Merge pull request #5 from envoyproxy/master

sync from master.

.bazelci/presubmit.yml

@@ -1,10 +1,5 @@
 ---
 tasks:
-  gcc:
-    name: "GCC"
-    platform: ubuntu1804
-    build_targets:
-      - "//source/exe:envoy-static"
   rbe:
     name: "RBE"
     platform: ubuntu1804

.bazelrc

@@ -3,10 +3,10 @@
 # Bazel doesn't need more than 200MB of memory for local build based on memory profiling:
 # https://docs.bazel.build/versions/master/skylark/performance.html#memory-profiling
 # The default JVM max heapsize is 1/4 of physical memory up to 32GB which could be large
-# enough to consume all memory constrained by cgroup in large host, which is the case in CircleCI.
+# enough to consume all memory constrained by cgroup in large host.
 # Limiting JVM heapsize here to let it do GC more when approaching the limit to
 # leave room for compiler/linker.
-# The number 2G is choosed heuristically to both support in CircleCI and large enough for RBE.
+# The number 2G is chosen heuristically to both support large VM and small VM with RBE.
 # Startup options cannot be selected via config.
 startup --host_jvm_args=-Xmx2g
 
@@ -19,7 +19,8 @@ build --host_javabase=@bazel_tools//tools/jdk:remote_jdk11
 build --javabase=@bazel_tools//tools/jdk:remote_jdk11
 build --enable_platform_specific_config
 
-# Enable position independent code, this option is not supported on Windows and default on on macOS.
+# Enable position independent code (this is the default on macOS and Windows)
+# (Workaround for https://github.com/bazelbuild/rules_foreign_cc/issues/421)
 build:linux --copt=-fPIC
 build:linux --cxxopt=-std=c++17
 build:linux --conlyopt=-fexceptions
@@ -35,9 +36,6 @@ build --action_env=CXX
 build --action_env=LLVM_CONFIG
 build --action_env=PATH
 
-# Skip system ICU linking.
-build --@com_googlesource_googleurl//build_config:system_icu=0
-
 # Common flags for sanitizers
 build:sanitizer --define tcmalloc=disabled
 build:sanitizer --linkopt -ldl
@@ -112,7 +110,8 @@ build:libc++ --config=clang
 build:libc++ --action_env=CXXFLAGS=-stdlib=libc++
 build:libc++ --action_env=LDFLAGS=-stdlib=libc++
 build:libc++ --action_env=BAZEL_CXXOPTS=-stdlib=libc++
-build:libc++ --action_env=BAZEL_LINKLIBS=-l%:libc++.a:-l%:libc++abi.a:-lm
+build:libc++ --action_env=BAZEL_LINKLIBS=-l%:libc++.a:-l%:libc++abi.a
+build:libc++ --action_env=BAZEL_LINKOPTS=-lm:-pthread
 build:libc++ --define force_libcpp=enabled
 
 # Optimize build for binary size reduction.
@@ -141,7 +140,7 @@ build:coverage --strategy=CoverageReport=sandboxed,local
 build:coverage --experimental_use_llvm_covmap
 build:coverage --collect_code_coverage
 build:coverage --test_tag_filters=-nocoverage
-build:coverage --instrumentation_filter="//source(?!/extensions/quic_listeners/quiche/platform)[/:],//include[/:]"
+build:coverage --instrumentation_filter="//source(?!/common/chromium_url|/extensions/quic_listeners/quiche/platform)[/:],//include[/:]"
 coverage:test-coverage --test_arg="-l trace"
 coverage:fuzz-coverage --config=plain-fuzzer
 coverage:fuzz-coverage --run_under=@envoy//bazel/coverage:fuzz_coverage_wrapper.sh
@@ -230,7 +229,7 @@ build:remote-clang-cl --config=rbe-toolchain-clang-cl
 
 # Docker sandbox
 # NOTE: Update this from https://github.com/envoyproxy/envoy-build-tools/blob/master/toolchains/rbe_toolchains_config.bzl#L8
-build:docker-sandbox --experimental_docker_image=envoyproxy/envoy-build-ubuntu:e7ea4e81bbd5028abb9d3a2f2c0afe063d9b62c0
+build:docker-sandbox --experimental_docker_image=envoyproxy/envoy-build-ubuntu:b480535e8423b5fd7c102fd30c92f4785519e33a
 build:docker-sandbox --spawn_strategy=docker
 build:docker-sandbox --strategy=Javac=docker
 build:docker-sandbox --strategy=Closure=docker
@@ -275,6 +274,8 @@ build:asan-fuzzer --test_env=UBSAN_OPTIONS=print_stacktrace=1
 # Fuzzing without ASAN. This is useful for profiling fuzzers without any ASAN artifacts.
 build:plain-fuzzer --define=FUZZING_ENGINE=libfuzzer
 build:plain-fuzzer --define ENVOY_CONFIG_ASAN=1
+build:plain-fuzzer --copt=-fsanitize=fuzzer-no-link
+build:plain-fuzzer --linkopt=-fsanitize=fuzzer-no-link
 
 # Compile database generation config
 build:compdb --build_tag_filters=-nocompdb
@@ -285,27 +286,27 @@ build:windows --define signal_trace=disabled
 build:windows --define hot_restart=disabled
 build:windows --define tcmalloc=disabled
 build:windows --define manual_stamp=manual_stamp
+build:windows --cxxopt="/std:c++17"
 
-# Should not be required after upstream fix to bazel,
-# and already a no-op to linux/macos builds
-# see issue https://github.com/bazelbuild/rules_foreign_cc/issues/301
+# TODO(wrowe,sunjayBhatia): Resolve bugs upstream in curl and rules_foreign_cc
+# See issue https://github.com/bazelbuild/rules_foreign_cc/issues/301
 build:windows --copt="-DCARES_STATICLIB"
 build:windows --copt="-DNGHTTP2_STATICLIB"
 build:windows --copt="-DCURL_STATICLIB"
-build:windows --cxxopt="/std:c++17"
 
-# Required to work around build defects on Windows MSVC cl
-# Unguarded gcc pragmas in quiche are not recognized by MSVC
-build:msvc-cl --copt="/wd4068"
-# Allows 'nodiscard' function return values to be discarded
-build:msvc-cl --copt="/wd4834"
-# Allows inline functions to be undefined
-build:msvc-cl --copt="/wd4506"
-build:msvc-cl --copt="-D_SILENCE_EXPERIMENTAL_FILESYSTEM_DEPRECATION_WARNING"
+# Override any clang preference if building msvc-cl
+# Drop the determinism feature (-DDATE etc are a no-op in msvc-cl)
+build:msvc-cl --action_env=USE_CLANG_CL=""
+build:msvc-cl --define clang_cl=0
+build:msvc-cl --features=-determinism
+
+# Windows build behaviors when using clang-cl
+build:clang-cl --action_env=USE_CLANG_CL=1
+build:clang-cl --define clang_cl=1
 
 # Required to work around Windows clang-cl build defects
 # Ignore conflicting definitions of _WIN32_WINNT
-# Overriding __TIME__ etc is problematic (and is actually an invalid no-op)
+# Override determinism flags (DATE etc) is valid on clang-cl compiler
 build:clang-cl --copt="-Wno-macro-redefined"
 build:clang-cl --copt="-Wno-builtin-macro-redefined"
 build:clang-cl --action_env=USE_CLANG_CL=1

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-FROM gcr.io/envoy-ci/envoy-build:e7ea4e81bbd5028abb9d3a2f2c0afe063d9b62c0
+FROM gcr.io/envoy-ci/envoy-build:b480535e8423b5fd7c102fd30c92f4785519e33a
 
 ARG USERNAME=vscode
 ARG USER_UID=501

.devcontainer/README.md

@@ -13,6 +13,8 @@ This task is needed to run everytime after:
 - Changing a BUILD file that add/remove files from a target, changes dependencies
 - Changing API proto files
 
+There are additional tools for VS Code located in [`tools/vscode`](../tools/vscode) directory.
+
 ## Advanced Usages
 
 ### Using Remote Build Execution

.devcontainer/devcontainer.json

@@ -38,6 +38,7 @@
     "zxh404.vscode-proto3",
     "bazelbuild.vscode-bazel",
     "llvm-vs-code-extensions.vscode-clangd",
+    "vadimcn.vscode-lldb",
     "webfreak.debug",
     "ms-python.python"
   ]

.gitignore

@@ -36,3 +36,4 @@ CMakeLists.txt
 cmake-build-debug
 /linux
 bazel.output.txt
+*~

CODEOWNERS

@@ -23,6 +23,8 @@ extensions/filters/common/original_src @snowp @klarose
 /*/extensions/filters/network/rocketmq_proxy @aaron-ai @lizhanhui @lizan
 # thrift_proxy extension
 /*/extensions/filters/network/thrift_proxy @zuercher @rgs1
+# cdn_loop extension
+/*/extensions/filters/http/cdn_loop @justin-mp @penguingao @alyssawilk
 # compressor used by http compression filters
 /*/extensions/filters/http/common/compressor @gsagula @rojkov @dio
 /*/extensions/filters/http/compressor @rojkov @dio
@@ -78,8 +80,16 @@ extensions/filters/common/original_src @snowp @klarose
 /*/extensions/filters/listener/http_inspector @yxue @PiotrSikora @lizan
 # attribute context
 /*/extensions/filters/common/expr @kyessenov @yangminzhu @lizan
+# webassembly access logger extensions
+/*/extensions/access_loggers/wasm @PiotrSikora @lizan
+# webassembly bootstrap extensions
+/*/extensions/bootstrap/wasm @PiotrSikora @lizan
+# webassembly http extensions
+/*/extensions/filters/http/wasm @PiotrSikora @lizan
+# webassembly network extensions
+/*/extensions/filters/network/wasm @PiotrSikora @lizan
 # webassembly common extension
-/*/extensions/common/wasm @jplevyak @PiotrSikora @lizan
+/*/extensions/common/wasm @PiotrSikora @lizan
 # common matcher
 /*/extensions/common/matcher @mattklein123 @yangminzhu
 # common crypto extension
@@ -105,6 +115,8 @@ extensions/filters/common/original_src @snowp @klarose
 /*/extensions/stat_sinks/dog_statsd @taiki45 @jmarantz
 /*/extensions/stat_sinks/hystrix @trabetti @jmarantz
 /*/extensions/stat_sinks/metrics_service @ramaraochavali @jmarantz
+# webassembly stat-sink extensions
+/*/extensions/stat_sinks/wasm @PiotrSikora @lizan
 /*/extensions/resource_monitors/injected_resource @eziskind @htuch
 /*/extensions/resource_monitors/common @eziskind @htuch
 /*/extensions/resource_monitors/fixed_heap @eziskind @htuch
@@ -129,11 +141,14 @@ extensions/filters/common/original_src @snowp @klarose
 /*/extensions/compression/gzip @junr03 @rojkov
 /*/extensions/filters/http/decompressor @rojkov @dio
 # Watchdog Extensions
-/*/extensions/watchdog/profile_action @kbaichoo @htuch
+/*/extensions/watchdog/profile_action @kbaichoo @antoniovicente
 # Core upstream code
 extensions/upstreams/http @alyssawilk @snowp @mattklein123
 extensions/upstreams/http/http @alyssawilk @snowp @mattklein123
 extensions/upstreams/http/tcp @alyssawilk @mattklein123
 extensions/upstreams/http/default @alyssawilk @snowp @mattklein123
 # OAuth2
 extensions/filters/http/oauth2 @rgs1 @derekargueta @snowp
+# HTTP Local Rate Limit
+/*/extensions/filters/http/local_ratelimit @rgs1 @mattklein123
+/*/extensions/filters/common/local_ratelimit @mattklein123 @rgs1

CONTRIBUTING.md

@@ -69,7 +69,7 @@ versioning guidelines:
   cause a configuration load failure, unless the feature in question is
   explicitly overridden in
   [runtime](https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features)
-  config ([example](configs/using_deprecated_config.v2.yaml)). Finally, following the deprecation
+  config ([example](configs/using_deprecated_config.yaml)). Finally, following the deprecation
   of the API major version where the field was first
   marked deprecated, the entire implementation code will be removed from the Envoy implementation.
 * This policy means that organizations deploying master should have some time to get ready for

DEPENDENCY_POLICY.md

@@ -21,12 +21,14 @@ An example entry for the `nghttp2` dependency is:
 ```python
 com_github_nghttp2_nghttp2 = dict(
     project_name = "Nghttp2",
+    project_desc = "Implementation of HTTP/2 and its header compression ...",
     project_url = "https://nghttp2.org",
     version = "1.41.0",
     sha256 = "eacc6f0f8543583ecd659faf0a3f906ed03826f1d4157b536b4b385fe47c5bb8",
     strip_prefix = "nghttp2-{version}",
     urls = ["https://github.com/nghttp2/nghttp2/releases/download/v{version}/nghttp2-{version}.tar.gz"],
     use_category = ["dataplane"],
+    last_updated = "2020-06-02",
     cpe = "cpe:2.3:a:nghttp2:nghttp2:*",
 ),
 ```
@@ -40,14 +42,16 @@ Dependency declarations must:
   `{dash_version}`.
 * Versions should prefer release versions over master branch GitHub SHA tarballs. A comment is
   necessary if the latter is used. This comment should contain the reason that a non-release
-  version is being used and the YYYY-MM-DD when the last update was performed.
+  version is being used.
 * Provide accurate entries for `use_category`. Please think carefully about whether there are data
   or control plane implications of the dependency.
+* Reflect the date (YYYY-MM-DD) at which they were last updated in the `last_updated` field. This
+  date is preferably the date at which the PR is created.
 * CPEs are compulsory for all dependencies that are not purely build/test.
   [CPEs](https://en.wikipedia.org/wiki/Common_Platform_Enumeration) provide metadata that allow us
   to correlate with related CVEs in dashboards and other tooling, and also provide a machine
-  consumable join key. You can consult the latest [CPE
-  dictionary](https://nvd.nist.gov/products/cpe) to find a CPE for a dependency.`"N/A"` should only
+  consumable join key. You can consult [CPE
+  search](https://nvd.nist.gov/products/cpe/search) to find a CPE for a dependency.`"N/A"` should only
   be used if no CPE for the project is available in the CPE database. CPEs should be _versionless_
   with a `:*` suffix, since the version can be computed from `version`.
 
@@ -93,6 +97,33 @@ basis:
 Where possible, we prefer the latest release version for external dependencies, rather than master
 branch GitHub SHA tarballs.
 
+## Dependency shepherds
+
+Sign-off from the [dependency
+shepherds](https://github.com/orgs/envoyproxy/teams/dependency-shepherds) is
+required for every PR that modifies external dependencies. The shepherds will
+look to see that the policy in this document is enforced and that metadata is
+kept up-to-date.
+
+## Dependency patches
+
+Occasionally it is necessary to introduce an Envoy-side patch to a dependency in a `.patch` file.
+These are typically applied in [bazel/repositories.bzl](bazel/repositories.bzl). Our policy on this
+is as follows:
+
+* Patch files impede dependency updates. They are expedient at creation time but are a maintenance
+  penalty. They reduce the velocity and increase the effort of upgrades in response to security
+  vulnerabilities in external dependencies.
+
+* No patch will be accepted without a sincere and sustained effort to upstream the patch to the
+  dependency's canonical repository.
+
+* There should exist a plan-of-record, filed as an issue in Envoy or the upstream GitHub tracking
+  elimination of the patch.
+
+* Every patch must have comments at its point-of-use in [bazel/repositories.bzl](bazel/repositories.bzl)
+  providing a rationale and detailing the tracking issue.
+
 ## Policy exceptions
 
 The following dependencies are exempt from the policy:

DEVELOPER.md

@@ -1,6 +1,7 @@
 # Developer documentation
 
-Envoy is built using the Bazel build system. CircleCI builds, tests, and runs coverage against all pull requests and the master branch.
+Envoy is built using the Bazel build system. Our CI on Azure Pipelines builds, tests, and runs coverage against
+all pull requests and the master branch.
 
 To get started building Envoy locally, see the [Bazel quick start](https://github.com/envoyproxy/envoy/blob/master/bazel/README.md#quick-start-bazel-build-for-developers).
 To run tests, there are Bazel [targets](https://github.com/envoyproxy/envoy/blob/master/bazel/README.md#testing-envoy-with-bazel) for Google Test.
@@ -10,7 +11,7 @@ If you plan to contribute to Envoy, you may find it useful to install the Envoy
 
 Below is a list of additional documentation to aid the development process:
 
-- [General build and installation documentation](https://www.envoyproxy.io/docs/envoy/latest/install/install)
+- [General build and installation documentation](https://www.envoyproxy.io/docs/envoy/latest/start/start)
 
 - [Building and testing Envoy with Bazel](https://github.com/envoyproxy/envoy/blob/master/bazel/README.md)
 
@@ -35,4 +36,3 @@ And some documents on components of Envoy architecture:
 - [Envoy flow control](https://github.com/envoyproxy/envoy/blob/master/source/docs/flow_control.md)
 
 - [Envoy's subset load balancer](https://github.com/envoyproxy/envoy/blob/master/source/docs/subset_load_balancer.md)
-

EXTENSION_POLICY.md

@@ -59,6 +59,19 @@ In the event that the Extension PR author is a sponsoring maintainer and no othe
 is available, another maintainer may be enlisted to perform a minimal review for style and common C++
 anti-patterns. The Extension PR must still be approved by a non-maintainer reviewer.
 
+## Wasm extensions
+
+Wasm extensions are not allowed in the main envoyproxy/envoy repository unless
+part of the Wasm implementation validation. The rationale for this policy:
+* Wasm extensions should not depend upon Envoy implementation specifics as
+  they exist behind a version independent ABI. Hence, there is little value in
+  qualifying Wasm extensions in the main repository.
+* Wasm extensions introduce extensive dependencies via crates, etc. We would
+  prefer to keep the envoyproxy/envoy repository dependencies minimal, easy
+  to reason about and maintain.
+* We do not implement any core extensions in Wasm and do not plan to in the
+  medium term.
+
 ## Extension stability and security posture
 
 Every extension is expected to be tagged with a `status` and `security_posture` in its