Update api to v1 17

api/src/main/proto/envoy/api/v2/cluster.proto

@@ -352,6 +352,10 @@ message Cluster {
     //   This header isn't sanitized by default, so enabling this feature allows HTTP clients to
     //   route traffic to arbitrary hosts and/or ports, which may have serious security
     //   consequences.
+    //
+    // .. note::
+    //
+    //   If the header appears multiple times only the first value is used.
     bool use_http_header = 1;
   }
 

api/src/main/proto/envoy/api/v2/core/config_source.proto

@@ -26,10 +26,10 @@ enum ApiVersion {
   // When not specified, we assume v2, to ease migration to Envoy's stable API
   // versioning. If a client does not support v2 (e.g. due to deprecation), this
   // is an invalid value.
-  AUTO = 0;
+  AUTO = 0 [deprecated = true];
 
   // Use xDS v2 API.
-  V2 = 1;
+  V2 = 1 [deprecated = true];
 
   // Use xDS v3 API.
   V3 = 2;

api/src/main/proto/envoy/api/v2/route/route_components.proto

@@ -756,6 +756,10 @@ message RouteAction {
     //
     //   Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1
     //   *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead.
+    //
+    // .. note::
+    //
+    //   If the header appears multiple times only the first value is used.
     string cluster_header = 2
         [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
 
@@ -866,6 +870,10 @@ message RouteAction {
     //
     //   Pay attention to the potential security implications of using this option. Provided header
     //   must come from trusted source.
+    //
+    // .. note::
+    //
+    //   If the header appears multiple times only the first value is used.
     string auto_host_rewrite_header = 29 [
       (validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false},
       (udpa.annotations.field_migrate).rename = "host_rewrite_header"
@@ -1125,13 +1133,18 @@ message HedgePolicy {
   // [#not-implemented-hide:]
   type.FractionalPercent additional_request_chance = 2;
 
-  // Indicates that a hedged request should be sent when the per-try timeout
-  // is hit. This will only occur if the retry policy also indicates that a
-  // timed out request should be retried.
-  // Once a timed out request is retried due to per try timeout, the router
-  // filter will ensure that it is not retried again even if the returned
-  // response headers would otherwise be retried according the specified
-  // :ref:`RetryPolicy <envoy_api_msg_route.RetryPolicy>`.
+  // Indicates that a hedged request should be sent when the per-try timeout is hit.
+  // This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight.
+  // The first request to complete successfully will be the one returned to the caller.
+  //
+  // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client.
+  // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client
+  //   if there are no more retries left.
+  // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress.
+  //
+  // Note: For this to have effect, you must have a :ref:`RetryPolicy <envoy_api_msg_route.RetryPolicy>` that retries at least
+  // one error code and specifies a maximum number of retries.
+  //
   // Defaults to false.
   bool hedge_on_per_try_timeout = 3;
 }

api/src/main/proto/envoy/config/accesslog/v4alpha/accesslog.proto

@@ -47,9 +47,9 @@ message AccessLog {
   // #. "envoy.access_loggers.file": :ref:`FileAccessLog
   //    <envoy_api_msg_extensions.access_loggers.file.v4alpha.FileAccessLog>`
   // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig
-  //    <envoy_api_msg_extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig>`
+  //    <envoy_api_msg_extensions.access_loggers.grpc.v4alpha.HttpGrpcAccessLogConfig>`
   // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig
-  //    <envoy_api_msg_extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig>`
+  //    <envoy_api_msg_extensions.access_loggers.grpc.v4alpha.TcpGrpcAccessLogConfig>`
   oneof config_type {
     google.protobuf.Any typed_config = 4;
   }

api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto

@@ -20,8 +20,6 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
-import "udpa/core/v1/resource_locator.proto";
-
 import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "udpa/annotations/security.proto";
@@ -40,7 +38,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // <config_overview_bootstrap>` for more detail.
 
 // Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
-// [#next-free-field: 28]
+// [#next-free-field: 30]
 message Bootstrap {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.bootstrap.v2.Bootstrap";
@@ -77,18 +75,18 @@ message Bootstrap {
     // :ref:`LDS <arch_overview_dynamic_config_lds>` configuration source.
     core.v3.ConfigSource lds_config = 1;
 
-    // Resource locator for listener collection.
+    // xdstp:// resource locator for listener collection.
     // [#not-implemented-hide:]
-    udpa.core.v1.ResourceLocator lds_resources_locator = 5;
+    string lds_resources_locator = 5;
 
     // All post-bootstrap :ref:`Cluster <envoy_api_msg_config.cluster.v3.Cluster>` definitions are
     // provided by a single :ref:`CDS <arch_overview_dynamic_config_cds>`
     // configuration source.
     core.v3.ConfigSource cds_config = 2;
 
-    // Resource locator for cluster collection.
+    // xdstp:// resource locator for cluster collection.
     // [#not-implemented-hide:]
-    udpa.core.v1.ResourceLocator cds_resources_locator = 6;
+    string cds_resources_locator = 6;
 
     // A single :ref:`ADS <config_overview_ads>` source may be optionally
     // specified. This must have :ref:`api_type
@@ -110,7 +108,7 @@ message Bootstrap {
 
   // A list of :ref:`Node <envoy_v3_api_msg_config.core.v3.Node>` field names
   // that will be included in the context parameters of the effective
-  // *UdpaResourceLocator* that is sent in a discovery request when resource
+  // xdstp:// URL that is sent in a discovery request when resource
   // locators are used for LDS/CDS. Any non-string field will have its JSON
   // encoding set as the context parameter value, with the exception of
   // metadata, which will be flattened (see example below). The supported field
@@ -168,12 +166,23 @@ message Bootstrap {
   // Optional duration between flushes to configured stats sinks. For
   // performance reasons Envoy latches counters and only flushes counters and
   // gauges at a periodic interval. If not specified the default is 5000ms (5
-  // seconds).
+  // seconds). Only one of `stats_flush_interval` or `stats_flush_on_admin`
+  // can be set.
   // Duration must be at least 1ms and at most 5 min.
-  google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = {
-    lt {seconds: 300}
-    gte {nanos: 1000000}
-  }];
+  google.protobuf.Duration stats_flush_interval = 7 [
+    (validate.rules).duration = {
+      lt {seconds: 300}
+      gte {nanos: 1000000}
+    },
+    (udpa.annotations.field_migrate).oneof_promotion = "stats_flush"
+  ];
+
+  oneof stats_flush {
+    // Flush stats to sinks only when queried for on the admin interface. If set,
+    // a flush timer is not created. Only one of `stats_flush_on_admin` or
+    // `stats_flush_interval` can be set.
+    bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}];
+  }
 
   // Optional watchdog configuration.
   // This is for a single watchdog configuration for the entire system.
@@ -243,10 +252,14 @@ message Bootstrap {
   // Each item contains extension specific configuration.
   repeated core.v3.TypedExtensionConfig bootstrap_extensions = 21;
 
+  // Specifies optional extensions instantiated at startup time and
+  // invoked during crash time on the request that caused the crash.
+  repeated FatalAction fatal_actions = 28;
+
   // Configuration sources that will participate in
-  // *udpa.core.v1.ResourceLocator* authority resolution. The algorithm is as
+  // xdstp:// URL authority resolution. The algorithm is as
   // follows:
-  // 1. The authority field is taken from the *udpa.core.v1.ResourceLocator*, call
+  // 1. The authority field is taken from the xdstp:// URL, call
   //    this *resource_authority*.
   // 2. *resource_authority* is compared against the authorities in any peer
   //    *ConfigSource*. The peer *ConfigSource* is the configuration source
@@ -262,7 +275,7 @@ message Bootstrap {
   // [#not-implemented-hide:]
   repeated core.v3.ConfigSource config_sources = 22;
 
-  // Default configuration source for *udpa.core.v1.ResourceLocator* if all
+  // Default configuration source for xdstp:// URLs if all
   // other resolution fails.
   // [#not-implemented-hide:]
   core.v3.ConfigSource default_config_source = 23;
@@ -420,6 +433,20 @@ message Watchdog {
   type.v3.Percent multikill_threshold = 5;
 }
 
+// Fatal actions to run while crashing. Actions can be safe (meaning they are
+// async-signal safe) or unsafe. We run all safe actions before we run unsafe actions.
+// If using an unsafe action that could get stuck or deadlock, it important to
+// have an out of band system to terminate the process.
+//
+// The interface for the extension is ``Envoy::Server::Configuration::FatalAction``.
+// *FatalAction* extensions live in the ``envoy.extensions.fatal_actions`` API
+// namespace.
+message FatalAction {
+  // Extension specific configuration for the action. It's expected to conform
+  // to the ``Envoy::Server::Configuration::FatalAction`` interface.
+  core.v3.TypedExtensionConfig config = 1;
+}
+
 // Runtime :ref:`configuration overview <config_runtime>` (deprecated).
 message Runtime {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Runtime";
@@ -493,12 +520,7 @@ message RuntimeLayer {
         "envoy.config.bootstrap.v2.RuntimeLayer.RtdsLayer";
 
     // Resource to subscribe to at *rtds_config* for the RTDS layer.
-    string name = 1 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
-
-    // Resource locator for RTDS layer. This is mutually exclusive to *name*.
-    // [#not-implemented-hide:]
-    udpa.core.v1.ResourceLocator rtds_resource_locator = 3
-        [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
+    string name = 1;
 
     // RTDS configuration source.
     core.v3.ConfigSource rtds_config = 2;

api/src/main/proto/envoy/config/bootstrap/v4alpha/bootstrap.proto

@@ -19,8 +19,6 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
-import "udpa/core/v1/resource_locator.proto";
-
 import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/security.proto";
 import "udpa/annotations/status.proto";
@@ -38,7 +36,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO
 // <config_overview_bootstrap>` for more detail.
 
 // Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
-// [#next-free-field: 28]
+// [#next-free-field: 30]
 message Bootstrap {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.bootstrap.v3.Bootstrap";
@@ -75,18 +73,18 @@ message Bootstrap {
     // :ref:`LDS <arch_overview_dynamic_config_lds>` configuration source.
     core.v4alpha.ConfigSource lds_config = 1;
 
-    // Resource locator for listener collection.
+    // xdstp:// resource locator for listener collection.
     // [#not-implemented-hide:]
-    udpa.core.v1.ResourceLocator lds_resources_locator = 5;
+    string lds_resources_locator = 5;
 
     // All post-bootstrap :ref:`Cluster <envoy_api_msg_config.cluster.v4alpha.Cluster>` definitions are
     // provided by a single :ref:`CDS <arch_overview_dynamic_config_cds>`
     // configuration source.
     core.v4alpha.ConfigSource cds_config = 2;
 
-    // Resource locator for cluster collection.
+    // xdstp:// resource locator for cluster collection.
     // [#not-implemented-hide:]
-    udpa.core.v1.ResourceLocator cds_resources_locator = 6;
+    string cds_resources_locator = 6;
 
     // A single :ref:`ADS <config_overview_ads>` source may be optionally
     // specified. This must have :ref:`api_type
@@ -108,7 +106,7 @@ message Bootstrap {
 
   // A list of :ref:`Node <envoy_v3_api_msg_config.core.v3.Node>` field names
   // that will be included in the context parameters of the effective
-  // *UdpaResourceLocator* that is sent in a discovery request when resource
+  // xdstp:// URL that is sent in a discovery request when resource
   // locators are used for LDS/CDS. Any non-string field will have its JSON
   // encoding set as the context parameter value, with the exception of
   // metadata, which will be flattened (see example below). The supported field
@@ -163,15 +161,23 @@ message Bootstrap {
   // Configuration for internal processing of stats.
   metrics.v4alpha.StatsConfig stats_config = 13;
 
-  // Optional duration between flushes to configured stats sinks. For
-  // performance reasons Envoy latches counters and only flushes counters and
-  // gauges at a periodic interval. If not specified the default is 5000ms (5
-  // seconds).
-  // Duration must be at least 1ms and at most 5 min.
-  google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = {
-    lt {seconds: 300}
-    gte {nanos: 1000000}
-  }];
+  oneof stats_flush {
+    // Optional duration between flushes to configured stats sinks. For
+    // performance reasons Envoy latches counters and only flushes counters and
+    // gauges at a periodic interval. If not specified the default is 5000ms (5
+    // seconds). Only one of `stats_flush_interval` or `stats_flush_on_admin`
+    // can be set.
+    // Duration must be at least 1ms and at most 5 min.
+    google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = {
+      lt {seconds: 300}
+      gte {nanos: 1000000}
+    }];
+
+    // Flush stats to sinks only when queried for on the admin interface. If set,
+    // a flush timer is not created. Only one of `stats_flush_on_admin` or
+    // `stats_flush_interval` can be set.
+    bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}];
+  }
 
   // Optional watchdogs configuration.
   // This is used for specifying different watchdogs for the different subsystems.
@@ -229,10 +235,14 @@ message Bootstrap {
   // Each item contains extension specific configuration.
   repeated core.v4alpha.TypedExtensionConfig bootstrap_extensions = 21;
 
+  // Specifies optional extensions instantiated at startup time and
+  // invoked during crash time on the request that caused the crash.
+  repeated FatalAction fatal_actions = 28;
+
   // Configuration sources that will participate in
-  // *udpa.core.v1.ResourceLocator* authority resolution. The algorithm is as
+  // xdstp:// URL authority resolution. The algorithm is as
   // follows:
-  // 1. The authority field is taken from the *udpa.core.v1.ResourceLocator*, call
+  // 1. The authority field is taken from the xdstp:// URL, call
   //    this *resource_authority*.
   // 2. *resource_authority* is compared against the authorities in any peer
   //    *ConfigSource*. The peer *ConfigSource* is the configuration source
@@ -248,7 +258,7 @@ message Bootstrap {
   // [#not-implemented-hide:]
   repeated core.v4alpha.ConfigSource config_sources = 22;
 
-  // Default configuration source for *udpa.core.v1.ResourceLocator* if all
+  // Default configuration source for xdstp:// URLs if all
   // other resolution fails.
   // [#not-implemented-hide:]
   core.v4alpha.ConfigSource default_config_source = 23;
@@ -412,6 +422,23 @@ message Watchdog {
   type.v3.Percent multikill_threshold = 5;
 }
 
+// Fatal actions to run while crashing. Actions can be safe (meaning they are
+// async-signal safe) or unsafe. We run all safe actions before we run unsafe actions.
+// If using an unsafe action that could get stuck or deadlock, it important to
+// have an out of band system to terminate the process.
+//
+// The interface for the extension is ``Envoy::Server::Configuration::FatalAction``.
+// *FatalAction* extensions live in the ``envoy.extensions.fatal_actions`` API
+// namespace.
+message FatalAction {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.bootstrap.v3.FatalAction";
+
+  // Extension specific configuration for the action. It's expected to conform
+  // to the ``Envoy::Server::Configuration::FatalAction`` interface.
+  core.v4alpha.TypedExtensionConfig config = 1;
+}
+
 // Runtime :ref:`configuration overview <config_runtime>` (deprecated).
 message Runtime {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Runtime";
@@ -484,14 +511,8 @@ message RuntimeLayer {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.config.bootstrap.v3.RuntimeLayer.RtdsLayer";
 
-    oneof name_specifier {
-      // Resource to subscribe to at *rtds_config* for the RTDS layer.
-      string name = 1;
-
-      // Resource locator for RTDS layer. This is mutually exclusive to *name*.
-      // [#not-implemented-hide:]
-      udpa.core.v1.ResourceLocator rtds_resource_locator = 3;
-    }
+    // Resource to subscribe to at *rtds_config* for the RTDS layer.
+    string name = 1;
 
     // RTDS configuration source.
     core.v4alpha.ConfigSource rtds_config = 2;