diff --git a/WORKSPACE b/WORKSPACE index 1db241dfe5f..f16ce1285bd 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -35,8 +35,8 @@ bind( # When updating envoy sha manually please update the sha in istio.deps file also # # Determine SHA256 `wget https://github.com/envoyproxy/envoy/archive/COMMIT.zip && sha256sum COMMIT.zip` -ENVOY_SHA = "87d1c78ac483f34e87713628beeccb58b4cfd480" -ENVOY_SHA256 = "0a450928348ef47bf6e3564c07fdce58a5e300d56088ba602bea07216a09e070" +ENVOY_SHA = "2a2ad48a7d4b57512bc10a9593e852fe950b1c8d" +ENVOY_SHA256 = "a86dd396bd3db8401d45f9d387d3177ba1eb8298520ef684c1deaf7b91a1af1d" http_archive( name = "envoy", diff --git a/istio.deps b/istio.deps index 53aea145beb..4c497bdc97e 100644 --- a/istio.deps +++ b/istio.deps @@ -11,6 +11,6 @@ "name": "ENVOY_SHA", "repoName": "envoyproxy/envoy", "file": "WORKSPACE", - "lastStableSHA": "87d1c78ac483f34e87713628beeccb58b4cfd480" + "lastStableSHA": "2a2ad48a7d4b57512bc10a9593e852fe950b1c8d" } ] diff --git a/src/envoy/http/authn/authn_utils.cc b/src/envoy/http/authn/authn_utils.cc index df81d43f30d..7cd75587157 100644 --- a/src/envoy/http/authn/authn_utils.cc +++ b/src/envoy/http/authn/authn_utils.cc @@ -15,6 +15,7 @@ #include +#include "absl/strings/match.h" #include "authn_utils.h" #include "common/json/json_loader.h" #include "google/protobuf/struct.pb.h" @@ -144,10 +145,10 @@ bool AuthnUtils::MatchString(const char* const str, return match.exact().compare(str) == 0; } case iaapi::StringMatch::kPrefix: { - return StringUtil::startsWith(str, match.prefix()); + return absl::StartsWith(str, match.prefix()); } case iaapi::StringMatch::kSuffix: { - return StringUtil::endsWith(str, match.suffix()); + return absl::EndsWith(str, match.suffix()); } case iaapi::StringMatch::kRegex: { return std::regex_match(str, std::regex(match.regex())); diff --git a/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk b/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk index 0262d21357e..e78dbc395aa 100644 --- a/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk +++ b/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk @@ -5,7 +5,6 @@ "bind_to_port": true, "filters": [ { - "type": "read", "name": "http_connection_manager", "config": { "codec_type": "auto", diff --git a/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk b/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk index 172fa3f7a2c..a6ce794147d 100644 --- a/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk +++ b/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk @@ -5,7 +5,6 @@ "bind_to_port": true, "filters": [ { - "type": "read", "name": "http_connection_manager", "config": { "codec_type": "auto", diff --git a/src/envoy/http/jwt_auth/token_extractor.cc b/src/envoy/http/jwt_auth/token_extractor.cc index fda9af9dfd8..9dd1284ceef 100644 --- a/src/envoy/http/jwt_auth/token_extractor.cc +++ b/src/envoy/http/jwt_auth/token_extractor.cc @@ -14,6 +14,7 @@ */ #include "src/envoy/http/jwt_auth/token_extractor.h" +#include "absl/strings/match.h" #include "common/common/utility.h" #include "common/http/utility.h" @@ -33,20 +34,20 @@ const std::string kParamAccessToken = "access_token"; } // namespace -JwtTokenExtractor::JwtTokenExtractor(const JwtAuthentication& config) { - for (const auto& jwt : config.rules()) { +JwtTokenExtractor::JwtTokenExtractor(const JwtAuthentication &config) { + for (const auto &jwt : config.rules()) { bool use_default = true; if (jwt.from_headers_size() > 0) { use_default = false; - for (const auto& header : jwt.from_headers()) { - auto& issuers = header_maps_[LowerCaseString(header.name())]; + for (const auto &header : jwt.from_headers()) { + auto &issuers = header_maps_[LowerCaseString(header.name())]; issuers.insert(jwt.issuer()); } } if (jwt.from_params_size() > 0) { use_default = false; - for (const std::string& param : jwt.from_params()) { - auto& issuers = param_maps_[param]; + for (const std::string ¶m : jwt.from_params()) { + auto &issuers = param_maps_[param]; issuers.insert(jwt.issuer()); } } @@ -55,21 +56,21 @@ JwtTokenExtractor::JwtTokenExtractor(const JwtAuthentication& config) { if (use_default) { authorization_issuers_.insert(jwt.issuer()); - auto& param_issuers = param_maps_[kParamAccessToken]; + auto ¶m_issuers = param_maps_[kParamAccessToken]; param_issuers.insert(jwt.issuer()); } } } void JwtTokenExtractor::Extract( - const HeaderMap& headers, - std::vector>* tokens) const { + const HeaderMap &headers, + std::vector> *tokens) const { if (!authorization_issuers_.empty()) { - const HeaderEntry* entry = headers.Authorization(); + const HeaderEntry *entry = headers.Authorization(); if (entry) { // Extract token from header. - const HeaderString& value = entry->value(); - if (StringUtil::startsWith(value.c_str(), kBearerPrefix, true)) { + const HeaderString &value = entry->value(); + if (absl::StartsWith(value.getStringView(), kBearerPrefix)) { tokens->emplace_back(new Token(value.c_str() + kBearerPrefix.length(), authorization_issuers_, true, nullptr)); // Only take the first one. @@ -79,8 +80,8 @@ void JwtTokenExtractor::Extract( } // Check header first - for (const auto& header_it : header_maps_) { - const HeaderEntry* entry = headers.get(header_it.first); + for (const auto &header_it : header_maps_) { + const HeaderEntry *entry = headers.get(header_it.first); if (entry) { tokens->emplace_back( new Token(std::string(entry->value().c_str(), entry->value().size()), @@ -94,10 +95,10 @@ void JwtTokenExtractor::Extract( return; } - const auto& params = Utility::parseQueryString(std::string( + const auto ¶ms = Utility::parseQueryString(std::string( headers.Path()->value().c_str(), headers.Path()->value().size())); - for (const auto& param_it : param_maps_) { - const auto& it = params.find(param_it.first); + for (const auto ¶m_it : param_maps_) { + const auto &it = params.find(param_it.first); if (it != params.end()) { tokens->emplace_back( new Token(it->second, param_it.second, false, nullptr));