Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config: distinct CLI options for strict/permissive checking of static… #7857

Merged
merged 11 commits into from
Aug 19, 2019
Merged

config: distinct CLI options for strict/permissive checking of static… #7857

merged 11 commits into from
Aug 19, 2019

Conversation

htuch
Copy link
Member

@htuch htuch commented Aug 7, 2019
edited
Loading

…/dynamic config.

As per #6651, this PR plumbs in CLI options to allow independent control over static/dynamic unknown
field validation.

The defaults are the same for static as today (strict) and for dynamic we are by default permissive.
This permits easy rollout of new API minor versions, including those related to security fixes.

Fixes a regression that occurred in #7200 where strict/permissive checking CLI options were
inverted.

As per #6818, added stats/warning for any unknown fields encountered.

Risk level: Low (strictly more permissive by default)
Testing: additional unit and integration tests added, exercising both permissive/strict checking
over various parts of the API (bootstrap, listeners, clusters, xDS, network filters, etc).

Fixes #6651
Fixed #6818

Signed-off-by: Harvey Tuch [email protected]

@htuch
config: distinct CLI options for strict/permissive checking of static…
f923a18 
…/dynamic config.

As per envoyproxy#6651, this PR plumbs in CLI options to allow independent control over static/dynamic unknown
field validation.

The defaults are the same for static as today (strict) and for dynamic we are by default permissive.
This permits easy rollout of new API minor versions, including those related to security fixes.

Fixes a regression that occurred in envoyproxy#7200 where strict/permissive checking CLI options were
inverted.

Risk level: Low (strictly more permissive by default)
Testing: additional unit and integration tests added, exercising both permissive/strict checking
  over various parts of the API (bootstrap, listeners, clusters, xDS, network filters, etc).

Fixes envoyproxy#6651

Signed-off-by: Harvey Tuch <[email protected]>
@htuch htuch requested review from mattklein123 and dio August 7, 2019 20:47
@htuch
Fix typo.
b6cea8d 
Signed-off-by: Harvey Tuch <[email protected]>
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

mattklein123
mattklein123 requested changes Aug 14, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks this is super awesome. Some small comments but looks great and I think this will be incredibly useful.

/wait

docs/root/intro/version_history.rst Outdated Show resolved Hide resolved
include/envoy/server/options.h Outdated Show resolved Hide resolved
source/common/protobuf/message_validator_impl.cc Show resolved Hide resolved
source/server/config_validation/server.cc Outdated Show resolved Hide resolved
This was referenced Aug 15, 2019
Closed
Closed
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

@htuch
Typo.
65ce39a 
Signed-off-by: Harvey Tuch <[email protected]>
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

mattklein123
mattklein123 previously approved these changes Aug 16, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, this is awesome. A couple of optional small items, TIOLI.

source/common/protobuf/message_validator_impl.cc Outdated Show resolved Hide resolved
source/server/server.cc Outdated Show resolved Hide resolved
@repokitteh-read-only
Copy link

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7857 was synchronize by htuch.

see: more, trace.

mattklein123
mattklein123 approved these changes Aug 19, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@htuch htuch merged commit 0418a85 into envoyproxy:master Aug 19, 2019
@htuch htuch deleted the validator-options branch August 19, 2019 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

@dio dio Awaiting requested review from dio

Assignees

@dio dio

@mattklein123 mattklein123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Log and count unknown proto fields bootstrap and xDS should have separate support for allow unknown fields
3 participants
@htuch @mattklein123 @dio