h b/test/mocks/server/mocks.h index de0efffe4..3fd1bedd3 100644 --- a/envoy/test/mocks/server/mocks.h +++ b/envoy/test/mocks/server/mocks.h @@ -498,6 +498,7 @@ public: ~MockFactoryContext() override; MOCK_CONST_METHOD0(getServerFactoryContext, ServerFactoryContext&()); + MOCK_CONST_METHOD0(getTransportSocketFactoryContext, TransportSocketFactoryContext&()); MOCK_METHOD0(accessLogManager, AccessLog::AccessLogManager&()); MOCK_METHOD0(clusterManager, Upstream::ClusterManager&()); MOCK_METHOD0(dispatcher, Event::Dispatcher&()); -- 2.16.4 ++++++ 0003-test-Fix-format.patch ++++++ >From d0186575323f278c00e2f56e5e5da1cbeb51bb9f Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme <[email protected]> Date: Tue, 3 Dec 2019 15:58:03 -0800 Subject: [PATCH 3/6] test: Fix format Signed-off-by: Jarno Rajahalme <[email protected]> --- envoy/test/mocks/server/mocks.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envoy/test/mocks/server/mocks.cc b/envoy/test/mocks/server/mocks.cc index be811c276..7e304c363 100644 --- a/envoy/test/mocks/server/mocks.cc +++ b/envoy/test/mocks/server/mocks.cc @@ -146,7 +146,7 @@ MockInstance::MockInstance() server_factory_context_( std::make_shared<NiceMock<Configuration::MockServerFactoryContext>>()), transport_socket_factory_context_( - std::make_shared<NiceMock<Configuration::MockTransportSocketFactoryContext>>()){ + std::make_shared<NiceMock<Configuration::MockTransportSocketFactoryContext>>()) { ON_CALL(*this, threadLocal()).WillByDefault(ReturnRef(thread_local_)); ON_CALL(*this, stats()).WillByDefault(ReturnRef(stats_store_)); ON_CALL(*this, grpcContext()).WillByDefault(ReturnRef(grpc_context_)); -- 2.16.4 ++++++ 0004-server-Add-comments-pointing-out-implementation-deta.patch ++++++ >From ccb576185d5f6e713ce4a24e155649ae30864652 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme <[email protected]> Date: Wed, 4 Dec 2019 14:34:42 -0800 Subject: [PATCH 4/6] server: Add comments pointing out implementation details. Address review comments/question by adding relevant comments to the implementation. Rename member 'server_context_' as 'server_contexts_' to hint that it implements more than just the ServerContext. Signed-off-by: Jarno Rajahalme <[email protected]> --- envoy/source/server/config_validation/server.cc | 3 ++- envoy/source/server/config_validation/server.h | 6 +++--- envoy/source/server/server.cc | 2 +- envoy/source/server/server.h | 15 ++++++++++++--- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/source/server/config_validation/server.cc b/source/server/config_validation/server.cc index 3c1c03dc9..03179ae74 100644 --- a/envoy/source/server/config_validation/server.cc +++ b/envoy/source/server/config_validation/server.cc @@ -51,7 +51,8 @@ ValidationInstance::ValidationInstance( access_log_manager_(options.fileFlushIntervalMsec(), *api_, *dispatcher_, access_log_lock, store), mutex_tracer_(nullptr), grpc_context_(stats_store_.symbolTable()), - http_context_(stats_store_.symbolTable()), time_system_(time_system), server_context_(*this) { + http_context_(stats_store_.symbolTable()), time_system_(time_system), + server_contexts_(*this) { try { initialize(options, local_address, component_factory); } catch (const EnvoyException& e) { diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h index df28728a5..7b9fa4191 100644 --- a/envoy/source/server/config_validation/server.h +++ b/envoy/source/server/config_validation/server.h @@ -106,9 +106,9 @@ public: ProtobufMessage::ValidationContext& messageValidationContext() override { return validation_context_; } - Configuration::ServerFactoryContext& serverFactoryContext() override { return server_context_; } + Configuration::ServerFactoryContext& serverFactoryContext() override { return server_contexts_; } Configuration::TransportSocketFactoryContext& transportSocketFactoryContext() override { - return server_context_; + return server_contexts_; } // Server::ListenerComponentFactory @@ -197,7 +197,7 @@ private: Grpc::ContextImpl grpc_context_; Http::ContextImpl http_context_; Event::TimeSystem& time_system_; - ServerFactoryContextImpl server_context_; + ServerFactoryContextImpl server_contexts_; }; } // namespace Server diff --git a/source/server/server.cc b/source/server/server.cc index 7a3e604d6..6392377b7 100644 --- a/envoy/source/server/server.cc +++ b/envoy/source/server/server.cc @@ -74,7 +74,7 @@ InstanceImpl::InstanceImpl( : nullptr), grpc_context_(store.symbolTable()), http_context_(store.symbolTable()), process_context_(std::move(process_context)), main_thread_id_(std::this_thread::get_id()), - server_context_(*this) { + server_contexts_(*this) { try { if (!options.logPath().empty()) { try { diff --git a/source/server/server.h b/source/server/server.h index 7b5c5c2b4..4254597f7 100644 --- a/envoy/source/server/server.h +++ b/envoy/source/server/server.h @@ -144,6 +144,9 @@ private: Event::SignalEventPtr sig_hup_; }; +// ServerFactoryContextImpl implements both ServerFactoryContext and +// TransportSocketFactoryContext for convenience as these two contexts +// share common member functions and member variables. class ServerFactoryContextImpl : public Configuration::ServerFactoryContext, public Configuration::TransportSocketFactoryContext { public: @@ -167,9 +170,15 @@ public: Ssl::ContextManager& sslContextManager() override { return server_.sslContextManager(); } Secret::SecretManager& secretManager() override { return server_.secretManager(); } Stats::Store& stats() override { return server_.stats(); } + // Server's init manager can't be changed via this shared TransportSocketFactoryContext void setInitManager(Init::Manager&) override {} Init::Manager* initManager() override { return &server_.initManager(); } ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { + // Server has two message validation visitors, one for static and + // other for dynamic configuration. Choose the dynamic validation + // visitor if server's init manager indicates that the server is + // in the Initialized state, as this state is engaged right after + // the static configuration (e.g., bootstrap) has been completed. return initManager()->state() == Init::Manager::State::Initialized ? server_.messageValidationContext().dynamicValidationVisitor() : server_.messageValidationContext().staticValidationVisitor(); @@ -238,10 +247,10 @@ public: const LocalInfo::LocalInfo& localInfo() const override { return *local_info_; } TimeSource& timeSource() override { return time_source_; } - Configuration::ServerFactoryContext& serverFactoryContext() override { return server_context_; } + Configuration::ServerFactoryContext& serverFactoryContext() override { return server_contexts_; } Configuration::TransportSocketFactoryContext& transportSocketFactoryContext() override { - return server_context_; + return server_contexts_; } std::chrono::milliseconds statsFlushInterval() const override { @@ -331,7 +340,7 @@ private: // whenever we have support for histogram merge across hot restarts. Stats::TimespanPtr initialization_timer_; - ServerFactoryContextImpl server_context_; + ServerFactoryContextImpl server_contexts_; using LifecycleNotifierCallbacks = std::list<StageCallback>; using LifecycleNotifierCompletionCallbacks = std::list<StageCallbackWithCompletion>; -- 2.16.4 ++++++ 0005-server-Move-setInitManager-to-TransportSocketFactory.patch ++++++ >From 1f69aebcc0f9b984e970856089ca1f13e23698f6 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme <[email protected]> Date: Wed, 4 Dec 2019 16:09:32 -0800 Subject: [PATCH 5/6] server: Move setInitManager() to TransportSocketFactoryContextImpl Most users of TransportSocketFactoryContext do not need to call setInitManager(), so it can be moved to TransportSocketFactoryContextImpl. This allows for implementations of TransportSocketFactoryContext that can't support setInitManager(). Signed-off-by: Jarno Rajahalme <[email protected]> --- envoy/include/envoy/server/transport_socket_config.h | 6 ------ envoy/source/common/upstream/cluster_factory_impl.h | 6 +++--- envoy/source/common/upstream/eds.cc | 4 ++-- envoy/source/common/upstream/eds.h | 4 ++-- envoy/source/common/upstream/logical_dns_cluster.cc | 4 ++-- envoy/source/common/upstream/logical_dns_cluster.h | 4 ++-- envoy/source/common/upstream/original_dst_cluster.cc | 4 ++-- envoy/source/common/upstream/original_dst_cluster.h | 4 ++-- envoy/source/common/upstream/static_cluster.cc | 4 ++-- envoy/source/common/upstream/static_cluster.h | 4 ++-- envoy/source/common/upstream/strict_dns_cluster.cc | 4 ++-- envoy/source/common/upstream/strict_dns_cluster.h | 4 ++-- envoy/source/common/upstream/upstream_impl.cc | 2 +- envoy/source/common/upstream/upstream_impl.h | 3 ++- envoy/source/extensions/clusters/aggregate/cluster.cc | 4 ++-- envoy/source/extensions/clusters/aggregate/cluster.h | 4 ++-- envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.cc | 4 ++-- envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.h | 4 ++-- envoy/source/extensions/clusters/redis/redis_cluster.cc | 4 ++-- envoy/source/extensions/clusters/redis/redis_cluster.h | 4 ++-- envoy/source/server/server.h | 2 -- envoy/source/server/transport_socket_config_impl.h | 7 ++++++- envoy/test/common/upstream/cluster_factory_impl_test.cc | 2 +- envoy/test/integration/clusters/custom_static_cluster.h | 4 ++-- envoy/test/mocks/server/mocks.h | 1 - 25 files changed, 47 insertions(+), 50 deletions(-) diff --git a/envoy/include/envoy/server/transport_socket_config.h b/envoy/include/envoy/server/transport_socket_config.h index 253c23775..32c2eaaf3 100644 --- a/envoy/include/envoy/server/transport_socket_config.h +++ b/envoy/include/envoy/server/transport_socket_config.h @@ -72,12 +72,6 @@ public: */ virtual Stats::Store& stats() PURE; - /** - * Pass an init manager to register dynamic secret provider. - * @param init_manager instance of init manager. - */ - virtual void setInitManager(Init::Manager& init_manager) PURE; - /** * @return a pointer pointing to the instance of an init manager, or nullptr * if not set. diff --git a/envoy/source/common/upstream/cluster_factory_impl.h b/envoy/source/common/upstream/cluster_factory_impl.h index 41759e66d..aa9ac6a0b 100644 --- a/envoy/source/common/upstream/cluster_factory_impl.h +++ b/envoy/source/common/upstream/cluster_factory_impl.h @@ -147,7 +147,7 @@ private: */ virtual std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) PURE; const std::string name_; }; @@ -171,7 +171,7 @@ protected: private: std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override { ProtobufTypes::MessagePtr config = createEmptyConfigProto(); Config::Utility::translateOpaqueConfig( @@ -187,7 +187,7 @@ private: virtual std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterWithConfig( const envoy::api::v2::Cluster& cluster, const ConfigProto& proto_config, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) PURE; }; diff --git a/envoy/source/common/upstream/eds.cc b/envoy/source/common/upstream/eds.cc index 585144576..8c23dcb7f 100644 --- a/envoy/source/common/upstream/eds.cc +++ b/envoy/source/common/upstream/eds.cc @@ -9,7 +9,7 @@ namespace Upstream { EdsClusterImpl::EdsClusterImpl( const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api) : BaseDynamicClusterImpl(cluster, runtime, factory_context, std::move(stats_scope), added_via_api), @@ -262,7 +262,7 @@ void EdsClusterImpl::onConfigUpdateFailed(Envoy::Config::ConfigUpdateFailureReas std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> EdsClusterFactory::createClusterImpl( const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) { if (!cluster.has_eds_cluster_config()) { throw EnvoyException("cannot create an EDS cluster without an EDS config"); diff --git a/envoy/source/common/upstream/eds.h b/envoy/source/common/upstream/eds.h index a19859add..edc5d3b83 100644 --- a/envoy/source/common/upstream/eds.h +++ b/envoy/source/common/upstream/eds.h @@ -23,7 +23,7 @@ namespace Upstream { class EdsClusterImpl : public BaseDynamicClusterImpl, Config::SubscriptionCallbacks { public: EdsClusterImpl(const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api); // Upstream::Cluster @@ -86,7 +86,7 @@ public: private: std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; diff --git a/envoy/source/common/upstream/logical_dns_cluster.cc b/envoy/source/common/upstream/logical_dns_cluster.cc index bf73083e0..f6bc95228 100644 --- a/envoy/source/common/upstream/logical_dns_cluster.cc +++ b/envoy/source/common/upstream/logical_dns_cluster.cc @@ -43,7 +43,7 @@ convertPriority(const envoy::api::v2::ClusterLoadAssignment& load_assignment) { LogicalDnsCluster::LogicalDnsCluster( const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, Network::DnsResolverSharedPtr dns_resolver, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api) : ClusterImplBase(cluster, runtime, factory_context, std::move(stats_scope), added_via_api), dns_resolver_(dns_resolver), @@ -150,7 +150,7 @@ void LogicalDnsCluster::startResolve() { std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> LogicalDnsClusterFactory::createClusterImpl( const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) { auto selected_dns_resolver = selectDnsResolver(cluster, context); diff --git a/envoy/source/common/upstream/logical_dns_cluster.h b/envoy/source/common/upstream/logical_dns_cluster.h index b1f7026aa..33aadb5d6 100644 --- a/envoy/source/common/upstream/logical_dns_cluster.h +++ b/envoy/source/common/upstream/logical_dns_cluster.h @@ -34,7 +34,7 @@ class LogicalDnsCluster : public ClusterImplBase { public: LogicalDnsCluster(const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, Network::DnsResolverSharedPtr dns_resolver, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api); ~LogicalDnsCluster() override; @@ -83,7 +83,7 @@ public: private: std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; diff --git a/envoy/source/common/upstream/original_dst_cluster.cc b/envoy/source/common/upstream/original_dst_cluster.cc index 04b91f58f..fee502ac0 100644 --- a/envoy/source/common/upstream/original_dst_cluster.cc +++ b/envoy/source/common/upstream/original_dst_cluster.cc @@ -100,7 +100,7 @@ OriginalDstCluster::LoadBalancer::requestOverrideHost(LoadBalancerContext* conte OriginalDstCluster::OriginalDstCluster( const envoy::api::v2::Cluster& config, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api) : ClusterImplBase(config, runtime, factory_context, std::move(stats_scope), added_via_api), dispatcher_(factory_context.dispatcher()), @@ -174,7 +174,7 @@ void OriginalDstCluster::cleanup() { std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> OriginalDstClusterFactory::createClusterImpl( const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) { if (cluster.lb_policy() != envoy::api::v2::Cluster::ORIGINAL_DST_LB && cluster.lb_policy() != envoy::api::v2::Cluster::CLUSTER_PROVIDED) { diff --git a/envoy/source/common/upstream/original_dst_cluster.h b/envoy/source/common/upstream/original_dst_cluster.h index 1a88dfb1c..f3fb88ed8 100644 --- a/envoy/source/common/upstream/original_dst_cluster.h +++ b/envoy/source/common/upstream/original_dst_cluster.h @@ -32,7 +32,7 @@ using HostMapConstSharedPtr = std::shared_ptr<const HostMap>; class OriginalDstCluster : public ClusterImplBase { public: OriginalDstCluster(const envoy::api::v2::Cluster& config, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api); // Upstream::Cluster @@ -124,7 +124,7 @@ public: private: std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; diff --git a/envoy/source/common/upstream/static_cluster.cc b/envoy/source/common/upstream/static_cluster.cc index 37feab2ea..f76221874 100644 --- a/envoy/source/common/upstream/static_cluster.cc +++ b/envoy/source/common/upstream/static_cluster.cc @@ -7,7 +7,7 @@ namespace Upstream { StaticClusterImpl::StaticClusterImpl( const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api) : ClusterImplBase(cluster, runtime, factory_context, std::move(stats_scope), added_via_api), priority_state_manager_( @@ -56,7 +56,7 @@ void StaticClusterImpl::startPreInit() { std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> StaticClusterFactory::createClusterImpl( const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) { return std::make_pair( std::make_shared<StaticClusterImpl>(cluster, context.runtime(), socket_factory_context, diff --git a/envoy/source/common/upstream/static_cluster.h b/envoy/source/common/upstream/static_cluster.h index f8a440d72..07362ed47 100644 --- a/envoy/source/common/upstream/static_cluster.h +++ b/envoy/source/common/upstream/static_cluster.h @@ -13,7 +13,7 @@ namespace Upstream { class StaticClusterImpl : public ClusterImplBase { public: StaticClusterImpl(const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api); // Upstream::Cluster @@ -38,7 +38,7 @@ public: private: std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; diff --git a/envoy/source/common/upstream/strict_dns_cluster.cc b/envoy/source/common/upstream/strict_dns_cluster.cc index a67605985..7a23b57dd 100644 --- a/envoy/source/common/upstream/strict_dns_cluster.cc +++ b/envoy/source/common/upstream/strict_dns_cluster.cc @@ -8,7 +8,7 @@ namespace Upstream { StrictDnsClusterImpl::StrictDnsClusterImpl( const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, Network::DnsResolverSharedPtr dns_resolver, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api) : BaseDynamicClusterImpl(cluster, runtime, factory_context, std::move(stats_scope), added_via_api), @@ -168,7 +168,7 @@ void StrictDnsClusterImpl::ResolveTarget::startResolve() { std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> StrictDnsClusterFactory::createClusterImpl( const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) { auto selected_dns_resolver = selectDnsResolver(cluster, context); diff --git a/envoy/source/common/upstream/strict_dns_cluster.h b/envoy/source/common/upstream/strict_dns_cluster.h index 9dab1adb6..573e0426e 100644 --- a/envoy/source/common/upstream/strict_dns_cluster.h +++ b/envoy/source/common/upstream/strict_dns_cluster.h @@ -14,7 +14,7 @@ class StrictDnsClusterImpl : public BaseDynamicClusterImpl { public: StrictDnsClusterImpl(const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, Network::DnsResolverSharedPtr dns_resolver, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api); // Upstream::Cluster @@ -69,7 +69,7 @@ public: private: std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; diff --git a/envoy/source/common/upstream/upstream_impl.cc b/envoy/source/common/upstream/upstream_impl.cc index 26f51bd8b..eebd66f73 100644 --- a/envoy/source/common/upstream/upstream_impl.cc +++ b/envoy/source/common/upstream/upstream_impl.cc @@ -813,7 +813,7 @@ ClusterInfoImpl::upstreamHttpProtocol(absl::optional<Http::Protocol> downstream_ ClusterImplBase::ClusterImplBase( const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api) : init_manager_(fmt::format("Cluster {}", cluster.name())), init_watcher_("ClusterImplBase", [this]() { onInitDone(); }), runtime_(runtime), diff --git a/envoy/source/common/upstream/upstream_impl.h b/envoy/source/common/upstream/upstream_impl.h index 642e91618..97b6e888c 100644 --- a/envoy/source/common/upstream/upstream_impl.h +++ b/envoy/source/common/upstream/upstream_impl.h @@ -44,6 +44,7 @@ #include "common/upstream/outlier_detection_impl.h" #include "common/upstream/resource_manager_impl.h" #include "common/upstream/transport_socket_match_impl.h" +#include "server/transport_socket_config_impl.h" #include "absl/synchronization/mutex.h" @@ -691,7 +692,7 @@ public: protected: ClusterImplBase(const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api); /** diff --git a/envoy/source/extensions/clusters/aggregate/cluster.cc b/envoy/source/extensions/clusters/aggregate/cluster.cc index 809aac1e2..825f7d1f5 100644 --- a/envoy/source/extensions/clusters/aggregate/cluster.cc +++ b/envoy/source/extensions/clusters/aggregate/cluster.cc @@ -9,7 +9,7 @@ Cluster::Cluster(const envoy::api::v2::Cluster& cluster, const envoy::config::cluster::aggregate::v2alpha::ClusterConfig& config, Upstream::ClusterManager& cluster_manager, Runtime::Loader& runtime, Runtime::RandomGenerator& random, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, ThreadLocal::SlotAllocator& tls, bool added_via_api) : Upstream::ClusterImplBase(cluster, runtime, factory_context, std::move(stats_scope), added_via_api), @@ -133,7 +133,7 @@ ClusterFactory::createClusterWithConfig( const envoy::api::v2::Cluster& cluster, const envoy::config::cluster::aggregate::v2alpha::ClusterConfig& proto_config, Upstream::ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) { auto new_cluster = std::make_shared<Cluster>( cluster, proto_config, context.clusterManager(), context.runtime(), context.random(), diff --git a/envoy/source/extensions/clusters/aggregate/cluster.h b/envoy/source/extensions/clusters/aggregate/cluster.h index 23ea5b24d..b99c57ca1 100644 --- a/envoy/source/extensions/clusters/aggregate/cluster.h +++ b/envoy/source/extensions/clusters/aggregate/cluster.h @@ -22,7 +22,7 @@ public: const envoy::config::cluster::aggregate::v2alpha::ClusterConfig& config, Upstream::ClusterManager& cluster_manager, Runtime::Loader& runtime, Runtime::RandomGenerator& random, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, ThreadLocal::SlotAllocator& tls, bool added_via_api); // Upstream::Cluster @@ -146,7 +146,7 @@ private: const envoy::api::v2::Cluster& cluster, const envoy::config::cluster::aggregate::v2alpha::ClusterConfig& proto_config, Upstream::ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; diff --git a/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.cc b/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.cc index 5c0568c91..e5fdc3b71 100644 --- a/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.cc +++ b/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.cc @@ -15,7 +15,7 @@ Cluster::Cluster( Runtime::Loader& runtime, Extensions::Common::DynamicForwardProxy::DnsCacheManagerFactory& cache_manager_factory, const LocalInfo::LocalInfo& local_info, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api) : Upstream::BaseDynamicClusterImpl(cluster, runtime, factory_context, std::move(stats_scope), added_via_api), @@ -186,7 +186,7 @@ ClusterFactory::createClusterWithConfig( const envoy::api::v2::Cluster& cluster, const envoy::config::cluster::dynamic_forward_proxy::v2alpha::ClusterConfig& proto_config, Upstream::ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) { Extensions::Common::DynamicForwardProxy::DnsCacheManagerFactoryImpl cache_manager_factory( context.singletonManager(), context.dispatcher(), context.tls(), context.stats()); diff --git a/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.h b/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.h index 365227e14..9cf1c4f12 100644 --- a/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.h +++ b/envoy/source/extensions/clusters/dynamic_forward_proxy/cluster.h @@ -22,7 +22,7 @@ public: Runtime::Loader& runtime, Extensions::Common::DynamicForwardProxy::DnsCacheManagerFactory& cache_manager_factory, const LocalInfo::LocalInfo& local_info, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api); // Upstream::Cluster @@ -126,7 +126,7 @@ private: const envoy::api::v2::Cluster& cluster, const envoy::config::cluster::dynamic_forward_proxy::v2alpha::ClusterConfig& proto_config, Upstream::ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; diff --git a/envoy/source/extensions/clusters/redis/redis_cluster.cc b/envoy/source/extensions/clusters/redis/redis_cluster.cc index 5d67ec2bb..e3575e1a4 100644 --- a/envoy/source/extensions/clusters/redis/redis_cluster.cc +++ b/envoy/source/extensions/clusters/redis/redis_cluster.cc @@ -17,7 +17,7 @@ RedisCluster::RedisCluster( NetworkFilters::Common::Redis::Client::ClientFactory& redis_client_factory, Upstream::ClusterManager& cluster_manager, Runtime::Loader& runtime, Api::Api& api, Network::DnsResolverSharedPtr dns_resolver, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api, ClusterSlotUpdateCallBackSharedPtr lb_factory) : Upstream::BaseDynamicClusterImpl(cluster, runtime, factory_context, std::move(stats_scope), @@ -350,7 +350,7 @@ RedisClusterFactory::createClusterWithConfig( const envoy::api::v2::Cluster& cluster, const envoy::config::cluster::redis::RedisClusterConfig& proto_config, Upstream::ClusterFactoryContext& context, - Envoy::Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Envoy::Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Envoy::Stats::ScopePtr&& stats_scope) { if (!cluster.has_cluster_type() || cluster.cluster_type().name() != Extensions::Clusters::ClusterTypes::get().Redis) { diff --git a/envoy/source/extensions/clusters/redis/redis_cluster.h b/envoy/source/extensions/clusters/redis/redis_cluster.h index 51077c3b6..98ff193de 100644 --- a/envoy/source/extensions/clusters/redis/redis_cluster.h +++ b/envoy/source/extensions/clusters/redis/redis_cluster.h @@ -96,7 +96,7 @@ public: NetworkFilters::Common::Redis::Client::ClientFactory& client_factory, Upstream::ClusterManager& cluster_manager, Runtime::Loader& runtime, Api::Api& api, Network::DnsResolverSharedPtr dns_resolver, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api, ClusterSlotUpdateCallBackSharedPtr factory); @@ -289,7 +289,7 @@ private: const envoy::api::v2::Cluster& cluster, const envoy::config::cluster::redis::RedisClusterConfig& proto_config, Upstream::ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override; }; } // namespace Redis diff --git a/envoy/source/server/server.h b/envoy/source/server/server.h index 4254597f7..c2abd2634 100644 --- a/envoy/source/server/server.h +++ b/envoy/source/server/server.h @@ -170,8 +170,6 @@ public: Ssl::ContextManager& sslContextManager() override { return server_.sslContextManager(); } Secret::SecretManager& secretManager() override { return server_.secretManager(); } Stats::Store& stats() override { return server_.stats(); } - // Server's init manager can't be changed via this shared TransportSocketFactoryContext - void setInitManager(Init::Manager&) override {} Init::Manager* initManager() override { return &server_.initManager(); } ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { // Server has two message validation visitors, one for static and diff --git a/envoy/source/server/transport_socket_config_impl.h b/envoy/source/server/transport_socket_config_impl.h index c1868cb4b..9e5bb4639 100644 --- a/envoy/source/server/transport_socket_config_impl.h +++ b/envoy/source/server/transport_socket_config_impl.h @@ -23,6 +23,12 @@ public: stats_(stats), singleton_manager_(singleton_manager), tls_(tls), validation_visitor_(validation_visitor), api_(api) {} + /** + * Pass an init manager to register dynamic secret provider. + * @param init_manager instance of init manager. + */ + void setInitManager(Init::Manager& init_manager) { init_manager_ = &init_manager; } + // TransportSocketFactoryContext Server::Admin& admin() override { return admin_; } Ssl::ContextManager& sslContextManager() override { return context_manager_; } @@ -35,7 +41,6 @@ public: Event::Dispatcher& dispatcher() override { return dispatcher_; } Envoy::Runtime::RandomGenerator& random() override { return random_; } Stats::Store& stats() override { return stats_; } - void setInitManager(Init::Manager& init_manager) override { init_manager_ = &init_manager; } Init::Manager* initManager() override { return init_manager_; } Singleton::Manager& singletonManager() override { return singleton_manager_; } ThreadLocal::SlotAllocator& threadLocal() override { return tls_; } diff --git a/envoy/test/common/upstream/cluster_factory_impl_test.cc b/envoy/test/common/upstream/cluster_factory_impl_test.cc index 6b4091db6..2a6a6e45e 100644 --- a/envoy/test/common/upstream/cluster_factory_impl_test.cc +++ b/envoy/test/common/upstream/cluster_factory_impl_test.cc @@ -37,7 +37,7 @@ public: std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override { return std::make_pair(std::make_shared<CustomStaticCluster>( cluster, context.runtime(), socket_factory_context, diff --git a/envoy/test/integration/clusters/custom_static_cluster.h b/envoy/test/integration/clusters/custom_static_cluster.h index 77c3aa671..47dd35d3e 100644 --- a/envoy/test/integration/clusters/custom_static_cluster.h +++ b/envoy/test/integration/clusters/custom_static_cluster.h @@ -23,7 +23,7 @@ namespace Envoy { class CustomStaticCluster : public Upstream::ClusterImplBase { public: CustomStaticCluster(const envoy::api::v2::Cluster& cluster, Runtime::Loader& runtime, - Server::Configuration::TransportSocketFactoryContext& factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& factory_context, Stats::ScopePtr&& stats_scope, bool added_via_api, uint32_t priority, std::string address, uint32_t port) : ClusterImplBase(cluster, runtime, factory_context, std::move(stats_scope), added_via_api), @@ -88,7 +88,7 @@ private: const envoy::api::v2::Cluster& cluster, const test::integration::clusters::CustomStaticConfig& proto_config, Upstream::ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContext& socket_factory_context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, Stats::ScopePtr&& stats_scope) override { auto new_cluster = std::make_shared<CustomStaticCluster>( cluster, context.runtime(), socket_factory_context, std::move(stats_scope), diff --git a/envoy/test/mocks/server/mocks.h b/envoy/test/mocks/server/mocks.h index 3fd1bedd3..0dfbc63f9 100644 --- a/envoy/test/mocks/server/mocks.h +++ b/envoy/test/mocks/server/mocks.h @@ -563,7 +563,6 @@ public: MOCK_METHOD0(dispatcher, Event::Dispatcher&()); MOCK_METHOD0(random, Envoy::Runtime::RandomGenerator&()); MOCK_METHOD0(stats, Stats::Store&()); - MOCK_METHOD1(setInitManager, void(Init::Manager&)); MOCK_METHOD0(initManager, Init::Manager*()); MOCK_METHOD0(singletonManager, Singleton::Manager&()); MOCK_METHOD0(threadLocal, ThreadLocal::SlotAllocator&()); -- 2.16.4 ++++++ 0006-fix-format.patch ++++++ >From c1dac39e17f00d56169ccfc2d0dd9189fc6b8142 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme <[email protected]> Date: Fri, 6 Dec 2019 12:51:06 +0000 Subject: [PATCH 6/6] fix format Signed-off-by: Jarno Rajahalme <[email protected]> --- envoy/source/common/upstream/cluster_factory_impl.h | 16 ++++++++-------- envoy/source/common/upstream/eds.h | 8 ++++---- envoy/source/common/upstream/logical_dns_cluster.h | 8 ++++---- envoy/source/common/upstream/original_dst_cluster.h | 8 ++++---- envoy/source/common/upstream/static_cluster.h | 8 ++++---- envoy/source/common/upstream/strict_dns_cluster.h | 8 ++++---- envoy/source/common/upstream/upstream_impl.h | 1 + envoy/test/common/upstream/cluster_factory_impl_test.cc | 8 ++++---- 8 files changed, 33 insertions(+), 32 deletions(-) diff --git a/envoy/source/common/upstream/cluster_factory_impl.h b/envoy/source/common/upstream/cluster_factory_impl.h index aa9ac6a0b..4e1a5b254 100644 --- a/envoy/source/common/upstream/cluster_factory_impl.h +++ b/envoy/source/common/upstream/cluster_factory_impl.h @@ -145,10 +145,10 @@ private: /** * Create an instance of ClusterImplBase. */ - virtual std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) PURE; + virtual std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) PURE; const std::string name_; }; @@ -169,10 +169,10 @@ protected: ConfigurableClusterFactoryBase(const std::string& name) : ClusterFactoryImplBase(name) {} private: - std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) override { + std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) override { ProtobufTypes::MessagePtr config = createEmptyConfigProto(); Config::Utility::translateOpaqueConfig( cluster.cluster_type().name(), cluster.cluster_type().typed_config(), diff --git a/envoy/source/common/upstream/eds.h b/envoy/source/common/upstream/eds.h index edc5d3b83..a7936db2b 100644 --- a/envoy/source/common/upstream/eds.h +++ b/envoy/source/common/upstream/eds.h @@ -84,10 +84,10 @@ public: EdsClusterFactory() : ClusterFactoryImplBase(Extensions::Clusters::ClusterTypes::get().Eds) {} private: - std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) override; + std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) override; }; } // namespace Upstream diff --git a/envoy/source/common/upstream/logical_dns_cluster.h b/envoy/source/common/upstream/logical_dns_cluster.h index 33aadb5d6..752a42ebc 100644 --- a/envoy/source/common/upstream/logical_dns_cluster.h +++ b/envoy/source/common/upstream/logical_dns_cluster.h @@ -81,10 +81,10 @@ public: : ClusterFactoryImplBase(Extensions::Clusters::ClusterTypes::get().LogicalDns) {} private: - std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) override; + std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) override; }; DECLARE_FACTORY(LogicalDnsClusterFactory); diff --git a/envoy/source/common/upstream/original_dst_cluster.h b/envoy/source/common/upstream/original_dst_cluster.h index f3fb88ed8..937d4cc80 100644 --- a/envoy/source/common/upstream/original_dst_cluster.h +++ b/envoy/source/common/upstream/original_dst_cluster.h @@ -122,10 +122,10 @@ public: : ClusterFactoryImplBase(Extensions::Clusters::ClusterTypes::get().OriginalDst) {} private: - std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) override; + std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) override; }; } // namespace Upstream diff --git a/envoy/source/common/upstream/static_cluster.h b/envoy/source/common/upstream/static_cluster.h index 07362ed47..17f6377e9 100644 --- a/envoy/source/common/upstream/static_cluster.h +++ b/envoy/source/common/upstream/static_cluster.h @@ -36,10 +36,10 @@ public: : ClusterFactoryImplBase(Extensions::Clusters::ClusterTypes::get().Static) {} private: - std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) override; + std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) override; }; } // namespace Upstream diff --git a/envoy/source/common/upstream/strict_dns_cluster.h b/envoy/source/common/upstream/strict_dns_cluster.h index 573e0426e..9f5b3c049 100644 --- a/envoy/source/common/upstream/strict_dns_cluster.h +++ b/envoy/source/common/upstream/strict_dns_cluster.h @@ -67,10 +67,10 @@ public: : ClusterFactoryImplBase(Extensions::Clusters::ClusterTypes::get().StrictDns) {} private: - std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) override; + std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) override; }; } // namespace Upstream diff --git a/envoy/source/common/upstream/upstream_impl.h b/envoy/source/common/upstream/upstream_impl.h index 97b6e888c..f6e008e4b 100644 --- a/envoy/source/common/upstream/upstream_impl.h +++ b/envoy/source/common/upstream/upstream_impl.h @@ -44,6 +44,7 @@ #include "common/upstream/outlier_detection_impl.h" #include "common/upstream/resource_manager_impl.h" #include "common/upstream/transport_socket_match_impl.h" + #include "server/transport_socket_config_impl.h" #include "absl/synchronization/mutex.h" diff --git a/envoy/test/common/upstream/cluster_factory_impl_test.cc b/envoy/test/common/upstream/cluster_factory_impl_test.cc index 2a6a6e45e..4fd25ed26 100644 --- a/envoy/test/common/upstream/cluster_factory_impl_test.cc +++ b/envoy/test/common/upstream/cluster_factory_impl_test.cc @@ -35,10 +35,10 @@ class TestStaticClusterFactory : public ClusterFactoryImplBase { public: TestStaticClusterFactory() : ClusterFactoryImplBase("envoy.clusters.test_static") {} - std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> - createClusterImpl(const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, - Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, - Stats::ScopePtr&& stats_scope) override { + std::pair<ClusterImplBaseSharedPtr, ThreadAwareLoadBalancerPtr> createClusterImpl( + const envoy::api::v2::Cluster& cluster, ClusterFactoryContext& context, + Server::Configuration::TransportSocketFactoryContextImpl& socket_factory_context, + Stats::ScopePtr&& stats_scope) override { return std::make_pair(std::make_shared<CustomStaticCluster>( cluster, context.runtime(), socket_factory_context, std::move(stats_scope), context.addedViaApi(), 1, "127.0.0.1", 80), -- 2.16.4 ++++++ _constraints ++++++ --- /var/tmp/diff_new_pack.pRhlQG/_old 2020-02-15 22:25:40.139317793 +0100 +++ /var/tmp/diff_new_pack.pRhlQG/_new 2020-02-15 22:25:40.143317794 +0100 @@ -3,11 +3,12 @@ <overwrite> <conditions> <arch>x86_64</arch> + <arch>aarch64</arch> </conditions> <hardware> <processors>4</processors> <memory> - <size unit="M">12000</size> + <size unit="M">16000</size> </memory> </hardware> </overwrite> ++++++ _service ++++++ --- /var/tmp/diff_new_pack.pRhlQG/_old 2020-02-15 22:25:40.159317803 +0100 +++ /var/tmp/diff_new_pack.pRhlQG/_new 2020-02-15 22:25:40.163317806 +0100 @@ -1,38 +1,16 @@ <services> - <service mode="disabled" name="tar_scm"> - <param name="url">https://github.com/cilium/proxy</param> + <service mode="disabled" name="obs_scm"> + <param name="url">https://github.com/envoyproxy/envoy-openssl</param> <param name="scm">git</param> - <param name="changesgenerate">enable</param> - <param name="filename">cilium-proxy</param> - <param name="versionformat">%cd</param> - </service> - <service mode="disabled" name="tar_scm"> - <param name="url">https://github.com/envoyproxy/envoy</param> - <param name="scm">git</param> - <param name="changesgenerate">enable</param> + <param name="changesgenerate">disable</param> <param name="filename">envoy-proxy</param> - <param name="versionformat">@PARENT_TAG@+git%cd</param> - <param name="versionrewrite-pattern">v(.*)</param> - <param name="revision">4ef8562b2194f222ce8a3d733fb04c629eaf0667</param> - </service> - <service mode="disabled" name="tar_scm"> - <param name="url">https://github.com/istio/api</param> - <param name="scm">git</param> - <param name="changesgenerate">enable</param> - <param name="filename">istio-api</param> - <param name="versionformat">@PARENT_TAG@+git%cd</param> - <param name="revision">6b9e3a501e6ef254958bf82f7b74c37d64a57a15</param> - </service> - <service mode="disabled" name="tar_scm"> - <param name="url">https://github.com/istio/proxy</param> - <param name="scm">git</param> - <param name="changesgenerate">enable</param> - <param name="filename">istio-proxy</param> - <param name="versionformat">@PARENT_TAG@+git%cd</param> - <param name="revision">67a0375be569f9158b361e8f5c2a76a0c1b0a02e</param> + <param name="versionformat">1.12.2+git.%cd</param> + <param name="revision">4274cb6bb10e9516089f05554338d662c320a447</param> </service> - <service mode="disabled" name="recompress"> + <service mode="buildtime" name="tar" /> + <service mode="buildtime" name="recompress"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> + <service mode="disabled" name="set_version" /> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.pRhlQG/_old 2020-02-15 22:25:40.183317817 +0100 +++ /var/tmp/diff_new_pack.pRhlQG/_new 2020-02-15 22:25:40.187317818 +0100 @@ -1,10 +1,10 @@ <servicedata> <service name="tar_scm"> - <param name="url">https://github.com/envoyproxy/envoy</param> - <param name="changesrevision">4ef8562b2194f222ce8a3d733fb04c629eaf0667</param></service><service name="tar_scm"> - <param name="url">https://github.com/istio/proxy</param> - <param name="changesrevision">67a0375be569f9158b361e8f5c2a76a0c1b0a02e</param></service><service name="tar_scm"> <param name="url">https://github.com/cilium/proxy</param> <param name="changesrevision">44b06e279771e2c1a10b38b0bc8891b7083e0e45</param></service><service name="tar_scm"> + <param name="url">https://github.com/envoyproxy/envoy</param> + <param name="changesrevision">e349fb6139e4b7a59a9a359be0ea45dd61e589c5</param></service><service name="tar_scm"> <param name="url">https://github.com/istio/api</param> - <param name="changesrevision">6b9e3a501e6ef254958bf82f7b74c37d64a57a15</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">6b9e3a501e6ef254958bf82f7b74c37d64a57a15</param></service><service name="tar_scm"> + <param name="url">https://github.com/istio/proxy</param> + <param name="changesrevision">67a0375be569f9158b361e8f5c2a76a0c1b0a02e</param></service></servicedata> \ No newline at end of file ++++++ bazel-Fix-optional-dynamic-linking-of-OpenSSL.patch ++++++ >From a77b5a8db49c43f0dacf6f2d15c4e3271fec3d3b Mon Sep 17 00:00:00 2001 From: Michal Rostecki <[email protected]> Date: Mon, 13 Jan 2020 14:38:59 +0100 Subject: [PATCH] bazel: Fix optional dynamic linking of OpenSSL Before this change, README was suggesting to replace Envoy repo_mapping from `boringssl` to `openssl_shared`. That solution was working only for the Envoy repository, but bssl_wrapper was still using `openssl` as a dependency. Because of that, even after re-mapping Envoy to shared OpenSSL, Bazel was still downloading the OpenSSL tarball and using it for bssl_wrapper. This change fixes that issue by defining functions in openssl.bzl file. Both of them define `openssl` repository. The first one (`openssl_repository`) uses the OpenSSL tarball. The second one (`openssl_shared_repository`) uses shared OpenSSL library. WORKSPACE by default calls the `openssl_repository` function and has a commented call to the `openssl_shared_repository` function. If someone wants to build Envoy with shared OpenSSL, the first function call should be commented and the second one uncommented. Signed-off-by: Michal Rostecki <[email protected]> --- README.md | 5 +++-- WORKSPACE | 19 +++++++------------ openssl.bzl | 17 +++++++++++++++++ 3 files changed, 27 insertions(+), 14 deletions(-) create mode 100644 openssl.bzl diff --git a/README.md b/README.md index 3d80733..2263fd5 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,9 @@ To build OpenSSL-enabled Envoy run the following command. $ bazel build //:envoy ``` -If you need OpenSSL dynamically linked to Envoy then re-map `@boringssl` to -`@openssl_shared` by editing the [WORKSPACE](WORKSPACE) file. +If you need OpenSSL dynamically linked to Envoy then edit the the +[WORKSPACE](WORKSPACE) file, comment the line with `openssl_repository` function +call and uncomment the one with `openssl_shared_repository`. ## Testing diff --git a/WORKSPACE b/WORKSPACE index b553338..86d1cce 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -2,19 +2,14 @@ workspace(name = "envoy_openssl") load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") -http_archive( - name = "openssl", - urls = ["https://github.com/openssl/openssl/archive/OpenSSL_1_1_1d.tar.gz";], - sha256 = "23011a5cc78e53d0dc98dfa608c51e72bcd350aa57df74c5d5574ba4ffb62e74", - build_file = "@//:openssl.BUILD", - strip_prefix = "openssl-OpenSSL_1_1_1d", -) +load("//:openssl.bzl", "openssl_repository", "openssl_shared_repository") -new_local_repository( - name = "openssl_shared", - path = "/usr/lib/x86_64-linux-gnu", - build_file = "openssl_host_shared.BUILD" -) +# If you need OpenSSL dynamically linked to Envoy then comment the line +# with `openssl_repository` function call and uncomment the one with +# `openssl_shared_repository`. + +openssl_repository() +# openssl_shared_repository() local_repository( name = "envoy_build_config", diff --git a/openssl.bzl b/openssl.bzl new file mode 100644 index 0000000..4042e94 --- /dev/null +++ b/openssl.bzl @@ -0,0 +1,17 @@ +load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") + +def openssl_repository(): + http_archive( + name = "openssl", + urls = ["https://github.com/openssl/openssl/archive/OpenSSL_1_1_1d.tar.gz";], + sha256 = "23011a5cc78e53d0dc98dfa608c51e72bcd350aa57df74c5d5574ba4ffb62e74", + build_file = "@//:openssl.BUILD", + strip_prefix = "openssl-OpenSSL_1_1_1d", + ) + +def openssl_shared_repository(): + native.new_local_repository( + name = "openssl", + path = "/usr/lib/x86_64-linux-gnu", + build_file = "openssl_host_shared.BUILD" + ) -- 2.16.4 ++++++ compatibility-with-TLS-1.2-and-OpenSSL-1.1.0.patch ++++++ >From c4f74a85be1e0dc09581fd5603279bd2c1617106 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <[email protected]> Date: Mon, 16 Dec 2019 12:59:43 +0100 Subject: [PATCH] Compatibility with TLS 1.2 and OpenSSL 1.1.0 This change makes extensions working on OpenSSL 1.1.0 which still uses TLS 1.2 standard instead of TLS 1.3. OpenSSL 1.1.0 is still a supported version. Signed-off-by: Michal Rostecki <[email protected]> --- source/extensions/common/crypto/utility_impl.cc | 9 +++ .../transport_sockets/tls/context_config_impl.cc | 6 ++ .../transport_sockets/tls/context_impl.cc | 11 ++- .../tls/integration/ssl_integration_test.cc | 6 ++ .../transport_sockets/tls/ssl_socket_test.cc | 82 ++++++++++++++++++++++ 5 files changed, 113 insertions(+), 1 deletion(-) diff --git a/source/extensions/common/crypto/utility_impl.cc b/source/extensions/common/crypto/utility_impl.cc index 6c8e2a4..dbd9aa7 100644 --- a/source/extensions/common/crypto/utility_impl.cc +++ b/source/extensions/common/crypto/utility_impl.cc @@ -72,7 +72,16 @@ const VerificationOutput UtilityImpl::verifySignature(absl::string_view hash, Cr } // Step 4: verify signature +#ifdef TLS1_3_VERSION ok = EVP_DigestVerify(ctx, signature.data(), signature.size(), text.data(), text.size()); +#else // OpenSSL 1.1.0 + ok = EVP_DigestVerifyUpdate(ctx, text.data(), text.size()); + if (!ok) { + EVP_MD_CTX_free(ctx); + return {false, absl::StrCat("Failed to verify digest. Error code: ", ok)}; + } + ok = EVP_DigestVerifyFinal(ctx, signature.data(), signature.size()); +#endif // Step 5: check result if (ok == 1) { diff --git a/source/extensions/transport_sockets/tls/context_config_impl.cc b/source/extensions/transport_sockets/tls/context_config_impl.cc index 51a511d..4c4a148 100644 --- a/source/extensions/transport_sockets/tls/context_config_impl.cc +++ b/source/extensions/transport_sockets/tls/context_config_impl.cc @@ -264,8 +264,10 @@ unsigned ContextConfigImpl::tlsVersionFromProto( return TLS1_1_VERSION; case envoy::api::v2::auth::TlsParameters::TLSv1_2: return TLS1_2_VERSION; +#ifdef TLS1_3_VERSION case envoy::api::v2::auth::TlsParameters::TLSv1_3: return TLS1_3_VERSION; +#endif default: NOT_IMPLEMENTED_GCOVR_EXCL_LINE; } @@ -315,7 +317,11 @@ ClientContextConfigImpl::ClientContextConfigImpl( } const unsigned ServerContextConfigImpl::DEFAULT_MIN_VERSION = TLS1_VERSION; +#ifdef TLS1_3_VERSION const unsigned ServerContextConfigImpl::DEFAULT_MAX_VERSION = TLS1_3_VERSION; +#else // OpenSSL 1.1.0 +const unsigned ServerContextConfigImpl::DEFAULT_MAX_VERSION = TLS1_2_VERSION; +#endif const std::string ServerContextConfigImpl::DEFAULT_CIPHER_SUITES = "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]:" diff --git a/source/extensions/transport_sockets/tls/context_impl.cc b/source/extensions/transport_sockets/tls/context_impl.cc index f5b35f6..20b356d 100644 --- a/source/extensions/transport_sockets/tls/context_impl.cc +++ b/source/extensions/transport_sockets/tls/context_impl.cc @@ -25,6 +25,7 @@ #include "openssl/evp.h" #include "openssl/hmac.h" #include "openssl/rand.h" +#include "openssl/tls1.h" #include "openssl/x509v3.h" #define SSL_TICKET_KEY_NAME_LEN 16 @@ -384,7 +385,11 @@ ContextImpl::ContextImpl(Stats::Scope& scope, const Envoy::Ssl::ContextConfig& c stat_name_set_->rememberBuiltins({"ecdsa_secp256r1_sha256", "rsa_pss_rsae_sha256"}); // Versions +#ifdef TLS1_3_VERSION stat_name_set_->rememberBuiltins({"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); +#else // OpenSSL 1.1.0 + stat_name_set_->rememberBuiltins({"TLSv1", "TLSv1.1", "TLSv1.2"}); +#endif } int ServerContextImpl::alpnSelectCallback(const unsigned char** out, unsigned char* outlen, @@ -517,7 +522,11 @@ void ContextImpl::logHandshake(SSL* ssl) const { incCounter(ssl_ciphers_, SSL_get_cipher_name(ssl), unknown_ssl_cipher_); incCounter(ssl_versions_, SSL_get_version(ssl), unknown_ssl_version_); +#ifdef TLSEXT_TYPE_supported_groups int group = SSL_get_shared_group(ssl, 0); +#else // OpenSSL 1.1.0 + int group = SSL_get_shared_curve(ssl, 0); +#endif if (group > 0) { switch (group) { case NID_X25519: { @@ -1085,7 +1094,7 @@ int ServerContextImpl::sessionTicketProcess(SSL*, uint8_t* key_name, uint8_t* iv bool ServerContextImpl::isClientEcdsaCapable(SSL* ssl) { int psignhash; - if (TLS1_get_version(ssl) >= TLS1_2_VERSION && tls_max_version_ == TLS1_3_VERSION) { + if (TLS1_get_version(ssl) >= TLS1_2_VERSION) { int num_sigalgs = SSL_get_sigalgs(ssl, 0, nullptr, nullptr, nullptr, nullptr, nullptr); for (int i = 0; i < num_sigalgs; i++) { SSL_get_sigalgs(ssl, i, nullptr, nullptr, &psignhash, nullptr, nullptr); diff --git a/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc b/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc index e4eb454..7837ad1 100644 --- a/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc +++ b/test/extensions/transport_sockets/tls/integration/ssl_integration_test.cc @@ -178,7 +178,9 @@ class SslCertficateIntegrationTest public SslIntegrationTestBase { public: SslCertficateIntegrationTest() : SslIntegrationTestBase(std::get<0>(GetParam())) { +#ifdef TLS1_3_VERSION server_tlsv1_3_ = true; +#endif } Network::ClientConnectionPtr @@ -231,8 +233,12 @@ public: INSTANTIATE_TEST_SUITE_P( IpVersionsClientVersions, SslCertficateIntegrationTest, testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), +#ifdef TLS1_3_VERSION testing::Values(envoy::api::v2::auth::TlsParameters::TLSv1_2, envoy::api::v2::auth::TlsParameters::TLSv1_3)), +#else // OpenSSL 1.1.0 + testing::Values(envoy::api::v2::auth::TlsParameters::TLSv1_2)), +#endif SslCertficateIntegrationTest::ipClientVersionTestParamsToString); // Server with an RSA certificate and a client with RSA/ECDSA cipher suites works. diff --git a/test/extensions/transport_sockets/tls/ssl_socket_test.cc b/test/extensions/transport_sockets/tls/ssl_socket_test.cc index 007891d..6d3d2cd 100644 --- a/test/extensions/transport_sockets/tls/ssl_socket_test.cc +++ b/test/extensions/transport_sockets/tls/ssl_socket_test.cc @@ -2441,7 +2441,9 @@ void testTicketSessionResumption(const std::string& server_ctx_yaml1, const SslSocketInfo* ssl_socket = dynamic_cast<const SslSocketInfo*>(client_connection->ssl().get()); ssl_session = SSL_get1_session(ssl_socket->rawSslForTest()); +#ifdef TLS1_3_VERSION EXPECT_TRUE(SSL_SESSION_is_resumable(ssl_session)); +#endif client_connection->close(Network::ConnectionCloseType::NoFlush); server_connection->close(Network::ConnectionCloseType::NoFlush); dispatcher->exit(); @@ -2864,7 +2866,9 @@ TEST_P(SslSocketTest, ClientAuthCrossListenerSessionResumption) { const SslSocketInfo* ssl_socket = dynamic_cast<const SslSocketInfo*>(client_connection->ssl().get()); ssl_session = SSL_get1_session(ssl_socket->rawSslForTest()); +#ifdef TLS1_3_VERSION EXPECT_TRUE(SSL_SESSION_is_resumable(ssl_session)); +#endif server_connection->close(Network::ConnectionCloseType::NoFlush); client_connection->close(Network::ConnectionCloseType::NoFlush); dispatcher_->exit(); @@ -3116,6 +3120,7 @@ TEST_P(SslSocketTest, ClientSessionResumptionEnabledTls12) { testClientSessionResumption(server_ctx_yaml, client_ctx_yaml, true, GetParam()); } +#ifdef TLS1_3_VERSION // Make sure client session resumption is not happening with TLS 1.3 when it's disabled. TEST_P(SslSocketTest, ClientSessionResumptionDisabledTls13) { const std::string server_ctx_yaml = R"EOF( @@ -3165,6 +3170,7 @@ TEST_P(SslSocketTest, ClientSessionResumptionEnabledTls13) { testClientSessionResumption(server_ctx_yaml, client_ctx_yaml, true, GetParam()); } +#endif TEST_P(SslSocketTest, SslError) { const std::string server_ctx_yaml = R"EOF( @@ -3283,6 +3289,7 @@ TEST_P(SslSocketTest, ProtocolVersions) { client_params->clear_tls_minimum_protocol_version(); client_params->clear_tls_maximum_protocol_version(); +#ifdef TLS1_3_VERSION // Connection using TLSv1.3 (client) and defaults (server) succeeds (non-FIPS) or fails (FIPS). client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); @@ -3331,6 +3338,43 @@ TEST_P(SslSocketTest, ProtocolVersions) { client_params->clear_tls_maximum_protocol_version(); server_params->clear_tls_minimum_protocol_version(); server_params->clear_tls_maximum_protocol_version(); +#else // OpenSSL 1.1.0 + // Connection using TLSv1.2 (client) and defaults (server) succeeds. + client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + testUtilV2(tls_v1_2_test_options); + client_params->clear_tls_minimum_protocol_version(); + client_params->clear_tls_maximum_protocol_version(); + + // Connection using TLSv1.0-1.2 (client) and defaults (server) succeeds. + client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + testUtilV2(tls_v1_2_test_options); + client_params->clear_tls_minimum_protocol_version(); + client_params->clear_tls_maximum_protocol_version(); + + // Connection using TLSv1.0 (client) and TLSv1.0-1.2 (server) succeeds. + client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + testUtilV2(tls_v1_test_options); + client_params->clear_tls_minimum_protocol_version(); + client_params->clear_tls_maximum_protocol_version(); + server_params->clear_tls_minimum_protocol_version(); + server_params->clear_tls_maximum_protocol_version(); + + // Connection using TLSv1.2 (client) and TLSv1.0-1.2 (server) succeeds. + client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + testUtilV2(tls_v1_2_test_options); + client_params->clear_tls_minimum_protocol_version(); + client_params->clear_tls_maximum_protocol_version(); + server_params->clear_tls_minimum_protocol_version(); + server_params->clear_tls_maximum_protocol_version(); +#endif // Connection using defaults (client) and TLSv1.0 (server) succeeds. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); @@ -3353,6 +3397,7 @@ TEST_P(SslSocketTest, ProtocolVersions) { server_params->clear_tls_minimum_protocol_version(); server_params->clear_tls_maximum_protocol_version(); +#ifdef TLS1_3_VERSION // Connection using defaults (client) and TLSv1.3 (server) fails. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); @@ -3388,6 +3433,43 @@ TEST_P(SslSocketTest, ProtocolVersions) { client_params->clear_tls_maximum_protocol_version(); server_params->clear_tls_minimum_protocol_version(); server_params->clear_tls_maximum_protocol_version(); +#else // OpenSSL 1.1.0 + // Connection using defaults (client) and TLSv1.2 (server) succeeds. + server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + testUtilV2(tls_v1_2_test_options); + server_params->clear_tls_minimum_protocol_version(); + server_params->clear_tls_maximum_protocol_version(); + + // Connection using defaults (client) and TLSv1.0-1.2 (server) succeeds. + server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + testUtilV2(tls_v1_2_test_options); + server_params->clear_tls_minimum_protocol_version(); + server_params->clear_tls_maximum_protocol_version(); + + // Connection using TLSv1.0-TLSv1.2 (client) and TLSv1.0 (server) succeeds. + client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + testUtilV2(tls_v1_test_options); + client_params->clear_tls_minimum_protocol_version(); + client_params->clear_tls_maximum_protocol_version(); + server_params->clear_tls_minimum_protocol_version(); + server_params->clear_tls_maximum_protocol_version(); + + // Connection using TLSv1.0-TLSv1.2 (client) and TLSv1.3 (server) succeeds. + client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); + client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); + testUtilV2(tls_v1_2_test_options); + client_params->clear_tls_minimum_protocol_version(); + client_params->clear_tls_maximum_protocol_version(); + server_params->clear_tls_minimum_protocol_version(); + server_params->clear_tls_maximum_protocol_version(); +#endif } TEST_P(SslSocketTest, ALPN) { -- 2.16.4 ++++++ envoy-proxy-rpmlintrc ++++++ # Ignore the following warnings in envoy-proxy-source package. addFilter("envoy-proxy-source.* files-duplicate") addFilter("envoy-proxy-source.* hidden-file-or-dir") addFilter("envoy-proxy-source.* non-executable-script") addFilter("envoy-proxy-source.* pem-certificate") addFilter("envoy-proxy-source.* script-without-shebang") addFilter("envoy-proxy-source.* suse-filelist-forbidden-fhs23") addFilter("envoy-proxy-source.* zero-length") ++++++ envoy-proxy.obsinfo ++++++ name: envoy-proxy version: 1.12.2+git.20200109 mtime: 1578557509 commit: 4274cb6bb10e9516089f05554338d662c320a447 ++++++ logger-Use-spdlog-memory_buf_t-instead-of-fmt-memory.patch ++++++ >From f1e5c3bb0d74fbf0caf17c5f03cfd8e2fcf08268 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <[email protected]> Date: Tue, 14 Jan 2020 03:11:27 +0100 Subject: [PATCH] logger: Use spdlog::memory_buf_t instead of fmt::memory_buffer The newest spdlog has its own type spdlog::memory_buf_t, which is equal to the type fmt::basic_memory_buffer<char, 250>. Risk Level: Low Testing: N/A Docs Changes: N/A Signed-off-by: Michal Rostecki <[email protected]> --- source/common/common/logger.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envoy/source/common/common/logger.cc b/envoy/source/common/common/logger.cc index 5b6ea7bee..ef5bcafe1 100644 --- a/envoy/source/common/common/logger.cc +++ b/envoy/source/common/common/logger.cc @@ -62,7 +62,7 @@ void DelegatingLogSink::log(const spdlog::details::log_msg& msg) { // This memory buffer must exist in the scope of the entire function, // otherwise the string_view will refer to memory that is already free. - fmt::memory_buffer formatted; + spdlog::memory_buf_t formatted; if (formatter_) { formatter_->format(msg, formatted); msg_view = absl::string_view(formatted.data(), formatted.size()); -- 2.16.4
