diff --git a/api/src/main/proto/envoy/api/v2/cluster.proto b/api/src/main/proto/envoy/api/v2/cluster.proto index 182afc8c5..fab95f71b 100644 --- a/api/src/main/proto/envoy/api/v2/cluster.proto +++ b/api/src/main/proto/envoy/api/v2/cluster.proto @@ -352,6 +352,10 @@ message Cluster { // This header isn't sanitized by default, so enabling this feature allows HTTP clients to // route traffic to arbitrary hosts and/or ports, which may have serious security // consequences. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. bool use_http_header = 1; } diff --git a/api/src/main/proto/envoy/api/v2/core/config_source.proto b/api/src/main/proto/envoy/api/v2/core/config_source.proto index 7032b2c10..6cf44dbe9 100644 --- a/api/src/main/proto/envoy/api/v2/core/config_source.proto +++ b/api/src/main/proto/envoy/api/v2/core/config_source.proto @@ -26,10 +26,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/api/src/main/proto/envoy/api/v2/route/route_components.proto b/api/src/main/proto/envoy/api/v2/route/route_components.proto index 339c7bcbc..d73fbb867 100644 --- a/api/src/main/proto/envoy/api/v2/route/route_components.proto +++ b/api/src/main/proto/envoy/api/v2/route/route_components.proto @@ -756,6 +756,10 @@ message RouteAction { // // Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 // *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string cluster_header = 2 [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; @@ -866,6 +870,10 @@ message RouteAction { // // Pay attention to the potential security implications of using this option. Provided header // must come from trusted source. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string auto_host_rewrite_header = 29 [ (validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}, (udpa.annotations.field_migrate).rename = "host_rewrite_header" @@ -1125,13 +1133,18 @@ message HedgePolicy { // [#not-implemented-hide:] type.FractionalPercent additional_request_chance = 2; - // Indicates that a hedged request should be sent when the per-try timeout - // is hit. This will only occur if the retry policy also indicates that a - // timed out request should be retried. - // Once a timed out request is retried due to per try timeout, the router - // filter will ensure that it is not retried again even if the returned - // response headers would otherwise be retried according the specified - // :ref:`RetryPolicy `. + // Indicates that a hedged request should be sent when the per-try timeout is hit. + // This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight. + // The first request to complete successfully will be the one returned to the caller. + // + // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client. + // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client + // if there are no more retries left. + // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. + // + // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least + // one error code and specifies a maximum number of retries. + // // Defaults to false. bool hedge_on_per_try_timeout = 3; } diff --git a/api/src/main/proto/envoy/config/accesslog/v4alpha/accesslog.proto b/api/src/main/proto/envoy/config/accesslog/v4alpha/accesslog.proto index 0714b614c..73769ca8a 100644 --- a/api/src/main/proto/envoy/config/accesslog/v4alpha/accesslog.proto +++ b/api/src/main/proto/envoy/config/accesslog/v4alpha/accesslog.proto @@ -47,9 +47,9 @@ message AccessLog { // #. "envoy.access_loggers.file": :ref:`FileAccessLog // ` // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig - // ` + // ` // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig - // ` + // ` oneof config_type { google.protobuf.Any typed_config = 4; } diff --git a/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto b/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto index a9a0290b2..c3fee5e2d 100644 --- a/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto +++ b/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto @@ -20,8 +20,6 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; @@ -40,7 +38,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // ` for more detail. // Bootstrap :ref:`configuration overview `. -// [#next-free-field: 28] +// [#next-free-field: 30] message Bootstrap { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Bootstrap"; @@ -77,18 +75,18 @@ message Bootstrap { // :ref:`LDS ` configuration source. core.v3.ConfigSource lds_config = 1; - // Resource locator for listener collection. + // xdstp:// resource locator for listener collection. // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator lds_resources_locator = 5; + string lds_resources_locator = 5; // All post-bootstrap :ref:`Cluster ` definitions are // provided by a single :ref:`CDS ` // configuration source. core.v3.ConfigSource cds_config = 2; - // Resource locator for cluster collection. + // xdstp:// resource locator for cluster collection. // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator cds_resources_locator = 6; + string cds_resources_locator = 6; // A single :ref:`ADS ` source may be optionally // specified. This must have :ref:`api_type @@ -110,7 +108,7 @@ message Bootstrap { // A list of :ref:`Node ` field names // that will be included in the context parameters of the effective - // *UdpaResourceLocator* that is sent in a discovery request when resource + // xdstp:// URL that is sent in a discovery request when resource // locators are used for LDS/CDS. Any non-string field will have its JSON // encoding set as the context parameter value, with the exception of // metadata, which will be flattened (see example below). The supported field @@ -168,12 +166,23 @@ message Bootstrap { // Optional duration between flushes to configured stats sinks. For // performance reasons Envoy latches counters and only flushes counters and // gauges at a periodic interval. If not specified the default is 5000ms (5 - // seconds). + // seconds). Only one of `stats_flush_interval` or `stats_flush_on_admin` + // can be set. // Duration must be at least 1ms and at most 5 min. - google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = { - lt {seconds: 300} - gte {nanos: 1000000} - }]; + google.protobuf.Duration stats_flush_interval = 7 [ + (validate.rules).duration = { + lt {seconds: 300} + gte {nanos: 1000000} + }, + (udpa.annotations.field_migrate).oneof_promotion = "stats_flush" + ]; + + oneof stats_flush { + // Flush stats to sinks only when queried for on the admin interface. If set, + // a flush timer is not created. Only one of `stats_flush_on_admin` or + // `stats_flush_interval` can be set. + bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}]; + } // Optional watchdog configuration. // This is for a single watchdog configuration for the entire system. @@ -243,10 +252,14 @@ message Bootstrap { // Each item contains extension specific configuration. repeated core.v3.TypedExtensionConfig bootstrap_extensions = 21; + // Specifies optional extensions instantiated at startup time and + // invoked during crash time on the request that caused the crash. + repeated FatalAction fatal_actions = 28; + // Configuration sources that will participate in - // *udpa.core.v1.ResourceLocator* authority resolution. The algorithm is as + // xdstp:// URL authority resolution. The algorithm is as // follows: - // 1. The authority field is taken from the *udpa.core.v1.ResourceLocator*, call + // 1. The authority field is taken from the xdstp:// URL, call // this *resource_authority*. // 2. *resource_authority* is compared against the authorities in any peer // *ConfigSource*. The peer *ConfigSource* is the configuration source @@ -262,7 +275,7 @@ message Bootstrap { // [#not-implemented-hide:] repeated core.v3.ConfigSource config_sources = 22; - // Default configuration source for *udpa.core.v1.ResourceLocator* if all + // Default configuration source for xdstp:// URLs if all // other resolution fails. // [#not-implemented-hide:] core.v3.ConfigSource default_config_source = 23; @@ -420,6 +433,20 @@ message Watchdog { type.v3.Percent multikill_threshold = 5; } +// Fatal actions to run while crashing. Actions can be safe (meaning they are +// async-signal safe) or unsafe. We run all safe actions before we run unsafe actions. +// If using an unsafe action that could get stuck or deadlock, it important to +// have an out of band system to terminate the process. +// +// The interface for the extension is ``Envoy::Server::Configuration::FatalAction``. +// *FatalAction* extensions live in the ``envoy.extensions.fatal_actions`` API +// namespace. +message FatalAction { + // Extension specific configuration for the action. It's expected to conform + // to the ``Envoy::Server::Configuration::FatalAction`` interface. + core.v3.TypedExtensionConfig config = 1; +} + // Runtime :ref:`configuration overview ` (deprecated). message Runtime { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Runtime"; @@ -493,12 +520,7 @@ message RuntimeLayer { "envoy.config.bootstrap.v2.RuntimeLayer.RtdsLayer"; // Resource to subscribe to at *rtds_config* for the RTDS layer. - string name = 1 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Resource locator for RTDS layer. This is mutually exclusive to *name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator rtds_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + string name = 1; // RTDS configuration source. core.v3.ConfigSource rtds_config = 2; diff --git a/api/src/main/proto/envoy/config/bootstrap/v4alpha/bootstrap.proto b/api/src/main/proto/envoy/config/bootstrap/v4alpha/bootstrap.proto index ef10dead9..b4aceffc9 100644 --- a/api/src/main/proto/envoy/config/bootstrap/v4alpha/bootstrap.proto +++ b/api/src/main/proto/envoy/config/bootstrap/v4alpha/bootstrap.proto @@ -19,8 +19,6 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "envoy/annotations/deprecation.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; @@ -38,7 +36,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // ` for more detail. // Bootstrap :ref:`configuration overview `. -// [#next-free-field: 28] +// [#next-free-field: 30] message Bootstrap { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Bootstrap"; @@ -75,18 +73,18 @@ message Bootstrap { // :ref:`LDS ` configuration source. core.v4alpha.ConfigSource lds_config = 1; - // Resource locator for listener collection. + // xdstp:// resource locator for listener collection. // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator lds_resources_locator = 5; + string lds_resources_locator = 5; // All post-bootstrap :ref:`Cluster ` definitions are // provided by a single :ref:`CDS ` // configuration source. core.v4alpha.ConfigSource cds_config = 2; - // Resource locator for cluster collection. + // xdstp:// resource locator for cluster collection. // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator cds_resources_locator = 6; + string cds_resources_locator = 6; // A single :ref:`ADS ` source may be optionally // specified. This must have :ref:`api_type @@ -108,7 +106,7 @@ message Bootstrap { // A list of :ref:`Node ` field names // that will be included in the context parameters of the effective - // *UdpaResourceLocator* that is sent in a discovery request when resource + // xdstp:// URL that is sent in a discovery request when resource // locators are used for LDS/CDS. Any non-string field will have its JSON // encoding set as the context parameter value, with the exception of // metadata, which will be flattened (see example below). The supported field @@ -163,15 +161,23 @@ message Bootstrap { // Configuration for internal processing of stats. metrics.v4alpha.StatsConfig stats_config = 13; - // Optional duration between flushes to configured stats sinks. For - // performance reasons Envoy latches counters and only flushes counters and - // gauges at a periodic interval. If not specified the default is 5000ms (5 - // seconds). - // Duration must be at least 1ms and at most 5 min. - google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = { - lt {seconds: 300} - gte {nanos: 1000000} - }]; + oneof stats_flush { + // Optional duration between flushes to configured stats sinks. For + // performance reasons Envoy latches counters and only flushes counters and + // gauges at a periodic interval. If not specified the default is 5000ms (5 + // seconds). Only one of `stats_flush_interval` or `stats_flush_on_admin` + // can be set. + // Duration must be at least 1ms and at most 5 min. + google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = { + lt {seconds: 300} + gte {nanos: 1000000} + }]; + + // Flush stats to sinks only when queried for on the admin interface. If set, + // a flush timer is not created. Only one of `stats_flush_on_admin` or + // `stats_flush_interval` can be set. + bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}]; + } // Optional watchdogs configuration. // This is used for specifying different watchdogs for the different subsystems. @@ -229,10 +235,14 @@ message Bootstrap { // Each item contains extension specific configuration. repeated core.v4alpha.TypedExtensionConfig bootstrap_extensions = 21; + // Specifies optional extensions instantiated at startup time and + // invoked during crash time on the request that caused the crash. + repeated FatalAction fatal_actions = 28; + // Configuration sources that will participate in - // *udpa.core.v1.ResourceLocator* authority resolution. The algorithm is as + // xdstp:// URL authority resolution. The algorithm is as // follows: - // 1. The authority field is taken from the *udpa.core.v1.ResourceLocator*, call + // 1. The authority field is taken from the xdstp:// URL, call // this *resource_authority*. // 2. *resource_authority* is compared against the authorities in any peer // *ConfigSource*. The peer *ConfigSource* is the configuration source @@ -248,7 +258,7 @@ message Bootstrap { // [#not-implemented-hide:] repeated core.v4alpha.ConfigSource config_sources = 22; - // Default configuration source for *udpa.core.v1.ResourceLocator* if all + // Default configuration source for xdstp:// URLs if all // other resolution fails. // [#not-implemented-hide:] core.v4alpha.ConfigSource default_config_source = 23; @@ -412,6 +422,23 @@ message Watchdog { type.v3.Percent multikill_threshold = 5; } +// Fatal actions to run while crashing. Actions can be safe (meaning they are +// async-signal safe) or unsafe. We run all safe actions before we run unsafe actions. +// If using an unsafe action that could get stuck or deadlock, it important to +// have an out of band system to terminate the process. +// +// The interface for the extension is ``Envoy::Server::Configuration::FatalAction``. +// *FatalAction* extensions live in the ``envoy.extensions.fatal_actions`` API +// namespace. +message FatalAction { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.FatalAction"; + + // Extension specific configuration for the action. It's expected to conform + // to the ``Envoy::Server::Configuration::FatalAction`` interface. + core.v4alpha.TypedExtensionConfig config = 1; +} + // Runtime :ref:`configuration overview ` (deprecated). message Runtime { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Runtime"; @@ -484,14 +511,8 @@ message RuntimeLayer { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.RuntimeLayer.RtdsLayer"; - oneof name_specifier { - // Resource to subscribe to at *rtds_config* for the RTDS layer. - string name = 1; - - // Resource locator for RTDS layer. This is mutually exclusive to *name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator rtds_resource_locator = 3; - } + // Resource to subscribe to at *rtds_config* for the RTDS layer. + string name = 1; // RTDS configuration source. core.v4alpha.ConfigSource rtds_config = 2; diff --git a/api/src/main/proto/envoy/config/cluster/v3/cluster.proto b/api/src/main/proto/envoy/config/cluster/v3/cluster.proto index 10edef375..f4e3386cf 100644 --- a/api/src/main/proto/envoy/config/cluster/v3/cluster.proto +++ b/api/src/main/proto/envoy/config/cluster/v3/cluster.proto @@ -19,8 +19,7 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/collection_entry.proto"; -import "udpa/core/v1/resource_locator.proto"; +import "xds/core/v3/collection_entry.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; @@ -39,7 +38,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Cluster list collections. Entries are *Cluster* resources or references. // [#not-implemented-hide:] message ClusterCollection { - udpa.core.v1.CollectionEntry entries = 1; + xds.core.v3.CollectionEntry entries = 1; } // Configuration for a single upstream cluster. @@ -187,13 +186,8 @@ message Cluster { // Optional alternative to cluster name to present to EDS. This does not // have the same restrictions as cluster name, i.e. it may be arbitrary - // length. - string service_name = 2 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Resource locator for EDS. This is mutually exclusive to *service_name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator eds_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + // length. This may be a xdstp:// URL. + string service_name = 2; } // Optionally divide the endpoints in this cluster into subsets defined by @@ -436,6 +430,10 @@ message Cluster { // This header isn't sanitized by default, so enabling this feature allows HTTP clients to // route traffic to arbitrary hosts and/or ports, which may have serious security // consequences. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. bool use_http_header = 1; } @@ -586,9 +584,9 @@ message Cluster { } // [#not-implemented-hide:] - message PrefetchPolicy { + message PreconnectPolicy { // Indicates how many streams (rounded up) can be anticipated per-upstream for each - // incoming stream. This is useful for high-QPS or latency-sensitive services. Prefetching + // incoming stream. This is useful for high-QPS or latency-sensitive services. Preconnecting // will only be done if the upstream is healthy. // // For example if this is 2, for an incoming HTTP/1.1 stream, 2 connections will be @@ -597,46 +595,46 @@ message Cluster { // serve both the original and presumed follow-up stream. // // In steady state for non-multiplexed connections a value of 1.5 would mean if there were 100 - // active streams, there would be 100 connections in use, and 50 connections prefetched. + // active streams, there would be 100 connections in use, and 50 connections preconnected. // This might be a useful value for something like short lived single-use connections, // for example proxying HTTP/1.1 if keep-alive were false and each stream resulted in connection // termination. It would likely be overkill for long lived connections, such as TCP proxying SMTP // or regular HTTP/1.1 with keep-alive. For long lived traffic, a value of 1.05 would be more - // reasonable, where for every 100 connections, 5 prefetched connections would be in the queue + // reasonable, where for every 100 connections, 5 preconnected connections would be in the queue // in case of unexpected disconnects where the connection could not be reused. // // If this value is not set, or set explicitly to one, Envoy will fetch as many connections // as needed to serve streams in flight. This means in steady state if a connection is torn down, // a subsequent streams will pay an upstream-rtt latency penalty waiting for streams to be - // prefetched. + // preconnected. // - // This is limited somewhat arbitrarily to 3 because prefetching connections too aggressively can - // harm latency more than the prefetching helps. - google.protobuf.DoubleValue per_upstream_prefetch_ratio = 1 + // This is limited somewhat arbitrarily to 3 because preconnecting too aggressively can + // harm latency more than the preconnecting helps. + google.protobuf.DoubleValue per_upstream_preconnect_ratio = 1 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; // Indicates how many many streams (rounded up) can be anticipated across a cluster for each // stream, useful for low QPS services. This is currently supported for a subset of // deterministic non-hash-based load-balancing algorithms (weighted round robin, random). - // Unlike per_upstream_prefetch_ratio this prefetches across the upstream instances in a + // Unlike per_upstream_preconnect_ratio this preconnects across the upstream instances in a // cluster, doing best effort predictions of what upstream would be picked next and // pre-establishing a connection. // - // For example if prefetching is set to 2 for a round robin HTTP/2 cluster, on the first - // incoming stream, 2 connections will be prefetched - one to the first upstream for this + // For example if preconnecting is set to 2 for a round robin HTTP/2 cluster, on the first + // incoming stream, 2 connections will be preconnected - one to the first upstream for this // cluster, one to the second on the assumption there will be a follow-up stream. // - // Prefetching will be limited to one prefetch per configured upstream in the cluster. + // Preconnecting will be limited to one preconnect per configured upstream in the cluster. // // If this value is not set, or set explicitly to one, Envoy will fetch as many connections // as needed to serve streams in flight, so during warm up and in steady state if a connection - // is closed (and per_upstream_prefetch_ratio is not set), there will be a latency hit for + // is closed (and per_upstream_preconnect_ratio is not set), there will be a latency hit for // connection establishment. // - // If both this and prefetch_ratio are set, Envoy will make sure both predicted needs are met, - // basically prefetching max(predictive-prefetch, per-upstream-prefetch), for each upstream. + // If both this and preconnect_ratio are set, Envoy will make sure both predicted needs are met, + // basically preconnecting max(predictive-preconnect, per-upstream-preconnect), for each upstream. // TODO(alyssawilk) per LB docs and LB overview docs when unhiding. - google.protobuf.DoubleValue predictive_prefetch_ratio = 2 + google.protobuf.DoubleValue predictive_preconnect_ratio = 2 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; } @@ -763,14 +761,37 @@ message Cluster { // HTTP protocol options that are applied only to upstream HTTP connections. // These options apply to all HTTP versions. - core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46; + // This has been deprecated in favor of + // :ref:`upstream_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. + // upstream_http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46 [deprecated = true]; // Additional options when handling HTTP requests upstream. These options will be applicable to // both HTTP1 and HTTP2 requests. - core.v3.HttpProtocolOptions common_http_protocol_options = 29; + // This has been deprecated in favor of + // :ref:`common_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. + // common_http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.HttpProtocolOptions common_http_protocol_options = 29 [deprecated = true]; // Additional options when handling HTTP1 requests. - core.v3.Http1ProtocolOptions http_protocol_options = 13; + // This has been deprecated in favor of http_protocol_options fields in the in the + // :ref:`http_protocol_options ` message. + // http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.Http1ProtocolOptions http_protocol_options = 13 [deprecated = true]; // Even if default HTTP2 protocol options are desired, this field must be // set so that Envoy will assume that the upstream supports HTTP/2 when @@ -778,13 +799,21 @@ message Cluster { // supports prior knowledge for upstream connections. Even if TLS is used // with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2 // connections to happen over plain text. + // This has been deprecated in favor of http2_protocol_options fields in the in the + // :ref:`http_protocol_options ` + // message. http2_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. core.v3.Http2ProtocolOptions http2_protocol_options = 14 - [(udpa.annotations.security).configure_for_untrusted_upstream = true]; + [deprecated = true, (udpa.annotations.security).configure_for_untrusted_upstream = true]; // The extension_protocol_options field is used to provide extension-specific protocol options // for upstream connections. The key should match the extension filter name, such as // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on // specific options. + // [#next-major-version: make this a list of typed extensions.] map typed_extension_protocol_options = 36; // If the DNS refresh rate is specified and the cluster type is either @@ -909,7 +938,12 @@ message Cluster { core.v3.Metadata metadata = 25; // Determines how Envoy selects the protocol used to speak to upstream hosts. - ClusterProtocolSelection protocol_selection = 26; + // This has been deprecated in favor of setting explicit protocol selection + // in the :ref:`http_protocol_options + // ` message. + // http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + ClusterProtocolSelection protocol_selection = 26 [deprecated = true]; // Optional options for upstream connections. UpstreamConnectionOptions upstream_connection_options = 30; @@ -995,8 +1029,8 @@ message Cluster { TrackClusterStats track_cluster_stats = 49; // [#not-implemented-hide:] - // Prefetch configuration for this cluster. - PrefetchPolicy prefetch_policy = 50; + // Preconnect configuration for this cluster. + PreconnectPolicy preconnect_policy = 50; // If `connection_pool_per_downstream_connection` is true, the cluster will use a separate // connection pool for every downstream connection diff --git a/api/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto b/api/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto index c0b4d5732..9bb5633e6 100644 --- a/api/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto +++ b/api/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto @@ -18,7 +18,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // See the :ref:`architecture overview ` for // more information on outlier detection. -// [#next-free-field: 21] +// [#next-free-field: 22] message OutlierDetection { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.cluster.OutlierDetection"; @@ -34,7 +34,8 @@ message OutlierDetection { google.protobuf.Duration interval = 2 [(validate.rules).duration = {gt {}}]; // The base time that a host is ejected for. The real time is equal to the - // base time multiplied by the number of times the host has been ejected. + // base time multiplied by the number of times the host has been ejected and is + // capped by :ref:`max_ejection_time`. // Defaults to 30000ms or 30s. google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration = {gt {}}]; @@ -148,4 +149,9 @@ message OutlierDetection { // volume is lower than this setting, failure percentage-based ejection will not be performed for // this host. Defaults to 50. google.protobuf.UInt32Value failure_percentage_request_volume = 20; + + // The maximum time that a host is ejected for. See :ref:`base_ejection_time` + // for more information. + // Defaults to 300000ms or 300s. + google.protobuf.Duration max_ejection_time = 21 [(validate.rules).duration = {gt {}}]; } diff --git a/api/src/main/proto/envoy/config/cluster/v4alpha/cluster.proto b/api/src/main/proto/envoy/config/cluster/v4alpha/cluster.proto index 35117aba7..8b30ab23f 100644 --- a/api/src/main/proto/envoy/config/cluster/v4alpha/cluster.proto +++ b/api/src/main/proto/envoy/config/cluster/v4alpha/cluster.proto @@ -10,7 +10,6 @@ import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/config_source.proto"; import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/health_check.proto"; -import "envoy/config/core/v4alpha/protocol.proto"; import "envoy/config/endpoint/v3/endpoint.proto"; import "envoy/type/v3/percent.proto"; @@ -19,8 +18,7 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/collection_entry.proto"; -import "udpa/core/v1/resource_locator.proto"; +import "xds/core/v3/collection_entry.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/security.proto"; @@ -41,7 +39,7 @@ message ClusterCollection { option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.ClusterCollection"; - udpa.core.v1.CollectionEntry entries = 1; + xds.core.v3.CollectionEntry entries = 1; } // Configuration for a single upstream cluster. @@ -187,16 +185,10 @@ message Cluster { // Configuration for the source of EDS updates for this Cluster. core.v4alpha.ConfigSource eds_config = 1; - oneof name_specifier { - // Optional alternative to cluster name to present to EDS. This does not - // have the same restrictions as cluster name, i.e. it may be arbitrary - // length. - string service_name = 2; - - // Resource locator for EDS. This is mutually exclusive to *service_name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator eds_resource_locator = 3; - } + // Optional alternative to cluster name to present to EDS. This does not + // have the same restrictions as cluster name, i.e. it may be arbitrary + // length. This may be a xdstp:// URL. + string service_name = 2; } // Optionally divide the endpoints in this cluster into subsets defined by @@ -442,6 +434,10 @@ message Cluster { // This header isn't sanitized by default, so enabling this feature allows HTTP clients to // route traffic to arbitrary hosts and/or ports, which may have serious security // consequences. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. bool use_http_header = 1; } @@ -593,12 +589,12 @@ message Cluster { } // [#not-implemented-hide:] - message PrefetchPolicy { + message PreconnectPolicy { option (udpa.annotations.versioning).previous_message_type = - "envoy.config.cluster.v3.Cluster.PrefetchPolicy"; + "envoy.config.cluster.v3.Cluster.PreconnectPolicy"; // Indicates how many streams (rounded up) can be anticipated per-upstream for each - // incoming stream. This is useful for high-QPS or latency-sensitive services. Prefetching + // incoming stream. This is useful for high-QPS or latency-sensitive services. Preconnecting // will only be done if the upstream is healthy. // // For example if this is 2, for an incoming HTTP/1.1 stream, 2 connections will be @@ -607,52 +603,54 @@ message Cluster { // serve both the original and presumed follow-up stream. // // In steady state for non-multiplexed connections a value of 1.5 would mean if there were 100 - // active streams, there would be 100 connections in use, and 50 connections prefetched. + // active streams, there would be 100 connections in use, and 50 connections preconnected. // This might be a useful value for something like short lived single-use connections, // for example proxying HTTP/1.1 if keep-alive were false and each stream resulted in connection // termination. It would likely be overkill for long lived connections, such as TCP proxying SMTP // or regular HTTP/1.1 with keep-alive. For long lived traffic, a value of 1.05 would be more - // reasonable, where for every 100 connections, 5 prefetched connections would be in the queue + // reasonable, where for every 100 connections, 5 preconnected connections would be in the queue // in case of unexpected disconnects where the connection could not be reused. // // If this value is not set, or set explicitly to one, Envoy will fetch as many connections // as needed to serve streams in flight. This means in steady state if a connection is torn down, // a subsequent streams will pay an upstream-rtt latency penalty waiting for streams to be - // prefetched. + // preconnected. // - // This is limited somewhat arbitrarily to 3 because prefetching connections too aggressively can - // harm latency more than the prefetching helps. - google.protobuf.DoubleValue per_upstream_prefetch_ratio = 1 + // This is limited somewhat arbitrarily to 3 because preconnecting too aggressively can + // harm latency more than the preconnecting helps. + google.protobuf.DoubleValue per_upstream_preconnect_ratio = 1 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; // Indicates how many many streams (rounded up) can be anticipated across a cluster for each // stream, useful for low QPS services. This is currently supported for a subset of // deterministic non-hash-based load-balancing algorithms (weighted round robin, random). - // Unlike per_upstream_prefetch_ratio this prefetches across the upstream instances in a + // Unlike per_upstream_preconnect_ratio this preconnects across the upstream instances in a // cluster, doing best effort predictions of what upstream would be picked next and // pre-establishing a connection. // - // For example if prefetching is set to 2 for a round robin HTTP/2 cluster, on the first - // incoming stream, 2 connections will be prefetched - one to the first upstream for this + // For example if preconnecting is set to 2 for a round robin HTTP/2 cluster, on the first + // incoming stream, 2 connections will be preconnected - one to the first upstream for this // cluster, one to the second on the assumption there will be a follow-up stream. // - // Prefetching will be limited to one prefetch per configured upstream in the cluster. + // Preconnecting will be limited to one preconnect per configured upstream in the cluster. // // If this value is not set, or set explicitly to one, Envoy will fetch as many connections // as needed to serve streams in flight, so during warm up and in steady state if a connection - // is closed (and per_upstream_prefetch_ratio is not set), there will be a latency hit for + // is closed (and per_upstream_preconnect_ratio is not set), there will be a latency hit for // connection establishment. // - // If both this and prefetch_ratio are set, Envoy will make sure both predicted needs are met, - // basically prefetching max(predictive-prefetch, per-upstream-prefetch), for each upstream. + // If both this and preconnect_ratio are set, Envoy will make sure both predicted needs are met, + // basically preconnecting max(predictive-preconnect, per-upstream-preconnect), for each upstream. // TODO(alyssawilk) per LB docs and LB overview docs when unhiding. - google.protobuf.DoubleValue predictive_prefetch_ratio = 2 + google.protobuf.DoubleValue predictive_preconnect_ratio = 2 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; } - reserved 12, 15, 7, 11, 35, 47; + reserved 12, 15, 7, 11, 35, 46, 29, 13, 14, 26, 47; - reserved "hosts", "tls_context", "extension_protocol_options", "track_timeout_budgets"; + reserved "hosts", "tls_context", "extension_protocol_options", "upstream_http_protocol_options", + "common_http_protocol_options", "http_protocol_options", "http2_protocol_options", + "protocol_selection", "track_timeout_budgets"; // Configuration to use different transport sockets for different endpoints. // The entry of *envoy.transport_socket_match* in the @@ -771,30 +769,11 @@ message Cluster { // Optional :ref:`circuit breaking ` for the cluster. CircuitBreakers circuit_breakers = 10; - // HTTP protocol options that are applied only to upstream HTTP connections. - // These options apply to all HTTP versions. - core.v4alpha.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46; - - // Additional options when handling HTTP requests upstream. These options will be applicable to - // both HTTP1 and HTTP2 requests. - core.v4alpha.HttpProtocolOptions common_http_protocol_options = 29; - - // Additional options when handling HTTP1 requests. - core.v4alpha.Http1ProtocolOptions http_protocol_options = 13; - - // Even if default HTTP2 protocol options are desired, this field must be - // set so that Envoy will assume that the upstream supports HTTP/2 when - // making new HTTP connection pool connections. Currently, Envoy only - // supports prior knowledge for upstream connections. Even if TLS is used - // with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2 - // connections to happen over plain text. - core.v4alpha.Http2ProtocolOptions http2_protocol_options = 14 - [(udpa.annotations.security).configure_for_untrusted_upstream = true]; - // The extension_protocol_options field is used to provide extension-specific protocol options // for upstream connections. The key should match the extension filter name, such as // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on // specific options. + // [#next-major-version: make this a list of typed extensions.] map typed_extension_protocol_options = 36; // If the DNS refresh rate is specified and the cluster type is either @@ -918,9 +897,6 @@ message Cluster { // the Router filter, the filter name should be specified as *envoy.filters.http.router*. core.v4alpha.Metadata metadata = 25; - // Determines how Envoy selects the protocol used to speak to upstream hosts. - ClusterProtocolSelection protocol_selection = 26; - // Optional options for upstream connections. UpstreamConnectionOptions upstream_connection_options = 30; @@ -993,8 +969,8 @@ message Cluster { TrackClusterStats track_cluster_stats = 49; // [#not-implemented-hide:] - // Prefetch configuration for this cluster. - PrefetchPolicy prefetch_policy = 50; + // Preconnect configuration for this cluster. + PreconnectPolicy preconnect_policy = 50; // If `connection_pool_per_downstream_connection` is true, the cluster will use a separate // connection pool for every downstream connection diff --git a/api/src/main/proto/envoy/config/cluster/v4alpha/outlier_detection.proto b/api/src/main/proto/envoy/config/cluster/v4alpha/outlier_detection.proto index 29a1e0127..9b2efeb53 100644 --- a/api/src/main/proto/envoy/config/cluster/v4alpha/outlier_detection.proto +++ b/api/src/main/proto/envoy/config/cluster/v4alpha/outlier_detection.proto @@ -18,7 +18,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // See the :ref:`architecture overview ` for // more information on outlier detection. -// [#next-free-field: 21] +// [#next-free-field: 22] message OutlierDetection { option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.OutlierDetection"; @@ -34,7 +34,8 @@ message OutlierDetection { google.protobuf.Duration interval = 2 [(validate.rules).duration = {gt {}}]; // The base time that a host is ejected for. The real time is equal to the - // base time multiplied by the number of times the host has been ejected. + // base time multiplied by the number of times the host has been ejected and is + // capped by :ref:`max_ejection_time`. // Defaults to 30000ms or 30s. google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration = {gt {}}]; @@ -148,4 +149,9 @@ message OutlierDetection { // volume is lower than this setting, failure percentage-based ejection will not be performed for // this host. Defaults to 50. google.protobuf.UInt32Value failure_percentage_request_volume = 20; + + // The maximum time that a host is ejected for. See :ref:`base_ejection_time` + // for more information. + // Defaults to 300000ms or 300s. + google.protobuf.Duration max_ejection_time = 21 [(validate.rules).duration = {gt {}}]; } diff --git a/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto b/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto index 119740547..2760be1b8 100644 --- a/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto +++ b/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto @@ -2,7 +2,9 @@ syntax = "proto3"; package envoy.config.common.matcher.v3; +import "envoy/config/core/v3/extension.proto"; import "envoy/config/route/v3/route_components.proto"; +import "envoy/type/matcher/v3/string.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; @@ -16,6 +18,127 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Unified Matcher API] +// A matcher, which may traverse a matching tree in order to result in a match action. +// During matching, the tree will be traversed until a match is found, or if no match +// is found the action specified by the most specific on_no_match will be evaluated. +// As an on_no_match might result in another matching tree being evaluated, this process +// might repeat several times until the final OnMatch (or no match) is decided. +// +// This API is a work in progress. +message Matcher { + // What to do if a match is successful. + message OnMatch { + oneof on_match { + option (validate.required) = true; + + // Nested matcher to evaluate. + // If the nested matcher does not match and does not specify + // on_no_match, then this matcher is considered not to have + // matched, even if a predicate at this level or above returned + // true. + Matcher matcher = 1; + + // Protocol-specific action to take. + core.v3.TypedExtensionConfig action = 2; + } + } + + // A linear list of field matchers. + // The field matchers are evaluated in order, and the first match + // wins. + message MatcherList { + // Predicate to determine if a match is successful. + message Predicate { + // Predicate for a single input field. + message SinglePredicate { + // Protocol-specific specification of input field to match on. + core.v3.TypedExtensionConfig input = 1 [(validate.rules).message = {required: true}]; + + oneof matcher { + option (validate.required) = true; + + // Built-in string matcher. + type.matcher.v3.StringMatcher value_match = 2; + + // Extension for custom matching logic. + core.v3.TypedExtensionConfig custom_match = 3; + } + } + + // A list of two or more matchers. Used to allow using a list within a oneof. + message PredicateList { + repeated Predicate predicate = 1 [(validate.rules).repeated = {min_items: 2}]; + } + + oneof match_type { + option (validate.required) = true; + + // A single predicate to evaluate. + SinglePredicate single_predicate = 1; + + // A list of predicates to be OR-ed together. + PredicateList or_matcher = 2; + + // A list of predicates to be AND-ed together. + PredicateList and_matcher = 3; + } + } + + // An individual matcher. + message FieldMatcher { + // Determines if the match succeeds. + Predicate predicate = 1 [(validate.rules).message = {required: true}]; + + // What to do if the match succeeds. + OnMatch on_match = 2 [(validate.rules).message = {required: true}]; + } + + // A list of matchers. First match wins. + repeated FieldMatcher matchers = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + message MatcherTree { + // A map of configured matchers. Used to allow using a map within a oneof. + message MatchMap { + map map = 1 [(validate.rules).map = {min_pairs: 1}]; + } + + // Protocol-specific specification of input field to match on. + core.v3.TypedExtensionConfig input = 1 [(validate.rules).message = {required: true}]; + + // Exact or prefix match maps in which to look up the input value. + // If the lookup succeeds, the match is considered successful, and + // the corresponding OnMatch is used. + oneof tree_type { + option (validate.required) = true; + + MatchMap exact_match_map = 2; + + // Longest matching prefix wins. + MatchMap prefix_match_map = 3; + + // Extension for custom matching logic. + core.v3.TypedExtensionConfig custom_match = 4; + } + } + + oneof matcher_type { + option (validate.required) = true; + + // A linear list of matchers to evaluate. + MatcherList matcher_list = 1; + + // A match tree to evaluate. + MatcherTree matcher_tree = 2; + } + + // Optional OnMatch to use if the matcher failed. + // If specified, the OnMatch is used, and the matcher is considered + // to have matched. + // If not specified, the matcher is considered not to have matched. + OnMatch on_no_match = 3; +} + // Match configuration. This is a recursive structure which allows complex nested match // configurations to be built using various logical operators. // [#next-free-field: 11] diff --git a/api/src/main/proto/envoy/config/common/matcher/v4alpha/matcher.proto b/api/src/main/proto/envoy/config/common/matcher/v4alpha/matcher.proto index 3be0d2aea..7c846e1e9 100644 --- a/api/src/main/proto/envoy/config/common/matcher/v4alpha/matcher.proto +++ b/api/src/main/proto/envoy/config/common/matcher/v4alpha/matcher.proto @@ -2,7 +2,9 @@ syntax = "proto3"; package envoy.config.common.matcher.v4alpha; +import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/route/v4alpha/route_components.proto"; +import "envoy/type/matcher/v4alpha/string.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -15,6 +17,154 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // [#protodoc-title: Unified Matcher API] +// A matcher, which may traverse a matching tree in order to result in a match action. +// During matching, the tree will be traversed until a match is found, or if no match +// is found the action specified by the most specific on_no_match will be evaluated. +// As an on_no_match might result in another matching tree being evaluated, this process +// might repeat several times until the final OnMatch (or no match) is decided. +// +// This API is a work in progress. +message Matcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher"; + + // What to do if a match is successful. + message OnMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.OnMatch"; + + oneof on_match { + option (validate.required) = true; + + // Nested matcher to evaluate. + // If the nested matcher does not match and does not specify + // on_no_match, then this matcher is considered not to have + // matched, even if a predicate at this level or above returned + // true. + Matcher matcher = 1; + + // Protocol-specific action to take. + core.v4alpha.TypedExtensionConfig action = 2; + } + } + + // A linear list of field matchers. + // The field matchers are evaluated in order, and the first match + // wins. + message MatcherList { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.MatcherList"; + + // Predicate to determine if a match is successful. + message Predicate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.MatcherList.Predicate"; + + // Predicate for a single input field. + message SinglePredicate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.MatcherList.Predicate.SinglePredicate"; + + // Protocol-specific specification of input field to match on. + core.v4alpha.TypedExtensionConfig input = 1 [(validate.rules).message = {required: true}]; + + oneof matcher { + option (validate.required) = true; + + // Built-in string matcher. + type.matcher.v4alpha.StringMatcher value_match = 2; + + // Extension for custom matching logic. + core.v4alpha.TypedExtensionConfig custom_match = 3; + } + } + + // A list of two or more matchers. Used to allow using a list within a oneof. + message PredicateList { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.MatcherList.Predicate.PredicateList"; + + repeated Predicate predicate = 1 [(validate.rules).repeated = {min_items: 2}]; + } + + oneof match_type { + option (validate.required) = true; + + // A single predicate to evaluate. + SinglePredicate single_predicate = 1; + + // A list of predicates to be OR-ed together. + PredicateList or_matcher = 2; + + // A list of predicates to be AND-ed together. + PredicateList and_matcher = 3; + } + } + + // An individual matcher. + message FieldMatcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.MatcherList.FieldMatcher"; + + // Determines if the match succeeds. + Predicate predicate = 1 [(validate.rules).message = {required: true}]; + + // What to do if the match succeeds. + OnMatch on_match = 2 [(validate.rules).message = {required: true}]; + } + + // A list of matchers. First match wins. + repeated FieldMatcher matchers = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + message MatcherTree { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.MatcherTree"; + + // A map of configured matchers. Used to allow using a map within a oneof. + message MatchMap { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.common.matcher.v3.Matcher.MatcherTree.MatchMap"; + + map map = 1 [(validate.rules).map = {min_pairs: 1}]; + } + + // Protocol-specific specification of input field to match on. + core.v4alpha.TypedExtensionConfig input = 1 [(validate.rules).message = {required: true}]; + + // Exact or prefix match maps in which to look up the input value. + // If the lookup succeeds, the match is considered successful, and + // the corresponding OnMatch is used. + oneof tree_type { + option (validate.required) = true; + + MatchMap exact_match_map = 2; + + // Longest matching prefix wins. + MatchMap prefix_match_map = 3; + + // Extension for custom matching logic. + core.v4alpha.TypedExtensionConfig custom_match = 4; + } + } + + oneof matcher_type { + option (validate.required) = true; + + // A linear list of matchers to evaluate. + MatcherList matcher_list = 1; + + // A match tree to evaluate. + MatcherTree matcher_tree = 2; + } + + // Optional OnMatch to use if the matcher failed. + // If specified, the OnMatch is used, and the matcher is considered + // to have matched. + // If not specified, the matcher is considered not to have matched. + OnMatch on_no_match = 3; +} + // Match configuration. This is a recursive structure which allows complex nested match // configurations to be built using various logical operators. // [#next-free-field: 11] diff --git a/api/src/main/proto/envoy/config/common/tap/v2alpha/common.proto b/api/src/main/proto/envoy/config/common/tap/v2alpha/common.proto index 262557b35..6db1ecced 100644 --- a/api/src/main/proto/envoy/config/common/tap/v2alpha/common.proto +++ b/api/src/main/proto/envoy/config/common/tap/v2alpha/common.proto @@ -2,7 +2,6 @@ syntax = "proto3"; package envoy.config.common.tap.v2alpha; -import "envoy/api/v2/core/config_source.proto"; import "envoy/service/tap/v2alpha/common.proto"; import "udpa/annotations/migrate.proto"; @@ -19,15 +18,6 @@ option (udpa.annotations.file_status).package_version_status = FROZEN; // Common configuration for all tap extensions. message CommonExtensionConfig { - // [#not-implemented-hide:] - message TapDSConfig { - // Configuration for the source of TapDS updates for this Cluster. - api.v2.core.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; - - // Tap config to request from XDS server. - string name = 2 [(validate.rules).string = {min_bytes: 1}]; - } - oneof config_type { option (validate.required) = true; @@ -37,9 +27,6 @@ message CommonExtensionConfig { // If specified, the tap filter will be configured via a static configuration that cannot be // changed. service.tap.v2alpha.TapConfig static_config = 2; - - // [#not-implemented-hide:] Configuration to use for TapDS updates for the filter. - TapDSConfig tapds_config = 3; } } diff --git a/api/src/main/proto/envoy/config/core/v3/base.proto b/api/src/main/proto/envoy/config/core/v3/base.proto index 4d7d69fae..74a7d55a7 100644 --- a/api/src/main/proto/envoy/config/core/v3/base.proto +++ b/api/src/main/proto/envoy/config/core/v3/base.proto @@ -313,6 +313,13 @@ message HeaderMap { repeated HeaderValue headers = 1; } +// A directory that is watched for changes, e.g. by inotify on Linux. Move/rename +// events inside this directory trigger the watch. +message WatchedDirectory { + // Directory path to watch. + string path = 1 [(validate.rules).string = {min_len: 1}]; +} + // Data source consisting of either a file or an inline value. message DataSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.DataSource"; @@ -324,10 +331,10 @@ message DataSource { string filename = 1 [(validate.rules).string = {min_len: 1}]; // Bytes inlined in the configuration. - bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}]; + bytes inline_bytes = 2; // String inlined in the configuration. - string inline_string = 3 [(validate.rules).string = {min_len: 1}]; + string inline_string = 3; } } diff --git a/api/src/main/proto/envoy/config/core/v3/config_source.proto b/api/src/main/proto/envoy/config/core/v3/config_source.proto index 72837bb3b..9de03625d 100644 --- a/api/src/main/proto/envoy/config/core/v3/config_source.proto +++ b/api/src/main/proto/envoy/config/core/v3/config_source.proto @@ -7,7 +7,7 @@ import "envoy/config/core/v3/grpc_service.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/authority.proto"; +import "xds/core/v3/authority.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; @@ -27,10 +27,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; @@ -152,12 +152,11 @@ message RateLimitSettings { message ConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource"; - // Authorities that this config source may be used for. An authority specified - // in a *udpa.core.v1.ResourceLocator* is resolved to a *ConfigSource* prior - // to configuration fetch. This field provides the association between - // authority name and configuration source. + // Authorities that this config source may be used for. An authority specified in a xdstp:// URL + // is resolved to a *ConfigSource* prior to configuration fetch. This field provides the + // association between authority name and configuration source. // [#not-implemented-hide:] - repeated udpa.core.v1.Authority authorities = 7; + repeated xds.core.v3.Authority authorities = 7; oneof config_source_specifier { option (validate.required) = true; diff --git a/api/src/main/proto/envoy/config/core/v3/grpc_service.proto b/api/src/main/proto/envoy/config/core/v3/grpc_service.proto index 8dae5633d..e3730d017 100644 --- a/api/src/main/proto/envoy/config/core/v3/grpc_service.proto +++ b/api/src/main/proto/envoy/config/core/v3/grpc_service.proto @@ -286,8 +286,10 @@ message GrpcService { // request. google.protobuf.Duration timeout = 3; - // Additional metadata to include in streams initiated to the GrpcService. - // This can be used for scenarios in which additional ad hoc authorization - // headers (e.g. ``x-foo-bar: baz-key``) are to be injected. + // Additional metadata to include in streams initiated to the GrpcService. This can be used for + // scenarios in which additional ad hoc authorization headers (e.g. ``x-foo-bar: baz-key``) are to + // be injected. For more information, including details on header value syntax, see the + // documentation on :ref:`custom request headers + // `. repeated HeaderValue initial_metadata = 5; } diff --git a/api/src/main/proto/envoy/config/core/v3/health_check.proto b/api/src/main/proto/envoy/config/core/v3/health_check.proto index c5441c30f..ccd473969 100644 --- a/api/src/main/proto/envoy/config/core/v3/health_check.proto +++ b/api/src/main/proto/envoy/config/core/v3/health_check.proto @@ -54,7 +54,7 @@ enum HealthStatus { DEGRADED = 5; } -// [#next-free-field: 24] +// [#next-free-field: 25] message HealthCheck { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HealthCheck"; @@ -284,6 +284,21 @@ message HealthCheck { // The default value for "no traffic interval" is 60 seconds. google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}]; + // The "no traffic healthy interval" is a special health check interval that + // is used for hosts that are currently passing active health checking + // (including new hosts) when the cluster has received no traffic. + // + // This is useful for when we want to send frequent health checks with + // `no_traffic_interval` but then revert to lower frequency `no_traffic_healthy_interval` once + // a host in the cluster is marked as healthy. + // + // Once a cluster has been used for traffic routing, Envoy will shift back to using the + // standard health check interval that is defined. + // + // If no_traffic_healthy_interval is not set, it will default to the + // no traffic interval and send that interval regardless of health state. + google.protobuf.Duration no_traffic_healthy_interval = 24 [(validate.rules).duration = {gt {}}]; + // The "unhealthy interval" is a health check interval that is used for hosts that are marked as // unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the // standard health check interval that is defined. diff --git a/api/src/main/proto/envoy/config/core/v3/protocol.proto b/api/src/main/proto/envoy/config/core/v3/protocol.proto index 17a6955d6..c29437036 100644 --- a/api/src/main/proto/envoy/config/core/v3/protocol.proto +++ b/api/src/main/proto/envoy/config/core/v3/protocol.proto @@ -77,6 +77,10 @@ message HttpProtocolOptions { // .. warning:: // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP // FIN packets, etc. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled for downstream connections according to the value for + // :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE `. google.protobuf.Duration idle_timeout = 1; // The maximum duration of a connection. The duration is defined as a period since a connection @@ -270,7 +274,8 @@ message Http2ProtocolOptions { // be written into the socket). Exceeding this limit triggers flood mitigation and connection is // terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due // to flood mitigation. The default limit is 10000. - // [#comment:TODO: implement same limits for upstream outbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}]; // Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM, @@ -278,7 +283,8 @@ message Http2ProtocolOptions { // this limit triggers flood mitigation and connection is terminated. The // ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood // mitigation. The default limit is 1000. - // [#comment:TODO: implement same limits for upstream outbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}]; // Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an @@ -287,7 +293,8 @@ message Http2ProtocolOptions { // stat tracks the number of connections terminated due to flood mitigation. // Setting this to 0 will terminate connection upon receiving first frame with an empty payload // and no end stream flag. The default limit is 1. - // [#comment:TODO: implement same limits for upstream inbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9; // Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number @@ -298,7 +305,8 @@ message Http2ProtocolOptions { // // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks // the number of connections terminated due to flood mitigation. The default limit is 100. - // [#comment:TODO: implement same limits for upstream inbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10; // Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number @@ -312,7 +320,8 @@ message Http2ProtocolOptions { // the number of connections terminated due to flood mitigation. The default limit is 10. // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, // but more complex implementations that try to estimate available bandwidth require at least 2. - // [#comment:TODO: implement same limits for upstream inbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11 [(validate.rules).uint32 = {gte: 1}]; diff --git a/api/src/main/proto/envoy/config/core/v3/substitution_format_string.proto b/api/src/main/proto/envoy/config/core/v3/substitution_format_string.proto index 10d99b878..fa14db45d 100644 --- a/api/src/main/proto/envoy/config/core/v3/substitution_format_string.proto +++ b/api/src/main/proto/envoy/config/core/v3/substitution_format_string.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.config.core.v3; +import "envoy/config/core/v3/base.proto"; + import "google/protobuf/struct.proto"; import "udpa/annotations/status.proto"; @@ -16,6 +18,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration to use multiple :ref:`command operators ` // to generate a new string in either plain text or JSON format. +// [#next-free-field: 6] message SubstitutionFormatString { oneof format { option (validate.required) = true; @@ -36,7 +39,8 @@ message SubstitutionFormatString { // // upstream connect error:503:path=/foo // - string text_format = 1 [(validate.rules).string = {min_len: 1}]; + // Deprecated in favor of :ref:`text_format_source `. To migrate text format strings, use the :ref:`inline_string ` field. + string text_format = 1 [deprecated = true]; // Specify a format with command operators to form a JSON string. // Its details is described in :ref:`format dictionary`. @@ -61,6 +65,25 @@ message SubstitutionFormatString { // } // google.protobuf.Struct json_format = 2 [(validate.rules).message = {required: true}]; + + // Specify a format with command operators to form a text string. + // Its details is described in :ref:`format string`. + // + // For example, setting ``text_format`` like below, + // + // .. validated-code-block:: yaml + // :type-name: envoy.config.core.v3.SubstitutionFormatString + // + // text_format_source: + // inline_string: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%\n" + // + // generates plain text similar to: + // + // .. code-block:: text + // + // upstream connect error:503:path=/foo + // + DataSource text_format_source = 5; } // If set to true, when command operators are evaluated to null, diff --git a/api/src/main/proto/envoy/config/core/v4alpha/base.proto b/api/src/main/proto/envoy/config/core/v4alpha/base.proto index dc1104a21..6a967b1ae 100644 --- a/api/src/main/proto/envoy/config/core/v4alpha/base.proto +++ b/api/src/main/proto/envoy/config/core/v4alpha/base.proto @@ -308,6 +308,16 @@ message HeaderMap { repeated HeaderValue headers = 1; } +// A directory that is watched for changes, e.g. by inotify on Linux. Move/rename +// events inside this directory trigger the watch. +message WatchedDirectory { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.WatchedDirectory"; + + // Directory path to watch. + string path = 1 [(validate.rules).string = {min_len: 1}]; +} + // Data source consisting of either a file or an inline value. message DataSource { option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.DataSource"; @@ -319,10 +329,10 @@ message DataSource { string filename = 1 [(validate.rules).string = {min_len: 1}]; // Bytes inlined in the configuration. - bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}]; + bytes inline_bytes = 2; // String inlined in the configuration. - string inline_string = 3 [(validate.rules).string = {min_len: 1}]; + string inline_string = 3; } } diff --git a/api/src/main/proto/envoy/config/core/v4alpha/config_source.proto b/api/src/main/proto/envoy/config/core/v4alpha/config_source.proto index 72b4f0357..121a20e6e 100644 --- a/api/src/main/proto/envoy/config/core/v4alpha/config_source.proto +++ b/api/src/main/proto/envoy/config/core/v4alpha/config_source.proto @@ -7,7 +7,7 @@ import "envoy/config/core/v4alpha/grpc_service.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/authority.proto"; +import "xds/core/v3/authority.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; @@ -24,13 +24,14 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // xDS API and non-xDS services version. This is used to describe both resource and transport // protocol versions (in distinct configuration fields). enum ApiVersion { + reserved 1; + + reserved "V2"; + // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; - - // Use xDS v2 API. - V2 = 1; + DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 [deprecated = true]; // Use xDS v3 API. V3 = 2; @@ -154,12 +155,11 @@ message RateLimitSettings { message ConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.ConfigSource"; - // Authorities that this config source may be used for. An authority specified - // in a *udpa.core.v1.ResourceLocator* is resolved to a *ConfigSource* prior - // to configuration fetch. This field provides the association between - // authority name and configuration source. + // Authorities that this config source may be used for. An authority specified in a xdstp:// URL + // is resolved to a *ConfigSource* prior to configuration fetch. This field provides the + // association between authority name and configuration source. // [#not-implemented-hide:] - repeated udpa.core.v1.Authority authorities = 7; + repeated xds.core.v3.Authority authorities = 7; oneof config_source_specifier { option (validate.required) = true; diff --git a/api/src/main/proto/envoy/config/core/v4alpha/grpc_service.proto b/api/src/main/proto/envoy/config/core/v4alpha/grpc_service.proto index 938beb917..9ea35b456 100644 --- a/api/src/main/proto/envoy/config/core/v4alpha/grpc_service.proto +++ b/api/src/main/proto/envoy/config/core/v4alpha/grpc_service.proto @@ -292,8 +292,10 @@ message GrpcService { // request. google.protobuf.Duration timeout = 3; - // Additional metadata to include in streams initiated to the GrpcService. - // This can be used for scenarios in which additional ad hoc authorization - // headers (e.g. ``x-foo-bar: baz-key``) are to be injected. + // Additional metadata to include in streams initiated to the GrpcService. This can be used for + // scenarios in which additional ad hoc authorization headers (e.g. ``x-foo-bar: baz-key``) are to + // be injected. For more information, including details on header value syntax, see the + // documentation on :ref:`custom request headers + // `. repeated HeaderValue initial_metadata = 5; } diff --git a/api/src/main/proto/envoy/config/core/v4alpha/health_check.proto b/api/src/main/proto/envoy/config/core/v4alpha/health_check.proto index 8d54d81af..2761b856a 100644 --- a/api/src/main/proto/envoy/config/core/v4alpha/health_check.proto +++ b/api/src/main/proto/envoy/config/core/v4alpha/health_check.proto @@ -54,7 +54,7 @@ enum HealthStatus { DEGRADED = 5; } -// [#next-free-field: 24] +// [#next-free-field: 25] message HealthCheck { option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HealthCheck"; @@ -284,6 +284,21 @@ message HealthCheck { // The default value for "no traffic interval" is 60 seconds. google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}]; + // The "no traffic healthy interval" is a special health check interval that + // is used for hosts that are currently passing active health checking + // (including new hosts) when the cluster has received no traffic. + // + // This is useful for when we want to send frequent health checks with + // `no_traffic_interval` but then revert to lower frequency `no_traffic_healthy_interval` once + // a host in the cluster is marked as healthy. + // + // Once a cluster has been used for traffic routing, Envoy will shift back to using the + // standard health check interval that is defined. + // + // If no_traffic_healthy_interval is not set, it will default to the + // no traffic interval and send that interval regardless of health state. + google.protobuf.Duration no_traffic_healthy_interval = 24 [(validate.rules).duration = {gt {}}]; + // The "unhealthy interval" is a health check interval that is used for hosts that are marked as // unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the // standard health check interval that is defined. diff --git a/api/src/main/proto/envoy/config/core/v4alpha/protocol.proto b/api/src/main/proto/envoy/config/core/v4alpha/protocol.proto index 807488cef..e33d83442 100644 --- a/api/src/main/proto/envoy/config/core/v4alpha/protocol.proto +++ b/api/src/main/proto/envoy/config/core/v4alpha/protocol.proto @@ -77,6 +77,10 @@ message HttpProtocolOptions { // .. warning:: // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP // FIN packets, etc. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled for downstream connections according to the value for + // :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE `. google.protobuf.Duration idle_timeout = 1; // The maximum duration of a connection. The duration is defined as a period since a connection @@ -277,7 +281,8 @@ message Http2ProtocolOptions { // be written into the socket). Exceeding this limit triggers flood mitigation and connection is // terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due // to flood mitigation. The default limit is 10000. - // [#comment:TODO: implement same limits for upstream outbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}]; // Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM, @@ -285,7 +290,8 @@ message Http2ProtocolOptions { // this limit triggers flood mitigation and connection is terminated. The // ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood // mitigation. The default limit is 1000. - // [#comment:TODO: implement same limits for upstream outbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}]; // Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an @@ -294,7 +300,8 @@ message Http2ProtocolOptions { // stat tracks the number of connections terminated due to flood mitigation. // Setting this to 0 will terminate connection upon receiving first frame with an empty payload // and no end stream flag. The default limit is 1. - // [#comment:TODO: implement same limits for upstream inbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9; // Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number @@ -305,7 +312,8 @@ message Http2ProtocolOptions { // // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks // the number of connections terminated due to flood mitigation. The default limit is 100. - // [#comment:TODO: implement same limits for upstream inbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10; // Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number @@ -319,7 +327,8 @@ message Http2ProtocolOptions { // the number of connections terminated due to flood mitigation. The default limit is 10. // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, // but more complex implementations that try to estimate available bandwidth require at least 2. - // [#comment:TODO: implement same limits for upstream inbound frames as well.] + // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the + // `envoy.reloadable_features.upstream_http2_flood_checks` flag. google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11 [(validate.rules).uint32 = {gte: 1}]; diff --git a/api/src/main/proto/envoy/config/core/v4alpha/substitution_format_string.proto b/api/src/main/proto/envoy/config/core/v4alpha/substitution_format_string.proto index e996bcbc0..383d5dfd5 100644 --- a/api/src/main/proto/envoy/config/core/v4alpha/substitution_format_string.proto +++ b/api/src/main/proto/envoy/config/core/v4alpha/substitution_format_string.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.config.core.v4alpha; +import "envoy/config/core/v4alpha/base.proto"; + import "google/protobuf/struct.proto"; import "udpa/annotations/status.proto"; @@ -17,31 +19,18 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // Configuration to use multiple :ref:`command operators ` // to generate a new string in either plain text or JSON format. +// [#next-free-field: 6] message SubstitutionFormatString { option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.SubstitutionFormatString"; + reserved 1; + + reserved "text_format"; + oneof format { option (validate.required) = true; - // Specify a format with command operators to form a text string. - // Its details is described in :ref:`format string`. - // - // For example, setting ``text_format`` like below, - // - // .. validated-code-block:: yaml - // :type-name: envoy.config.core.v3.SubstitutionFormatString - // - // text_format: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%\n" - // - // generates plain text similar to: - // - // .. code-block:: text - // - // upstream connect error:503:path=/foo - // - string text_format = 1 [(validate.rules).string = {min_len: 1}]; - // Specify a format with command operators to form a JSON string. // Its details is described in :ref:`format dictionary`. // Values are rendered as strings, numbers, or boolean values as appropriate. @@ -65,6 +54,25 @@ message SubstitutionFormatString { // } // google.protobuf.Struct json_format = 2 [(validate.rules).message = {required: true}]; + + // Specify a format with command operators to form a text string. + // Its details is described in :ref:`format string`. + // + // For example, setting ``text_format`` like below, + // + // .. validated-code-block:: yaml + // :type-name: envoy.config.core.v3.SubstitutionFormatString + // + // text_format_source: + // inline_string: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%\n" + // + // generates plain text similar to: + // + // .. code-block:: text + // + // upstream connect error:503:path=/foo + // + DataSource text_format_source = 5; } // If set to true, when command operators are evaluated to null, diff --git a/api/src/main/proto/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto b/api/src/main/proto/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto index 29aa83801..436bb6bf4 100644 --- a/api/src/main/proto/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto +++ b/api/src/main/proto/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto @@ -51,6 +51,10 @@ message PerRouteConfig { // :ref:`HCM host rewrite header ` // given that the value set here would be used for DNS lookups whereas the value set in the HCM // would be used for host header forwarding which is not the desired outcome. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string auto_host_rewrite_header = 2 [(udpa.annotations.field_migrate).rename = "host_rewrite_header"]; } diff --git a/api/src/main/proto/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/api/src/main/proto/envoy/config/filter/http/ext_authz/v2/ext_authz.proto index db188a572..b9a807d82 100644 --- a/api/src/main/proto/envoy/config/filter/http/ext_authz/v2/ext_authz.proto +++ b/api/src/main/proto/envoy/config/filter/http/ext_authz/v2/ext_authz.proto @@ -49,10 +49,7 @@ message ExtAuthz { // `. bool failure_mode_allow = 2; - // Sets the package version the gRPC service should use. This is particularly - // useful when transitioning from alpha to release versions assuming that both definitions are - // semantically compatible. Deprecation note: This field is deprecated and should only be used for - // version upgrade. See release notes for more details. + // [#not-implemented-hide: Support for this field has been removed.] bool use_alpha = 4 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; // Enables filter to buffer the client request body and send it within the authorization request. diff --git a/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index 06b13acb2..c05032df2 100644 --- a/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -586,6 +586,10 @@ message ScopedRoutes { } // The name of the header field to extract the value from. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string name = 1 [(validate.rules).string = {min_bytes: 1}]; // The element separator (e.g., ';' separates 'a;b;c;d'). diff --git a/api/src/main/proto/envoy/config/listener/v3/listener.proto b/api/src/main/proto/envoy/config/listener/v3/listener.proto index dab0eb1ce..83aac4014 100644 --- a/api/src/main/proto/envoy/config/listener/v3/listener.proto +++ b/api/src/main/proto/envoy/config/listener/v3/listener.proto @@ -15,7 +15,7 @@ import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/collection_entry.proto"; +import "xds/core/v3/collection_entry.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; @@ -33,10 +33,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Listener list collections. Entries are *Listener* resources or references. // [#not-implemented-hide:] message ListenerCollection { - repeated udpa.core.v1.CollectionEntry entries = 1; + repeated xds.core.v3.CollectionEntry entries = 1; } -// [#next-free-field: 25] +// [#next-free-field: 27] message Listener { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener"; @@ -60,12 +60,8 @@ message Listener { // bind can only receive connections redirected from other listeners that // set use_original_dst parameter to true. Default is true. // - // This is deprecated in v2, all Listeners will bind to their port. An - // additional filter chain must be created for every original destination - // port this listener may redirect to in v2, with the original port - // specified in the FilterChainMatch destination_port field. - // - // [#comment:TODO(PiotrSikora): Remove this once verified that we no longer need it.] + // This is deprecated. Use :ref:`Listener.bind_to_port + // ` google.protobuf.BoolValue bind_to_port = 1; } @@ -93,9 +89,7 @@ message Listener { } } - reserved 14, 4; - - reserved "use_original_dst"; + reserved 14; // The unique name by which this listener is known. If no name is provided, // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically @@ -116,6 +110,17 @@ message Listener { // :ref:`FAQ entry `. repeated FilterChain filter_chains = 3; + // If a connection is redirected using *iptables*, the port on which the proxy + // receives it might be different from the original destination address. When this flag is set to + // true, the listener hands off redirected connections to the listener associated with the + // original destination address. If there is no listener associated with the original destination + // address, the connection is handled by the listener that receives it. Defaults to false. + google.protobuf.BoolValue use_original_dst = 4; + + // The default filter chain if none of the filter chain matches. If no default filter chain is supplied, + // the connection will be closed. The filter chain match is ignored in this field. + FilterChain default_filter_chain = 25; + // Soft limit on size of the listener’s new connection read and write buffers. // If unspecified, an implementation defined default is applied (1MiB). google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5 @@ -125,7 +130,7 @@ message Listener { core.v3.Metadata metadata = 6; // [#not-implemented-hide:] - DeprecatedV1 deprecated_v1 = 7; + DeprecatedV1 deprecated_v1 = 7 [deprecated = true]; // The type of draining to perform at a listener-wide level. DrainType drain_type = 8; @@ -263,4 +268,10 @@ message Listener { // The maximum length a tcp listener's pending connections queue can grow to. If no value is // provided net.core.somaxconn will be used on Linux and 128 otherwise. google.protobuf.UInt32Value tcp_backlog_size = 24; + + // Whether the listener should bind to the port. A listener that doesn't + // bind can only receive connections redirected from other listeners that set + // :ref:`use_original_dst ` + // to true. Default is true. + google.protobuf.BoolValue bind_to_port = 26; } diff --git a/api/src/main/proto/envoy/config/listener/v3/listener_components.proto b/api/src/main/proto/envoy/config/listener/v3/listener_components.proto index 12ba713d6..c2236a34d 100644 --- a/api/src/main/proto/envoy/config/listener/v3/listener_components.proto +++ b/api/src/main/proto/envoy/config/listener/v3/listener_components.proto @@ -65,6 +65,18 @@ message Filter { // ``www.example.com``, then ``*.example.com``, then ``*.com``, then any filter // chain without ``server_names`` requirements). // +// A different way to reason about the filter chain matches: +// Suppose there exists N filter chains. Prune the filter chain set using the above 8 steps. +// In each step, filter chains which most specifically matches the attributes continue to the next step. +// The listener guarantees at most 1 filter chain is left after all of the steps. +// +// Example: +// +// For destination port, filter chains specifying the destination port of incoming traffic are the +// most specific match. If none of the filter chains specifies the exact destination port, the filter +// chains which do not specify ports are the most specific match. Filter chains specifying the +// wrong port can never be the most specific match. +// // [#comment: Implemented rules are kept in the preference order, with deprecated fields // listed at the end, because that's how we want to list them in the docs. // @@ -168,7 +180,7 @@ message FilterChainMatch { // A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and // various other parameters. -// [#next-free-field: 9] +// [#next-free-field: 10] message FilterChain { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.FilterChain"; @@ -206,7 +218,11 @@ message FilterChain { // load balancers including the AWS ELB support this option. If the option is // absent or set to false, Envoy will use the physical peer address of the // connection as the remote address. - google.protobuf.BoolValue use_proxy_proto = 4; + // + // This field is deprecated. Add a + // :ref:`PROXY protocol listener filter ` + // explicitly instead. + google.protobuf.BoolValue use_proxy_proto = 4 [deprecated = true]; // [#not-implemented-hide:] filter chain metadata. core.v3.Metadata metadata = 5; @@ -218,6 +234,11 @@ message FilterChain { // will be set up with plaintext. core.v3.TransportSocket transport_socket = 6; + // If present and nonzero, the amount of time to allow incoming connections to complete any + // transport socket negotiations. If this expires before the transport reports connection + // establishment, the connection is summarily closed. + google.protobuf.Duration transport_socket_connect_timeout = 9; + // [#not-implemented-hide:] The unique name (or empty) by which this filter chain is known. If no // name is provided, Envoy will allocate an internal UUID for the filter chain. If the filter // chain is to be dynamically updated or removed via FCDS a unique name must be provided. diff --git a/api/src/main/proto/envoy/config/listener/v4alpha/listener.proto b/api/src/main/proto/envoy/config/listener/v4alpha/listener.proto index 3c9dced08..5b8bd9b54 100644 --- a/api/src/main/proto/envoy/config/listener/v4alpha/listener.proto +++ b/api/src/main/proto/envoy/config/listener/v4alpha/listener.proto @@ -15,7 +15,7 @@ import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/collection_entry.proto"; +import "xds/core/v3/collection_entry.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; @@ -36,10 +36,10 @@ message ListenerCollection { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.ListenerCollection"; - repeated udpa.core.v1.CollectionEntry entries = 1; + repeated xds.core.v3.CollectionEntry entries = 1; } -// [#next-free-field: 25] +// [#next-free-field: 27] message Listener { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.Listener"; @@ -63,12 +63,8 @@ message Listener { // bind can only receive connections redirected from other listeners that // set use_original_dst parameter to true. Default is true. // - // This is deprecated in v2, all Listeners will bind to their port. An - // additional filter chain must be created for every original destination - // port this listener may redirect to in v2, with the original port - // specified in the FilterChainMatch destination_port field. - // - // [#comment:TODO(PiotrSikora): Remove this once verified that we no longer need it.] + // This is deprecated. Use :ref:`Listener.bind_to_port + // ` google.protobuf.BoolValue bind_to_port = 1; } @@ -96,9 +92,9 @@ message Listener { } } - reserved 14, 4; + reserved 14, 7; - reserved "use_original_dst"; + reserved "deprecated_v1"; // The unique name by which this listener is known. If no name is provided, // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically @@ -119,6 +115,17 @@ message Listener { // :ref:`FAQ entry `. repeated FilterChain filter_chains = 3; + // If a connection is redirected using *iptables*, the port on which the proxy + // receives it might be different from the original destination address. When this flag is set to + // true, the listener hands off redirected connections to the listener associated with the + // original destination address. If there is no listener associated with the original destination + // address, the connection is handled by the listener that receives it. Defaults to false. + google.protobuf.BoolValue use_original_dst = 4; + + // The default filter chain if none of the filter chain matches. If no default filter chain is supplied, + // the connection will be closed. The filter chain match is ignored in this field. + FilterChain default_filter_chain = 25; + // Soft limit on size of the listener’s new connection read and write buffers. // If unspecified, an implementation defined default is applied (1MiB). google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5 @@ -127,9 +134,6 @@ message Listener { // Listener metadata. core.v4alpha.Metadata metadata = 6; - // [#not-implemented-hide:] - DeprecatedV1 deprecated_v1 = 7; - // The type of draining to perform at a listener-wide level. DrainType drain_type = 8; @@ -266,4 +270,10 @@ message Listener { // The maximum length a tcp listener's pending connections queue can grow to. If no value is // provided net.core.somaxconn will be used on Linux and 128 otherwise. google.protobuf.UInt32Value tcp_backlog_size = 24; + + // Whether the listener should bind to the port. A listener that doesn't + // bind can only receive connections redirected from other listeners that set + // :ref:`use_original_dst ` + // to true. Default is true. + google.protobuf.BoolValue bind_to_port = 26; } diff --git a/api/src/main/proto/envoy/config/listener/v4alpha/listener_components.proto b/api/src/main/proto/envoy/config/listener/v4alpha/listener_components.proto index 4add5ee10..021aadc92 100644 --- a/api/src/main/proto/envoy/config/listener/v4alpha/listener_components.proto +++ b/api/src/main/proto/envoy/config/listener/v4alpha/listener_components.proto @@ -65,6 +65,18 @@ message Filter { // ``www.example.com``, then ``*.example.com``, then ``*.com``, then any filter // chain without ``server_names`` requirements). // +// A different way to reason about the filter chain matches: +// Suppose there exists N filter chains. Prune the filter chain set using the above 8 steps. +// In each step, filter chains which most specifically matches the attributes continue to the next step. +// The listener guarantees at most 1 filter chain is left after all of the steps. +// +// Example: +// +// For destination port, filter chains specifying the destination port of incoming traffic are the +// most specific match. If none of the filter chains specifies the exact destination port, the filter +// chains which do not specify ports are the most specific match. Filter chains specifying the +// wrong port can never be the most specific match. +// // [#comment: Implemented rules are kept in the preference order, with deprecated fields // listed at the end, because that's how we want to list them in the docs. // @@ -168,7 +180,7 @@ message FilterChainMatch { // A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and // various other parameters. -// [#next-free-field: 9] +// [#next-free-field: 10] message FilterChain { option (udpa.annotations.versioning).previous_message_type = "envoy.config.listener.v3.FilterChain"; @@ -191,9 +203,9 @@ message FilterChain { google.protobuf.Duration rebuild_timeout = 1; } - reserved 2; + reserved 2, 4; - reserved "tls_context"; + reserved "tls_context", "use_proxy_proto"; // The criteria to use when matching a connection to this filter chain. FilterChainMatch filter_chain_match = 1; @@ -204,14 +216,6 @@ message FilterChain { // list is empty, the connection will close by default. repeated Filter filters = 3; - // Whether the listener should expect a PROXY protocol V1 header on new - // connections. If this option is enabled, the listener will assume that that - // remote address of the connection is the one specified in the header. Some - // load balancers including the AWS ELB support this option. If the option is - // absent or set to false, Envoy will use the physical peer address of the - // connection as the remote address. - google.protobuf.BoolValue use_proxy_proto = 4; - // [#not-implemented-hide:] filter chain metadata. core.v4alpha.Metadata metadata = 5; @@ -222,6 +226,11 @@ message FilterChain { // will be set up with plaintext. core.v4alpha.TransportSocket transport_socket = 6; + // If present and nonzero, the amount of time to allow incoming connections to complete any + // transport socket negotiations. If this expires before the transport reports connection + // establishment, the connection is summarily closed. + google.protobuf.Duration transport_socket_connect_timeout = 9; + // [#not-implemented-hide:] The unique name (or empty) by which this filter chain is known. If no // name is provided, Envoy will allocate an internal UUID for the filter chain. If the filter // chain is to be dynamically updated or removed via FCDS a unique name must be provided. diff --git a/api/src/main/proto/envoy/config/overload/v3/overload.proto b/api/src/main/proto/envoy/config/overload/v3/overload.proto index ac1d444b6..55a66500c 100644 --- a/api/src/main/proto/envoy/config/overload/v3/overload.proto +++ b/api/src/main/proto/envoy/config/overload/v3/overload.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.config.overload.v3; +import "envoy/type/v3/percent.proto"; + import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; @@ -80,6 +82,45 @@ message Trigger { } } +// Typed configuration for the "envoy.overload_actions.reduce_timeouts" action. See +// :ref:`the docs ` for an example of how to configure +// the action with different timeouts and minimum values. +message ScaleTimersOverloadActionConfig { + enum TimerType { + // Unsupported value; users must explicitly specify the timer they want scaled. + UNSPECIFIED = 0; + + // Adjusts the idle timer for downstream HTTP connections that takes effect when there are no active streams. + // This affects the value of :ref:`HttpConnectionManager.common_http_protocol_options.idle_timeout + // ` + HTTP_DOWNSTREAM_CONNECTION_IDLE = 1; + + // Adjusts the idle timer for HTTP streams initiated by downstream clients. + // This affects the value of :ref:`RouteAction.idle_timeout ` and + // :ref:`HttpConnectionManager.stream_idle_timeout + // ` + HTTP_DOWNSTREAM_STREAM_IDLE = 2; + } + + message ScaleTimer { + // The type of timer this minimum applies to. + TimerType timer = 1 [(validate.rules).enum = {defined_only: true not_in: 0}]; + + oneof overload_adjust { + option (validate.required) = true; + + // Sets the minimum duration as an absolute value. + google.protobuf.Duration min_timeout = 2; + + // Sets the minimum duration as a percentage of the maximum value. + type.v3.Percent min_scale = 3; + } + } + + // A set of timer scaling rules to be applied. + repeated ScaleTimer timer_scale_factors = 1 [(validate.rules).repeated = {min_items: 1}]; +} + message OverloadAction { option (udpa.annotations.versioning).previous_message_type = "envoy.config.overload.v2alpha.OverloadAction"; @@ -93,6 +134,9 @@ message OverloadAction { // state of all triggers, which can be scaling between 0 and 1 or saturated. Listeners // are notified when the overload action changes state. repeated Trigger triggers = 2 [(validate.rules).repeated = {min_items: 1}]; + + // Configuration for the action being instantiated. + google.protobuf.Any typed_config = 3; } message OverloadManager { diff --git a/api/src/main/proto/envoy/config/ratelimit/v4alpha/rls.proto b/api/src/main/proto/envoy/config/ratelimit/v4alpha/rls.proto new file mode 100644 index 000000000..7a13efd73 --- /dev/null +++ b/api/src/main/proto/envoy/config/ratelimit/v4alpha/rls.proto @@ -0,0 +1,34 @@ +syntax = "proto3"; + +package envoy.config.ratelimit.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.ratelimit.v4alpha"; +option java_outer_classname = "RlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit service] + +// Rate limit :ref:`configuration overview `. +message RateLimitServiceConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.ratelimit.v3.RateLimitServiceConfig"; + + reserved 1, 3; + + // Specifies the gRPC service that hosts the rate limit service. The client + // will connect to this cluster when it needs to make rate limit service + // requests. + core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}]; + + // API version for rate limit transport protocol. This describes the rate limit gRPC endpoint and + // version of messages used on the wire. + core.v4alpha.ApiVersion transport_api_version = 4 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/api/src/main/proto/envoy/config/route/v3/route_components.proto b/api/src/main/proto/envoy/config/route/v3/route_components.proto index 4555c9325..53b351b8d 100644 --- a/api/src/main/proto/envoy/config/route/v3/route_components.proto +++ b/api/src/main/proto/envoy/config/route/v3/route_components.proto @@ -751,7 +751,7 @@ message RouteAction { // For each upgrade type present in upgrade_configs, requests with // Upgrade: [upgrade_type] will be proxied upstream. string upgrade_type = 1 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}]; // Determines if upgrades are available on this route. Defaults to true. google.protobuf.BoolValue enabled = 2; @@ -809,6 +809,10 @@ message RouteAction { // // Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 // *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string cluster_header = 2 [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; @@ -917,6 +921,10 @@ message RouteAction { // // Pay attention to the potential security implications of using this option. Provided header // must come from trusted source. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string host_rewrite_header = 29 [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; @@ -969,6 +977,10 @@ message RouteAction { // fires, the stream is terminated with a 408 Request Timeout error code if no // upstream response header has been received, otherwise a stream reset // occurs. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled according to the value for + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. google.protobuf.Duration idle_timeout = 24; // Indicates that the route has a retry policy. Note that if this is set, @@ -1146,9 +1158,15 @@ message RetryPolicy { } message ResetHeader { + // The name of the reset header. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string name = 1 [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + // The format of the reset header. ResetHeaderFormat format = 2 [(validate.rules).enum = {defined_only: true}]; } @@ -1292,18 +1310,23 @@ message HedgePolicy { // [#not-implemented-hide:] type.v3.FractionalPercent additional_request_chance = 2; - // Indicates that a hedged request should be sent when the per-try timeout - // is hit. This will only occur if the retry policy also indicates that a - // timed out request should be retried. - // Once a timed out request is retried due to per try timeout, the router - // filter will ensure that it is not retried again even if the returned - // response headers would otherwise be retried according the specified - // :ref:`RetryPolicy `. + // Indicates that a hedged request should be sent when the per-try timeout is hit. + // This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight. + // The first request to complete successfully will be the one returned to the caller. + // + // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client. + // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client + // if there are no more retries left. + // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. + // + // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least + // one error code and specifies a maximum number of retries. + // // Defaults to false. bool hedge_on_per_try_timeout = 3; } -// [#next-free-field: 9] +// [#next-free-field: 10] message RedirectAction { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RedirectAction"; @@ -1374,6 +1397,31 @@ message RedirectAction { // :ref:`RouteAction's prefix_rewrite `. string prefix_rewrite = 5 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during redirect, portions of the path that match the + // pattern should be rewritten, even allowing the substitution of capture + // groups from the pattern into the new path as specified by the rewrite + // substitution string. This is useful to allow application paths to be + // rewritten in a way that is aware of segments with variable content like + // identifiers. + // + // Examples using Google's `RE2 `_ engine: + // + // * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution + // string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` + // into ``/v1/api/instance/foo``. + // + // * The pattern ``one`` paired with a substitution string of ``two`` would + // transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. + // + // * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of + // ``\1two\2`` would replace only the first occurrence of ``one``, + // transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. + // + // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` + // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to + // ``/aaa/yyy/bbb``. + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 9; } // The HTTP status code to use in the redirect response. The default response @@ -1496,7 +1544,7 @@ message VirtualCluster { message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit"; - // [#next-free-field: 8] + // [#next-free-field: 10] message Action { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit.Action"; @@ -1613,11 +1661,15 @@ message RateLimit { repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; } - // The following descriptor entry is appended when the dynamic metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`dynamic metadata ` contains a key value: // // .. code-block:: cpp // - // ("", "") + // ("", "") + // + // .. attention:: + // This action has been deprecated in favor of the :ref:`metadata ` action message DynamicMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; @@ -1631,6 +1683,35 @@ message RateLimit { string default_value = 3; } + // The following descriptor entry is appended when the metadata contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + message MetaData { + enum Source { + // Query :ref:`dynamic metadata ` + DYNAMIC = 0; + + // Query :ref:`route entry metadata ` + ROUTE_ENTRY = 1; + } + + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if *metadata_key* is empty. If not set and + // no value is present under the metadata_key then no descriptor is generated. + string default_value = 3; + + // Source of metadata + Source source = 4 [(validate.rules).enum = {defined_only: true}]; + } + oneof action_specifier { option (validate.required) = true; @@ -1653,7 +1734,17 @@ message RateLimit { HeaderValueMatch header_value_match = 6; // Rate limit on dynamic metadata. - DynamicMetaData dynamic_metadata = 7; + // + // .. attention:: + // This field has been deprecated in favor of the :ref:`metadata ` field + DynamicMetaData dynamic_metadata = 7 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + + // Rate limit on metadata. + MetaData metadata = 8; + + // Rate limit descriptor extension. See the rate limit descriptor extensions documentation. + core.v3.TypedExtensionConfig extension = 9; } } diff --git a/api/src/main/proto/envoy/config/route/v4alpha/route_components.proto b/api/src/main/proto/envoy/config/route/v4alpha/route_components.proto index c0bd5bac8..577282595 100644 --- a/api/src/main/proto/envoy/config/route/v4alpha/route_components.proto +++ b/api/src/main/proto/envoy/config/route/v4alpha/route_components.proto @@ -747,7 +747,7 @@ message RouteAction { // For each upgrade type present in upgrade_configs, requests with // Upgrade: [upgrade_type] will be proxied upstream. string upgrade_type = 1 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}]; // Determines if upgrades are available on this route. Defaults to true. google.protobuf.BoolValue enabled = 2; @@ -809,6 +809,10 @@ message RouteAction { // // Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 // *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string cluster_header = 2 [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; @@ -917,6 +921,10 @@ message RouteAction { // // Pay attention to the potential security implications of using this option. Provided header // must come from trusted source. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string host_rewrite_header = 29 [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; @@ -969,6 +977,10 @@ message RouteAction { // fires, the stream is terminated with a 408 Request Timeout error code if no // upstream response header has been received, otherwise a stream reset // occurs. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled according to the value for + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. google.protobuf.Duration idle_timeout = 24; // Indicates that the route has a retry policy. Note that if this is set, @@ -1091,9 +1103,15 @@ message RetryPolicy { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RetryPolicy.ResetHeader"; + // The name of the reset header. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string name = 1 [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + // The format of the reset header. ResetHeaderFormat format = 2 [(validate.rules).enum = {defined_only: true}]; } @@ -1239,18 +1257,23 @@ message HedgePolicy { // [#not-implemented-hide:] type.v3.FractionalPercent additional_request_chance = 2; - // Indicates that a hedged request should be sent when the per-try timeout - // is hit. This will only occur if the retry policy also indicates that a - // timed out request should be retried. - // Once a timed out request is retried due to per try timeout, the router - // filter will ensure that it is not retried again even if the returned - // response headers would otherwise be retried according the specified - // :ref:`RetryPolicy `. + // Indicates that a hedged request should be sent when the per-try timeout is hit. + // This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight. + // The first request to complete successfully will be the one returned to the caller. + // + // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client. + // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client + // if there are no more retries left. + // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. + // + // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least + // one error code and specifies a maximum number of retries. + // // Defaults to false. bool hedge_on_per_try_timeout = 3; } -// [#next-free-field: 9] +// [#next-free-field: 10] message RedirectAction { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RedirectAction"; @@ -1322,6 +1345,31 @@ message RedirectAction { // :ref:`RouteAction's prefix_rewrite `. string prefix_rewrite = 5 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during redirect, portions of the path that match the + // pattern should be rewritten, even allowing the substitution of capture + // groups from the pattern into the new path as specified by the rewrite + // substitution string. This is useful to allow application paths to be + // rewritten in a way that is aware of segments with variable content like + // identifiers. + // + // Examples using Google's `RE2 `_ engine: + // + // * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution + // string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` + // into ``/v1/api/instance/foo``. + // + // * The pattern ``one`` paired with a substitution string of ``two`` would + // transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. + // + // * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of + // ``\1two\2`` would replace only the first occurrence of ``one``, + // transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. + // + // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` + // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to + // ``/aaa/yyy/bbb``. + type.matcher.v4alpha.RegexMatchAndSubstitute regex_rewrite = 9; } // The HTTP status code to use in the redirect response. The default response @@ -1445,7 +1493,7 @@ message VirtualCluster { message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit"; - // [#next-free-field: 8] + // [#next-free-field: 10] message Action { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action"; @@ -1562,11 +1610,15 @@ message RateLimit { repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; } - // The following descriptor entry is appended when the dynamic metadata contains a key value: + // The following descriptor entry is appended when the + // :ref:`dynamic metadata ` contains a key value: // // .. code-block:: cpp // - // ("", "") + // ("", "") + // + // .. attention:: + // This action has been deprecated in favor of the :ref:`metadata ` action message DynamicMetaData { option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit.Action.DynamicMetaData"; @@ -1583,6 +1635,42 @@ message RateLimit { string default_value = 3; } + // The following descriptor entry is appended when the metadata contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + message MetaData { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.MetaData"; + + enum Source { + // Query :ref:`dynamic metadata ` + DYNAMIC = 0; + + // Query :ref:`route entry metadata ` + ROUTE_ENTRY = 1; + } + + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if *metadata_key* is empty. If not set and + // no value is present under the metadata_key then no descriptor is generated. + string default_value = 3; + + // Source of metadata + Source source = 4 [(validate.rules).enum = {defined_only: true}]; + } + + reserved 7; + + reserved "dynamic_metadata"; + oneof action_specifier { option (validate.required) = true; @@ -1604,8 +1692,11 @@ message RateLimit { // Rate limit on the existence of request headers. HeaderValueMatch header_value_match = 6; - // Rate limit on dynamic metadata. - DynamicMetaData dynamic_metadata = 7; + // Rate limit on metadata. + MetaData metadata = 8; + + // Rate limit descriptor extension. See the rate limit descriptor extensions documentation. + core.v4alpha.TypedExtensionConfig extension = 9; } } diff --git a/api/src/main/proto/envoy/config/trace/v3/opencensus.proto b/api/src/main/proto/envoy/config/trace/v3/opencensus.proto index 393131391..a4a875098 100644 --- a/api/src/main/proto/envoy/config/trace/v3/opencensus.proto +++ b/api/src/main/proto/envoy/config/trace/v3/opencensus.proto @@ -72,11 +72,14 @@ message OpenCensusConfig { core.v3.GrpcService stackdriver_grpc_service = 13; // Enables the Zipkin exporter if set to true. The url and service name must - // also be set. - bool zipkin_exporter_enabled = 5; - - // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans" - string zipkin_url = 6; + // also be set. This is deprecated, prefer to use Envoy's :ref:`native Zipkin + // tracer `. + bool zipkin_exporter_enabled = 5 [deprecated = true]; + + // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans". This is + // deprecated, prefer to use Envoy's :ref:`native Zipkin tracer + // `. + string zipkin_url = 6 [deprecated = true]; // Enables the OpenCensus Agent exporter if set to true. The ocagent_address or // ocagent_grpc_service must also be set. diff --git a/api/src/main/proto/envoy/config/trace/v3/skywalking.proto b/api/src/main/proto/envoy/config/trace/v3/skywalking.proto new file mode 100644 index 000000000..224d474cc --- /dev/null +++ b/api/src/main/proto/envoy/config/trace/v3/skywalking.proto @@ -0,0 +1,66 @@ +syntax = "proto3"; + +package envoy.config.trace.v3; + +import "envoy/config/core/v3/grpc_service.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v3"; +option java_outer_classname = "SkywalkingProto"; +option java_multiple_files = true; +option (udpa.annotations.file_migrate).move_to_package = + "envoy.extensions.tracers.skywalking.v4alpha"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: SkyWalking tracer] + +// Configuration for the SkyWalking tracer. Please note that if SkyWalking tracer is used as the +// provider of http tracer, then +// :ref:`start_child_span ` +// in the router must be set to true to get the correct topology and tracing data. Moreover, SkyWalking +// Tracer does not support SkyWalking extension header (``sw8-x``) temporarily. +// [#extension: envoy.tracers.skywalking] +message SkyWalkingConfig { + // SkyWalking collector service. + core.v3.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}]; + + ClientConfig client_config = 2; +} + +// Client config for SkyWalking tracer. +message ClientConfig { + // Service name for SkyWalking tracer. If this field is empty, then local service cluster name + // that configured by :ref:`Bootstrap node ` + // message's :ref:`cluster ` field or command line + // option :option:`--service-cluster` will be used. If both this field and local service cluster + // name are empty, ``EnvoyProxy`` is used as the service name by default. + string service_name = 1; + + // Service instance name for SkyWalking tracer. If this field is empty, then local service node + // that configured by :ref:`Bootstrap node ` + // message's :ref:`id ` field or command line option + // :option:`--service-node` will be used. If both this field and local service node are empty, + // ``EnvoyProxy`` is used as the instance name by default. + string instance_name = 2; + + // Authentication token config for SkyWalking. SkyWalking can use token authentication to secure + // that monitoring application data can be trusted. In current version, Token is considered as a + // simple string. + // [#comment:TODO(wbpcode): Get backend token through the SDS API.] + oneof backend_token_specifier { + // Inline authentication token string. + string backend_token = 3 [(udpa.annotations.sensitive) = true]; + } + + // Envoy caches the segment in memory when the SkyWalking backend service is temporarily unavailable. + // This field specifies the maximum number of segments that can be cached. If not specified, the + // default is 1024. + google.protobuf.UInt32Value max_cache_size = 4; +} diff --git a/api/src/main/proto/envoy/config/trace/v3/zipkin.proto b/api/src/main/proto/envoy/config/trace/v3/zipkin.proto index ee4e4d9b7..2c1026b83 100644 --- a/api/src/main/proto/envoy/config/trace/v3/zipkin.proto +++ b/api/src/main/proto/envoy/config/trace/v3/zipkin.proto @@ -20,7 +20,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration for the Zipkin tracer. // [#extension: envoy.tracers.zipkin] -// [#next-free-field: 6] +// [#next-free-field: 7] message ZipkinConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v2.ZipkinConfig"; @@ -46,9 +46,7 @@ message ZipkinConfig { GRPC = 3; } - // The cluster manager cluster that hosts the Zipkin collectors. Note that the - // Zipkin cluster must be defined in the :ref:`Bootstrap static cluster - // resources `. + // The cluster manager cluster that hosts the Zipkin collectors. string collector_cluster = 1 [(validate.rules).string = {min_len: 1}]; // The API endpoint of the Zipkin service where the spans will be sent. When @@ -67,4 +65,8 @@ message ZipkinConfig { // Determines the selected collector endpoint version. By default, the ``HTTP_JSON_V1`` will be // used. CollectorEndpointVersion collector_endpoint_version = 5; + + // Optional hostname to use when sending spans to the collector_cluster. Useful for collectors + // that require a specific hostname. Defaults to :ref:`collector_cluster ` above. + string collector_hostname = 6; } diff --git a/api/src/main/proto/envoy/extensions/access_loggers/grpc/v4alpha/als.proto b/api/src/main/proto/envoy/extensions/access_loggers/grpc/v4alpha/als.proto new file mode 100644 index 000000000..c7bf15948 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/access_loggers/grpc/v4alpha/als.proto @@ -0,0 +1,89 @@ +syntax = "proto3"; + +package envoy.extensions.access_loggers.grpc.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.access_loggers.grpc.v4alpha"; +option java_outer_classname = "AlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC Access Log Service (ALS)] + +// Configuration for the built-in *envoy.access_loggers.http_grpc* +// :ref:`AccessLog `. This configuration will +// populate :ref:`StreamAccessLogsMessage.http_logs +// `. +// [#extension: envoy.access_loggers.http_grpc] +message HttpGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig"; + + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; + + // Additional request headers to log in :ref:`HTTPRequestProperties.request_headers + // `. + repeated string additional_request_headers_to_log = 2; + + // Additional response headers to log in :ref:`HTTPResponseProperties.response_headers + // `. + repeated string additional_response_headers_to_log = 3; + + // Additional response trailers to log in :ref:`HTTPResponseProperties.response_trailers + // `. + repeated string additional_response_trailers_to_log = 4; +} + +// Configuration for the built-in *envoy.access_loggers.tcp_grpc* type. This configuration will +// populate *StreamAccessLogsMessage.tcp_logs*. +// [#extension: envoy.access_loggers.tcp_grpc] +message TcpGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig"; + + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}]; +} + +// Common configuration for gRPC access logs. +// [#next-free-field: 7] +message CommonGrpcAccessLogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.access_loggers.grpc.v3.CommonGrpcAccessLogConfig"; + + // The friendly name of the access log to be returned in :ref:`StreamAccessLogsMessage.Identifier + // `. This allows the + // access log server to differentiate between different access logs coming from the same Envoy. + string log_name = 1 [(validate.rules).string = {min_len: 1}]; + + // The gRPC service for the access log service. + config.core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}]; + + // API version for access logs service transport protocol. This describes the access logs service + // gRPC endpoint and version of messages used on the wire. + config.core.v4alpha.ApiVersion transport_api_version = 6 + [(validate.rules).enum = {defined_only: true}]; + + // Interval for flushing access logs to the gRPC stream. Logger will flush requests every time + // this interval is elapsed, or when batch size limit is hit, whichever comes first. Defaults to + // 1 second. + google.protobuf.Duration buffer_flush_interval = 3 [(validate.rules).duration = {gt {}}]; + + // Soft size limit in bytes for access log entries buffer. Logger will buffer requests until + // this limit it hit, or every time flush interval is elapsed, whichever comes first. Setting it + // to zero effectively disables the batching. Defaults to 16384. + google.protobuf.UInt32Value buffer_size_bytes = 4; + + // Additional filter state objects to log in :ref:`filter_state_objects + // `. + // Logger will call `FilterState::Object::serializeAsProto` to serialize the filter state object. + repeated string filter_state_objects_to_log = 5; +} diff --git a/api/src/main/proto/envoy/extensions/access_loggers/wasm/v3/wasm.proto b/api/src/main/proto/envoy/extensions/access_loggers/wasm/v3/wasm.proto index cd9db5906..413743a20 100644 --- a/api/src/main/proto/envoy/extensions/access_loggers/wasm/v3/wasm.proto +++ b/api/src/main/proto/envoy/extensions/access_loggers/wasm/v3/wasm.proto @@ -12,9 +12,12 @@ option java_outer_classname = "WasmProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; -// [[#not-implemented-hide:] +// [#protodoc-title: Wasm access log] +// [#extension: envoy.access_loggers.wasm] + // Custom configuration for an :ref:`AccessLog ` -// that calls into a WASM VM. +// that calls into a WASM VM. Configures the built-in *envoy.access_loggers.wasm* +// AccessLog. message WasmAccessLog { envoy.extensions.wasm.v3.PluginConfig config = 1; } diff --git a/api/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto b/api/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto new file mode 100644 index 000000000..47a065be6 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto @@ -0,0 +1,29 @@ +syntax = "proto3"; + +package envoy.extensions.common.matching.v3; + +import "envoy/config/common/matcher/v3/matcher.proto"; +import "envoy/config/core/v3/extension.proto"; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.common.matching.v3"; +option java_outer_classname = "ExtensionMatcherProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Extension Matcher] + +// Wrapper around an existing extension that provides an associated matcher. This allows +// decorating an existing extension with a matcher, which can be used to match against +// relevant protocol data. +message ExtensionWithMatcher { + // The associated matcher. + config.common.matcher.v3.Matcher matcher = 1 [(validate.rules).message = {required: true}]; + + // The underlying extension config. + config.core.v3.TypedExtensionConfig extension_config = 2 + [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/common/matching/v4alpha/extension_matcher.proto b/api/src/main/proto/envoy/extensions/common/matching/v4alpha/extension_matcher.proto new file mode 100644 index 000000000..bb71cc5a0 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/common/matching/v4alpha/extension_matcher.proto @@ -0,0 +1,32 @@ +syntax = "proto3"; + +package envoy.extensions.common.matching.v4alpha; + +import "envoy/config/common/matcher/v4alpha/matcher.proto"; +import "envoy/config/core/v4alpha/extension.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.common.matching.v4alpha"; +option java_outer_classname = "ExtensionMatcherProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Extension Matcher] + +// Wrapper around an existing extension that provides an associated matcher. This allows +// decorating an existing extension with a matcher, which can be used to match against +// relevant protocol data. +message ExtensionWithMatcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.common.matching.v3.ExtensionWithMatcher"; + + // The associated matcher. + config.common.matcher.v4alpha.Matcher matcher = 1 [(validate.rules).message = {required: true}]; + + // The underlying extension config. + config.core.v4alpha.TypedExtensionConfig extension_config = 2 + [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/common/tap/v3/common.proto b/api/src/main/proto/envoy/extensions/common/tap/v3/common.proto index aa7ae8264..9c775a021 100644 --- a/api/src/main/proto/envoy/extensions/common/tap/v3/common.proto +++ b/api/src/main/proto/envoy/extensions/common/tap/v3/common.proto @@ -2,11 +2,8 @@ syntax = "proto3"; package envoy.extensions.common.tap.v3; -import "envoy/config/core/v3/config_source.proto"; import "envoy/config/tap/v3/common.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -24,23 +21,6 @@ message CommonExtensionConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.config.common.tap.v2alpha.CommonExtensionConfig"; - // [#not-implemented-hide:] - message TapDSConfig { - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.common.tap.v2alpha.CommonExtensionConfig.TapDSConfig"; - - // Configuration for the source of TapDS updates for this Cluster. - config.core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; - - // Tap config to request from XDS server. - string name = 2 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Resource locator for TAP. This is mutually exclusive to *name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator tap_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - } - oneof config_type { option (validate.required) = true; @@ -50,9 +30,6 @@ message CommonExtensionConfig { // If specified, the tap filter will be configured via a static configuration that cannot be // changed. config.tap.v3.TapConfig static_config = 2; - - // [#not-implemented-hide:] Configuration to use for TapDS updates for the filter. - TapDSConfig tapds_config = 3; } } diff --git a/api/src/main/proto/envoy/extensions/common/tap/v4alpha/common.proto b/api/src/main/proto/envoy/extensions/common/tap/v4alpha/common.proto index efa7744e3..d04e033f4 100644 --- a/api/src/main/proto/envoy/extensions/common/tap/v4alpha/common.proto +++ b/api/src/main/proto/envoy/extensions/common/tap/v4alpha/common.proto @@ -2,11 +2,8 @@ syntax = "proto3"; package envoy.extensions.common.tap.v4alpha; -import "envoy/config/core/v4alpha/config_source.proto"; import "envoy/config/tap/v4alpha/common.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -23,25 +20,6 @@ message CommonExtensionConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.common.tap.v3.CommonExtensionConfig"; - // [#not-implemented-hide:] - message TapDSConfig { - option (udpa.annotations.versioning).previous_message_type = - "envoy.extensions.common.tap.v3.CommonExtensionConfig.TapDSConfig"; - - // Configuration for the source of TapDS updates for this Cluster. - config.core.v4alpha.ConfigSource config_source = 1 - [(validate.rules).message = {required: true}]; - - oneof name_specifier { - // Tap config to request from XDS server. - string name = 2; - - // Resource locator for TAP. This is mutually exclusive to *name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator tap_resource_locator = 3; - } - } - oneof config_type { option (validate.required) = true; @@ -51,9 +29,6 @@ message CommonExtensionConfig { // If specified, the tap filter will be configured via a static configuration that cannot be // changed. config.tap.v4alpha.TapConfig static_config = 2; - - // [#not-implemented-hide:] Configuration to use for TapDS updates for the filter. - TapDSConfig tapds_config = 3; } } diff --git a/api/src/main/proto/envoy/extensions/compression/gzip/decompressor/v3/gzip.proto b/api/src/main/proto/envoy/extensions/compression/gzip/decompressor/v3/gzip.proto index 0ab0d947b..a0f4d8c17 100644 --- a/api/src/main/proto/envoy/extensions/compression/gzip/decompressor/v3/gzip.proto +++ b/api/src/main/proto/envoy/extensions/compression/gzip/decompressor/v3/gzip.proto @@ -20,8 +20,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; message Gzip { // Value from 9 to 15 that represents the base two logarithmic of the decompressor's window size. // The decompression window size needs to be equal or larger than the compression window size. - // The default is 12 to match the default in the - // :ref:`gzip compressor `. + // The default window size is 15. + // This is so that the decompressor can decompress a response compressed by a compressor with any compression window size. // For more details about this parameter, please refer to `zlib manual `_ > inflateInit2. google.protobuf.UInt32Value window_bits = 1 [(validate.rules).uint32 = {lte: 15 gte: 9}]; diff --git a/api/src/main/proto/envoy/extensions/filters/common/matcher/action/v3/skip_action.proto b/api/src/main/proto/envoy/extensions/filters/common/matcher/action/v3/skip_action.proto new file mode 100644 index 000000000..798796999 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/common/matcher/action/v3/skip_action.proto @@ -0,0 +1,19 @@ +syntax = "proto3"; + +package envoy.extensions.filters.common.matcher.action.v3; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.common.matcher.action.v3"; +option java_outer_classname = "SkipActionProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Common Match Actions] + +// Indicates that the associated filter should be skipped. +message SkipFilter { +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/compressor/v3/compressor.proto b/api/src/main/proto/envoy/extensions/filters/http/compressor/v3/compressor.proto index 0bfa5c186..6519697a8 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/compressor/v3/compressor.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/compressor/v3/compressor.proto @@ -21,40 +21,99 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Compressor :ref:`configuration overview `. // [#extension: envoy.filters.http.compressor] -// [#next-free-field: 7] +// [#next-free-field: 9] message Compressor { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.compressor.v2.Compressor"; + message CommonDirectionConfig { + // Runtime flag that controls whether compression is enabled or not for the direction this + // common config is put in. If set to false, the filter will operate as a pass-through filter + // in the chosen direction. If the field is omitted, the filter will be enabled. + config.core.v3.RuntimeFeatureFlag enabled = 1; + + // Minimum value of Content-Length header of request or response messages (depending on the direction + // this common config is put in), in bytes, which will trigger compression. The default value is 30. + google.protobuf.UInt32Value min_content_length = 2; + + // Set of strings that allows specifying which mime-types yield compression; e.g., + // application/json, text/html, etc. When this field is not defined, compression will be applied + // to the following mime-types: "application/javascript", "application/json", + // "application/xhtml+xml", "image/svg+xml", "text/css", "text/html", "text/plain", "text/xml" + // and their synonyms. + repeated string content_type = 3; + } + + // Configuration for filter behavior on the request direction. + message RequestDirectionConfig { + CommonDirectionConfig common_config = 1; + } + + // Configuration for filter behavior on the response direction. + message ResponseDirectionConfig { + CommonDirectionConfig common_config = 1; + + // If true, disables compression when the response contains an etag header. When it is false, the + // filter will preserve weak etags and remove the ones that require strong validation. + bool disable_on_etag_header = 2; + + // If true, removes accept-encoding from the request headers before dispatching it to the upstream + // so that responses do not get compressed before reaching the filter. + // + // .. attention:: + // + // To avoid interfering with other compression filters in the same chain use this option in + // the filter closest to the upstream. + bool remove_accept_encoding_header = 3; + } + // Minimum response length, in bytes, which will trigger compression. The default value is 30. - google.protobuf.UInt32Value content_length = 1; + google.protobuf.UInt32Value content_length = 1 [deprecated = true]; // Set of strings that allows specifying which mime-types yield compression; e.g., // application/json, text/html, etc. When this field is not defined, compression will be applied // to the following mime-types: "application/javascript", "application/json", // "application/xhtml+xml", "image/svg+xml", "text/css", "text/html", "text/plain", "text/xml" // and their synonyms. - repeated string content_type = 2; + repeated string content_type = 2 [deprecated = true]; // If true, disables compression when the response contains an etag header. When it is false, the // filter will preserve weak etags and remove the ones that require strong validation. - bool disable_on_etag_header = 3; + bool disable_on_etag_header = 3 [deprecated = true]; // If true, removes accept-encoding from the request headers before dispatching it to the upstream // so that responses do not get compressed before reaching the filter. - // .. attention: + // + // .. attention:: // // To avoid interfering with other compression filters in the same chain use this option in // the filter closest to the upstream. - bool remove_accept_encoding_header = 4; + bool remove_accept_encoding_header = 4 [deprecated = true]; // Runtime flag that controls whether the filter is enabled or not. If set to false, the // filter will operate as a pass-through filter. If not specified, defaults to enabled. - config.core.v3.RuntimeFeatureFlag runtime_enabled = 5; + config.core.v3.RuntimeFeatureFlag runtime_enabled = 5 [deprecated = true]; // A compressor library to use for compression. Currently only // :ref:`envoy.compression.gzip.compressor` // is included in Envoy. // This field is ignored if used in the context of the gzip http-filter, but is mandatory otherwise. config.core.v3.TypedExtensionConfig compressor_library = 6; + + // Configuration for request compression. Compression is disabled by default if left empty. + RequestDirectionConfig request_direction_config = 7; + + // Configuration for response compression. Compression is enabled by default if left empty. + // + // .. attention:: + // + // If the field is not empty then the duplicate deprecated fields of the `Compressor` message, + // such as `content_length`, `content_type`, `disable_on_etag_header`, + // `remove_accept_encoding_header` and `runtime_enabled`, are ignored. + // + // Also all the statistics related to response compression will be rooted in + // `.compressor...response.*` + // instead of + // `.compressor...*`. + ResponseDirectionConfig response_direction_config = 8; } diff --git a/api/src/main/proto/envoy/extensions/filters/http/compressor/v4alpha/compressor.proto b/api/src/main/proto/envoy/extensions/filters/http/compressor/v4alpha/compressor.proto new file mode 100644 index 000000000..6f2f78988 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/compressor/v4alpha/compressor.proto @@ -0,0 +1,106 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.compressor.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/extension.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.compressor.v4alpha"; +option java_outer_classname = "CompressorProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Compressor] +// Compressor :ref:`configuration overview `. +// [#extension: envoy.filters.http.compressor] + +// [#next-free-field: 9] +message Compressor { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.compressor.v3.Compressor"; + + message CommonDirectionConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.compressor.v3.Compressor.CommonDirectionConfig"; + + // Runtime flag that controls whether compression is enabled or not for the direction this + // common config is put in. If set to false, the filter will operate as a pass-through filter + // in the chosen direction. If the field is omitted, the filter will be enabled. + config.core.v4alpha.RuntimeFeatureFlag enabled = 1; + + // Minimum value of Content-Length header of request or response messages (depending on the direction + // this common config is put in), in bytes, which will trigger compression. The default value is 30. + google.protobuf.UInt32Value min_content_length = 2; + + // Set of strings that allows specifying which mime-types yield compression; e.g., + // application/json, text/html, etc. When this field is not defined, compression will be applied + // to the following mime-types: "application/javascript", "application/json", + // "application/xhtml+xml", "image/svg+xml", "text/css", "text/html", "text/plain", "text/xml" + // and their synonyms. + repeated string content_type = 3; + } + + // Configuration for filter behavior on the request direction. + message RequestDirectionConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.compressor.v3.Compressor.RequestDirectionConfig"; + + CommonDirectionConfig common_config = 1; + } + + // Configuration for filter behavior on the response direction. + message ResponseDirectionConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.compressor.v3.Compressor.ResponseDirectionConfig"; + + CommonDirectionConfig common_config = 1; + + // If true, disables compression when the response contains an etag header. When it is false, the + // filter will preserve weak etags and remove the ones that require strong validation. + bool disable_on_etag_header = 2; + + // If true, removes accept-encoding from the request headers before dispatching it to the upstream + // so that responses do not get compressed before reaching the filter. + // + // .. attention:: + // + // To avoid interfering with other compression filters in the same chain use this option in + // the filter closest to the upstream. + bool remove_accept_encoding_header = 3; + } + + reserved 1, 2, 3, 4, 5; + + reserved "content_length", "content_type", "disable_on_etag_header", + "remove_accept_encoding_header", "runtime_enabled"; + + // A compressor library to use for compression. Currently only + // :ref:`envoy.compression.gzip.compressor` + // is included in Envoy. + // This field is ignored if used in the context of the gzip http-filter, but is mandatory otherwise. + config.core.v4alpha.TypedExtensionConfig compressor_library = 6; + + // Configuration for request compression. Compression is disabled by default if left empty. + RequestDirectionConfig request_direction_config = 7; + + // Configuration for response compression. Compression is enabled by default if left empty. + // + // .. attention:: + // + // If the field is not empty then the duplicate deprecated fields of the `Compressor` message, + // such as `content_length`, `content_type`, `disable_on_etag_header`, + // `remove_accept_encoding_header` and `runtime_enabled`, are ignored. + // + // Also all the statistics related to response compression will be rooted in + // `.compressor...response.*` + // instead of + // `.compressor...*`. + ResponseDirectionConfig response_direction_config = 8; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto b/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto index b8a2525db..70dd21a32 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto @@ -55,6 +55,10 @@ message PerRouteConfig { // :ref:`HCM host rewrite header ` // given that the value set here would be used for DNS lookups whereas the value set in the HCM // would be used for host header forwarding which is not the desired outcome. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string host_rewrite_header = 2; } } diff --git a/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3alpha/ext_proc.proto b/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3alpha/ext_proc.proto new file mode 100644 index 000000000..1e64376ad --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3alpha/ext_proc.proto @@ -0,0 +1,150 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ext_proc.v3alpha; + +import "envoy/config/core/v3/grpc_service.proto"; +import "envoy/extensions/filters/http/ext_proc/v3alpha/processing_mode.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_proc.v3alpha"; +option java_outer_classname = "ExtProcProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).work_in_progress = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: External Processing Filter] +// External Processing Filter +// [#extension: envoy.filters.http.ext_proc] + +// The External Processing filter allows an external service to act on HTTP traffic in a flexible way. +// It communicates with an external gRPC service that can use it to do a variety of things +// with the request and response: +// +// * Access and modify the HTTP headers on the request, response, or both +// * Access and modify the HTTP request and response bodies +// * Access and modify the dynamic stream metadata +// * Immediately send an HTTP response downstream and terminate other processing +// +// The filter communicates with the server using a gRPC bidirectional stream. After the initial +// request, the external server is in control over what additional data is sent to it +// and how it should be processed. +// +// By implementing the protocol specified by the stream, the external server can choose: +// +// * Whether it receives the response message at all +// * Whether it receives the message body at all, in separate chunks, or as a single buffer +// * Whether subsequent HTTP requests are transmitted synchronously or whether they are +// sent asynchronously. +// +// All of this together allows a server to process the filter traffic in fairly +// sophisticated ways. For example: +// +// * A server may choose to examine all or part of the HTTP message bodies depending +// on the content of the headers. +// * A server may choose to immediately reject some messages based on their HTTP +// headers (or other dynamic metadata) and more carefully examine others +// * A server may asynchronously monitor traffic coming through the filter by inspecting +// headers, bodies, or both, and then decide to switch to a synchronous processing +// mode, either permanently or temporarily. +// +// The protocol itself is based on a bidirectional gRPC stream. Envoy will send the +// server +// :ref:`ProcessingRequest ` +// messages, and the server must reply with +// :ref:`ProcessingResponse `. + +// [#next-free-field: 9] +message ExternalProcessor { + // Configuration for the gRPC service that the filter will communicate with. + // The filter supports both the "Envoy" and "Google" gRPC clients. + config.core.v3.GrpcService grpc_service = 1; + + // [#not-implemented-hide:] + // By default, if the gRPC stream cannot be established, or if it is closed + // prematurely with an error, the filter will fail. Specifically, if the + // response headers have not yet been delivered, then it will return a 500 + // error downstream. If they have been delivered, then instead the HTTP stream to the + // downstream client will be reset. + // With this parameter set to true, however, then if the gRPC stream is prematurely closed + // or could not be opened, processing continues without error. + bool failure_mode_allow = 2; + + // [#not-implemented-hide:] + // Specifies default options for how HTTP headers, trailers, and bodies are + // sent. See ProcessingMode for details. + ProcessingMode processing_mode = 3; + + // [#not-implemented-hide:] + // If true, send each part of the HTTP request or response specified by ProcessingMode + // asynchronously -- in other words, send the message on the gRPC stream and then continue + // filter processing. If false, which is the default, suspend filter execution after + // each message is sent to the remote service and wait up to "message_timeout" + // for a reply. + bool async_mode = 4; + + // [#not-implemented-hide:] + // Envoy provides a number of :ref:`attributes ` + // for expressive policies. Each attribute name provided in this field will be + // matched against that list and populated in the request_headers message. + // See the :ref:`attribute documentation ` + // for the list of supported attributes and their types. + repeated string request_attributes = 5; + + // [#not-implemented-hide:] + // Envoy provides a number of :ref:`attributes ` + // for expressive policies. Each attribute name provided in this field will be + // matched against that list and populated in the response_headers message. + // See the :ref:`attribute documentation ` + // for the list of supported attributes and their types. + repeated string response_attributes = 6; + + // [#not-implemented-hide:] + // Specifies the timeout for each individual message sent on the stream and + // when the filter is running in synchronous mode. Whenever + // the proxy sends a message on the stream that requires a response, it will + // reset this timer, and will stop processing and return an error (subject + // to the processing mode) if the timer expires. There is no timeout when + // the filter is running in asynchronous mode. Default is 200 ms. + google.protobuf.Duration message_timeout = 7; + + // [#not-implemented-hide:] + // Optional additional prefix to use when emitting statistics. This allows to distinguish + // emitted statistics between configured *ext_proc* filters in an HTTP filter chain. + string stat_prefix = 8; +} + +// [#not-implemented-hide:] +// Extra settings that may be added to per-route configuration for a +// virtual host or cluster. +message ExtProcPerRoute { + oneof override { + option (validate.required) = true; + + // Disable the filter for this particular vhost or route. + // If disabled is specified in multiple per-filter-configs, the most specific one will be used. + bool disabled = 1 [(validate.rules).bool = {const: true}]; + + // Override aspects of the configuration for this route + ExtProcOverrides overrides = 2; + } +} + +// [#not-implemented-hide:] +// Overrides that may be set on a per-route basis +message ExtProcOverrides { + // Set a different processing mode for this route than the default. + ProcessingMode processing_mode = 1; + + // Set a different asynchronous processing option than the default. + bool async_mode = 2; + + // Set different optional properties than the default. + repeated string request_properties = 3; + + // Set different optional properties than the default. + repeated string response_properties = 4; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3alpha/processing_mode.proto b/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3alpha/processing_mode.proto new file mode 100644 index 000000000..d085790d3 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3alpha/processing_mode.proto @@ -0,0 +1,74 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ext_proc.v3alpha; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_proc.v3alpha"; +option java_outer_classname = "ProcessingModeProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).work_in_progress = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: External Processing Filter] +// External Processing Filter Processing Mode +// [#extension: envoy.filters.http.ext_proc] + +// This configuration describes which parts of an HTTP request and +// response are sent to a remote server and how they are delivered. + +// [#next-free-field: 7] +message ProcessingMode { + // Control how headers and trailers are handled + enum HeaderSendMode { + // The default HeaderSendMode depends on which part of the message is being + // processed. By default, request and response headers are sent, + // while trailers are skipped. + DEFAULT = 0; + + // Send the header or trailer. + SEND = 1; + + // Do not send the header or trailer. + SKIP = 2; + } + + // Control how the request and response bodies are handled + enum BodySendMode { + // Do not send the body at all. This is the default. + NONE = 0; + + // Stream the body to the server in pieces as they arrive at the + // proxy. + STREAMED = 1; + + // Buffer the message body in memory and send the entire body at once. + // If the body exceeds the configured buffer limit, then the + // downstream system will receive an error. + BUFFERED = 2; + + // Buffer the message body in memory and send the entire body in one + // chunk. If the body exceeds the configured buffer limit, then the body contents + // up to the buffer limit will be sent. + BUFFERED_PARTIAL = 3; + } + + // How to handle the request header. Default is "SEND". + HeaderSendMode request_header_mode = 1 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the response header. Default is "SEND". + HeaderSendMode response_header_mode = 2 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the request body. Default is "NONE". + BodySendMode request_body_mode = 3 [(validate.rules).enum = {defined_only: true}]; + + // How do handle the response body. Default is "NONE". + BodySendMode response_body_mode = 4 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the request trailers. Default is "SKIP". + HeaderSendMode request_trailer_mode = 5 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the response trailers. Default is "SKIP". + HeaderSendMode response_trailer_mode = 6 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto b/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto index 308208920..007ccabc3 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto @@ -15,11 +15,27 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // gRPC-JSON transcoder :ref:`configuration overview `. // [#extension: envoy.filters.http.grpc_json_transcoder] -// [#next-free-field: 10] +// [#next-free-field: 11] message GrpcJsonTranscoder { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.transcoder.v2.GrpcJsonTranscoder"; + enum UrlUnescapeSpec { + // URL path parameters will not decode RFC 6570 reserved characters. + // For example, segment `%2f%23/%20%2523` is unescaped to `%2f%23/ %23`. + ALL_CHARACTERS_EXCEPT_RESERVED = 0; + + // URL path parameters will be fully URI-decoded except in + // cases of single segment matches in reserved expansion, where "%2F" will be + // left encoded. + // For example, segment `%2f%23/%20%2523` is unescaped to `%2f#/ %23`. + ALL_CHARACTERS_EXCEPT_SLASH = 1; + + // URL path parameters will be fully URI-decoded. + // For example, segment `%2f%23/%20%2523` is unescaped to `/#/ %23`. + ALL_CHARACTERS = 2; + } + message PrintOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.transcoder.v2.GrpcJsonTranscoder.PrintOptions"; @@ -160,4 +176,11 @@ message GrpcJsonTranscoder { // the ``google/rpc/error_details.proto`` should be included in the configured // :ref:`proto descriptor set `. bool convert_grpc_status = 9; + + // URL unescaping policy. + // This spec is only applied when extracting variable with multiple segments. + // For example, in case of `/foo/{x=*}/bar/{y=prefix/*}/{z=**}` `x` variable is single segment and `y` and `z` are multiple segments. + // For a path with `/foo/first/bar/prefix/second/third/fourth`, `x=first`, `y=prefix/second`, `z=third/fourth`. + // If this setting is not specified, the value defaults to :ref:`ALL_CHARACTERS_EXCEPT_RESERVED`. + UrlUnescapeSpec url_unescape_spec = 10 [(validate.rules).enum = {defined_only: true}]; } diff --git a/api/src/main/proto/envoy/extensions/filters/http/gzip/v4alpha/gzip.proto b/api/src/main/proto/envoy/extensions/filters/http/gzip/v4alpha/gzip.proto new file mode 100644 index 000000000..f89be9a69 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/gzip/v4alpha/gzip.proto @@ -0,0 +1,84 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.gzip.v4alpha; + +import "envoy/extensions/filters/http/compressor/v4alpha/compressor.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.gzip.v4alpha"; +option java_outer_classname = "GzipProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Gzip] +// Gzip :ref:`configuration overview `. +// [#extension: envoy.filters.http.gzip] + +// [#next-free-field: 12] +message Gzip { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.gzip.v3.Gzip"; + + enum CompressionStrategy { + DEFAULT = 0; + FILTERED = 1; + HUFFMAN = 2; + RLE = 3; + } + + message CompressionLevel { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.gzip.v3.Gzip.CompressionLevel"; + + enum Enum { + DEFAULT = 0; + BEST = 1; + SPEED = 2; + } + } + + reserved 2, 6, 7, 8; + + reserved "content_length", "content_type", "disable_on_etag_header", + "remove_accept_encoding_header"; + + // Value from 1 to 9 that controls the amount of internal memory used by zlib. Higher values + // use more memory, but are faster and produce better compression results. The default value is 5. + google.protobuf.UInt32Value memory_level = 1 [(validate.rules).uint32 = {lte: 9 gte: 1}]; + + // A value used for selecting the zlib compression level. This setting will affect speed and + // amount of compression applied to the content. "BEST" provides higher compression at the cost of + // higher latency, "SPEED" provides lower compression with minimum impact on response time. + // "DEFAULT" provides an optimal result between speed and compression. This field will be set to + // "DEFAULT" if not specified. + CompressionLevel.Enum compression_level = 3 [(validate.rules).enum = {defined_only: true}]; + + // A value used for selecting the zlib compression strategy which is directly related to the + // characteristics of the content. Most of the time "DEFAULT" will be the best choice, though + // there are situations which changing this parameter might produce better results. For example, + // run-length encoding (RLE) is typically used when the content is known for having sequences + // which same data occurs many consecutive times. For more information about each strategy, please + // refer to zlib manual. + CompressionStrategy compression_strategy = 4 [(validate.rules).enum = {defined_only: true}]; + + // Value from 9 to 15 that represents the base two logarithmic of the compressor's window size. + // Larger window results in better compression at the expense of memory usage. The default is 12 + // which will produce a 4096 bytes window. For more details about this parameter, please refer to + // zlib manual > deflateInit2. + google.protobuf.UInt32Value window_bits = 9 [(validate.rules).uint32 = {lte: 15 gte: 9}]; + + // Set of configuration parameters common for all compression filters. If this field is set then + // the fields `content_length`, `content_type`, `disable_on_etag_header` and + // `remove_accept_encoding_header` are ignored. + compressor.v4alpha.Compressor compressor = 10; + + // Value for Zlib's next output buffer. If not set, defaults to 4096. + // See https://www.zlib.net/manual.html for more details. Also see + // https://github.com/envoyproxy/envoy/issues/8448 for context on this filter's performance. + google.protobuf.UInt32Value chunk_size = 11 [(validate.rules).uint32 = {lte: 65536 gte: 4096}]; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v3/config.proto b/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v3/config.proto index 5588961bf..08ef7a09f 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v3/config.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v3/config.proto @@ -30,7 +30,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // // A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies: // -// * issuer: the principal that issues the JWT. It has to match the one from the token. +// * issuer: the principal that issues the JWT. If specified, it has to match the *iss* field in JWT. // * allowed audiences: the ones in the token have to be listed here. // * how to fetch public key JWKS to verify the token signature. // * how to extract JWT token in the request. @@ -48,10 +48,11 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster +// timeout: 1s // cache_duration: // seconds: 300 // -// [#next-free-field: 10] +// [#next-free-field: 11] message JwtProvider { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider"; @@ -59,10 +60,24 @@ message JwtProvider { // Specify the `principal `_ that issued // the JWT, usually a URL or an email address. // + // It is optional. If specified, it has to match the *iss* field in JWT. + // + // If a JWT has *iss* field and this field is specified, they have to match, otherwise the + // JWT *iss* field is not checked. + // + // Note: *JwtRequirement* :ref:`allow_missing ` + // and :ref:`allow_missing_or_failed ` + // are implemented differently than other *JwtRequirements*. Hence the usage of this field + // is different as follows if *allow_missing* or *allow_missing_or_failed* is used: + // + // * If a JWT has *iss* field, it needs to be specified by this field in one of *JwtProviders*. + // * If a JWT doesn't have *iss* field, one of *JwtProviders* should fill this field empty. + // * Multiple *JwtProviders* should not have same value in this field. + // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com // - string issuer = 1 [(validate.rules).string = {min_len: 1}]; + string issuer = 1; // The list of JWT `audiences `_ are // allowed to access. A JWT containing any of these audiences will be accepted. If not specified, @@ -94,6 +109,7 @@ message JwtProvider { // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 + // timeout: 1s // cache_duration: // seconds: 300 // @@ -191,6 +207,10 @@ message JwtProvider { // exp: 1501281058 // string payload_in_metadata = 9; + + // Specify the clock skew in seconds when verifying JWT time constraint, + // such as `exp`, and `nbf`. If not specified, default is 60 seconds. + uint32 clock_skew_seconds = 10; } // This message specifies how to fetch JWKS from remote and how to cache it. @@ -205,6 +225,7 @@ message RemoteJwks { // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 + // timeout: 1s // config.core.v3.HttpUri http_uri = 1; @@ -388,8 +409,18 @@ message RequirementRule { // config.route.v3.RouteMatch match = 1 [(validate.rules).message = {required: true}]; - // Specify a Jwt Requirement. Please detail comment in message JwtRequirement. - JwtRequirement requires = 2; + // Specify a Jwt requirement. + // If not specified, Jwt verification is disabled. + oneof requirement_type { + // Specify a Jwt requirement. Please see detail comment in message JwtRequirement. + JwtRequirement requires = 2; + + // Use requirement_name to specify a Jwt requirement. + // This requirement_name MUST be specified at the + // :ref:`requirement_map ` + // in `JwtAuthentication`. + string requirement_name = 3 [(validate.rules).string = {min_len: 1}]; + } } // This message specifies Jwt requirements based on stream_info.filterState. @@ -437,6 +468,7 @@ message FilterStateRule { // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster +// timeout: 1s // provider2: // issuer: issuer2 // local_jwks: @@ -462,6 +494,7 @@ message FilterStateRule { // - provider_name: provider1 // - provider_name: provider2 // +// [#next-free-field: 6] message JwtAuthentication { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.jwt_authn.v2alpha.JwtAuthentication"; @@ -480,6 +513,7 @@ message JwtAuthentication { // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster + // timeout: 1s // provider2: // issuer: provider2 // local_jwks: @@ -528,4 +562,25 @@ message JwtAuthentication { // `_ regardless of JWT // requirements specified in the rules. bool bypass_cors_preflight = 4; + + // A map of unique requirement_names to JwtRequirements. + // :ref:`requirement_name ` + // in `PerRouteConfig` uses this map to specify a JwtRequirement. + map requirement_map = 5; +} + +// Specify per-route config. +message PerRouteConfig { + oneof requirement_specifier { + option (validate.required) = true; + + // Disable Jwt Authentication for this route. + bool disabled = 1 [(validate.rules).bool = {const: true}]; + + // Use requirement_name to specify a JwtRequirement. + // This requirement_name MUST be specified at the + // :ref:`requirement_map ` + // in `JwtAuthentication`. If no, the requests using this route will be rejected with 403. + string requirement_name = 2 [(validate.rules).string = {min_len: 1}]; + } } diff --git a/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v4alpha/config.proto b/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v4alpha/config.proto index 12d4fa5fe..7656f0991 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v4alpha/config.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/jwt_authn/v4alpha/config.proto @@ -30,7 +30,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // // A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies: // -// * issuer: the principal that issues the JWT. It has to match the one from the token. +// * issuer: the principal that issues the JWT. If specified, it has to match the *iss* field in JWT. // * allowed audiences: the ones in the token have to be listed here. // * how to fetch public key JWKS to verify the token signature. // * how to extract JWT token in the request. @@ -48,10 +48,11 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster +// timeout: 1s // cache_duration: // seconds: 300 // -// [#next-free-field: 10] +// [#next-free-field: 11] message JwtProvider { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.http.jwt_authn.v3.JwtProvider"; @@ -59,10 +60,24 @@ message JwtProvider { // Specify the `principal `_ that issued // the JWT, usually a URL or an email address. // + // It is optional. If specified, it has to match the *iss* field in JWT. + // + // If a JWT has *iss* field and this field is specified, they have to match, otherwise the + // JWT *iss* field is not checked. + // + // Note: *JwtRequirement* :ref:`allow_missing ` + // and :ref:`allow_missing_or_failed ` + // are implemented differently than other *JwtRequirements*. Hence the usage of this field + // is different as follows if *allow_missing* or *allow_missing_or_failed* is used: + // + // * If a JWT has *iss* field, it needs to be specified by this field in one of *JwtProviders*. + // * If a JWT doesn't have *iss* field, one of *JwtProviders* should fill this field empty. + // * Multiple *JwtProviders* should not have same value in this field. + // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com // - string issuer = 1 [(validate.rules).string = {min_len: 1}]; + string issuer = 1; // The list of JWT `audiences `_ are // allowed to access. A JWT containing any of these audiences will be accepted. If not specified, @@ -94,6 +109,7 @@ message JwtProvider { // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 + // timeout: 1s // cache_duration: // seconds: 300 // @@ -191,6 +207,10 @@ message JwtProvider { // exp: 1501281058 // string payload_in_metadata = 9; + + // Specify the clock skew in seconds when verifying JWT time constraint, + // such as `exp`, and `nbf`. If not specified, default is 60 seconds. + uint32 clock_skew_seconds = 10; } // This message specifies how to fetch JWKS from remote and how to cache it. @@ -205,6 +225,7 @@ message RemoteJwks { // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 + // timeout: 1s // config.core.v4alpha.HttpUri http_uri = 1; @@ -388,8 +409,18 @@ message RequirementRule { // config.route.v4alpha.RouteMatch match = 1 [(validate.rules).message = {required: true}]; - // Specify a Jwt Requirement. Please detail comment in message JwtRequirement. - JwtRequirement requires = 2; + // Specify a Jwt requirement. + // If not specified, Jwt verification is disabled. + oneof requirement_type { + // Specify a Jwt requirement. Please see detail comment in message JwtRequirement. + JwtRequirement requires = 2; + + // Use requirement_name to specify a Jwt requirement. + // This requirement_name MUST be specified at the + // :ref:`requirement_map ` + // in `JwtAuthentication`. + string requirement_name = 3 [(validate.rules).string = {min_len: 1}]; + } } // This message specifies Jwt requirements based on stream_info.filterState. @@ -437,6 +468,7 @@ message FilterStateRule { // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster +// timeout: 1s // provider2: // issuer: issuer2 // local_jwks: @@ -462,6 +494,7 @@ message FilterStateRule { // - provider_name: provider1 // - provider_name: provider2 // +// [#next-free-field: 6] message JwtAuthentication { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication"; @@ -480,6 +513,7 @@ message JwtAuthentication { // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster + // timeout: 1s // provider2: // issuer: provider2 // local_jwks: @@ -528,4 +562,28 @@ message JwtAuthentication { // `_ regardless of JWT // requirements specified in the rules. bool bypass_cors_preflight = 4; + + // A map of unique requirement_names to JwtRequirements. + // :ref:`requirement_name ` + // in `PerRouteConfig` uses this map to specify a JwtRequirement. + map requirement_map = 5; +} + +// Specify per-route config. +message PerRouteConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.jwt_authn.v3.PerRouteConfig"; + + oneof requirement_specifier { + option (validate.required) = true; + + // Disable Jwt Authentication for this route. + bool disabled = 1 [(validate.rules).bool = {const: true}]; + + // Use requirement_name to specify a JwtRequirement. + // This requirement_name MUST be specified at the + // :ref:`requirement_map ` + // in `JwtAuthentication`. If no, the requests using this route will be rejected with 403. + string requirement_name = 2 [(validate.rules).string = {min_len: 1}]; + } } diff --git a/api/src/main/proto/envoy/extensions/filters/http/kill_request/v3/kill_request.proto b/api/src/main/proto/envoy/extensions/filters/http/kill_request/v3/kill_request.proto new file mode 100644 index 000000000..fc531923a --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/kill_request/v3/kill_request.proto @@ -0,0 +1,26 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.kill_request.v3; + +import "envoy/type/v3/percent.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.kill_request.v3"; +option java_outer_classname = "KillRequestProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Kill Request] +// Kill Request :ref:`configuration overview `. +// [#extension: envoy.filters.http.kill_request] + +// Configuration for KillRequest filter. +message KillRequest { + // The probability that a Kill request will be triggered. + type.v3.FractionalPercent probability = 1; + + // The name of the kill request header. If this field is not empty, it will override the :ref:`default header ` name. Otherwise the default header name will be used. + string kill_request_header = 2; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto b/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto index 326a30ef4..bc58e7f9b 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto @@ -19,7 +19,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Rate limit :ref:`configuration overview `. // [#extension: envoy.filters.http.ratelimit] -// [#next-free-field: 9] +// [#next-free-field: 10] message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.rate_limit.v2.RateLimit"; @@ -60,7 +60,6 @@ message RateLimit { // The filter's behaviour in case the rate limiting service does // not respond back. When it is set to true, Envoy will not allow traffic in case of // communication failure between rate limiting service and the proxy. - // Defaults to false. bool failure_mode_deny = 5; // Specifies whether a `RESOURCE_EXHAUSTED` gRPC code must be returned instead @@ -99,6 +98,11 @@ message RateLimit { // Disabled by default. XRateLimitHeadersRFCVersion enable_x_ratelimit_headers = 8 [(validate.rules).enum = {defined_only: true}]; + + // Disables emitting the :ref:`x-envoy-ratelimited` header + // in case of rate limiting (i.e. 429 responses). + // Having this header not present potentially makes the request retriable. + bool disable_x_envoy_ratelimited_header = 9; } message RateLimitPerRoute { diff --git a/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto b/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000..688be29e6 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,125 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.http.ratelimit] + +// [#next-free-field: 10] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.ratelimit.v3.RateLimit"; + + // Defines the version of the standard to use for X-RateLimit headers. + enum XRateLimitHeadersRFCVersion { + // X-RateLimit headers disabled. + OFF = 0; + + // Use `draft RFC Version 03 `_. + DRAFT_VERSION_03 = 1; + } + + // The rate limit domain to use when calling the rate limit service. + string domain = 1 [(validate.rules).string = {min_len: 1}]; + + // Specifies the rate limit configurations to be applied with the same + // stage number. If not set, the default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}]; + + // The type of requests the filter should apply to. The supported + // types are *internal*, *external* or *both*. A request is considered internal if + // :ref:`x-envoy-internal` is set to true. If + // :ref:`x-envoy-internal` is not set or false, a + // request is considered external. The filter defaults to *both*, and it will apply to all request + // types. + string request_type = 3 + [(validate.rules).string = {in: "internal" in: "external" in: "both" in: ""}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 4; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + bool failure_mode_deny = 5; + + // Specifies whether a `RESOURCE_EXHAUSTED` gRPC code must be returned instead + // of the default `UNAVAILABLE` gRPC code for a rate limited gRPC call. The + // HTTP code will be 200 for a gRPC response. + bool rate_limited_as_resource_exhausted = 6; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 7 + [(validate.rules).message = {required: true}]; + + // Defines the standard version to use for X-RateLimit headers emitted by the filter: + // + // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the + // client in the current time-window followed by the description of the + // quota policy. The values are returned by the rate limiting service in + // :ref:`current_limit` + // field. Example: `10, 10;w=1;name="per-ip", 1000;w=3600`. + // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the + // current time-window. The values are returned by the rate limiting service + // in :ref:`limit_remaining` + // field. + // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of + // the current time-window. The values are returned by the rate limiting service + // in :ref:`duration_until_reset` + // field. + // + // In case rate limiting policy specifies more then one time window, the values + // above represent the window that is closest to reaching its limit. + // + // For more information about the headers specification see selected version of + // the `draft RFC `_. + // + // Disabled by default. + XRateLimitHeadersRFCVersion enable_x_ratelimit_headers = 8 + [(validate.rules).enum = {defined_only: true}]; + + // Disables emitting the :ref:`x-envoy-ratelimited` header + // in case of rate limiting (i.e. 429 responses). + // Having this header not present potentially makes the request retriable. + bool disable_x_envoy_ratelimited_header = 9; +} + +message RateLimitPerRoute { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute"; + + enum VhRateLimitsOptions { + // Use the virtual host rate limits unless the route has a rate limit policy. + OVERRIDE = 0; + + // Use the virtual host rate limits even if the route has a rate limit policy. + INCLUDE = 1; + + // Ignore the virtual host rate limits even if the route does not have a rate limit policy. + IGNORE = 2; + } + + // Specifies if the rate limit filter should include the virtual host rate limits. + VhRateLimitsOptions vh_rate_limits = 1 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/wasm/v3/wasm.proto b/api/src/main/proto/envoy/extensions/filters/http/wasm/v3/wasm.proto index a812992a5..55eba141f 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/wasm/v3/wasm.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/wasm/v3/wasm.proto @@ -13,7 +13,10 @@ option java_outer_classname = "WasmProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; -// [[#not-implemented-hide:] +// [#protodoc-title: Wasm] +// [#extension: envoy.filters.http.wasm] +// Wasm :ref:`configuration overview `. + message Wasm { // General Plugin configuration. envoy.extensions.wasm.v3.PluginConfig config = 1; diff --git a/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 09f4771a6..395c6b67f 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -19,8 +19,6 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; @@ -37,7 +35,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 41] +// [#next-free-field: 43] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"; @@ -342,6 +340,10 @@ message HttpConnectionManager { // ` does not apply to // this corner case. // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled according to the value for + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. + // // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due // to the granularity of events presented to the connection manager. For example, while receiving // very large request headers, it may be the case that there is traffic regularly arriving on the @@ -360,6 +362,14 @@ message HttpConnectionManager { google.protobuf.Duration request_timeout = 28 [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + // The amount of time that Envoy will wait for the request headers to be received. The timer is + // activated when the first byte of the headers is received, and is disarmed when the last byte of + // the headers has been received. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_headers_timeout = 41 [ + (validate.rules).duration = {gte {}}, + (udpa.annotations.security).configure_for_untrusted_downstream = true + ]; + // The time that Envoy will wait between sending an HTTP/2 “shutdown // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. // This is used so that Envoy provides a grace period for new streams that @@ -541,7 +551,20 @@ message HttpConnectionManager { // Without setting this option, incoming requests with host `example:443` will not match against // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part // of `HTTP spec `_ and is provided for convenience. - bool strip_matching_host_port = 39; + // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. + bool strip_matching_host_port = 39 + [(udpa.annotations.field_migrate).oneof_promotion = "strip_port_mode"]; + + oneof strip_port_mode { + // Determines if the port part should be removed from host/authority header before any processing + // of request by HTTP filters or routing. The port would be removed only if request method is not CONNECT. + // This affects the upstream host header as well. + // Without setting this option, incoming requests with host `example:443` will not match against + // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part + // of `HTTP spec `_ and is provided for convenience. + // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. + bool strip_any_host_port = 42; + } // Governs Envoy's behavior when receiving invalid HTTP from downstream. // If this option is false (default), Envoy will err on the conservative side handling HTTP @@ -643,13 +666,7 @@ message Rds { // API. This allows an Envoy configuration with multiple HTTP listeners (and // associated HTTP connection manager filters) to use different route // configurations. - string route_config_name = 2 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Resource locator for RDS. This is mutually exclusive to *route_config_name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator rds_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + string route_config_name = 2; } // This message is used to work around the limitations with 'oneof' and repeated fields. @@ -725,6 +742,10 @@ message ScopedRoutes { } // The name of the header field to extract the value from. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string name = 1 [(validate.rules).string = {min_len: 1}]; // The element separator (e.g., ';' separates 'a;b;c;d'). diff --git a/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto index 2ef64b3f3..6afb11505 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -19,8 +19,6 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "envoy/annotations/deprecation.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; @@ -36,7 +34,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 41] +// [#next-free-field: 43] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"; @@ -341,6 +339,10 @@ message HttpConnectionManager { // ` does not apply to // this corner case. // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled according to the value for + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. + // // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due // to the granularity of events presented to the connection manager. For example, while receiving // very large request headers, it may be the case that there is traffic regularly arriving on the @@ -359,6 +361,14 @@ message HttpConnectionManager { google.protobuf.Duration request_timeout = 28 [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + // The amount of time that Envoy will wait for the request headers to be received. The timer is + // activated when the first byte of the headers is received, and is disarmed when the last byte of + // the headers has been received. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_headers_timeout = 41 [ + (validate.rules).duration = {gte {}}, + (udpa.annotations.security).configure_for_untrusted_downstream = true + ]; + // The time that Envoy will wait between sending an HTTP/2 “shutdown // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. // This is used so that Envoy provides a grace period for new streams that @@ -534,13 +544,25 @@ message HttpConnectionManager { // coded in Envoy, the response content type is plain text. LocalReplyConfig local_reply_config = 38; - // Determines if the port part should be removed from host/authority header before any processing - // of request by HTTP filters or routing. The port would be removed only if it is equal to the :ref:`listener's` - // local port and request method is not CONNECT. This affects the upstream host header as well. - // Without setting this option, incoming requests with host `example:443` will not match against - // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part - // of `HTTP spec `_ and is provided for convenience. - bool strip_matching_host_port = 39; + oneof strip_port_mode { + // Determines if the port part should be removed from host/authority header before any processing + // of request by HTTP filters or routing. The port would be removed only if it is equal to the :ref:`listener's` + // local port and request method is not CONNECT. This affects the upstream host header as well. + // Without setting this option, incoming requests with host `example:443` will not match against + // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part + // of `HTTP spec `_ and is provided for convenience. + // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. + bool strip_matching_host_port = 39; + + // Determines if the port part should be removed from host/authority header before any processing + // of request by HTTP filters or routing. The port would be removed only if request method is not CONNECT. + // This affects the upstream host header as well. + // Without setting this option, incoming requests with host `example:443` will not match against + // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part + // of `HTTP spec `_ and is provided for convenience. + // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. + bool strip_any_host_port = 42; + } // Governs Envoy's behavior when receiving invalid HTTP from downstream. // If this option is false (default), Envoy will err on the conservative side handling HTTP @@ -644,17 +666,11 @@ message Rds { // Configuration source specifier for RDS. config.core.v4alpha.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; - oneof name_specifier { - // The name of the route configuration. This name will be passed to the RDS - // API. This allows an Envoy configuration with multiple HTTP listeners (and - // associated HTTP connection manager filters) to use different route - // configurations. - string route_config_name = 2; - - // Resource locator for RDS. This is mutually exclusive to *route_config_name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator rds_resource_locator = 3; - } + // The name of the route configuration. This name will be passed to the RDS + // API. This allows an Envoy configuration with multiple HTTP listeners (and + // associated HTTP connection manager filters) to use different route + // configurations. + string route_config_name = 2; } // This message is used to work around the limitations with 'oneof' and repeated fields. @@ -730,6 +746,10 @@ message ScopedRoutes { } // The name of the header field to extract the value from. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. string name = 1 [(validate.rules).string = {min_len: 1}]; // The element separator (e.g., ';' separates 'a;b;c;d'). diff --git a/api/src/main/proto/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto b/api/src/main/proto/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto index 93abc90bd..ebdfb6f2f 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto @@ -17,6 +17,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // MongoDB :ref:`configuration overview `. // [#extension: envoy.filters.network.mongo_proxy] +// [#next-free-field: 6] message MongoProxy { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.mongo_proxy.v2.MongoProxy"; @@ -39,4 +40,9 @@ message MongoProxy { // Flag to specify whether :ref:`dynamic metadata // ` should be emitted. Defaults to false. bool emit_dynamic_metadata = 4; + + // List of commands to emit metrics for. Defaults to "delete", "insert", and "update". + // Note that metrics will not be emitted for "find" commands, since those are considered + // queries, and metrics for those are emitted under a dedicated "query" namespace. + repeated string commands = 5; } diff --git a/api/src/main/proto/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto b/api/src/main/proto/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000..b53cb3bcc --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,53 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; +import "envoy/extensions/common/ratelimit/v3/ratelimit.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.network.ratelimit] + +// [#next-free-field: 7] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.ratelimit.v3.RateLimit"; + + // The prefix to use when emitting :ref:`statistics `. + string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; + + // The rate limit domain to use in the rate limit service request. + string domain = 2 [(validate.rules).string = {min_len: 1}]; + + // The rate limit descriptor list to use in the rate limit service request. + repeated common.ratelimit.v3.RateLimitDescriptor descriptors = 3 + [(validate.rules).repeated = {min_items: 1}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 4; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 5; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 6 + [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto b/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto new file mode 100644 index 000000000..ed49380f8 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha; + +import "envoy/config/ratelimit/v4alpha/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.thrift.ratelimit] + +// [#next-free-field: 6] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3.RateLimit"; + + // The rate limit domain to use in the rate limit service request. + string domain = 1 [(validate.rules).string = {min_len: 1}]; + + // Specifies the rate limit configuration stage. Each configured rate limit filter performs a + // rate limit check using descriptors configured in the + // :ref:`envoy_api_msg_extensions.filters.network.thrift_proxy.v4alpha.RouteAction` for the request. + // Only those entries with a matching stage number are used for a given filter. If not set, the + // default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 3; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 4; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 5 + [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto b/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto index 2b9863e91..53bec0436 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto @@ -58,7 +58,7 @@ enum ProtocolType { TWITTER = 4; } -// [#next-free-field: 6] +// [#next-free-field: 7] message ThriftProxy { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.thrift_proxy.v2alpha1.ThriftProxy"; @@ -82,6 +82,12 @@ message ThriftProxy { // compatibility, if no thrift_filters are specified, a default Thrift router filter // (`envoy.filters.thrift.router`) is used. repeated ThriftFilter thrift_filters = 5; + + // If set to true, Envoy will try to skip decode data after metadata in the Thrift message. + // This mode will only work if the upstream and downstream protocols are the same and the transport + // is the same, the transport type is framed and the protocol is not Twitter. Otherwise Envoy will + // fallback to decode the data. + bool payload_passthrough = 6; } // ThriftFilter configures a Thrift filter. diff --git a/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v4alpha/thrift_proxy.proto b/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v4alpha/thrift_proxy.proto index b75d0e39e..8e7bf3c91 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v4alpha/thrift_proxy.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/thrift_proxy/v4alpha/thrift_proxy.proto @@ -58,7 +58,7 @@ enum ProtocolType { TWITTER = 4; } -// [#next-free-field: 6] +// [#next-free-field: 7] message ThriftProxy { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy"; @@ -82,6 +82,12 @@ message ThriftProxy { // compatibility, if no thrift_filters are specified, a default Thrift router filter // (`envoy.filters.thrift.router`) is used. repeated ThriftFilter thrift_filters = 5; + + // If set to true, Envoy will try to skip decode data after metadata in the Thrift message. + // This mode will only work if the upstream and downstream protocols are the same and the transport + // is the same, the transport type is framed and the protocol is not Twitter. Otherwise Envoy will + // fallback to decode the data. + bool payload_passthrough = 6; } // ThriftFilter configures a Thrift filter. diff --git a/api/src/main/proto/envoy/extensions/filters/network/wasm/v3/wasm.proto b/api/src/main/proto/envoy/extensions/filters/network/wasm/v3/wasm.proto index 131582762..0c1ac6af4 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/wasm/v3/wasm.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/wasm/v3/wasm.proto @@ -13,7 +13,10 @@ option java_outer_classname = "WasmProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; -// [[#not-implemented-hide:] +// [#protodoc-title: Wasm] +// [#extension: envoy.filters.network.wasm] +// Wasm :ref:`configuration overview `. + message Wasm { // General Plugin configuration. envoy.extensions.wasm.v3.PluginConfig config = 1; diff --git a/api/src/main/proto/envoy/extensions/rate_limit_descriptors/expr/v3/expr.proto b/api/src/main/proto/envoy/extensions/rate_limit_descriptors/expr/v3/expr.proto new file mode 100644 index 000000000..76d3505cb --- /dev/null +++ b/api/src/main/proto/envoy/extensions/rate_limit_descriptors/expr/v3/expr.proto @@ -0,0 +1,41 @@ +syntax = "proto3"; + +package envoy.extensions.rate_limit_descriptors.expr.v3; + +import "google/api/expr/v1alpha1/syntax.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.rate_limit_descriptors.expr.v3"; +option java_outer_classname = "ExprProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Rate limit descriptor expression] +// [#extension: envoy.rate_limit_descriptors.expr] + +// The following descriptor entry is appended with a value computed +// from a symbolic Common Expression Language expression. +// See :ref:`attributes ` for the set of +// available attributes. +// +// .. code-block:: cpp +// +// ("", "") +message Descriptor { + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; + + // If set to true, Envoy skips the descriptor if the expression evaluates to an error. + // By default, the rate limit is not applied when an expression produces an error. + bool skip_if_error = 2; + + oneof expr_specifier { + // Expression in a text form, e.g. "connection.requested_server_name". + string text = 3 [(validate.rules).string = {min_len: 1}]; + + // Parsed expression in AST form. + google.api.expr.v1alpha1.Expr parsed = 4; + } +} diff --git a/api/src/main/proto/envoy/extensions/stat_sinks/wasm/v3/wasm.proto b/api/src/main/proto/envoy/extensions/stat_sinks/wasm/v3/wasm.proto new file mode 100644 index 000000000..3fc5dae91 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/stat_sinks/wasm/v3/wasm.proto @@ -0,0 +1,23 @@ +syntax = "proto3"; + +package envoy.extensions.stat_sinks.wasm.v3; + +import "envoy/extensions/wasm/v3/wasm.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.stat_sinks.wasm.v3"; +option java_outer_classname = "WasmProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Wasm] +// Wasm :ref:`configuration overview `. +// [#extension: envoy.stat_sinks.wasm] + +message Wasm { + // General Plugin configuration. + envoy.extensions.wasm.v3.PluginConfig config = 1; +} diff --git a/api/src/main/proto/envoy/extensions/tracers/opencensus/v4alpha/opencensus.proto b/api/src/main/proto/envoy/extensions/tracers/opencensus/v4alpha/opencensus.proto index f64507b13..af17fe8ca 100644 --- a/api/src/main/proto/envoy/extensions/tracers/opencensus/v4alpha/opencensus.proto +++ b/api/src/main/proto/envoy/extensions/tracers/opencensus/v4alpha/opencensus.proto @@ -41,7 +41,9 @@ message OpenCensusConfig { B3 = 4; } - reserved 7; + reserved 7, 5, 6; + + reserved "zipkin_exporter_enabled", "zipkin_url"; // Configures tracing, e.g. the sampler, max number of annotations, etc. .opencensus.proto.trace.v1.TraceConfig trace_config = 1; @@ -68,13 +70,6 @@ message OpenCensusConfig { // is not provided, the default production Stackdriver address will be used. config.core.v4alpha.GrpcService stackdriver_grpc_service = 13; - // Enables the Zipkin exporter if set to true. The url and service name must - // also be set. - bool zipkin_exporter_enabled = 5; - - // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans" - string zipkin_url = 6; - // Enables the OpenCensus Agent exporter if set to true. The ocagent_address or // ocagent_grpc_service must also be set. bool ocagent_exporter_enabled = 11; diff --git a/api/src/main/proto/envoy/extensions/tracers/skywalking/v4alpha/skywalking.proto b/api/src/main/proto/envoy/extensions/tracers/skywalking/v4alpha/skywalking.proto new file mode 100644 index 000000000..37936faa6 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/tracers/skywalking/v4alpha/skywalking.proto @@ -0,0 +1,68 @@ +syntax = "proto3"; + +package envoy.extensions.tracers.skywalking.v4alpha; + +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.tracers.skywalking.v4alpha"; +option java_outer_classname = "SkywalkingProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: SkyWalking tracer] + +// Configuration for the SkyWalking tracer. Please note that if SkyWalking tracer is used as the +// provider of http tracer, then +// :ref:`start_child_span ` +// in the router must be set to true to get the correct topology and tracing data. Moreover, SkyWalking +// Tracer does not support SkyWalking extension header (``sw8-x``) temporarily. +// [#extension: envoy.tracers.skywalking] +message SkyWalkingConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.SkyWalkingConfig"; + + // SkyWalking collector service. + config.core.v4alpha.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}]; + + ClientConfig client_config = 2; +} + +// Client config for SkyWalking tracer. +message ClientConfig { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.ClientConfig"; + + // Service name for SkyWalking tracer. If this field is empty, then local service cluster name + // that configured by :ref:`Bootstrap node ` + // message's :ref:`cluster ` field or command line + // option :option:`--service-cluster` will be used. If both this field and local service cluster + // name are empty, ``EnvoyProxy`` is used as the service name by default. + string service_name = 1; + + // Service instance name for SkyWalking tracer. If this field is empty, then local service node + // that configured by :ref:`Bootstrap node ` + // message's :ref:`id ` field or command line option + // :option:`--service-node` will be used. If both this field and local service node are empty, + // ``EnvoyProxy`` is used as the instance name by default. + string instance_name = 2; + + // Authentication token config for SkyWalking. SkyWalking can use token authentication to secure + // that monitoring application data can be trusted. In current version, Token is considered as a + // simple string. + // [#comment:TODO(wbpcode): Get backend token through the SDS API.] + oneof backend_token_specifier { + // Inline authentication token string. + string backend_token = 3 [(udpa.annotations.sensitive) = true]; + } + + // Envoy caches the segment in memory when the SkyWalking backend service is temporarily unavailable. + // This field specifies the maximum number of segments that can be cached. If not specified, the + // default is 1024. + google.protobuf.UInt32Value max_cache_size = 4; +} diff --git a/api/src/main/proto/envoy/extensions/tracers/zipkin/v4alpha/zipkin.proto b/api/src/main/proto/envoy/extensions/tracers/zipkin/v4alpha/zipkin.proto index a6974fcc0..93ffefc48 100644 --- a/api/src/main/proto/envoy/extensions/tracers/zipkin/v4alpha/zipkin.proto +++ b/api/src/main/proto/envoy/extensions/tracers/zipkin/v4alpha/zipkin.proto @@ -18,7 +18,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // Configuration for the Zipkin tracer. // [#extension: envoy.tracers.zipkin] -// [#next-free-field: 6] +// [#next-free-field: 7] message ZipkinConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.ZipkinConfig"; @@ -44,9 +44,7 @@ message ZipkinConfig { GRPC = 3; } - // The cluster manager cluster that hosts the Zipkin collectors. Note that the - // Zipkin cluster must be defined in the :ref:`Bootstrap static cluster - // resources `. + // The cluster manager cluster that hosts the Zipkin collectors. string collector_cluster = 1 [(validate.rules).string = {min_len: 1}]; // The API endpoint of the Zipkin service where the spans will be sent. When @@ -65,4 +63,8 @@ message ZipkinConfig { // Determines the selected collector endpoint version. By default, the ``HTTP_JSON_V1`` will be // used. CollectorEndpointVersion collector_endpoint_version = 5; + + // Optional hostname to use when sending spans to the collector_cluster. Useful for collectors + // that require a specific hostname. Defaults to :ref:`collector_cluster ` above. + string collector_hostname = 6; } diff --git a/api/src/main/proto/envoy/extensions/transport_sockets/starttls/v3/starttls.proto b/api/src/main/proto/envoy/extensions/transport_sockets/starttls/v3/starttls.proto new file mode 100644 index 000000000..d9da31e7c --- /dev/null +++ b/api/src/main/proto/envoy/extensions/transport_sockets/starttls/v3/starttls.proto @@ -0,0 +1,38 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.starttls.v3; + +import "envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto"; +import "envoy/extensions/transport_sockets/tls/v3/tls.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.starttls.v3"; +option java_outer_classname = "StarttlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: StartTls] +// [#extension: envoy.transport_sockets.starttls] + +// StartTls transport socket addresses situations when a protocol starts in clear-text and +// negotiates an in-band switch to TLS. StartTls transport socket is protocol agnostic and requires +// a network filter which understands protocol exchange and a state machine to signal to the StartTls +// transport socket when a switch to TLS is required. + +// Configuration for StartTls transport socket. +// StartTls transport socket wraps two sockets: +// - raw_buffer socket which is used at the beginning of the session +// - TLS socket used when a protocol negotiates a switch to encrypted traffic. +message StartTlsConfig { + // (optional) Configuration for clear-text socket used at the beginning of the session. + raw_buffer.v3.RawBuffer cleartext_socket_config = 1; + + // Configuration for TLS socket. + transport_sockets.tls.v3.DownstreamTlsContext tls_socket_config = 2 + [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/transport_sockets/starttls/v4alpha/starttls.proto b/api/src/main/proto/envoy/extensions/transport_sockets/starttls/v4alpha/starttls.proto new file mode 100644 index 000000000..32350cf7e --- /dev/null +++ b/api/src/main/proto/envoy/extensions/transport_sockets/starttls/v4alpha/starttls.proto @@ -0,0 +1,41 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.starttls.v4alpha; + +import "envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto"; +import "envoy/extensions/transport_sockets/tls/v4alpha/tls.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.starttls.v4alpha"; +option java_outer_classname = "StarttlsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: StartTls] +// [#extension: envoy.transport_sockets.starttls] + +// StartTls transport socket addresses situations when a protocol starts in clear-text and +// negotiates an in-band switch to TLS. StartTls transport socket is protocol agnostic and requires +// a network filter which understands protocol exchange and a state machine to signal to the StartTls +// transport socket when a switch to TLS is required. + +// Configuration for StartTls transport socket. +// StartTls transport socket wraps two sockets: +// - raw_buffer socket which is used at the beginning of the session +// - TLS socket used when a protocol negotiates a switch to encrypted traffic. +message StartTlsConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.starttls.v3.StartTlsConfig"; + + // (optional) Configuration for clear-text socket used at the beginning of the session. + raw_buffer.v3.RawBuffer cleartext_socket_config = 1; + + // Configuration for TLS socket. + transport_sockets.tls.v4alpha.DownstreamTlsContext tls_socket_config = 2 + [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto index a7b9360d2..2b545b35e 100644 --- a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto +++ b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto @@ -128,16 +128,37 @@ message PrivateKeyProvider { } } -// [#next-free-field: 7] +// [#next-free-field: 8] message TlsCertificate { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsCertificate"; // The TLS certificate chain. + // + // If *certificate_chain* is a filesystem path, a watch will be added to the + // parent directory for any file moves to support rotation. This currently + // only applies to dynamic secrets, when the *TlsCertificate* is delivered via + // SDS. config.core.v3.DataSource certificate_chain = 1; // The TLS private key. + // + // If *private_key* is a filesystem path, a watch will be added to the parent + // directory for any file moves to support rotation. This currently only + // applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS. config.core.v3.DataSource private_key = 2 [(udpa.annotations.sensitive) = true]; + // If specified, updates of file-based *certificate_chain* and *private_key* + // sources will be triggered by this watch. The certificate/key pair will be + // read together and validated for atomic read consistency (i.e. no + // intervening modification occurred between cert/key read, verified by file + // hash comparisons). This allows explicit control over the path watched, by + // default the parent directories of the filesystem paths in + // *certificate_chain* and *private_key* are watched if this field is not + // specified. This only applies when a *TlsCertificate* is delivered by SDS + // with references to filesystem paths. See the :ref:`SDS key rotation + // ` documentation for further details. + config.core.v3.WatchedDirectory watched_directory = 7; + // BoringSSL private key method provider. This is an alternative to :ref:`private_key // ` field. This can't be // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key @@ -191,7 +212,7 @@ message TlsSessionTicketKeys { [(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true]; } -// [#next-free-field: 11] +// [#next-free-field: 12] message CertificateValidationContext { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CertificateValidationContext"; @@ -233,8 +254,22 @@ message CertificateValidationContext { // // See :ref:`the TLS overview ` for a list of common // system CA locations. + // + // If *trusted_ca* is a filesystem path, a watch will be added to the parent + // directory for any file moves to support rotation. This currently only + // applies to dynamic secrets, when the *CertificateValidationContext* is + // delivered via SDS. config.core.v3.DataSource trusted_ca = 1; + // If specified, updates of a file-based *trusted_ca* source will be triggered + // by this watch. This allows explicit control over the path watched, by + // default the parent directory of the filesystem path in *trusted_ca* is + // watched if this field is not specified. This only applies when a + // *CertificateValidationContext* is delivered by SDS with references to + // filesystem paths. See the :ref:`SDS key rotation ` + // documentation for further details. + config.core.v3.WatchedDirectory watched_directory = 11; + // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate // matches one of the specified values. @@ -297,8 +332,8 @@ message CertificateValidationContext { repeated string verify_certificate_hash = 2 [(validate.rules).repeated = {items {string {min_len: 64 max_bytes: 95}}}]; - // An optional list of Subject Alternative name matchers. Envoy will verify that the - // Subject Alternative Name of the presented certificate matches one of the specified matches. + // An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the + // Subject Alternative Name of the presented certificate matches one of the specified matchers. // // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be // configured with exact match type in the :ref:`string matcher `. diff --git a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto index 80c68a56f..bb9e8df33 100644 --- a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto +++ b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto @@ -6,12 +6,11 @@ import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/config_source.proto"; import "envoy/extensions/transport_sockets/tls/v3/common.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "udpa/annotations/migrate.proto"; import "udpa/annotations/sensitive.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3"; option java_outer_classname = "SecretProto"; @@ -30,15 +29,10 @@ message GenericSecret { message SdsSecretConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.SdsSecretConfig"; - // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. - // When both name and config are specified, then secret can be fetched and/or reloaded via - // SDS. When only name is specified, then secret will be loaded from static resources. - string name = 1 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Resource locator for SDS. This is mutually exclusive to *name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator sds_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + // Name by which the secret can be uniquely referred to. When both name and config are specified, + // then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret + // will be loaded from static resources. + string name = 1 [(validate.rules).string = {min_len: 1}]; config.core.v3.ConfigSource sds_config = 2; } diff --git a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/common.proto b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/common.proto index 3608f93ff..30859bc2a 100644 --- a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/common.proto +++ b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/common.proto @@ -129,17 +129,38 @@ message PrivateKeyProvider { } } -// [#next-free-field: 7] +// [#next-free-field: 8] message TlsCertificate { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.transport_sockets.tls.v3.TlsCertificate"; // The TLS certificate chain. + // + // If *certificate_chain* is a filesystem path, a watch will be added to the + // parent directory for any file moves to support rotation. This currently + // only applies to dynamic secrets, when the *TlsCertificate* is delivered via + // SDS. config.core.v4alpha.DataSource certificate_chain = 1; // The TLS private key. + // + // If *private_key* is a filesystem path, a watch will be added to the parent + // directory for any file moves to support rotation. This currently only + // applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS. config.core.v4alpha.DataSource private_key = 2 [(udpa.annotations.sensitive) = true]; + // If specified, updates of file-based *certificate_chain* and *private_key* + // sources will be triggered by this watch. The certificate/key pair will be + // read together and validated for atomic read consistency (i.e. no + // intervening modification occurred between cert/key read, verified by file + // hash comparisons). This allows explicit control over the path watched, by + // default the parent directories of the filesystem paths in + // *certificate_chain* and *private_key* are watched if this field is not + // specified. This only applies when a *TlsCertificate* is delivered by SDS + // with references to filesystem paths. See the :ref:`SDS key rotation + // ` documentation for further details. + config.core.v4alpha.WatchedDirectory watched_directory = 7; + // BoringSSL private key method provider. This is an alternative to :ref:`private_key // ` field. This can't be // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key @@ -193,7 +214,7 @@ message TlsSessionTicketKeys { [(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true]; } -// [#next-free-field: 11] +// [#next-free-field: 12] message CertificateValidationContext { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext"; @@ -235,8 +256,22 @@ message CertificateValidationContext { // // See :ref:`the TLS overview ` for a list of common // system CA locations. + // + // If *trusted_ca* is a filesystem path, a watch will be added to the parent + // directory for any file moves to support rotation. This currently only + // applies to dynamic secrets, when the *CertificateValidationContext* is + // delivered via SDS. config.core.v4alpha.DataSource trusted_ca = 1; + // If specified, updates of a file-based *trusted_ca* source will be triggered + // by this watch. This allows explicit control over the path watched, by + // default the parent directory of the filesystem path in *trusted_ca* is + // watched if this field is not specified. This only applies when a + // *CertificateValidationContext* is delivered by SDS with references to + // filesystem paths. See the :ref:`SDS key rotation ` + // documentation for further details. + config.core.v4alpha.WatchedDirectory watched_directory = 11; + // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate // matches one of the specified values. @@ -299,8 +334,8 @@ message CertificateValidationContext { repeated string verify_certificate_hash = 2 [(validate.rules).repeated = {items {string {min_len: 64 max_bytes: 95}}}]; - // An optional list of Subject Alternative name matchers. Envoy will verify that the - // Subject Alternative Name of the presented certificate matches one of the specified matches. + // An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the + // Subject Alternative Name of the presented certificate matches one of the specified matchers. // // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be // configured with exact match type in the :ref:`string matcher `. diff --git a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/secret.proto b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/secret.proto index 11306f214..5bb8c86b9 100644 --- a/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/secret.proto +++ b/api/src/main/proto/envoy/extensions/transport_sockets/tls/v4alpha/secret.proto @@ -6,11 +6,10 @@ import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/config_source.proto"; import "envoy/extensions/transport_sockets/tls/v4alpha/common.proto"; -import "udpa/core/v1/resource_locator.proto"; - import "udpa/annotations/sensitive.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v4alpha"; option java_outer_classname = "SecretProto"; @@ -31,16 +30,10 @@ message SdsSecretConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig"; - oneof name_specifier { - // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. - // When both name and config are specified, then secret can be fetched and/or reloaded via - // SDS. When only name is specified, then secret will be loaded from static resources. - string name = 1; - - // Resource locator for SDS. This is mutually exclusive to *name*. - // [#not-implemented-hide:] - udpa.core.v1.ResourceLocator sds_resource_locator = 3; - } + // Name by which the secret can be uniquely referred to. When both name and config are specified, + // then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret + // will be loaded from static resources. + string name = 1 [(validate.rules).string = {min_len: 1}]; config.core.v4alpha.ConfigSource sds_config = 2; } diff --git a/api/src/main/proto/envoy/extensions/upstreams/http/v3/http_protocol_options.proto b/api/src/main/proto/envoy/extensions/upstreams/http/v3/http_protocol_options.proto new file mode 100644 index 000000000..e7cf42df2 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/upstreams/http/v3/http_protocol_options.proto @@ -0,0 +1,117 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.v3; + +import "envoy/config/core/v3/protocol.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.v3"; +option java_outer_classname = "HttpProtocolOptionsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: HTTP Protocol Options] +// [#extension: envoy.upstreams.http.http_protocol_options] + +// HttpProtocolOptions specifies Http upstream protocol options. This object +// is used in +// :ref:`typed_extension_protocol_options`, +// keyed by the name `envoy.extensions.upstreams.http.v3.HttpProtocolOptions`. +// +// This controls what protocol(s) should be used for upstream and how said protocol(s) are configured. +// +// This replaces the prior pattern of explicit protocol configuration directly +// in the cluster. So a configuration like this, explicitly configuring the use of HTTP/2 upstream: +// +// .. code:: +// +// clusters: +// - name: some_service +// connect_timeout: 5s +// upstream_http_protocol_options: +// auto_sni: true +// common_http_protocol_options: +// idle_timeout: 1s +// http2_protocol_options: +// max_concurrent_streams: 100 +// .... [further cluster config] +// +// Would now look like this: +// +// .. code:: +// +// clusters: +// - name: some_service +// connect_timeout: 5s +// typed_extension_protocol_options: +// envoy.extensions.upstreams.http.v3.HttpProtocolOptions: +// "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions +// upstream_http_protocol_options: +// auto_sni: true +// common_http_protocol_options: +// idle_timeout: 1s +// explicit_http_config: +// http2_protocol_options: +// max_concurrent_streams: 100 +// .... [further cluster config] +// [#next-free-field: 6] +message HttpProtocolOptions { + // If this is used, the cluster will only operate on one of the possible upstream protocols (HTTP/1.1, HTTP/2). + // Note that HTTP/2 should generally be used for upstream clusters doing gRPC. + message ExplicitHttpConfig { + oneof protocol_config { + option (validate.required) = true; + + config.core.v3.Http1ProtocolOptions http_protocol_options = 1; + + config.core.v3.Http2ProtocolOptions http2_protocol_options = 2; + } + } + + // If this is used, the cluster can use either of the configured protocols, and + // will use whichever protocol was used by the downstream connection. + message UseDownstreamHttpConfig { + config.core.v3.Http1ProtocolOptions http_protocol_options = 1; + + config.core.v3.Http2ProtocolOptions http2_protocol_options = 2; + } + + // If this is used, the cluster can use either HTTP/1 or HTTP/2, and will use whichever + // protocol is negotiated by ALPN with the upstream. + // Clusters configured with *AutoHttpConfig* will use the highest available + // protocol; HTTP/2 if supported, otherwise HTTP/1. + // If the upstream does not support ALPN, *AutoHttpConfig* will fail over to HTTP/1. + // This can only be used with transport sockets which support ALPN. Using a + // transport socket which does not support ALPN will result in configuration + // failure. The transport layer may be configured with custom ALPN, but the default ALPN + // for the cluster (or if custom ALPN fails) will be "h2,http/1.1". + message AutoHttpConfig { + config.core.v3.Http1ProtocolOptions http_protocol_options = 1; + + config.core.v3.Http2ProtocolOptions http2_protocol_options = 2; + } + + // This contains options common across HTTP/1 and HTTP/2 + config.core.v3.HttpProtocolOptions common_http_protocol_options = 1; + + // This contains common protocol options which are only applied upstream. + config.core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 2; + + // This controls the actual protocol to be used upstream. + oneof upstream_protocol_options { + option (validate.required) = true; + + // To explicitly configure either HTTP/1 or HTTP/2 (but not both!) use *explicit_http_config*. + // If the *explicit_http_config* is empty, HTTP/1.1 is used. + ExplicitHttpConfig explicit_http_config = 3; + + // This allows switching on protocol based on what protocol the downstream + // connection used. + UseDownstreamHttpConfig use_downstream_protocol_config = 4; + + // This allows switching on protocol based on ALPN + AutoHttpConfig auto_config = 5; + } +} diff --git a/api/src/main/proto/envoy/extensions/upstreams/http/v4alpha/http_protocol_options.proto b/api/src/main/proto/envoy/extensions/upstreams/http/v4alpha/http_protocol_options.proto new file mode 100644 index 000000000..277ceb9aa --- /dev/null +++ b/api/src/main/proto/envoy/extensions/upstreams/http/v4alpha/http_protocol_options.proto @@ -0,0 +1,130 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.http.v4alpha; + +import "envoy/config/core/v4alpha/protocol.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.v4alpha"; +option java_outer_classname = "HttpProtocolOptionsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP Protocol Options] +// [#extension: envoy.upstreams.http.http_protocol_options] + +// HttpProtocolOptions specifies Http upstream protocol options. This object +// is used in +// :ref:`typed_extension_protocol_options`, +// keyed by the name `envoy.extensions.upstreams.http.v3.HttpProtocolOptions`. +// +// This controls what protocol(s) should be used for upstream and how said protocol(s) are configured. +// +// This replaces the prior pattern of explicit protocol configuration directly +// in the cluster. So a configuration like this, explicitly configuring the use of HTTP/2 upstream: +// +// .. code:: +// +// clusters: +// - name: some_service +// connect_timeout: 5s +// upstream_http_protocol_options: +// auto_sni: true +// common_http_protocol_options: +// idle_timeout: 1s +// http2_protocol_options: +// max_concurrent_streams: 100 +// .... [further cluster config] +// +// Would now look like this: +// +// .. code:: +// +// clusters: +// - name: some_service +// connect_timeout: 5s +// typed_extension_protocol_options: +// envoy.extensions.upstreams.http.v3.HttpProtocolOptions: +// "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions +// upstream_http_protocol_options: +// auto_sni: true +// common_http_protocol_options: +// idle_timeout: 1s +// explicit_http_config: +// http2_protocol_options: +// max_concurrent_streams: 100 +// .... [further cluster config] +// [#next-free-field: 6] +message HttpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions"; + + // If this is used, the cluster will only operate on one of the possible upstream protocols (HTTP/1.1, HTTP/2). + // Note that HTTP/2 should generally be used for upstream clusters doing gRPC. + message ExplicitHttpConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions.ExplicitHttpConfig"; + + oneof protocol_config { + option (validate.required) = true; + + config.core.v4alpha.Http1ProtocolOptions http_protocol_options = 1; + + config.core.v4alpha.Http2ProtocolOptions http2_protocol_options = 2; + } + } + + // If this is used, the cluster can use either of the configured protocols, and + // will use whichever protocol was used by the downstream connection. + message UseDownstreamHttpConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions.UseDownstreamHttpConfig"; + + config.core.v4alpha.Http1ProtocolOptions http_protocol_options = 1; + + config.core.v4alpha.Http2ProtocolOptions http2_protocol_options = 2; + } + + // If this is used, the cluster can use either HTTP/1 or HTTP/2, and will use whichever + // protocol is negotiated by ALPN with the upstream. + // Clusters configured with *AutoHttpConfig* will use the highest available + // protocol; HTTP/2 if supported, otherwise HTTP/1. + // If the upstream does not support ALPN, *AutoHttpConfig* will fail over to HTTP/1. + // This can only be used with transport sockets which support ALPN. Using a + // transport socket which does not support ALPN will result in configuration + // failure. The transport layer may be configured with custom ALPN, but the default ALPN + // for the cluster (or if custom ALPN fails) will be "h2,http/1.1". + message AutoHttpConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions.AutoHttpConfig"; + + config.core.v4alpha.Http1ProtocolOptions http_protocol_options = 1; + + config.core.v4alpha.Http2ProtocolOptions http2_protocol_options = 2; + } + + // This contains options common across HTTP/1 and HTTP/2 + config.core.v4alpha.HttpProtocolOptions common_http_protocol_options = 1; + + // This contains common protocol options which are only applied upstream. + config.core.v4alpha.UpstreamHttpProtocolOptions upstream_http_protocol_options = 2; + + // This controls the actual protocol to be used upstream. + oneof upstream_protocol_options { + option (validate.required) = true; + + // To explicitly configure either HTTP/1 or HTTP/2 (but not both!) use *explicit_http_config*. + // If the *explicit_http_config* is empty, HTTP/1.1 is used. + ExplicitHttpConfig explicit_http_config = 3; + + // This allows switching on protocol based on what protocol the downstream + // connection used. + UseDownstreamHttpConfig use_downstream_protocol_config = 4; + + // This allows switching on protocol based on ALPN + AutoHttpConfig auto_config = 5; + } +} diff --git a/api/src/main/proto/envoy/extensions/upstreams/tcp/generic/v3/generic_connection_pool.proto b/api/src/main/proto/envoy/extensions/upstreams/tcp/generic/v3/generic_connection_pool.proto new file mode 100644 index 000000000..5754491b9 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/upstreams/tcp/generic/v3/generic_connection_pool.proto @@ -0,0 +1,18 @@ +syntax = "proto3"; + +package envoy.extensions.upstreams.tcp.generic.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.upstreams.tcp.generic.v3"; +option java_outer_classname = "GenericConnectionPoolProtoOuterClass"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Generic Connection Pool] + +// A connection pool which forwards downstream TCP as TCP or HTTP to upstream, +// based on CONNECT configuration. +// [#extension: envoy.upstreams.tcp.generic] +message GenericConnectionPoolProto { +} diff --git a/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto b/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto index c036603c5..c6affb810 100644 --- a/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto +++ b/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto @@ -16,8 +16,8 @@ option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Wasm] +// [#extension: envoy.bootstrap.wasm] -// [[#not-implemented-hide:] // Configuration for a Wasm VM. // [#next-free-field: 7] message VmConfig { @@ -28,7 +28,29 @@ message VmConfig { // See ref: "TODO: add ref" for details. string vm_id = 1; - // The Wasm runtime type (either "v8" or "null" for code compiled into Envoy). + // The Wasm runtime type. + // Available Wasm runtime types are registered as extensions. The following runtimes are included + // in Envoy code base: + // + // .. _extension_envoy.wasm.runtime.null: + // + // **envoy.wasm.runtime.null**: Null sandbox, the Wasm module must be compiled and linked into the + // Envoy binary. The registered name is given in the *code* field as *inline_string*. + // + // .. _extension_envoy.wasm.runtime.v8: + // + // **envoy.wasm.runtime.v8**: `V8 `_-based WebAssembly runtime. + // + // .. _extension_envoy.wasm.runtime.wavm: + // + // **envoy.wasm.runtime.wavm**: `WAVM `_-based WebAssembly runtime. + // This runtime is not enabled in the official build. + // + // .. _extension_envoy.wasm.runtime.wasmtime: + // + // **envoy.wasm.runtime.wasmtime**: `Wasmtime `_-based WebAssembly runtime. + // This runtime is not enabled in the official build. + // string runtime = 2 [(validate.rules).string = {min_len: 1}]; // The Wasm code that Envoy will execute. @@ -51,7 +73,6 @@ message VmConfig { bool nack_on_code_cache_miss = 6; } -// [[#not-implemented-hide:] // Base Configuration for Wasm Plugins e.g. filters and services. // [#next-free-field: 6] message PluginConfig { @@ -66,9 +87,9 @@ message PluginConfig { string root_id = 2; // Configuration for finding or starting VM. - oneof vm_config { - VmConfig inline_vm_config = 3; - // In the future add referential VM configurations. + oneof vm { + VmConfig vm_config = 3; + // TODO: add referential VM configurations. } // Filter/service configuration used to configure or reconfigure a plugin @@ -86,7 +107,6 @@ message PluginConfig { bool fail_open = 5; } -// [[#not-implemented-hide:] // WasmService is configured as a built-in *envoy.wasm_service* :ref:`WasmService // ` This opaque configuration will be used to create a Wasm Service. message WasmService { diff --git a/api/src/main/proto/envoy/extensions/watchdog/abort_action/v3alpha/abort_action.proto b/api/src/main/proto/envoy/extensions/watchdog/abort_action/v3alpha/abort_action.proto deleted file mode 100644 index 7d793be82..000000000 --- a/api/src/main/proto/envoy/extensions/watchdog/abort_action/v3alpha/abort_action.proto +++ /dev/null @@ -1,32 +0,0 @@ -syntax = "proto3"; - -package envoy.extensions.watchdog.abort_action.v3alpha; - -import "google/protobuf/duration.proto"; - -import "udpa/annotations/status.proto"; -import "udpa/annotations/versioning.proto"; -import "validate/validate.proto"; - -option java_package = "io.envoyproxy.envoy.extensions.watchdog.abort_action.v3alpha"; -option java_outer_classname = "AbortActionProto"; -option java_multiple_files = true; -option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; - -// [#protodoc-title: Watchdog Action that sends a SIGABRT to kill the process.] -// [#extension: envoy.watchdog.abort_action] - -// A GuardDogAction that will terminate the process by sending SIGABRT to the -// stuck thread. This would allow easier access to the call stack of the stuck -// thread since we would run signal handlers on that thread. This would be -// more useful than the default watchdog kill behaviors since those PANIC -// from the watchdog's thread. - -// This is currently only implemented for systems that support kill to send -// signals. -message AbortActionConfig { - // How long to wait for the thread to respond to the SIGABRT before killing the - // process from this action. This is a blocking action. - google.protobuf.Duration wait_duration = 1; -} diff --git a/api/src/main/proto/envoy/service/accesslog/v4alpha/als.proto b/api/src/main/proto/envoy/service/accesslog/v4alpha/als.proto index e7e96583f..e2c8bbbc8 100644 --- a/api/src/main/proto/envoy/service/accesslog/v4alpha/als.proto +++ b/api/src/main/proto/envoy/service/accesslog/v4alpha/als.proto @@ -49,7 +49,7 @@ message StreamAccessLogsMessage { config.core.v4alpha.Node node = 1 [(validate.rules).message = {required: true}]; // The friendly name of the log configured in :ref:`CommonGrpcAccessLogConfig - // `. + // `. string log_name = 2 [(validate.rules).string = {min_len: 1}]; } diff --git a/api/src/main/proto/envoy/service/discovery/v3/discovery.proto b/api/src/main/proto/envoy/service/discovery/v3/discovery.proto index 404795392..b61da9741 100644 --- a/api/src/main/proto/envoy/service/discovery/v3/discovery.proto +++ b/api/src/main/proto/envoy/service/discovery/v3/discovery.proto @@ -5,11 +5,9 @@ package envoy.service.discovery.v3; import "envoy/config/core/v3/base.proto"; import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; import "google/rpc/status.proto"; -import "udpa/core/v1/resource_locator.proto"; -import "udpa/core/v1/resource_name.proto"; - import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -144,7 +142,7 @@ message DiscoveryResponse { // In particular, initial_resource_versions being sent at the "start" of every // gRPC stream actually entails a message for each type_url, each with its own // initial_resource_versions. -// [#next-free-field: 10] +// [#next-free-field: 8] message DeltaDiscoveryRequest { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DeltaDiscoveryRequest"; @@ -153,8 +151,8 @@ message DeltaDiscoveryRequest { // Type of the resource that is being requested, e.g. // "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment". This does not need to be set if - // resources are only referenced via *udpa_resource_subscribe* and - // *udpa_resources_unsubscribe*. + // resources are only referenced via *xds_resource_subscribe* and + // *xds_resources_unsubscribe*. string type_url = 2; // DeltaDiscoveryRequests allow the client to add or remove individual @@ -180,22 +178,9 @@ message DeltaDiscoveryRequest { // A list of Resource names to add to the list of tracked resources. repeated string resource_names_subscribe = 3; - // As with *resource_names_subscribe* but used when subscribing to resources indicated - // by a *udpa.core.v1.ResourceLocator*. The directives in the resource locator - // are ignored and the context parameters are matched with - // *context_param_specifier* specific semantics. - // [#not-implemented-hide:] - repeated udpa.core.v1.ResourceLocator udpa_resources_subscribe = 8; - // A list of Resource names to remove from the list of tracked resources. repeated string resource_names_unsubscribe = 4; - // As with *resource_names_unsubscribe* but used when unsubscribing to resources indicated by a - // *udpa.core.v1.ResourceLocator*. This must match a previously subscribed - // resource locator provided in *udpa_resources_subscribe*. - // [#not-implemented-hide:] - repeated udpa.core.v1.ResourceLocator udpa_resources_unsubscribe = 9; - // Informs the server of the versions of the resources the xDS client knows of, to enable the // client to continue the same logical xDS session even in the face of gRPC stream reconnection. // It will not be populated: [1] in the very first stream of a session, since the client will @@ -218,7 +203,7 @@ message DeltaDiscoveryRequest { google.rpc.Status error_detail = 7; } -// [#next-free-field: 8] +// [#next-free-field: 7] message DeltaDiscoveryResponse { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DeltaDiscoveryResponse"; @@ -234,34 +219,32 @@ message DeltaDiscoveryResponse { // Type URL for resources. Identifies the xDS API when muxing over ADS. // Must be consistent with the type_url in the Any within 'resources' if 'resources' is non-empty. - // This does not need to be set if *udpa_removed_resources* is used instead of - // *removed_resources*. string type_url = 4; // Resources names of resources that have be deleted and to be removed from the xDS Client. // Removed resources for missing resources can be ignored. repeated string removed_resources = 6; - // As with *removed_resources* but used when a removed resource was named in - // its *Resource*s with a *udpa.core.v1.ResourceName*. - // [#not-implemented-hide:] - repeated udpa.core.v1.ResourceName udpa_removed_resources = 7; - // The nonce provides a way for DeltaDiscoveryRequests to uniquely // reference a DeltaDiscoveryResponse when (N)ACKing. The nonce is required. string nonce = 5; } -// [#next-free-field: 6] +// [#next-free-field: 8] message Resource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Resource"; - // The resource's name, to distinguish it from others of the same type of resource. - string name = 3 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + // Cache control properties for the resource. + // [#not-implemented-hide:] + message CacheControl { + // If true, xDS proxies may not cache this resource. + // Note that this does not apply to clients other than xDS proxies, which must cache resources + // for their own use, regardless of the value of this field. + bool do_not_cache = 1; + } - // Used instead of *name* when a resource with a *udpa.core.v1.ResourceName* is delivered. - udpa.core.v1.ResourceName udpa_resource_name = 5 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + // The resource's name, to distinguish it from others of the same type of resource. + string name = 3; // The aliases are a list of other names that this resource can go by. repeated string aliases = 4; @@ -272,4 +255,23 @@ message Resource { // The resource being tracked. google.protobuf.Any resource = 2; + + // Time-to-live value for the resource. For each resource, a timer is started. The timer is + // reset each time the resource is received with a new TTL. If the resource is received with + // no TTL set, the timer is removed for the resource. Upon expiration of the timer, the + // configuration for the resource will be removed. + // + // The TTL can be refreshed or changed by sending a response that doesn't change the resource + // version. In this case the resource field does not need to be populated, which allows for + // light-weight "heartbeat" updates to keep a resource with a TTL alive. + // + // The TTL feature is meant to support configurations that should be removed in the event of + // a management server failure. For example, the feature may be used for fault injection + // testing where the fault injection should be terminated in the event that Envoy loses contact + // with the management server. + google.protobuf.Duration ttl = 6; + + // Cache control properties for the resource. + // [#not-implemented-hide:] + CacheControl cache_control = 7; } diff --git a/api/src/main/proto/envoy/service/discovery/v4alpha/discovery.proto b/api/src/main/proto/envoy/service/discovery/v4alpha/discovery.proto index 3f5dca95c..f292718a1 100644 --- a/api/src/main/proto/envoy/service/discovery/v4alpha/discovery.proto +++ b/api/src/main/proto/envoy/service/discovery/v4alpha/discovery.proto @@ -5,11 +5,9 @@ package envoy.service.discovery.v4alpha; import "envoy/config/core/v4alpha/base.proto"; import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; import "google/rpc/status.proto"; -import "udpa/core/v1/resource_locator.proto"; -import "udpa/core/v1/resource_name.proto"; - import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -145,7 +143,7 @@ message DiscoveryResponse { // In particular, initial_resource_versions being sent at the "start" of every // gRPC stream actually entails a message for each type_url, each with its own // initial_resource_versions. -// [#next-free-field: 10] +// [#next-free-field: 8] message DeltaDiscoveryRequest { option (udpa.annotations.versioning).previous_message_type = "envoy.service.discovery.v3.DeltaDiscoveryRequest"; @@ -155,8 +153,8 @@ message DeltaDiscoveryRequest { // Type of the resource that is being requested, e.g. // "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment". This does not need to be set if - // resources are only referenced via *udpa_resource_subscribe* and - // *udpa_resources_unsubscribe*. + // resources are only referenced via *xds_resource_subscribe* and + // *xds_resources_unsubscribe*. string type_url = 2; // DeltaDiscoveryRequests allow the client to add or remove individual @@ -182,22 +180,9 @@ message DeltaDiscoveryRequest { // A list of Resource names to add to the list of tracked resources. repeated string resource_names_subscribe = 3; - // As with *resource_names_subscribe* but used when subscribing to resources indicated - // by a *udpa.core.v1.ResourceLocator*. The directives in the resource locator - // are ignored and the context parameters are matched with - // *context_param_specifier* specific semantics. - // [#not-implemented-hide:] - repeated udpa.core.v1.ResourceLocator udpa_resources_subscribe = 8; - // A list of Resource names to remove from the list of tracked resources. repeated string resource_names_unsubscribe = 4; - // As with *resource_names_unsubscribe* but used when unsubscribing to resources indicated by a - // *udpa.core.v1.ResourceLocator*. This must match a previously subscribed - // resource locator provided in *udpa_resources_subscribe*. - // [#not-implemented-hide:] - repeated udpa.core.v1.ResourceLocator udpa_resources_unsubscribe = 9; - // Informs the server of the versions of the resources the xDS client knows of, to enable the // client to continue the same logical xDS session even in the face of gRPC stream reconnection. // It will not be populated: [1] in the very first stream of a session, since the client will @@ -220,7 +205,7 @@ message DeltaDiscoveryRequest { google.rpc.Status error_detail = 7; } -// [#next-free-field: 8] +// [#next-free-field: 7] message DeltaDiscoveryResponse { option (udpa.annotations.versioning).previous_message_type = "envoy.service.discovery.v3.DeltaDiscoveryResponse"; @@ -236,37 +221,37 @@ message DeltaDiscoveryResponse { // Type URL for resources. Identifies the xDS API when muxing over ADS. // Must be consistent with the type_url in the Any within 'resources' if 'resources' is non-empty. - // This does not need to be set if *udpa_removed_resources* is used instead of - // *removed_resources*. string type_url = 4; // Resources names of resources that have be deleted and to be removed from the xDS Client. // Removed resources for missing resources can be ignored. repeated string removed_resources = 6; - // As with *removed_resources* but used when a removed resource was named in - // its *Resource*s with a *udpa.core.v1.ResourceName*. - // [#not-implemented-hide:] - repeated udpa.core.v1.ResourceName udpa_removed_resources = 7; - // The nonce provides a way for DeltaDiscoveryRequests to uniquely // reference a DeltaDiscoveryResponse when (N)ACKing. The nonce is required. string nonce = 5; } -// [#next-free-field: 6] +// [#next-free-field: 8] message Resource { option (udpa.annotations.versioning).previous_message_type = "envoy.service.discovery.v3.Resource"; - oneof name_specifier { - // The resource's name, to distinguish it from others of the same type of resource. - string name = 3; - - // Used instead of *name* when a resource with a *udpa.core.v1.ResourceName* is delivered. - udpa.core.v1.ResourceName udpa_resource_name = 5; + // Cache control properties for the resource. + // [#not-implemented-hide:] + message CacheControl { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.discovery.v3.Resource.CacheControl"; + + // If true, xDS proxies may not cache this resource. + // Note that this does not apply to clients other than xDS proxies, which must cache resources + // for their own use, regardless of the value of this field. + bool do_not_cache = 1; } + // The resource's name, to distinguish it from others of the same type of resource. + string name = 3; + // The aliases are a list of other names that this resource can go by. repeated string aliases = 4; @@ -276,4 +261,23 @@ message Resource { // The resource being tracked. google.protobuf.Any resource = 2; + + // Time-to-live value for the resource. For each resource, a timer is started. The timer is + // reset each time the resource is received with a new TTL. If the resource is received with + // no TTL set, the timer is removed for the resource. Upon expiration of the timer, the + // configuration for the resource will be removed. + // + // The TTL can be refreshed or changed by sending a response that doesn't change the resource + // version. In this case the resource field does not need to be populated, which allows for + // light-weight "heartbeat" updates to keep a resource with a TTL alive. + // + // The TTL feature is meant to support configurations that should be removed in the event of + // a management server failure. For example, the feature may be used for fault injection + // testing where the fault injection should be terminated in the event that Envoy loses contact + // with the management server. + google.protobuf.Duration ttl = 6; + + // Cache control properties for the resource. + // [#not-implemented-hide:] + CacheControl cache_control = 7; } diff --git a/api/src/main/proto/envoy/service/ext_proc/v3alpha/external_processor.proto b/api/src/main/proto/envoy/service/ext_proc/v3alpha/external_processor.proto new file mode 100644 index 000000000..5b0696bfc --- /dev/null +++ b/api/src/main/proto/envoy/service/ext_proc/v3alpha/external_processor.proto @@ -0,0 +1,311 @@ +syntax = "proto3"; + +package envoy.service.ext_proc.v3alpha; + +import "envoy/config/core/v3/base.proto"; +import "envoy/extensions/filters/http/ext_proc/v3alpha/processing_mode.proto"; +import "envoy/type/v3/http_status.proto"; + +import "google/protobuf/struct.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.service.ext_proc.v3alpha"; +option java_outer_classname = "ExternalProcessorProto"; +option java_multiple_files = true; +option java_generic_services = true; +option (udpa.annotations.file_status).work_in_progress = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: External Processing Service] + +// A service that can access and modify HTTP requests and responses +// as part of a filter chain. +// The overall external processing protocol works like this: +// +// 1. Envoy sends to the service information about the HTTP request. +// 2. The service sends back a ProcessingResponse message that directs Envoy +// to either stop processing, continue without it, or send it the +// next chunk of the message body. +// 3. If so requested, Envoy sends the server chunks of the message body, +// or the entire body at once. In either case, the server sends back +// a ProcessingResponse after each message it receives. +// 4. If so requested, Envoy sends the server the HTTP trailers, +// and the server sends back a ProcessingResponse. +// 5. At this point, request processing is done, and we pick up again +// at step 1 when Envoy receives a response from the upstream server. +// 6. At any point above, if the server closes the gRPC stream cleanly, +// then Envoy proceeds without consulting the server. +// 7. At any point above, if the server closes the gRPC stream with an error, +// then Envoy returns a 500 error to the client, unless the filter +// was configured to ignore errors. +// +// In other words, the process is a request/response conversation, but +// using a gRPC stream to make it easier for the server to +// maintain state. + +service ExternalProcessor { + // This begins the bidirectional stream that Envoy will use to + // give the server control over what the filter does. The actual + // protocol is described by the ProcessingRequest and ProcessingResponse + // messages below. + rpc Process(stream ProcessingRequest) returns (stream ProcessingResponse) { + } +} + +// This represents the different types of messages that Envoy can send +// to an external processing server. +// [#next-free-field: 8] +message ProcessingRequest { + // Specify whether the filter that sent this request is running in synchronous + // or asynchronous mode. If false, then the server must either respond + // with exactly one ProcessingResponse message or close the stream. + // If true, however, then the server must not respond with + // an additional message, although it may still close the stream. + // The choice of synchronous or asynchronous mode can be chosen in the + // filter configuration. + bool async_mode = 1; + + // Each request message will include one of the following sub-messages. Which + // ones are set for a particular HTTP request/response depend on the + // processing mode. + oneof request { + option (validate.required) = true; + + // Information about the HTTP request headers, as well as peer info and additional + // properties. If "response_required" is set, the server must send back a + // HeaderResponse message, an ImmediateResponse message, or close the stream. + HttpHeaders request_headers = 2; + + // Information about the HTTP response headers, as well as peer info and additional + // properties. If "response_required" is set, the server must send back a + // HeaderResponse message or close the stream. + HttpHeaders response_headers = 3; + + // A chunk of the HTTP request body. If "response_required" is set, the server must send back + // a BodyResponse message, an ImmediateResponse message, or close the stream. + HttpBody request_body = 4; + + // A chunk of the HTTP request body. If "response_required" is set, the server must send back + // a BodyResponse message or close the stream. + HttpBody response_body = 5; + + // The HTTP trailers for the request path. If "response_required" is set, the server + // must send back a TrailerResponse message or close the stream. + HttpTrailers request_trailers = 6; + + // The HTTP trailers for the response path. If "response_required" is set, the server + // must send back a TrailerResponse message or close the stream. + HttpTrailers response_trailers = 7; + } +} + +// For every ProcessingRequest received by the server with the "async_mode" field +// set to false, the server must send back exactly one ProcessingResponse message. +// [#next-free-field: 10] +message ProcessingResponse { + oneof response { + option (validate.required) = true; + + // The server must send back this message in response to a message with the + // "request_headers" field set. + HeadersResponse request_headers = 1; + + // The server must send back this message in response to a message with the + // "response_headers" field set. + HeadersResponse response_headers = 2; + + // The server must send back this message in response to a message with + // the "request_body" field set. + BodyResponse request_body = 3; + + // The server must send back this message in response to a message with + // the "response_body" field set. + BodyResponse response_body = 4; + + // The server must send back this message in response to a message with + // the "request_trailers" field set. + TrailersResponse request_trailers = 5; + + // The server must send back this message in response to a message with + // the "response_trailers" field set. + TrailersResponse response_trailers = 6; + + // If specified, attempt to create a locally generated response, send it + // downstream, and stop processing additional filters and ignore any + // additional messages received from the remote server for this request or + // response. If a response has already started -- for example, if this + // message is sent response to a "response_body" message -- then + // this will either ship the reply directly to the downstream codec, + // or reset the stream. + ImmediateResponse immediate_response = 7; + } + + // Optional metadata that will be emitted as dynamic metadata to be consumed by the next + // filter. This metadata will be placed in the namespace "envoy.filters.http.ext_proc". + google.protobuf.Struct dynamic_metadata = 8; + + // Override how parts of the HTTP request and response are processed + // for the duration of this particular request/response only. Servers + // may use this to intelligently control how requests are processed + // based on the headers and other metadata that they see. + envoy.extensions.filters.http.ext_proc.v3alpha.ProcessingMode mode_override = 9; +} + +// The following are messages that are sent to the server. + +// This message is sent to the external server when the HTTP request and responses +// are first received. +message HttpHeaders { + // The HTTP request headers. All header keys will be + // lower-cased, because HTTP header keys are case-insensitive. + config.core.v3.HeaderMap headers = 1; + + // The values of properties selected by the "request_attributes" + // or "response_attributes" list in the configuration. Each entry + // in the list is populated + // from the standard :ref:`attributes ` + // supported across Envoy. + map attributes = 2; + + // If true, then there is no message body associated with this + // request or response. + bool end_of_stream = 3; +} + +// This message contains the message body that Envoy sends to the external server. +message HttpBody { + bytes body = 1; + + bool end_of_stream = 2; +} + +// This message contains the trailers. +message HttpTrailers { + config.core.v3.HeaderMap trailers = 1; +} + +// The following are messages that may be sent back by the server. + +// This message must be sent in response to an HttpHeaders message. +message HeadersResponse { + CommonResponse response = 1; +} + +// This message must be sent in response to an HttpTrailers message. +message TrailersResponse { + // Instructions on how to manipulate the trailers + HeaderMutation header_mutation = 1; +} + +// This message must be sent in response to an HttpBody message. +message BodyResponse { + CommonResponse response = 1; +} + +// This message contains common fields between header and body responses. +// [#next-free-field: 6] +message CommonResponse { + enum ResponseStatus { + // Apply the mutation instructions in this message to the + // request or response, and then continue processing the filter + // stream as normal. This is the default. + CONTINUE = 0; + + // Replace the request or response with the contents + // of this message. If header_mutation is set, apply it to the + // headers. If body_mutation is set and contains a body, then add that + // body to the request or response, even if one does not already exist -- + // otherwise, clear the body. Any additional body and trailers + // received from downstream or upstream will be ignored. + // This can be used to add a body to a request or response that does not + // have one already. + CONTINUE_AND_REPLACE = 1; + } + + // If set, provide additional direction on how the Envoy proxy should + // handle the rest of the HTTP filter chain. + ResponseStatus status = 1 [(validate.rules).enum = {defined_only: true}]; + + // Instructions on how to manipulate the headers. When responding to an + // HttpBody request, header mutations will only take effect if the + // headers were not already sent further on the filter chain, which + // happens only if the current processing mode for the body is BUFFERED + // or BUFFERED_PARTIAL. + HeaderMutation header_mutation = 2; + + // Replace the body of the last message sent to the remote server on this + // stream. If responding to an HttpBody request, simply replace or clear + // the body chunk that was sent with that request. If responding to an + // HttpHeaders request, then a new body may be added to the request if this + // message is returned along with the CONTINUE_AND_REPLACE status. + BodyMutation body_mutation = 3; + + // Add new trailers to the message. This may be used when responding to either a + // HttpHeaders or HttpBody message, but only if this message is returned + // along with the CONTINUE_AND_REPLACE status. + config.core.v3.HeaderMap trailers = 4; + + // Clear the route cache for the current request. + // This is necessary if the remote server + // modified headers that are used to calculate the route. + bool clear_route_cache = 5; +} + +// This message causes the filter to attempt to create a locally +// generated response, send it downstream, stop processing +// additional filters, and ignore any additional messages received +// from the remote server for this request or response. If a response +// has already started, then this will either ship the reply directly +// to the downstream codec, or reset the stream. +// [#next-free-field: 6] +message ImmediateResponse { + // The response code to return + type.v3.HttpStatus status = 1 [(validate.rules).message = {required: true}]; + + // Apply changes to the default headers, which will include content-type. + HeaderMutation headers = 2; + + // The message body to return with the response which is sent using the + // text/plain content type, or encoded in the grpc-message header. + string body = 3; + + // If set, then include a gRPC status trailer. + GrpcStatus grpc_status = 4; + + // A string detailing why this local reply was sent, which may be included + // in log and debug output. + string details = 5; +} + +// This message specifies a gRPC status for an ImmediateResponse message. +message GrpcStatus { + // The actual gRPC status + uint32 status = 1; +} + +// Change HTTP headers or trailers by appending, replacing, or removing +// headers. +message HeaderMutation { + // Add or replace HTTP headers. Attempts to set the value of + // any "x-envoy" header, and attempts to set the ":method", + // ":authority", ":scheme", or "host" headers will be ignored. + repeated config.core.v3.HeaderValueOption set_headers = 1; + + // Remove these HTTP headers. Attempts to remove system headers -- + // any header starting with ":", plus "host" -- will be ignored. + repeated string remove_headers = 2; +} + +// Replace the entire message body chunk received in the corresponding +// HttpBody message with this new body, or clear the body. +message BodyMutation { + oneof mutation { + // The entire body to replace + bytes body = 1; + + // Clear the corresponding body chunk + bool clear_body = 2; + } +} diff --git a/api/src/main/proto/envoy/service/ratelimit/v3/rls.proto b/api/src/main/proto/envoy/service/ratelimit/v3/rls.proto index 42f24cfb0..0f040612e 100644 --- a/api/src/main/proto/envoy/service/ratelimit/v3/rls.proto +++ b/api/src/main/proto/envoy/service/ratelimit/v3/rls.proto @@ -6,6 +6,7 @@ import "envoy/config/core/v3/base.proto"; import "envoy/extensions/common/ratelimit/v3/ratelimit.proto"; import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -51,6 +52,7 @@ message RateLimitRequest { } // A response from a ShouldRateLimit call. +// [#next-free-field: 7] message RateLimitResponse { option (udpa.annotations.versioning).previous_message_type = "envoy.service.ratelimit.v2.RateLimitResponse"; @@ -131,4 +133,16 @@ message RateLimitResponse { // A list of headers to add to the request when forwarded repeated config.core.v3.HeaderValue request_headers_to_add = 4; + + // A response body to send to the downstream client when the response code is not OK. + bytes raw_body = 5; + + // Optional response metadata that will be emitted as dynamic metadata to be consumed by the next + // filter. This metadata lives in a namespace specified by the canonical name of extension filter + // that requires it: + // + // - :ref:`envoy.filters.http.ratelimit ` for HTTP filter. + // - :ref:`envoy.filters.network.ratelimit ` for network filter. + // - :ref:`envoy.filters.thrift.rate_limit ` for Thrift filter. + google.protobuf.Struct dynamic_metadata = 6; } diff --git a/api/src/main/proto/envoy/watchdog/v3alpha/abort_action.proto b/api/src/main/proto/envoy/watchdog/v3alpha/abort_action.proto new file mode 100644 index 000000000..3f47fddaa --- /dev/null +++ b/api/src/main/proto/envoy/watchdog/v3alpha/abort_action.proto @@ -0,0 +1,29 @@ +syntax = "proto3"; + +package envoy.watchdog.v3alpha; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.watchdog.v3alpha"; +option java_outer_classname = "AbortActionProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).work_in_progress = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Watchdog Action that kills a stuck thread to kill the process.] + +// A GuardDogAction that will terminate the process by killing the +// stuck thread. This would allow easier access to the call stack of the stuck +// thread since we would run signal handlers on that thread. By default +// this will be registered to run as the last watchdog action on KILL and +// MULTIKILL events if those are enabled. +message AbortActionConfig { + // How long to wait for the thread to respond to the thread kill function + // before killing the process from this action. This is a blocking action. + // By default this is 5 seconds. + google.protobuf.Duration wait_duration = 1; +} diff --git a/api/src/main/proto/udpa/core/v1/context_params.proto b/api/src/main/proto/udpa/core/v1/context_params.proto deleted file mode 100644 index ccc4638f0..000000000 --- a/api/src/main/proto/udpa/core/v1/context_params.proto +++ /dev/null @@ -1,16 +0,0 @@ -syntax = "proto3"; - -package udpa.core.v1; - -import "udpa/annotations/status.proto"; - -option java_outer_classname = "ContextParamsProto"; -option java_multiple_files = true; -option java_package = "com.github.udpa.udpa.core.v1"; - -option (udpa.annotations.file_status).work_in_progress = true; - -// Additional parameters that can be used to select resource variants. -message ContextParams { - map params = 1; -} diff --git a/api/src/main/proto/validate/validate.proto b/api/src/main/proto/validate/validate.proto index 7767f0aab..74d0a7e82 100644 --- a/api/src/main/proto/validate/validate.proto +++ b/api/src/main/proto/validate/validate.proto @@ -13,6 +13,8 @@ extend google.protobuf.MessageOptions { // Disabled nullifies any validation rules for this message, including any // message fields associated with it that do support validation. optional bool disabled = 1071; + // Ignore skips generation of validation methods for this message. + optional bool ignored = 1072; } // Validation rules applied at the oneof level diff --git a/api/src/main/proto/udpa/core/v1/authority.proto b/api/src/main/proto/xds/core/v3/authority.proto similarity index 82% rename from api/src/main/proto/udpa/core/v1/authority.proto rename to api/src/main/proto/xds/core/v3/authority.proto index f250a6cb0..49daf4b8c 100644 --- a/api/src/main/proto/udpa/core/v1/authority.proto +++ b/api/src/main/proto/xds/core/v3/authority.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package udpa.core.v1; +package xds.core.v3; import "udpa/annotations/status.proto"; @@ -8,11 +8,11 @@ import "validate/validate.proto"; option java_outer_classname = "AuthorityProto"; option java_multiple_files = true; -option java_package = "com.github.udpa.udpa.core.v1"; +option java_package = "com.github.udpa.xds.core.v3"; option (udpa.annotations.file_status).work_in_progress = true; -// UDPA authority information. +// xDS authority information. message Authority { string name = 1 [(validate.rules).string = {min_len: 1}]; diff --git a/api/src/main/proto/udpa/core/v1/collection_entry.proto b/api/src/main/proto/xds/core/v3/collection_entry.proto similarity index 87% rename from api/src/main/proto/udpa/core/v1/collection_entry.proto rename to api/src/main/proto/xds/core/v3/collection_entry.proto index 8e4f0c874..4ece240ca 100644 --- a/api/src/main/proto/udpa/core/v1/collection_entry.proto +++ b/api/src/main/proto/xds/core/v3/collection_entry.proto @@ -1,21 +1,21 @@ syntax = "proto3"; -package udpa.core.v1; +package xds.core.v3; import "google/protobuf/any.proto"; import "udpa/annotations/status.proto"; -import "udpa/core/v1/resource_locator.proto"; +import "xds/core/v3/resource_locator.proto"; import "validate/validate.proto"; option java_outer_classname = "CollectionEntryProto"; option java_multiple_files = true; -option java_package = "com.github.udpa.udpa.core.v1"; +option java_package = "com.github.udpa.xds.core.v3"; option (udpa.annotations.file_status).work_in_progress = true; -// UDPA collection resource wrapper. This encapsulates a UDPA resource when +// xDS collection resource wrapper. This encapsulates a xDS resource when // appearing inside a list collection resource. List collection resources are // regular Resource messages of type: // @@ -32,7 +32,7 @@ message CollectionEntry { // reference via the #entry directive in ResourceLocator. string name = 1 [(validate.rules).string.pattern = "^[0-9a-zA-Z_\\-\\.~:]+$"]; - // The resource's logical version. It is illegal to have the same named UDPA + // The resource's logical version. It is illegal to have the same named xDS // resource name at a given version with different resource payloads. string version = 2; diff --git a/api/src/main/proto/xds/core/v3/context_params.proto b/api/src/main/proto/xds/core/v3/context_params.proto new file mode 100644 index 000000000..8f27c1ca7 --- /dev/null +++ b/api/src/main/proto/xds/core/v3/context_params.proto @@ -0,0 +1,21 @@ +syntax = "proto3"; + +package xds.core.v3; + +import "udpa/annotations/status.proto"; + +option java_outer_classname = "ContextParamsProto"; +option java_multiple_files = true; +option java_package = "com.github.udpa.xds.core.v3"; + +option (udpa.annotations.file_status).work_in_progress = true; + +// Additional parameters that can be used to select resource variants. These include any +// global context parameters, per-resource type client feature capabilities and per-resource +// type functional attributes. All per-resource type attributes will be `xds.resource.` +// prefixed and some of these are documented below: +// `xds.resource.listening_address`: The value is "IP:port" (e.g. "10.1.1.3:8080") which is +// the listening address of a Listener. Used in a Listener resource query. +message ContextParams { + map params = 1; +} diff --git a/api/src/main/proto/udpa/core/v1/resource.proto b/api/src/main/proto/xds/core/v3/resource.proto similarity index 75% rename from api/src/main/proto/udpa/core/v1/resource.proto rename to api/src/main/proto/xds/core/v3/resource.proto index 780a12e48..3bf17a8a0 100644 --- a/api/src/main/proto/udpa/core/v1/resource.proto +++ b/api/src/main/proto/xds/core/v3/resource.proto @@ -1,25 +1,25 @@ syntax = "proto3"; -package udpa.core.v1; +package xds.core.v3; import "google/protobuf/any.proto"; import "udpa/annotations/status.proto"; -import "udpa/core/v1/resource_name.proto"; +import "xds/core/v3/resource_name.proto"; option java_outer_classname = "ResourceProto"; option java_multiple_files = true; -option java_package = "com.github.udpa.udpa.core.v1"; +option java_package = "com.github.udpa.xds.core.v3"; option (udpa.annotations.file_status).work_in_progress = true; -// UDPA resource wrapper. This encapsulates a UDPA resource when appearing in an +// xDS resource wrapper. This encapsulates a xDS resource when appearing in an // xDS transport discovery response or when accessed as a filesystem object. message Resource { // Resource name. This may be omitted for filesystem resources. ResourceName name = 1; - // The resource's logical version. It is illegal to have the same named UDPA + // The resource's logical version. It is illegal to have the same named xDS // resource name at a given version with different resource payloads. string version = 2; diff --git a/api/src/main/proto/udpa/core/v1/resource_locator.proto b/api/src/main/proto/xds/core/v3/resource_locator.proto similarity index 75% rename from api/src/main/proto/udpa/core/v1/resource_locator.proto rename to api/src/main/proto/xds/core/v3/resource_locator.proto index a3c903144..d7334394a 100644 --- a/api/src/main/proto/udpa/core/v1/resource_locator.proto +++ b/api/src/main/proto/xds/core/v3/resource_locator.proto @@ -1,38 +1,38 @@ syntax = "proto3"; -package udpa.core.v1; +package xds.core.v3; import "udpa/annotations/status.proto"; -import "udpa/core/v1/context_params.proto"; +import "xds/core/v3/context_params.proto"; import "validate/validate.proto"; option java_outer_classname = "ResourceLocatorProto"; option java_multiple_files = true; -option java_package = "com.github.udpa.udpa.core.v1"; +option java_package = "com.github.udpa.xds.core.v3"; option (udpa.annotations.file_status).work_in_progress = true; -// UDPA resource locators identify a UDPA resource name and instruct the +// xDS resource locators identify a xDS resource name and instruct the // data-plane load balancer on how the resource may be located. // -// Resource locators have a canonical udpa:// URI representation: +// Resource locators have a canonical xdstp:// URI representation: // -// udpa://{authority}/{type_url}/{id/*}?{context_params}{#directive,*} +// xdstp://{authority}/{type_url}/{id}?{context_params}{#directive,*} // // where context_params take the form of URI query parameters. // // Resource locators have a similar canonical http:// URI representation: // -// http://{authority}/{type_url}/{id/*}?{context_params}{#directive,*} +// http://{authority}/{type_url}/{id}?{context_params}{#directive,*} // // Resource locators also have a simplified file:// URI representation: // -// file:///{id/*}{#directive,*} +// file:///{id}{#directive,*} // message ResourceLocator { enum Scheme { - UDPA = 0; + XDSTP = 0; HTTP = 1; FILE = 2; } @@ -40,13 +40,13 @@ message ResourceLocator { // URI scheme. Scheme scheme = 1 [(validate.rules).enum = {defined_only: true}]; - // Opaque identifiers for the resource. These are effectively concatenated - // with ‘/’ to form the non-query param path as resource ID. This may end + // Opaque identifier for the resource. Any '/' will not be escaped during URI + // encoding and will form part of the URI path. This may end // with ‘*’ for glob collection references. - repeated string id = 2 [(validate.rules).repeated = {min_items: 1}]; + string id = 2; // Logical authority for resource (not necessarily transport network address). - // Authorities are opaque in the UDPA API, data-plane load balancers will map + // Authorities are opaque in the xDS API, data-plane load balancers will map // them to concrete network transports such as an xDS management server, e.g. // via envoy.config.core.v3.ConfigSource. string authority = 3; @@ -65,7 +65,7 @@ message ResourceLocator { // .. space reserved for future potential matchers, e.g. CEL expressions. } - // Directives provide information to data-plane load balancers on how UDPA + // Directives provide information to data-plane load balancers on how xDS // resource names are to be interpreted and potentially further resolved. For // example, they may provide alternative resource locators for when primary // resolution fails. Directives are not part of resource names and do not @@ -75,7 +75,7 @@ message ResourceLocator { // // = // - // For example, we can have alt=udpa://foo/bar or entry=some%20thing. Each + // For example, we can have alt=xdstp://foo/bar or entry=some%20thing. Each // directive value type may have its own string encoding, in the case of // ResourceLocator there is a recursive URI encoding. // @@ -83,7 +83,7 @@ message ResourceLocator { // Multiple directives are comma-separated, so the reserved characters that // require percent encoding in a directive value are [',', '#', '[', ']', // '%']. These are the RFC3986 fragment reserved characters with the addition - // of the UDPA scheme specific ','. See + // of the xDS scheme specific ','. See // https://tools.ietf.org/html/rfc3986#page-49 for further details on URI ABNF // and reserved characters. message Directive { @@ -93,7 +93,7 @@ message ResourceLocator { // An alternative resource locator for fallback if the resource is // unavailable. For example, take the resource locator: // - // udpa://foo/some-type/some-route-table#alt=udpa://bar/some-type/another-route-table + // xdstp://foo/some-type/some-route-table#alt=xdstp://bar/some-type/another-route-table // // If the data-plane load balancer is unable to reach `foo` to fetch the // resource, it will fallback to `bar`. Alternative resources do not need @@ -103,13 +103,13 @@ message ResourceLocator { // List collections support inlining of resources via the entry field in // Resource. These inlined Resource objects may have an optional name // field specified. When specified, the entry directive allows - // UdpaResourceLocator to directly reference these inlined resources, e.g. - // udpa://.../foo#entry=bar. + // ResourceLocator to directly reference these inlined resources, e.g. + // xdstp://.../foo#entry=bar. string entry = 2 [(validate.rules).string = {min_len: 1, pattern: "^[0-9a-zA-Z_\\-\\./~:]+$"}]; } } - // A list of directives that appear in the UDPA resource locator #fragment. + // A list of directives that appear in the xDS resource locator #fragment. // // When encoding to URI form, directives are percent encoded with comma // separation. diff --git a/api/src/main/proto/udpa/core/v1/resource_name.proto b/api/src/main/proto/xds/core/v3/resource_name.proto similarity index 55% rename from api/src/main/proto/udpa/core/v1/resource_name.proto rename to api/src/main/proto/xds/core/v3/resource_name.proto index d6188853f..103c7de86 100644 --- a/api/src/main/proto/udpa/core/v1/resource_name.proto +++ b/api/src/main/proto/xds/core/v3/resource_name.proto @@ -1,34 +1,34 @@ syntax = "proto3"; -package udpa.core.v1; +package xds.core.v3; import "udpa/annotations/status.proto"; -import "udpa/core/v1/context_params.proto"; +import "xds/core/v3/context_params.proto"; import "validate/validate.proto"; option java_outer_classname = "ResourceNameProto"; option java_multiple_files = true; -option java_package = "com.github.udpa.udpa.core.v1"; +option java_package = "com.github.udpa.xds.core.v3"; option (udpa.annotations.file_status).work_in_progress = true; -// UDPA resource name. This has a canonical udpa:// URI representation: +// xDS resource name. This has a canonical xdstp:// URI representation: // -// udpa://{authority}/{type_url}/{id/*}?{context_params} +// xdstp://{authority}/{type_url}/{id}?{context_params} // // where context_params take the form of URI query parameters. // -// A UDPA resource name fully identifies a network resource for transport -// purposes. UDPA resource names in this form appear only in discovery +// A xDS resource name fully identifies a network resource for transport +// purposes. xDS resource names in this form appear only in discovery // request/response messages used with the xDS transport. message ResourceName { - // Opaque identifiers for the resource. These are effectively concatenated - // with ‘/’ to form the non-query param path as resource ID. - repeated string id = 1 [(validate.rules).repeated = {min_items: 1}]; + // Opaque identifier for the resource. Any '/' will not be escaped during URI + // encoding and will form part of the URI path. + string id = 1; // Logical authority for resource (not necessarily transport network address). - // Authorities are opaque in the UDPA API, data-plane load balancers will map + // Authorities are opaque in the xDS API, data-plane load balancers will map // them to concrete network transports such as an xDS management server. string authority = 2; diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java index 883aeb1c7..8e71eb67a 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java @@ -105,6 +105,7 @@ public static io.envoyproxy.envoy.config.cluster.v3.Cluster createClusterV3(Stri io.envoyproxy.envoy.config.core.v3.ConfigSource edsSource = io.envoyproxy.envoy.config.core.v3.ConfigSource.newBuilder() .setAds(io.envoyproxy.envoy.config.core.v3.AggregatedConfigSource.getDefaultInstance()) + .setResourceApiVersion(ApiVersion.V3) .build(); return io.envoyproxy.envoy.config.cluster.v3.Cluster.newBuilder() @@ -228,6 +229,7 @@ public static Listener createListener(boolean ads, ConfigSource rdsSource = ads ? configSourceBuilder .setAds(AggregatedConfigSource.getDefaultInstance()) + .setResourceApiVersion(rdsResourceVersion) .build() : configSourceBuilder .setApiConfigSource(ApiConfigSource.newBuilder() @@ -283,6 +285,7 @@ public static io.envoyproxy.envoy.config.listener.v3.Listener createListenerV3(b io.envoyproxy.envoy.config.core.v3.ConfigSource rdsSource = ads ? configSourceBuilder .setAds(io.envoyproxy.envoy.config.core.v3.AggregatedConfigSource.getDefaultInstance()) + .setResourceApiVersion(rdsResourceVersion) .build() : configSourceBuilder .setApiConfigSource(io.envoyproxy.envoy.config.core.v3.ApiConfigSource.newBuilder() diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java b/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java index a2f103f46..e7ee1458d 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java @@ -12,6 +12,7 @@ class EnvoyContainer extends GenericContainer { private static final Logger LOGGER = LoggerFactory.getLogger(EnvoyContainer.class); + private static final int DEFAULT_API_VERSION = 2; private static final String CONFIG_DEST = "/etc/envoy/envoy.yaml"; private static final String HOST_IP_SCRIPT = "docker/host_ip.sh"; private static final String HOST_IP_SCRIPT_DEST = "/usr/local/bin/host_ip.sh"; @@ -22,12 +23,18 @@ class EnvoyContainer extends GenericContainer { private final String config; private final Supplier controlPlanePortSupplier; + private final int apiVersion; EnvoyContainer(String config, Supplier controlPlanePortSupplier) { - super("envoyproxy/envoy-alpine-dev:8fb3cb86082b17144a80402f5367ae65f06083bd"); + this(config, controlPlanePortSupplier, DEFAULT_API_VERSION); + } + + EnvoyContainer(String config, Supplier controlPlanePortSupplier, int apiVersion) { + super("envoyproxy/envoy-alpine-dev:5c801b25cae04f06bf48248c90e87d623d7a6283"); this.config = config; this.controlPlanePortSupplier = controlPlanePortSupplier; + this.apiVersion = apiVersion; } @Override @@ -42,7 +49,9 @@ protected void configure() { "/bin/sh", "/usr/local/bin/launch_envoy.sh", Integer.toString(controlPlanePortSupplier.get()), CONFIG_DEST, - "-l", "debug"); + "-l", "debug", + "--bootstrap-version", Integer.toString(apiVersion) + ); getExposedPorts().add(0, ADMIN_PORT); } diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsIT.java b/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsIT.java index f9635f459..c85a59064 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsIT.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsIT.java @@ -23,6 +23,7 @@ public class V3DiscoveryServerAdsIT { private static final String CONFIG = "envoy/ads.v3.config.yaml"; private static final String GROUP = "key"; private static final Integer LISTENER_PORT = 10000; + private static final int API_VERSION = 3; private static final CountDownLatch onStreamOpenLatch = new CountDownLatch(1); private static final CountDownLatch onStreamRequestLatch = new CountDownLatch(1); @@ -67,7 +68,7 @@ protected void configureServerBuilder(NettyServerBuilder builder) { private static final Network NETWORK = Network.newNetwork(); - private static final EnvoyContainer ENVOY = new EnvoyContainer(CONFIG, () -> ADS.getServer().getPort()) + private static final EnvoyContainer ENVOY = new EnvoyContainer(CONFIG, () -> ADS.getServer().getPort(), API_VERSION) .withExposedPorts(LISTENER_PORT) .withNetwork(NETWORK); diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsWarmingClusterIT.java b/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsWarmingClusterIT.java index 22fd770bc..c4b2ec799 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsWarmingClusterIT.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerAdsWarmingClusterIT.java @@ -38,6 +38,7 @@ public class V3DiscoveryServerAdsWarmingClusterIT { private static final String CONFIG = "envoy/ads.v3.config.yaml"; private static final String GROUP = "key"; private static final Integer LISTENER_PORT = 10000; + private static final int API_VERSION = 3; private static final SimpleCache cache = new SimpleCache<>(new NodeGroup() { @Override public String hash(Node node) { throw new IllegalStateException("Unexpected v2 request in v3 test"); @@ -103,7 +104,7 @@ public void onV3StreamResponse(long streamId, DiscoveryRequest request, private static final Network NETWORK = Network.newNetwork(); - private static final EnvoyContainer ENVOY = new EnvoyContainer(CONFIG, () -> ADS.getServer().getPort()) + private static final EnvoyContainer ENVOY = new EnvoyContainer(CONFIG, () -> ADS.getServer().getPort(), API_VERSION) .withExposedPorts(LISTENER_PORT) .withNetwork(NETWORK); diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerXdsIT.java b/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerXdsIT.java index 43317d960..29cc6c4ba 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerXdsIT.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/V3DiscoveryServerXdsIT.java @@ -23,6 +23,7 @@ public class V3DiscoveryServerXdsIT { private static final String CONFIG = "envoy/xds.v3.config.yaml"; private static final String GROUP = "key"; private static final Integer LISTENER_PORT = 10000; + private static final int API_VERSION = 3; private static final CountDownLatch onStreamOpenLatch = new CountDownLatch(2); private static final CountDownLatch onStreamRequestLatch = new CountDownLatch(2); @@ -68,7 +69,7 @@ protected void configureServerBuilder(NettyServerBuilder builder) { private static final Network NETWORK = Network.newNetwork(); - private static final EnvoyContainer ENVOY = new EnvoyContainer(CONFIG, () -> XDS.getServer().getPort()) + private static final EnvoyContainer ENVOY = new EnvoyContainer(CONFIG, () -> XDS.getServer().getPort(), API_VERSION) .withExposedPorts(LISTENER_PORT) .withNetwork(NETWORK); diff --git a/server/src/test/resources/envoy/xds.v2.config.yaml b/server/src/test/resources/envoy/xds.v2.config.yaml index 14e0db4f6..9492aeb15 100644 --- a/server/src/test/resources/envoy/xds.v2.config.yaml +++ b/server/src/test/resources/envoy/xds.v2.config.yaml @@ -21,9 +21,14 @@ node: static_resources: clusters: - connect_timeout: 1s - hosts: - - socket_address: - address: HOST_IP - port_value: HOST_PORT + load_assignment: + cluster_name: xds_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: HOST_IP + port_value: HOST_PORT http2_protocol_options: {} name: xds_cluster diff --git a/server/src/test/resources/envoy/xds.v3.config.yaml b/server/src/test/resources/envoy/xds.v3.config.yaml index c44db99c8..c7a05e959 100644 --- a/server/src/test/resources/envoy/xds.v3.config.yaml +++ b/server/src/test/resources/envoy/xds.v3.config.yaml @@ -25,9 +25,14 @@ node: static_resources: clusters: - connect_timeout: 1s - hosts: - - socket_address: - address: HOST_IP - port_value: HOST_PORT + load_assignment: + cluster_name: xds_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: HOST_IP + port_value: HOST_PORT http2_protocol_options: {} name: xds_cluster diff --git a/tools/API_SHAS b/tools/API_SHAS index b3722736b..7e969a790 100644 --- a/tools/API_SHAS +++ b/tools/API_SHAS @@ -1,11 +1,11 @@ # Update the versions here and run update-api.sh # envoy (source: SHA from https://github.com/envoyproxy/envoy) -ENVOY_SHA="8fb3cb86082b17144a80402f5367ae65f06083bd" # Oct 8, 2020 (v1.16.0) +ENVOY_SHA="5c801b25cae04f06bf48248c90e87d623d7a6283" # Jan 11, 2021 (v1.17.0) -# dependencies (source: https://github.com/envoyproxy/envoy/blob/8fb3cb86082b17144a80402f5367ae65f06083bd/api/bazel/repository_locations.bzl) +# dependencies (source: https://github.com/envoyproxy/envoy/blob/5c801b25cae04f06bf48248c90e87d623d7a6283/api/bazel/repository_locations.bzl) GOOGLEAPIS_SHA="82944da21578a53b74e547774cf62ed31a05b841" # Dec 2, 2019 -PGV_GIT_SHA="278964a8052f96a2f514add0298098f63fb7f47f" # June 9, 2020 +PGV_GIT_SHA="872b28c457822ed9c2a5405da3c33f386ac0e86f" # Jan 5, 2021 PROMETHEUS_SHA="60555c9708c786597e6b07bf846d0dc5c2a46f54" # Jun 23, 2020 OPENCENSUS_VERSION="0.3.0" -UDPA_VERSION="0.0.1" +UDPA_SHA="cc1b757b3eddccaaaf0743cbb107742bb7e3ee4f" # Dec 11, 2020 diff --git a/tools/update-api.sh b/tools/update-api.sh index 6d5f4210c..c3282cc12 100755 --- a/tools/update-api.sh +++ b/tools/update-api.sh @@ -53,8 +53,10 @@ cp -r opencensus-proto-*/src/opencensus/proto/* "${protodir}/opencensus/proto" curl -sL https://github.com/prometheus/client_model/archive/${PROMETHEUS_SHA}.tar.gz | tar xz --include="*.proto" cp client_model-*/metrics.proto "${protodir}" -curl -sL https://github.com/cncf/udpa/archive/v${UDPA_VERSION}.tar.gz | tar xz --include="*.proto" +curl -sL https://github.com/cncf/udpa/archive/${UDPA_SHA}.tar.gz | tar xz --include="*.proto" mkdir -p "${protodir}/udpa" +mkdir -p "${protodir}/xds" cp -r udpa-*/udpa/* "${protodir}/udpa" +cp -r udpa-*/xds/* "${protodir}/xds" popd >/dev/null