Conversation
Sometimes these downloads fail due to transient errors (example: https://github.com/envoyproxy/envoy-mobile/runs/6728606246?check_suite_focus=true) and a retry will succeed. Configure the downloader to retry twice before giving up. Signed-off-by: JP Simard <jp@jpsim.com>
Adds an RTDS integration test for Envoy Mobile This test does a simple verification that the RTDS protocol within the xDS family is working correctly. A subsequent PR will improve upon the test coverage. As part of this change, the common parts of running a Envoy Mobile client integration test were refactored out into a new BaseClientIntegrationTest class. Both ClientIntegrationTest and RtdsIntegrationTest inherit from BaseClientIntegrationTest. NB: the parameterized test currently fails when using IPv6. This will be debugged and fixed in a subsequent PR. Signed-off-by: Ali Beyad <abeyad@google.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: GitHub Action <noreply@github.com> Co-authored-by: jpsim <jpsim@users.noreply.github.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: GitHub Action <noreply@github.com> Co-authored-by: jpsim <jpsim@users.noreply.github.com> Signed-off-by: JP Simard <jp@jpsim.com>
Rejecting requests which don't have an https scheme if Android disallows cleartext Risk Level: High Testing: TODO (envoyproxy/envoy-mobile#2341) Docs Changes: n/a Release Notes: inline Fixes #1572 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
And validate that it builds successfully on CI. Ideally we'd have a whole suite of example integrations that validate all our supported installation methods, but this should be a good start. I reached out to the owner of https://catfacts.ninja to make sure this usage is within the terms of service and will update to use something else if necessary. https://user-images.githubusercontent.com/474794/171312056-2167333a-fb88-4cfe-aa30-353cceaa49a0.mp4 Signed-off-by: JP Simard <jp@jpsim.com>
As a precursor to adding brotli, making the decompressor configurable. Description: Risk Level: low Testing: new unit tests Docs Changes: n/a Release Notes: in the next PR Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
Description: Adds EngineBuilder API and internal support for registering a platform key-value store on iOS. Internally this may be leveraged for HTTP caching, endpoint protocol support caching, and use in filters. Risk: Moderate Testing: Updated coverage. Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Description: Updates the exposed KeyValueStore type to be a more traditional implementable interface, and provides a simple persisting implementation based on Android SharedPreferences. Risk: Low Testing: Application Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Adding the option to configure brotli in the bulder Risk Level: low off by default Testing: cc unit tests, updated java tests Docs Changes: n/a Release Notes: inline Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
We may be interested in experimenting with network monitoring & interface switching completely disabled to assess the impact of this feature. Disabling network switching is not something we recommend generally. Risk Level: Low, adds the ability to disable network switching on an opt-in basis Testing: Updated unit tests Docs Changes: Added Release Notes: Added Signed-off-by: JP Simard <jp@jpsim.com>
To pull in bazelbuild/rules_apple#1488, which should fix our CocoaPods integration and allow us to re-add it. Risk Level: Medium for iOS users who use the xcframework, low for everyone else Testing: There's a recent CI job that validates SwiftPM integration that acts as a good integration test for this Docs Changes: None for now, this isn't really a user-facing change, as Xcode/SwiftPM handles both the old and new xcframework format/layout transparently Release Notes: None for now, this isn't really a user-facing change Signed-off-by: JP Simard <jp@jpsim.com>
Description: Update the list of clusters in docs. Risk Level: None. Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: Rafal Augustyniak <raugustyniak@lyft.com> Signed-off-by: JP Simard <jp@jpsim.com>
To account for recent changes to defaults: actions/runner-images#5595 Signed-off-by: JP Simard <jp@jpsim.com>
Bitcode is all but dead at this point. Here's a deprecation note from the Xcode 14 beta 1 release notes: https://developer.apple.com/documentation/Xcode-Release-Notes/xcode-14-release-notes > Starting with Xcode 14, bitcode is no longer required for watchOS and > tvOS applications, and the App Store no longer accepts bitcode > submissions from Xcode 14. > Xcode no longer builds bitcode by default and generates a warning > message if a project explicitly enables bitcode: “Building with > bitcode is deprecated. Please update your project and/or target > settings to disable bitcode.” The capability to build with bitcode > will be removed in a future Xcode release. IPAs that contain bitcode > will have the bitcode stripped before being submitted to the App > Store. Debug symbols for past bitcode submissions remain available > for download. (86118779) * Don't recompress xcarchive There are no longer any bad CRC errors, and bazel's compression is slightly better than the system's `zip` (94MB vs 97MB). Signed-off-by: JP Simard <jp@jpsim.com>
Description: Previously, gzip decompression was always enabled in base configuration. This makes both gzip and brotli decompression configurable, with gzip defaulting to on (as it was previously) and brotli defaulting to off. No changes to usage of EngineBuilder need to be made to maintain existing behavior. Risk Level: Moderate Testing: Added config coverage. Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Description: Improves security with respect to third-party actions. See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions I also read through the recent commits and updated to the latest release, since it contained a few bugfixes. Risk: Low Testing: CI Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: GitHub Action <noreply@github.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: GitHub Action <noreply@github.com> Signed-off-by: JP Simard <jp@jpsim.com>
Replacing the default dns resolver in the config string to be correct for the OS in question. Replaced overrides in the swift code now that the base config handles it. Risk Level: low Testing: existing tests should verify correctness Docs Changes: n/a Release Notes: did not add Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: JP Simard <jp@jpsim.com>
Risk Level: low Testing: yep Release Notes: inline Fixes #2303 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
These are already being filtered out of our stats inclusion list, so this isn't a user-facing change, but this is needed to support the singleton removal work in envoyproxy/envoy-mobile#2129. Splitting this out into its own PR to reduce the scope of the singleton removal change. Co-authored-by: alyssawilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: JP Simard <jp@jpsim.com>
followup to #2362 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
To simplify running sample iOS apps for physical devices. Co-authored-by: Brentley Jones <github@brentleyjones.com> Signed-off-by: JP Simard <jp@jpsim.com>
Do not strip AndroidCertVerifyResult methods with proguard Signed-off-by: Ryan Hamilton <rch@google.com> Signed-off-by: JP Simard <jp@jpsim.com>
This gets EM to pass Envoy format checks. Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
The initial_fetch_timeout is needed in the tests, as described in #2678 (comment). Signed-off-by: Ali Beyad <abeyad@google.com> Signed-off-by: JP Simard <jp@jpsim.com>
) This fixes a bug where sometimes the RtdsIntegrationTest would fail because we would check the updates after the DiscoveryResponse was sent but before ensuring the RTDS updates in the response have been applied by the Envoy engine. Signed-off-by: Ali Beyad <abeyad@google.com> Signed-off-by: JP Simard <jp@jpsim.com>
…ts (#2677) Instead of requiring adding the code addLogLevel() to an integration test to get finer-grained logging, now we can specify the log level on the command line via --test_arg="-l LOG_LEVEL", just like for the Envoy integration tests. For example: bazel test --test_arg="-l trace" //test/common/integration:rtds_integration_test Limitations: This flag only applies to C++ integration tests (not unit tests or other language tests). Signed-off-by: Ali Beyad <abeyad@google.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Ryan Hamilton rch@google.com Follow up from https://github.com/envoyproxy/envoy-mobile/pull/2667/files/2499cc1751d8de78d0e74ca7acc2da622dbc402e#diff-767c4a04d30b269fb25067e63d4b374c1e43dbc201bbea33121cac3af963abdc Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
Fix #2697 Signed-off-by: Ryan Northey ryan@synca.io Signed-off-by: JP Simard <jp@jpsim.com>
Fix a possible use-after-free with platform cert verification by using a unique_ptr in the flat_hash_set of pending validations. The flat_hash_set does not ensure pointer stability, but the validation thread holds a pointer to the PendingVerification, which is problematic. This PR makes PendingVerification non-moveable and non-copyable which avoids this problem. There is also another potential use-after free in that the task posted to the dispatcher deletes the PendingValidation, but the PendingValidation touches member variables after the call to post. Reordered the call to post to avoid this. Fixes #2691 Signed-off-by: Ryan Hamilton rch@google.com Signed-off-by: JP Simard <jp@jpsim.com>
This fixes up issues exposed in #24151 where the PlatformBridgeCertValidatorFactory was not associated with the PlatformBridgeCertValidator proto. Risk Level: low Testing: #24151 Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: JP Simard <jp@jpsim.com>
Rename release_validator to validation_cleanup. The release_validator function does not actually release the validator. On iOS is does nothing and on Android it merely detaches the JVM from the current thread. So "cleanup validation" is a better description of it's function than "release validator" and matches the existing description "to clean up after validation completion." Signed-off-by: Ryan Hamilton rch@google.com Signed-off-by: JP Simard <jp@jpsim.com>
Remove unused next_iteration_callback_ member. Remove unused config_ member. Make some members const. Use hostname instead of host_name. Pass in the list of subject alt names instead of passing in the transport socket options. Risk Level: Low Testing: No behavior change Docs Changes: N/A Release Notes: N/A Signed-off-by: Ryan Hamilton rch@google.com Signed-off-by: JP Simard <jp@jpsim.com>
Co-authored-by: jpsim <jpsim@users.noreply.github.com> Signed-off-by: GitHub Action <noreply@github.com> Signed-off-by: JP Simard <jp@jpsim.com>
Removing Admin from release builds by default Risk Level: medium Testing: n/a Docs Changes: n/a Release Notes: inline Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: alyssawilk <alyssar@google.com> Co-authored-by: JP Simard <jp@jpsim.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: GitHub Action <noreply@github.com> Co-authored-by: jpsim <jpsim@users.noreply.github.com> Signed-off-by: JP Simard <jp@jpsim.com>
…roxy/envoy/pull/24187/files (#2707) Fix typo in starting_envoy.rst Backport of https://github.com/envoyproxy/envoy/pull/24187/files Signed-off-by: Ryan Hamilton <rch@google.com> Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: JP Simard <jp@jpsim.com>
jpsim
requested review from
Augustyniak,
RyanTheOptimist,
abeyad and
alyssawilk
as code owners
repokitteh-read-only
Bot
added
the
deps
|
CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to |
alyssawilk
approved these changes
Nov 29, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This re-imports the Envoy Mobile repo, this time preserving git history so that
git logandgit blameremain useful.This is the second version of #24233, which did not preserve git history cleanly due to the PR being merged instead of rebased on
main.mobiledirectorygit-filter-repo --to-subdirectory-filter mobileusing https://github.com/newren/git-filter-repomobile/that were done in https://github.com/envoyproxy/envoy in the last weekPart of #23758