Commit graph

11 commits

Author SHA1 Message Date
Michael Zalimeni 4cae008559
Disable remote proxy patching except AWS Lambda (#17415)
To avoid unintended tampering with remote downstreams via service
config, refactor BasicEnvoyExtender and RuntimeConfig to disallow
typical Envoy extensions from being applied to non-local proxies.

Continue to allow this behavior for AWS Lambda and the read-only
Validate builtin extensions.

Addresses CVE-2023-2816.
2023-05-23 11:55:06 +00:00
Ronald 71fb0a723e
Copyright headers for missing files/folders (#16708)
* copyright headers for agent folder
2023-03-28 18:48:58 -04:00
Nitya Dhanushkodi 9d255fe057
troubleshoot: fixes and updated messages (#16294) 2023-02-17 07:43:05 -08:00
malizz f01b653163
get clusters from route if listener uses RDS (#16243) 2023-02-13 12:50:32 -08:00
malizz eabc5ce390
troubleshoot basic envoy stats for an upstream (#16215)
* troubleshoot basic envoy stats for an upstream

* remove envoyID arg
2023-02-09 12:06:31 -08:00
malizz 834ef73e8a
update troubleshoot CLI, update flags and upstreams output (#16211)
* update troubleshoot CLI, update flags and upstreams output

* update troubleshoot upstreams output
2023-02-08 16:05:22 -08:00
Nitya Dhanushkodi bc7badae9f
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2023-02-08 13:03:15 -08:00
malizz 1e9d9e2493
get upstream IPs (#16197)
* get upstream IPs

* separate test data

* fix lint issue

* fix lint issue
2023-02-07 14:57:31 -08:00
malizz 1777e9ec8f
add cert tests (#16192) 2023-02-07 09:58:00 -08:00
malizz 86b3ed6319
exclude inbound/outbound listeners from upstreams output (#16184) 2023-02-06 18:48:55 -08:00
Nitya Dhanushkodi 77f6b20db0
refactor: remove troubleshoot module dependency on consul top level module (#16162)
Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul.

* turns troubleshoot into a go module [authored by @curtbushko]
* gets the envoy protos into the troubleshoot module [authored by @curtbushko]
* adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import
* adds testing and linting for the new go modules
* moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package
* fixes all the imports everywhere as a result of these changes 

Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 09:14:35 -08:00