Per-extension empty message configs #8933
Comments
htuch
added
no stalebot
* Add an explicit threat model to the end user facing docs, link to this from SECURITY.md * Switch all Envoy extensions to use a new macro `envoy_cc_extension`, mandating that extensions declare a security posture. Extensions can also optionally declare `alpha` or `wip` status. * Tag all documentation sites with their well-known Envoy names. * Introduce tooling to automagically populate a list of known trusted/untrusted extensions in the threat model docs. * Generate API docs for extensions that depend on `google.protobuf.Empty`. This pattern is deprecated as per #8933, but we need these for tooling support meanwhile. This work was motivated by oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18370 Signed-off-by: Harvey Tuch <[email protected]>
* Add an explicit threat model to the end user facing docs, link to this from SECURITY.md * Switch all Envoy extensions to use a new macro `envoy_cc_extension`, mandating that extensions declare a security posture. Extensions can also optionally declare `alpha` or `wip` status. * Tag all documentation sites with their well-known Envoy names. * Introduce tooling to automagically populate a list of known trusted/untrusted extensions in the threat model docs. * Generate API docs for extensions that depend on `google.protobuf.Empty`. This pattern is deprecated as per envoyproxy/envoy#8933, but we need these for tooling support meanwhile. This work was motivated by oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18370 Signed-off-by: Harvey Tuch <[email protected]> Mirrored from https://github.com/envoyproxy/envoy @ 90d1094b32aa017f90cc8efcd379aeb143acabfc
htuch
added
help wanted
|
@htuch Mind checking that I'm moving in the right direction? https://github.com/envoyproxy/envoy/compare/master...derekargueta:dereka/empty-proto?expand=1 Pretty straightforward - for every extension that is using As for defensively preventing new extensions from using |
|
@derekargueta looks good! The main thing we need to do in addition to what you have is allow envoy/source/common/config/utility.cc Line 270 in 81d3beb Empty.
|
|
ah right, can't swap atomically or it'd break wire compatibility with v2 xDS servers. Will do some spelunking around |
|
@derekargueta any update on how this is tracking for EOY? |
|
xref: #9358 |
|
I'll have this done by Thursday EOD (shooting for tomorrow though). Thanks for offering help @kyessenov, I'll ping you on Slack if I need anything. |
|
Have all the new proto files ready here, the strategy I'm going down to support Also, since we're coming to a tight deadline I'm fine letting someone else carry this across. I'm a bit resource-constrained at the moment with impending change freeze. |
|
@derekargueta awesome, I like this plan. Thanks a bunch for doing all the ground work here. I think we shouldn't have to do a ton in terms of converting between typed protos, it's mostly about replacing type URLs during Any/TypedStruct conversion; on the wire, @kyessenov if you have cycles to lend a hand taking us towards the ability to express filter type in the v3 APIs via config type, this is the PR :D |
|
@derekargueta @kyessenov do either of you have cycles to land this in the next week (prior to 1.13.0)? Would be great to do this and align with #9391. |
|
@derekargueta I can take over the branch if you're OK. We just need to provide empty protos for all filters. |
|
@kyessenov yes feel free, I'm currently trying to fix clang-tidy, and have another internal request to implement 😓 |
|
Fixed in #9581 |
In v2, we used
google.protobuf.Emptyfor the configuration for simple extensions that didn't require custom configuration. Now that we haveAnyas the canonical method for specifying extensions, this doesn't work as well, since it makes it difficult to move to a versioned per-extension message without breaking wire compatibility within a major version.As part of the v3 works, we should give each existing filter that relies on
google.protobuf.Emptya custom empty config message in v3 and deprecate the use of WKT here.The text was updated successfully, but these errors were encountered: