diff --git a/WORKSPACE b/WORKSPACE index b864fa6513a..6c349d8d3be 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -38,7 +38,7 @@ git_repository( ) # When updating envoy sha manually please update the sha in istio.deps file also -ENVOY_SHA = "2b2c299144600fb9e525d21aabf39bf48e64fb1f" +ENVOY_SHA = "12c470e666d23f1cedaea92cdae6c747d6081dfe" http_archive( name = "envoy", diff --git a/istio.deps b/istio.deps index d646d377bc2..26b49d49f7d 100644 --- a/istio.deps +++ b/istio.deps @@ -4,13 +4,13 @@ "name": "ISTIO_API", "repoName": "api", "file": "repositories.bzl", - "lastStableSHA": "78da6e6eb4ad4f158fb58e02f94efde4abf4cabf" + "lastStableSHA": "9b8e46e9e9710d6a8b50772964ef2194b0b26bd7" }, { "_comment": "", "name": "ENVOY_SHA", "repoName": "envoyproxy/envoy", "file": "WORKSPACE", - "lastStableSHA": "2b2c299144600fb9e525d21aabf39bf48e64fb1f" + "lastStableSHA": "12c470e666d23f1cedaea92cdae6c747d6081dfe" } ] \ No newline at end of file diff --git a/repositories.bzl b/repositories.bzl index a3cd41685c5..02d5fd0590a 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -113,7 +113,7 @@ cc_library( actual = "@googletest_git//:googletest_prod", ) -ISTIO_API = "78da6e6eb4ad4f158fb58e02f94efde4abf4cabf" +ISTIO_API = "9b8e46e9e9710d6a8b50772964ef2194b0b26bd7" def mixerapi_repositories(bind=True): BUILD = """ diff --git a/script/release-binary b/script/release-binary index da638b29beb..01bcc911aa6 100755 --- a/script/release-binary +++ b/script/release-binary @@ -44,14 +44,28 @@ UBUNTU_RELEASE=${UBUNTU_RELEASE:-$(lsb_release -c -s)} # The proxy binary name. SHA="$(git rev-parse --verify HEAD)" -BINARY_NAME="envoy-alpha-${SHA}.tar.gz" -SHA256_NAME="envoy-alpha-${SHA}.sha256" + +BINARY_NAME="envoy-symbol-${SHA}.tar.gz" +SHA256_NAME="envoy-symbol-${SHA}.sha256" # If binary already exists skip. gsutil stat "${DST}/${BINARY_NAME}" \ && { echo 'Binary already exists'; exit 0; } \ || echo 'Building a new binary.' +# Build the release binary with symbol +bazel --batch build --config=release-symbol //src/envoy:envoy_tar +BAZEL_TARGET="bazel-bin/src/envoy/envoy_tar.tar.gz" +cp -f "${BAZEL_TARGET}" "${BINARY_NAME}" +sha256sum "${BINARY_NAME}" > "${SHA256_NAME}" + +# Copy it to the bucket. +echo "Copying ${BINARY_NAME} ${SHA256_NAME} to ${DST}/" +gsutil cp "${BINARY_NAME}" "${SHA256_NAME}" "${DST}/" + +BINARY_NAME="envoy-alpha-${SHA}.tar.gz" +SHA256_NAME="envoy-alpha-${SHA}.sha256" + # Build the release binary bazel --batch build --config=release //src/envoy:envoy_tar BAZEL_TARGET="bazel-bin/src/envoy/envoy_tar.tar.gz" diff --git a/src/envoy/alts/alts_socket_factory.cc b/src/envoy/alts/alts_socket_factory.cc index 824be574eea..a4e24ab43d8 100644 --- a/src/envoy/alts/alts_socket_factory.cc +++ b/src/envoy/alts/alts_socket_factory.cc @@ -107,8 +107,8 @@ UpstreamAltsTransportSocketConfigFactory::createTransportSocketFactory( Network::TransportSocketFactoryPtr DownstreamAltsTransportSocketConfigFactory::createTransportSocketFactory( - const std::string &, const std::vector &, bool, - const Protobuf::Message &message, TransportSocketFactoryContext &) { + const Protobuf::Message &message, TransportSocketFactoryContext &, + const std::vector &) { auto config = MessageUtil::downcastAndValidate( message); diff --git a/src/envoy/alts/alts_socket_factory.h b/src/envoy/alts/alts_socket_factory.h index 85f3004bdc6..797f5d87787 100644 --- a/src/envoy/alts/alts_socket_factory.h +++ b/src/envoy/alts/alts_socket_factory.h @@ -39,8 +39,8 @@ class DownstreamAltsTransportSocketConfigFactory public DownstreamTransportSocketConfigFactory { public: Network::TransportSocketFactoryPtr createTransportSocketFactory( - const std::string &, const std::vector &, bool, - const Protobuf::Message &, TransportSocketFactoryContext &) override; + const Protobuf::Message &, TransportSocketFactoryContext &, + const std::vector &) override; }; } // namespace Configuration } // namespace Server diff --git a/src/envoy/http/authn/http_filter.cc b/src/envoy/http/authn/http_filter.cc index e8fe41be1d2..2767ad39baf 100644 --- a/src/envoy/http/authn/http_filter.cc +++ b/src/envoy/http/authn/http_filter.cc @@ -114,8 +114,8 @@ void AuthenticationFilter::rejectRequest(const std::string& message) { return; } state_ = State::REJECTED; - Utility::sendLocalReply(*decoder_callbacks_, false, Http::Code::Unauthorized, - message); + decoder_callbacks_->sendLocalReply(Http::Code::Unauthorized, message, + nullptr); } std::unique_ptr diff --git a/src/envoy/http/authn/http_filter_integration_test.cc b/src/envoy/http/authn/http_filter_integration_test.cc index 5690ef7766c..6bcd32445a1 100644 --- a/src/envoy/http/authn/http_filter_integration_test.cc +++ b/src/envoy/http/authn/http_filter_integration_test.cc @@ -62,16 +62,17 @@ TEST_P(AuthenticationFilterIntegrationTest, EmptyPolicy) { createTestServer("src/envoy/http/authn/testdata/envoy_empty.conf", {"http"}); codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - codec_client_->makeHeaderOnlyRequest(default_request_headers_, *response_); + auto response = + codec_client_->makeHeaderOnlyRequest(default_request_headers_); // Wait for request to upstream[0] (backend) waitForNextUpstreamRequest(0); // Send backend response. upstream_request_->encodeHeaders(Http::TestHeaderMapImpl{{":status", "200"}}, true); - response_->waitForEndStream(); - EXPECT_TRUE(response_->complete()); - EXPECT_STREQ("200", response_->headers().Status()->value().c_str()); + response->waitForEndStream(); + EXPECT_TRUE(response->complete()); + EXPECT_STREQ("200", response->headers().Status()->value().c_str()); } TEST_P(AuthenticationFilterIntegrationTest, SourceMTlsFail) { @@ -82,13 +83,14 @@ TEST_P(AuthenticationFilterIntegrationTest, SourceMTlsFail) { // would be rejected. codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - codec_client_->makeHeaderOnlyRequest(default_request_headers_, *response_); + auto response = + codec_client_->makeHeaderOnlyRequest(default_request_headers_); // Request is rejected, there will be no upstream request (thus no // waitForNextUpstreamRequest). - response_->waitForEndStream(); - EXPECT_TRUE(response_->complete()); - EXPECT_STREQ("401", response_->headers().Status()->value().c_str()); + response->waitForEndStream(); + EXPECT_TRUE(response->complete()); + EXPECT_STREQ("401", response->headers().Status()->value().c_str()); } // TODO (diemtvu/lei-tang): add test for MTls success. @@ -102,13 +104,14 @@ TEST_P(AuthenticationFilterIntegrationTest, OriginJwtRequiredHeaderNoJwtFail) { // would be rejected. codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - codec_client_->makeHeaderOnlyRequest(default_request_headers_, *response_); + auto response = + codec_client_->makeHeaderOnlyRequest(default_request_headers_); // Request is rejected, there will be no upstream request (thus no // waitForNextUpstreamRequest). - response_->waitForEndStream(); - EXPECT_TRUE(response_->complete()); - EXPECT_STREQ("401", response_->headers().Status()->value().c_str()); + response->waitForEndStream(); + EXPECT_TRUE(response->complete()); + EXPECT_STREQ("401", response->headers().Status()->value().c_str()); } TEST_P(AuthenticationFilterIntegrationTest, CheckValidJwtPassAuthentication) { @@ -120,7 +123,8 @@ TEST_P(AuthenticationFilterIntegrationTest, CheckValidJwtPassAuthentication) { // the authentication should succeed. codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_, *response_); + auto response = + codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_); // Wait for request to upstream[0] (backend) waitForNextUpstreamRequest(0); @@ -128,9 +132,9 @@ TEST_P(AuthenticationFilterIntegrationTest, CheckValidJwtPassAuthentication) { upstream_request_->encodeHeaders(Http::TestHeaderMapImpl{{":status", "200"}}, true); - response_->waitForEndStream(); - EXPECT_TRUE(response_->complete()); - EXPECT_STREQ("200", response_->headers().Status()->value().c_str()); + response->waitForEndStream(); + EXPECT_TRUE(response->complete()); + EXPECT_STREQ("200", response->headers().Status()->value().c_str()); } TEST_P(AuthenticationFilterIntegrationTest, CheckConsumedJwtHeadersAreRemoved) { @@ -164,11 +168,12 @@ TEST_P(AuthenticationFilterIntegrationTest, CheckConsumedJwtHeadersAreRemoved) { // should be generated. codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - codec_client_->makeHeaderOnlyRequest( - request_headers_with_jwt_at_specified_location, *response_); + auto response = codec_client_->makeHeaderOnlyRequest( + request_headers_with_jwt_at_specified_location); // Wait for request to upstream[0] (backend) waitForNextUpstreamRequest(0); + response->waitForEndStream(); // After Istio authn, the JWT headers consumed by Istio authn should have // been removed. @@ -185,10 +190,12 @@ TEST_P(AuthenticationFilterIntegrationTest, CheckAuthnResultIsExpected) { // should be generated. codec_client_ = makeHttpConnection(makeClientConnection((lookupPort("http")))); - codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_, *response_); + auto response = + codec_client_->makeHeaderOnlyRequest(request_headers_with_jwt_); // Wait for request to upstream[0] (backend) waitForNextUpstreamRequest(0); + response->waitForEndStream(); // Authn result should be as expected const Envoy::Http::HeaderString &header_value = diff --git a/src/envoy/http/jwt_auth/http_filter.cc b/src/envoy/http/jwt_auth/http_filter.cc index f964f93cda5..1b7c35b621a 100644 --- a/src/envoy/http/jwt_auth/http_filter.cc +++ b/src/envoy/http/jwt_auth/http_filter.cc @@ -70,8 +70,8 @@ void JwtVerificationFilter::onDone(const JwtAuth::Status& status) { // verification failed Code code = Code(401); // Unauthorized // return failure reason as message body - Utility::sendLocalReply(*decoder_callbacks_, false, code, - JwtAuth::StatusToString(status)); + decoder_callbacks_->sendLocalReply(code, JwtAuth::StatusToString(status), + nullptr); return; } diff --git a/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc b/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc index 5d53ba3cff3..d606ee1b9c5 100644 --- a/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc +++ b/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc @@ -116,8 +116,7 @@ class JwtVerificationFilterIntegrationTest IntegrationCodecClientPtr codec_client; FakeHttpConnectionPtr fake_upstream_connection_issuer; FakeHttpConnectionPtr fake_upstream_connection_backend; - IntegrationStreamDecoderPtr response( - new IntegrationStreamDecoder(*dispatcher_)); + IntegrationStreamDecoderPtr response; FakeStreamPtr request_stream_issuer; FakeStreamPtr request_stream_backend; @@ -125,12 +124,12 @@ class JwtVerificationFilterIntegrationTest // Send a request to Envoy. if (!request_body.empty()) { - Http::StreamEncoder& encoder = - codec_client->startRequest(request_headers, *response); + auto encoder_decoder = codec_client->startRequest(request_headers); Buffer::OwnedImpl body(request_body); - codec_client->sendData(encoder, body, true); + codec_client->sendData(encoder_decoder.first, body, true); + response = std::move(encoder_decoder.second); } else { - codec_client->makeHeaderOnlyRequest(request_headers, *response); + response = codec_client->makeHeaderOnlyRequest(request_headers); } // Empty issuer_response_body indicates issuer will not be called. @@ -372,7 +371,7 @@ TEST_P(JwtVerificationFilterIntegrationTestWithInjectedJwtResult, FakeStreamPtr request_stream_backend; codec_client = makeHttpConnection(lookupPort("http")); // Send a request to Envoy. - codec_client->makeHeaderOnlyRequest(headers, *response); + response = codec_client->makeHeaderOnlyRequest(headers); fake_upstream_connection_backend = fake_upstreams_[0]->waitForHttpConnection(*dispatcher_); request_stream_backend = diff --git a/src/envoy/http/mixer/filter.cc b/src/envoy/http/mixer/filter.cc index 597ec5af51c..35dd2a09d0a 100644 --- a/src/envoy/http/mixer/filter.cc +++ b/src/envoy/http/mixer/filter.cc @@ -186,8 +186,8 @@ void Filter::completeCheck(const Status& status) { if (!status.ok() && state_ != Responded) { state_ = Responded; int status_code = ::istio::utils::StatusHttpCode(status.error_code()); - Utility::sendLocalReply(*decoder_callbacks_, false, Code(status_code), - status.ToString()); + decoder_callbacks_->sendLocalReply(Code(status_code), status.ToString(), + nullptr); return; } diff --git a/tools/bazel.rc b/tools/bazel.rc index 4ce27056965..942b60e4fea 100644 --- a/tools/bazel.rc +++ b/tools/bazel.rc @@ -47,10 +47,13 @@ build:clang-msan --copt -fsanitize-memory-track-origins=2 # Test options test --test_env=HEAPCHECK=normal --test_env=PPROF_PATH -# Release builds +# Release builds without debug symbols. build:release -c opt build:release --strip=always +# Release builds with debug symbols +build:release-symbol -c opt + # Add compile option for all C++ files build --cxxopt -Wnon-virtual-dtor build --cxxopt -Wformat