docs: Unexclude remaining configs from validation

configs/configgen.sh

@@ -9,16 +9,20 @@ shift
 
 mkdir -p "$OUT_DIR/certs"
 mkdir -p "$OUT_DIR/lib"
+mkdir -p "$OUT_DIR/protos"
 "$CONFIGGEN" "$OUT_DIR"
 
 for FILE in "$@"; do
   case "$FILE" in
-  *.pem)
+  *.pem|*.der)
     cp "$FILE" "$OUT_DIR/certs"
     ;;
   *.lua)
     cp "$FILE" "$OUT_DIR/lib"
     ;;
+  *.pb)
+    cp "$FILE" "$OUT_DIR/protos"
+    ;;
   *)
 
     FILENAME="$(echo "$FILE" | sed -e 's/.*examples\///g')"
@@ -29,4 +33,4 @@ for FILE in "$@"; do
 done
 
 # tar is having issues with -C for some reason so just cd into OUT_DIR.
-(cd "$OUT_DIR"; tar -hcvf example_configs.tar -- *.yaml certs/*.pem lib/*.lua)
+(cd "$OUT_DIR"; tar -hcvf example_configs.tar -- *.yaml certs/*.pem certs/*.der protos/*.pb lib/*.lua)

docs/BUILD

@@ -9,20 +9,23 @@ exports_files(["protodoc_manifest.yaml"])
 
 envoy_package()
 
-# TODO(phlax): fix failing/excluded configs
-# the following config only fails on windows:
-#       dns-cache-circuit-breaker: "Error: unable to read file: /etc/ssl/certs/ca-certificates.crt"
-
 filegroup(
     name = "configs",
     srcs = glob(
-        ["root/**/*.yaml"],
+        [
+            "root/**/*.yaml",
+            "root/**/*.pb",
+        ],
         exclude = [
-            "root/intro/_include/life-of-a-request.yaml",
+            # windows: "Error: unable to read file: /etc/ssl/certs/ca-certificates.crt"
+            "root/configuration/http/http_filters/_include/dns-cache-circuit-breaker.yaml",
             "root/intro/arch_overview/security/_include/ssl.yaml",
+        ],
+    ) + select({
+        "//bazel:windows_x86_64": [],
+        "//conditions:default": [
             "root/configuration/http/http_filters/_include/dns-cache-circuit-breaker.yaml",
-            "root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml",
-            "root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml",
+            "root/intro/arch_overview/security/_include/ssl.yaml",
         ],
-    ),
+    }),
 )

docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml

@@ -31,7 +31,7 @@ static_resources:
               - match:
                   prefix: "/route-with-filter-disabled"
                 route:
-                  host_rewrite: localhost
+                  host_rewrite_literal: localhost
                   cluster: grpc
                   timeout: 5.00s
                 # per_filter_config disables the filter for this route
@@ -42,7 +42,7 @@ static_resources:
               - match:
                   prefix: "/route-with-filter-enabled"
                 route:
-                  host_rewrite: localhost
+                  host_rewrite_literal: localhost
                   cluster: other
                   timeout: 5.00s
           http_filters:

docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml

@@ -29,7 +29,7 @@ static_resources:
           - name: envoy.filters.http.grpc_json_transcoder
             typed_config:
               "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_json_transcoder.v3.GrpcJsonTranscoder
-              proto_descriptor: "/tmp/envoy/proto.pb"
+              proto_descriptor: "protos/helloworld.pb"
               services: ["helloworld.Greeter"]
               print_options:
                 add_whitespace: true

docs/root/configuration/http/http_filters/_include/helloworld.proto

@@ -0,0 +1,25 @@
+syntax = "proto3";
+
+package helloworld;
+
+import "google/api/annotations.proto";
+
+// The greeting service definition.
+service Greeter {
+  // Sends a greeting
+  rpc SayHello(HelloRequest) returns (HelloReply) {
+    option (google.api.http) = {
+      get: "/say"
+    };
+  }
+}
+
+// The request message containing the user's name.
+message HelloRequest {
+  string name = 1;
+}
+
+// The response message containing the greetings
+message HelloReply {
+  string message = 1;
+}

docs/root/configuration/http/http_filters/grpc_json_transcoder_filter.rst

@@ -29,17 +29,18 @@ To generate a protobuf descriptor set for the gRPC service, you'll also need to
 googleapis repository from GitHub before running protoc, as you'll need annotations.proto
 in your include path, to define the HTTP mapping.
 
-.. code-block:: bash
+.. code-block:: console
 
-  git clone https://github.com/googleapis/googleapis
-  GOOGLEAPIS_DIR=<your-local-googleapis-folder>
+  $ git clone https://github.com/googleapis/googleapis
+  $ GOOGLEAPIS_DIR=<your-local-googleapis-folder>
 
-Then run protoc to generate the descriptor set from bookstore.proto:
+Then run protoc to generate the descriptor set. For example using the test
+:repo:`bookstore.proto <test/proto/bookstore.proto>` provided in the Envoy repository:
 
-.. code-block:: bash
+.. code-block:: console
 
-  protoc -I$(GOOGLEAPIS_DIR) -I. --include_imports --include_source_info \
-    --descriptor_set_out=proto.pb test/proto/bookstore.proto
+  $ protoc -I$(GOOGLEAPIS_DIR) -I. --include_imports --include_source_info \
+      --descriptor_set_out=proto.pb test/proto/bookstore.proto
 
 If you have more than one proto source files, you can pass all of them in one command.
 
@@ -56,19 +57,17 @@ For example, with the following proto example, the router will process `/hellowo
 as the path, so the route config prefix `/say` won't match requests to `SayHello`. If you want to
 match the incoming request path, set `match_incoming_request_route` to true.
 
-.. code-block:: proto
+.. literalinclude:: _include/helloworld.proto
+    :language: proto
 
-  package helloworld;
+Assuming you have checked out the google APIs as described above, and have saved the proto file as
+``protos/helloworld.proto`` you can build it with:
+
+.. code-block:: console
+
+  $ protoc -I$(GOOGLEAPIS_DIR) -I. --include_imports --include_source_info \
+      --descriptor_set_out=protos/helloworld.pb protos/helloworld.proto
 
-  // The greeting service definition.
-  service Greeter {
-    // Sends a greeting
-    rpc SayHello (HelloRequest) returns (HelloReply) {
-      option (google.api.http) = {
-        get: "/say"
-      };
-    }
-  }
 
 Sending arbitrary content
 -------------------------

docs/root/intro/_include/life-of-a-request.yaml

@@ -52,10 +52,10 @@ static_resources:
                   path: "/foo"
                 route:
                   cluster: some_service
-      # CustomFilter and the HTTP router filter are the HTTP filter chain.
-      http_filters:
-          - name: some.customer.filter
-          - name: envoy.filters.http.router
+          # CustomFilter and the HTTP router filter are the HTTP filter chain.
+          http_filters:
+            # - name: some.customer.filter
+            - name: envoy.filters.http.router
   clusters:
   - name: some_service
     connect_timeout: 5s
@@ -86,7 +86,7 @@ static_resources:
     # The rest of the configuration for statsd sink cluster.
 # statsd sink.
 stats_sinks:
-   - name: envoy.stat_sinks.statsd
-     typed_config:
-       "@type": type.googleapis.com/envoy.config.metrics.v3.StatsdSink
-       tcp_cluster_name: some_statsd_cluster
+  - name: envoy.stat_sinks.statsd
+    typed_config:
+      "@type": type.googleapis.com/envoy.config.metrics.v3.StatsdSink
+      tcp_cluster_name: some_statsd_sink

docs/root/intro/arch_overview/security/_include/ssl.yaml

@@ -5,15 +5,28 @@ static_resources:
     filter_chains:
     - filters:
       - name: envoy.filters.network.http_connection_manager
-        # ...
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+          stat_prefix: ingress_http
+          route_config:
+            virtual_hosts:
+            - name: default
+              domains: "*"
+              routes:
+              - match: { prefix: "/" }
+                route:
+                  cluster: some_service
       transport_socket:
         name: envoy.transport_sockets.tls
         typed_config:
           "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
           common_tls_context:
+            tls_certificates:
+              - certificate_chain: { filename: "certs/servercert.pem" }
+                private_key: { filename: "certs/serverkey.pem" }
             validation_context:
               trusted_ca:
-                filename: /usr/local/my-client-ca.crt
+                filename: certs/cacert.pem
   clusters:
   - name: some_service
     connect_timeout: 0.25s
@@ -34,9 +47,9 @@ static_resources:
         "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
         common_tls_context:
           tls_certificates:
-            certificate_chain: { "filename": "/cert.crt" }
-            private_key: { "filename": "/cert.key" }
-            ocsp_response: { "filename": "/ocsp_response.der" }
+            certificate_chain: { "filename": "certs/servercert.pem" }
+            private_key: { "filename": "certs/serverkey.pem" }
+            ocsp_staple: { "filename": "certs/server_ocsp_resp.der" }
           validation_context:
             match_subject_alt_names:
               exact: "foo"