diff --git a/CODEOWNERS b/CODEOWNERS index 200d8fbf9e307..43e08772660cf 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -119,3 +119,8 @@ extensions/filters/common/original_src @snowp @klarose /*/extensions/compression/common @junr03 @rojkov /*/extensions/compression/gzip @junr03 @rojkov /*/extensions/filters/http/decompressor @rojkov @dio +# Core upstream code +extensions/upstreams/http @alyssawilk @snowp @mattklein123 +extensions/upstreams/http/http @alyssawilk @snowp @mattklein123 +extensions/upstreams/http/tcp @alyssawilk @mattklein123 +extensions/upstreams/http/default @alyssawilk @snowp @mattklein123 diff --git a/api/BUILD b/api/BUILD index 73912d9fbbacc..1f1e65e0bca4c 100644 --- a/api/BUILD +++ b/api/BUILD @@ -232,6 +232,9 @@ proto_library( "//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", "//envoy/extensions/transport_sockets/tap/v3:pkg", "//envoy/extensions/transport_sockets/tls/v3:pkg", + "//envoy/extensions/upstreams/http/generic/v3:pkg", + "//envoy/extensions/upstreams/http/http/v3:pkg", + "//envoy/extensions/upstreams/http/tcp/v3:pkg", "//envoy/extensions/wasm/v3:pkg", "//envoy/service/accesslog/v3:pkg", "//envoy/service/auth/v3:pkg", diff --git a/api/envoy/config/cluster/v3/cluster.proto b/api/envoy/config/cluster/v3/cluster.proto index 7eb53d84c4f81..5ec2a8db601cc 100644 --- a/api/envoy/config/cluster/v3/cluster.proto +++ b/api/envoy/config/cluster/v3/cluster.proto @@ -8,6 +8,7 @@ import "envoy/config/cluster/v3/outlier_detection.proto"; import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/config_source.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/health_check.proto"; import "envoy/config/core/v3/protocol.proto"; import "envoy/config/endpoint/v3/endpoint.proto"; @@ -32,7 +33,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Cluster configuration] // Configuration for a single upstream cluster. -// [#next-free-field: 48] +// [#next-free-field: 49] message Cluster { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster"; @@ -815,6 +816,26 @@ message Cluster { // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value // of 100 would indicate that the request took the entirety of the timeout given to it. bool track_timeout_budgets = 47; + + // [#not-implemented-hide:] + // Optional customization and configuration of upstream connection pool, and upstream type. + // + // Currently this field only applies for HTTP traffic but is designed for eventual use for custom + // TCP upstreams. + // + // For HTTP traffic, Envoy will generally take downstream HTTP and send it upstream as upstream + // HTTP, using the http connection pool and the codec from `http2_protocol_options` + // + // For routes where CONNECT termination is configured, Envoy will take downstream CONNECT + // requests and forward the CONNECT payload upstream over raw TCP using the tcp connection pool. + // + // The default pool used is the generic connection pool which creates the HTTP upstream for most + // HTTP requests, and the TCP upstream if CONNECT termination is configured. + // + // If users desire custom connection pool or upstream behavior, for example terminating + // CONNECT only if a custom filter indicates it is appropriate, the custom factories + // can be registered and configured here. + core.v3.TypedExtensionConfig upstream_config = 48; } // [#not-implemented-hide:] Extensible load balancing policy configuration. diff --git a/api/envoy/config/cluster/v4alpha/cluster.proto b/api/envoy/config/cluster/v4alpha/cluster.proto index eab2f2d80fcb7..50c39d4fb526c 100644 --- a/api/envoy/config/cluster/v4alpha/cluster.proto +++ b/api/envoy/config/cluster/v4alpha/cluster.proto @@ -8,6 +8,7 @@ import "envoy/config/cluster/v4alpha/outlier_detection.proto"; import "envoy/config/core/v4alpha/address.proto"; import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/health_check.proto"; import "envoy/config/core/v4alpha/protocol.proto"; import "envoy/config/endpoint/v3/endpoint.proto"; @@ -32,7 +33,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: Cluster configuration] // Configuration for a single upstream cluster. -// [#next-free-field: 48] +// [#next-free-field: 49] message Cluster { option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.Cluster"; @@ -816,6 +817,26 @@ message Cluster { // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value // of 100 would indicate that the request took the entirety of the timeout given to it. bool track_timeout_budgets = 47; + + // [#not-implemented-hide:] + // Optional customization and configuration of upstream connection pool, and upstream type. + // + // Currently this field only applies for HTTP traffic but is designed for eventual use for custom + // TCP upstreams. + // + // For HTTP traffic, Envoy will generally take downstream HTTP and send it upstream as upstream + // HTTP, using the http connection pool and the codec from `http2_protocol_options` + // + // For routes where CONNECT termination is configured, Envoy will take downstream CONNECT + // requests and forward the CONNECT payload upstream over raw TCP using the tcp connection pool. + // + // The default pool used is the generic connection pool which creates the HTTP upstream for most + // HTTP requests, and the TCP upstream if CONNECT termination is configured. + // + // If users desire custom connection pool or upstream behavior, for example terminating + // CONNECT only if a custom filter indicates it is appropriate, the custom factories + // can be registered and configured here. + core.v4alpha.TypedExtensionConfig upstream_config = 48; } // [#not-implemented-hide:] Extensible load balancing policy configuration. diff --git a/api/envoy/extensions/upstreams/http/generic/v3/BUILD b/api/envoy/extensions/upstreams/http/generic/v3/BUILD new file mode 100644 index 0000000000000..ef3541ebcb1df --- /dev/null +++ b/api/envoy/extensions/upstreams/http/generic/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/api/envoy/extensions/upstreams/http/generic/v3/generic_connection_pool.proto b/api/envoy/extensions/upstreams/http/generic/v3/generic_connection_pool.proto new file mode 100644 index 0000000000000..c6b02364aa2d2 --- /dev/null +++ b/api/envoy/extensions/upstreams/http/generic/v3/generic_connection_pool.proto @@ -0,0 +1,18 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.generic.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.generic.v3"; +option java_outer_classname = "GenericConnectionPoolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Generic Connection Pool] + +// A connection pool which forwards downstream HTTP as TCP or HTTP to upstream, +// based on CONNECT configuration. +// [#extension: envoy.upstreams.http.generic] +message GenericConnectionPoolProto { +} diff --git a/api/envoy/extensions/upstreams/http/http/v3/BUILD b/api/envoy/extensions/upstreams/http/http/v3/BUILD new file mode 100644 index 0000000000000..ef3541ebcb1df --- /dev/null +++ b/api/envoy/extensions/upstreams/http/http/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/api/envoy/extensions/upstreams/http/http/v3/http_connection_pool.proto b/api/envoy/extensions/upstreams/http/http/v3/http_connection_pool.proto new file mode 100644 index 0000000000000..e4c2d6ff9b84f --- /dev/null +++ b/api/envoy/extensions/upstreams/http/http/v3/http_connection_pool.proto @@ -0,0 +1,17 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.http.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.http.v3"; +option java_outer_classname = "HttpConnectionPoolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Http Connection Pool] + +// A connection pool which forwards downstream HTTP as HTTP to upstream. +// [#extension: envoy.upstreams.http.http] +message HttpConnectionPoolProto { +} diff --git a/api/envoy/extensions/upstreams/http/tcp/v3/BUILD b/api/envoy/extensions/upstreams/http/tcp/v3/BUILD new file mode 100644 index 0000000000000..ef3541ebcb1df --- /dev/null +++ b/api/envoy/extensions/upstreams/http/tcp/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/api/envoy/extensions/upstreams/http/tcp/v3/tcp_connection_pool.proto b/api/envoy/extensions/upstreams/http/tcp/v3/tcp_connection_pool.proto new file mode 100644 index 0000000000000..5bc8734cb3f79 --- /dev/null +++ b/api/envoy/extensions/upstreams/http/tcp/v3/tcp_connection_pool.proto @@ -0,0 +1,17 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.tcp.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.tcp.v3"; +option java_outer_classname = "TcpConnectionPoolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Tcp Connection Pool] + +// A connection pool which forwards downstream HTTP as TCP to upstream, +// [#extension: envoy.upstreams.http.tcp] +message TcpConnectionPoolProto { +} diff --git a/api/versioning/BUILD b/api/versioning/BUILD index ccea9008a05fc..7a236cb631479 100644 --- a/api/versioning/BUILD +++ b/api/versioning/BUILD @@ -115,6 +115,9 @@ proto_library( "//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", "//envoy/extensions/transport_sockets/tap/v3:pkg", "//envoy/extensions/transport_sockets/tls/v3:pkg", + "//envoy/extensions/upstreams/http/generic/v3:pkg", + "//envoy/extensions/upstreams/http/http/v3:pkg", + "//envoy/extensions/upstreams/http/tcp/v3:pkg", "//envoy/extensions/wasm/v3:pkg", "//envoy/service/accesslog/v3:pkg", "//envoy/service/auth/v3:pkg", diff --git a/docs/root/api-v3/config/config.rst b/docs/root/api-v3/config/config.rst index e1ccac77719d2..23518f83cc194 100644 --- a/docs/root/api-v3/config/config.rst +++ b/docs/root/api-v3/config/config.rst @@ -19,3 +19,4 @@ Extensions trace/trace internal_redirect/internal_redirect endpoint/endpoint + upstream/upstream diff --git a/docs/root/api-v3/config/upstream/upstream.rst b/docs/root/api-v3/config/upstream/upstream.rst new file mode 100644 index 0000000000000..5047eaa92b289 --- /dev/null +++ b/docs/root/api-v3/config/upstream/upstream.rst @@ -0,0 +1,8 @@ +Upstream Configuration +====================== + +.. toctree:: + :glob: + :maxdepth: 3 + + ../../extensions/upstreams/http/*/v3/** diff --git a/generated_api_shadow/envoy/config/cluster/v3/cluster.proto b/generated_api_shadow/envoy/config/cluster/v3/cluster.proto index 8140007f68afd..96947572f4a7d 100644 --- a/generated_api_shadow/envoy/config/cluster/v3/cluster.proto +++ b/generated_api_shadow/envoy/config/cluster/v3/cluster.proto @@ -8,6 +8,7 @@ import "envoy/config/cluster/v3/outlier_detection.proto"; import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/config_source.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/health_check.proto"; import "envoy/config/core/v3/protocol.proto"; import "envoy/config/endpoint/v3/endpoint.proto"; @@ -33,7 +34,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Cluster configuration] // Configuration for a single upstream cluster. -// [#next-free-field: 48] +// [#next-free-field: 49] message Cluster { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster"; @@ -814,6 +815,26 @@ message Cluster { // of 100 would indicate that the request took the entirety of the timeout given to it. bool track_timeout_budgets = 47; + // [#not-implemented-hide:] + // Optional customization and configuration of upstream connection pool, and upstream type. + // + // Currently this field only applies for HTTP traffic but is designed for eventual use for custom + // TCP upstreams. + // + // For HTTP traffic, Envoy will generally take downstream HTTP and send it upstream as upstream + // HTTP, using the http connection pool and the codec from `http2_protocol_options` + // + // For routes where CONNECT termination is configured, Envoy will take downstream CONNECT + // requests and forward the CONNECT payload upstream over raw TCP using the tcp connection pool. + // + // The default pool used is the generic connection pool which creates the HTTP upstream for most + // HTTP requests, and the TCP upstream if CONNECT termination is configured. + // + // If users desire custom connection pool or upstream behavior, for example terminating + // CONNECT only if a custom filter indicates it is appropriate, the custom factories + // can be registered and configured here. + core.v3.TypedExtensionConfig upstream_config = 48; + repeated core.v3.Address hidden_envoy_deprecated_hosts = 7 [deprecated = true]; envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext hidden_envoy_deprecated_tls_context = diff --git a/generated_api_shadow/envoy/config/cluster/v4alpha/cluster.proto b/generated_api_shadow/envoy/config/cluster/v4alpha/cluster.proto index eab2f2d80fcb7..50c39d4fb526c 100644 --- a/generated_api_shadow/envoy/config/cluster/v4alpha/cluster.proto +++ b/generated_api_shadow/envoy/config/cluster/v4alpha/cluster.proto @@ -8,6 +8,7 @@ import "envoy/config/cluster/v4alpha/outlier_detection.proto"; import "envoy/config/core/v4alpha/address.proto"; import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/health_check.proto"; import "envoy/config/core/v4alpha/protocol.proto"; import "envoy/config/endpoint/v3/endpoint.proto"; @@ -32,7 +33,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: Cluster configuration] // Configuration for a single upstream cluster. -// [#next-free-field: 48] +// [#next-free-field: 49] message Cluster { option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.Cluster"; @@ -816,6 +817,26 @@ message Cluster { // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value // of 100 would indicate that the request took the entirety of the timeout given to it. bool track_timeout_budgets = 47; + + // [#not-implemented-hide:] + // Optional customization and configuration of upstream connection pool, and upstream type. + // + // Currently this field only applies for HTTP traffic but is designed for eventual use for custom + // TCP upstreams. + // + // For HTTP traffic, Envoy will generally take downstream HTTP and send it upstream as upstream + // HTTP, using the http connection pool and the codec from `http2_protocol_options` + // + // For routes where CONNECT termination is configured, Envoy will take downstream CONNECT + // requests and forward the CONNECT payload upstream over raw TCP using the tcp connection pool. + // + // The default pool used is the generic connection pool which creates the HTTP upstream for most + // HTTP requests, and the TCP upstream if CONNECT termination is configured. + // + // If users desire custom connection pool or upstream behavior, for example terminating + // CONNECT only if a custom filter indicates it is appropriate, the custom factories + // can be registered and configured here. + core.v4alpha.TypedExtensionConfig upstream_config = 48; } // [#not-implemented-hide:] Extensible load balancing policy configuration. diff --git a/generated_api_shadow/envoy/extensions/upstreams/http/generic/v3/BUILD b/generated_api_shadow/envoy/extensions/upstreams/http/generic/v3/BUILD new file mode 100644 index 0000000000000..ef3541ebcb1df --- /dev/null +++ b/generated_api_shadow/envoy/extensions/upstreams/http/generic/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/generated_api_shadow/envoy/extensions/upstreams/http/generic/v3/generic_connection_pool.proto b/generated_api_shadow/envoy/extensions/upstreams/http/generic/v3/generic_connection_pool.proto new file mode 100644 index 0000000000000..c6b02364aa2d2 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/upstreams/http/generic/v3/generic_connection_pool.proto @@ -0,0 +1,18 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.generic.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.generic.v3"; +option java_outer_classname = "GenericConnectionPoolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Generic Connection Pool] + +// A connection pool which forwards downstream HTTP as TCP or HTTP to upstream, +// based on CONNECT configuration. +// [#extension: envoy.upstreams.http.generic] +message GenericConnectionPoolProto { +} diff --git a/generated_api_shadow/envoy/extensions/upstreams/http/http/v3/BUILD b/generated_api_shadow/envoy/extensions/upstreams/http/http/v3/BUILD new file mode 100644 index 0000000000000..ef3541ebcb1df --- /dev/null +++ b/generated_api_shadow/envoy/extensions/upstreams/http/http/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/generated_api_shadow/envoy/extensions/upstreams/http/http/v3/http_connection_pool.proto b/generated_api_shadow/envoy/extensions/upstreams/http/http/v3/http_connection_pool.proto new file mode 100644 index 0000000000000..e4c2d6ff9b84f --- /dev/null +++ b/generated_api_shadow/envoy/extensions/upstreams/http/http/v3/http_connection_pool.proto @@ -0,0 +1,17 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.http.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.http.v3"; +option java_outer_classname = "HttpConnectionPoolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Http Connection Pool] + +// A connection pool which forwards downstream HTTP as HTTP to upstream. +// [#extension: envoy.upstreams.http.http] +message HttpConnectionPoolProto { +} diff --git a/generated_api_shadow/envoy/extensions/upstreams/http/tcp/v3/BUILD b/generated_api_shadow/envoy/extensions/upstreams/http/tcp/v3/BUILD new file mode 100644 index 0000000000000..ef3541ebcb1df --- /dev/null +++ b/generated_api_shadow/envoy/extensions/upstreams/http/tcp/v3/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/generated_api_shadow/envoy/extensions/upstreams/http/tcp/v3/tcp_connection_pool.proto b/generated_api_shadow/envoy/extensions/upstreams/http/tcp/v3/tcp_connection_pool.proto new file mode 100644 index 0000000000000..5bc8734cb3f79 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/upstreams/http/tcp/v3/tcp_connection_pool.proto @@ -0,0 +1,17 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.tcp.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.tcp.v3"; +option java_outer_classname = "TcpConnectionPoolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Tcp Connection Pool] + +// A connection pool which forwards downstream HTTP as TCP to upstream, +// [#extension: envoy.upstreams.http.tcp] +message TcpConnectionPoolProto { +} diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index 163efb8ffd70c..2db0cafc06b31 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -188,4 +188,12 @@ EXTENSIONS = { "envoy.internal_redirect_predicates.allow_listed_routes": "//source/extensions/internal_redirect/allow_listed_routes:config", "envoy.internal_redirect_predicates.previous_routes": "//source/extensions/internal_redirect/previous_routes:config", "envoy.internal_redirect_predicates.safe_cross_scheme": "//source/extensions/internal_redirect/safe_cross_scheme:config", + + # Http Upstreams + + "envoy.upstreams.http.generic": "//source/extensions/upstreams/http/generic:config", + "envoy.upstreams.http.http": "//source/extensions/upstreams/http/http:config", + "envoy.upstreams.http.tcp": "//source/extensions/upstreams/http/tcp:config", + + } diff --git a/source/extensions/upstreams/http/generic/BUILD b/source/extensions/upstreams/http/generic/BUILD new file mode 100644 index 0000000000000..7aa32b16a2199 --- /dev/null +++ b/source/extensions/upstreams/http/generic/BUILD @@ -0,0 +1,20 @@ +# placeholder build files for security_posture +# Will be filled in as #11327 lands. +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_package", +) + +licenses(["notice"]) # Apache 2 + +envoy_package() + +envoy_cc_extension( + name = "config", + srcs = [ + ], + hdrs = [ + ], + security_posture = "robust_to_untrusted_downstream", +) diff --git a/source/extensions/upstreams/http/http/BUILD b/source/extensions/upstreams/http/http/BUILD new file mode 100644 index 0000000000000..7aa32b16a2199 --- /dev/null +++ b/source/extensions/upstreams/http/http/BUILD @@ -0,0 +1,20 @@ +# placeholder build files for security_posture +# Will be filled in as #11327 lands. +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_package", +) + +licenses(["notice"]) # Apache 2 + +envoy_package() + +envoy_cc_extension( + name = "config", + srcs = [ + ], + hdrs = [ + ], + security_posture = "robust_to_untrusted_downstream", +) diff --git a/source/extensions/upstreams/http/tcp/BUILD b/source/extensions/upstreams/http/tcp/BUILD new file mode 100644 index 0000000000000..7aa32b16a2199 --- /dev/null +++ b/source/extensions/upstreams/http/tcp/BUILD @@ -0,0 +1,20 @@ +# placeholder build files for security_posture +# Will be filled in as #11327 lands. +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_extension", + "envoy_package", +) + +licenses(["notice"]) # Apache 2 + +envoy_package() + +envoy_cc_extension( + name = "config", + srcs = [ + ], + hdrs = [ + ], + security_posture = "robust_to_untrusted_downstream", +)