envoyproxy/envoy

Config validation without secret validation

Open

#9.809 geöffnet am 23. Jan. 2020

Auf GitHub ansehen
 (5 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)C++ (5.373 Forks)batch import
area/configurationhelp wanted

Repository-Metriken

Stars
 (27.997 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 8T) (378 gemergte PRs in 30 T)

Beschreibung

Currently when running Envoy with --mode validate it will attempt to load and validate the contents of the secrets referenced by the config. While this might be useful when the config is validated in the context in which Envoy will ultimately run, it makes setting up config validation as part of a CI pipeline tricky due to having to generate various test secrets.

A mode that validates that the config is correct (i.e. passes pgv validation) without relying on the state of the file system would simply this process and make it possible to do lightweight config validations.

I imagine this would require stubbing out a lot of the TLS classes that are used during validation for ones that won't actually try to read any of the file content.

Contributor Guide