envoyproxy/envoy

Proto validation of gRPC runtime credentials

Open

#8.010 aberto em 22 de ago. de 2019

Ver no GitHub
 (0 comments) (0 reactions) (0 assignees)C++ (5.373 forks)batch import
enhancementhelp wanted

Métricas do repositório

Stars
 (27.997 stars)
Métricas de merge de PR
 (Mesclagem média 8d) (378 fundiu PRs em 30d)

Description

In some places, e.g. https://github.com/envoyproxy/envoy/blob/7267542177ef49b33d6dd7b6ae6cdaa4ce2fb9ce/source/extensions/grpc_credentials/file_based_metadata/config.cc#L31, https://github.com/envoyproxy/envoy/blob/7267542177ef49b33d6dd7b6ae6cdaa4ce2fb9ce/source/extensions/grpc_credentials/aws_iam/config.cc#L39, we're explicitly plumbing in a null proto validation visitor, rather than using something derived from server settings. We also, more generally, lack handling of proto validation failure.

In some sense, this is totally fine today, since these are not control plane API and don't use PGV. In principle, it might be useful to have unknown field validation here and PGV support, so opening this issue to track future work here.

Guia do colaborador