Conversation
The DNSDomain variable needs to be enhanced to include more then one DNS entry. Change DNSDomain to DNSDomains as a meta and add the dnsConfig in the meta. As now DNSDomain is a slice of strings instead of a string, the variable needs consolidation.
…le (istio#11586) (istio#11631) (cherry picked from commit f9b6866)
* Update fluentd adapter to be more robust * Minor touchup of bad merge * Lint fixes
Signed-off-by: Kuat Yessenov <kuat@google.com>
The Cloud Foundry open source licensing scanner has a plugin that identifies dependencies from gradle scripts, but it requires the buildscript and plugins block be before anything else in the file. This change does not affect the build, but makes our lives a smidge easier. Co-authored-by: Teal Stannard <tstannard@pivotal.io>
…grant access to mesh. (istio#11508) * Samples for accessing apt-get repo, Github, and pip repo * A Readme explaining the samples * Link to future doc on default external comm capability * Incorporate documentation feedback from venilnoronha
* Add support for metadata constraints in RBAC This adds support for mapping RBAC constraints with keys in the a[b] format to Envoy's filter metadata matcher. Signed-off-by: Venil Noronha <veniln@vmware.com> * Use SplitN instead of Split for completeness This updates the metadata matcher definition to use strings.SplitN instead of strings.Split in order to capture the whole binary key in two parts. Signed-off-by: Venil Noronha <veniln@vmware.com> * Accomodate [list] and plain value type constraints This adds logic to accomodate filter metadata matching over both [list] and value type constraints. Signed-off-by: Venil Noronha <veniln@vmware.com> * Add extra experimental. prefix test for matching This adds an extra experimental. prefix test while creating metadata matchers based on Envoy filters. Signed-off-by: Venil Noronha <veniln@vmware.com> * Update comments This updates code comments. Signed-off-by: Venil Noronha <veniln@vmware.com>
…Methods (istio#10778) * add POST to ratings service * put a space between if and opening parenthesis * add comments * remove extra line-break
…s synonym for toJSON (istio#11570)
* Fix ingress in pilot, writeback and multiple namespaces * Fix tests, format * Fix test - the generated service should be left in the namespace of ingress * Additional test fixes, match the new 1.1 semantics * Again make fmt and lint not matching
* Break up the helloworld sample into versions * Moved to default namespace * Seperated gateway file and added labels * Update the doc * Cleanup section updated too
…io#11640) * Add handling for independent encoding in Report batches to Mixer * fix lll * Address review * protect protobag done
* wip: exit circleci test early if setup fails Many of the circleci tests will attempt to run the e2e/integration tests even after the test setup fails. This leads to misleading test failures that suggest the problem is with the feature test and not the test setup itself. Example test runs where the setup failed and the test was run but immediately errored out because a dependency was missing: https://circleci.com/gh/istio/istio/316588 https://circleci.com/gh/istio/istio/317262 https://circleci.com/gh/istio/istio/318281 https://circleci.com/gh/istio/istio/316031 https://circleci.com/gh/istio/istio/315952 https://circleci.com/gh/istio/istio/315871 https://circleci.com/gh/istio/istio/315813 ref: https://circleci.com/docs/2.0/configuration-reference/#the-when-attribute ``` By default, CircleCI will execute job steps one at a time, in the order that they are defined in config.yml, until a step fails (returns a non-zero exit code). After a command fails, no further job steps will be executed. Adding the when attribute to a job step allows you to override this default behaviour, and selectively run or skip steps depending on the status of the job. The default value of on_success means that the step will run only if all of the previous steps have been successful (returned exit code 0). A value of always means that the step will run regardless of the exit status of previous steps. This is useful if you have a task that you want to run regardless of whether the previous steps are successful or not. For example, you might have a job step that needs to upload logs or code-coverage data somewhere. ``` * re-add `when: always` to codecov job
* Implementation of isolation for EDS * Provide nil proxy for older calls * Always call loadAssignmentsForClusterIsolated * Revert "Always call loadAssignmentsForClusterIsolated" This reverts commit db2c997. * Env variable to disable * Lint
…s. (istio#11630) * Feature flag graceful shutdown Turn graceful shutdown off by default for 1.1 with a feature flag that allows users to opt-in. Signed-off-by: Liam White <liam@tetrate.io> * Address pr comments Signed-off-by: Liam White <liam@tetrate.io> * Clean up missed feature flag var Signed-off-by: Liam White <liam@tetrate.io> * Add turn off test case, todo comments and fix agent tests Signed-off-by: Liam White <liam@tetrate.io> * fix lint Signed-off-by: Liam White <liam@tetrate.io> * PR review comments Signed-off-by: Liam White <liam@tetrate.io> * Move TerminationDuration function and tests to Pilot features Signed-off-by: Liam White <liam@tetrate.io>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Make sure empty proxy locality will fall back to using proxy service's instance locality.
* cache ServiceAccounts and remove it drom Environment * use allServices var * fix ut
|
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the ℹ️ Googlers: Go here for more info. |
Codecov Report
@@ Coverage Diff @@
## authz-v2 #12201 +/- ##
==========================================
+ Coverage 71% 72% +1%
==========================================
Files 604 606 +2
Lines 53564 53723 +159
==========================================
+ Hits 38000 38252 +252
+ Misses 13409 13299 -110
- Partials 2155 2172 +17
Continue to review full report at Codecov.
|
yangminzhu
left a comment
There was a problem hiding this comment.
Don't use -X theirs. Just use git merge release-1.1 and resolve the conflicts manually.
* Simplify files and cleanup base values.yaml * golden files update * switch back to old defaults for rewriteAppHTTPProbe * update golden * override cpu requests for e2e tests * move policy and telemetry to top level for visibility
* Proxy sha and Api sha for istio * Update istio/proxy to pickup istio/proxy#2135
* Remove test mgmt ports * Remove todo and fix test * Fix local test
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* Choose the correct Istio yaml file for MC * Increase the timeout for the MC test (typically it's 40+ mins) * Set selfSigned flag to false for remote (shared root CA) * Wait for remote addition/deletion to propogate * Enable access log for primary and remote clusters
|
@yangminzhu
The only RBAC-related file is pilot/pkg/networking/plugin/authz/rbac_test.go, which I can manually solve the conflicts. Also, it does not make sense to resolve conflicts in pb.go files. I have checked to make sure we're using the latest changes from release-1.1, such as SHA hashes. So I think using |
|
@pitlv2109 Discussed offline, just make sure to resolve the conflict manually for those files touched in both branch. (Currently it seems it's only the |
|
A Googler has manually verified that the CLAs look good. (Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.) ℹ️ Googlers: Go here for more info. |
|
@yangminzhu |
|
@pitlv2109: The following tests failed, say
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pitlv2109, yangminzhu The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sync with
release-1.1branch usinggit merge upstream/release-1.1 -X theirs.Then manually add
authz-v2's rbac_test.gofile.