Release-0.8: Update envoy sha to bb6762a058

WORKSPACE

@@ -38,7 +38,7 @@ git_repository(
 )
 
 # When updating envoy sha manually please update the sha in istio.deps file also
-ENVOY_SHA = "2b2c299144600fb9e525d21aabf39bf48e64fb1f"
+ENVOY_SHA = "12c470e666d23f1cedaea92cdae6c747d6081dfe"
 
 http_archive(
     name = "envoy",

istio.deps

@@ -11,6 +11,6 @@
 		"name": "ENVOY_SHA",
 		"repoName": "envoyproxy/envoy",
 		"file": "WORKSPACE",
-		"lastStableSHA": "2b2c299144600fb9e525d21aabf39bf48e64fb1f"
+		"lastStableSHA": "12c470e666d23f1cedaea92cdae6c747d6081dfe"
 	}
 ]

src/envoy/alts/alts_socket_factory.cc

@@ -107,8 +107,8 @@ UpstreamAltsTransportSocketConfigFactory::createTransportSocketFactory(
 
 Network::TransportSocketFactoryPtr
 DownstreamAltsTransportSocketConfigFactory::createTransportSocketFactory(
-    const std::string &, const std::vector<std::string> &, bool,
-    const Protobuf::Message &message, TransportSocketFactoryContext &) {
+    const Protobuf::Message &message, TransportSocketFactoryContext &,
+    const std::vector<std::string> &) {
   auto config =
       MessageUtil::downcastAndValidate<const envoy::security::v2::AltsSocket &>(
           message);

src/envoy/alts/alts_socket_factory.h

@@ -39,8 +39,8 @@ class DownstreamAltsTransportSocketConfigFactory
       public DownstreamTransportSocketConfigFactory {
  public:
   Network::TransportSocketFactoryPtr createTransportSocketFactory(
-      const std::string &, const std::vector<std::string> &, bool,
-      const Protobuf::Message &, TransportSocketFactoryContext &) override;
+      const Protobuf::Message &, TransportSocketFactoryContext &,
+      const std::vector<std::string> &) override;
 };
 }  // namespace Configuration
 }  // namespace Server

src/envoy/http/authn/http_filter.cc

@@ -114,8 +114,8 @@ void AuthenticationFilter::rejectRequest(const std::string& message) {
     return;
   }
   state_ = State::REJECTED;
-  Utility::sendLocalReply(*decoder_callbacks_, false, Http::Code::Unauthorized,
-                          message);
+  decoder_callbacks_->sendLocalReply(Http::Code::Unauthorized, message,
+                                     nullptr);
 }
 
 std::unique_ptr<Istio::AuthN::AuthenticatorBase>

src/envoy/http/authn/http_filter_integration_test.cc

@@ -62,16 +62,17 @@ TEST_P(AuthenticationFilterIntegrationTest, EmptyPolicy) {
   createTestServer("src/envoy/http/authn/testdata/envoy_empty.conf", {"http"});
   codec_client_ =
       makeHttpConnection(makeClientConnection((lookupPort("http"))));
-  codec_client_->makeHeaderOnlyRequest(default_request_headers_, *response_);
+  auto response =
+      codec_client_->makeHeaderOnlyRequest(default_request_headers_);
   // Wait for request to upstream[0] (backend)
   waitForNextUpstreamRequest(0);
   // Send backend response.
   upstream_request_->encodeHeaders(Http::TestHeaderMapImpl{{":status", "200"}},
                                    true);
 
-  response_->waitForEndStream();
-  EXPECT_TRUE(response_->complete());
-  EXPECT_STREQ("200", response_->headers().Status()->value().c_str());
+  response->waitForEndStream();
+  EXPECT_TRUE(response->complete());
+  EXPECT_STREQ("200", response->headers().Status()->value().c_str());
 }
 
 TEST_P(AuthenticationFilterIntegrationTest, SourceMTlsFail) {
@@ -82,13 +83,14 @@ TEST_P(AuthenticationFilterIntegrationTest, SourceMTlsFail) {
   // would be rejected.
   codec_client_ =
       makeHttpConnection(makeClientConnection((lookupPort("http"))));
-  codec_client_->makeHeaderOnlyRequest(default_request_headers_, *response_);
+  auto response =
+      codec_client_->makeHeaderOnlyRequest(default_request_headers_);
 
   // Request is rejected, there will be no upstream request (thus no
   // waitForNextUpstreamRequest).
-  response_->waitForEndStream();
-  EXPECT_TRUE(response_->complete());
-  EXPECT_STREQ("401", response_->headers().Status()->value().c_str());
+  response->waitForEndStream();
+  EXPECT_TRUE(response->complete());
+  EXPECT_STREQ("401", response->headers().Status()->value().c_str());
 }
 
 // TODO (diemtvu/lei-tang): add test for MTls success.
@@ -102,13 +104,14 @@ TEST_P(AuthenticationFilterIntegrationTest, OriginJwtRequiredHeaderNoJwtFail) {
   // would be rejected.
   codec_client_ =
       makeHttpConnection(makeClientConnection((lookupPort("http"))));
-  codec_client_->makeHeaderOnlyRequest(default_request_headers_, *response_);
+  auto response =
+      codec_client_->makeHeaderOnlyRequest(default_request_headers_);
 
   // Request is rejected, there will be no upstream request (thus no
   // waitForNextUpstreamRequest).
-  response_->waitForEndStream();
-  EXPECT_TRUE(response_->complete());
-  EXPECT_STREQ("401", response_->headers().Status()->value().c_str());
+  response->waitForEndStream();
+  EXPECT_TRUE(response->complete());
+  EXPECT_STREQ("401", response->headers().Status()->value().c_str());
 }
 
 TEST_P(AuthenticationFilterIntegrationTest, CheckValidJwtPassAuthentication) {
@@ -120,17 +123,18 @@ TEST_P(AuthenticationFilterIntegrationTest, CheckValidJwtPassAuthentication) {
   // the authentication should succeed.
   codec_client_ =
       makeHttpConnection(makeClientConnection((lookupPort("http"))));
-  codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_, *response_);
+  auto response =
+      codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_);
 
   // Wait for request to upstream[0] (backend)
   waitForNextUpstreamRequest(0);
   // Send backend response.
   upstream_request_->encodeHeaders(Http::TestHeaderMapImpl{{":status", "200"}},
                                    true);
 
-  response_->waitForEndStream();
-  EXPECT_TRUE(response_->complete());
-  EXPECT_STREQ("200", response_->headers().Status()->value().c_str());
+  response->waitForEndStream();
+  EXPECT_TRUE(response->complete());
+  EXPECT_STREQ("200", response->headers().Status()->value().c_str());
 }
 
 TEST_P(AuthenticationFilterIntegrationTest, CheckConsumedJwtHeadersAreRemoved) {
@@ -164,11 +168,12 @@ TEST_P(AuthenticationFilterIntegrationTest, CheckConsumedJwtHeadersAreRemoved) {
   // should be generated.
   codec_client_ =
       makeHttpConnection(makeClientConnection((lookupPort("http"))));
-  codec_client_->makeHeaderOnlyRequest(
-      request_headers_with_jwt_at_specified_location, *response_);
+  auto response = codec_client_->makeHeaderOnlyRequest(
+      request_headers_with_jwt_at_specified_location);
 
   // Wait for request to upstream[0] (backend)
   waitForNextUpstreamRequest(0);
+  response->waitForEndStream();
 
   // After Istio authn, the JWT headers consumed by Istio authn should have
   // been removed.
@@ -185,10 +190,12 @@ TEST_P(AuthenticationFilterIntegrationTest, CheckAuthnResultIsExpected) {
   // should be generated.
   codec_client_ =
       makeHttpConnection(makeClientConnection((lookupPort("http"))));
-  codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_, *response_);
+  auto response =
+      codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_);
 
   // Wait for request to upstream[0] (backend)
   waitForNextUpstreamRequest(0);
+  response->waitForEndStream();
 
   // Authn result should be as expected
   const Envoy::Http::HeaderString &header_value =

src/envoy/http/jwt_auth/http_filter.cc

@@ -70,8 +70,8 @@ void JwtVerificationFilter::onDone(const JwtAuth::Status& status) {
     // verification failed
     Code code = Code(401);  // Unauthorized
     // return failure reason as message body
-    Utility::sendLocalReply(*decoder_callbacks_, false, code,
-                            JwtAuth::StatusToString(status));
+    decoder_callbacks_->sendLocalReply(code, JwtAuth::StatusToString(status),
+                                       nullptr);
     return;
   }
 

src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc

@@ -116,21 +116,20 @@ class JwtVerificationFilterIntegrationTest
     IntegrationCodecClientPtr codec_client;
     FakeHttpConnectionPtr fake_upstream_connection_issuer;
     FakeHttpConnectionPtr fake_upstream_connection_backend;
-    IntegrationStreamDecoderPtr response(
-        new IntegrationStreamDecoder(*dispatcher_));
+    IntegrationStreamDecoderPtr response;
     FakeStreamPtr request_stream_issuer;
     FakeStreamPtr request_stream_backend;
 
     codec_client = makeHttpConnection(lookupPort("http"));
 
     // Send a request to Envoy.
     if (!request_body.empty()) {
-      Http::StreamEncoder& encoder =
-          codec_client->startRequest(request_headers, *response);
+      auto encoder_decoder = codec_client->startRequest(request_headers);
       Buffer::OwnedImpl body(request_body);
-      codec_client->sendData(encoder, body, true);
+      codec_client->sendData(encoder_decoder.first, body, true);
+      response = std::move(encoder_decoder.second);
     } else {
-      codec_client->makeHeaderOnlyRequest(request_headers, *response);
+      response = codec_client->makeHeaderOnlyRequest(request_headers);
     }
 
     // Empty issuer_response_body indicates issuer will not be called.
@@ -372,7 +371,7 @@ TEST_P(JwtVerificationFilterIntegrationTestWithInjectedJwtResult,
   FakeStreamPtr request_stream_backend;
   codec_client = makeHttpConnection(lookupPort("http"));
   // Send a request to Envoy.
-  codec_client->makeHeaderOnlyRequest(headers, *response);
+  response = codec_client->makeHeaderOnlyRequest(headers);
   fake_upstream_connection_backend =
       fake_upstreams_[0]->waitForHttpConnection(*dispatcher_);
   request_stream_backend =

src/envoy/http/mixer/filter.cc

@@ -186,8 +186,8 @@ void Filter::completeCheck(const Status& status) {
   if (!status.ok() && state_ != Responded) {
     state_ = Responded;
     int status_code = ::istio::utils::StatusHttpCode(status.error_code());
-    Utility::sendLocalReply(*decoder_callbacks_, false, Code(status_code),
-                            status.ToString());
+    decoder_callbacks_->sendLocalReply(Code(status_code), status.ToString(),
+                                       nullptr);
     return;
   }