fix: SecurityPolicy reference grant by kkk777-7 · Pull Request #5792 · envoyproxy/gateway

kkk777-7 · 2025-04-22T16:53:54Z

What this PR does / why we need it:
Fix reference grant from SecurityPolicy to referenced remoteJWKS backend not respected.

Which issue(s) this PR fixes:

Fixes #5743

Release Notes: Yes

internal/provider/kubernetes/controller.go

codecov · 2025-04-23T00:26:25Z

Codecov Report

Attention: Patch coverage is 78.16092% with 38 lines in your changes missing coverage. Please review.

Project coverage is 65.80%. Comparing base (80ef500) to head (a4c6d62).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/provider/kubernetes/routes.go	63.63%	18 Missing and 6 partials ⚠️
internal/provider/kubernetes/indexers.go	52.00%	9 Missing and 3 partials ⚠️
internal/provider/kubernetes/controller.go	97.59%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5792      +/-   ##
==========================================
+ Coverage   65.42%   65.80%   +0.37%     
==========================================
  Files         217      217              
  Lines       36061    35978      -83     
==========================================
+ Hits        23593    23674      +81     
+ Misses      10994    10826     -168     
- Partials     1474     1478       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

kkk777-7 · 2025-04-23T02:16:32Z

/retest

zhaohuabing

LGTM thanks!

zhaohuabing · 2025-04-24T00:31:32Z

@kkk777-7 Sorry for the extra churn, but could we reuse the processNonRouteBackendRef for handling route backends in the routes.go as well?

If yes, it should be renamed back to processBackendRef.

kkk777-7 · 2025-04-24T01:36:56Z

@zhaohuabing
I have overlooked routes.go, thanks for letting me know!
You are right, so I reverted the function name.

Would it be better to replace routes.go in this PR?

zhaohuabing · 2025-04-24T01:43:16Z

@zhaohuabing I have overlooked routes.go, thanks for letting me know! You are right, so I reverted the function name.

Would it be better to replace routes.go in this PR?

Yes, please also use processBackendRef to handle route backends in this PR. Thanks!

kkk777-7 · 2025-04-24T05:20:21Z

@zhaohuabing
I’ve updated it to use processBackendRef to handle the route backends.
When you get a chance, please review it.

zhaohuabing

LGTM thanks!

internal/provider/kubernetes/controller.go

internal/provider/kubernetes/controller_test.go

kkk777-7 · 2025-04-28T10:52:53Z

@zhaohuabing @shawnh2
Sorry, I missed the following fix earlier, so I have added it now. Please review it when you have a moment.
d0fbe14

arkodg · 2025-05-05T20:43:22Z

hey @kkk777-7 can you rebase ?

kkk777-7 · 2025-05-06T16:23:50Z

/retest

zhaohuabing

LGTM thanks for fixing this!

shawnh2

lgtm

shawnh2 · 2025-05-07T07:45:06Z

conflict again 😅 can you rebase ? then is good to go

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

shawnh2 · 2025-05-07T09:43:54Z

/retest

* fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: melsal13 <mmvsal13@gmail.com>

* fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> (cherry picked from commit ef50718) Signed-off-by: Guy Daich <guy.daich@sap.com>

* fix: return err if direct response size exceeds limit (#5710) * fix: return err if direct response size exceeds limit Signed-off-by: Arko Dasgupta <arko@tetrate.io> * lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> * add another check Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 3ebf245) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: httproute precedence by considering header/query match type (#5740) * fix precedence to use number of exact matches Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> (cherry picked from commit b295b09) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: SecurityPolicy reference grant (#5792) * fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> (cherry picked from commit ef50718) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: add validation for header values (#5933) Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> (cherry picked from commit 5e7df65) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: Fixed typo in error message. (#5945) Signed-off-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Co-authored-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> (cherry picked from commit 2bbbdf8) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix gen Signed-off-by: Guy Daich <guy.daich@sap.com> * merge fixes Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: process remaining gatewayClasses after encountering an err (#5953) fix: process all gatewayClasses after encountering an err * instead of returning from Reconcile after encountering an err which processing a `GatewayClass`, `continue` instead to process all GatewayClasses Fixes: #5618 Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 64845fe) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: do not add tls inspector filter to quic listener (#5671) * fix: enable http3 but panic Signed-off-by: bitliu <bitliu@tencent.com> (cherry picked from commit 46e053b) Signed-off-by: Guy Daich <guy.daich@sap.com> * notes Signed-off-by: Guy Daich <guy.daich@sap.com> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> Signed-off-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Signed-off-by: bitliu <bitliu@tencent.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Gavin Lam <gavin.oss@tutamail.com> Co-authored-by: Mathias Westby Skoglund <71329699+mathias-ws@users.noreply.github.com> Co-authored-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Co-authored-by: Xunzhuo <bitliu@tencent.com>

* fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: melsal13 <mmvsal13@gmail.com>

* fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

* fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* chore: ignore api types in codecov (#5886) Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore/ci: add `go.lint.fmt` target (#5846) * chore/ci: add lint.gofumpt target Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * update review Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add extra flag to gofumpt, move local golanglint fmt target to golang makefile Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add build tags Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: staticcheck issues (#5779) * fix(QF1008): Omit embedded fields from selector expression Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1001): Apply De Morgan’s law Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1002): Convert untagged switch to tagged switch Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1003): Convert if/else-if chain to tagged switch Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1007): Merge conditional assignment into variable declaration Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1009): Use time.Time.Equal instead of == operator Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> --------- Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: local jwks (#5806) docs for local jwks Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * disable settings by default in gateway-crds-helm (#5894) * disable settings by default in gateway-crds-helm * These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to #5616 (comment) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Add seed corpus to guide the fuzzer to generate combinations of gatew… (#5904) * Add seed corpus to guide the fuzzer to generate combinations of gateway resources. Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix(chart): passing root context to template (#5902) * chore: passing root context to template Signed-off-by: hansselvig <34341538+hansselvig@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: improve merge test (#5861) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: httproute precedence by considering header/query match type (#5740) * fix precedence to use number of exact matches Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * ci: make helm-generate should failed as expected (#5908) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs(rate-limit): minor fix in 'Distinct Users Except Admin' section (#5912) Signed-off-by: Tomas Rojo <tomasrojo21@hotmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * adpot internals/utils/merge.Merge (#5917) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Add Bitnami as an Envoy Gateway adopter (#5926) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * build(deps): bump google/osv-scanner-action from 2.0.1 to 2.0.2 (#5920) Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@6fc7144...e69cc6c) --- updated-dependencies: - dependency-name: google/osv-scanner-action dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 (#5919) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.16 to 3.28.17. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@28deaed...60168ef) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * build(deps): bump github.com/valyala/fasthttp from 1.60.0 to 1.61.0 in /examples/preserve-case-backend in the github-com group across 1 directory (#5921) build(deps): bump github.com/valyala/fasthttp Bumps the github-com group with 1 update in the /examples/preserve-case-backend directory: [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp). Updates `github.com/valyala/fasthttp` from 1.60.0 to 1.61.0 - [Release notes](https://github.com/valyala/fasthttp/releases) - [Commits](valyala/fasthttp@v1.60.0...v1.61.0) --- updated-dependencies: - dependency-name: github.com/valyala/fasthttp dependency-version: 1.61.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-com ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: fix example for http redirects page (#5830) * docs: fix example for http redirects page Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> * chore: copy documentation patch for http redirects from v1.3 to latest Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> --------- Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: Add docs for request buffering (#5910) * add docs for request buffering Signed-off-by: mark winter <mark.winter@thetradedesk.com> * add missing change Signed-off-by: mark winter <mark.winter@thetradedesk.com> --------- Signed-off-by: mark winter <mark.winter@thetradedesk.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: support configuring tls for dynamic resolver backend (#5867) * support configuring tls for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: fix topology injector bug (#5911) * fix webhook Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> * lint and test fixes Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> --------- Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: allow merge rate limit rule in BTP (#5915) * feat: allow merge rate limit rule in BTP Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: install EG via Argo CD (#5824) * install EG via Argo CD Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: clean up BTP status (#5934) clean up BTP status Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: test for dynamic resolver backend using system ca for TLS (#5932) e2e test for dynamic resolver backend using system ca for TLS Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: implement offline kubernetes controller (#5767) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: SecurityPolicy reference grant (#5792) * fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: add validation for header values (#5933) Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: Fixed typo in error message. (#5945) Signed-off-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Co-authored-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: disable DynamicResolverBackendTest on IPv6 (#5964) disable DynamicResolverBackendTest in IPV6 Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: proxy creation/deletion error handling in GatewayNamespace mode (#5954) * fix: proxy creation/deletion error handling in GatewayNamespace mode Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> * more nit Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * ci: kube-deploy support KUBE_DEPLOY_PROFILE (#5957) * ci: kube-deploy support helm values configuration file Signed-off-by: zirain <zirain2009@gmail.com> * move to test/cofnig Signed-off-by: zirain <zirain2009@gmail.com> * fix Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: process remaining gatewayClasses after encountering an err (#5953) fix: process all gatewayClasses after encountering an err * instead of returning from Reconcile after encountering an err which processing a `GatewayClass`, `continue` instead to process all GatewayClasses Fixes: #5618 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: do not add tls inspector filter to quic listener (#5671) * fix: enable http3 but panic Signed-off-by: bitliu <bitliu@tencent.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Add seed corpus related to traffic task. (#5947) * Add seed corpus related to traffic task. Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * [release/v1.3] release v1.3.3 notes (#5969) release v1.3.3 notes Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix PreserveCase flaky (#5966) * e2e: fix PreserveCase flaky Signed-off-by: zirain <zirain2009@gmail.com> * fix Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: validate JWT token and use projected token (#5871) * Add proxyMetadata to xds config and validate JWT Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add controller namespace to infra Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add Metadata envoy bootstrap struct Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add release note Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix doc Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * use projected service account tokens with eg audience Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * lint code Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * make gen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * make gen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Revert "Add controller namespace to infra" This reverts commit b2fa2caf58982432e5d5b31bd7d95a5ad523ed5e. Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fetch the node id and initial metadata from first msg Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * update codegen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * verify service account Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * validate only sa Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add local hash name func Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Verify pod name for authz This reverts commit b0748a0. Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * lint code Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: add controller namespace field to infrastructure render (#5937) * Add controller namespace to infra Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * make gen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rebase code and add controller namespace helper Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rename to envoy namespace Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rename to ControllerNamespace Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: GatewayNamespace mode (#5961) * enable gateway-namespace-mode e2e Signed-off-by: zirain <zirain2009@gmail.com> * fix ProxyMetrics Signed-off-by: zirain <zirain2009@gmail.com> * fix and skip some tests Signed-off-by: zirain <zirain2009@gmail.com> * enable MetricCompressorTest Signed-off-by: zirain <zirain2009@gmail.com> * fix upgrade test Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * helm: support standard channel (#5958) * support standard channel Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: bump upgrade test version to v1.3.2 (#5976) e2e: bump upgrade test version Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: add validation for duplicated API keys (#5955) * reject duplicated API keys * enhance api-key-auth e2e test to cover duplicated client IDs Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * [release/v1.3] update site to use v1.3.3 (#5980) update site to use v1.3.3 Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: dynamic resolver backend (#5935) * docs for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update docs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update docs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * delete docs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fuzzing: Fail on xds translation error (#5986) Fail on xds translation error Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix btp merge not working when there's multi parent refs on router (#5967) * fix btp merge not working when there's multi parent refs on router Signed-off-by: zirain <zirain2009@gmail.com> * address comment Signed-off-by: zirain <zirain2009@gmail.com> * messge Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix GRPCExtAuth flaky (#5987) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: add coverpkg for coverage test (#5991) add coverpkg for coverage test Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * ci: enable conformance test for GatewayNamespaceMode (#5992) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: add CollectAndDump for EGUpgrade test (#5998) * e2e: only run collect and dump when failed Signed-off-by: zirain <zirain2009@gmail.com> * dump when EGUpgrade failed Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: add test for BTP timeout (#5994) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Remoe check for accesslog formatter (#5985) * Remoe check for accesslog formatter Signed-off-by: zirain <zirain2009@gmail.com> * gen Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix GRPCExtAuth/http_route_with_ext_auth_authentication (#6001) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: update dependabot (#6007) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: update CORS test (#6011) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: add multiple gateways testdata for GatewayNamespace mode (#5972) * chore: add gatewaynamespacemode multiple gateways testdata Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add multiple resources to infra test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Review update Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: adds support for extension server in standalone mode (#5984) Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: Add new conceptual pages for intro concepts (#5981) * add new conceptual pages for intro concepts Signed-off-by: melsal13 <mmvsal13@gmail.com> * renamed envoy-proxy.md to proxy.md Signed-off-by: melsal13 <mmvsal13@gmail.com> * reorganized sidebar Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed formatting issue Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed linker errors Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed link errors in v1.3 Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed typo & removed related resources links in gateway-api-extensions index file Signed-off-by: melsal13 <mmvsal13@gmail.com> --------- Signed-off-by: melsal13 <mmvsal13@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: update open graph image (#6022) update the og:image to a new image in style with the current website styling Signed-off-by: Erica Hughberg <erica.sundberg.90@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * temporarily disable the backend tls test (#6030) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fix lint (#6031) * temporarily disable the backend tls test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: allows offline k8s controller to use non default CRDs (#6020) * fix: allows offline k8s controller to use non default CRDs Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * workaround Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: refactor ratelmit test (#5997) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * moved shared under rules (#5944) * moved shared under rules Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Fix some logic Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix rule logic Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix some tests Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix tests Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Fix descriptor hierarchy Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * comments Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fmt Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix make gen Signed-off-by: Arko Dasgupta <arko@tetrate.io> * make gen round 2 Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: hansselvig <34341538+hansselvig@users.noreply.github.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Tomas Rojo <tomasrojo21@hotmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> Signed-off-by: mark winter <mark.winter@thetradedesk.com> Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> Signed-off-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Signed-off-by: bitliu <bitliu@tencent.com> Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: melsal13 <mmvsal13@gmail.com> Signed-off-by: Erica Hughberg <erica.sundberg.90@gmail.com> Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> Co-authored-by: sh2 <shawnhxh@outlook.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Matthieu MOREL <matthieu.morel35@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Sudipto Baral <sudiptobaral.me@gmail.com> Co-authored-by: hansselvig <34341538+hansselvig@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: tomas-rojo <74457691+tomas-rojo@users.noreply.github.com> Co-authored-by: Carlos Rodríguez Hernández <carlos.rodriguez-hernandez@broadcom.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> Co-authored-by: Mark Winter <mark.winter@thetradedesk.com> Co-authored-by: Isaac <10012479+jukie@users.noreply.github.com> Co-authored-by: Gavin Lam <gavin.oss@tutamail.com> Co-authored-by: Mathias Westby Skoglund <71329699+mathias-ws@users.noreply.github.com> Co-authored-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Co-authored-by: Xunzhuo <bitliu@tencent.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Co-authored-by: Melissa Salazar <mmvsal13@gmail.com> Co-authored-by: Erica Hughberg <erica.sundberg.90@gmail.com> Co-authored-by: Ryan Hristovski <61257223+ryanhristovski@users.noreply.github.com>

…y#6044) * chore: ignore api types in codecov (envoyproxy#5886) Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore/ci: add `go.lint.fmt` target (envoyproxy#5846) * chore/ci: add lint.gofumpt target Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * update review Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add extra flag to gofumpt, move local golanglint fmt target to golang makefile Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add build tags Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: staticcheck issues (envoyproxy#5779) * fix(QF1008): Omit embedded fields from selector expression Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1001): Apply De Morgan’s law Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1002): Convert untagged switch to tagged switch Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1003): Convert if/else-if chain to tagged switch Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1007): Merge conditional assignment into variable declaration Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * fix(QF1009): Use time.Time.Equal instead of == operator Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> --------- Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: local jwks (envoyproxy#5806) docs for local jwks Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * disable settings by default in gateway-crds-helm (envoyproxy#5894) * disable settings by default in gateway-crds-helm * These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to envoyproxy#5616 (comment) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Add seed corpus to guide the fuzzer to generate combinations of gatew… (envoyproxy#5904) * Add seed corpus to guide the fuzzer to generate combinations of gateway resources. Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix(chart): passing root context to template (envoyproxy#5902) * chore: passing root context to template Signed-off-by: hansselvig <34341538+hansselvig@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: improve merge test (envoyproxy#5861) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: httproute precedence by considering header/query match type (envoyproxy#5740) * fix precedence to use number of exact matches Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * ci: make helm-generate should failed as expected (envoyproxy#5908) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs(rate-limit): minor fix in 'Distinct Users Except Admin' section (envoyproxy#5912) Signed-off-by: Tomas Rojo <tomasrojo21@hotmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * adpot internals/utils/merge.Merge (envoyproxy#5917) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Add Bitnami as an Envoy Gateway adopter (envoyproxy#5926) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * build(deps): bump google/osv-scanner-action from 2.0.1 to 2.0.2 (envoyproxy#5920) Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@6fc7144...e69cc6c) --- updated-dependencies: - dependency-name: google/osv-scanner-action dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 (envoyproxy#5919) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.16 to 3.28.17. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@28deaed...60168ef) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * build(deps): bump github.com/valyala/fasthttp from 1.60.0 to 1.61.0 in /examples/preserve-case-backend in the github-com group across 1 directory (envoyproxy#5921) build(deps): bump github.com/valyala/fasthttp Bumps the github-com group with 1 update in the /examples/preserve-case-backend directory: [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp). Updates `github.com/valyala/fasthttp` from 1.60.0 to 1.61.0 - [Release notes](https://github.com/valyala/fasthttp/releases) - [Commits](valyala/fasthttp@v1.60.0...v1.61.0) --- updated-dependencies: - dependency-name: github.com/valyala/fasthttp dependency-version: 1.61.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-com ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: fix example for http redirects page (envoyproxy#5830) * docs: fix example for http redirects page Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> * chore: copy documentation patch for http redirects from v1.3 to latest Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> --------- Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: Add docs for request buffering (envoyproxy#5910) * add docs for request buffering Signed-off-by: mark winter <mark.winter@thetradedesk.com> * add missing change Signed-off-by: mark winter <mark.winter@thetradedesk.com> --------- Signed-off-by: mark winter <mark.winter@thetradedesk.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: support configuring tls for dynamic resolver backend (envoyproxy#5867) * support configuring tls for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: fix topology injector bug (envoyproxy#5911) * fix webhook Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> * lint and test fixes Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> --------- Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: allow merge rate limit rule in BTP (envoyproxy#5915) * feat: allow merge rate limit rule in BTP Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: install EG via Argo CD (envoyproxy#5824) * install EG via Argo CD Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: clean up BTP status (envoyproxy#5934) clean up BTP status Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: test for dynamic resolver backend using system ca for TLS (envoyproxy#5932) e2e test for dynamic resolver backend using system ca for TLS Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: implement offline kubernetes controller (envoyproxy#5767) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: SecurityPolicy reference grant (envoyproxy#5792) * fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * revert func name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> --------- Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: add validation for header values (envoyproxy#5933) Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: Fixed typo in error message. (envoyproxy#5945) Signed-off-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Co-authored-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: disable DynamicResolverBackendTest on IPv6 (envoyproxy#5964) disable DynamicResolverBackendTest in IPV6 Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: proxy creation/deletion error handling in GatewayNamespace mode (envoyproxy#5954) * fix: proxy creation/deletion error handling in GatewayNamespace mode Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> * more nit Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * ci: kube-deploy support KUBE_DEPLOY_PROFILE (envoyproxy#5957) * ci: kube-deploy support helm values configuration file Signed-off-by: zirain <zirain2009@gmail.com> * move to test/cofnig Signed-off-by: zirain <zirain2009@gmail.com> * fix Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: process remaining gatewayClasses after encountering an err (envoyproxy#5953) fix: process all gatewayClasses after encountering an err * instead of returning from Reconcile after encountering an err which processing a `GatewayClass`, `continue` instead to process all GatewayClasses Fixes: envoyproxy#5618 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: do not add tls inspector filter to quic listener (envoyproxy#5671) * fix: enable http3 but panic Signed-off-by: bitliu <bitliu@tencent.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Add seed corpus related to traffic task. (envoyproxy#5947) * Add seed corpus related to traffic task. Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * [release/v1.3] release v1.3.3 notes (envoyproxy#5969) release v1.3.3 notes Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix PreserveCase flaky (envoyproxy#5966) * e2e: fix PreserveCase flaky Signed-off-by: zirain <zirain2009@gmail.com> * fix Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: validate JWT token and use projected token (envoyproxy#5871) * Add proxyMetadata to xds config and validate JWT Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add controller namespace to infra Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add Metadata envoy bootstrap struct Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add release note Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix doc Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * use projected service account tokens with eg audience Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * lint code Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * make gen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * make gen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Revert "Add controller namespace to infra" This reverts commit b2fa2caf58982432e5d5b31bd7d95a5ad523ed5e. Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fetch the node id and initial metadata from first msg Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * update codegen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * verify service account Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * validate only sa Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add local hash name func Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Verify pod name for authz This reverts commit b0748a0. Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * lint code Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: add controller namespace field to infrastructure render (envoyproxy#5937) * Add controller namespace to infra Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * make gen Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rebase code and add controller namespace helper Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rename to envoy namespace Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rename to ControllerNamespace Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: GatewayNamespace mode (envoyproxy#5961) * enable gateway-namespace-mode e2e Signed-off-by: zirain <zirain2009@gmail.com> * fix ProxyMetrics Signed-off-by: zirain <zirain2009@gmail.com> * fix and skip some tests Signed-off-by: zirain <zirain2009@gmail.com> * enable MetricCompressorTest Signed-off-by: zirain <zirain2009@gmail.com> * fix upgrade test Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * helm: support standard channel (envoyproxy#5958) * support standard channel Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: bump upgrade test version to v1.3.2 (envoyproxy#5976) e2e: bump upgrade test version Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: add validation for duplicated API keys (envoyproxy#5955) * reject duplicated API keys * enhance api-key-auth e2e test to cover duplicated client IDs Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * [release/v1.3] update site to use v1.3.3 (envoyproxy#5980) update site to use v1.3.3 Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: dynamic resolver backend (envoyproxy#5935) * docs for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update docs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update docs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * delete docs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fuzzing: Fail on xds translation error (envoyproxy#5986) Fail on xds translation error Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix btp merge not working when there's multi parent refs on router (envoyproxy#5967) * fix btp merge not working when there's multi parent refs on router Signed-off-by: zirain <zirain2009@gmail.com> * address comment Signed-off-by: zirain <zirain2009@gmail.com> * messge Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix GRPCExtAuth flaky (envoyproxy#5987) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: add coverpkg for coverage test (envoyproxy#5991) add coverpkg for coverage test Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * ci: enable conformance test for GatewayNamespaceMode (envoyproxy#5992) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: add CollectAndDump for EGUpgrade test (envoyproxy#5998) * e2e: only run collect and dump when failed Signed-off-by: zirain <zirain2009@gmail.com> * dump when EGUpgrade failed Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: add test for BTP timeout (envoyproxy#5994) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Remoe check for accesslog formatter (envoyproxy#5985) * Remoe check for accesslog formatter Signed-off-by: zirain <zirain2009@gmail.com> * gen Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix GRPCExtAuth/http_route_with_ext_auth_authentication (envoyproxy#6001) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: update dependabot (envoyproxy#6007) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: update CORS test (envoyproxy#6011) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: add multiple gateways testdata for GatewayNamespace mode (envoyproxy#5972) * chore: add gatewaynamespacemode multiple gateways testdata Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Add multiple resources to infra test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Review update Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: adds support for extension server in standalone mode (envoyproxy#5984) Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: Add new conceptual pages for intro concepts (envoyproxy#5981) * add new conceptual pages for intro concepts Signed-off-by: melsal13 <mmvsal13@gmail.com> * renamed envoy-proxy.md to proxy.md Signed-off-by: melsal13 <mmvsal13@gmail.com> * reorganized sidebar Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed formatting issue Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed linker errors Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed link errors in v1.3 Signed-off-by: melsal13 <mmvsal13@gmail.com> * fixed typo & removed related resources links in gateway-api-extensions index file Signed-off-by: melsal13 <mmvsal13@gmail.com> --------- Signed-off-by: melsal13 <mmvsal13@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * docs: update open graph image (envoyproxy#6022) update the og:image to a new image in style with the current website styling Signed-off-by: Erica Hughberg <erica.sundberg.90@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * temporarily disable the backend tls test (envoyproxy#6030) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fix lint (envoyproxy#6031) * temporarily disable the backend tls test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: allows offline k8s controller to use non default CRDs (envoyproxy#6020) * fix: allows offline k8s controller to use non default CRDs Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * workaround Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: refactor ratelmit test (envoyproxy#5997) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * moved shared under rules (envoyproxy#5944) * moved shared under rules Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Fix some logic Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix rule logic Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix some tests Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix tests Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Fix descriptor hierarchy Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * comments Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fmt Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix make gen Signed-off-by: Arko Dasgupta <arko@tetrate.io> * make gen round 2 Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: hansselvig <34341538+hansselvig@users.noreply.github.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Tomas Rojo <tomasrojo21@hotmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> Signed-off-by: mark winter <mark.winter@thetradedesk.com> Signed-off-by: Jukie <10012479+Jukie@users.noreply.github.com> Signed-off-by: Gavin Lam <gavin.oss@tutamail.com> Signed-off-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Signed-off-by: bitliu <bitliu@tencent.com> Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: melsal13 <mmvsal13@gmail.com> Signed-off-by: Erica Hughberg <erica.sundberg.90@gmail.com> Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> Co-authored-by: sh2 <shawnhxh@outlook.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Matthieu MOREL <matthieu.morel35@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Sudipto Baral <sudiptobaral.me@gmail.com> Co-authored-by: hansselvig <34341538+hansselvig@users.noreply.github.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: tomas-rojo <74457691+tomas-rojo@users.noreply.github.com> Co-authored-by: Carlos Rodríguez Hernández <carlos.rodriguez-hernandez@broadcom.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marcel Czaplinski <24626912+mczaplinski@users.noreply.github.com> Co-authored-by: Mark Winter <mark.winter@thetradedesk.com> Co-authored-by: Isaac <10012479+jukie@users.noreply.github.com> Co-authored-by: Gavin Lam <gavin.oss@tutamail.com> Co-authored-by: Mathias Westby Skoglund <71329699+mathias-ws@users.noreply.github.com> Co-authored-by: Mathias Westby Skoglund <mail@mathiaswskoglund.com> Co-authored-by: Xunzhuo <bitliu@tencent.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Co-authored-by: Melissa Salazar <mmvsal13@gmail.com> Co-authored-by: Erica Hughberg <erica.sundberg.90@gmail.com> Co-authored-by: Ryan Hristovski <61257223+ryanhristovski@users.noreply.github.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com>

kkk777-7 requested a review from a team as a code owner April 22, 2025 16:53

arkodg requested review from guydc and zhaohuabing April 22, 2025 16:55

kkk777-7 commented Apr 22, 2025

View reviewed changes

internal/provider/kubernetes/controller.go Outdated Show resolved Hide resolved

zhaohuabing previously approved these changes Apr 23, 2025

View reviewed changes

kkk777-7 dismissed zhaohuabing’s stale review via b581e80 April 23, 2025 13:18

zhaohuabing previously approved these changes Apr 24, 2025

View reviewed changes

shawnh2 reviewed Apr 26, 2025

View reviewed changes

kkk777-7 dismissed zhaohuabing’s stale review via d0fbe14 April 28, 2025 10:25

arkodg added this to the v1.4.0 milestone May 1, 2025

arkodg requested review from a team, shawnh2 and zhaohuabing May 5, 2025 20:42

kkk777-7 force-pushed the fix-rg-sp branch from d0fbe14 to 3bff263 Compare May 6, 2025 12:44

arkodg added the cherrypick/release-v1.3.3 label May 7, 2025

zhaohuabing previously approved these changes May 7, 2025

View reviewed changes

shawnh2 previously approved these changes May 7, 2025

View reviewed changes

kkk777-7 added 2 commits May 7, 2025 17:25

fix: SecurityPolicy reference grant

3917171

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

add: release note

e1e511f

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

kkk777-7 added 6 commits May 7, 2025 17:25

update: func name

23ef5d1

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

revert func name

13883e1

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

update: use processBackendRef to handle route backends

aaef4e7

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

fix: use not pointer type for extAuth backendRef

1956275

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

Add: testcase for ExtAuth

a9f0ed9

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

fix: add jwt backendref to backendSecurityPolicyIndexFunc

a4c6d62

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

kkk777-7 dismissed stale reviews from shawnh2 and zhaohuabing via a4c6d62 May 7, 2025 08:25

kkk777-7 force-pushed the fix-rg-sp branch from 3bff263 to a4c6d62 Compare May 7, 2025 08:25

shawnh2 approved these changes May 7, 2025

View reviewed changes

zirain approved these changes May 7, 2025

View reviewed changes

shawnh2 merged commit ef50718 into envoyproxy:main May 7, 2025
36 of 41 checks passed

kkk777-7 deleted the fix-rg-sp branch May 7, 2025 10:56

arkodg mentioned this pull request Jun 26, 2025

Nominating kkk777-7 as a Reviewer #6419

Closed

BrewTestBot mentioned this pull request Aug 8, 2025

egctl 1.5.0 Homebrew/homebrew-core#232799

Merged

arkodg mentioned this pull request Oct 1, 2025

Nominate kkk777-7 as Maintainer #7112

Closed

Comments

Conversation

kkk777-7 commented Apr 22, 2025

Uh oh!

Uh oh!

codecov bot commented Apr 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

kkk777-7 commented Apr 23, 2025

Uh oh!

zhaohuabing left a comment

Choose a reason for hiding this comment

Uh oh!

zhaohuabing commented Apr 24, 2025

Uh oh!

kkk777-7 commented Apr 24, 2025

Uh oh!

zhaohuabing commented Apr 24, 2025

Uh oh!

kkk777-7 commented Apr 24, 2025

Uh oh!

zhaohuabing left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kkk777-7 commented Apr 28, 2025

Uh oh!

arkodg commented May 5, 2025

Uh oh!

kkk777-7 commented May 6, 2025

Uh oh!

zhaohuabing left a comment

Choose a reason for hiding this comment

Uh oh!

shawnh2 left a comment

Choose a reason for hiding this comment

Uh oh!

shawnh2 commented May 7, 2025

Uh oh!

shawnh2 commented May 7, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

codecov bot commented Apr 23, 2025 •

edited

Loading