lint: All text files for general formatting (envoyproxy#15641)

Signed-off-by: Ryan Northey <[email protected]>

.devcontainer/README.md

@@ -7,7 +7,7 @@ This directory contains some experimental tools for Envoy Development in [VSCode
 Open with VSCode with the Container extension installed. Follow the [official guide](https://code.visualstudio.com/docs/remote/containers) to open this
 repository directly from GitHub or from checked-out source tree.
 
-After opening, run the `Refresh Compilation Database` task to generate compilation database to navigate in source code. 
+After opening, run the `Refresh Compilation Database` task to generate compilation database to navigate in source code.
 This will run partial build of Envoy and may take a while depends on the machine performance.
 This task is needed to run everytime after:
 - Changing a BUILD file that add/remove files from a target, changes dependencies

.gitattributes

@@ -3,4 +3,6 @@
 /generated_api_shadow/envoy/** linguist-generated=true
 /generated_api_shadow/bazel/** linguist-generated=true
 *.svg binary
+/test/extensions/transport_sockets/tls/test_data/aes_128_key binary
+/test/extensions/transport_sockets/tls/test_data/ticket_key_* binary
 /test/**/*_corpus/* linguist-generated=true

.github/workflows/codeql-daily.yml

@@ -37,19 +37,19 @@ jobs:
        sudo apt-get update && sudo apt-get install libtool cmake automake autoconf make ninja-build curl unzip virtualenv openjdk-11-jdk build-essential libc++1
        mkdir -p bin/clang11
        cd bin/clang11
-       wget https://github.com/llvm/llvm-project/releases/download/llvmorg-11.0.1/clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz                                                                        
-       tar -xf clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz --strip-components 1  
+       wget https://github.com/llvm/llvm-project/releases/download/llvmorg-11.0.1/clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
+       tar -xf clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz --strip-components 1
        export PATH=bin/clang11/bin:$PATH
 
     - name: Build
       run: |
        bazel/setup_clang.sh bin/clang11
        bazelisk shutdown
-       bazelisk build -c fastbuild --spawn_strategy=local --discard_analysis_cache --nouse_action_cache --config clang --config libc++ //source/common/http/... 
+       bazelisk build -c fastbuild --spawn_strategy=local --discard_analysis_cache --nouse_action_cache --config clang --config libc++ //source/common/http/...
 
     - name: Clean Artifacts
       run: |
         git clean -xdf
-       
+
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v1

.github/workflows/codeql-push.yml

@@ -45,8 +45,8 @@ jobs:
        sudo apt-get update && sudo apt-get install libtool cmake automake autoconf make ninja-build curl unzip virtualenv openjdk-11-jdk build-essential libc++1
        mkdir -p bin/clang11
        cd bin/clang11
-       wget https://github.com/llvm/llvm-project/releases/download/llvmorg-11.0.1/clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz                                                                        
-       tar -xf clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz --strip-components 1  
+       wget https://github.com/llvm/llvm-project/releases/download/llvmorg-11.0.1/clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
+       tar -xf clang+llvm-11.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz --strip-components 1
        export PATH=bin/clang11/bin:$PATH
 
 
@@ -60,7 +60,7 @@ jobs:
     - name: Clean Artifacts
       run: |
         git clean -xdf
-       
+
     - name: Perform CodeQL Analysis
       if: env.BUILD_TARGETS != ''
       uses: github/codeql-action/analyze@v1

.github/workflows/stale.yml

@@ -39,4 +39,4 @@ jobs:
         stale-pr-label: 'stale'
         exempt-pr-labels: 'no stalebot'
         operations-per-run: 500
-        ascending: true
+        ascending: true

LICENSE

@@ -199,4 +199,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

STYLE.md

@@ -159,7 +159,7 @@ A few general notes on our error handling philosophy:
   continue seems ridiculous because *"this should never happen"*, it's a very good indication that
   the appropriate behavior is to terminate the process and not handle the error. When in doubt,
   please discuss.
-  
+
 # Macro Usage
 
 * The following macros are available:
@@ -175,7 +175,7 @@ A few general notes on our error handling philosophy:
   detectability on probable conditions or invariants.
 
 * Per above it's acceptable to turn failures into crash semantics via `RELEASE_ASSERT(condition)` or
-  `PANIC(message)` if there is no other sensible behavior, e.g. in OOM (memory/FD) scenarios. 
+  `PANIC(message)` if there is no other sensible behavior, e.g. in OOM (memory/FD) scenarios.
 * Do not `ASSERT` on conditions imposed by the external environment. Either add error handling
   (potentially with an `ENVOY_BUG` for detectability) or `RELEASE_ASSERT` if the condition indicates
   that the process is unrecoverable.

api/envoy/config/filter/http/jwt_authn/v2alpha/README.md

@@ -63,4 +63,4 @@ The `value_prefix` must match exactly, i.e., case-sensitively.
 If the `value_prefix` is not found, the header is skipped: not considered as a source for a JWT token.
 
 If there are no JWT-legal characters after the `value_prefix`, the entire string after it
-is taken to be the JWT token. This is unlikely to succeed; the error will reported by the JWT parser.
+is taken to be the JWT token. This is unlikely to succeed; the error will reported by the JWT parser.

api/envoy/extensions/filters/http/jwt_authn/v3/README.md

@@ -63,4 +63,4 @@ The `value_prefix` must match exactly, i.e., case-sensitively.
 If the `value_prefix` is not found, the header is skipped: not considered as a source for a JWT token.
 
 If there are no JWT-legal characters after the `value_prefix`, the entire string after it
-is taken to be the JWT token. This is unlikely to succeed; the error will reported by the JWT parser.
+is taken to be the JWT token. This is unlikely to succeed; the error will reported by the JWT parser.

api/envoy/extensions/filters/network/rocketmq_proxy/v3/README.md

@@ -1 +1 @@
-Protocol buffer definitions for the Rocketmq proxy.
+Protocol buffer definitions for the Rocketmq proxy.

ci/docker-entrypoint.sh

@@ -7,22 +7,22 @@ USERID=$(id -u)
 
 # if the first argument look like a parameter (i.e. start with '-'), run Envoy
 if [ "${1#-}" != "$1" ]; then
-	set -- envoy "$@"
+    set -- envoy "$@"
 fi
 
 if [ "$1" = 'envoy' ]; then
-	# set the log level if the $loglevel variable is set
-	if [ -n "$loglevel" ]; then
-		set -- "$@" --log-level "$loglevel"
-	fi
+    # set the log level if the $loglevel variable is set
+    if [ -n "$loglevel" ]; then
+        set -- "$@" --log-level "$loglevel"
+    fi
 fi
 
 if [ "$ENVOY_UID" != "0" ] && [ "$USERID" = 0 ]; then
     if [ -n "$ENVOY_UID" ]; then
-	usermod -u "$ENVOY_UID" envoy
+        usermod -u "$ENVOY_UID" envoy
     fi
     if [ -n "$ENVOY_GID" ]; then
-	groupmod -g "$ENVOY_GID" envoy
+        groupmod -g "$ENVOY_GID" envoy
     fi
     # Ensure the envoy user is able to write to container logs
     chown envoy:envoy /dev/stdout /dev/stderr

ci/format_pre.sh

@@ -31,6 +31,10 @@ trap_errors () {
 trap trap_errors ERR
 trap exit 1 INT
 
+# TODO: move these to bazel
+CURRENT=glint
+./tools/code_format/glint.sh
+
 CURRENT=shellcheck
 ./tools/code_format/check_shellcheck_format.sh check
 

ci/mac_ci_setup.sh

@@ -31,13 +31,13 @@ function install {
 function retry () {
     local returns=1 i=1
     while ((i<=HOMEBREW_RETRY_ATTEMPTS)); do
-	if "$@"; then
-	    returns=0
-	    break
-	else
-	    sleep "$HOMEBREW_RETRY_INTERVAL";
-	    ((i++))
-	fi
+        if "$@"; then
+            returns=0
+            break
+        else
+            sleep "$HOMEBREW_RETRY_INTERVAL";
+            ((i++))
+        fi
     done
     return "$returns"
 }

ci/upload_gcs_artifact.sh

@@ -3,8 +3,8 @@
 set -e -o pipefail
 
 if [[ -z "${GCS_ARTIFACT_BUCKET}" ]]; then
-  echo "Artifact bucket is not set, not uploading artifacts."
-  exit 0
+    echo "Artifact bucket is not set, not uploading artifacts."
+    exit 0
 fi
 
 # Fail when service account key is not specified
@@ -14,8 +14,8 @@ SOURCE_DIRECTORY="$1"
 TARGET_SUFFIX="$2"
 
 if [ ! -d "${SOURCE_DIRECTORY}" ]; then
-  echo "ERROR: ${SOURCE_DIRECTORY} is not found."
-  exit 1
+    echo "ERROR: ${SOURCE_DIRECTORY} is not found."
+    exit 1
 fi
 
 if [[ "$BUILD_REASON" == "PullRequest" ]]; then
@@ -36,14 +36,14 @@ if [[ "$BUILD_REASON" == "PullRequest" ]]; then
     TMP_REDIRECT="/tmp/redirect/${REDIRECT_PATH}/${TARGET_SUFFIX}"
     mkdir -p "$TMP_REDIRECT"
     echo "<meta http-equiv=\"refresh\" content=\"0; URL='https://storage.googleapis.com/${GCS_LOCATION}/index.html'\" />" \
-	 >  "${TMP_REDIRECT}/index.html"
+         >  "${TMP_REDIRECT}/index.html"
     GCS_REDIRECT="${GCS_ARTIFACT_BUCKET}/${REDIRECT_PATH}/${TARGET_SUFFIX}"
     echo "Uploading redirect to gs://${GCS_REDIRECT} ..."
     gsutil -h "Cache-Control:no-cache,max-age=0" -mq rsync -dr "${TMP_REDIRECT}" "gs://${GCS_REDIRECT}"
 fi
 
 if [[ "${COVERAGE_FAILED}" -eq 1 ]]; then
-  echo "##vso[task.logissue type=error]Coverage failed, check artifact at: https://storage.googleapis.com/${GCS_LOCATION}/index.html"
+    echo "##vso[task.logissue type=error]Coverage failed, check artifact at: https://storage.googleapis.com/${GCS_LOCATION}/index.html"
 fi
 
 echo "Artifacts uploaded to: https://storage.googleapis.com/${GCS_LOCATION}/index.html"

configs/original-dst-cluster/netns_setup.sh

@@ -9,7 +9,7 @@
 set -e
 
 # name of the network namespace
-NETNS=$1 
+NETNS=$1
 
 # IP address or prefix that will be redirected
 TARGET_IP=$2

docs/root/api-v3/config/endpoint/endpoint.rst

@@ -5,4 +5,4 @@ Endpoint
   :glob:
   :maxdepth: 2
 
-  v3/*
+  v3/*

docs/root/api-v3/config/http/header_formatters.rst

@@ -5,4 +5,4 @@ HTTP header formatters
   :glob:
   :maxdepth: 2
 
-  ../../extensions/http/header_formatters/*/v3/*
+  ../../extensions/http/header_formatters/*/v3/*

docs/root/api-v3/config/request_id/request_id.rst

@@ -5,4 +5,4 @@ Request ID
   :glob:
   :maxdepth: 2
 
-  ../../extensions/request_id/*/v3/*
+  ../../extensions/request_id/*/v3/*

docs/root/configuration/best_practices/level_two.rst

@@ -9,24 +9,24 @@ edge use case may need to be adjusted when using Envoy in a multi-level deployme
 
 .. image:: /_static/multilevel_deployment.svg
 
-**In summary, if you run level two Envoy version 1.11.1 or greater which terminates 
+**In summary, if you run level two Envoy version 1.11.1 or greater which terminates
 HTTP/2, we strongly advise you to change the HttpConnectionManager configuration of your level
 two Envoy, by setting its downstream**
 :ref:`validation of HTTP messaging option <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_error_on_invalid_http_message>`
 **to true.**
 
-If there is an invalid HTTP/2 request and this option is not set, the Envoy in 
-question will reset the entire connection. This behavior was changed as part of 
-the 1.11.1 security release, to increase the security of Edge Envoys. Unfortunately, 
-because there are no guarantees that edge proxies will enforce HTTP/1 or HTTP/2 
-standards compliance as rigorously as Envoy’s HTTP/2 stack does, this can result 
-in a problem as follows. If one client sends a request that for example passes 
-level one proxy's validation checks, and it is forwarded over an upstream multiplexed 
-HTTP/2 connection (potentially shared with other clients) the strict enforcement on 
-the level two Envoy HTTP/2 will reset all the streams on that connection, causing 
-a service disruption to the clients sharing that L1-L2 connection. If a malicious 
+If there is an invalid HTTP/2 request and this option is not set, the Envoy in
+question will reset the entire connection. This behavior was changed as part of
+the 1.11.1 security release, to increase the security of Edge Envoys. Unfortunately,
+because there are no guarantees that edge proxies will enforce HTTP/1 or HTTP/2
+standards compliance as rigorously as Envoy’s HTTP/2 stack does, this can result
+in a problem as follows. If one client sends a request that for example passes
+level one proxy's validation checks, and it is forwarded over an upstream multiplexed
+HTTP/2 connection (potentially shared with other clients) the strict enforcement on
+the level two Envoy HTTP/2 will reset all the streams on that connection, causing
+a service disruption to the clients sharing that L1-L2 connection. If a malicious
 user has insight into what traffic will bypass level one checks, they could spray
-“bad” traffic across the level one fleet, causing serious disruption to other users’ 
+“bad” traffic across the level one fleet, causing serious disruption to other users’
 traffic.
 
 This configuration option also has implications for invalid HTTP/1.1 though slightly less

docs/root/configuration/http/http_conn_man/rds.rst

@@ -7,7 +7,7 @@ The route discovery service (RDS) API is an optional API that Envoy will call to
 :ref:`route configurations <envoy_v3_api_msg_config.route.v3.RouteConfiguration>`. A route configuration includes both
 HTTP header modifications, virtual hosts, and the individual route entries contained within each
 virtual host. Each :ref:`HTTP connection manager filter <config_http_conn_man>` can independently
-fetch its own route configuration via the API. Optionally, the 
+fetch its own route configuration via the API. Optionally, the
 :ref:`virtual host discovery service <config_http_conn_man_vhds>`
 can be used to fetch virtual hosts separately from the route configuration.
 

docs/root/configuration/http/http_conn_man/vhds.rst

@@ -42,7 +42,7 @@ If a route for the contents of a host/authority header cannot be resolved, the a
 paused while a
 :ref:`DeltaDiscoveryRequest <envoy_v3_api_msg_service.discovery.v3.DeltaDiscoveryRequest>` is sent.
 When a :ref:`DeltaDiscoveryResponse <envoy_v3_api_msg_service.discovery.v3.DeltaDiscoveryResponse>` is received where one of
-the :ref:`aliases <envoy_v3_api_field_service.discovery.v3.Resource.aliases>` or the 
+the :ref:`aliases <envoy_v3_api_field_service.discovery.v3.Resource.aliases>` or the
 :ref:`name <envoy_v3_api_field_service.discovery.v3.Resource.name>` in the response exactly matches the
 :ref:`resource_names_subscribe <envoy_v3_api_field_service.discovery.v3.DeltaDiscoveryRequest.resource_names_subscribe>`
 entry from the :ref:`DeltaDiscoveryRequest <envoy_v3_api_msg_service.discovery.v3.DeltaDiscoveryRequest>`, the route
@@ -52,7 +52,7 @@ Updates to virtual hosts occur in two ways. If a virtual host was originally sen
 virtual host should be updated over RDS. If a virtual host was subscribed to over VHDS, then updates
 will take place over VHDS.
 
-When a route configuration entry is updated, if the 
+When a route configuration entry is updated, if the
 :ref:`vhds field <envoy_v3_api_field_config.route.v3.RouteConfiguration.vhds>` has changed, the virtual host table for
 that route configuration is cleared, which will require that all virtual hosts be sent again.
 

docs/root/configuration/http/http_filters/ext_proc_filter.rst

@@ -11,9 +11,9 @@ the filter to make decisions in real time about what parts of the HTTP request /
 are sent to the filter for processing.
 
 The protocol itself is based on a bidirectional gRPC stream. Envoy will send the
-server 
+server
 :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3alpha.ProcessingRequest>`
-messages, and the server must reply with 
+messages, and the server must reply with
 :ref:`ProcessingResponse <envoy_v3_api_msg_service.ext_proc.v3alpha.ProcessingResponse>`.
 
 This filter is a work in progress. In its current state, it actually does nothing.

docs/root/configuration/http/http_filters/header_to_metadata_filter.rst

@@ -79,11 +79,11 @@ A corresponding upstream cluster configuration could be:
       lb_policy: ROUND_ROBIN
       lb_subset_config:
         fallback_policy: ANY_ENDPOINT
-	subset_selectors:
-	  - keys:
-	      - default
+        subset_selectors:
           - keys:
-	      - version
+              - default
+          - keys:
+              - version
 
 This would then allow requests with the `x-version` header set to be matched against
 endpoints with the corresponding version. Whereas requests with that header missing

docs/root/configuration/http/http_filters/oauth2_filter.rst

@@ -32,7 +32,7 @@ The OAuth filter's flow involves:
 When the authn server validates the client and returns an authorization token back to the OAuth filter,
 no matter what format that token is, if
 :ref:`forward_bearer_token <envoy_v3_api_field_extensions.filters.http.oauth2.v3alpha.OAuth2Config.forward_bearer_token>`
-is set to true the filter will send over a 
+is set to true the filter will send over a
 cookie named `BearerToken` to the upstream. Additionally, the `Authorization` header will be populated
 with the same value.
 

docs/root/configuration/http/http_filters/on_demand_updates_filter.rst

@@ -11,9 +11,9 @@ contents of the *Host* or *:authority* header is used to create the on-demand re
 request to be created, :ref:`VHDS <envoy_v3_api_field_config.route.v3.RouteConfiguration.vhds>` must be enabled and either *Host*
 or *:authority* header be present.
 
-The on-demand update filter can also be used to request a *Route Configuration* data if RouteConfiguration is specified to be 
-loaded on demand in the :ref:`Scoped RouteConfiguration <envoy_v3_api_msg_config.route.v3.ScopedRouteConfiguration>`. 
-The contents of the HTTP header is used to find the scope and create the on-demand request. 
+The on-demand update filter can also be used to request a *Route Configuration* data if RouteConfiguration is specified to be
+loaded on demand in the :ref:`Scoped RouteConfiguration <envoy_v3_api_msg_config.route.v3.ScopedRouteConfiguration>`.
+The contents of the HTTP header is used to find the scope and create the on-demand request.
 
 On-demand VHDS and on-demand S/RDS can not be used at the same time at this point.
 

docs/root/configuration/http/http_filters/rate_limit_filter.rst

@@ -18,7 +18,7 @@ If the rate limit service is called, and the response for any of the descriptors
 unless :ref:`disable_x_envoy_ratelimited_header <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimit.disable_x_envoy_ratelimited_header>` is
 set to true.
 
-If there is an error in calling rate limit service or rate limit service returns an error and :ref:`failure_mode_deny <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimit.failure_mode_deny>` is 
+If there is an error in calling rate limit service or rate limit service returns an error and :ref:`failure_mode_deny <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimit.failure_mode_deny>` is
 set to true, a 500 response is returned.
 
 .. _config_http_filters_rate_limit_composing_actions:

docs/root/configuration/http/http_filters/wasm_filter.rst

@@ -35,6 +35,6 @@ Example filter configuration:
             local:
               filename: "/etc/envoy_filter_http_wasm_example.wasm"
           allow_precompiled: true
- 
+
 
 The preceding snippet configures a filter from a Wasm binary on local disk.

docs/root/configuration/listeners/listener_filters/http_inspector.rst

@@ -3,7 +3,7 @@
 HTTP Inspector
 ==============
 
-HTTP Inspector listener filter allows detecting whether the application protocol appears to be HTTP, 
+HTTP Inspector listener filter allows detecting whether the application protocol appears to be HTTP,
 and if it is HTTP, it detects the HTTP protocol (HTTP/1.x or HTTP/2) further. This can be used to select a
 :ref:`FilterChain <envoy_v3_api_msg_config.listener.v3.FilterChain>` via the :ref:`application_protocols <envoy_v3_api_field_config.listener.v3.FilterChainMatch.application_protocols>`
 of a :ref:`FilterChainMatch <envoy_v3_api_msg_config.listener.v3.FilterChainMatch>`.
@@ -25,7 +25,7 @@ A sample filter configuration could be:
 Statistics
 ----------
 
-This filter has a statistics tree rooted at *http_inspector* with the following statistics: 
+This filter has a statistics tree rooted at *http_inspector* with the following statistics:
 
 .. csv-table::
   :header: Name, Type, Description