From 90d1094b32aa017f90cc8efcd379aeb143acabfc Mon Sep 17 00:00:00 2001 From: htuch Date: Mon, 11 Nov 2019 17:03:21 -0500 Subject: [PATCH] security: document threat model. (#8906) * Add an explicit threat model to the end user facing docs, link to this from SECURITY.md * Switch all Envoy extensions to use a new macro `envoy_cc_extension`, mandating that extensions declare a security posture. Extensions can also optionally declare `alpha` or `wip` status. * Tag all documentation sites with their well-known Envoy names. * Introduce tooling to automagically populate a list of known trusted/untrusted extensions in the threat model docs. * Generate API docs for extensions that depend on `google.protobuf.Empty`. This pattern is deprecated as per https://github.com/envoyproxy/envoy/issues/8933, but we need these for tooling support meanwhile. This work was motivated by oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18370 Signed-off-by: Harvey Tuch --- SECURITY.md | 28 +----- api/docs/BUILD | 3 + api/envoy/config/accesslog/v2/als.proto | 2 + api/envoy/config/accesslog/v2/file.proto | 1 + api/envoy/config/accesslog/v3alpha/als.proto | 2 + api/envoy/config/accesslog/v3alpha/file.proto | 1 + .../v2alpha/cluster.proto | 1 + .../v3alpha/cluster.proto | 1 + .../config/cluster/redis/redis_cluster.proto | 1 + .../v2alpha/adaptive_concurrency.proto | 1 + .../v3alpha/adaptive_concurrency.proto | 1 + .../config/filter/http/buffer/v2/buffer.proto | 1 + .../config/filter/http/csrf/v2/csrf.proto | 1 + .../filter/http/csrf/v3alpha/csrf.proto | 1 + .../v2alpha/dynamic_forward_proxy.proto | 1 + .../v3alpha/dynamic_forward_proxy.proto | 1 + .../filter/http/ext_authz/v2/ext_authz.proto | 1 + .../http/ext_authz/v3alpha/ext_authz.proto | 1 + .../config/filter/http/fault/v2/fault.proto | 1 + .../filter/http/fault/v3alpha/fault.proto | 1 + .../v2alpha1/config.proto | 1 + .../http/grpc_stats/v2alpha/config.proto | 1 + .../config/filter/http/gzip/v2/gzip.proto | 1 + .../v2/header_to_metadata.proto | 1 + .../http/health_check/v2/health_check.proto | 1 + .../health_check/v3alpha/health_check.proto | 1 + .../http/ip_tagging/v2/ip_tagging.proto | 1 + .../http/ip_tagging/v3alpha/ip_tagging.proto | 1 + .../http/jwt_authn/v2alpha/config.proto | 1 + .../http/jwt_authn/v3alpha/config.proto | 1 + api/envoy/config/filter/http/lua/v2/lua.proto | 1 + .../original_src/v2alpha1/original_src.proto | 1 + .../http/rate_limit/v2/rate_limit.proto | 1 + .../http/rate_limit/v3alpha/rate_limit.proto | 1 + .../config/filter/http/rbac/v2/rbac.proto | 1 + .../filter/http/rbac/v3alpha/rbac.proto | 1 + .../config/filter/http/router/v2/router.proto | 1 + .../filter/http/router/v3alpha/router.proto | 1 + .../config/filter/http/squash/v2/squash.proto | 1 + .../config/filter/http/tap/v2alpha/tap.proto | 1 + .../config/filter/http/tap/v3alpha/tap.proto | 1 + .../http/transcoder/v2/transcoder.proto | 1 + .../original_src/v2alpha1/original_src.proto | 1 + .../client_ssl_auth/v2/client_ssl_auth.proto | 1 + .../v3alpha/client_ssl_auth.proto | 1 + .../dubbo_proxy/v2alpha1/dubbo_proxy.proto | 1 + .../dubbo_proxy/v3alpha/dubbo_proxy.proto | 1 + .../network/ext_authz/v2/ext_authz.proto | 1 + .../network/ext_authz/v3alpha/ext_authz.proto | 1 + .../v2/http_connection_manager.proto | 1 + .../v3alpha/http_connection_manager.proto | 1 + .../network/mongo_proxy/v2/mongo_proxy.proto | 1 + .../mongo_proxy/v3alpha/mongo_proxy.proto | 1 + .../mysql_proxy/v1alpha1/mysql_proxy.proto | 3 +- .../network/rate_limit/v2/rate_limit.proto | 1 + .../rate_limit/v3alpha/rate_limit.proto | 1 + .../config/filter/network/rbac/v2/rbac.proto | 1 + .../filter/network/rbac/v3alpha/rbac.proto | 1 + .../network/redis_proxy/v2/redis_proxy.proto | 1 + .../redis_proxy/v3alpha/redis_proxy.proto | 1 + .../network/tcp_proxy/v2/tcp_proxy.proto | 1 + .../network/tcp_proxy/v3alpha/tcp_proxy.proto | 1 + .../thrift_proxy/v2alpha1/thrift_proxy.proto | 1 + .../thrift_proxy/v3alpha/thrift_proxy.proto | 1 + .../v1alpha1/zookeeper_proxy.proto | 6 +- .../rate_limit/v2alpha1/rate_limit.proto | 1 + .../rate_limit/v3alpha/rate_limit.proto | 1 + .../thrift/router/v2alpha1/router.proto | 1 + .../grpc_credential/v2alpha/aws_iam.proto | 1 + .../v2alpha/file_based_metadata.proto | 1 + .../grpc_credential/v3alpha/aws_iam.proto | 1 + .../v3alpha/file_based_metadata.proto | 1 + .../health_checker/redis/v2/redis.proto | 1 + .../config/metrics/v2/metrics_service.proto | 1 + api/envoy/config/metrics/v2/stats.proto | 3 + .../metrics/v3alpha/metrics_service.proto | 1 + api/envoy/config/metrics/v3alpha/stats.proto | 3 + .../fixed_heap/v2alpha/fixed_heap.proto | 1 + .../v2alpha/injected_resource.proto | 1 + .../previous_priorities_config.proto | 1 + api/envoy/config/trace/v2/trace.proto | 5 + api/envoy/config/trace/v3alpha/trace.proto | 5 + .../transport_socket/alts/v2alpha/alts.proto | 1 + .../transport_socket/tap/v2alpha/tap.proto | 1 + .../transport_socket/tap/v3alpha/tap.proto | 1 + bazel/envoy_build_system.bzl | 2 + bazel/envoy_library.bzl | 47 +++++++++ docs/build.sh | 19 +++- docs/empty_extensions.json | 66 +++++++++++++ docs/generate_extension_db.py | 57 +++++++++++ docs/generate_extension_rst.py | 36 +++++++ docs/root/api-v2/config/config.rst | 1 + docs/root/api-v2/config/filter/http/http.rst | 1 + .../config/filter/listener/listener.rst | 1 + .../api-v2/config/filter/network/network.rst | 2 + docs/root/api-v2/config/retry/retry.rst | 9 ++ .../intro/arch_overview/security/security.rst | 1 + .../arch_overview/security/threat_model.rst | 97 +++++++++++++++++++ source/extensions/access_loggers/file/BUILD | 4 +- source/extensions/access_loggers/grpc/BUILD | 7 +- .../clusters/dynamic_forward_proxy/BUILD | 5 +- source/extensions/clusters/redis/BUILD | 4 +- source/extensions/common/crypto/BUILD | 6 +- source/extensions/extensions_build_config.bzl | 6 +- .../filters/http/adaptive_concurrency/BUILD | 5 +- source/extensions/filters/http/buffer/BUILD | 4 +- source/extensions/filters/http/cors/BUILD | 4 +- source/extensions/filters/http/csrf/BUILD | 4 +- .../filters/http/dynamic_forward_proxy/BUILD | 5 +- source/extensions/filters/http/dynamo/BUILD | 4 +- .../extensions/filters/http/ext_authz/BUILD | 4 +- source/extensions/filters/http/fault/BUILD | 4 +- .../filters/http/grpc_http1_bridge/BUILD | 4 +- .../http/grpc_http1_reverse_bridge/BUILD | 5 +- .../filters/http/grpc_json_transcoder/BUILD | 4 +- .../extensions/filters/http/grpc_stats/BUILD | 6 +- source/extensions/filters/http/grpc_web/BUILD | 4 +- source/extensions/filters/http/gzip/BUILD | 4 +- .../filters/http/header_to_metadata/BUILD | 4 +- .../filters/http/health_check/BUILD | 4 +- .../extensions/filters/http/ip_tagging/BUILD | 4 +- .../extensions/filters/http/jwt_authn/BUILD | 5 +- source/extensions/filters/http/lua/BUILD | 4 +- .../filters/http/original_src/BUILD | 5 +- .../extensions/filters/http/ratelimit/BUILD | 4 +- source/extensions/filters/http/rbac/BUILD | 4 +- source/extensions/filters/http/router/BUILD | 5 +- source/extensions/filters/http/squash/BUILD | 4 +- source/extensions/filters/http/tap/BUILD | 5 +- .../filters/listener/http_inspector/BUILD | 4 +- .../filters/listener/original_dst/BUILD | 4 +- .../filters/listener/original_src/BUILD | 5 +- .../filters/listener/proxy_protocol/BUILD | 4 +- .../filters/listener/tls_inspector/BUILD | 4 +- .../filters/network/client_ssl_auth/BUILD | 4 +- .../filters/network/dubbo_proxy/BUILD | 5 +- source/extensions/filters/network/echo/BUILD | 4 +- .../filters/network/ext_authz/BUILD | 4 +- .../network/http_connection_manager/BUILD | 5 +- source/extensions/filters/network/kafka/BUILD | 5 +- .../filters/network/mongo_proxy/BUILD | 4 +- .../filters/network/mysql_proxy/BUILD | 5 +- .../filters/network/ratelimit/BUILD | 4 +- source/extensions/filters/network/rbac/BUILD | 4 +- .../filters/network/redis_proxy/BUILD | 4 +- .../filters/network/sni_cluster/BUILD | 4 +- .../filters/network/tcp_proxy/BUILD | 5 +- .../filters/network/thrift_proxy/BUILD | 5 +- .../thrift_proxy/filters/ratelimit/BUILD | 5 +- .../filters/network/thrift_proxy/router/BUILD | 5 +- .../filters/network/zookeeper_proxy/BUILD | 5 +- .../extensions/grpc_credentials/aws_iam/BUILD | 6 +- .../file_based_metadata/BUILD | 6 +- source/extensions/health_checkers/redis/BUILD | 4 +- .../resource_monitors/fixed_heap/BUILD | 5 +- .../resource_monitors/injected_resource/BUILD | 5 +- .../retry/host/omit_canary_hosts/BUILD | 4 +- .../retry/host/previous_hosts/BUILD | 4 +- .../retry/priority/previous_priorities/BUILD | 4 +- source/extensions/stat_sinks/dog_statsd/BUILD | 5 +- source/extensions/stat_sinks/hystrix/BUILD | 4 +- .../stat_sinks/metrics_service/BUILD | 4 +- source/extensions/stat_sinks/statsd/BUILD | 5 +- source/extensions/tracers/datadog/BUILD | 4 +- source/extensions/tracers/dynamic_ot/BUILD | 4 +- source/extensions/tracers/lightstep/BUILD | 4 +- source/extensions/tracers/opencensus/BUILD | 4 +- source/extensions/tracers/xray/BUILD | 5 +- source/extensions/tracers/zipkin/BUILD | 4 +- .../extensions/transport_sockets/alts/BUILD | 4 +- source/extensions/transport_sockets/tap/BUILD | 5 +- source/extensions/transport_sockets/tls/BUILD | 4 +- tools/api_proto_plugin/annotations.py | 6 ++ tools/protodoc/BUILD | 8 ++ tools/protodoc/generate_empty.py | 48 +++++++++ tools/protodoc/protodoc.py | 79 ++++++++++++++- 176 files changed, 830 insertions(+), 118 deletions(-) create mode 100644 docs/empty_extensions.json create mode 100755 docs/generate_extension_db.py create mode 100755 docs/generate_extension_rst.py create mode 100644 docs/root/api-v2/config/retry/retry.rst create mode 100644 docs/root/intro/arch_overview/security/threat_model.rst create mode 100644 tools/protodoc/generate_empty.py diff --git a/SECURITY.md b/SECURITY.md index 883b3c3b067b..42ec10e584b2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -86,29 +86,11 @@ detect issues during their execution on ClusterFuzz. A soak period of 5 days pro guarantee, since we will invoke the security release process for medium or higher severity issues for these older bugs. -### Confidentiality, integrity and availability - -We consider vulnerabilities leading to the compromise of data confidentiality or integrity to be our -highest priority concerns. Availability, in particular in areas relating to DoS and resource -exhaustion, is also a serious security concern for Envoy operators, in particular those utilizing -Envoy in edge deployments. - -The Envoy availability stance around CPU and memory DoS, as well as Query-of-Death (QoD), is still -evolving. We will continue to iterate and fix well known resource issues in the open, e.g. overload -manager and watermark improvements. We will activate the security process for disclosures that -appear to present a risk profile that is significantly greater than the current Envoy availability -hardening status quo. Examples of disclosures that would elicit this response: -* QoD; where a single query from a client can bring down an Envoy server. -* Highly asymmetric resource exhaustion attacks, where very little traffic can cause resource - exhaustion, e.g. that delivered by a single client. - -Note that we do not currently consider the default settings for Envoy to be safe from an availability -perspective. It is necessary for operators to explicitly configure watermarks, the overload manager, -circuit breakers and other resource related features in Envoy to provide a robust availability -story. We will not act on any security disclosure that relates to a lack of safe defaults. Over -time, we will work towards improved safe-by-default configuration, but due to backwards -compatibility and performance concerns, this will require following the breaking change deprecation -policy. +### Threat model + +See https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model. +Vulnerabilities are evaluated against this threat model when deciding whether to activate the Envoy +security release process. ### Fix Team Organization diff --git a/api/docs/BUILD b/api/docs/BUILD index 806ea72bab14..3292a1212c38 100644 --- a/api/docs/BUILD +++ b/api/docs/BUILD @@ -56,11 +56,13 @@ proto_library( "//envoy/config/filter/network/ext_authz/v2:pkg", "//envoy/config/filter/network/http_connection_manager/v2:pkg", "//envoy/config/filter/network/mongo_proxy/v2:pkg", + "//envoy/config/filter/network/mysql_proxy/v1alpha1:pkg", "//envoy/config/filter/network/rate_limit/v2:pkg", "//envoy/config/filter/network/rbac/v2:pkg", "//envoy/config/filter/network/redis_proxy/v2:pkg", "//envoy/config/filter/network/tcp_proxy/v2:pkg", "//envoy/config/filter/network/thrift_proxy/v2alpha1:pkg", + "//envoy/config/filter/network/zookeeper_proxy/v1alpha1:pkg", "//envoy/config/filter/thrift/rate_limit/v2alpha1:pkg", "//envoy/config/filter/thrift/router/v2alpha1:pkg", "//envoy/config/grpc_credential/v2alpha:pkg", @@ -72,6 +74,7 @@ proto_library( "//envoy/config/rbac/v2:pkg", "//envoy/config/resource_monitor/fixed_heap/v2alpha:pkg", "//envoy/config/resource_monitor/injected_resource/v2alpha:pkg", + "//envoy/config/retry/previous_priorities:pkg", "//envoy/config/trace/v2:pkg", "//envoy/config/transport_socket/alts/v2alpha:pkg", "//envoy/config/transport_socket/tap/v2alpha:pkg", diff --git a/api/envoy/config/accesslog/v2/als.proto b/api/envoy/config/accesslog/v2/als.proto index 4f77fcaa4cba..a45d0ca52052 100644 --- a/api/envoy/config/accesslog/v2/als.proto +++ b/api/envoy/config/accesslog/v2/als.proto @@ -19,6 +19,7 @@ import "validate/validate.proto"; // :ref:`AccessLog `. This configuration will // populate :ref:`StreamAccessLogsMessage.http_logs // `. +// [#extension: envoy.access_loggers.http_grpc] message HttpGrpcAccessLogConfig { CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; @@ -37,6 +38,7 @@ message HttpGrpcAccessLogConfig { // Configuration for the built-in *envoy.tcp_grpc_access_log* type. This configuration will // populate *StreamAccessLogsMessage.tcp_logs*. +// [#extension: envoy.access_loggers.tcp_grpc] message TcpGrpcAccessLogConfig { CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; } diff --git a/api/envoy/config/accesslog/v2/file.proto b/api/envoy/config/accesslog/v2/file.proto index 9ed71469882b..16a49563ffc9 100644 --- a/api/envoy/config/accesslog/v2/file.proto +++ b/api/envoy/config/accesslog/v2/file.proto @@ -11,6 +11,7 @@ import "google/protobuf/struct.proto"; import "validate/validate.proto"; // [#protodoc-title: File access log] +// [#extension: envoy.access_loggers.file] // Custom configuration for an :ref:`AccessLog ` // that writes log entries directly to a file. Configures the built-in *envoy.file_access_log* diff --git a/api/envoy/config/accesslog/v3alpha/als.proto b/api/envoy/config/accesslog/v3alpha/als.proto index cdbb81741e1f..77589fffdae1 100644 --- a/api/envoy/config/accesslog/v3alpha/als.proto +++ b/api/envoy/config/accesslog/v3alpha/als.proto @@ -19,6 +19,7 @@ import "validate/validate.proto"; // :ref:`AccessLog `. This configuration // will populate :ref:`StreamAccessLogsMessage.http_logs // `. +// [#extension: envoy.access_loggers.http_grpc] message HttpGrpcAccessLogConfig { CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; @@ -37,6 +38,7 @@ message HttpGrpcAccessLogConfig { // Configuration for the built-in *envoy.tcp_grpc_access_log* type. This configuration will // populate *StreamAccessLogsMessage.tcp_logs*. +// [#extension: envoy.access_loggers.tcp_grpc] message TcpGrpcAccessLogConfig { CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; } diff --git a/api/envoy/config/accesslog/v3alpha/file.proto b/api/envoy/config/accesslog/v3alpha/file.proto index d8b033735e79..e826cdcb697e 100644 --- a/api/envoy/config/accesslog/v3alpha/file.proto +++ b/api/envoy/config/accesslog/v3alpha/file.proto @@ -11,6 +11,7 @@ import "google/protobuf/struct.proto"; import "validate/validate.proto"; // [#protodoc-title: File access log] +// [#extension: envoy.access_loggers.file] // Custom configuration for an :ref:`AccessLog // ` that writes log entries directly to a diff --git a/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto b/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto index 9e4626c23e89..ef87aeab5c65 100644 --- a/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto +++ b/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // Configuration for the dynamic forward proxy cluster. See the :ref:`architecture overview // ` for more information. +// [#extension: envoy.clusters.dynamic_forward_proxy] message ClusterConfig { // The DNS cache configuration that the cluster will attach to. Note this configuration must // match that of associated :ref:`dynamic forward proxy HTTP filter configuration diff --git a/api/envoy/config/cluster/dynamic_forward_proxy/v3alpha/cluster.proto b/api/envoy/config/cluster/dynamic_forward_proxy/v3alpha/cluster.proto index be96cbf83a81..609c3f81c098 100644 --- a/api/envoy/config/cluster/dynamic_forward_proxy/v3alpha/cluster.proto +++ b/api/envoy/config/cluster/dynamic_forward_proxy/v3alpha/cluster.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // Configuration for the dynamic forward proxy cluster. See the :ref:`architecture overview // ` for more information. +// [#extension: envoy.clusters.dynamic_forward_proxy] message ClusterConfig { // The DNS cache configuration that the cluster will attach to. Note this configuration must // match that of associated :ref:`dynamic forward proxy HTTP filter configuration diff --git a/api/envoy/config/cluster/redis/redis_cluster.proto b/api/envoy/config/cluster/redis/redis_cluster.proto index d3a2b3338b0e..beef21970085 100644 --- a/api/envoy/config/cluster/redis/redis_cluster.proto +++ b/api/envoy/config/cluster/redis/redis_cluster.proto @@ -48,6 +48,7 @@ import "validate/validate.proto"; // cluster_refresh_timeout: 0.5s // redirect_refresh_interval: 10s // redirect_refresh_threshold: 10 +// [#extension: envoy.clusters.redis] message RedisClusterConfig { // Interval between successive topology refresh requests. If not set, this defaults to 5s. diff --git a/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto b/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto index 45d0401fe419..684e6c8499f9 100644 --- a/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto +++ b/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto @@ -18,6 +18,7 @@ import "validate/validate.proto"; // [#protodoc-title: Adaptive Concurrency] // Adaptive Concurrency Control :ref:`configuration overview // `. +// [#extension: envoy.filters.http.adaptive_concurrency] // Configuration parameters for the gradient controller. message GradientControllerConfig { diff --git a/api/envoy/config/filter/http/adaptive_concurrency/v3alpha/adaptive_concurrency.proto b/api/envoy/config/filter/http/adaptive_concurrency/v3alpha/adaptive_concurrency.proto index 6262a94d5500..a6bec7933262 100644 --- a/api/envoy/config/filter/http/adaptive_concurrency/v3alpha/adaptive_concurrency.proto +++ b/api/envoy/config/filter/http/adaptive_concurrency/v3alpha/adaptive_concurrency.proto @@ -18,6 +18,7 @@ import "validate/validate.proto"; // [#protodoc-title: Adaptive Concurrency] // Adaptive Concurrency Control :ref:`configuration overview // `. +// [#extension: envoy.filters.http.adaptive_concurrency] // Configuration parameters for the gradient controller. message GradientControllerConfig { diff --git a/api/envoy/config/filter/http/buffer/v2/buffer.proto b/api/envoy/config/filter/http/buffer/v2/buffer.proto index 44062f248199..f342c72d5b01 100644 --- a/api/envoy/config/filter/http/buffer/v2/buffer.proto +++ b/api/envoy/config/filter/http/buffer/v2/buffer.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: Buffer] // Buffer :ref:`configuration overview `. +// [#extension: envoy.filters.http.buffer] message Buffer { reserved 2; diff --git a/api/envoy/config/filter/http/csrf/v2/csrf.proto b/api/envoy/config/filter/http/csrf/v2/csrf.proto index faf882e896f4..acc7718b1e1b 100644 --- a/api/envoy/config/filter/http/csrf/v2/csrf.proto +++ b/api/envoy/config/filter/http/csrf/v2/csrf.proto @@ -13,6 +13,7 @@ import "validate/validate.proto"; // [#protodoc-title: CSRF] // Cross-Site Request Forgery :ref:`configuration overview `. +// [#extension: envoy.filters.http.csrf] // CSRF filter config. message CsrfPolicy { diff --git a/api/envoy/config/filter/http/csrf/v3alpha/csrf.proto b/api/envoy/config/filter/http/csrf/v3alpha/csrf.proto index 32dbe48ba496..5d3c3eca6f2e 100644 --- a/api/envoy/config/filter/http/csrf/v3alpha/csrf.proto +++ b/api/envoy/config/filter/http/csrf/v3alpha/csrf.proto @@ -13,6 +13,7 @@ import "validate/validate.proto"; // [#protodoc-title: CSRF] // Cross-Site Request Forgery :ref:`configuration overview `. +// [#extension: envoy.filters.http.csrf] // CSRF filter config. message CsrfPolicy { diff --git a/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto b/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto index dbe548c346b5..d66fa81f8eab 100644 --- a/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto +++ b/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // Configuration for the dynamic forward proxy HTTP filter. See the :ref:`architecture overview // ` for more information. +// [#extension: envoy.filters.http.dynamic_forward_proxy] message FilterConfig { // The DNS cache configuration that the filter will attach to. Note this configuration must // match that of associated :ref:`dynamic forward proxy cluster configuration diff --git a/api/envoy/config/filter/http/dynamic_forward_proxy/v3alpha/dynamic_forward_proxy.proto b/api/envoy/config/filter/http/dynamic_forward_proxy/v3alpha/dynamic_forward_proxy.proto index d63094f38832..62161c25f1d4 100644 --- a/api/envoy/config/filter/http/dynamic_forward_proxy/v3alpha/dynamic_forward_proxy.proto +++ b/api/envoy/config/filter/http/dynamic_forward_proxy/v3alpha/dynamic_forward_proxy.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // Configuration for the dynamic forward proxy HTTP filter. See the :ref:`architecture overview // ` for more information. +// [#extension: envoy.filters.http.dynamic_forward_proxy] message FilterConfig { // The DNS cache configuration that the filter will attach to. Note this configuration must // match that of associated :ref:`dynamic forward proxy cluster configuration diff --git a/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto index 0f70acfc076e..8e3eb7b4c2da 100644 --- a/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto +++ b/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto @@ -16,6 +16,7 @@ import "validate/validate.proto"; // [#protodoc-title: External Authorization] // External Authorization :ref:`configuration overview `. +// [#extension: envoy.filters.http.ext_authz] // [#next-free-field: 11] message ExtAuthz { diff --git a/api/envoy/config/filter/http/ext_authz/v3alpha/ext_authz.proto b/api/envoy/config/filter/http/ext_authz/v3alpha/ext_authz.proto index c884f6ebe852..22ccf8b27739 100644 --- a/api/envoy/config/filter/http/ext_authz/v3alpha/ext_authz.proto +++ b/api/envoy/config/filter/http/ext_authz/v3alpha/ext_authz.proto @@ -16,6 +16,7 @@ import "validate/validate.proto"; // [#protodoc-title: External Authorization] // External Authorization :ref:`configuration overview `. +// [#extension: envoy.filters.http.ext_authz] // [#next-free-field: 11] message ExtAuthz { diff --git a/api/envoy/config/filter/http/fault/v2/fault.proto b/api/envoy/config/filter/http/fault/v2/fault.proto index 87c9b976355d..15103bfc15a9 100644 --- a/api/envoy/config/filter/http/fault/v2/fault.proto +++ b/api/envoy/config/filter/http/fault/v2/fault.proto @@ -16,6 +16,7 @@ import "validate/validate.proto"; // [#protodoc-title: Fault Injection] // Fault Injection :ref:`configuration overview `. +// [#extension: envoy.filters.http.fault] message FaultAbort { reserved 1; diff --git a/api/envoy/config/filter/http/fault/v3alpha/fault.proto b/api/envoy/config/filter/http/fault/v3alpha/fault.proto index 83719bbfbbc1..c85dfd495c1c 100644 --- a/api/envoy/config/filter/http/fault/v3alpha/fault.proto +++ b/api/envoy/config/filter/http/fault/v3alpha/fault.proto @@ -16,6 +16,7 @@ import "validate/validate.proto"; // [#protodoc-title: Fault Injection] // Fault Injection :ref:`configuration overview `. +// [#extension: envoy.filters.http.fault] message FaultAbort { reserved 1; diff --git a/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto index 1a909b45ff6c..2e533e9f2533 100644 --- a/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto +++ b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto @@ -11,6 +11,7 @@ import "validate/validate.proto"; // [#protodoc-title: gRPC HTTP/1.1 Reverse Bridge] // gRPC HTTP/1.1 Reverse Bridge :ref:`configuration overview // `. +// [#extension: envoy.filters.http.grpc_http1_reverse_bridge] // gRPC reverse bridge filter configuration message FilterConfig { diff --git a/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto b/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto index 27d1c2aab7cf..20f856881827 100644 --- a/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto +++ b/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto @@ -10,6 +10,7 @@ import "validate/validate.proto"; // [#protodoc-title: gRPC statistics] gRPC statistics filter // :ref:`configuration overview `. +// [#extension: envoy.filters.http.grpc_stats] // gRPC statistics filter configuration message FilterConfig { diff --git a/api/envoy/config/filter/http/gzip/v2/gzip.proto b/api/envoy/config/filter/http/gzip/v2/gzip.proto index 57935e8d9857..dd78214f4e26 100644 --- a/api/envoy/config/filter/http/gzip/v2/gzip.proto +++ b/api/envoy/config/filter/http/gzip/v2/gzip.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: Gzip] // Gzip :ref:`configuration overview `. +// [#extension: envoy.filters.http.gzip] // [#next-free-field: 10] message Gzip { diff --git a/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto b/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto index ec323900cabc..d59ee83e6a23 100644 --- a/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto +++ b/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // for matching load balancer subsets, logging, etc. // // Header to Metadata :ref:`configuration overview `. +// [#extension: envoy.filters.http.header_to_metadata] message Config { enum ValueType { diff --git a/api/envoy/config/filter/http/health_check/v2/health_check.proto b/api/envoy/config/filter/http/health_check/v2/health_check.proto index b4c0dcb1b47b..055920ff3c15 100644 --- a/api/envoy/config/filter/http/health_check/v2/health_check.proto +++ b/api/envoy/config/filter/http/health_check/v2/health_check.proto @@ -16,6 +16,7 @@ import "validate/validate.proto"; // [#protodoc-title: Health check] // Health check :ref:`configuration overview `. +// [#extension: envoy.filters.http.health_check] // [#next-free-field: 6] message HealthCheck { diff --git a/api/envoy/config/filter/http/health_check/v3alpha/health_check.proto b/api/envoy/config/filter/http/health_check/v3alpha/health_check.proto index 6b3169d18011..680a3fc89c9a 100644 --- a/api/envoy/config/filter/http/health_check/v3alpha/health_check.proto +++ b/api/envoy/config/filter/http/health_check/v3alpha/health_check.proto @@ -16,6 +16,7 @@ import "validate/validate.proto"; // [#protodoc-title: Health check] // Health check :ref:`configuration overview `. +// [#extension: envoy.filters.http.health_check] // [#next-free-field: 6] message HealthCheck { diff --git a/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto b/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto index ac088d80eaac..8e22c906b228 100644 --- a/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto +++ b/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: IP tagging] // IP tagging :ref:`configuration overview `. +// [#extension: envoy.filters.http.ip_tagging] message IPTagging { // The type of requests the filter should apply to. The supported types diff --git a/api/envoy/config/filter/http/ip_tagging/v3alpha/ip_tagging.proto b/api/envoy/config/filter/http/ip_tagging/v3alpha/ip_tagging.proto index b076b6080227..81ff557bd380 100644 --- a/api/envoy/config/filter/http/ip_tagging/v3alpha/ip_tagging.proto +++ b/api/envoy/config/filter/http/ip_tagging/v3alpha/ip_tagging.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: IP tagging] // IP tagging :ref:`configuration overview `. +// [#extension: envoy.filters.http.ip_tagging] message IPTagging { // The type of requests the filter should apply to. The supported types diff --git a/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto b/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto index 998e0696278e..2d5f656ecd9c 100644 --- a/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto +++ b/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto @@ -17,6 +17,7 @@ import "validate/validate.proto"; // [#protodoc-title: JWT Authentication] // JWT Authentication :ref:`configuration overview `. +// [#extension: envoy.filters.http.jwt_authn] // Please see following for JWT authentication flow: // diff --git a/api/envoy/config/filter/http/jwt_authn/v3alpha/config.proto b/api/envoy/config/filter/http/jwt_authn/v3alpha/config.proto index 82759233127d..bdabd330bbf3 100644 --- a/api/envoy/config/filter/http/jwt_authn/v3alpha/config.proto +++ b/api/envoy/config/filter/http/jwt_authn/v3alpha/config.proto @@ -17,6 +17,7 @@ import "validate/validate.proto"; // [#protodoc-title: JWT Authentication] // JWT Authentication :ref:`configuration overview `. +// [#extension: envoy.filters.http.jwt_authn] // Please see following for JWT authentication flow: // diff --git a/api/envoy/config/filter/http/lua/v2/lua.proto b/api/envoy/config/filter/http/lua/v2/lua.proto index dae34551a0ac..1bf16f3c86c7 100644 --- a/api/envoy/config/filter/http/lua/v2/lua.proto +++ b/api/envoy/config/filter/http/lua/v2/lua.proto @@ -10,6 +10,7 @@ import "validate/validate.proto"; // [#protodoc-title: Lua] // Lua :ref:`configuration overview `. +// [#extension: envoy.filters.http.lua] message Lua { // The Lua code that Envoy will execute. This can be a very small script that diff --git a/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto b/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto index b5927ed0f75a..ad0082694a38 100644 --- a/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto +++ b/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // The Original Src filter binds upstream connections to the original source address determined // for the request. This address could come from something like the Proxy Protocol filter, or it // could come from trusted http headers. +// [#extension: envoy.filters.http.original_src] message OriginalSrc { // Sets the SO_MARK option on the upstream connection's socket to the provided value. Used to // ensure that non-local addresses may be routed back through envoy when binding to the original diff --git a/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto b/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto index 6013f47bf8ce..0b0e1edfd5fa 100644 --- a/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto +++ b/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.http.ratelimit] // [#next-free-field: 8] message RateLimit { diff --git a/api/envoy/config/filter/http/rate_limit/v3alpha/rate_limit.proto b/api/envoy/config/filter/http/rate_limit/v3alpha/rate_limit.proto index ec8dad13e768..7380d261cf87 100644 --- a/api/envoy/config/filter/http/rate_limit/v3alpha/rate_limit.proto +++ b/api/envoy/config/filter/http/rate_limit/v3alpha/rate_limit.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.http.ratelimit] // [#next-free-field: 8] message RateLimit { diff --git a/api/envoy/config/filter/http/rbac/v2/rbac.proto b/api/envoy/config/filter/http/rbac/v2/rbac.proto index 4bdd8c5f2c9c..c497aa2fa645 100644 --- a/api/envoy/config/filter/http/rbac/v2/rbac.proto +++ b/api/envoy/config/filter/http/rbac/v2/rbac.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. +// [#extension: envoy.filters.http.rbac] // RBAC filter config. message RBAC { diff --git a/api/envoy/config/filter/http/rbac/v3alpha/rbac.proto b/api/envoy/config/filter/http/rbac/v3alpha/rbac.proto index 4dc9dab5c1a1..994eec6e849c 100644 --- a/api/envoy/config/filter/http/rbac/v3alpha/rbac.proto +++ b/api/envoy/config/filter/http/rbac/v3alpha/rbac.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. +// [#extension: envoy.filters.http.rbac] // RBAC filter config. message RBAC { diff --git a/api/envoy/config/filter/http/router/v2/router.proto b/api/envoy/config/filter/http/router/v2/router.proto index fb29bbef0c5c..d8a329be25db 100644 --- a/api/envoy/config/filter/http/router/v2/router.proto +++ b/api/envoy/config/filter/http/router/v2/router.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Router] // Router :ref:`configuration overview `. +// [#extension: envoy.filters.http.router] // [#next-free-field: 7] message Router { diff --git a/api/envoy/config/filter/http/router/v3alpha/router.proto b/api/envoy/config/filter/http/router/v3alpha/router.proto index 4cc0eae80634..59c541ccb4d9 100644 --- a/api/envoy/config/filter/http/router/v3alpha/router.proto +++ b/api/envoy/config/filter/http/router/v3alpha/router.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Router] // Router :ref:`configuration overview `. +// [#extension: envoy.filters.http.router] // [#next-free-field: 7] message Router { diff --git a/api/envoy/config/filter/http/squash/v2/squash.proto b/api/envoy/config/filter/http/squash/v2/squash.proto index 49e7538596a7..8d4f352ef570 100644 --- a/api/envoy/config/filter/http/squash/v2/squash.proto +++ b/api/envoy/config/filter/http/squash/v2/squash.proto @@ -13,6 +13,7 @@ import "validate/validate.proto"; // [#protodoc-title: Squash] // Squash :ref:`configuration overview `. +// [#extension: envoy.filters.http.squash] // [#next-free-field: 6] message Squash { diff --git a/api/envoy/config/filter/http/tap/v2alpha/tap.proto b/api/envoy/config/filter/http/tap/v2alpha/tap.proto index ee9027055ab9..4dc3b33bb31a 100644 --- a/api/envoy/config/filter/http/tap/v2alpha/tap.proto +++ b/api/envoy/config/filter/http/tap/v2alpha/tap.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: Tap] // Tap :ref:`configuration overview `. +// [#extension: envoy.filters.http.tap] // Top level configuration for the tap filter. message Tap { diff --git a/api/envoy/config/filter/http/tap/v3alpha/tap.proto b/api/envoy/config/filter/http/tap/v3alpha/tap.proto index f3ec07e10438..064307cba0c5 100644 --- a/api/envoy/config/filter/http/tap/v3alpha/tap.proto +++ b/api/envoy/config/filter/http/tap/v3alpha/tap.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: Tap] // Tap :ref:`configuration overview `. +// [#extension: envoy.filters.http.tap] // Top level configuration for the tap filter. message Tap { diff --git a/api/envoy/config/filter/http/transcoder/v2/transcoder.proto b/api/envoy/config/filter/http/transcoder/v2/transcoder.proto index b56232250979..af5ea5a18db4 100644 --- a/api/envoy/config/filter/http/transcoder/v2/transcoder.proto +++ b/api/envoy/config/filter/http/transcoder/v2/transcoder.proto @@ -10,6 +10,7 @@ import "validate/validate.proto"; // [#protodoc-title: gRPC-JSON transcoder] // gRPC-JSON transcoder :ref:`configuration overview `. +// [#extension: envoy.filters.http.grpc_json_transcoder] // [#next-free-field: 10] message GrpcJsonTranscoder { diff --git a/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto b/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto index a9d8fb939a91..f6aa6b5a0e3f 100644 --- a/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto +++ b/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto @@ -10,6 +10,7 @@ import "validate/validate.proto"; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. +// [#extension: envoy.filters.listener.original_src] // The Original Src filter binds upstream connections to the original source address determined // for the connection. This address could come from something like the Proxy Protocol filter, or it diff --git a/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto b/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto index 0a51432321c7..d9819c9e8ca8 100644 --- a/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto +++ b/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Client TLS authentication] // Client TLS authentication // :ref:`configuration overview `. +// [#extension: envoy.filters.network.client_ssl_auth] message ClientSSLAuth { // The :ref:`cluster manager ` cluster that runs diff --git a/api/envoy/config/filter/network/client_ssl_auth/v3alpha/client_ssl_auth.proto b/api/envoy/config/filter/network/client_ssl_auth/v3alpha/client_ssl_auth.proto index 6cf616d96f67..6bfe225a1496 100644 --- a/api/envoy/config/filter/network/client_ssl_auth/v3alpha/client_ssl_auth.proto +++ b/api/envoy/config/filter/network/client_ssl_auth/v3alpha/client_ssl_auth.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Client TLS authentication] // Client TLS authentication // :ref:`configuration overview `. +// [#extension: envoy.filters.network.client_ssl_auth] message ClientSSLAuth { // The :ref:`cluster manager ` cluster that runs diff --git a/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto b/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto index 2076d781612b..8a5ede0b6703 100644 --- a/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto +++ b/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Dubbo Proxy] // Dubbo Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.dubbo_proxy] // Dubbo Protocol types supported by Envoy. enum ProtocolType { diff --git a/api/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto index f55917baf2d6..ccb885d33006 100644 --- a/api/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto +++ b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Dubbo Proxy] // Dubbo Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.dubbo_proxy] // Dubbo Protocol types supported by Envoy. enum ProtocolType { diff --git a/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto index 9b8e2b7a7a02..795607fcf226 100644 --- a/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto +++ b/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto @@ -13,6 +13,7 @@ import "validate/validate.proto"; // [#protodoc-title: Network External Authorization ] // The network layer external authorization service configuration // :ref:`configuration overview `. +// [#extension: envoy.filters.network.ext_authz] // External Authorization filter calls out to an external service over the // gRPC Authorization API defined by diff --git a/api/envoy/config/filter/network/ext_authz/v3alpha/ext_authz.proto b/api/envoy/config/filter/network/ext_authz/v3alpha/ext_authz.proto index 97c6e4d45075..373034886c07 100644 --- a/api/envoy/config/filter/network/ext_authz/v3alpha/ext_authz.proto +++ b/api/envoy/config/filter/network/ext_authz/v3alpha/ext_authz.proto @@ -13,6 +13,7 @@ import "validate/validate.proto"; // [#protodoc-title: Network External Authorization ] // The network layer external authorization service configuration // :ref:`configuration overview `. +// [#extension: envoy.filters.network.ext_authz] // External Authorization filter calls out to an external service over the // gRPC Authorization API defined by diff --git a/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index 19f3fe3dd37d..5a826725e07f 100644 --- a/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -22,6 +22,7 @@ import "validate/validate.proto"; // [#protodoc-title: HTTP connection manager] // HTTP connection manager :ref:`configuration overview `. +// [#extension: envoy.filters.network.http_connection_manager] // [#next-free-field: 36] message HttpConnectionManager { diff --git a/api/envoy/config/filter/network/http_connection_manager/v3alpha/http_connection_manager.proto b/api/envoy/config/filter/network/http_connection_manager/v3alpha/http_connection_manager.proto index f96b590d7130..0cdef53dc548 100644 --- a/api/envoy/config/filter/network/http_connection_manager/v3alpha/http_connection_manager.proto +++ b/api/envoy/config/filter/network/http_connection_manager/v3alpha/http_connection_manager.proto @@ -22,6 +22,7 @@ import "validate/validate.proto"; // [#protodoc-title: HTTP connection manager] // HTTP connection manager :ref:`configuration overview `. +// [#extension: envoy.filters.network.http_connection_manager] // [#next-free-field: 36] message HttpConnectionManager { diff --git a/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto b/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto index 724c8a3b4c40..aee2936e99a2 100644 --- a/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto +++ b/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: Mongo proxy] // MongoDB :ref:`configuration overview `. +// [#extension: envoy.filters.network.mongo_proxy] message MongoProxy { // The human readable prefix to use when emitting :ref:`statistics diff --git a/api/envoy/config/filter/network/mongo_proxy/v3alpha/mongo_proxy.proto b/api/envoy/config/filter/network/mongo_proxy/v3alpha/mongo_proxy.proto index 9ca7a7a3a5e6..cee198dbc12e 100644 --- a/api/envoy/config/filter/network/mongo_proxy/v3alpha/mongo_proxy.proto +++ b/api/envoy/config/filter/network/mongo_proxy/v3alpha/mongo_proxy.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: Mongo proxy] // MongoDB :ref:`configuration overview `. +// [#extension: envoy.filters.network.mongo_proxy] message MongoProxy { // The human readable prefix to use when emitting :ref:`statistics diff --git a/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto b/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto index dee014556360..4665bbfa7ba0 100644 --- a/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto +++ b/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto @@ -10,10 +10,11 @@ import "validate/validate.proto"; // [#protodoc-title: MySQL proxy] // MySQL Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.mysql_proxy] message MySQLProxy { // The human readable prefix to use when emitting :ref:`statistics // `. - string stat_prefix = 1 [(validate.rules).string.min_bytes = 1]; + string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; // [#not-implemented-hide:] The optional path to use for writing MySQL access logs. // If the access log field is empty, access logs will not be written. diff --git a/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto b/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto index 4e3f5fc2d289..d65797ea5126 100644 --- a/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto +++ b/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.network.ratelimit] // [#next-free-field: 7] message RateLimit { diff --git a/api/envoy/config/filter/network/rate_limit/v3alpha/rate_limit.proto b/api/envoy/config/filter/network/rate_limit/v3alpha/rate_limit.proto index f8d65b687edb..d16715013198 100644 --- a/api/envoy/config/filter/network/rate_limit/v3alpha/rate_limit.proto +++ b/api/envoy/config/filter/network/rate_limit/v3alpha/rate_limit.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.network.ratelimit] // [#next-free-field: 7] message RateLimit { diff --git a/api/envoy/config/filter/network/rbac/v2/rbac.proto b/api/envoy/config/filter/network/rbac/v2/rbac.proto index ea24eb50f431..4d6cb00c62d7 100644 --- a/api/envoy/config/filter/network/rbac/v2/rbac.proto +++ b/api/envoy/config/filter/network/rbac/v2/rbac.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. +// [#extension: envoy.filters.network.rbac] // RBAC network filter config. // diff --git a/api/envoy/config/filter/network/rbac/v3alpha/rbac.proto b/api/envoy/config/filter/network/rbac/v3alpha/rbac.proto index b8ec5828baec..febc45062f90 100644 --- a/api/envoy/config/filter/network/rbac/v3alpha/rbac.proto +++ b/api/envoy/config/filter/network/rbac/v3alpha/rbac.proto @@ -12,6 +12,7 @@ import "validate/validate.proto"; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. +// [#extension: envoy.filters.network.rbac] // RBAC network filter config. // diff --git a/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto b/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto index 3b718c4f3416..da1acdb75c58 100644 --- a/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto +++ b/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Redis Proxy] // Redis Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.redis_proxy] // [#next-free-field: 7] message RedisProxy { diff --git a/api/envoy/config/filter/network/redis_proxy/v3alpha/redis_proxy.proto b/api/envoy/config/filter/network/redis_proxy/v3alpha/redis_proxy.proto index a553f830081a..9c04dbacdc3f 100644 --- a/api/envoy/config/filter/network/redis_proxy/v3alpha/redis_proxy.proto +++ b/api/envoy/config/filter/network/redis_proxy/v3alpha/redis_proxy.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Redis Proxy] // Redis Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.redis_proxy] // [#next-free-field: 7] message RedisProxy { diff --git a/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto b/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto index 373d072bdbb8..c1357e90b344 100644 --- a/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto +++ b/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto @@ -18,6 +18,7 @@ import "validate/validate.proto"; // [#protodoc-title: TCP Proxy] // TCP Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.tcp_proxy] // [#next-free-field: 12] message TcpProxy { diff --git a/api/envoy/config/filter/network/tcp_proxy/v3alpha/tcp_proxy.proto b/api/envoy/config/filter/network/tcp_proxy/v3alpha/tcp_proxy.proto index 9ba8419dbd14..a36676bf92b2 100644 --- a/api/envoy/config/filter/network/tcp_proxy/v3alpha/tcp_proxy.proto +++ b/api/envoy/config/filter/network/tcp_proxy/v3alpha/tcp_proxy.proto @@ -18,6 +18,7 @@ import "validate/validate.proto"; // [#protodoc-title: TCP Proxy] // TCP Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.tcp_proxy] // [#next-free-field: 12] message TcpProxy { diff --git a/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto b/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto index b0e25c2407cf..a857592373c4 100644 --- a/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto +++ b/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Thrift Proxy] // Thrift Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.thrift_proxy] // Thrift transport types supported by Envoy. enum TransportType { diff --git a/api/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto b/api/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto index dffacb51e2da..9c5f5d3966b8 100644 --- a/api/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto +++ b/api/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // [#protodoc-title: Thrift Proxy] // Thrift Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.thrift_proxy] // Thrift transport types supported by Envoy. enum TransportType { diff --git a/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto b/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto index 72d09810ff0f..cfe2a1075d86 100644 --- a/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto +++ b/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto @@ -6,15 +6,17 @@ option java_outer_classname = "ZookeeperProxyProto"; option java_multiple_files = true; option java_package = "io.envoyproxy.envoy.config.filter.network.zookeeper_proxy.v1alpha1"; -import "validate/validate.proto"; import "google/protobuf/wrappers.proto"; +import "validate/validate.proto"; + // [#protodoc-title: ZooKeeper proxy] // ZooKeeper Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.zookeeper_proxy] message ZooKeeperProxy { // The human readable prefix to use when emitting :ref:`statistics // `. - string stat_prefix = 1 [(validate.rules).string.min_bytes = 1]; + string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; // [#not-implemented-hide:] The optional path to use for writing ZooKeeper access logs. // If the access log field is empty, access logs will not be written. diff --git a/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto b/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto index 492af6cb6374..bf3cb83dcae2 100644 --- a/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto +++ b/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.thrift.ratelimit] // [#next-free-field: 6] message RateLimit { diff --git a/api/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto b/api/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto index 0d43762ebf74..0365f343fa84 100644 --- a/api/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto +++ b/api/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto @@ -14,6 +14,7 @@ import "validate/validate.proto"; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.thrift.ratelimit] // [#next-free-field: 6] message RateLimit { diff --git a/api/envoy/config/filter/thrift/router/v2alpha1/router.proto b/api/envoy/config/filter/thrift/router/v2alpha1/router.proto index 9c9383caf33f..e5dd085569bc 100644 --- a/api/envoy/config/filter/thrift/router/v2alpha1/router.proto +++ b/api/envoy/config/filter/thrift/router/v2alpha1/router.proto @@ -8,6 +8,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.thrift.router.v2alpha1" // [#protodoc-title: Router] // Thrift router :ref:`configuration overview `. +// [#extension: envoy.filters.thrift.router] message Router { } diff --git a/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto b/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto index 154572901a7c..353843f28c8c 100644 --- a/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto +++ b/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto @@ -10,6 +10,7 @@ import "validate/validate.proto"; // [#protodoc-title: Grpc Credentials AWS IAM] // Configuration for AWS IAM Grpc Credentials Plugin +// [#extension: envoy.grpc_credentials.aws_iam] message AwsIamConfig { // The `service namespace diff --git a/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto b/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto index cd9f27d71e45..3b814ee850e9 100644 --- a/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto +++ b/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto @@ -10,6 +10,7 @@ import "envoy/api/v2/core/base.proto"; // [#protodoc-title: Grpc Credentials File Based Metadata] // Configuration for File Based Metadata Grpc Credentials Plugin +// [#extension: envoy.grpc_credentials.file_based_metadata] message FileBasedMetadataConfig { // Location or inline data of secret to use for authentication of the Google gRPC connection diff --git a/api/envoy/config/grpc_credential/v3alpha/aws_iam.proto b/api/envoy/config/grpc_credential/v3alpha/aws_iam.proto index fe100f9ded91..84c60b6f7adc 100644 --- a/api/envoy/config/grpc_credential/v3alpha/aws_iam.proto +++ b/api/envoy/config/grpc_credential/v3alpha/aws_iam.proto @@ -10,6 +10,7 @@ import "validate/validate.proto"; // [#protodoc-title: Grpc Credentials AWS IAM] // Configuration for AWS IAM Grpc Credentials Plugin +// [#extension: envoy.grpc_credentials.aws_iam] message AwsIamConfig { // The `service namespace diff --git a/api/envoy/config/grpc_credential/v3alpha/file_based_metadata.proto b/api/envoy/config/grpc_credential/v3alpha/file_based_metadata.proto index dc8156a57b88..27cc077fd9b7 100644 --- a/api/envoy/config/grpc_credential/v3alpha/file_based_metadata.proto +++ b/api/envoy/config/grpc_credential/v3alpha/file_based_metadata.proto @@ -10,6 +10,7 @@ import "envoy/api/v3alpha/core/base.proto"; // [#protodoc-title: Grpc Credentials File Based Metadata] // Configuration for File Based Metadata Grpc Credentials Plugin +// [#extension: envoy.grpc_credentials.file_based_metadata] message FileBasedMetadataConfig { // Location or inline data of secret to use for authentication of the Google gRPC connection diff --git a/api/envoy/config/health_checker/redis/v2/redis.proto b/api/envoy/config/health_checker/redis/v2/redis.proto index 8ab2de269a5f..5df588427daa 100644 --- a/api/envoy/config/health_checker/redis/v2/redis.proto +++ b/api/envoy/config/health_checker/redis/v2/redis.proto @@ -8,6 +8,7 @@ option java_package = "io.envoyproxy.envoy.config.health_checker.redis.v2"; // [#protodoc-title: Redis] // Redis health checker :ref:`configuration overview `. +// [#extension: envoy.health_checkers.redis] message Redis { // If set, optionally perform ``EXISTS `` instead of ``PING``. A return value diff --git a/api/envoy/config/metrics/v2/metrics_service.proto b/api/envoy/config/metrics/v2/metrics_service.proto index da53e5a52fdc..5fd045e47135 100644 --- a/api/envoy/config/metrics/v2/metrics_service.proto +++ b/api/envoy/config/metrics/v2/metrics_service.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // Metrics Service is configured as a built-in *envoy.metrics_service* :ref:`StatsSink // `. This opaque configuration will be used to create // Metrics Service. +// [#extension: envoy.stat_sinks.metrics_service] message MetricsServiceConfig { // The upstream gRPC cluster that hosts the metrics service. api.v2.core.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}]; diff --git a/api/envoy/config/metrics/v2/stats.proto b/api/envoy/config/metrics/v2/stats.proto index 79f2ce81f3ce..b46301b2783a 100644 --- a/api/envoy/config/metrics/v2/stats.proto +++ b/api/envoy/config/metrics/v2/stats.proto @@ -240,6 +240,7 @@ message TagSpecifier { // Stats configuration proto schema for built-in *envoy.statsd* sink. This sink does not support // tagged metrics. +// [#extension: envoy.stat_sinks.statsd] message StatsdSink { oneof statsd_specifier { option (validate.required) = true; @@ -288,6 +289,7 @@ message StatsdSink { // The sink emits stats with `DogStatsD `_ // compatible tags. Tags are configurable via :ref:`StatsConfig // `. +// [#extension: envoy.stat_sinks.dog_statsd] message DogStatsdSink { reserved 2; @@ -313,6 +315,7 @@ message DogStatsdSink { // Note that only a single HystrixSink should be configured. // // Streaming is started through an admin endpoint :http:get:`/hystrix_event_stream`. +// [#extension: envoy.stat_sinks.hystrix] message HystrixSink { // The number of buckets the rolling statistical window is divided into. // diff --git a/api/envoy/config/metrics/v3alpha/metrics_service.proto b/api/envoy/config/metrics/v3alpha/metrics_service.proto index 83124c081771..2a3fbfb85e9c 100644 --- a/api/envoy/config/metrics/v3alpha/metrics_service.proto +++ b/api/envoy/config/metrics/v3alpha/metrics_service.proto @@ -15,6 +15,7 @@ import "validate/validate.proto"; // Metrics Service is configured as a built-in *envoy.metrics_service* :ref:`StatsSink // `. This opaque configuration will be used to // create Metrics Service. +// [#extension: envoy.stat_sinks.metrics_service] message MetricsServiceConfig { // The upstream gRPC cluster that hosts the metrics service. api.v3alpha.core.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}]; diff --git a/api/envoy/config/metrics/v3alpha/stats.proto b/api/envoy/config/metrics/v3alpha/stats.proto index f9905f209eab..12e15390e772 100644 --- a/api/envoy/config/metrics/v3alpha/stats.proto +++ b/api/envoy/config/metrics/v3alpha/stats.proto @@ -243,6 +243,7 @@ message TagSpecifier { // Stats configuration proto schema for built-in *envoy.statsd* sink. This sink does not support // tagged metrics. +// [#extension: envoy.stat_sinks.statsd] message StatsdSink { oneof statsd_specifier { option (validate.required) = true; @@ -291,6 +292,7 @@ message StatsdSink { // The sink emits stats with `DogStatsD `_ // compatible tags. Tags are configurable via :ref:`StatsConfig // `. +// [#extension: envoy.stat_sinks.dog_statsd] message DogStatsdSink { reserved 2; @@ -316,6 +318,7 @@ message DogStatsdSink { // Note that only a single HystrixSink should be configured. // // Streaming is started through an admin endpoint :http:get:`/hystrix_event_stream`. +// [#extension: envoy.stat_sinks.hystrix] message HystrixSink { // The number of buckets the rolling statistical window is divided into. // diff --git a/api/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto b/api/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto index ad3d1ab1eada..2f9b035f574b 100644 --- a/api/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto +++ b/api/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto @@ -9,6 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.resource_monitor.fixed_heap.v2 import "validate/validate.proto"; // [#protodoc-title: Fixed heap] +// [#extension: envoy.resource_monitors.fixed_heap] // The fixed heap resource monitor reports the Envoy process memory pressure, computed as a // fraction of currently reserved heap memory divided by a statically configured maximum diff --git a/api/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto b/api/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto index 2a8a1a43150c..e31c6f5f328b 100644 --- a/api/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto +++ b/api/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto @@ -9,6 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.resource_monitor.injected_reso import "validate/validate.proto"; // [#protodoc-title: Injected resource] +// [#extension: envoy.resource_monitors.injected_resource] // The injected resource monitor allows injecting a synthetic resource pressure into Envoy // via a text file, which must contain a floating-point number in the range [0..1] representing diff --git a/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto b/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto index 9ee2ed552687..ee92a2e49f05 100644 --- a/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto +++ b/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto @@ -30,6 +30,7 @@ option java_package = "io.envoyproxy.envoy.config.retry.previous_priorities"; // // Using this PriorityFilter requires rebuilding the priority load, which runs in O(# of // priorities), which might incur significant overhead for clusters with many priorities. +// [#extension: envoy.retry_priorities.previous_priorities] message PreviousPrioritiesConfig { // How often the priority load should be updated based on previously attempted priorities. Useful // to allow each priorities to receive more than one request before being excluded or to reduce diff --git a/api/envoy/config/trace/v2/trace.proto b/api/envoy/config/trace/v2/trace.proto index 0825e697b76f..c9eec1db7ec4 100644 --- a/api/envoy/config/trace/v2/trace.proto +++ b/api/envoy/config/trace/v2/trace.proto @@ -60,6 +60,7 @@ message Tracing { } // Configuration for the LightStep tracer. +// [#extension: envoy.tracers.lightstep] message LightstepConfig { // The cluster manager cluster that hosts the LightStep collectors. string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -70,6 +71,7 @@ message LightstepConfig { } // Configuration for the Zipkin tracer. +// [#extension: envoy.tracers.zipkin] // [#next-free-field: 6] message ZipkinConfig { // Available Zipkin collector endpoint versions. @@ -119,6 +121,7 @@ message ZipkinConfig { // DynamicOtConfig is used to dynamically load a tracer from a shared library // that implements the `OpenTracing dynamic loading API // `_. +// [#extension: envoy.tracers.dynamic_ot] message DynamicOtConfig { // Dynamic library implementing the `OpenTracing API // `_. @@ -130,6 +133,7 @@ message DynamicOtConfig { } // Configuration for the Datadog tracer. +// [#extension: envoy.tracers.datadog] message DatadogConfig { // The cluster to use for submitting traces to the Datadog agent. string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -140,6 +144,7 @@ message DatadogConfig { // Configuration for the OpenCensus tracer. // [#next-free-field: 13] +// [#extension: envoy.tracers.opencensus] message OpenCensusConfig { enum TraceContext { // No-op default, no trace context is utilized. diff --git a/api/envoy/config/trace/v3alpha/trace.proto b/api/envoy/config/trace/v3alpha/trace.proto index 0311e04c3b3a..f586d15b83e2 100644 --- a/api/envoy/config/trace/v3alpha/trace.proto +++ b/api/envoy/config/trace/v3alpha/trace.proto @@ -62,6 +62,7 @@ message Tracing { } // Configuration for the LightStep tracer. +// [#extension: envoy.tracers.lightstep] message LightstepConfig { // The cluster manager cluster that hosts the LightStep collectors. string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -72,6 +73,7 @@ message LightstepConfig { } // Configuration for the Zipkin tracer. +// [#extension: envoy.tracers.zipkin] // [#next-free-field: 6] message ZipkinConfig { // Available Zipkin collector endpoint versions. @@ -121,6 +123,7 @@ message ZipkinConfig { // DynamicOtConfig is used to dynamically load a tracer from a shared library // that implements the `OpenTracing dynamic loading API // `_. +// [#extension: envoy.tracers.dynamic_ot] message DynamicOtConfig { // Dynamic library implementing the `OpenTracing API // `_. @@ -132,6 +135,7 @@ message DynamicOtConfig { } // Configuration for the Datadog tracer. +// [#extension: envoy.tracers.datadog] message DatadogConfig { // The cluster to use for submitting traces to the Datadog agent. string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; @@ -142,6 +146,7 @@ message DatadogConfig { // Configuration for the OpenCensus tracer. // [#next-free-field: 13] +// [#extension: envoy.tracers.opencensus] message OpenCensusConfig { enum TraceContext { // No-op default, no trace context is utilized. diff --git a/api/envoy/config/transport_socket/alts/v2alpha/alts.proto b/api/envoy/config/transport_socket/alts/v2alpha/alts.proto index e19f4520359f..668facfc61dc 100644 --- a/api/envoy/config/transport_socket/alts/v2alpha/alts.proto +++ b/api/envoy/config/transport_socket/alts/v2alpha/alts.proto @@ -9,6 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.transport_socket.alts.v2alpha" import "validate/validate.proto"; // [#protodoc-title: ALTS] +// [#extension: envoy.transport_sockets.alts] // Configuration for ALTS transport socket. This provides Google's ALTS protocol to Envoy. // https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/ diff --git a/api/envoy/config/transport_socket/tap/v2alpha/tap.proto b/api/envoy/config/transport_socket/tap/v2alpha/tap.proto index ffb121fcb061..418116336572 100644 --- a/api/envoy/config/transport_socket/tap/v2alpha/tap.proto +++ b/api/envoy/config/transport_socket/tap/v2alpha/tap.proto @@ -12,6 +12,7 @@ import "envoy/config/common/tap/v2alpha/common.proto"; import "validate/validate.proto"; // [#protodoc-title: Tap] +// [#extension: envoy.transport_sockets.tap] // Configuration for tap transport socket. This wraps another transport socket, providing the // ability to interpose and record in plain text any traffic that is surfaced to Envoy. diff --git a/api/envoy/config/transport_socket/tap/v3alpha/tap.proto b/api/envoy/config/transport_socket/tap/v3alpha/tap.proto index dc5c303d0214..6a6fd972bd4b 100644 --- a/api/envoy/config/transport_socket/tap/v3alpha/tap.proto +++ b/api/envoy/config/transport_socket/tap/v3alpha/tap.proto @@ -12,6 +12,7 @@ import "envoy/config/common/tap/v3alpha/common.proto"; import "validate/validate.proto"; // [#protodoc-title: Tap] +// [#extension: envoy.transport_sockets.tap] // Configuration for tap transport socket. This wraps another transport socket, providing the // ability to interpose and record in plain text any traffic that is surfaced to Envoy. diff --git a/bazel/envoy_build_system.bzl b/bazel/envoy_build_system.bzl index 884593961cfa..4ae055e71289 100644 --- a/bazel/envoy_build_system.bzl +++ b/bazel/envoy_build_system.bzl @@ -6,6 +6,7 @@ load(":envoy_internal.bzl", "envoy_external_dep_path") load( ":envoy_library.bzl", _envoy_basic_cc_library = "envoy_basic_cc_library", + _envoy_cc_extension = "envoy_cc_extension", _envoy_cc_library = "envoy_cc_library", _envoy_cc_posix_library = "envoy_cc_posix_library", _envoy_cc_win32_library = "envoy_cc_win32_library", @@ -171,6 +172,7 @@ envoy_cc_binary = _envoy_cc_binary # Library wrappers (from envoy_library.bzl) envoy_basic_cc_library = _envoy_basic_cc_library +envoy_cc_extension = _envoy_cc_extension envoy_cc_library = _envoy_cc_library envoy_cc_posix_library = _envoy_cc_posix_library envoy_cc_win32_library = _envoy_cc_win32_library diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 9aecc019a90f..b2fa86ed3c9f 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -29,6 +29,53 @@ def envoy_basic_cc_library(name, deps = [], external_deps = [], **kargs): **kargs ) +# All Envoy extensions must be tagged with their security hardening stance with +# respect to downstream and upstream data plane threats. These are verbose +# labels intended to make clear the trust that operators may place in +# extensions. +EXTENSION_SECURITY_POSTURES = [ + # This extension is hardened against untrusted downstream traffic. It + # assumes that the upstream is trusted. + "robust_to_untrusted_downstream", + # This extension is hardened against both untrusted downstream and upstream + # traffic. + "robust_to_untrusted_downstream_and_upstream", + # This extension is not hardened and should only be used in deployments + # where both the downstream and upstream are trusted. + "requires_trusted_downstream_and_upstream", + # This is functionally equivalent to + # requires_trusted_downstream_and_upstream, but acts as a placeholder to + # allow us to identify extensions that need classifying. + "unknown", + # Not relevant to data plane threats, e.g. stats sinks. + "data_plane_agnostic", +] + +EXTENSION_STATUS_VALUES = [ + # This extension is stable and is expected to be production usable. + "stable", + # This extension is functional but has not had substantial production burn + # time, use only with this caveat. + "alpha", + # This extension is work-in-progress. Functionality is incomplete and it is + # not intended for production use. + "wip", +] + +def envoy_cc_extension( + name, + security_posture, + # Only set this for internal, undocumented extensions. + undocumented = False, + status = "stable", + tags = [], + **kwargs): + if security_posture not in EXTENSION_SECURITY_POSTURES: + fail("Unknown extension security posture: " + security_posture) + if status not in EXTENSION_STATUS_VALUES: + fail("Unknown extension status: " + status) + envoy_cc_library(name, tags = tags, **kwargs) + # Envoy C++ library targets should be specified with this function. def envoy_cc_library( name, diff --git a/docs/build.sh b/docs/build.sh index ce7efd17b59f..795d8d6e7c25 100755 --- a/docs/build.sh +++ b/docs/build.sh @@ -53,9 +53,26 @@ rm -rf bazel-bin/external/envoy_api # This is for local RBE setup, should be no-op for builds without RBE setting in bazelrc files. BAZEL_BUILD_OPTIONS+=" --remote_download_outputs=all" +export EXTENSION_DB_PATH="$(realpath "${BUILD_DIR}/extension_db.json")" + +# Generate extension database. This maps from extension name to extension +# metadata, based on the envoy_cc_extension() Bazel target attributes. +./docs/generate_extension_db.py "${EXTENSION_DB_PATH}" + +# Generate RST for the lists of trusted/untrusted extensions in +# intro/arch_overview/security docs. +mkdir -p "${GENERATED_RST_DIR}"/intro/arch_overview/security +./docs/generate_extension_rst.py "${EXTENSION_DB_PATH}" "${GENERATED_RST_DIR}"/intro/arch_overview/security + +# Generate the extensions docs bazel build ${BAZEL_BUILD_OPTIONS} @envoy_api//docs:protos --aspects \ tools/protodoc/protodoc.bzl%protodoc_aspect --output_groups=rst --action_env=CPROFILE_ENABLED=1 \ - --action_env=ENVOY_BLOB_SHA --host_force_python=PY3 + --action_env=ENVOY_BLOB_SHA --action_env=EXTENSION_DB_PATH="${EXTENSION_DB_PATH}" --host_force_python=PY3 + +# Fill in boiler plate for extensions that have google.protobuf.Empty as their +# config. +bazel run ${BAZEL_BUILD_OPTIONS} //tools/protodoc:generate_empty -- \ + "${PWD}"/docs/empty_extensions.json "${PWD}/${GENERATED_RST_DIR}"/api-v2/config # We do ** matching below to deal with Bazel cache blah (source proto artifacts # are nested inside source package targets). diff --git a/docs/empty_extensions.json b/docs/empty_extensions.json new file mode 100644 index 000000000000..b62671ca6d9d --- /dev/null +++ b/docs/empty_extensions.json @@ -0,0 +1,66 @@ +{ + "envoy.filters.http.cors": { + "title": "CORS processing", + "path": "filter/http/cors", + "description": "https://en.wikipedia.org/wiki/Cross-origin_resource_sharing", + "ref": "config_http_filters_cors" + }, + "envoy.filters.http.dynamo": { + "title": "AWS DynamoDB", + "path": "filter/http/dynamo", + "description": "https://aws.amazon.com/dynamodb/", + "ref": "config_http_filters_dynamo" + }, + "envoy.filters.http.grpc_http1_bridge": { + "title": "gRPC HTTP/1 bridge", + "path": "filter/http/grpc_http1_bridge", + "description": "HTTP filter that bridges HTTP/1.1 unary gRPC to compliant HTTP/2 gRPC", + "ref": "config_http_filters_grpc_bridge" + }, + "envoy.filters.http.grpc_web": { + "title": "gRPC Web", + "path": "filter/http/grpc_web", + "description": "https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-WEB.md", + "ref": "config_http_filters_grpc_web" + }, + "envoy.filters.listener.http_inspector": { + "title": "HTTP Inspector", + "path": "filter/listener/http_inspector", + "ref": "config_listener_filters_http_inspector" + }, + "envoy.filters.listener.original_dst": { + "title": "Original Destination", + "path": "filter/listener/original_dst", + "ref": "config_listener_filters_original_dst" + }, + "envoy.filters.listener.proxy_protocol": { + "title": "Proxy Protocol", + "path": "filter/listener/proxy_protocol", + "ref": "config_listener_filters_proxy_protocol" + }, + "envoy.filters.listener.tls_inspector": { + "title": "TLS Inspector", + "path": "filter/listener/tls_inspector", + "ref": "config_listener_filters_tls_inspector" + }, + "envoy.filters.network.echo": { + "title": "Echo", + "path": "filter/network/echo", + "ref": "config_network_filters_echo" + }, + "envoy.filters.network.sni_cluster": { + "title": "SNI Cluster", + "path": "filter/network/sni_cluster", + "ref": "config_network_filters_sni_cluster" + }, + "envoy.retry_host_predicates.previous_hosts": { + "title": "Previous Hosts", + "path": "retry/previous_hosts", + "ref": "arch_overview_http_retry_plugins" + }, + "envoy.retry_host_predicates.omit_canary_hosts": { + "title": "Omit Canary Hosts", + "path": "retry/omit_canary_hosts", + "ref": "arch_overview_http_retry_plugins" + } +} diff --git a/docs/generate_extension_db.py b/docs/generate_extension_db.py new file mode 100755 index 000000000000..d021b75e48ab --- /dev/null +++ b/docs/generate_extension_db.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 + +# Generate an extension database, a JSON file mapping from qualified well known +# extension name to metadata derived from the envoy_cc_extension target. + +import json +import os +import pathlib +import shutil +import subprocess +import sys + +from importlib.util import spec_from_loader, module_from_spec +from importlib.machinery import SourceFileLoader + +BUILDOZER_PATH = os.getenv("BUILDOZER_BIN") or (os.path.expandvars("$GOPATH/bin/buildozer") if + os.getenv("GOPATH") else shutil.which("buildozer")) + +# source/extensions/extensions_build_config.bzl must have a .bzl suffix for Starlark +# import, so we are forced to do this workaround. +_extensions_build_config_spec = spec_from_loader( + 'extensions_build_config', + SourceFileLoader('extensions_build_config', 'source/extensions/extensions_build_config.bzl')) +extensions_build_config = module_from_spec(_extensions_build_config_spec) +_extensions_build_config_spec.loader.exec_module(extensions_build_config) + + +class ExtensionDbError(Exception): + pass + + +def IsMissing(value): + return value == '(missing)' + + +def GetExtensionMetadata(target): + r = subprocess.run( + [BUILDOZER_PATH, '-stdout', 'print security_posture status undocumented', target], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + security_posture, status, undocumented = r.stdout.decode('utf-8').strip().split(' ') + if IsMissing(security_posture): + raise ExtensionDbError('Missing security posture for %s' % target) + return { + 'security_posture': security_posture, + 'undocumented': False if IsMissing(undocumented) else bool(undocumented), + 'status': 'stable' if IsMissing(status) else status, + } + + +if __name__ == '__main__': + output_path = sys.argv[1] + extension_db = {} + for extension, target in extensions_build_config.EXTENSIONS.items(): + extension_db[extension] = GetExtensionMetadata(target) + + pathlib.Path(output_path).write_text(json.dumps(extension_db)) diff --git a/docs/generate_extension_rst.py b/docs/generate_extension_rst.py new file mode 100755 index 000000000000..ca98b0224019 --- /dev/null +++ b/docs/generate_extension_rst.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python3 + +# Generate RST lists of extensions grouped by their security posture. + +from collections import defaultdict +import json +import pathlib +import sys + + +def FormatItem(extension, metadata): + if metadata['undocumented']: + item = '* %s' % extension + else: + item = '* :ref:`%s `' % (extension, extension) + if metadata['status'] == 'alpha': + item += ' (alpha)' + return item + + +if __name__ == '__main__': + extension_db_path = sys.argv[1] + security_rst_root = sys.argv[2] + + extension_db = json.loads(pathlib.Path(extension_db_path).read_text()) + security_postures = defaultdict(list) + for extension, metadata in extension_db.items(): + security_postures[metadata['security_posture']].append(extension) + + for sp, extensions in security_postures.items(): + output_path = pathlib.Path(security_rst_root, 'secpos_%s.rst' % sp) + content = '\n'.join( + FormatItem(extension, extension_db[extension]) + for extension in sorted(extensions) + if extension_db[extension]['status'] != 'wip') + output_path.write_text(content) diff --git a/docs/root/api-v2/config/config.rst b/docs/root/api-v2/config/config.rst index 8a1881ec7019..10015222fe8e 100644 --- a/docs/root/api-v2/config/config.rst +++ b/docs/root/api-v2/config/config.rst @@ -15,3 +15,4 @@ Extensions cluster/cluster listener/listener grpc_credential/grpc_credential + retry/retry diff --git a/docs/root/api-v2/config/filter/http/http.rst b/docs/root/api-v2/config/filter/http/http.rst index 0aff5791bf6a..7746b0d72a5c 100644 --- a/docs/root/api-v2/config/filter/http/http.rst +++ b/docs/root/api-v2/config/filter/http/http.rst @@ -5,6 +5,7 @@ HTTP filters :glob: :maxdepth: 2 + */empty/* */v2/* */v2alpha/* */v2alpha1/* diff --git a/docs/root/api-v2/config/filter/listener/listener.rst b/docs/root/api-v2/config/filter/listener/listener.rst index d66039048e7a..9230a2e18a81 100644 --- a/docs/root/api-v2/config/filter/listener/listener.rst +++ b/docs/root/api-v2/config/filter/listener/listener.rst @@ -5,4 +5,5 @@ Listener filters :glob: :maxdepth: 2 + */empty/* */v2alpha1/* diff --git a/docs/root/api-v2/config/filter/network/network.rst b/docs/root/api-v2/config/filter/network/network.rst index cd12d279ff8b..706f81eccf9d 100644 --- a/docs/root/api-v2/config/filter/network/network.rst +++ b/docs/root/api-v2/config/filter/network/network.rst @@ -5,5 +5,7 @@ Network filters :glob: :maxdepth: 2 + */empty/* + */v1alpha1/* */v2/* */v2alpha1/* diff --git a/docs/root/api-v2/config/retry/retry.rst b/docs/root/api-v2/config/retry/retry.rst new file mode 100644 index 000000000000..b3f814b2a4e5 --- /dev/null +++ b/docs/root/api-v2/config/retry/retry.rst @@ -0,0 +1,9 @@ +Retry Predicates +================ + +.. toctree:: + :glob: + :maxdepth: 2 + + */empty/* + */* diff --git a/docs/root/intro/arch_overview/security/security.rst b/docs/root/intro/arch_overview/security/security.rst index 065935c6f342..16409d759de1 100644 --- a/docs/root/intro/arch_overview/security/security.rst +++ b/docs/root/intro/arch_overview/security/security.rst @@ -4,6 +4,7 @@ Security .. toctree:: :maxdepth: 2 + threat_model ssl jwt_authn_filter ext_authz_filter diff --git a/docs/root/intro/arch_overview/security/threat_model.rst b/docs/root/intro/arch_overview/security/threat_model.rst new file mode 100644 index 000000000000..765d1ba0d3a7 --- /dev/null +++ b/docs/root/intro/arch_overview/security/threat_model.rst @@ -0,0 +1,97 @@ +.. _arch_overview_threat_model: + +Threat model +============ + +Below we articulate the Envoy threat model, which is of relevance to Envoy operators, developers and +security researchers. We detail our security release process at +https://github.com/envoyproxy/envoy/security/policy. + +Confidentiality, integrity and availability +------------------------------------------- + +We consider vulnerabilities leading to the compromise of data confidentiality or integrity to be our +highest priority concerns. Availability, in particular in areas relating to DoS and resource +exhaustion, is also a serious security concern for Envoy operators, in particular those utilizing +Envoy in edge deployments. + +The Envoy availability stance around CPU and memory DoS, as well as Query-of-Death (QoD), is still +evolving. We will continue to iterate and fix well known resource issues in the open, e.g. overload +manager and watermark improvements. We will activate the security process for disclosures that +appear to present a risk profile that is significantly greater than the current Envoy availability +hardening status quo. Examples of disclosures that would elicit this response: + +* QoD; where a single query from a client can bring down an Envoy server. + +* Highly asymmetric resource exhaustion attacks, where very little traffic can cause resource exhaustion, + e.g. that delivered by a single client. + +Note that we do not currently consider the default settings for Envoy to be safe from an availability +perspective. It is necessary for operators to explicitly :ref:`configure ` +watermarks, the overload manager, circuit breakers and other resource related features in Envoy to +provide a robust availability story. We will not act on any security disclosure that relates to a +lack of safe defaults. Over time, we will work towards improved safe-by-default configuration, but +due to backwards compatibility and performance concerns, this will require following the breaking +change deprecation policy. + +Data and control plane +---------------------- + +We divide our threat model into data and control plane, reflecting the internal division in Envoy of +these concepts from an architectural perspective. Our highest priority in risk assessment is the +threat posed by untrusted downstream client traffic on the data plane. This reflects the use of +Envoy in an edge serving capacity and also the use of Envoy as an inbound destination in a service +mesh deployment. + +In addition, we have an evolving position towards any vulnerability that might be exploitable by +untrusted upstreams. We recognize that these constitute a serious security consideration, given the +use of Envoy as an egress proxy. We will activate the security release process for disclosures that +appear to present a risk profile that is significantly greater than the current Envoy upstream +hardening status quo. + +The control plane management server is generally trusted. We do not consider wire-level exploits +against the xDS transport protocol to be a concern as a result. However, the configuration delivered +to Envoy over xDS may originate from untrusted sources and may not be fully sanitized. An example of +this might be a service operator that hosts multiple tenants on an Envoy, where tenants may specify +a regular expression on a header match in `RouteConfiguration`. In this case, we expect that Envoy +is resilient against the risks posed by malicious configuration from a confidentiality, integrity +and availability perspective, as described above. + +We generally assume that services utilized for side calls during the request processing, e.g. +external authorization, credential suppliers, rate limit services, are trusted. When this is not the +case, an extension will explicitly state this in its documentation. + +Core and extensions +------------------- + +Anything in the Envoy core may be used in both untrusted and trusted deployments. As a consequence, +it should be hardened with this model in mind. Security issues related to core code will usually +trigger the security release process as described in this document. + +The following extensions are intended to be hardened against untrusted downstream and upstreams: + +.. include:: secpos_robust_to_untrusted_downstream_and_upstream.rst + +The following extensions should not be exposed to data plane attack vectors and hence are intended +to be robust to untrusted downstreams and upstreams: + +.. include:: secpos_data_plane_agnostic.rst + +The following extensions are intended to be hardened against untrusted downstreams but assume trusted +upstreams: + +.. include:: secpos_robust_to_untrusted_downstream.rst + +The following extensions should only be used when both the downstream and upstream are trusted: + +.. include:: secpos_requires_trusted_downstream_and_upstream.rst + + +The following extensions have an unknown security posture: + +.. include:: secpos_unknown.rst + +Envoy currently has two dynamic filter extensions that support loadable code; WASM and Lua. In both +cases, we assume that the dynamically loaded code is trusted. We expect the runtime for Lua to be +robust to untrusted data plane traffic with the assumption of a trusted script. WASM is still in +development, but will eventually have a similar security stance. diff --git a/source/extensions/access_loggers/file/BUILD b/source/extensions/access_loggers/file/BUILD index 7a935f7223ee..5901b7a5ce9a 100644 --- a/source/extensions/access_loggers/file/BUILD +++ b/source/extensions/access_loggers/file/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -20,10 +21,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":file_access_log_lib", "//include/envoy/registry", diff --git a/source/extensions/access_loggers/grpc/BUILD b/source/extensions/access_loggers/grpc/BUILD index 93c36f6c7c4e..3fa3e01b0e94 100644 --- a/source/extensions/access_loggers/grpc/BUILD +++ b/source/extensions/access_loggers/grpc/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -93,10 +94,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "http_config", srcs = ["http_config.cc"], hdrs = ["http_config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":config_utils", "//include/envoy/server:access_log_config_interface", @@ -110,10 +112,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "tcp_config", srcs = ["tcp_config.cc"], hdrs = ["tcp_config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":config_utils", "//include/envoy/server:access_log_config_interface", diff --git a/source/extensions/clusters/dynamic_forward_proxy/BUILD b/source/extensions/clusters/dynamic_forward_proxy/BUILD index feaa5cd8bb31..2aa9d4087987 100644 --- a/source/extensions/clusters/dynamic_forward_proxy/BUILD +++ b/source/extensions/clusters/dynamic_forward_proxy/BUILD @@ -2,16 +2,17 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "cluster", srcs = ["cluster.cc"], hdrs = ["cluster.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//source/common/network:transport_socket_options_lib", "//source/common/upstream:cluster_factory_lib", diff --git a/source/extensions/clusters/redis/BUILD b/source/extensions/clusters/redis/BUILD index d548fd659f0c..0eb379fa9d54 100644 --- a/source/extensions/clusters/redis/BUILD +++ b/source/extensions/clusters/redis/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -36,12 +37,13 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "redis_cluster", srcs = [ "redis_cluster.cc", "redis_cluster.h", ], + security_posture = "requires_trusted_downstream_and_upstream", deps = [ "redis_cluster_lb", "//include/envoy/api:api_interface", diff --git a/source/extensions/common/crypto/BUILD b/source/extensions/common/crypto/BUILD index a96daeaa193e..ec962c1ef07b 100644 --- a/source/extensions/common/crypto/BUILD +++ b/source/extensions/common/crypto/BUILD @@ -2,13 +2,13 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "utility_lib", srcs = [ "crypto_impl.cc", @@ -21,6 +21,8 @@ envoy_cc_library( external_deps = [ "ssl", ], + security_posture = "unknown", + undocumented = True, deps = [ "//include/envoy/buffer:buffer_interface", "//source/common/common:assert_lib", diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index f84620b5488f..a4445f4cfef7 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -80,8 +80,7 @@ EXTENSIONS = { "envoy.filters.network.echo": "//source/extensions/filters/network/echo:config", "envoy.filters.network.ext_authz": "//source/extensions/filters/network/ext_authz:config", "envoy.filters.network.http_connection_manager": "//source/extensions/filters/network/http_connection_manager:config", - # NOTE: Kafka filter does not have a proper filter implemented right now. We are referencing to - # codec implementation that is going to be used by the filter. + # WiP "envoy.filters.network.kafka": "//source/extensions/filters/network/kafka:kafka_request_codec_lib", "envoy.filters.network.mongo_proxy": "//source/extensions/filters/network/mongo_proxy:config", "envoy.filters.network.mysql_proxy": "//source/extensions/filters/network/mysql_proxy:config", @@ -125,6 +124,7 @@ EXTENSIONS = { "envoy.tracers.datadog": "//source/extensions/tracers/datadog:config", "envoy.tracers.zipkin": "//source/extensions/tracers/zipkin:config", "envoy.tracers.opencensus": "//source/extensions/tracers/opencensus:config", + # WiP "envoy.tracers.xray": "//source/extensions/tracers/xray:config", # @@ -137,7 +137,7 @@ EXTENSIONS = { # Retry host predicates "envoy.retry_host_predicates.previous_hosts": "//source/extensions/retry/host/previous_hosts:config", "envoy.retry_host_predicates.omit_canary_hosts": "//source/extensions/retry/host/omit_canary_hosts:config", - + # Retry priorities "envoy.retry_priorities.previous_priorities": "//source/extensions/retry/priority/previous_priorities:config", } diff --git a/source/extensions/filters/http/adaptive_concurrency/BUILD b/source/extensions/filters/http/adaptive_concurrency/BUILD index 4a142b62114c..c74ead9fdf5b 100644 --- a/source/extensions/filters/http/adaptive_concurrency/BUILD +++ b/source/extensions/filters/http/adaptive_concurrency/BUILD @@ -6,6 +6,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -25,10 +26,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "unknown", + status = "alpha", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/buffer/BUILD b/source/extensions/filters/http/buffer/BUILD index e1a544cc3e83..d4df627dbb86 100644 --- a/source/extensions/filters/http/buffer/BUILD +++ b/source/extensions/filters/http/buffer/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -32,10 +33,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/cors/BUILD b/source/extensions/filters/http/cors/BUILD index 6ddf34f61e08..d28f5e2c858e 100644 --- a/source/extensions/filters/http/cors/BUILD +++ b/source/extensions/filters/http/cors/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -26,10 +27,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/csrf/BUILD b/source/extensions/filters/http/csrf/BUILD index 2646361535db..55dcbe082de7 100644 --- a/source/extensions/filters/http/csrf/BUILD +++ b/source/extensions/filters/http/csrf/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -28,10 +29,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/dynamic_forward_proxy/BUILD b/source/extensions/filters/http/dynamic_forward_proxy/BUILD index 5c20c4ee8a7a..56dcddee2b03 100644 --- a/source/extensions/filters/http/dynamic_forward_proxy/BUILD +++ b/source/extensions/filters/http/dynamic_forward_proxy/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -21,10 +22,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", + status = "alpha", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/dynamo/BUILD b/source/extensions/filters/http/dynamo/BUILD index 048be9323395..90e994cd22c2 100644 --- a/source/extensions/filters/http/dynamo/BUILD +++ b/source/extensions/filters/http/dynamo/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -37,10 +38,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":dynamo_filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/ext_authz/BUILD b/source/extensions/filters/http/ext_authz/BUILD index 71fe3a3dca54..703405a0e635 100644 --- a/source/extensions/filters/http/ext_authz/BUILD +++ b/source/extensions/filters/http/ext_authz/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -34,10 +35,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":ext_authz", "//include/envoy/registry", diff --git a/source/extensions/filters/http/fault/BUILD b/source/extensions/filters/http/fault/BUILD index d1d869321b74..804d38ea6f54 100644 --- a/source/extensions/filters/http/fault/BUILD +++ b/source/extensions/filters/http/fault/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -39,10 +40,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/grpc_http1_bridge/BUILD b/source/extensions/filters/http/grpc_http1_bridge/BUILD index 6b7c57395df9..a01dd47cb585 100644 --- a/source/extensions/filters/http/grpc_http1_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_bridge/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -28,10 +29,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "unknown", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD index c17926c37d3b..72e6f64e8120 100644 --- a/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD +++ b/source/extensions/filters/http/grpc_http1_reverse_bridge/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -26,10 +27,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "unknown", + status = "alpha", deps = [ ":filter_lib", "//include/envoy/http:filter_interface", diff --git a/source/extensions/filters/http/grpc_json_transcoder/BUILD b/source/extensions/filters/http/grpc_json_transcoder/BUILD index 92cb1fe6e110..8a03c9f10de5 100644 --- a/source/extensions/filters/http/grpc_json_transcoder/BUILD +++ b/source/extensions/filters/http/grpc_json_transcoder/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -40,10 +41,11 @@ envoy_cc_library( deps = ["//source/common/buffer:zero_copy_input_stream_lib"], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "unknown", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/grpc_stats/BUILD b/source/extensions/filters/http/grpc_stats/BUILD index 20cf3462b7bd..fe5e0f8bf17c 100644 --- a/source/extensions/filters/http/grpc_stats/BUILD +++ b/source/extensions/filters/http/grpc_stats/BUILD @@ -4,16 +4,18 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["grpc_stats_filter.cc"], hdrs = ["grpc_stats_filter.h"], + security_posture = "unknown", + status = "alpha", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/grpc_web/BUILD b/source/extensions/filters/http/grpc_web/BUILD index 432e2bac3b5d..865b18763ce3 100644 --- a/source/extensions/filters/http/grpc_web/BUILD +++ b/source/extensions/filters/http/grpc_web/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -27,10 +28,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/http/gzip/BUILD b/source/extensions/filters/http/gzip/BUILD index 851d391961e3..0d2eef004c59 100644 --- a/source/extensions/filters/http/gzip/BUILD +++ b/source/extensions/filters/http/gzip/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -28,10 +29,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/header_to_metadata/BUILD b/source/extensions/filters/http/header_to_metadata/BUILD index d67a3115f3da..df3b285c0f1c 100644 --- a/source/extensions/filters/http/header_to_metadata/BUILD +++ b/source/extensions/filters/http/header_to_metadata/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -23,10 +24,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/health_check/BUILD b/source/extensions/filters/http/health_check/BUILD index e53a9f28a14b..2bd6a94e3abe 100644 --- a/source/extensions/filters/http/health_check/BUILD +++ b/source/extensions/filters/http/health_check/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -32,10 +33,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/http:header_utility_lib", diff --git a/source/extensions/filters/http/ip_tagging/BUILD b/source/extensions/filters/http/ip_tagging/BUILD index 65cfd0b51e3b..aab10c1124bd 100644 --- a/source/extensions/filters/http/ip_tagging/BUILD +++ b/source/extensions/filters/http/ip_tagging/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -27,10 +28,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/jwt_authn/BUILD b/source/extensions/filters/http/jwt_authn/BUILD index 8ff58827e46c..01b3f1fb99e4 100644 --- a/source/extensions/filters/http/jwt_authn/BUILD +++ b/source/extensions/filters/http/jwt_authn/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -63,10 +64,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["filter_factory.cc"], hdrs = ["filter_factory.h"], + security_posture = "robust_to_untrusted_downstream", + status = "alpha", deps = [ ":filter_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/lua/BUILD b/source/extensions/filters/http/lua/BUILD index 2dbdf45d0fa0..7a6fd15165fa 100644 --- a/source/extensions/filters/http/lua/BUILD +++ b/source/extensions/filters/http/lua/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -45,10 +46,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/original_src/BUILD b/source/extensions/filters/http/original_src/BUILD index 30ac140d4963..c8ac0ba12bbc 100644 --- a/source/extensions/filters/http/original_src/BUILD +++ b/source/extensions/filters/http/original_src/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -32,10 +33,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], + security_posture = "robust_to_untrusted_downstream", + status = "alpha", deps = [ ":config_lib", ":original_src_lib", diff --git a/source/extensions/filters/http/ratelimit/BUILD b/source/extensions/filters/http/ratelimit/BUILD index d64411c12a49..196f7147847d 100644 --- a/source/extensions/filters/http/ratelimit/BUILD +++ b/source/extensions/filters/http/ratelimit/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -29,10 +30,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":ratelimit_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/http/rbac/BUILD b/source/extensions/filters/http/rbac/BUILD index 427d145a8bde..a8dfd2ac9481 100644 --- a/source/extensions/filters/http/rbac/BUILD +++ b/source/extensions/filters/http/rbac/BUILD @@ -2,16 +2,18 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/extensions/filters/http:well_known_names", diff --git a/source/extensions/filters/http/router/BUILD b/source/extensions/filters/http/router/BUILD index 009507b535c8..c60f6e8fcedf 100644 --- a/source/extensions/filters/http/router/BUILD +++ b/source/extensions/filters/http/router/BUILD @@ -5,16 +5,17 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/router:router_lib", diff --git a/source/extensions/filters/http/squash/BUILD b/source/extensions/filters/http/squash/BUILD index 14d2c4563b96..0cb4ef57c39d 100644 --- a/source/extensions/filters/http/squash/BUILD +++ b/source/extensions/filters/http/squash/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -31,10 +32,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/http/tap/BUILD b/source/extensions/filters/http/tap/BUILD index 1766624a9cef..53a766186a7c 100644 --- a/source/extensions/filters/http/tap/BUILD +++ b/source/extensions/filters/http/tap/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -46,10 +47,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":tap_config_impl", ":tap_filter_lib", diff --git a/source/extensions/filters/listener/http_inspector/BUILD b/source/extensions/filters/listener/http_inspector/BUILD index 6a517ad57875..70b0ca17d48d 100644 --- a/source/extensions/filters/listener/http_inspector/BUILD +++ b/source/extensions/filters/listener/http_inspector/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -27,9 +28,10 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], + security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":http_inspector_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/listener/original_dst/BUILD b/source/extensions/filters/listener/original_dst/BUILD index b3843b7744dd..a4540a17a0f0 100644 --- a/source/extensions/filters/listener/original_dst/BUILD +++ b/source/extensions/filters/listener/original_dst/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -24,9 +25,10 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":original_dst_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/listener/original_src/BUILD b/source/extensions/filters/listener/original_src/BUILD index 863d2010f930..b5e54f2b7266 100644 --- a/source/extensions/filters/listener/original_src/BUILD +++ b/source/extensions/filters/listener/original_src/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -35,10 +36,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", # The extension build system requires a library named config srcs = ["original_src_config_factory.cc"], hdrs = ["original_src_config_factory.h"], + security_posture = "robust_to_untrusted_downstream", + status = "alpha", deps = [ ":config_lib", ":original_src_lib", diff --git a/source/extensions/filters/listener/proxy_protocol/BUILD b/source/extensions/filters/listener/proxy_protocol/BUILD index 5bbefff20f0d..67842549fe94 100644 --- a/source/extensions/filters/listener/proxy_protocol/BUILD +++ b/source/extensions/filters/listener/proxy_protocol/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -31,9 +32,10 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/listener/tls_inspector/BUILD b/source/extensions/filters/listener/tls_inspector/BUILD index af90ed9fcd4a..9f3a9d06bd5d 100644 --- a/source/extensions/filters/listener/tls_inspector/BUILD +++ b/source/extensions/filters/listener/tls_inspector/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -28,9 +29,10 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//include/envoy/server:filter_config_interface", diff --git a/source/extensions/filters/network/client_ssl_auth/BUILD b/source/extensions/filters/network/client_ssl_auth/BUILD index 32c73f52f8e0..c469ebba4df7 100644 --- a/source/extensions/filters/network/client_ssl_auth/BUILD +++ b/source/extensions/filters/network/client_ssl_auth/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -35,10 +36,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":client_ssl_auth", "//include/envoy/registry", diff --git a/source/extensions/filters/network/dubbo_proxy/BUILD b/source/extensions/filters/network/dubbo_proxy/BUILD index f691ad914c73..9579275aee20 100644 --- a/source/extensions/filters/network/dubbo_proxy/BUILD +++ b/source/extensions/filters/network/dubbo_proxy/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -99,10 +100,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":conn_manager_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/echo/BUILD b/source/extensions/filters/network/echo/BUILD index 253cfb55935b..a3703ea04319 100644 --- a/source/extensions/filters/network/echo/BUILD +++ b/source/extensions/filters/network/echo/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -24,9 +25,10 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], + security_posture = "unknown", deps = [ ":echo", "//include/envoy/registry", diff --git a/source/extensions/filters/network/ext_authz/BUILD b/source/extensions/filters/network/ext_authz/BUILD index 082925e49861..68b53f7dbdba 100644 --- a/source/extensions/filters/network/ext_authz/BUILD +++ b/source/extensions/filters/network/ext_authz/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -29,10 +30,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/network/http_connection_manager/BUILD b/source/extensions/filters/network/http_connection_manager/BUILD index eaacb34f0fb0..3e0cf154ee1a 100644 --- a/source/extensions/filters/network/http_connection_manager/BUILD +++ b/source/extensions/filters/network/http_connection_manager/BUILD @@ -6,16 +6,17 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/config:config_provider_manager_interface", "//include/envoy/filesystem:filesystem_interface", diff --git a/source/extensions/filters/network/kafka/BUILD b/source/extensions/filters/network/kafka/BUILD index 8ff831a0274c..68c595608d31 100644 --- a/source/extensions/filters/network/kafka/BUILD +++ b/source/extensions/filters/network/kafka/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -22,12 +23,14 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "kafka_request_codec_lib", srcs = ["request_codec.cc"], hdrs = [ "request_codec.h", ], + security_posture = "requires_trusted_downstream_and_upstream", + status = "wip", deps = [ ":abstract_codec_lib", ":kafka_request_parser_lib", diff --git a/source/extensions/filters/network/mongo_proxy/BUILD b/source/extensions/filters/network/mongo_proxy/BUILD index 09c091efaf0a..7ac9ea6095b5 100644 --- a/source/extensions/filters/network/mongo_proxy/BUILD +++ b/source/extensions/filters/network/mongo_proxy/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -102,10 +103,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":proxy_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/mysql_proxy/BUILD b/source/extensions/filters/network/mysql_proxy/BUILD index d8f44c28216e..a39085adfcd0 100644 --- a/source/extensions/filters/network/mysql_proxy/BUILD +++ b/source/extensions/filters/network/mysql_proxy/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -47,10 +48,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["mysql_config.cc"], hdrs = ["mysql_config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":proxy_lib", "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/filters/network/ratelimit/BUILD b/source/extensions/filters/network/ratelimit/BUILD index 3e77bcefedfc..8e45eaa9b9b2 100644 --- a/source/extensions/filters/network/ratelimit/BUILD +++ b/source/extensions/filters/network/ratelimit/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -27,10 +28,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/protobuf:utility_lib", diff --git a/source/extensions/filters/network/rbac/BUILD b/source/extensions/filters/network/rbac/BUILD index 57ce3bb972b8..f1f202df90cf 100644 --- a/source/extensions/filters/network/rbac/BUILD +++ b/source/extensions/filters/network/rbac/BUILD @@ -2,16 +2,18 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":rbac_filter", "//include/envoy/registry", diff --git a/source/extensions/filters/network/redis_proxy/BUILD b/source/extensions/filters/network/redis_proxy/BUILD index e360528a86f7..0331264fe496 100644 --- a/source/extensions/filters/network/redis_proxy/BUILD +++ b/source/extensions/filters/network/redis_proxy/BUILD @@ -6,6 +6,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -114,10 +115,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", deps = [ "//include/envoy/upstream:upstream_interface", "//source/extensions/common/redis:redirection_mgr_lib", diff --git a/source/extensions/filters/network/sni_cluster/BUILD b/source/extensions/filters/network/sni_cluster/BUILD index 60eec7e5c92b..aa8918d1abc5 100644 --- a/source/extensions/filters/network/sni_cluster/BUILD +++ b/source/extensions/filters/network/sni_cluster/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -21,10 +22,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "unknown", deps = [ ":sni_cluster", "//include/envoy/registry", diff --git a/source/extensions/filters/network/tcp_proxy/BUILD b/source/extensions/filters/network/tcp_proxy/BUILD index bd719267d0b4..4ff4d71b0c4a 100644 --- a/source/extensions/filters/network/tcp_proxy/BUILD +++ b/source/extensions/filters/network/tcp_proxy/BUILD @@ -5,16 +5,17 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ "//include/envoy/registry", "//source/common/tcp_proxy", diff --git a/source/extensions/filters/network/thrift_proxy/BUILD b/source/extensions/filters/network/thrift_proxy/BUILD index 7ed10d835209..67b3bb4b93fc 100644 --- a/source/extensions/filters/network/thrift_proxy/BUILD +++ b/source/extensions/filters/network/thrift_proxy/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -30,10 +31,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":app_exception_lib", ":auto_protocol_lib", diff --git a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD index 74d12df6979e..409d28e400fb 100644 --- a/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD +++ b/source/extensions/filters/network/thrift_proxy/filters/ratelimit/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -26,10 +27,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":ratelimit_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/thrift_proxy/router/BUILD b/source/extensions/filters/network/thrift_proxy/router/BUILD index d11bc2541c16..76502fffbb7a 100644 --- a/source/extensions/filters/network/thrift_proxy/router/BUILD +++ b/source/extensions/filters/network/thrift_proxy/router/BUILD @@ -2,16 +2,19 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":router_lib", "//include/envoy/registry", diff --git a/source/extensions/filters/network/zookeeper_proxy/BUILD b/source/extensions/filters/network/zookeeper_proxy/BUILD index fdbcdcdfa635..66290d5def54 100644 --- a/source/extensions/filters/network/zookeeper_proxy/BUILD +++ b/source/extensions/filters/network/zookeeper_proxy/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -37,10 +38,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":proxy_lib", "//source/extensions/filters/network:well_known_names", diff --git a/source/extensions/grpc_credentials/aws_iam/BUILD b/source/extensions/grpc_credentials/aws_iam/BUILD index 460e0a824f7d..89f6b2b3806d 100644 --- a/source/extensions/grpc_credentials/aws_iam/BUILD +++ b/source/extensions/grpc_credentials/aws_iam/BUILD @@ -4,17 +4,19 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], external_deps = ["grpc"], + security_posture = "data_plane_agnostic", + status = "alpha", deps = [ "//include/envoy/grpc:google_grpc_creds_interface", "//include/envoy/registry", diff --git a/source/extensions/grpc_credentials/file_based_metadata/BUILD b/source/extensions/grpc_credentials/file_based_metadata/BUILD index 8f638758a1d2..814508881338 100644 --- a/source/extensions/grpc_credentials/file_based_metadata/BUILD +++ b/source/extensions/grpc_credentials/file_based_metadata/BUILD @@ -4,17 +4,19 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], external_deps = ["grpc"], + security_posture = "data_plane_agnostic", + status = "alpha", deps = [ "//include/envoy/grpc:google_grpc_creds_interface", "//include/envoy/registry", diff --git a/source/extensions/health_checkers/redis/BUILD b/source/extensions/health_checkers/redis/BUILD index 8789e5a1adbf..ad7e4b963528 100644 --- a/source/extensions/health_checkers/redis/BUILD +++ b/source/extensions/health_checkers/redis/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -23,10 +24,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", deps = [ ":redis", ":utility", diff --git a/source/extensions/resource_monitors/fixed_heap/BUILD b/source/extensions/resource_monitors/fixed_heap/BUILD index 681846f1c813..e54cfe813179 100644 --- a/source/extensions/resource_monitors/fixed_heap/BUILD +++ b/source/extensions/resource_monitors/fixed_heap/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -20,10 +21,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "data_plane_agnostic", + status = "alpha", deps = [ ":fixed_heap_monitor", "//include/envoy/registry", diff --git a/source/extensions/resource_monitors/injected_resource/BUILD b/source/extensions/resource_monitors/injected_resource/BUILD index 21ed8f0128e8..650d87c69b98 100644 --- a/source/extensions/resource_monitors/injected_resource/BUILD +++ b/source/extensions/resource_monitors/injected_resource/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -21,10 +22,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "data_plane_agnostic", + status = "alpha", deps = [ ":injected_resource_monitor", "//include/envoy/registry", diff --git a/source/extensions/retry/host/omit_canary_hosts/BUILD b/source/extensions/retry/host/omit_canary_hosts/BUILD index 5ee8c65978a0..8c9eebf2c0f6 100644 --- a/source/extensions/retry/host/omit_canary_hosts/BUILD +++ b/source/extensions/retry/host/omit_canary_hosts/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -16,10 +17,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":omit_canary_hosts_predicate_lib", "//include/envoy/registry", diff --git a/source/extensions/retry/host/previous_hosts/BUILD b/source/extensions/retry/host/previous_hosts/BUILD index f0e584c39a9e..b6fec5f4799e 100644 --- a/source/extensions/retry/host/previous_hosts/BUILD +++ b/source/extensions/retry/host/previous_hosts/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -16,10 +17,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_hosts_predicate_lib", "//include/envoy/registry", diff --git a/source/extensions/retry/priority/previous_priorities/BUILD b/source/extensions/retry/priority/previous_priorities/BUILD index 8c9cad99cbd2..1a545c2509f0 100644 --- a/source/extensions/retry/priority/previous_priorities/BUILD +++ b/source/extensions/retry/priority/previous_priorities/BUILD @@ -2,6 +2,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -18,10 +19,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":previous_priorities_lib", "//include/envoy/registry", diff --git a/source/extensions/stat_sinks/dog_statsd/BUILD b/source/extensions/stat_sinks/dog_statsd/BUILD index 07d7b4ab317b..b64d07e9ddc2 100644 --- a/source/extensions/stat_sinks/dog_statsd/BUILD +++ b/source/extensions/stat_sinks/dog_statsd/BUILD @@ -5,16 +5,17 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", "//source/common/network:address_lib", diff --git a/source/extensions/stat_sinks/hystrix/BUILD b/source/extensions/stat_sinks/hystrix/BUILD index 541ad06838af..eb38015ed6d4 100644 --- a/source/extensions/stat_sinks/hystrix/BUILD +++ b/source/extensions/stat_sinks/hystrix/BUILD @@ -4,16 +4,18 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", "//source/common/network:address_lib", diff --git a/source/extensions/stat_sinks/metrics_service/BUILD b/source/extensions/stat_sinks/metrics_service/BUILD index 037227d6c447..495877790e7a 100644 --- a/source/extensions/stat_sinks/metrics_service/BUILD +++ b/source/extensions/stat_sinks/metrics_service/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -36,10 +37,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", "//source/common/common:assert_lib", diff --git a/source/extensions/stat_sinks/statsd/BUILD b/source/extensions/stat_sinks/statsd/BUILD index af47dfef1a27..de13e0c24530 100644 --- a/source/extensions/stat_sinks/statsd/BUILD +++ b/source/extensions/stat_sinks/statsd/BUILD @@ -4,16 +4,17 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", - "envoy_cc_library", + "envoy_cc_extension", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "data_plane_agnostic", deps = [ "//include/envoy/registry", "//source/common/network:address_lib", diff --git a/source/extensions/tracers/datadog/BUILD b/source/extensions/tracers/datadog/BUILD index c3db885e11e4..be0a767fdced 100644 --- a/source/extensions/tracers/datadog/BUILD +++ b/source/extensions/tracers/datadog/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -27,10 +28,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":datadog_tracer_lib", "//source/extensions/tracers:well_known_names", diff --git a/source/extensions/tracers/dynamic_ot/BUILD b/source/extensions/tracers/dynamic_ot/BUILD index 399f7b9338f7..c14501cf333a 100644 --- a/source/extensions/tracers/dynamic_ot/BUILD +++ b/source/extensions/tracers/dynamic_ot/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -24,10 +25,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":dynamic_opentracing_driver_lib", "//source/extensions/tracers:well_known_names", diff --git a/source/extensions/tracers/lightstep/BUILD b/source/extensions/tracers/lightstep/BUILD index 449f81692165..5e5213c600be 100644 --- a/source/extensions/tracers/lightstep/BUILD +++ b/source/extensions/tracers/lightstep/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -29,10 +30,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":lightstep_tracer_lib", "//source/extensions/tracers:well_known_names", diff --git a/source/extensions/tracers/opencensus/BUILD b/source/extensions/tracers/opencensus/BUILD index 198c98b2b6f8..0a4b250e88f1 100644 --- a/source/extensions/tracers/opencensus/BUILD +++ b/source/extensions/tracers/opencensus/BUILD @@ -4,16 +4,18 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":opencensus_tracer_impl", "//source/extensions/tracers:well_known_names", diff --git a/source/extensions/tracers/xray/BUILD b/source/extensions/tracers/xray/BUILD index a3521c6fff4c..3440de74b856 100644 --- a/source/extensions/tracers/xray/BUILD +++ b/source/extensions/tracers/xray/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -34,10 +35,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", + status = "wip", deps = [ ":xray_lib", "//source/common/config:datasource_lib", diff --git a/source/extensions/tracers/zipkin/BUILD b/source/extensions/tracers/zipkin/BUILD index fd1c72845e30..b645740e4526 100644 --- a/source/extensions/tracers/zipkin/BUILD +++ b/source/extensions/tracers/zipkin/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -62,10 +63,11 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream", deps = [ ":zipkin_lib", "//source/extensions/tracers:well_known_names", diff --git a/source/extensions/transport_sockets/alts/BUILD b/source/extensions/transport_sockets/alts/BUILD index e860bd929975..fb19c24c2b91 100644 --- a/source/extensions/transport_sockets/alts/BUILD +++ b/source/extensions/transport_sockets/alts/BUILD @@ -5,6 +5,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -25,7 +26,7 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = [ "config.cc", @@ -33,6 +34,7 @@ envoy_cc_library( hdrs = [ "config.h", ], + security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":tsi_handshaker", ":tsi_socket", diff --git a/source/extensions/transport_sockets/tap/BUILD b/source/extensions/transport_sockets/tap/BUILD index 5de3de434029..81cd27b5a497 100644 --- a/source/extensions/transport_sockets/tap/BUILD +++ b/source/extensions/transport_sockets/tap/BUILD @@ -4,6 +4,7 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) @@ -44,10 +45,12 @@ envoy_cc_library( ], ) -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "requires_trusted_downstream_and_upstream", + status = "alpha", deps = [ ":tap_config_impl", ":tap_lib", diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD index 2d515d0d75a6..6ccc256a98bf 100644 --- a/source/extensions/transport_sockets/tls/BUILD +++ b/source/extensions/transport_sockets/tls/BUILD @@ -4,16 +4,18 @@ licenses(["notice"]) # Apache 2 load( "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", "envoy_cc_library", "envoy_package", ) envoy_package() -envoy_cc_library( +envoy_cc_extension( name = "config", srcs = ["config.cc"], hdrs = ["config.h"], + security_posture = "robust_to_untrusted_downstream_and_upstream", deps = [ ":ssl_socket_lib", "//include/envoy/network:transport_socket_interface", diff --git a/tools/api_proto_plugin/annotations.py b/tools/api_proto_plugin/annotations.py index 6c5775bc721b..48452742125a 100644 --- a/tools/api_proto_plugin/annotations.py +++ b/tools/api_proto_plugin/annotations.py @@ -10,6 +10,11 @@ # Page/section titles with special prefixes in the proto comments DOC_TITLE_ANNOTATION = 'protodoc-title' +# When documenting an extension, this should be used to specify the qualified +# name that the extension registers as in the static registry, e.g. +# envoy.filters.network.http_connection_manager. +EXTENSION_ANNOTATION = 'extension' + # Not implemented yet annotation on leading comments, leading to hiding of # field. NOT_IMPLEMENTED_HIDE_ANNOTATION = 'not-implemented-hide' @@ -26,6 +31,7 @@ VALID_ANNOTATIONS = set([ DOC_TITLE_ANNOTATION, + EXTENSION_ANNOTATION, NOT_IMPLEMENTED_HIDE_ANNOTATION, NEXT_FREE_FIELD_ANNOTATION, NEXT_MAJOR_VERSION_ANNOTATION, diff --git a/tools/protodoc/BUILD b/tools/protodoc/BUILD index d2c9b12a6727..2bd707940b41 100644 --- a/tools/protodoc/BUILD +++ b/tools/protodoc/BUILD @@ -1,5 +1,13 @@ licenses(["notice"]) # Apache 2 +py_binary( + name = "generate_empty", + srcs = ["generate_empty.py"], + python_version = "PY3", + visibility = ["//visibility:public"], + deps = [":protodoc"], +) + py_binary( name = "protodoc", srcs = ["protodoc.py"], diff --git a/tools/protodoc/generate_empty.py b/tools/protodoc/generate_empty.py new file mode 100644 index 000000000000..dbb4c7a9ffc9 --- /dev/null +++ b/tools/protodoc/generate_empty.py @@ -0,0 +1,48 @@ +# Generate pseudo API docs for extensions that have google.protobuf.Empty +# config. + +import json +import pathlib +import string +import sys + +import protodoc + +EMPTY_EXTENSION_DOCS_TEMPLATE = string.Template("""$header + +$description + +$reflink + +This extension does not have a structured configuration, `google.protobuf.Empty +`_ should be used +instead. + +$extension +""") + + +def GenerateEmptyExtensionsDocs(extension, details, api_extensions_root): + extension_root = pathlib.Path(details['path']) + path = pathlib.Path(api_extensions_root, extension_root, 'empty', extension_root.name + '.rst') + path.parent.mkdir(parents=True, exist_ok=True) + description = details.get('description', '') + reflink = '' + if 'ref' in details: + reflink = '%s %s.' % (details['title'], + protodoc.FormatInternalLink('configuration overview', details['ref'])) + content = EMPTY_EXTENSION_DOCS_TEMPLATE.substitute(header=protodoc.FormatHeader( + '=', details['title']), + description=description, + reflink=reflink, + extension=protodoc.FormatExtension(extension)) + path.write_text(content) + + +if __name__ == '__main__': + empty_extensions_path = sys.argv[1] + api_extensions_root = sys.argv[2] + + empty_extensions = json.loads(pathlib.Path(empty_extensions_path).read_text()) + for extension, details in empty_extensions.items(): + GenerateEmptyExtensionsDocs(extension, details, api_extensions_root) diff --git a/tools/protodoc/protodoc.py b/tools/protodoc/protodoc.py index 5c375392fd6f..eb9dbda8ceed 100755 --- a/tools/protodoc/protodoc.py +++ b/tools/protodoc/protodoc.py @@ -4,9 +4,12 @@ # https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html for Sphinx RST syntax. from collections import defaultdict +import json import functools import os +import pathlib import re +import string from tools.api_proto_plugin import annotations from tools.api_proto_plugin import plugin @@ -33,6 +36,46 @@ DATA_PLANE_API_URL_FMT = 'https://github.com/envoyproxy/envoy/blob/{}/api/%s#L%d'.format( os.environ['ENVOY_BLOB_SHA']) +# Template for formating extension descriptions. +EXTENSION_TEMPLATE = string.Template("""$anchor +This extension may be referenced by the qualified name *$extension* + +.. note:: + $status + + $security_posture + +""") + +# A map from the extension security postures (as defined in the +# envoy_cc_extension build macro) to human readable text for extension docs. +EXTENSION_SECURITY_POSTURES = { + 'robust_to_untrusted_downstream': + 'This extension is intended to be robust against untrusted downstream traffic. It ' + 'assumes that the upstream is trusted.', + 'robust_to_untrusted_downstream_and_upstream': + 'This extension is intended to be robust against both untrusted downstream and ' + 'upstream traffic.', + 'requires_trusted_downstream_and_upstream': + 'This extension is not hardened and should only be used in deployments' + ' where both the downstream and upstream are trusted.', + 'unknown': + 'This extension has an unknown security posture and should only be ' + 'used in deployments where both the downstream and upstream are ' + 'trusted.', + 'data_plane_agnostic': + 'This extension does not operate on the data plane and hence is intended to be robust against untrusted traffic.', +} + +# A map from the extension status value to a human readable text for extension +# docs. +EXTENSION_STATUS_VALUES = { + 'alpha': + 'This extension is functional but has not had substantial production burn time, use only with this caveat.', + 'wip': + 'This extension is work-in-progress. Functionality is incomplete and it is not intended for production use.', +} + class ProtodocError(Exception): """Base error class for the protodoc module.""" @@ -69,7 +112,11 @@ def FormatCommentWithAnnotations(comment, type_name=''): Returns: A string with additional RST from annotations. """ - return annotations.WithoutAnnotations(StripLeadingSpace(comment.raw) + '\n') + formatted_extension = '' + if annotations.EXTENSION_ANNOTATION in comment.annotations: + extension = comment.annotations[annotations.EXTENSION_ANNOTATION] + formatted_extension = FormatExtension(extension) + return annotations.WithoutAnnotations(StripLeadingSpace(comment.raw) + '\n') + formatted_extension def MapLines(f, s): @@ -116,6 +163,26 @@ def FormatHeader(style, text): return '%s\n%s\n\n' % (text, style * len(text)) +def FormatExtension(extension): + """Format extension metadata as RST. + + Args: + extension: the name of the extension, e.g. com.acme.foo. + + Returns: + RST formatted extension description. + """ + extension_metadata = json.loads(pathlib.Path( + os.getenv('EXTENSION_DB_PATH')).read_text())[extension] + anchor = FormatAnchor('extension_' + extension) + status = EXTENSION_STATUS_VALUES.get(extension_metadata['status'], '') + security_posture = EXTENSION_SECURITY_POSTURES[extension_metadata['security_posture']] + return EXTENSION_TEMPLATE.substitute(anchor=anchor, + extension=extension, + status=status, + security_posture=security_posture) + + def FormatHeaderFromFile(style, source_code_info, proto_name): """Format RST header based on special file level title @@ -131,11 +198,15 @@ def FormatHeaderFromFile(style, source_code_info, proto_name): anchor = FormatAnchor(FileCrossRefLabel(proto_name)) stripped_comment = annotations.WithoutAnnotations( StripLeadingSpace('\n'.join(c + '\n' for c in source_code_info.file_level_comments))) + formatted_extension = '' + if annotations.EXTENSION_ANNOTATION in source_code_info.file_level_annotations: + extension = source_code_info.file_level_annotations[annotations.EXTENSION_ANNOTATION] + formatted_extension = FormatExtension(extension) if annotations.DOC_TITLE_ANNOTATION in source_code_info.file_level_annotations: return anchor + FormatHeader( - style, - source_code_info.file_level_annotations[annotations.DOC_TITLE_ANNOTATION]), stripped_comment - return anchor + FormatHeader(style, proto_name), stripped_comment + style, source_code_info.file_level_annotations[ + annotations.DOC_TITLE_ANNOTATION]) + formatted_extension, stripped_comment + return anchor + FormatHeader(style, proto_name) + formatted_extension, stripped_comment def FormatFieldTypeAsJson(type_context, field):