diff --git a/api/STYLE.md b/api/STYLE.md index 623981f959ef2..0d2da44574da0 100644 --- a/api/STYLE.md +++ b/api/STYLE.md @@ -85,19 +85,7 @@ In addition, the following conventions should be followed: ## Package organization -API definitions are layered hierarchically in packages from top-to-bottom in v2 as following: - -- `envoy.service` contains gRPC definitions of supporting services; -- `envoy.config` contains definitions for service configuration, filter -configuration, and bootstrap; -- `envoy.api.v2` contains definitions for EDS, CDS, RDS, LDS, and top-level -resources such as `Cluster`; -- `envoy.api.v2.endpoint`, `envoy.api.v2.cluster`, `envoy.api.v2.route`, -`envoy.api.v2.listener`, `envoy.api.v2.ratelimit` define sub-messages of the top-level resources; -- `envoy.api.v2.core` and `envoy.api.v2.auth` hold core definitions consumed -throughout the API. - -In Envoy API v3, API definitions are layered hierarchically in packages from top-to-bottom as following: +API definitions are layered hierarchically in packages from top-to-bottom as following: - `envoy.extensions` contains all definitions for the extensions, the package should match the structure of the `source` directory. - `envoy.service` contains gRPC definitions of supporting services and top-level messages for the services. e.g. `envoy.service.route.v3` contains RDS, `envoy.service.listener.v3` contains LDS. @@ -105,27 +93,21 @@ e.g. `envoy.service.route.v3` contains RDS, `envoy.service.listener.v3` contains - `envoy.data` contains data format declaration for data types that Envoy produces. - `envoy.type` contains common protobuf types such as percent, range and matchers. -Dependencies are enforced from top-to-bottom using visibility constraints in -the build system to prevent circular dependency formation. Package group -`//envoy/api/v2:friends` selects consumers of the core API package (services and configs) -and is the default visibility for the core API packages. The default visibility -for services and configs should be `//docs` (proto documentation tool). - Extensions should use the regular hierarchy. For example, configuration for network filters belongs -in a package under `envoy.config.filter.network`. +in a package under `envoy.extensions.filter.network`. ## Adding an extension configuration to the API -Extensions must currently be added as v2 APIs following the [package +Extensions must currently be added as v3 APIs following the [package organization](#package-organization) above. To add an extension config to the API, the steps below should be followed: 1. If this is still WiP and subject to breaking changes, use `vNalpha` instead of `vN` in steps - below. Refer to the [Cache filter config](envoy/config/filter/http/cache/v2alpha/cache.proto) - as an example of `v2alpha`, and the - [Buffer filter config](envoy/config/filter/http/buffer/v2/buffer.proto) as an example of `v2`. -1. Place the v2 extension configuration `.proto` in `api/envoy/config`, e.g. - `api/envoy/config/filter/http/foobar/v2/foobar.proto` together with an initial BUILD file: + below. Refer to the [Cache filter config](envoy/extensions/filter/http/cache/v3alpha/cache.proto) + as an example of `v3alpha`, and the + [Buffer filter config](envoy/extensions/filter/http/buffer/v3/buffer.proto) as an example of `v3`. +1. Place the v3 extension configuration `.proto` in `api/envoy/config`, e.g. + `api/envoy/extensions/filter/http/foobar/v3/foobar.proto` together with an initial BUILD file: ```bazel load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") @@ -135,14 +117,12 @@ To add an extension config to the API, the steps below should be followed: deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], ) ``` -1. Add to the v2 extension config proto `import "udpa/annotations/migrate.proto";` -1. Add to the v2 extension config proto a file level `option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.foobar.v3";`. - This places the filter in the correct [v3 package hierarchy](#package-organization). +1. Add to the v3 extension config proto `import "udpa/annotations/migrate.proto";` 1. If this is still WiP and subject to breaking changes, import `udpa/annotations/status.proto` and set `option (udpa.annotations.file_status).work_in_progress = true;`. -1. Add a reference to the v2 extension config in (1) in [api/versioning/BUILD](versioning/BUILD). +1. Add a reference to the v3 extension config in (1) in [api/versioning/BUILD](versioning/BUILD) under `active_protos`. 1. Run `./tools/proto_format/proto_format.sh fix`. This should regenerate the `BUILD` file, - reformat `foobar.proto` as needed and also generate the v3 extension config, + reformat `foobar.proto` as needed and also generate the v4alpha extension config (if needed), together with shadow API protos. 1. `git add api/ generated_api_shadow/` to add any new files to your Git index. diff --git a/api/bazel/repository_locations.bzl b/api/bazel/repository_locations.bzl index 81bd250cb8f21..c275a8c658353 100644 --- a/api/bazel/repository_locations.bzl +++ b/api/bazel/repository_locations.bzl @@ -13,8 +13,8 @@ GOOGLEAPIS_SHA = "a45019af4d3290f02eaeb1ce10990166978c807cb33a9692141a076ba46d14 PROMETHEUS_GIT_SHA = "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c" # Nov 17, 2017 PROMETHEUS_SHA = "783bdaf8ee0464b35ec0c8704871e1e72afa0005c3f3587f65d9d6694bf3911b" -UDPA_GIT_SHA = "bae28a880fdbbb687d78823435febdba5fee651a" # Mar 24, 2020 -UDPA_SHA256 = "ce73a39be04e6ecdf8150580b9989bd6e16765887a96f3810b9105f18902fc6a" +UDPA_GIT_SHA = "e8cd3a4bb307e2c810cffff99f93e96e6d7fee85" # Mar 27, 2020 +UDPA_SHA256 = "1fd7857cb61daee7726fca8f4d55e4923774a8d00a53007a4093830dc0482685" ZIPKINAPI_RELEASE = "0.2.2" # Aug 23, 2019 ZIPKINAPI_SHA256 = "688c4fe170821dd589f36ec45aaadc03a618a40283bc1f97da8fa11686fc816b" diff --git a/api/envoy/admin/v2alpha/certs.proto b/api/envoy/admin/v2alpha/certs.proto index 00a5adc7c58ac..c7b568ca1e58a 100644 --- a/api/envoy/admin/v2alpha/certs.proto +++ b/api/envoy/admin/v2alpha/certs.proto @@ -9,7 +9,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "CertsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Certificates] diff --git a/api/envoy/admin/v2alpha/clusters.proto b/api/envoy/admin/v2alpha/clusters.proto index e082fe92a55a4..3b7ec029aa630 100644 --- a/api/envoy/admin/v2alpha/clusters.proto +++ b/api/envoy/admin/v2alpha/clusters.proto @@ -13,7 +13,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ClustersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Clusters] diff --git a/api/envoy/admin/v2alpha/config_dump.proto b/api/envoy/admin/v2alpha/config_dump.proto index 854ce17cc314b..833c015fb4749 100644 --- a/api/envoy/admin/v2alpha/config_dump.proto +++ b/api/envoy/admin/v2alpha/config_dump.proto @@ -12,7 +12,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ConfigDumpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: ConfigDump] diff --git a/api/envoy/admin/v2alpha/listeners.proto b/api/envoy/admin/v2alpha/listeners.proto index d580db7c14f38..ca7b736521d0d 100644 --- a/api/envoy/admin/v2alpha/listeners.proto +++ b/api/envoy/admin/v2alpha/listeners.proto @@ -9,7 +9,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ListenersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listeners] diff --git a/api/envoy/admin/v2alpha/memory.proto b/api/envoy/admin/v2alpha/memory.proto index 1e6182e4c4014..85fd2169d6d70 100644 --- a/api/envoy/admin/v2alpha/memory.proto +++ b/api/envoy/admin/v2alpha/memory.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "MemoryProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Memory] diff --git a/api/envoy/admin/v2alpha/metrics.proto b/api/envoy/admin/v2alpha/metrics.proto index 0ac42b01d871b..15ad219c13e58 100644 --- a/api/envoy/admin/v2alpha/metrics.proto +++ b/api/envoy/admin/v2alpha/metrics.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "MetricsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metrics] diff --git a/api/envoy/admin/v2alpha/mutex_stats.proto b/api/envoy/admin/v2alpha/mutex_stats.proto index a3ffa1e728b94..22c65f3de5a64 100644 --- a/api/envoy/admin/v2alpha/mutex_stats.proto +++ b/api/envoy/admin/v2alpha/mutex_stats.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "MutexStatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: MutexStats] diff --git a/api/envoy/admin/v2alpha/server_info.proto b/api/envoy/admin/v2alpha/server_info.proto index 3b471625569c0..b9db6bbc1e1fb 100644 --- a/api/envoy/admin/v2alpha/server_info.proto +++ b/api/envoy/admin/v2alpha/server_info.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ServerInfoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Server State] diff --git a/api/envoy/admin/v2alpha/tap.proto b/api/envoy/admin/v2alpha/tap.proto index 7f3d905c44258..6335b4db62841 100644 --- a/api/envoy/admin/v2alpha/tap.proto +++ b/api/envoy/admin/v2alpha/tap.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap] diff --git a/api/envoy/admin/v3/certs.proto b/api/envoy/admin/v3/certs.proto index bcaa64c5dc37f..158c8aead28f9 100644 --- a/api/envoy/admin/v3/certs.proto +++ b/api/envoy/admin/v3/certs.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "CertsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Certificates] diff --git a/api/envoy/admin/v3/clusters.proto b/api/envoy/admin/v3/clusters.proto index 7b6c616952667..fc05c8a10de23 100644 --- a/api/envoy/admin/v3/clusters.proto +++ b/api/envoy/admin/v3/clusters.proto @@ -14,7 +14,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ClustersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Clusters] diff --git a/api/envoy/admin/v3/config_dump.proto b/api/envoy/admin/v3/config_dump.proto index 0e23f5a525715..b3c3836a8cc00 100644 --- a/api/envoy/admin/v3/config_dump.proto +++ b/api/envoy/admin/v3/config_dump.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ConfigDumpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: ConfigDump] diff --git a/api/envoy/admin/v3/listeners.proto b/api/envoy/admin/v3/listeners.proto index 711410c460e92..6197a44e4243f 100644 --- a/api/envoy/admin/v3/listeners.proto +++ b/api/envoy/admin/v3/listeners.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ListenersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listeners] diff --git a/api/envoy/admin/v3/memory.proto b/api/envoy/admin/v3/memory.proto index e69ae6b2157cf..bcf9f271748d8 100644 --- a/api/envoy/admin/v3/memory.proto +++ b/api/envoy/admin/v3/memory.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "MemoryProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Memory] diff --git a/api/envoy/admin/v3/metrics.proto b/api/envoy/admin/v3/metrics.proto index 37f0fe6c1641f..71592ac1e9ecf 100644 --- a/api/envoy/admin/v3/metrics.proto +++ b/api/envoy/admin/v3/metrics.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "MetricsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metrics] diff --git a/api/envoy/admin/v3/mutex_stats.proto b/api/envoy/admin/v3/mutex_stats.proto index b9d5fe1eab6a0..49965d87ae805 100644 --- a/api/envoy/admin/v3/mutex_stats.proto +++ b/api/envoy/admin/v3/mutex_stats.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "MutexStatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: MutexStats] diff --git a/api/envoy/admin/v3/server_info.proto b/api/envoy/admin/v3/server_info.proto index 380268b03d751..ac0204428053e 100644 --- a/api/envoy/admin/v3/server_info.proto +++ b/api/envoy/admin/v3/server_info.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ServerInfoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Server State] diff --git a/api/envoy/admin/v3/tap.proto b/api/envoy/admin/v3/tap.proto index 05f0dd636daa5..ca7ab4405a9be 100644 --- a/api/envoy/admin/v3/tap.proto +++ b/api/envoy/admin/v3/tap.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap] diff --git a/api/envoy/admin/v4alpha/BUILD b/api/envoy/admin/v4alpha/BUILD new file mode 100644 index 0000000000000..6da5b60bad287 --- /dev/null +++ b/api/envoy/admin/v4alpha/BUILD @@ -0,0 +1,17 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/admin/v3:pkg", + "//envoy/annotations:pkg", + "//envoy/config/bootstrap/v4alpha:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/tap/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/admin/v4alpha/certs.proto b/api/envoy/admin/v4alpha/certs.proto new file mode 100644 index 0000000000000..585b09bccf4cb --- /dev/null +++ b/api/envoy/admin/v4alpha/certs.proto @@ -0,0 +1,72 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "google/protobuf/timestamp.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "CertsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Certificates] + +// Proto representation of certificate details. Admin endpoint uses this wrapper for `/certs` to +// display certificate information. See :ref:`/certs ` for more +// information. +message Certificates { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Certificates"; + + // List of certificates known to an Envoy. + repeated Certificate certificates = 1; +} + +message Certificate { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Certificate"; + + // Details of CA certificate. + repeated CertificateDetails ca_cert = 1; + + // Details of Certificate Chain + repeated CertificateDetails cert_chain = 2; +} + +// [#next-free-field: 7] +message CertificateDetails { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.CertificateDetails"; + + // Path of the certificate. + string path = 1; + + // Certificate Serial Number. + string serial_number = 2; + + // List of Subject Alternate names. + repeated SubjectAlternateName subject_alt_names = 3; + + // Minimum of days until expiration of certificate and it's chain. + uint64 days_until_expiration = 4; + + // Indicates the time from which the certificate is valid. + google.protobuf.Timestamp valid_from = 5; + + // Indicates the time at which the certificate expires. + google.protobuf.Timestamp expiration_time = 6; +} + +message SubjectAlternateName { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.SubjectAlternateName"; + + // Subject Alternate Name. + oneof name { + string dns = 1; + + string uri = 2; + + string ip_address = 3; + } +} diff --git a/api/envoy/admin/v4alpha/clusters.proto b/api/envoy/admin/v4alpha/clusters.proto new file mode 100644 index 0000000000000..9056262cae86a --- /dev/null +++ b/api/envoy/admin/v4alpha/clusters.proto @@ -0,0 +1,162 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/admin/v4alpha/metrics.proto"; +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/health_check.proto"; +import "envoy/type/v3/percent.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ClustersProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Clusters] + +// Admin endpoint uses this wrapper for `/clusters` to display cluster status information. +// See :ref:`/clusters ` for more information. +message Clusters { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Clusters"; + + // Mapping from cluster name to each cluster's status. + repeated ClusterStatus cluster_statuses = 1; +} + +// Details an individual cluster's current status. +// [#next-free-field: 6] +message ClusterStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ClusterStatus"; + + // Name of the cluster. + string name = 1; + + // Denotes whether this cluster was added via API or configured statically. + bool added_via_api = 2; + + // The success rate threshold used in the last interval. + // If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *false*, all errors: externally and locally generated were used to calculate the threshold. + // If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*, only externally generated errors were used to calculate the threshold. + // The threshold is used to eject hosts based on their success rate. See + // :ref:`Cluster outlier detection ` documentation for details. + // + // Note: this field may be omitted in any of the three following cases: + // + // 1. There were not enough hosts with enough request volume to proceed with success rate based + // outlier ejection. + // 2. The threshold is computed to be < 0 because a negative value implies that there was no + // threshold for that interval. + // 3. Outlier detection is not enabled for this cluster. + type.v3.Percent success_rate_ejection_threshold = 3; + + // Mapping from host address to the host's current status. + repeated HostStatus host_statuses = 4; + + // The success rate threshold used in the last interval when only locally originated failures were + // taken into account and externally originated errors were treated as success. + // This field should be interpreted only when + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*. The threshold is used to eject hosts based on their success rate. + // See :ref:`Cluster outlier detection ` documentation for + // details. + // + // Note: this field may be omitted in any of the three following cases: + // + // 1. There were not enough hosts with enough request volume to proceed with success rate based + // outlier ejection. + // 2. The threshold is computed to be < 0 because a negative value implies that there was no + // threshold for that interval. + // 3. Outlier detection is not enabled for this cluster. + type.v3.Percent local_origin_success_rate_ejection_threshold = 5; +} + +// Current state of a particular host. +// [#next-free-field: 10] +message HostStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.HostStatus"; + + // Address of this host. + config.core.v4alpha.Address address = 1; + + // List of stats specific to this host. + repeated SimpleMetric stats = 2; + + // The host's current health status. + HostHealthStatus health_status = 3; + + // Request success rate for this host over the last calculated interval. + // If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *false*, all errors: externally and locally generated were used in success rate + // calculation. If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*, only externally generated errors were used in success rate calculation. + // See :ref:`Cluster outlier detection ` documentation for + // details. + // + // Note: the message will not be present if host did not have enough request volume to calculate + // success rate or the cluster did not have enough hosts to run through success rate outlier + // ejection. + type.v3.Percent success_rate = 4; + + // The host's weight. If not configured, the value defaults to 1. + uint32 weight = 5; + + // The hostname of the host, if applicable. + string hostname = 6; + + // The host's priority. If not configured, the value defaults to 0 (highest priority). + uint32 priority = 7; + + // Request success rate for this host over the last calculated + // interval when only locally originated errors are taken into account and externally originated + // errors were treated as success. + // This field should be interpreted only when + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*. + // See :ref:`Cluster outlier detection ` documentation for + // details. + // + // Note: the message will not be present if host did not have enough request volume to calculate + // success rate or the cluster did not have enough hosts to run through success rate outlier + // ejection. + type.v3.Percent local_origin_success_rate = 8; + + // locality of the host. + config.core.v4alpha.Locality locality = 9; +} + +// Health status for a host. +// [#next-free-field: 7] +message HostHealthStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.HostHealthStatus"; + + // The host is currently failing active health checks. + bool failed_active_health_check = 1; + + // The host is currently considered an outlier and has been ejected. + bool failed_outlier_check = 2; + + // The host is currently being marked as degraded through active health checking. + bool failed_active_degraded_check = 4; + + // The host has been removed from service discovery, but is being stabilized due to active + // health checking. + bool pending_dynamic_removal = 5; + + // The host has not yet been health checked. + bool pending_active_hc = 6; + + // Health status as reported by EDS. Note: only HEALTHY and UNHEALTHY are currently supported + // here. + // [#comment:TODO(mrice32): pipe through remaining EDS health status possibilities.] + config.core.v4alpha.HealthStatus eds_health_status = 3; +} diff --git a/api/envoy/admin/v4alpha/config_dump.proto b/api/envoy/admin/v4alpha/config_dump.proto new file mode 100644 index 0000000000000..02709a4145063 --- /dev/null +++ b/api/envoy/admin/v4alpha/config_dump.proto @@ -0,0 +1,342 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/config/bootstrap/v4alpha/bootstrap.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/timestamp.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ConfigDumpProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: ConfigDump] + +// The :ref:`/config_dump ` admin endpoint uses this wrapper +// message to maintain and serve arbitrary configuration information from any component in Envoy. +message ConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ConfigDump"; + + // This list is serialized and dumped in its entirety at the + // :ref:`/config_dump ` endpoint. + // + // The following configurations are currently supported and will be dumped in the order given + // below: + // + // * *bootstrap*: :ref:`BootstrapConfigDump ` + // * *clusters*: :ref:`ClustersConfigDump ` + // * *listeners*: :ref:`ListenersConfigDump ` + // * *routes*: :ref:`RoutesConfigDump ` + // + // You can filter output with the resource and mask query parameters. + // See :ref:`/config_dump?resource={} `, + // :ref:`/config_dump?mask={} `, + // or :ref:`/config_dump?resource={},mask={} + // ` for more information. + repeated google.protobuf.Any configs = 1; +} + +message UpdateFailureState { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.UpdateFailureState"; + + // What the component configuration would have been if the update had succeeded. + google.protobuf.Any failed_configuration = 1; + + // Time of the latest failed update attempt. + google.protobuf.Timestamp last_update_attempt = 2; + + // Details about the last failed update attempt. + string details = 3; +} + +// This message describes the bootstrap configuration that Envoy was started with. This includes +// any CLI overrides that were merged. Bootstrap configuration information can be used to recreate +// the static portions of an Envoy configuration by reusing the output as the bootstrap +// configuration for another Envoy. +message BootstrapConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.BootstrapConfigDump"; + + config.bootstrap.v4alpha.Bootstrap bootstrap = 1; + + // The timestamp when the BootstrapConfig was last updated. + google.protobuf.Timestamp last_updated = 2; +} + +// Envoy's listener manager fills this message with all currently known listeners. Listener +// configuration information can be used to recreate an Envoy configuration by populating all +// listeners as static listeners or by returning them in a LDS response. +message ListenersConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ListenersConfigDump"; + + // Describes a statically loaded listener. + message StaticListener { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ListenersConfigDump.StaticListener"; + + // The listener config. + google.protobuf.Any listener = 1; + + // The timestamp when the Listener was last successfully updated. + google.protobuf.Timestamp last_updated = 2; + } + + message DynamicListenerState { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ListenersConfigDump.DynamicListenerState"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time + // that the listener was loaded. In the future, discrete per-listener versions may be supported + // by the API. + string version_info = 1; + + // The listener config. + google.protobuf.Any listener = 2; + + // The timestamp when the Listener was last successfully updated. + google.protobuf.Timestamp last_updated = 3; + } + + // Describes a dynamically loaded listener via the LDS API. + // [#next-free-field: 6] + message DynamicListener { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ListenersConfigDump.DynamicListener"; + + // The name or unique id of this listener, pulled from the DynamicListenerState config. + string name = 1; + + // The listener state for any active listener by this name. + // These are listeners that are available to service data plane traffic. + DynamicListenerState active_state = 2; + + // The listener state for any warming listener by this name. + // These are listeners that are currently undergoing warming in preparation to service data + // plane traffic. Note that if attempting to recreate an Envoy configuration from a + // configuration dump, the warming listeners should generally be discarded. + DynamicListenerState warming_state = 3; + + // The listener state for any draining listener by this name. + // These are listeners that are currently undergoing draining in preparation to stop servicing + // data plane traffic. Note that if attempting to recreate an Envoy configuration from a + // configuration dump, the draining listeners should generally be discarded. + DynamicListenerState draining_state = 4; + + // Set if the last update failed, cleared after the next successful update. + UpdateFailureState error_state = 5; + } + + // This is the :ref:`version_info ` in the + // last processed LDS discovery response. If there are only static bootstrap listeners, this field + // will be "". + string version_info = 1; + + // The statically loaded listener configs. + repeated StaticListener static_listeners = 2; + + // State for any warming, active, or draining listeners. + repeated DynamicListener dynamic_listeners = 3; +} + +// Envoy's cluster manager fills this message with all currently known clusters. Cluster +// configuration information can be used to recreate an Envoy configuration by populating all +// clusters as static clusters or by returning them in a CDS response. +message ClustersConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ClustersConfigDump"; + + // Describes a statically loaded cluster. + message StaticCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ClustersConfigDump.StaticCluster"; + + // The cluster config. + google.protobuf.Any cluster = 1; + + // The timestamp when the Cluster was last updated. + google.protobuf.Timestamp last_updated = 2; + } + + // Describes a dynamically loaded cluster via the CDS API. + message DynamicCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ClustersConfigDump.DynamicCluster"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time + // that the cluster was loaded. In the future, discrete per-cluster versions may be supported by + // the API. + string version_info = 1; + + // The cluster config. + google.protobuf.Any cluster = 2; + + // The timestamp when the Cluster was last updated. + google.protobuf.Timestamp last_updated = 3; + } + + // This is the :ref:`version_info ` in the + // last processed CDS discovery response. If there are only static bootstrap clusters, this field + // will be "". + string version_info = 1; + + // The statically loaded cluster configs. + repeated StaticCluster static_clusters = 2; + + // The dynamically loaded active clusters. These are clusters that are available to service + // data plane traffic. + repeated DynamicCluster dynamic_active_clusters = 3; + + // The dynamically loaded warming clusters. These are clusters that are currently undergoing + // warming in preparation to service data plane traffic. Note that if attempting to recreate an + // Envoy configuration from a configuration dump, the warming clusters should generally be + // discarded. + repeated DynamicCluster dynamic_warming_clusters = 4; +} + +// Envoy's RDS implementation fills this message with all currently loaded routes, as described by +// their RouteConfiguration objects. Static routes that are either defined in the bootstrap configuration +// or defined inline while configuring listeners are separated from those configured dynamically via RDS. +// Route configuration information can be used to recreate an Envoy configuration by populating all routes +// as static routes or by returning them in RDS responses. +message RoutesConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.RoutesConfigDump"; + + message StaticRouteConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.RoutesConfigDump.StaticRouteConfig"; + + // The route config. + google.protobuf.Any route_config = 1; + + // The timestamp when the Route was last updated. + google.protobuf.Timestamp last_updated = 2; + } + + message DynamicRouteConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.RoutesConfigDump.DynamicRouteConfig"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time that + // the route configuration was loaded. + string version_info = 1; + + // The route config. + google.protobuf.Any route_config = 2; + + // The timestamp when the Route was last updated. + google.protobuf.Timestamp last_updated = 3; + } + + // The statically loaded route configs. + repeated StaticRouteConfig static_route_configs = 2; + + // The dynamically loaded route configs. + repeated DynamicRouteConfig dynamic_route_configs = 3; +} + +// Envoy's scoped RDS implementation fills this message with all currently loaded route +// configuration scopes (defined via ScopedRouteConfigurationsSet protos). This message lists both +// the scopes defined inline with the higher order object (i.e., the HttpConnectionManager) and the +// dynamically obtained scopes via the SRDS API. +message ScopedRoutesConfigDump { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ScopedRoutesConfigDump"; + + message InlineScopedRouteConfigs { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ScopedRoutesConfigDump.InlineScopedRouteConfigs"; + + // The name assigned to the scoped route configurations. + string name = 1; + + // The scoped route configurations. + repeated google.protobuf.Any scoped_route_configs = 2; + + // The timestamp when the scoped route config set was last updated. + google.protobuf.Timestamp last_updated = 3; + } + + message DynamicScopedRouteConfigs { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ScopedRoutesConfigDump.DynamicScopedRouteConfigs"; + + // The name assigned to the scoped route configurations. + string name = 1; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time that + // the scoped routes configuration was loaded. + string version_info = 2; + + // The scoped route configurations. + repeated google.protobuf.Any scoped_route_configs = 3; + + // The timestamp when the scoped route config set was last updated. + google.protobuf.Timestamp last_updated = 4; + } + + // The statically loaded scoped route configs. + repeated InlineScopedRouteConfigs inline_scoped_route_configs = 1; + + // The dynamically loaded scoped route configs. + repeated DynamicScopedRouteConfigs dynamic_scoped_route_configs = 2; +} + +// Envoys SDS implementation fills this message with all secrets fetched dynamically via SDS. +message SecretsConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.SecretsConfigDump"; + + // DynamicSecret contains secret information fetched via SDS. + message DynamicSecret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.SecretsConfigDump.DynamicSecret"; + + // The name assigned to the secret. + string name = 1; + + // This is the per-resource version information. + string version_info = 2; + + // The timestamp when the secret was last updated. + google.protobuf.Timestamp last_updated = 3; + + // The actual secret information. + // Security sensitive information is redacted (replaced with "[redacted]") for + // private keys and passwords in TLS certificates. + google.protobuf.Any secret = 4; + } + + // StaticSecret specifies statically loaded secret in bootstrap. + message StaticSecret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.SecretsConfigDump.StaticSecret"; + + // The name assigned to the secret. + string name = 1; + + // The timestamp when the secret was last updated. + google.protobuf.Timestamp last_updated = 2; + + // The actual secret information. + // Security sensitive information is redacted (replaced with "[redacted]") for + // private keys and passwords in TLS certificates. + google.protobuf.Any secret = 3; + } + + // The statically loaded secrets. + repeated StaticSecret static_secrets = 1; + + // The dynamically loaded active secrets. These are secrets that are available to service + // clusters or listeners. + repeated DynamicSecret dynamic_active_secrets = 2; + + // The dynamically loaded warming secrets. These are secrets that are currently undergoing + // warming in preparation to service clusters or listeners. + repeated DynamicSecret dynamic_warming_secrets = 3; +} diff --git a/api/envoy/admin/v4alpha/listeners.proto b/api/envoy/admin/v4alpha/listeners.proto new file mode 100644 index 0000000000000..89bdc4c5bbf8d --- /dev/null +++ b/api/envoy/admin/v4alpha/listeners.proto @@ -0,0 +1,36 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/config/core/v4alpha/address.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ListenersProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Listeners] + +// Admin endpoint uses this wrapper for `/listeners` to display listener status information. +// See :ref:`/listeners ` for more information. +message Listeners { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Listeners"; + + // List of listener statuses. + repeated ListenerStatus listener_statuses = 1; +} + +// Details an individual listener's current status. +message ListenerStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ListenerStatus"; + + // Name of the listener + string name = 1; + + // The actual local address that the listener is listening on. If a listener was configured + // to listen on port 0, then this address has the port that was allocated by the OS. + config.core.v4alpha.Address local_address = 2; +} diff --git a/api/envoy/admin/v4alpha/memory.proto b/api/envoy/admin/v4alpha/memory.proto new file mode 100644 index 0000000000000..d2f0b57229ce8 --- /dev/null +++ b/api/envoy/admin/v4alpha/memory.proto @@ -0,0 +1,47 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "MemoryProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Memory] + +// Proto representation of the internal memory consumption of an Envoy instance. These represent +// values extracted from an internal TCMalloc instance. For more information, see the section of the +// docs entitled ["Generic Tcmalloc Status"](https://gperftools.github.io/gperftools/tcmalloc.html). +// [#next-free-field: 7] +message Memory { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Memory"; + + // The number of bytes allocated by the heap for Envoy. This is an alias for + // `generic.current_allocated_bytes`. + uint64 allocated = 1; + + // The number of bytes reserved by the heap but not necessarily allocated. This is an alias for + // `generic.heap_size`. + uint64 heap_size = 2; + + // The number of bytes in free, unmapped pages in the page heap. These bytes always count towards + // virtual memory usage, and depending on the OS, typically do not count towards physical memory + // usage. This is an alias for `tcmalloc.pageheap_unmapped_bytes`. + uint64 pageheap_unmapped = 3; + + // The number of bytes in free, mapped pages in the page heap. These bytes always count towards + // virtual memory usage, and unless the underlying memory is swapped out by the OS, they also + // count towards physical memory usage. This is an alias for `tcmalloc.pageheap_free_bytes`. + uint64 pageheap_free = 4; + + // The amount of memory used by the TCMalloc thread caches (for small objects). This is an alias + // for `tcmalloc.current_total_thread_cache_bytes`. + uint64 total_thread_cache = 5; + + // The number of bytes of the physical memory usage by the allocator. This is an alias for + // `generic.total_physical_bytes`. + uint64 total_physical_bytes = 6; +} diff --git a/api/envoy/admin/v4alpha/metrics.proto b/api/envoy/admin/v4alpha/metrics.proto new file mode 100644 index 0000000000000..78613320038b7 --- /dev/null +++ b/api/envoy/admin/v4alpha/metrics.proto @@ -0,0 +1,32 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "MetricsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Metrics] + +// Proto representation of an Envoy Counter or Gauge value. +message SimpleMetric { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.SimpleMetric"; + + enum Type { + COUNTER = 0; + GAUGE = 1; + } + + // Type of the metric represented. + Type type = 1; + + // Current metric value. + uint64 value = 2; + + // Name of the metric. + string name = 3; +} diff --git a/api/envoy/admin/v4alpha/mutex_stats.proto b/api/envoy/admin/v4alpha/mutex_stats.proto new file mode 100644 index 0000000000000..6f9fcd548cc04 --- /dev/null +++ b/api/envoy/admin/v4alpha/mutex_stats.proto @@ -0,0 +1,33 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "MutexStatsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: MutexStats] + +// Proto representation of the statistics collected upon absl::Mutex contention, if Envoy is run +// under :option:`--enable-mutex-tracing`. For more information, see the `absl::Mutex` +// [docs](https://abseil.io/about/design/mutex#extra-features). +// +// *NB*: The wait cycles below are measured by `absl::base_internal::CycleClock`, and may not +// correspond to core clock frequency. For more information, see the `CycleClock` +// [docs](https://github.com/abseil/abseil-cpp/blob/master/absl/base/internal/cycleclock.h). +message MutexStats { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.MutexStats"; + + // The number of individual mutex contentions which have occurred since startup. + uint64 num_contentions = 1; + + // The length of the current contention wait cycle. + uint64 current_wait_cycles = 2; + + // The lifetime total of all contention wait cycles. + uint64 lifetime_wait_cycles = 3; +} diff --git a/api/envoy/admin/v4alpha/server_info.proto b/api/envoy/admin/v4alpha/server_info.proto new file mode 100644 index 0000000000000..867a9255bc51f --- /dev/null +++ b/api/envoy/admin/v4alpha/server_info.proto @@ -0,0 +1,155 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "google/protobuf/duration.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ServerInfoProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Server State] + +// Proto representation of the value returned by /server_info, containing +// server version/server status information. +// [#next-free-field: 7] +message ServerInfo { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ServerInfo"; + + enum State { + // Server is live and serving traffic. + LIVE = 0; + + // Server is draining listeners in response to external health checks failing. + DRAINING = 1; + + // Server has not yet completed cluster manager initialization. + PRE_INITIALIZING = 2; + + // Server is running the cluster manager initialization callbacks (e.g., RDS). + INITIALIZING = 3; + } + + // Server version. + string version = 1; + + // State of the server. + State state = 2; + + // Uptime since current epoch was started. + google.protobuf.Duration uptime_current_epoch = 3; + + // Uptime since the start of the first epoch. + google.protobuf.Duration uptime_all_epochs = 4; + + // Hot restart version. + string hot_restart_version = 5; + + // Command line options the server is currently running with. + CommandLineOptions command_line_options = 6; +} + +// [#next-free-field: 29] +message CommandLineOptions { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.CommandLineOptions"; + + enum IpVersion { + v4 = 0; + v6 = 1; + } + + enum Mode { + // Validate configs and then serve traffic normally. + Serve = 0; + + // Validate configs and exit. + Validate = 1; + + // Completely load and initialize the config, and then exit without running the listener loop. + InitOnly = 2; + } + + reserved 12, 20, 21; + + reserved "max_stats", "max_obj_name_len"; + + // See :option:`--base-id` for details. + uint64 base_id = 1; + + // See :option:`--concurrency` for details. + uint32 concurrency = 2; + + // See :option:`--config-path` for details. + string config_path = 3; + + // See :option:`--config-yaml` for details. + string config_yaml = 4; + + // See :option:`--allow-unknown-static-fields` for details. + bool allow_unknown_static_fields = 5; + + // See :option:`--reject-unknown-dynamic-fields` for details. + bool reject_unknown_dynamic_fields = 26; + + // See :option:`--admin-address-path` for details. + string admin_address_path = 6; + + // See :option:`--local-address-ip-version` for details. + IpVersion local_address_ip_version = 7; + + // See :option:`--log-level` for details. + string log_level = 8; + + // See :option:`--component-log-level` for details. + string component_log_level = 9; + + // See :option:`--log-format` for details. + string log_format = 10; + + // See :option:`--log-format-escaped` for details. + bool log_format_escaped = 27; + + // See :option:`--log-path` for details. + string log_path = 11; + + // See :option:`--service-cluster` for details. + string service_cluster = 13; + + // See :option:`--service-node` for details. + string service_node = 14; + + // See :option:`--service-zone` for details. + string service_zone = 15; + + // See :option:`--file-flush-interval-msec` for details. + google.protobuf.Duration file_flush_interval = 16; + + // See :option:`--drain-time-s` for details. + google.protobuf.Duration drain_time = 17; + + // See :option:`--parent-shutdown-time-s` for details. + google.protobuf.Duration parent_shutdown_time = 18; + + // See :option:`--mode` for details. + Mode mode = 19; + + // See :option:`--disable-hot-restart` for details. + bool disable_hot_restart = 22; + + // See :option:`--enable-mutex-tracing` for details. + bool enable_mutex_tracing = 23; + + // See :option:`--restart-epoch` for details. + uint32 restart_epoch = 24; + + // See :option:`--cpuset-threads` for details. + bool cpuset_threads = 25; + + // See :option:`--disable-extensions` for details. + repeated string disabled_extensions = 28; +} diff --git a/api/envoy/admin/v4alpha/tap.proto b/api/envoy/admin/v4alpha/tap.proto new file mode 100644 index 0000000000000..c47b308d6ee6d --- /dev/null +++ b/api/envoy/admin/v4alpha/tap.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/config/tap/v3/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "TapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tap] + +// The /tap admin request body that is used to configure an active tap session. +message TapRequest { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.TapRequest"; + + // The opaque configuration ID used to match the configuration to a loaded extension. + // A tap extension configures a similar opaque ID that is used to match. + string config_id = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The tap configuration to load. + config.tap.v3.TapConfig tap_config = 2 [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/api/v2/auth/cert.proto b/api/envoy/api/v2/auth/cert.proto index 908b161399072..09c53b2520467 100644 --- a/api/envoy/api/v2/auth/cert.proto +++ b/api/envoy/api/v2/auth/cert.proto @@ -21,7 +21,7 @@ option java_outer_classname = "CertProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.tls.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common TLS configuration] diff --git a/api/envoy/api/v2/cds.proto b/api/envoy/api/v2/cds.proto index f6c73350bf286..0b657a0fa452b 100644 --- a/api/envoy/api/v2/cds.proto +++ b/api/envoy/api/v2/cds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "CdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: CDS] diff --git a/api/envoy/api/v2/cluster.proto b/api/envoy/api/v2/cluster.proto index 4d23765466f92..5de5c20df570d 100644 --- a/api/envoy/api/v2/cluster.proto +++ b/api/envoy/api/v2/cluster.proto @@ -28,7 +28,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Cluster configuration] diff --git a/api/envoy/api/v2/cluster/circuit_breaker.proto b/api/envoy/api/v2/cluster/circuit_breaker.proto index 0fb2385a5bcd8..510619b264296 100644 --- a/api/envoy/api/v2/cluster/circuit_breaker.proto +++ b/api/envoy/api/v2/cluster/circuit_breaker.proto @@ -17,7 +17,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; option ruby_package = "Envoy.Api.V2.ClusterNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Circuit breakers] diff --git a/api/envoy/api/v2/cluster/filter.proto b/api/envoy/api/v2/cluster/filter.proto index bd27332ea02c7..b87ad79d8f352 100644 --- a/api/envoy/api/v2/cluster/filter.proto +++ b/api/envoy/api/v2/cluster/filter.proto @@ -14,7 +14,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; option ruby_package = "Envoy.Api.V2.ClusterNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Upstream filters] // Upstream filters apply to the connections to the upstream cluster hosts. diff --git a/api/envoy/api/v2/cluster/outlier_detection.proto b/api/envoy/api/v2/cluster/outlier_detection.proto index 5bc51016be91b..6cf35e41ff153 100644 --- a/api/envoy/api/v2/cluster/outlier_detection.proto +++ b/api/envoy/api/v2/cluster/outlier_detection.proto @@ -15,7 +15,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; option ruby_package = "Envoy.Api.V2.ClusterNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Outlier detection] diff --git a/api/envoy/api/v2/core/address.proto b/api/envoy/api/v2/core/address.proto index f45b55bb2af7c..804da539583bb 100644 --- a/api/envoy/api/v2/core/address.proto +++ b/api/envoy/api/v2/core/address.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "AddressProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Network addresses] diff --git a/api/envoy/api/v2/core/backoff.proto b/api/envoy/api/v2/core/backoff.proto index 87704ae41e561..e45c71e39be8f 100644 --- a/api/envoy/api/v2/core/backoff.proto +++ b/api/envoy/api/v2/core/backoff.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "BackoffProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Backoff Strategy] diff --git a/api/envoy/api/v2/core/base.proto b/api/envoy/api/v2/core/base.proto index 55563046ef2aa..34adac56d5e6f 100644 --- a/api/envoy/api/v2/core/base.proto +++ b/api/envoy/api/v2/core/base.proto @@ -23,7 +23,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "BaseProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common types] diff --git a/api/envoy/api/v2/core/config_source.proto b/api/envoy/api/v2/core/config_source.proto index 2b1a6a7c78068..fa42a7aeec1ce 100644 --- a/api/envoy/api/v2/core/config_source.proto +++ b/api/envoy/api/v2/core/config_source.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "ConfigSourceProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Configuration sources] diff --git a/api/envoy/api/v2/core/event_service_config.proto b/api/envoy/api/v2/core/event_service_config.proto index 778cbbe14e5f5..f822f8c6b630d 100644 --- a/api/envoy/api/v2/core/event_service_config.proto +++ b/api/envoy/api/v2/core/event_service_config.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "EventServiceConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#not-implemented-hide:] // Configuration of the event reporting service endpoint. diff --git a/api/envoy/api/v2/core/grpc_method_list.proto b/api/envoy/api/v2/core/grpc_method_list.proto index 9728b2038e1ea..3d646484b359d 100644 --- a/api/envoy/api/v2/core/grpc_method_list.proto +++ b/api/envoy/api/v2/core/grpc_method_list.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "GrpcMethodListProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC method list] diff --git a/api/envoy/api/v2/core/grpc_service.proto b/api/envoy/api/v2/core/grpc_service.proto index 096b9c246342f..dd789644e1d71 100644 --- a/api/envoy/api/v2/core/grpc_service.proto +++ b/api/envoy/api/v2/core/grpc_service.proto @@ -18,7 +18,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "GrpcServiceProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC services] diff --git a/api/envoy/api/v2/core/health_check.proto b/api/envoy/api/v2/core/health_check.proto index 2da19e00802a6..bc4ae3e5c8666 100644 --- a/api/envoy/api/v2/core/health_check.proto +++ b/api/envoy/api/v2/core/health_check.proto @@ -22,7 +22,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health check] // * Health checking :ref:`architecture overview `. diff --git a/api/envoy/api/v2/core/http_uri.proto b/api/envoy/api/v2/core/http_uri.proto index 9b4bc42c0181e..cd1a0660e330a 100644 --- a/api/envoy/api/v2/core/http_uri.proto +++ b/api/envoy/api/v2/core/http_uri.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "HttpUriProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP Service URI ] diff --git a/api/envoy/api/v2/core/protocol.proto b/api/envoy/api/v2/core/protocol.proto index 6c3a76c1b9749..63a39d84a436a 100644 --- a/api/envoy/api/v2/core/protocol.proto +++ b/api/envoy/api/v2/core/protocol.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "ProtocolProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Protocol options] diff --git a/api/envoy/api/v2/core/socket_option.proto b/api/envoy/api/v2/core/socket_option.proto index eeb68faa08d99..39678ad1b8bc6 100644 --- a/api/envoy/api/v2/core/socket_option.proto +++ b/api/envoy/api/v2/core/socket_option.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "SocketOptionProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Socket Option ] diff --git a/api/envoy/api/v2/discovery.proto b/api/envoy/api/v2/discovery.proto index 495319c703ff9..da2690f867fc3 100644 --- a/api/envoy/api/v2/discovery.proto +++ b/api/envoy/api/v2/discovery.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "DiscoveryProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.discovery.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common discovery API components] diff --git a/api/envoy/api/v2/eds.proto b/api/envoy/api/v2/eds.proto index 8ac51d1e519ec..b0d5c7c473702 100644 --- a/api/envoy/api/v2/eds.proto +++ b/api/envoy/api/v2/eds.proto @@ -20,7 +20,7 @@ option java_outer_classname = "EdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: EDS] // Endpoint discovery :ref:`architecture overview ` diff --git a/api/envoy/api/v2/endpoint.proto b/api/envoy/api/v2/endpoint.proto index 8645ca8b34eef..e233b0e7d34ea 100644 --- a/api/envoy/api/v2/endpoint.proto +++ b/api/envoy/api/v2/endpoint.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "EndpointProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Endpoint configuration] // Endpoint discovery :ref:`architecture overview ` diff --git a/api/envoy/api/v2/endpoint/endpoint.proto b/api/envoy/api/v2/endpoint/endpoint.proto index fc7d7434c337c..9724fd72818d5 100644 --- a/api/envoy/api/v2/endpoint/endpoint.proto +++ b/api/envoy/api/v2/endpoint/endpoint.proto @@ -9,4 +9,3 @@ import public "envoy/api/v2/endpoint/endpoint_components.proto"; option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; option java_outer_classname = "EndpointProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/api/envoy/api/v2/endpoint/endpoint_components.proto b/api/envoy/api/v2/endpoint/endpoint_components.proto index d030c8bab5b01..d7f209311697d 100644 --- a/api/envoy/api/v2/endpoint/endpoint_components.proto +++ b/api/envoy/api/v2/endpoint/endpoint_components.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; option java_outer_classname = "EndpointComponentsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Endpoints] diff --git a/api/envoy/api/v2/endpoint/load_report.proto b/api/envoy/api/v2/endpoint/load_report.proto index bafe846fca05a..928aed6102df8 100644 --- a/api/envoy/api/v2/endpoint/load_report.proto +++ b/api/envoy/api/v2/endpoint/load_report.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; option java_outer_classname = "LoadReportProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // These are stats Envoy reports to GLB every so often. Report frequency is // defined by diff --git a/api/envoy/api/v2/lds.proto b/api/envoy/api/v2/lds.proto index 03723d9d07f7e..d1e528f2472d4 100644 --- a/api/envoy/api/v2/lds.proto +++ b/api/envoy/api/v2/lds.proto @@ -20,7 +20,7 @@ option java_outer_classname = "LdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listener] // Listener :ref:`configuration overview ` diff --git a/api/envoy/api/v2/listener.proto b/api/envoy/api/v2/listener.proto index 10f3d08209fc6..a93df10c3128d 100644 --- a/api/envoy/api/v2/listener.proto +++ b/api/envoy/api/v2/listener.proto @@ -22,7 +22,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "ListenerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listener configuration] // Listener :ref:`configuration overview ` diff --git a/api/envoy/api/v2/listener/listener.proto b/api/envoy/api/v2/listener/listener.proto index 2d68a46771519..671da24b0445f 100644 --- a/api/envoy/api/v2/listener/listener.proto +++ b/api/envoy/api/v2/listener/listener.proto @@ -11,4 +11,3 @@ option java_outer_classname = "ListenerProto"; option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/api/envoy/api/v2/listener/listener_components.proto b/api/envoy/api/v2/listener/listener_components.proto index 3acb5f1a3a443..fe449c63358a1 100644 --- a/api/envoy/api/v2/listener/listener_components.proto +++ b/api/envoy/api/v2/listener/listener_components.proto @@ -21,7 +21,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listener components] // Listener :ref:`configuration overview ` diff --git a/api/envoy/api/v2/listener/quic_config.proto b/api/envoy/api/v2/listener/quic_config.proto index ccd2f1d116fa5..2a4616bb09c99 100644 --- a/api/envoy/api/v2/listener/quic_config.proto +++ b/api/envoy/api/v2/listener/quic_config.proto @@ -14,7 +14,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: QUIC listener Config] diff --git a/api/envoy/api/v2/listener/udp_listener_config.proto b/api/envoy/api/v2/listener/udp_listener_config.proto index a04906a61859b..d4d29531f3aaa 100644 --- a/api/envoy/api/v2/listener/udp_listener_config.proto +++ b/api/envoy/api/v2/listener/udp_listener_config.proto @@ -14,7 +14,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: UDP Listener Config] // Listener :ref:`configuration overview ` diff --git a/api/envoy/api/v2/ratelimit/ratelimit.proto b/api/envoy/api/v2/ratelimit/ratelimit.proto index 0b052edb9301b..5ac72c69a6fbb 100644 --- a/api/envoy/api/v2/ratelimit/ratelimit.proto +++ b/api/envoy/api/v2/ratelimit/ratelimit.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.ratelimit"; option java_outer_classname = "RatelimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.common.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common rate limit components] diff --git a/api/envoy/api/v2/rds.proto b/api/envoy/api/v2/rds.proto index 015864af37163..fad73f1758406 100644 --- a/api/envoy/api/v2/rds.proto +++ b/api/envoy/api/v2/rds.proto @@ -19,7 +19,7 @@ option java_outer_classname = "RdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: RDS] diff --git a/api/envoy/api/v2/route.proto b/api/envoy/api/v2/route.proto index 864f8a9211246..549f134a7f439 100644 --- a/api/envoy/api/v2/route.proto +++ b/api/envoy/api/v2/route.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP route configuration] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/api/v2/route/route.proto b/api/envoy/api/v2/route/route.proto index fe18bbeb28b39..92e44f1e19df2 100644 --- a/api/envoy/api/v2/route/route.proto +++ b/api/envoy/api/v2/route/route.proto @@ -9,4 +9,3 @@ import public "envoy/api/v2/route/route_components.proto"; option java_package = "io.envoyproxy.envoy.api.v2.route"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/api/envoy/api/v2/route/route_components.proto b/api/envoy/api/v2/route/route_components.proto index c4ccf2c8c9a18..c890134414e55 100644 --- a/api/envoy/api/v2/route/route_components.proto +++ b/api/envoy/api/v2/route/route_components.proto @@ -23,7 +23,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.route"; option java_outer_classname = "RouteComponentsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP route components] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/api/v2/scoped_route.proto b/api/envoy/api/v2/scoped_route.proto index 03130e1314233..0841bd08723c5 100644 --- a/api/envoy/api/v2/scoped_route.proto +++ b/api/envoy/api/v2/scoped_route.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "ScopedRouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP scoped routing configuration] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/api/v2/srds.proto b/api/envoy/api/v2/srds.proto index e44fb6f3211fd..0edb99a1eccbb 100644 --- a/api/envoy/api/v2/srds.proto +++ b/api/envoy/api/v2/srds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "SrdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: SRDS] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/config/accesslog/v2/als.proto b/api/envoy/config/accesslog/v2/als.proto index 864f44fac4317..5b4106af106ed 100644 --- a/api/envoy/config/accesslog/v2/als.proto +++ b/api/envoy/config/accesslog/v2/als.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.config.accesslog.v2"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.access_loggers.grpc.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/api/envoy/config/accesslog/v2/file.proto b/api/envoy/config/accesslog/v2/file.proto index a003f222ccb02..9b8671c81358e 100644 --- a/api/envoy/config/accesslog/v2/file.proto +++ b/api/envoy/config/accesslog/v2/file.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.accesslog.v2"; option java_outer_classname = "FileProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.access_loggers.file.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: File access log] // [#extension: envoy.access_loggers.file] diff --git a/api/envoy/config/accesslog/v3/accesslog.proto b/api/envoy/config/accesslog/v3/accesslog.proto index 95329793407bb..f5732ba3f8e42 100644 --- a/api/envoy/config/accesslog/v3/accesslog.proto +++ b/api/envoy/config/accesslog/v3/accesslog.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.accesslog.v3"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common access log types] diff --git a/api/envoy/config/bootstrap/v2/bootstrap.proto b/api/envoy/config/bootstrap/v2/bootstrap.proto index 09b6303e6b10f..2aea0e3780420 100644 --- a/api/envoy/config/bootstrap/v2/bootstrap.proto +++ b/api/envoy/config/bootstrap/v2/bootstrap.proto @@ -25,7 +25,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.bootstrap.v2"; option java_outer_classname = "BootstrapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Bootstrap] // This proto is supplied via the :option:`-c` CLI flag and acts as the root diff --git a/api/envoy/config/bootstrap/v3/bootstrap.proto b/api/envoy/config/bootstrap/v3/bootstrap.proto index 0aa9e46ea6c4b..e180fa5266930 100644 --- a/api/envoy/config/bootstrap/v3/bootstrap.proto +++ b/api/envoy/config/bootstrap/v3/bootstrap.proto @@ -26,7 +26,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.bootstrap.v3"; option java_outer_classname = "BootstrapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Bootstrap] // This proto is supplied via the :option:`-c` CLI flag and acts as the root diff --git a/api/envoy/config/bootstrap/v4alpha/BUILD b/api/envoy/config/bootstrap/v4alpha/BUILD new file mode 100644 index 0000000000000..005603632b4c5 --- /dev/null +++ b/api/envoy/config/bootstrap/v4alpha/BUILD @@ -0,0 +1,20 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/bootstrap/v3:pkg", + "//envoy/config/cluster/v4alpha:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/listener/v3:pkg", + "//envoy/config/metrics/v3:pkg", + "//envoy/config/overload/v3:pkg", + "//envoy/config/trace/v4alpha:pkg", + "//envoy/extensions/transport_sockets/tls/v4alpha:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/config/bootstrap/v4alpha/bootstrap.proto b/api/envoy/config/bootstrap/v4alpha/bootstrap.proto new file mode 100644 index 0000000000000..ab670faad430b --- /dev/null +++ b/api/envoy/config/bootstrap/v4alpha/bootstrap.proto @@ -0,0 +1,379 @@ +syntax = "proto3"; + +package envoy.config.bootstrap.v4alpha; + +import "envoy/config/cluster/v4alpha/cluster.proto"; +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/event_service_config.proto"; +import "envoy/config/core/v4alpha/socket_option.proto"; +import "envoy/config/listener/v3/listener.proto"; +import "envoy/config/metrics/v3/stats.proto"; +import "envoy/config/overload/v3/overload.proto"; +import "envoy/config/trace/v4alpha/trace.proto"; +import "envoy/extensions/transport_sockets/tls/v4alpha/cert.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.bootstrap.v4alpha"; +option java_outer_classname = "BootstrapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Bootstrap] +// This proto is supplied via the :option:`-c` CLI flag and acts as the root +// of the Envoy v2 configuration. See the :ref:`v2 configuration overview +// ` for more detail. + +// Bootstrap :ref:`configuration overview `. +// [#next-free-field: 21] +message Bootstrap { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.Bootstrap"; + + message StaticResources { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.Bootstrap.StaticResources"; + + // Static :ref:`Listeners `. These listeners are + // available regardless of LDS configuration. + repeated listener.v3.Listener listeners = 1; + + // If a network based configuration source is specified for :ref:`cds_config + // `, it's necessary + // to have some initial cluster definitions available to allow Envoy to know + // how to speak to the management server. These cluster definitions may not + // use :ref:`EDS ` (i.e. they should be static + // IP or DNS-based). + repeated cluster.v4alpha.Cluster clusters = 2; + + // These static secrets can be used by :ref:`SdsSecretConfig + // ` + repeated envoy.extensions.transport_sockets.tls.v4alpha.Secret secrets = 3; + } + + message DynamicResources { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.Bootstrap.DynamicResources"; + + reserved 4; + + // All :ref:`Listeners ` are provided by a single + // :ref:`LDS ` configuration source. + core.v4alpha.ConfigSource lds_config = 1; + + // All post-bootstrap :ref:`Cluster ` definitions are + // provided by a single :ref:`CDS ` + // configuration source. + core.v4alpha.ConfigSource cds_config = 2; + + // A single :ref:`ADS ` source may be optionally + // specified. This must have :ref:`api_type + // ` :ref:`GRPC + // `. Only + // :ref:`ConfigSources ` that have + // the :ref:`ads ` field set will be + // streamed on the ADS channel. + core.v4alpha.ApiConfigSource ads_config = 3; + } + + reserved 10, 11; + + reserved "runtime"; + + // Node identity to present to the management server and for instance + // identification purposes (e.g. in generated headers). + core.v4alpha.Node node = 1; + + // Statically specified resources. + StaticResources static_resources = 2; + + // xDS configuration sources. + DynamicResources dynamic_resources = 3; + + // Configuration for the cluster manager which owns all upstream clusters + // within the server. + ClusterManager cluster_manager = 4; + + // Health discovery service config option. + // (:ref:`core.ApiConfigSource `) + core.v4alpha.ApiConfigSource hds_config = 14; + + // Optional file system path to search for startup flag files. + string flags_path = 5; + + // Optional set of stats sinks. + repeated metrics.v3.StatsSink stats_sinks = 6; + + // Configuration for internal processing of stats. + metrics.v3.StatsConfig stats_config = 13; + + // Optional duration between flushes to configured stats sinks. For + // performance reasons Envoy latches counters and only flushes counters and + // gauges at a periodic interval. If not specified the default is 5000ms (5 + // seconds). + // Duration must be at least 1ms and at most 5 min. + google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = { + lt {seconds: 300} + gte {nanos: 1000000} + }]; + + // Optional watchdog configuration. + Watchdog watchdog = 8; + + // Configuration for an external tracing provider. If not specified, no + // tracing will be performed. + trace.v4alpha.Tracing tracing = 9; + + // Configuration for the runtime configuration provider. If not + // specified, a “null” provider will be used which will result in all defaults + // being used. + LayeredRuntime layered_runtime = 17; + + // Configuration for the local administration HTTP server. + Admin admin = 12; + + // Optional overload manager configuration. + overload.v3.OverloadManager overload_manager = 15; + + // Enable :ref:`stats for event dispatcher `, defaults to false. + // Note that this records a value for each iteration of the event loop on every thread. This + // should normally be minimal overhead, but when using + // :ref:`statsd `, it will send each observed value + // over the wire individually because the statsd protocol doesn't have any way to represent a + // histogram summary. Be aware that this can be a very large volume of data. + bool enable_dispatcher_stats = 16; + + // Optional string which will be used in lieu of x-envoy in prefixing headers. + // + // For example, if this string is present and set to X-Foo, then x-envoy-retry-on will be + // transformed into x-foo-retry-on etc. + // + // Note this applies to the headers Envoy will generate, the headers Envoy will sanitize, and the + // headers Envoy will trust for core code and core extensions only. Be VERY careful making + // changes to this string, especially in multi-layer Envoy deployments or deployments using + // extensions which are not upstream. + string header_prefix = 18; + + // Optional proxy version which will be used to set the value of :ref:`server.version statistic + // ` if specified. Envoy will not process this value, it will be sent as is to + // :ref:`stats sinks `. + google.protobuf.UInt64Value stats_server_version_override = 19; + + // Always use TCP queries instead of UDP queries for DNS lookups. + // This may be overridden on a per-cluster basis in cds_config, + // when :ref:`dns_resolvers ` and + // :ref:`use_tcp_for_dns_lookups ` are + // specified. + bool use_tcp_for_dns_lookups = 20; +} + +// Administration interface :ref:`operations documentation +// `. +message Admin { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Admin"; + + // The path to write the access log for the administration server. If no + // access log is desired specify ‘/dev/null’. This is only required if + // :ref:`address ` is set. + string access_log_path = 1; + + // The cpu profiler output path for the administration server. If no profile + // path is specified, the default is ‘/var/log/envoy/envoy.prof’. + string profile_path = 2; + + // The TCP address that the administration server will listen on. + // If not specified, Envoy will not start an administration server. + core.v4alpha.Address address = 3; + + // Additional socket options that may not be present in Envoy source code or + // precompiled binaries. + repeated core.v4alpha.SocketOption socket_options = 4; +} + +// Cluster manager :ref:`architecture overview `. +message ClusterManager { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.ClusterManager"; + + message OutlierDetection { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.ClusterManager.OutlierDetection"; + + // Specifies the path to the outlier event log. + string event_log_path = 1; + + // [#not-implemented-hide:] + // The gRPC service for the outlier detection event service. + // If empty, outlier detection events won't be sent to a remote endpoint. + core.v4alpha.EventServiceConfig event_service = 2; + } + + // Name of the local cluster (i.e., the cluster that owns the Envoy running + // this configuration). In order to enable :ref:`zone aware routing + // ` this option must be set. + // If *local_cluster_name* is defined then :ref:`clusters + // ` must be defined in the :ref:`Bootstrap + // static cluster resources + // `. This is unrelated to + // the :option:`--service-cluster` option which does not `affect zone aware + // routing `_. + string local_cluster_name = 1; + + // Optional global configuration for outlier detection. + OutlierDetection outlier_detection = 2; + + // Optional configuration used to bind newly established upstream connections. + // This may be overridden on a per-cluster basis by upstream_bind_config in the cds_config. + core.v4alpha.BindConfig upstream_bind_config = 3; + + // A management server endpoint to stream load stats to via + // *StreamLoadStats*. This must have :ref:`api_type + // ` :ref:`GRPC + // `. + core.v4alpha.ApiConfigSource load_stats_config = 4; +} + +// Envoy process watchdog configuration. When configured, this monitors for +// nonresponsive threads and kills the process after the configured thresholds. +// See the :ref:`watchdog documentation ` for more information. +message Watchdog { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Watchdog"; + + // The duration after which Envoy counts a nonresponsive thread in the + // *watchdog_miss* statistic. If not specified the default is 200ms. + google.protobuf.Duration miss_timeout = 1; + + // The duration after which Envoy counts a nonresponsive thread in the + // *watchdog_mega_miss* statistic. If not specified the default is + // 1000ms. + google.protobuf.Duration megamiss_timeout = 2; + + // If a watched thread has been nonresponsive for this duration, assume a + // programming error and kill the entire Envoy process. Set to 0 to disable + // kill behavior. If not specified the default is 0 (disabled). + google.protobuf.Duration kill_timeout = 3; + + // If at least two watched threads have been nonresponsive for at least this + // duration assume a true deadlock and kill the entire Envoy process. Set to 0 + // to disable this behavior. If not specified the default is 0 (disabled). + google.protobuf.Duration multikill_timeout = 4; +} + +// Runtime :ref:`configuration overview ` (deprecated). +message Runtime { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Runtime"; + + // The implementation assumes that the file system tree is accessed via a + // symbolic link. An atomic link swap is used when a new tree should be + // switched to. This parameter specifies the path to the symbolic link. Envoy + // will watch the location for changes and reload the file system tree when + // they happen. If this parameter is not set, there will be no disk based + // runtime. + string symlink_root = 1; + + // Specifies the subdirectory to load within the root directory. This is + // useful if multiple systems share the same delivery mechanism. Envoy + // configuration elements can be contained in a dedicated subdirectory. + string subdirectory = 2; + + // Specifies an optional subdirectory to load within the root directory. If + // specified and the directory exists, configuration values within this + // directory will override those found in the primary subdirectory. This is + // useful when Envoy is deployed across many different types of servers. + // Sometimes it is useful to have a per service cluster directory for runtime + // configuration. See below for exactly how the override directory is used. + string override_subdirectory = 3; + + // Static base runtime. This will be :ref:`overridden + // ` by other runtime layers, e.g. + // disk or admin. This follows the :ref:`runtime protobuf JSON representation + // encoding `. + google.protobuf.Struct base = 4; +} + +// [#next-free-field: 6] +message RuntimeLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer"; + + // :ref:`Disk runtime ` layer. + message DiskLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer.DiskLayer"; + + // The implementation assumes that the file system tree is accessed via a + // symbolic link. An atomic link swap is used when a new tree should be + // switched to. This parameter specifies the path to the symbolic link. + // Envoy will watch the location for changes and reload the file system tree + // when they happen. See documentation on runtime :ref:`atomicity + // ` for further details on how reloads are + // treated. + string symlink_root = 1; + + // Specifies the subdirectory to load within the root directory. This is + // useful if multiple systems share the same delivery mechanism. Envoy + // configuration elements can be contained in a dedicated subdirectory. + string subdirectory = 3; + + // :ref:`Append ` the + // service cluster to the path under symlink root. + bool append_service_cluster = 2; + } + + // :ref:`Admin console runtime ` layer. + message AdminLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer.AdminLayer"; + } + + // :ref:`Runtime Discovery Service (RTDS) ` layer. + message RtdsLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer.RtdsLayer"; + + // Resource to subscribe to at *rtds_config* for the RTDS layer. + string name = 1; + + // RTDS configuration source. + core.v4alpha.ConfigSource rtds_config = 2; + } + + // Descriptive name for the runtime layer. This is only used for the runtime + // :http:get:`/runtime` output. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + oneof layer_specifier { + option (validate.required) = true; + + // :ref:`Static runtime ` layer. + // This follows the :ref:`runtime protobuf JSON representation encoding + // `. Unlike static xDS resources, this static + // layer is overridable by later layers in the runtime virtual filesystem. + google.protobuf.Struct static_layer = 2; + + DiskLayer disk_layer = 3; + + AdminLayer admin_layer = 4; + + RtdsLayer rtds_layer = 5; + } +} + +// Runtime :ref:`configuration overview `. +message LayeredRuntime { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.LayeredRuntime"; + + // The :ref:`layers ` of the runtime. This is ordered + // such that later layers in the list overlay earlier entries. + repeated RuntimeLayer layers = 1; +} diff --git a/api/envoy/config/cluster/aggregate/v2alpha/cluster.proto b/api/envoy/config/cluster/aggregate/v2alpha/cluster.proto index e050bff1a699b..a0fdadd75724c 100644 --- a/api/envoy/config/cluster/aggregate/v2alpha/cluster.proto +++ b/api/envoy/config/cluster/aggregate/v2alpha/cluster.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.config.cluster.aggregate.v2alpha"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.clusters.aggregate.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Aggregate cluster configuration] diff --git a/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto b/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto index 7c8c56083bf34..33f5ffe057e3a 100644 --- a/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto +++ b/api/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto @@ -13,7 +13,7 @@ option java_outer_classname = "ClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.clusters.dynamic_forward_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamic forward proxy cluster configuration] diff --git a/api/envoy/config/cluster/redis/redis_cluster.proto b/api/envoy/config/cluster/redis/redis_cluster.proto index e6652d51d7a6a..b1872501e8eb2 100644 --- a/api/envoy/config/cluster/redis/redis_cluster.proto +++ b/api/envoy/config/cluster/redis/redis_cluster.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.redis"; option java_outer_classname = "RedisClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Redis Cluster Configuration] // This cluster adds support for `Redis Cluster `_, as part diff --git a/api/envoy/config/cluster/v3/circuit_breaker.proto b/api/envoy/config/cluster/v3/circuit_breaker.proto index 1661501c5861a..96e69701cda21 100644 --- a/api/envoy/config/cluster/v3/circuit_breaker.proto +++ b/api/envoy/config/cluster/v3/circuit_breaker.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "CircuitBreakerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Circuit breakers] diff --git a/api/envoy/config/cluster/v3/cluster.proto b/api/envoy/config/cluster/v3/cluster.proto index 88f15f864c105..06de8bbbead04 100644 --- a/api/envoy/config/cluster/v3/cluster.proto +++ b/api/envoy/config/cluster/v3/cluster.proto @@ -26,7 +26,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Cluster configuration] diff --git a/api/envoy/config/cluster/v3/filter.proto b/api/envoy/config/cluster/v3/filter.proto index 0d2f35f0cd44d..af3116ec26eb2 100644 --- a/api/envoy/config/cluster/v3/filter.proto +++ b/api/envoy/config/cluster/v3/filter.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "FilterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Upstream filters] // Upstream filters apply to the connections to the upstream cluster hosts. diff --git a/api/envoy/config/cluster/v3/outlier_detection.proto b/api/envoy/config/cluster/v3/outlier_detection.proto index f3eac3a1ba84e..c0b4d5732db55 100644 --- a/api/envoy/config/cluster/v3/outlier_detection.proto +++ b/api/envoy/config/cluster/v3/outlier_detection.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "OutlierDetectionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Outlier detection] diff --git a/api/envoy/config/cluster/v4alpha/BUILD b/api/envoy/config/cluster/v4alpha/BUILD new file mode 100644 index 0000000000000..3aff84b82faa4 --- /dev/null +++ b/api/envoy/config/cluster/v4alpha/BUILD @@ -0,0 +1,16 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/cluster/v3:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/endpoint/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/config/cluster/v4alpha/circuit_breaker.proto b/api/envoy/config/cluster/v4alpha/circuit_breaker.proto new file mode 100644 index 0000000000000..57a263a70d2e1 --- /dev/null +++ b/api/envoy/config/cluster/v4alpha/circuit_breaker.proto @@ -0,0 +1,105 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "CircuitBreakerProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Circuit breakers] + +// :ref:`Circuit breaking` settings can be +// specified individually for each defined priority. +message CircuitBreakers { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.CircuitBreakers"; + + // A Thresholds defines CircuitBreaker settings for a + // :ref:`RoutingPriority`. + // [#next-free-field: 9] + message Thresholds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.CircuitBreakers.Thresholds"; + + message RetryBudget { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.CircuitBreakers.Thresholds.RetryBudget"; + + // Specifies the limit on concurrent retries as a percentage of the sum of active requests and + // active pending requests. For example, if there are 100 active requests and the + // budget_percent is set to 25, there may be 25 active retries. + // + // This parameter is optional. Defaults to 20%. + type.v3.Percent budget_percent = 1; + + // Specifies the minimum retry concurrency allowed for the retry budget. The limit on the + // number of active retries may never go below this number. + // + // This parameter is optional. Defaults to 3. + google.protobuf.UInt32Value min_retry_concurrency = 2; + } + + // The :ref:`RoutingPriority` + // the specified CircuitBreaker settings apply to. + core.v4alpha.RoutingPriority priority = 1 [(validate.rules).enum = {defined_only: true}]; + + // The maximum number of connections that Envoy will make to the upstream + // cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_connections = 2; + + // The maximum number of pending requests that Envoy will allow to the + // upstream cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_pending_requests = 3; + + // The maximum number of parallel requests that Envoy will make to the + // upstream cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_requests = 4; + + // The maximum number of parallel retries that Envoy will allow to the + // upstream cluster. If not specified, the default is 3. + google.protobuf.UInt32Value max_retries = 5; + + // Specifies a limit on concurrent retries in relation to the number of active requests. This + // parameter is optional. + // + // .. note:: + // + // If this field is set, the retry budget will override any configured retry circuit + // breaker. + RetryBudget retry_budget = 8; + + // If track_remaining is true, then stats will be published that expose + // the number of resources remaining until the circuit breakers open. If + // not specified, the default is false. + // + // .. note:: + // + // If a retry budget is used in lieu of the max_retries circuit breaker, + // the remaining retry resources remaining will not be tracked. + bool track_remaining = 6; + + // The maximum number of connection pools per cluster that Envoy will concurrently support at + // once. If not specified, the default is unlimited. Set this for clusters which create a + // large number of connection pools. See + // :ref:`Circuit Breaking ` for + // more details. + google.protobuf.UInt32Value max_connection_pools = 7; + } + + // If multiple :ref:`Thresholds` + // are defined with the same :ref:`RoutingPriority`, + // the first one in the list is used. If no Thresholds is defined for a given + // :ref:`RoutingPriority`, the default values + // are used. + repeated Thresholds thresholds = 1; +} diff --git a/api/envoy/config/cluster/v4alpha/cluster.proto b/api/envoy/config/cluster/v4alpha/cluster.proto new file mode 100644 index 0000000000000..887ef9c3fe337 --- /dev/null +++ b/api/envoy/config/cluster/v4alpha/cluster.proto @@ -0,0 +1,873 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "envoy/config/cluster/v4alpha/circuit_breaker.proto"; +import "envoy/config/cluster/v4alpha/filter.proto"; +import "envoy/config/cluster/v4alpha/outlier_detection.proto"; +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/health_check.proto"; +import "envoy/config/core/v4alpha/protocol.proto"; +import "envoy/config/endpoint/v3/endpoint.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "ClusterProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Cluster configuration] + +// Configuration for a single upstream cluster. +// [#next-free-field: 48] +message Cluster { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.Cluster"; + + // Refer to :ref:`service discovery type ` + // for an explanation on each type. + enum DiscoveryType { + // Refer to the :ref:`static discovery type` + // for an explanation. + STATIC = 0; + + // Refer to the :ref:`strict DNS discovery + // type` + // for an explanation. + STRICT_DNS = 1; + + // Refer to the :ref:`logical DNS discovery + // type` + // for an explanation. + LOGICAL_DNS = 2; + + // Refer to the :ref:`service discovery type` + // for an explanation. + EDS = 3; + + // Refer to the :ref:`original destination discovery + // type` + // for an explanation. + ORIGINAL_DST = 4; + } + + // Refer to :ref:`load balancer type ` architecture + // overview section for information on each type. + enum LbPolicy { + reserved 4; + + reserved "ORIGINAL_DST_LB"; + + // Refer to the :ref:`round robin load balancing + // policy` + // for an explanation. + ROUND_ROBIN = 0; + + // Refer to the :ref:`least request load balancing + // policy` + // for an explanation. + LEAST_REQUEST = 1; + + // Refer to the :ref:`ring hash load balancing + // policy` + // for an explanation. + RING_HASH = 2; + + // Refer to the :ref:`random load balancing + // policy` + // for an explanation. + RANDOM = 3; + + // Refer to the :ref:`Maglev load balancing policy` + // for an explanation. + MAGLEV = 5; + + // This load balancer type must be specified if the configured cluster provides a cluster + // specific load balancer. Consult the configured cluster's documentation for whether to set + // this option or not. + CLUSTER_PROVIDED = 6; + + // [#not-implemented-hide:] Use the new :ref:`load_balancing_policy + // ` field to determine the LB policy. + // [#next-major-version: In the v3 API, we should consider deprecating the lb_policy field + // and instead using the new load_balancing_policy field as the one and only mechanism for + // configuring this.] + LOAD_BALANCING_POLICY_CONFIG = 7; + } + + // When V4_ONLY is selected, the DNS resolver will only perform a lookup for + // addresses in the IPv4 family. If V6_ONLY is selected, the DNS resolver will + // only perform a lookup for addresses in the IPv6 family. If AUTO is + // specified, the DNS resolver will first perform a lookup for addresses in + // the IPv6 family and fallback to a lookup for addresses in the IPv4 family. + // For cluster types other than + // :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS`, + // this setting is + // ignored. + enum DnsLookupFamily { + AUTO = 0; + V4_ONLY = 1; + V6_ONLY = 2; + } + + enum ClusterProtocolSelection { + // Cluster can only operate on one of the possible upstream protocols (HTTP1.1, HTTP2). + // If :ref:`http2_protocol_options ` are + // present, HTTP2 will be used, otherwise HTTP1.1 will be used. + USE_CONFIGURED_PROTOCOL = 0; + + // Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection. + USE_DOWNSTREAM_PROTOCOL = 1; + } + + // TransportSocketMatch specifies what transport socket config will be used + // when the match conditions are satisfied. + message TransportSocketMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.TransportSocketMatch"; + + // The name of the match, used in stats generation. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Optional endpoint metadata match criteria. + // The connection to the endpoint with metadata matching what is set in this field + // will use the transport socket configuration specified here. + // The endpoint's metadata entry in *envoy.transport_socket_match* is used to match + // against the values specified in this field. + google.protobuf.Struct match = 2; + + // The configuration of the transport socket. + core.v4alpha.TransportSocket transport_socket = 3; + } + + // Extended cluster type. + message CustomClusterType { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CustomClusterType"; + + // The type of the cluster to instantiate. The name must match a supported cluster type. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Cluster specific configuration which depends on the cluster being instantiated. + // See the supported cluster for further documentation. + google.protobuf.Any typed_config = 2; + } + + // Only valid when discovery type is EDS. + message EdsClusterConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.EdsClusterConfig"; + + // Configuration for the source of EDS updates for this Cluster. + core.v4alpha.ConfigSource eds_config = 1; + + // Optional alternative to cluster name to present to EDS. This does not + // have the same restrictions as cluster name, i.e. it may be arbitrary + // length. + string service_name = 2; + } + + // Optionally divide the endpoints in this cluster into subsets defined by + // endpoint metadata and selected by route and weighted cluster metadata. + // [#next-free-field: 8] + message LbSubsetConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.LbSubsetConfig"; + + // If NO_FALLBACK is selected, a result + // equivalent to no healthy hosts is reported. If ANY_ENDPOINT is selected, + // any cluster endpoint may be returned (subject to policy, health checks, + // etc). If DEFAULT_SUBSET is selected, load balancing is performed over the + // endpoints matching the values from the default_subset field. + enum LbSubsetFallbackPolicy { + NO_FALLBACK = 0; + ANY_ENDPOINT = 1; + DEFAULT_SUBSET = 2; + } + + // Specifications for subsets. + message LbSubsetSelector { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector"; + + // Allows to override top level fallback policy per selector. + enum LbSubsetSelectorFallbackPolicy { + // If NOT_DEFINED top level config fallback policy is used instead. + NOT_DEFINED = 0; + + // If NO_FALLBACK is selected, a result equivalent to no healthy hosts is reported. + NO_FALLBACK = 1; + + // If ANY_ENDPOINT is selected, any cluster endpoint may be returned + // (subject to policy, health checks, etc). + ANY_ENDPOINT = 2; + + // If DEFAULT_SUBSET is selected, load balancing is performed over the + // endpoints matching the values from the default_subset field. + DEFAULT_SUBSET = 3; + + // If KEYS_SUBSET is selected, subset selector matching is performed again with metadata + // keys reduced to + // :ref:`fallback_keys_subset`. + // It allows for a fallback to a different, less specific selector if some of the keys of + // the selector are considered optional. + KEYS_SUBSET = 4; + } + + // List of keys to match with the weighted cluster metadata. + repeated string keys = 1; + + // The behavior used when no endpoint subset matches the selected route's + // metadata. + LbSubsetSelectorFallbackPolicy fallback_policy = 2 + [(validate.rules).enum = {defined_only: true}]; + + // Subset of + // :ref:`keys` used by + // :ref:`KEYS_SUBSET` + // fallback policy. + // It has to be a non empty list if KEYS_SUBSET fallback policy is selected. + // For any other fallback policy the parameter is not used and should not be set. + // Only values also present in + // :ref:`keys` are allowed, but + // `fallback_keys_subset` cannot be equal to `keys`. + repeated string fallback_keys_subset = 3; + } + + // The behavior used when no endpoint subset matches the selected route's + // metadata. The value defaults to + // :ref:`NO_FALLBACK`. + LbSubsetFallbackPolicy fallback_policy = 1 [(validate.rules).enum = {defined_only: true}]; + + // Specifies the default subset of endpoints used during fallback if + // fallback_policy is + // :ref:`DEFAULT_SUBSET`. + // Each field in default_subset is + // compared to the matching LbEndpoint.Metadata under the *envoy.lb* + // namespace. It is valid for no hosts to match, in which case the behavior + // is the same as a fallback_policy of + // :ref:`NO_FALLBACK`. + google.protobuf.Struct default_subset = 2; + + // For each entry, LbEndpoint.Metadata's + // *envoy.lb* namespace is traversed and a subset is created for each unique + // combination of key and value. For example: + // + // .. code-block:: json + // + // { "subset_selectors": [ + // { "keys": [ "version" ] }, + // { "keys": [ "stage", "hardware_type" ] } + // ]} + // + // A subset is matched when the metadata from the selected route and + // weighted cluster contains the same keys and values as the subset's + // metadata. The same host may appear in multiple subsets. + repeated LbSubsetSelector subset_selectors = 3; + + // If true, routing to subsets will take into account the localities and locality weights of the + // endpoints when making the routing decision. + // + // There are some potential pitfalls associated with enabling this feature, as the resulting + // traffic split after applying both a subset match and locality weights might be undesirable. + // + // Consider for example a situation in which you have 50/50 split across two localities X/Y + // which have 100 hosts each without subsetting. If the subset LB results in X having only 1 + // host selected but Y having 100, then a lot more load is being dumped on the single host in X + // than originally anticipated in the load balancing assignment delivered via EDS. + bool locality_weight_aware = 4; + + // When used with locality_weight_aware, scales the weight of each locality by the ratio + // of hosts in the subset vs hosts in the original subset. This aims to even out the load + // going to an individual locality if said locality is disproportionately affected by the + // subset predicate. + bool scale_locality_weight = 5; + + // If true, when a fallback policy is configured and its corresponding subset fails to find + // a host this will cause any host to be selected instead. + // + // This is useful when using the default subset as the fallback policy, given the default + // subset might become empty. With this option enabled, if that happens the LB will attempt + // to select a host from the entire cluster. + bool panic_mode_any = 6; + + // If true, metadata specified for a metadata key will be matched against the corresponding + // endpoint metadata if the endpoint metadata matches the value exactly OR it is a list value + // and any of the elements in the list matches the criteria. + bool list_as_any = 7; + } + + // Specific configuration for the LeastRequest load balancing policy. + message LeastRequestLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.LeastRequestLbConfig"; + + // The number of random healthy hosts from which the host with the fewest active requests will + // be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set. + google.protobuf.UInt32Value choice_count = 1 [(validate.rules).uint32 = {gte: 2}]; + } + + // Specific configuration for the :ref:`RingHash` + // load balancing policy. + message RingHashLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.RingHashLbConfig"; + + // The hash function used to hash hosts onto the ketama ring. + enum HashFunction { + // Use `xxHash `_, this is the default hash function. + XX_HASH = 0; + + // Use `MurmurHash2 `_, this is compatible with + // std:hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled + // on Linux and not macOS. + MURMUR_HASH_2 = 1; + } + + reserved 2; + + // Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each + // provided host) the better the request distribution will reflect the desired weights. Defaults + // to 1024 entries, and limited to 8M entries. See also + // :ref:`maximum_ring_size`. + google.protobuf.UInt64Value minimum_ring_size = 1 [(validate.rules).uint64 = {lte: 8388608}]; + + // The hash function used to hash hosts onto the ketama ring. The value defaults to + // :ref:`XX_HASH`. + HashFunction hash_function = 3 [(validate.rules).enum = {defined_only: true}]; + + // Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered + // to further constrain resource use. See also + // :ref:`minimum_ring_size`. + google.protobuf.UInt64Value maximum_ring_size = 4 [(validate.rules).uint64 = {lte: 8388608}]; + } + + // Specific configuration for the + // :ref:`Original Destination ` + // load balancing policy. + message OriginalDstLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.OriginalDstLbConfig"; + + // When true, :ref:`x-envoy-original-dst-host + // ` can be used to override destination + // address. + // + // .. attention:: + // + // This header isn't sanitized by default, so enabling this feature allows HTTP clients to + // route traffic to arbitrary hosts and/or ports, which may have serious security + // consequences. + bool use_http_header = 1; + } + + // Common configuration for all load balancer implementations. + // [#next-free-field: 8] + message CommonLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig"; + + // Configuration for :ref:`zone aware routing + // `. + message ZoneAwareLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig.ZoneAwareLbConfig"; + + // Configures percentage of requests that will be considered for zone aware routing + // if zone aware routing is configured. If not specified, the default is 100%. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + type.v3.Percent routing_enabled = 1; + + // Configures minimum upstream cluster size required for zone aware routing + // If upstream cluster size is less than specified, zone aware routing is not performed + // even if zone aware routing is configured. If not specified, the default is 6. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + google.protobuf.UInt64Value min_cluster_size = 2; + + // If set to true, Envoy will not consider any hosts when the cluster is in :ref:`panic + // mode`. Instead, the cluster will fail all + // requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a + // failing service. + bool fail_traffic_on_panic = 3; + } + + // Configuration for :ref:`locality weighted load balancing + // ` + message LocalityWeightedLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig.LocalityWeightedLbConfig"; + } + + // Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) + message ConsistentHashingLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig.ConsistentHashingLbConfig"; + + // If set to `true`, the cluster will use hostname instead of the resolved + // address as the key to consistently hash to an upstream host. Only valid for StrictDNS clusters with hostnames which resolve to a single IP address. + bool use_hostname_for_hashing = 1; + } + + // Configures the :ref:`healthy panic threshold `. + // If not specified, the default is 50%. + // To disable panic mode, set to 0%. + // + // .. note:: + // The specified percent will be truncated to the nearest 1%. + type.v3.Percent healthy_panic_threshold = 1; + + oneof locality_config_specifier { + ZoneAwareLbConfig zone_aware_lb_config = 2; + + LocalityWeightedLbConfig locality_weighted_lb_config = 3; + } + + // If set, all health check/weight/metadata updates that happen within this duration will be + // merged and delivered in one shot when the duration expires. The start of the duration is when + // the first update happens. This is useful for big clusters, with potentially noisy deploys + // that might trigger excessive CPU usage due to a constant stream of healthcheck state changes + // or metadata updates. The first set of updates to be seen apply immediately (e.g.: a new + // cluster). Please always keep in mind that the use of sandbox technologies may change this + // behavior. + // + // If this is not set, we default to a merge window of 1000ms. To disable it, set the merge + // window to 0. + // + // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is + // because merging those updates isn't currently safe. See + // https://github.com/envoyproxy/envoy/pull/3941. + google.protobuf.Duration update_merge_window = 4; + + // If set to true, Envoy will not consider new hosts when computing load balancing weights until + // they have been health checked for the first time. This will have no effect unless + // active health checking is also configured. + // + // Ignoring a host means that for any load balancing calculations that adjust weights based + // on the ratio of eligible hosts and total hosts (priority spillover, locality weighting and + // panic mode) Envoy will exclude these hosts in the denominator. + // + // For example, with hosts in two priorities P0 and P1, where P0 looks like + // {healthy, unhealthy (new), unhealthy (new)} + // and where P1 looks like + // {healthy, healthy} + // all traffic will still hit P0, as 1 / (3 - 2) = 1. + // + // Enabling this will allow scaling up the number of hosts for a given cluster without entering + // panic mode or triggering priority spillover, assuming the hosts pass the first health check. + // + // If panic mode is triggered, new hosts are still eligible for traffic; they simply do not + // contribute to the calculation when deciding whether panic mode is enabled or not. + bool ignore_new_hosts_until_first_hc = 5; + + // If set to `true`, the cluster manager will drain all existing + // connections to upstream hosts whenever hosts are added or removed from the cluster. + bool close_connections_on_host_set_change = 6; + + //Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) + ConsistentHashingLbConfig consistent_hashing_lb_config = 7; + } + + message RefreshRate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.RefreshRate"; + + // Specifies the base interval between refreshes. This parameter is required and must be greater + // than zero and less than + // :ref:`max_interval `. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gt {nanos: 1000000} + }]; + + // Specifies the maximum interval between refreshes. This parameter is optional, but must be + // greater than or equal to the + // :ref:`base_interval ` if set. The default + // is 10 times the :ref:`base_interval `. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}]; + } + + reserved 12, 15, 7, 11, 35; + + reserved "hosts", "tls_context", "extension_protocol_options"; + + // Configuration to use different transport sockets for different endpoints. + // The entry of *envoy.transport_socket* in the + // :ref:`LbEndpoint.Metadata ` + // is used to match against the transport sockets as they appear in the list. The first + // :ref:`match ` is used. + // For example, with the following match + // + // .. code-block:: yaml + // + // transport_socket_matches: + // - name: "enableMTLS" + // match: + // acceptMTLS: true + // transport_socket: + // name: envoy.transport_sockets.tls + // config: { ... } # tls socket configuration + // - name: "defaultToPlaintext" + // match: {} + // transport_socket: + // name: envoy.transport_sockets.raw_buffer + // + // Connections to the endpoints whose metadata value under *envoy.transport_socket* + // having "acceptMTLS"/"true" key/value pair use the "enableMTLS" socket configuration. + // + // If a :ref:`socket match ` with empty match + // criteria is provided, that always match any endpoint. For example, the "defaultToPlaintext" + // socket match in case above. + // + // If an endpoint metadata's value under *envoy.transport_socket* does not match any + // *TransportSocketMatch*, socket configuration fallbacks to use the *tls_context* or + // *transport_socket* specified in this cluster. + // + // This field allows gradual and flexible transport socket configuration changes. + // + // The metadata of endpoints in EDS can indicate transport socket capabilities. For example, + // an endpoint's metadata can have two key value pairs as "acceptMTLS": "true", + // "acceptPlaintext": "true". While some other endpoints, only accepting plaintext traffic + // has "acceptPlaintext": "true" metadata information. + // + // Then the xDS server can configure the CDS to a client, Envoy A, to send mutual TLS + // traffic for endpoints with "acceptMTLS": "true", by adding a corresponding + // *TransportSocketMatch* in this field. Other client Envoys receive CDS without + // *transport_socket_match* set, and still send plain text traffic to the same cluster. + // + // [#comment:TODO(incfly): add a detailed architecture doc on intended usage.] + repeated TransportSocketMatch transport_socket_matches = 43; + + // Supplies the name of the cluster which must be unique across all clusters. + // The cluster name is used when emitting + // :ref:`statistics ` if :ref:`alt_stat_name + // ` is not provided. + // Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // An optional alternative to the cluster name to be used while emitting stats. + // Any ``:`` in the name will be converted to ``_`` when emitting statistics. This should not be + // confused with :ref:`Router Filter Header + // `. + string alt_stat_name = 28; + + oneof cluster_discovery_type { + // The :ref:`service discovery type ` + // to use for resolving the cluster. + DiscoveryType type = 2 [(validate.rules).enum = {defined_only: true}]; + + // The custom cluster type. + CustomClusterType cluster_type = 38; + } + + // Configuration to use for EDS updates for the Cluster. + EdsClusterConfig eds_cluster_config = 3; + + // The timeout for new network connections to hosts in the cluster. + google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}]; + + // Soft limit on size of the cluster’s connections read and write buffers. If + // unspecified, an implementation defined default is applied (1MiB). + google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5; + + // The :ref:`load balancer type ` to use + // when picking a host in the cluster. + LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}]; + + // Setting this is required for specifying members of + // :ref:`STATIC`, + // :ref:`STRICT_DNS` + // or :ref:`LOGICAL_DNS` clusters. + // This field supersedes the *hosts* field in the v2 API. + // + // .. attention:: + // + // Setting this allows non-EDS cluster types to contain embedded EDS equivalent + // :ref:`endpoint assignments`. + // + endpoint.v3.ClusterLoadAssignment load_assignment = 33; + + // Optional :ref:`active health checking ` + // configuration for the cluster. If no + // configuration is specified no health checking will be done and all cluster + // members will be considered healthy at all times. + repeated core.v4alpha.HealthCheck health_checks = 8; + + // Optional maximum requests for a single upstream connection. This parameter + // is respected by both the HTTP/1.1 and HTTP/2 connection pool + // implementations. If not specified, there is no limit. Setting this + // parameter to 1 will effectively disable keep alive. + google.protobuf.UInt32Value max_requests_per_connection = 9; + + // Optional :ref:`circuit breaking ` for the cluster. + CircuitBreakers circuit_breakers = 10; + + // HTTP protocol options that are applied only to upstream HTTP connections. + // These options apply to all HTTP versions. + core.v4alpha.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46; + + // Additional options when handling HTTP requests upstream. These options will be applicable to + // both HTTP1 and HTTP2 requests. + core.v4alpha.HttpProtocolOptions common_http_protocol_options = 29; + + // Additional options when handling HTTP1 requests. + core.v4alpha.Http1ProtocolOptions http_protocol_options = 13; + + // Even if default HTTP2 protocol options are desired, this field must be + // set so that Envoy will assume that the upstream supports HTTP/2 when + // making new HTTP connection pool connections. Currently, Envoy only + // supports prior knowledge for upstream connections. Even if TLS is used + // with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2 + // connections to happen over plain text. + core.v4alpha.Http2ProtocolOptions http2_protocol_options = 14; + + // The extension_protocol_options field is used to provide extension-specific protocol options + // for upstream connections. The key should match the extension filter name, such as + // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on + // specific options. + map typed_extension_protocol_options = 36; + + // If the DNS refresh rate is specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this value is used as the cluster’s DNS refresh + // rate. The value configured must be at least 1ms. If this setting is not specified, the + // value defaults to 5000ms. For cluster types other than + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` + // this setting is ignored. + google.protobuf.Duration dns_refresh_rate = 16 + [(validate.rules).duration = {gt {nanos: 1000000}}]; + + // If the DNS failure refresh rate is specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this is used as the cluster’s DNS refresh rate when requests are failing. If this setting is + // not specified, the failure refresh rate defaults to the DNS refresh rate. For cluster types + // other than :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS` this setting is + // ignored. + RefreshRate dns_failure_refresh_rate = 44; + + // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true, + // cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS + // resolution. + bool respect_dns_ttl = 39; + + // The DNS IP address resolution policy. If this setting is not specified, the + // value defaults to + // :ref:`AUTO`. + DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}]; + + // If DNS resolvers are specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this value is used to specify the cluster’s dns resolvers. + // If this setting is not specified, the value defaults to the default + // resolver, which uses /etc/resolv.conf for configuration. For cluster types + // other than + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` + // this setting is ignored. + repeated core.v4alpha.Address dns_resolvers = 18; + + // [#next-major-version: Reconcile DNS options in a single message.] + // Always use TCP queries instead of UDP queries for DNS lookups. + bool use_tcp_for_dns_lookups = 45; + + // If specified, outlier detection will be enabled for this upstream cluster. + // Each of the configuration values can be overridden via + // :ref:`runtime values `. + OutlierDetection outlier_detection = 19; + + // The interval for removing stale hosts from a cluster type + // :ref:`ORIGINAL_DST`. + // Hosts are considered stale if they have not been used + // as upstream destinations during this interval. New hosts are added + // to original destination clusters on demand as new connections are + // redirected to Envoy, causing the number of hosts in the cluster to + // grow over time. Hosts that are not stale (they are actively used as + // destinations) are kept in the cluster, which allows connections to + // them remain open, saving the latency that would otherwise be spent + // on opening new connections. If this setting is not specified, the + // value defaults to 5000ms. For cluster types other than + // :ref:`ORIGINAL_DST` + // this setting is ignored. + google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}]; + + // Optional configuration used to bind newly established upstream connections. + // This overrides any bind_config specified in the bootstrap proto. + // If the address and port are empty, no bind will be performed. + core.v4alpha.BindConfig upstream_bind_config = 21; + + // Configuration for load balancing subsetting. + LbSubsetConfig lb_subset_config = 22; + + // Optional configuration for the load balancing algorithm selected by + // LbPolicy. Currently only + // :ref:`RING_HASH` and + // :ref:`LEAST_REQUEST` + // has additional configuration options. + // Specifying ring_hash_lb_config or least_request_lb_config without setting the corresponding + // LbPolicy will generate an error at runtime. + oneof lb_config { + // Optional configuration for the Ring Hash load balancing policy. + RingHashLbConfig ring_hash_lb_config = 23; + + // Optional configuration for the Original Destination load balancing policy. + OriginalDstLbConfig original_dst_lb_config = 34; + + // Optional configuration for the LeastRequest load balancing policy. + LeastRequestLbConfig least_request_lb_config = 37; + } + + // Common configuration for all load balancer implementations. + CommonLbConfig common_lb_config = 27; + + // Optional custom transport socket implementation to use for upstream connections. + // To setup TLS, set a transport socket with name `tls` and + // :ref:`UpstreamTlsContexts ` in the `typed_config`. + // If no transport socket configuration is specified, new connections + // will be set up with plaintext. + core.v4alpha.TransportSocket transport_socket = 24; + + // The Metadata field can be used to provide additional information about the + // cluster. It can be used for stats, logging, and varying filter behavior. + // Fields should use reverse DNS notation to denote which entity within Envoy + // will need the information. For instance, if the metadata is intended for + // the Router filter, the filter name should be specified as *envoy.filters.http.router*. + core.v4alpha.Metadata metadata = 25; + + // Determines how Envoy selects the protocol used to speak to upstream hosts. + ClusterProtocolSelection protocol_selection = 26; + + // Optional options for upstream connections. + UpstreamConnectionOptions upstream_connection_options = 30; + + // If an upstream host becomes unhealthy (as determined by the configured health checks + // or outlier detection), immediately close all connections to the failed host. + // + // .. note:: + // + // This is currently only supported for connections created by tcp_proxy. + // + // .. note:: + // + // The current implementation of this feature closes all connections immediately when + // the unhealthy status is detected. If there are a large number of connections open + // to an upstream host that becomes unhealthy, Envoy may spend a substantial amount of + // time exclusively closing these connections, and not processing any other traffic. + bool close_connections_on_host_health_failure = 31; + + // If set to true, Envoy will ignore the health value of a host when processing its removal + // from service discovery. This means that if active health checking is used, Envoy will *not* + // wait for the endpoint to go unhealthy before removing it. + bool ignore_health_on_host_removal = 32; + + // An (optional) network filter chain, listed in the order the filters should be applied. + // The chain will be applied to all outgoing connections that Envoy makes to the upstream + // servers of this cluster. + repeated Filter filters = 40; + + // [#not-implemented-hide:] New mechanism for LB policy configuration. Used only if the + // :ref:`lb_policy` field has the value + // :ref:`LOAD_BALANCING_POLICY_CONFIG`. + LoadBalancingPolicy load_balancing_policy = 41; + + // [#not-implemented-hide:] + // If present, tells the client where to send load reports via LRS. If not present, the + // client will fall back to a client-side default, which may be either (a) don't send any + // load reports or (b) send load reports for all clusters to a single default server + // (which may be configured in the bootstrap file). + // + // Note that if multiple clusters point to the same LRS server, the client may choose to + // create a separate stream for each cluster or it may choose to coalesce the data for + // multiple clusters onto a single stream. Either way, the client must make sure to send + // the data for any given cluster on no more than one stream. + // + // [#next-major-version: In the v3 API, we should consider restructuring this somehow, + // maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation + // from the LRS stream here.] + core.v4alpha.ConfigSource lrs_server = 42; + + // If track_timeout_budgets is true, the :ref:`timeout budget histograms + // ` will be published for each + // request. These show what percentage of a request's per try and global timeout was used. A value + // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value + // of 100 would indicate that the request took the entirety of the timeout given to it. + bool track_timeout_budgets = 47; +} + +// [#not-implemented-hide:] Extensible load balancing policy configuration. +// +// Every LB policy defined via this mechanism will be identified via a unique name using reverse +// DNS notation. If the policy needs configuration parameters, it must define a message for its +// own configuration, which will be stored in the config field. The name of the policy will tell +// clients which type of message they should expect to see in the config field. +// +// Note that there are cases where it is useful to be able to independently select LB policies +// for choosing a locality and for choosing an endpoint within that locality. For example, a +// given deployment may always use the same policy to choose the locality, but for choosing the +// endpoint within the locality, some clusters may use weighted-round-robin, while others may +// use some sort of session-based balancing. +// +// This can be accomplished via hierarchical LB policies, where the parent LB policy creates a +// child LB policy for each locality. For each request, the parent chooses the locality and then +// delegates to the child policy for that locality to choose the endpoint within the locality. +// +// To facilitate this, the config message for the top-level LB policy may include a field of +// type LoadBalancingPolicy that specifies the child policy. +message LoadBalancingPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.LoadBalancingPolicy"; + + message Policy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.LoadBalancingPolicy.Policy"; + + reserved 2; + + reserved "config"; + + // Required. The name of the LB policy. + string name = 1; + + google.protobuf.Any typed_config = 3; + } + + // Each client will iterate over the list in order and stop at the first policy that it + // supports. This provides a mechanism for starting to use new LB policies that are not yet + // supported by all clients. + repeated Policy policies = 1; +} + +// An extensible structure containing the address Envoy should bind to when +// establishing upstream connections. +message UpstreamBindConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.UpstreamBindConfig"; + + // The address Envoy should bind to when establishing upstream connections. + core.v4alpha.Address source_address = 1; +} + +message UpstreamConnectionOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.UpstreamConnectionOptions"; + + // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. + core.v4alpha.TcpKeepalive tcp_keepalive = 1; +} diff --git a/api/envoy/config/cluster/v4alpha/filter.proto b/api/envoy/config/cluster/v4alpha/filter.proto new file mode 100644 index 0000000000000..eb825fdeb6d58 --- /dev/null +++ b/api/envoy/config/cluster/v4alpha/filter.proto @@ -0,0 +1,29 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "google/protobuf/any.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "FilterProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Upstream filters] +// Upstream filters apply to the connections to the upstream cluster hosts. + +message Filter { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.Filter"; + + // The name of the filter to instantiate. The name must match a + // :ref:`supported filter `. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. + google.protobuf.Any typed_config = 2; +} diff --git a/api/envoy/config/cluster/v4alpha/outlier_detection.proto b/api/envoy/config/cluster/v4alpha/outlier_detection.proto new file mode 100644 index 0000000000000..29a1e01270d96 --- /dev/null +++ b/api/envoy/config/cluster/v4alpha/outlier_detection.proto @@ -0,0 +1,151 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "OutlierDetectionProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Outlier detection] + +// See the :ref:`architecture overview ` for +// more information on outlier detection. +// [#next-free-field: 21] +message OutlierDetection { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.OutlierDetection"; + + // The number of consecutive 5xx responses or local origin errors that are mapped + // to 5xx error codes before a consecutive 5xx ejection + // occurs. Defaults to 5. + google.protobuf.UInt32Value consecutive_5xx = 1; + + // The time interval between ejection analysis sweeps. This can result in + // both new ejections as well as hosts being returned to service. Defaults + // to 10000ms or 10s. + google.protobuf.Duration interval = 2 [(validate.rules).duration = {gt {}}]; + + // The base time that a host is ejected for. The real time is equal to the + // base time multiplied by the number of times the host has been ejected. + // Defaults to 30000ms or 30s. + google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration = {gt {}}]; + + // The maximum % of an upstream cluster that can be ejected due to outlier + // detection. Defaults to 10% but will eject at least one host regardless of the value. + google.protobuf.UInt32Value max_ejection_percent = 4 [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive 5xx. This setting can be used to disable + // ejection or to ramp it up slowly. Defaults to 100. + google.protobuf.UInt32Value enforcing_consecutive_5xx = 5 [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through success rate statistics. This setting can be used to + // disable ejection or to ramp it up slowly. Defaults to 100. + google.protobuf.UInt32Value enforcing_success_rate = 6 [(validate.rules).uint32 = {lte: 100}]; + + // The number of hosts in a cluster that must have enough request volume to + // detect success rate outliers. If the number of hosts is less than this + // setting, outlier detection via success rate statistics is not performed + // for any host in the cluster. Defaults to 5. + google.protobuf.UInt32Value success_rate_minimum_hosts = 7; + + // The minimum number of total requests that must be collected in one + // interval (as defined by the interval duration above) to include this host + // in success rate based outlier detection. If the volume is lower than this + // setting, outlier detection via success rate statistics is not performed + // for that host. Defaults to 100. + google.protobuf.UInt32Value success_rate_request_volume = 8; + + // This factor is used to determine the ejection threshold for success rate + // outlier ejection. The ejection threshold is the difference between the + // mean success rate, and the product of this factor and the standard + // deviation of the mean success rate: mean - (stdev * + // success_rate_stdev_factor). This factor is divided by a thousand to get a + // double. That is, if the desired factor is 1.9, the runtime value should + // be 1900. Defaults to 1900. + google.protobuf.UInt32Value success_rate_stdev_factor = 9; + + // The number of consecutive gateway failures (502, 503, 504 status codes) + // before a consecutive gateway failure ejection occurs. Defaults to 5. + google.protobuf.UInt32Value consecutive_gateway_failure = 10; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive gateway failures. This setting can be + // used to disable ejection or to ramp it up slowly. Defaults to 0. + google.protobuf.UInt32Value enforcing_consecutive_gateway_failure = 11 + [(validate.rules).uint32 = {lte: 100}]; + + // Determines whether to distinguish local origin failures from external errors. If set to true + // the following configuration parameters are taken into account: + // :ref:`consecutive_local_origin_failure`, + // :ref:`enforcing_consecutive_local_origin_failure` + // and + // :ref:`enforcing_local_origin_success_rate`. + // Defaults to false. + bool split_external_local_origin_errors = 12; + + // The number of consecutive locally originated failures before ejection + // occurs. Defaults to 5. Parameter takes effect only when + // :ref:`split_external_local_origin_errors` + // is set to true. + google.protobuf.UInt32Value consecutive_local_origin_failure = 13; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive locally originated failures. This setting can be + // used to disable ejection or to ramp it up slowly. Defaults to 100. + // Parameter takes effect only when + // :ref:`split_external_local_origin_errors` + // is set to true. + google.protobuf.UInt32Value enforcing_consecutive_local_origin_failure = 14 + [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through success rate statistics for locally originated errors. + // This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. + // Parameter takes effect only when + // :ref:`split_external_local_origin_errors` + // is set to true. + google.protobuf.UInt32Value enforcing_local_origin_success_rate = 15 + [(validate.rules).uint32 = {lte: 100}]; + + // The failure percentage to use when determining failure percentage-based outlier detection. If + // the failure percentage of a given host is greater than or equal to this value, it will be + // ejected. Defaults to 85. + google.protobuf.UInt32Value failure_percentage_threshold = 16 + [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status is detected through + // failure percentage statistics. This setting can be used to disable ejection or to ramp it up + // slowly. Defaults to 0. + // + // [#next-major-version: setting this without setting failure_percentage_threshold should be + // invalid in v4.] + google.protobuf.UInt32Value enforcing_failure_percentage = 17 + [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status is detected through + // local-origin failure percentage statistics. This setting can be used to disable ejection or to + // ramp it up slowly. Defaults to 0. + google.protobuf.UInt32Value enforcing_failure_percentage_local_origin = 18 + [(validate.rules).uint32 = {lte: 100}]; + + // The minimum number of hosts in a cluster in order to perform failure percentage-based ejection. + // If the total number of hosts in the cluster is less than this value, failure percentage-based + // ejection will not be performed. Defaults to 5. + google.protobuf.UInt32Value failure_percentage_minimum_hosts = 19; + + // The minimum number of total requests that must be collected in one interval (as defined by the + // interval duration above) to perform failure percentage-based ejection for this host. If the + // volume is lower than this setting, failure percentage-based ejection will not be performed for + // this host. Defaults to 50. + google.protobuf.UInt32Value failure_percentage_request_volume = 20; +} diff --git a/api/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto b/api/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto index 07871d875599e..3941c20aeb805 100644 --- a/api/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto +++ b/api/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto @@ -16,7 +16,7 @@ option java_outer_classname = "DnsCacheProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.common.dynamic_forward_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamic forward proxy common configuration] diff --git a/api/envoy/config/common/tap/v2alpha/common.proto b/api/envoy/config/common/tap/v2alpha/common.proto index 870bd762b11b1..262557b356235 100644 --- a/api/envoy/config/common/tap/v2alpha/common.proto +++ b/api/envoy/config/common/tap/v2alpha/common.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.config.common.tap.v2alpha"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.common.tap.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common tap extension configuration] diff --git a/api/envoy/config/core/v3/address.proto b/api/envoy/config/core/v3/address.proto index d9bae6e31eeef..5102c2d575911 100644 --- a/api/envoy/config/core/v3/address.proto +++ b/api/envoy/config/core/v3/address.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "AddressProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Network addresses] diff --git a/api/envoy/config/core/v3/backoff.proto b/api/envoy/config/core/v3/backoff.proto index 696d7e2526b00..55b504e716577 100644 --- a/api/envoy/config/core/v3/backoff.proto +++ b/api/envoy/config/core/v3/backoff.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "BackoffProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Backoff Strategy] diff --git a/api/envoy/config/core/v3/base.proto b/api/envoy/config/core/v3/base.proto index b744fcf65729b..29e660e61e2c9 100644 --- a/api/envoy/config/core/v3/base.proto +++ b/api/envoy/config/core/v3/base.proto @@ -20,7 +20,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "BaseProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common types] diff --git a/api/envoy/config/core/v3/config_source.proto b/api/envoy/config/core/v3/config_source.proto index e45812c2535d3..b56e06e6de4fd 100644 --- a/api/envoy/config/core/v3/config_source.proto +++ b/api/envoy/config/core/v3/config_source.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "ConfigSourceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Configuration sources] diff --git a/api/envoy/config/core/v3/event_service_config.proto b/api/envoy/config/core/v3/event_service_config.proto index 6be0b061e37bb..b3552e3975a36 100644 --- a/api/envoy/config/core/v3/event_service_config.proto +++ b/api/envoy/config/core/v3/event_service_config.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "EventServiceConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#not-implemented-hide:] // Configuration of the event reporting service endpoint. diff --git a/api/envoy/config/core/v3/grpc_method_list.proto b/api/envoy/config/core/v3/grpc_method_list.proto index 2bc24e36cad50..800d7b5332a0d 100644 --- a/api/envoy/config/core/v3/grpc_method_list.proto +++ b/api/envoy/config/core/v3/grpc_method_list.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "GrpcMethodListProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC method list] diff --git a/api/envoy/config/core/v3/grpc_service.proto b/api/envoy/config/core/v3/grpc_service.proto index 94ffa058c915c..8719652a6bbe8 100644 --- a/api/envoy/config/core/v3/grpc_service.proto +++ b/api/envoy/config/core/v3/grpc_service.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "GrpcServiceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC services] diff --git a/api/envoy/config/core/v3/health_check.proto b/api/envoy/config/core/v3/health_check.proto index 031aa2c2ecedb..52dda6f9b3c20 100644 --- a/api/envoy/config/core/v3/health_check.proto +++ b/api/envoy/config/core/v3/health_check.proto @@ -21,7 +21,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health check] // * Health checking :ref:`architecture overview `. diff --git a/api/envoy/config/core/v3/http_uri.proto b/api/envoy/config/core/v3/http_uri.proto index 00fae8e7430b4..42bcd4f615724 100644 --- a/api/envoy/config/core/v3/http_uri.proto +++ b/api/envoy/config/core/v3/http_uri.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "HttpUriProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP Service URI ] diff --git a/api/envoy/config/core/v3/protocol.proto b/api/envoy/config/core/v3/protocol.proto index a75fbb80c0126..467dbf41e223e 100644 --- a/api/envoy/config/core/v3/protocol.proto +++ b/api/envoy/config/core/v3/protocol.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "ProtocolProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Protocol options] diff --git a/api/envoy/config/core/v3/socket_option.proto b/api/envoy/config/core/v3/socket_option.proto index 464d1b25f4ddf..b22169b86aeb8 100644 --- a/api/envoy/config/core/v3/socket_option.proto +++ b/api/envoy/config/core/v3/socket_option.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "SocketOptionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Socket Option ] diff --git a/api/envoy/config/core/v4alpha/BUILD b/api/envoy/config/core/v4alpha/BUILD new file mode 100644 index 0000000000000..aeac38ac2833c --- /dev/null +++ b/api/envoy/config/core/v4alpha/BUILD @@ -0,0 +1,15 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/core/v3:pkg", + "//envoy/type/matcher/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/config/core/v4alpha/address.proto b/api/envoy/config/core/v4alpha/address.proto new file mode 100644 index 0000000000000..a2e6070103aef --- /dev/null +++ b/api/envoy/config/core/v4alpha/address.proto @@ -0,0 +1,145 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/socket_option.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "AddressProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Network addresses] + +message Pipe { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Pipe"; + + // Unix Domain Socket path. On Linux, paths starting with '@' will use the + // abstract namespace. The starting '@' is replaced by a null byte by Envoy. + // Paths starting with '@' will result in an error in environments other than + // Linux. + string path = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The mode for the Pipe. Not applicable for abstract sockets. + uint32 mode = 2 [(validate.rules).uint32 = {lte: 511}]; +} + +// [#next-free-field: 7] +message SocketAddress { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.SocketAddress"; + + enum Protocol { + TCP = 0; + UDP = 1; + } + + Protocol protocol = 1 [(validate.rules).enum = {defined_only: true}]; + + // The address for this socket. :ref:`Listeners ` will bind + // to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` + // to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: + // It is possible to distinguish a Listener address via the prefix/suffix matching + // in :ref:`FilterChainMatch `.] When used + // within an upstream :ref:`BindConfig `, the address + // controls the source address of outbound connections. For :ref:`clusters + // `, the cluster type determines whether the + // address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS + // (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized + // via :ref:`resolver_name `. + string address = 2 [(validate.rules).string = {min_bytes: 1}]; + + oneof port_specifier { + option (validate.required) = true; + + uint32 port_value = 3 [(validate.rules).uint32 = {lte: 65535}]; + + // This is only valid if :ref:`resolver_name + // ` is specified below and the + // named resolver is capable of named port resolution. + string named_port = 4; + } + + // The name of the custom resolver. This must have been registered with Envoy. If + // this is empty, a context dependent default applies. If the address is a concrete + // IP address, no resolution will occur. If address is a hostname this + // should be set for resolution other than DNS. Specifying a custom resolver with + // *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime. + string resolver_name = 5; + + // When binding to an IPv6 address above, this enables `IPv4 compatibility + // `_. Binding to ``::`` will + // allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into + // IPv6 space as ``::FFFF:``. + bool ipv4_compat = 6; +} + +message TcpKeepalive { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.TcpKeepalive"; + + // Maximum number of keepalive probes to send without response before deciding + // the connection is dead. Default is to use the OS level configuration (unless + // overridden, Linux defaults to 9.) + google.protobuf.UInt32Value keepalive_probes = 1; + + // The number of seconds a connection needs to be idle before keep-alive probes + // start being sent. Default is to use the OS level configuration (unless + // overridden, Linux defaults to 7200s (i.e., 2 hours.) + google.protobuf.UInt32Value keepalive_time = 2; + + // The number of seconds between keep-alive probes. Default is to use the OS + // level configuration (unless overridden, Linux defaults to 75s.) + google.protobuf.UInt32Value keepalive_interval = 3; +} + +message BindConfig { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.BindConfig"; + + // The address to bind to when creating a socket. + SocketAddress source_address = 1 [(validate.rules).message = {required: true}]; + + // Whether to set the *IP_FREEBIND* option when creating the socket. When this + // flag is set to true, allows the :ref:`source_address + // ` to be an IP address + // that is not configured on the system running Envoy. When this flag is set + // to false, the option *IP_FREEBIND* is disabled on the socket. When this + // flag is not set (default), the socket is not modified, i.e. the option is + // neither enabled nor disabled. + google.protobuf.BoolValue freebind = 2; + + // Additional socket options that may not be present in Envoy source code or + // precompiled binaries. + repeated SocketOption socket_options = 3; +} + +// Addresses specify either a logical or physical address and port, which are +// used to tell Envoy where to bind/listen, connect to upstream and find +// management servers. +message Address { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Address"; + + oneof address { + option (validate.required) = true; + + SocketAddress socket_address = 1; + + Pipe pipe = 2; + } +} + +// CidrRange specifies an IP Address and a prefix length to construct +// the subnet mask for a `CIDR `_ range. +message CidrRange { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.CidrRange"; + + // IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``. + string address_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Length of prefix, e.g. 0, 32. + google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}]; +} diff --git a/api/envoy/config/core/v4alpha/backoff.proto b/api/envoy/config/core/v4alpha/backoff.proto new file mode 100644 index 0000000000000..07a2bdff175e9 --- /dev/null +++ b/api/envoy/config/core/v4alpha/backoff.proto @@ -0,0 +1,37 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "BackoffProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Backoff Strategy] + +// Configuration defining a jittered exponential back off strategy. +message BackoffStrategy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.BackoffStrategy"; + + // The base interval to be used for the next back off computation. It should + // be greater than zero and less than or equal to :ref:`max_interval + // `. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gte {nanos: 1000000} + }]; + + // Specifies the maximum interval between retries. This parameter is optional, + // but must be greater than or equal to the :ref:`base_interval + // ` if set. The default + // is 10 times the :ref:`base_interval + // `. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}]; +} diff --git a/api/envoy/config/core/v4alpha/base.proto b/api/envoy/config/core/v4alpha/base.proto new file mode 100644 index 0000000000000..3cc6968a9df33 --- /dev/null +++ b/api/envoy/config/core/v4alpha/base.proto @@ -0,0 +1,410 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/backoff.proto"; +import "envoy/config/core/v4alpha/http_uri.proto"; +import "envoy/type/v3/percent.proto"; +import "envoy/type/v3/semantic_version.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "BaseProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Common types] + +// Envoy supports :ref:`upstream priority routing +// ` both at the route and the virtual +// cluster level. The current priority implementation uses different connection +// pool and circuit breaking settings for each priority level. This means that +// even for HTTP/2 requests, two physical connections will be used to an +// upstream host. In the future Envoy will likely support true HTTP/2 priority +// over a single upstream connection. +enum RoutingPriority { + DEFAULT = 0; + HIGH = 1; +} + +// HTTP request method. +enum RequestMethod { + METHOD_UNSPECIFIED = 0; + GET = 1; + HEAD = 2; + POST = 3; + PUT = 4; + DELETE = 5; + CONNECT = 6; + OPTIONS = 7; + TRACE = 8; + PATCH = 9; +} + +// Identifies the direction of the traffic relative to the local Envoy. +enum TrafficDirection { + // Default option is unspecified. + UNSPECIFIED = 0; + + // The transport is used for incoming traffic. + INBOUND = 1; + + // The transport is used for outgoing traffic. + OUTBOUND = 2; +} + +// Identifies location of where either Envoy runs or where upstream hosts run. +message Locality { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Locality"; + + // Region this :ref:`zone ` belongs to. + string region = 1; + + // Defines the local service zone where Envoy is running. Though optional, it + // should be set if discovery service routing is used and the discovery + // service exposes :ref:`zone data `, + // either in this message or via :option:`--service-zone`. The meaning of zone + // is context dependent, e.g. `Availability Zone (AZ) + // `_ + // on AWS, `Zone `_ on + // GCP, etc. + string zone = 2; + + // When used for locality of upstream hosts, this field further splits zone + // into smaller chunks of sub-zones so they can be load balanced + // independently. + string sub_zone = 3; +} + +// BuildVersion combines SemVer version of extension with free-form build information +// (i.e. 'alpha', 'private-build') as a set of strings. +message BuildVersion { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.BuildVersion"; + + // SemVer version of extension. + type.v3.SemanticVersion version = 1; + + // Free-form build information. + // Envoy defines several well known keys in the source/common/common/version.h file + google.protobuf.Struct metadata = 2; +} + +// Version and identification for an Envoy extension. +// [#next-free-field: 6] +message Extension { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Extension"; + + // This is the name of the Envoy filter as specified in the Envoy + // configuration, e.g. envoy.filters.http.router, com.acme.widget. + string name = 1; + + // Category of the extension. + // Extension category names use reverse DNS notation. For instance "envoy.filters.listener" + // for Envoy's built-in listener filters or "com.acme.filters.http" for HTTP filters from + // acme.com vendor. + // [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.] + string category = 2; + + // [#not-implemented-hide:] Type descriptor of extension configuration proto. + // [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] + // [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.] + string type_descriptor = 3; + + // The version is a property of the extension and maintained independently + // of other extensions and the Envoy API. + // This field is not set when extension did not provide version information. + BuildVersion version = 4; + + // Indicates that the extension is present but was disabled via dynamic configuration. + bool disabled = 5; +} + +// Identifies a specific Envoy instance. The node identifier is presented to the +// management server, which may use this identifier to distinguish per Envoy +// configuration for serving. +// [#next-free-field: 12] +message Node { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Node"; + + reserved 5; + + reserved "build_version"; + + // An opaque node identifier for the Envoy node. This also provides the local + // service node name. It should be set if any of the following features are + // used: :ref:`statsd `, :ref:`CDS + // `, and :ref:`HTTP tracing + // `, either in this message or via + // :option:`--service-node`. + string id = 1; + + // Defines the local service cluster name where Envoy is running. Though + // optional, it should be set if any of the following features are used: + // :ref:`statsd `, :ref:`health check cluster + // verification + // `, + // :ref:`runtime override directory `, + // :ref:`user agent addition + // `, + // :ref:`HTTP global rate limiting `, + // :ref:`CDS `, and :ref:`HTTP tracing + // `, either in this message or via + // :option:`--service-cluster`. + string cluster = 2; + + // Opaque metadata extending the node identifier. Envoy will pass this + // directly to the management server. + google.protobuf.Struct metadata = 3; + + // Locality specifying where the Envoy instance is running. + Locality locality = 4; + + // Free-form string that identifies the entity requesting config. + // E.g. "envoy" or "grpc" + string user_agent_name = 6; + + oneof user_agent_version_type { + // Free-form string that identifies the version of the entity requesting config. + // E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild" + string user_agent_version = 7; + + // Structured version of the entity requesting config. + BuildVersion user_agent_build_version = 8; + } + + // List of extensions and their versions supported by the node. + repeated Extension extensions = 9; + + // Client feature support list. These are well known features described + // in the Envoy API repository for a given major version of an API. Client features + // use reverse DNS naming scheme, for example `com.acme.feature`. + // See :ref:`the list of features ` that xDS client may + // support. + repeated string client_features = 10; + + // Known listening ports on the node as a generic hint to the management server + // for filtering :ref:`listeners ` to be returned. For example, + // if there is a listener bound to port 80, the list can optionally contain the + // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint. + repeated Address listening_addresses = 11; +} + +// Metadata provides additional inputs to filters based on matched listeners, +// filter chains, routes and endpoints. It is structured as a map, usually from +// filter name (in reverse DNS format) to metadata specific to the filter. Metadata +// key-values for a filter are merged as connection and request handling occurs, +// with later values for the same key overriding earlier values. +// +// An example use of metadata is providing additional values to +// http_connection_manager in the envoy.http_connection_manager.access_log +// namespace. +// +// Another example use of metadata is to per service config info in cluster metadata, which may get +// consumed by multiple filters. +// +// For load balancing, Metadata provides a means to subset cluster endpoints. +// Endpoints have a Metadata object associated and routes contain a Metadata +// object to match against. There are some well defined metadata used today for +// this purpose: +// +// * ``{"envoy.lb": {"canary": }}`` This indicates the canary status of an +// endpoint and is also used during header processing +// (x-envoy-upstream-canary) and for stats purposes. +// [#next-major-version: move to type/metadata/v2] +message Metadata { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Metadata"; + + // Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.* + // namespace is reserved for Envoy's built-in filters. + map filter_metadata = 1; +} + +// Runtime derived uint32 with a default when not specified. +message RuntimeUInt32 { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.RuntimeUInt32"; + + // Default value if runtime value is not available. + uint32 default_value = 2; + + // Runtime key to get value for comparison. This value is used if defined. + string runtime_key = 3 [(validate.rules).string = {min_bytes: 1}]; +} + +// Runtime derived bool with a default when not specified. +message RuntimeFeatureFlag { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RuntimeFeatureFlag"; + + // Default value if runtime value is not available. + google.protobuf.BoolValue default_value = 1 [(validate.rules).message = {required: true}]; + + // Runtime key to get value for comparison. This value is used if defined. The boolean value must + // be represented via its + // `canonical JSON encoding `_. + string runtime_key = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// Header name/value pair. +message HeaderValue { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HeaderValue"; + + // Header name. + string key = 1 + [(validate.rules).string = + {min_bytes: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Header value. + // + // The same :ref:`format specifier ` as used for + // :ref:`HTTP access logging ` applies here, however + // unknown header values are replaced with the empty string instead of `-`. + string value = 2 [ + (validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false} + ]; +} + +// Header name/value pair plus option to control append behavior. +message HeaderValueOption { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HeaderValueOption"; + + // Header name/value pair that this option applies to. + HeaderValue header = 1 [(validate.rules).message = {required: true}]; + + // Should the value be appended? If true (default), the value is appended to + // existing values. + google.protobuf.BoolValue append = 2; +} + +// Wrapper for a set of headers. +message HeaderMap { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HeaderMap"; + + repeated HeaderValue headers = 1; +} + +// Data source consisting of either a file or an inline value. +message DataSource { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.DataSource"; + + oneof specifier { + option (validate.required) = true; + + // Local filesystem data source. + string filename = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Bytes inlined in the configuration. + bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}]; + + // String inlined in the configuration. + string inline_string = 3 [(validate.rules).string = {min_bytes: 1}]; + } +} + +// The message specifies the retry policy of remote data source when fetching fails. +message RetryPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.RetryPolicy"; + + // Specifies parameters that control :ref:`retry backoff strategy `. + // This parameter is optional, in which case the default base interval is 1000 milliseconds. The + // default maximum interval is 10 times the base interval. + BackoffStrategy retry_back_off = 1; + + // Specifies the allowed number of retries. This parameter is optional and + // defaults to 1. + google.protobuf.UInt32Value num_retries = 2; +} + +// The message specifies how to fetch data from remote and how to verify it. +message RemoteDataSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RemoteDataSource"; + + // The HTTP URI to fetch the remote data. + HttpUri http_uri = 1 [(validate.rules).message = {required: true}]; + + // SHA256 string for verifying data. + string sha256 = 2 [(validate.rules).string = {min_bytes: 1}]; + + // Retry policy for fetching remote data. + RetryPolicy retry_policy = 3; +} + +// Async data source which support async data fetch. +message AsyncDataSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.AsyncDataSource"; + + oneof specifier { + option (validate.required) = true; + + // Local async data source. + DataSource local = 1; + + // Remote async data source. + RemoteDataSource remote = 2; + } +} + +// Configuration for transport socket in :ref:`listeners ` and +// :ref:`clusters `. If the configuration is +// empty, a default transport socket implementation and configuration will be +// chosen based on the platform and existence of tls_context. +message TransportSocket { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.TransportSocket"; + + reserved 2; + + reserved "config"; + + // The name of the transport socket to instantiate. The name must match a supported transport + // socket implementation. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Implementation specific configuration which depends on the implementation being instantiated. + // See the supported transport socket implementations for further documentation. + oneof config_type { + google.protobuf.Any typed_config = 3; + } +} + +// Runtime derived FractionalPercent with defaults for when the numerator or denominator is not +// specified via a runtime key. +// +// .. note:: +// +// Parsing of the runtime key's data is implemented such that it may be represented as a +// :ref:`FractionalPercent ` proto represented as JSON/YAML +// and may also be represented as an integer with the assumption that the value is an integral +// percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse +// as a `FractionalPercent` whose numerator is 42 and denominator is HUNDRED. +message RuntimeFractionalPercent { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RuntimeFractionalPercent"; + + // Default value if the runtime value's for the numerator/denominator keys are not available. + type.v3.FractionalPercent default_value = 1 [(validate.rules).message = {required: true}]; + + // Runtime key for a YAML representation of a FractionalPercent. + string runtime_key = 2; +} + +// Identifies a specific ControlPlane instance that Envoy is connected to. +message ControlPlane { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.ControlPlane"; + + // An opaque control plane identifier that uniquely identifies an instance + // of control plane. This can be used to identify which control plane instance, + // the Envoy is connected to. + string identifier = 1; +} diff --git a/api/envoy/config/core/v4alpha/config_source.proto b/api/envoy/config/core/v4alpha/config_source.proto new file mode 100644 index 0000000000000..be600bd0096ed --- /dev/null +++ b/api/envoy/config/core/v4alpha/config_source.proto @@ -0,0 +1,197 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "ConfigSourceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Configuration sources] + +// xDS API version. This is used to describe both resource and transport +// protocol versions (in distinct configuration fields). +enum ApiVersion { + // When not specified, we assume v2, to ease migration to Envoy's stable API + // versioning. If a client does not support v2 (e.g. due to deprecation), this + // is an invalid value. + AUTO = 0; + + // Use xDS v2 API. + V2 = 1; + + // Use xDS v3 API. + V3 = 2; +} + +// API configuration source. This identifies the API type and cluster that Envoy +// will use to fetch an xDS API. +// [#next-free-field: 9] +message ApiConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.ApiConfigSource"; + + // APIs may be fetched via either REST or gRPC. + enum ApiType { + // Ideally this would be 'reserved 0' but one can't reserve the default + // value. Instead we throw an exception if this is ever used. + DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 + [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true]; + + // REST-JSON v2 API. The `canonical JSON encoding + // `_ for + // the v2 protos is used. + REST = 1; + + // gRPC v2 API. + GRPC = 2; + + // Using the delta xDS gRPC service, i.e. DeltaDiscovery{Request,Response} + // rather than Discovery{Request,Response}. Rather than sending Envoy the entire state + // with every update, the xDS server only sends what has changed since the last update. + // + // DELTA_GRPC is not yet entirely implemented! Initially, only CDS is available. + // Do not use for other xDSes. + // [#comment:TODO(fredlas) update/remove this warning when appropriate.] + DELTA_GRPC = 3; + } + + // API type (gRPC, REST, delta gRPC) + ApiType api_type = 1 [(validate.rules).enum = {defined_only: true}]; + + // API version for xDS transport protocol. This describes the xDS gRPC/REST + // endpoint and version of [Delta]DiscoveryRequest/Response used on the wire. + ApiVersion transport_api_version = 8 [(validate.rules).enum = {defined_only: true}]; + + // Cluster names should be used only with REST. If > 1 + // cluster is defined, clusters will be cycled through if any kind of failure + // occurs. + // + // .. note:: + // + // The cluster with name ``cluster_name`` must be statically defined and its + // type must not be ``EDS``. + repeated string cluster_names = 2; + + // Multiple gRPC services be provided for GRPC. If > 1 cluster is defined, + // services will be cycled through if any kind of failure occurs. + repeated GrpcService grpc_services = 4; + + // For REST APIs, the delay between successive polls. + google.protobuf.Duration refresh_delay = 3; + + // For REST APIs, the request timeout. If not set, a default value of 1s will be used. + google.protobuf.Duration request_timeout = 5 [(validate.rules).duration = {gt {}}]; + + // For GRPC APIs, the rate limit settings. If present, discovery requests made by Envoy will be + // rate limited. + RateLimitSettings rate_limit_settings = 6; + + // Skip the node identifier in subsequent discovery requests for streaming gRPC config types. + bool set_node_on_first_message_only = 7; +} + +// Aggregated Discovery Service (ADS) options. This is currently empty, but when +// set in :ref:`ConfigSource ` can be used to +// specify that ADS is to be used. +message AggregatedConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.AggregatedConfigSource"; +} + +// [#not-implemented-hide:] +// Self-referencing config source options. This is currently empty, but when +// set in :ref:`ConfigSource ` can be used to +// specify that other data can be obtained from the same server. +message SelfConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.SelfConfigSource"; +} + +// Rate Limit settings to be applied for discovery requests made by Envoy. +message RateLimitSettings { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RateLimitSettings"; + + // Maximum number of tokens to be used for rate limiting discovery request calls. If not set, a + // default value of 100 will be used. + google.protobuf.UInt32Value max_tokens = 1; + + // Rate at which tokens will be filled per second. If not set, a default fill rate of 10 tokens + // per second will be used. + google.protobuf.DoubleValue fill_rate = 2 [(validate.rules).double = {gt: 0.0}]; +} + +// Configuration for :ref:`listeners `, :ref:`clusters +// `, :ref:`routes +// `, :ref:`endpoints +// ` etc. may either be sourced from the +// filesystem or from an xDS API source. Filesystem configs are watched with +// inotify for updates. +// [#next-free-field: 7] +message ConfigSource { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.ConfigSource"; + + oneof config_source_specifier { + option (validate.required) = true; + + // Path on the filesystem to source and watch for configuration updates. + // When sourcing configuration for :ref:`secret `, + // the certificate and key files are also watched for updates. + // + // .. note:: + // + // The path to the source must exist at config load time. + // + // .. note:: + // + // Envoy will only watch the file path for *moves.* This is because in general only moves + // are atomic. The same method of swapping files as is demonstrated in the + // :ref:`runtime documentation ` can be used here also. + string path = 1; + + // API configuration source. + ApiConfigSource api_config_source = 2; + + // When set, ADS will be used to fetch resources. The ADS API configuration + // source in the bootstrap configuration is used. + AggregatedConfigSource ads = 3; + + // [#not-implemented-hide:] + // When set, the client will access the resources from the same server it got the + // ConfigSource from, although not necessarily from the same stream. This is similar to the + // :ref:`ads` field, except that the client may use a + // different stream to the same server. As a result, this field can be used for things + // like LRS that cannot be sent on an ADS stream. It can also be used to link from (e.g.) + // LDS to RDS on the same server without requiring the management server to know its name + // or required credentials. + // [#next-major-version: In xDS v3, consider replacing the ads field with this one, since + // this field can implicitly mean to use the same stream in the case where the ConfigSource + // is provided via ADS and the specified data can also be obtained via ADS.] + SelfConfigSource self = 5; + } + + // When this timeout is specified, Envoy will wait no longer than the specified time for first + // config response on this xDS subscription during the :ref:`initialization process + // `. After reaching the timeout, Envoy will move to the next + // initialization phase, even if the first config is not delivered yet. The timer is activated + // when the xDS API subscription starts, and is disarmed on first config update or on error. 0 + // means no timeout - Envoy will wait indefinitely for the first xDS config (unless another + // timeout applies). The default is 15s. + google.protobuf.Duration initial_fetch_timeout = 4; + + // API version for xDS resources. This implies the type URLs that the client + // will request for resources and the resource type that the client will in + // turn expect to be delivered. + ApiVersion resource_api_version = 6 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/api/envoy/config/core/v4alpha/event_service_config.proto b/api/envoy/config/core/v4alpha/event_service_config.proto new file mode 100644 index 0000000000000..a0b4e5590d1d5 --- /dev/null +++ b/api/envoy/config/core/v4alpha/event_service_config.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "EventServiceConfigProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#not-implemented-hide:] +// Configuration of the event reporting service endpoint. +message EventServiceConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.EventServiceConfig"; + + oneof config_source_specifier { + option (validate.required) = true; + + // Specifies the gRPC service that hosts the event reporting service. + GrpcService grpc_service = 1; + } +} diff --git a/api/envoy/config/core/v4alpha/grpc_method_list.proto b/api/envoy/config/core/v4alpha/grpc_method_list.proto new file mode 100644 index 0000000000000..a4a7be077b279 --- /dev/null +++ b/api/envoy/config/core/v4alpha/grpc_method_list.proto @@ -0,0 +1,33 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "GrpcMethodListProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC method list] + +// A list of gRPC methods which can be used as an allowlist, for example. +message GrpcMethodList { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcMethodList"; + + message Service { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcMethodList.Service"; + + // The name of the gRPC service. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The names of the gRPC methods in this service. + repeated string method_names = 2 [(validate.rules).repeated = {min_items: 1}]; + } + + repeated Service services = 1; +} diff --git a/api/envoy/config/core/v4alpha/grpc_service.proto b/api/envoy/config/core/v4alpha/grpc_service.proto new file mode 100644 index 0000000000000..64bbc6b5f0778 --- /dev/null +++ b/api/envoy/config/core/v4alpha/grpc_service.proto @@ -0,0 +1,261 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/struct.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "GrpcServiceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC services] + +// gRPC service configuration. This is used by :ref:`ApiConfigSource +// ` and filter configurations. +// [#next-free-field: 6] +message GrpcService { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.GrpcService"; + + message EnvoyGrpc { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.EnvoyGrpc"; + + // The name of the upstream gRPC cluster. SSL credentials will be supplied + // in the :ref:`Cluster ` :ref:`transport_socket + // `. + string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + // [#next-free-field: 7] + message GoogleGrpc { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc"; + + // See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html. + message SslCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.SslCredentials"; + + // PEM encoded server root certificates. + DataSource root_certs = 1; + + // PEM encoded client private key. + DataSource private_key = 2 [(udpa.annotations.sensitive) = true]; + + // PEM encoded client certificate chain. + DataSource cert_chain = 3; + } + + // Local channel credentials. Only UDS is supported for now. + // See https://github.com/grpc/grpc/pull/15909. + message GoogleLocalCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials"; + } + + // See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call + // credential types. + message ChannelCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials"; + + oneof credential_specifier { + option (validate.required) = true; + + SslCredentials ssl_credentials = 1; + + // https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61 + google.protobuf.Empty google_default = 2; + + GoogleLocalCredentials local_credentials = 3; + } + } + + // [#next-free-field: 8] + message CallCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials"; + + message ServiceAccountJWTAccessCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials." + "ServiceAccountJWTAccessCredentials"; + + string json_key = 1; + + uint64 token_lifetime_seconds = 2; + } + + message GoogleIAMCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials"; + + string authorization_token = 1; + + string authority_selector = 2; + } + + message MetadataCredentialsFromPlugin { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials." + "MetadataCredentialsFromPlugin"; + + reserved 2; + + reserved "config"; + + string name = 1; + + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + // Security token service configuration that allows Google gRPC to + // fetch security token from an OAuth 2.0 authorization server. + // See https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 and + // https://github.com/grpc/grpc/pull/19587. + // [#next-free-field: 10] + message StsService { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService"; + + // URI of the token exchange service that handles token exchange requests. + // [#comment:TODO(asraa): Add URI validation when implemented. Tracked by + // https://github.com/envoyproxy/protoc-gen-validate/issues/303] + string token_exchange_service_uri = 1; + + // Location of the target service or resource where the client + // intends to use the requested security token. + string resource = 2; + + // Logical name of the target service where the client intends to + // use the requested security token. + string audience = 3; + + // The desired scope of the requested security token in the + // context of the service or resource where the token will be used. + string scope = 4; + + // Type of the requested security token. + string requested_token_type = 5; + + // The path of subject token, a security token that represents the + // identity of the party on behalf of whom the request is being made. + string subject_token_path = 6 [(validate.rules).string = {min_bytes: 1}]; + + // Type of the subject token. + string subject_token_type = 7 [(validate.rules).string = {min_bytes: 1}]; + + // The path of actor token, a security token that represents the identity + // of the acting party. The acting party is authorized to use the + // requested security token and act on behalf of the subject. + string actor_token_path = 8; + + // Type of the actor token. + string actor_token_type = 9; + } + + oneof credential_specifier { + option (validate.required) = true; + + // Access token credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d. + string access_token = 1; + + // Google Compute Engine credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61 + google.protobuf.Empty google_compute_engine = 2; + + // Google refresh token credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c. + string google_refresh_token = 3; + + // Service Account JWT Access credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa. + ServiceAccountJWTAccessCredentials service_account_jwt_access = 4; + + // Google IAM credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0. + GoogleIAMCredentials google_iam = 5; + + // Custom authenticator credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07. + // https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms. + MetadataCredentialsFromPlugin from_plugin = 6; + + // Custom security token service which implements OAuth 2.0 token exchange. + // https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 + // See https://github.com/grpc/grpc/pull/19587. + StsService sts_service = 7; + } + } + + // The target URI when using the `Google C++ gRPC client + // `_. SSL credentials will be supplied in + // :ref:`channel_credentials `. + string target_uri = 1 [(validate.rules).string = {min_bytes: 1}]; + + ChannelCredentials channel_credentials = 2; + + // A set of call credentials that can be composed with `channel credentials + // `_. + repeated CallCredentials call_credentials = 3; + + // The human readable prefix to use when emitting statistics for the gRPC + // service. + // + // .. csv-table:: + // :header: Name, Type, Description + // :widths: 1, 1, 2 + // + // streams_total, Counter, Total number of streams opened + // streams_closed_, Counter, Total streams closed with + string stat_prefix = 4 [(validate.rules).string = {min_bytes: 1}]; + + // The name of the Google gRPC credentials factory to use. This must have been registered with + // Envoy. If this is empty, a default credentials factory will be used that sets up channel + // credentials based on other configuration parameters. + string credentials_factory_name = 5; + + // Additional configuration for site-specific customizations of the Google + // gRPC library. + google.protobuf.Struct config = 6; + } + + reserved 4; + + oneof target_specifier { + option (validate.required) = true; + + // Envoy's in-built gRPC client. + // See the :ref:`gRPC services overview ` + // documentation for discussion on gRPC client selection. + EnvoyGrpc envoy_grpc = 1; + + // `Google C++ gRPC client `_ + // See the :ref:`gRPC services overview ` + // documentation for discussion on gRPC client selection. + GoogleGrpc google_grpc = 2; + } + + // The timeout for the gRPC request. This is the timeout for a specific + // request. + google.protobuf.Duration timeout = 3; + + // Additional metadata to include in streams initiated to the GrpcService. + // This can be used for scenarios in which additional ad hoc authorization + // headers (e.g. ``x-foo-bar: baz-key``) are to be injected. + repeated HeaderValue initial_metadata = 5; +} diff --git a/api/envoy/config/core/v4alpha/health_check.proto b/api/envoy/config/core/v4alpha/health_check.proto new file mode 100644 index 0000000000000..0e6c4e73c2a25 --- /dev/null +++ b/api/envoy/config/core/v4alpha/health_check.proto @@ -0,0 +1,321 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/event_service_config.proto"; +import "envoy/type/matcher/v3/string.proto"; +import "envoy/type/v3/http.proto"; +import "envoy/type/v3/range.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "HealthCheckProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Health check] +// * Health checking :ref:`architecture overview `. +// * If health checking is configured for a cluster, additional statistics are emitted. They are +// documented :ref:`here `. + +// Endpoint health status. +enum HealthStatus { + // The health status is not known. This is interpreted by Envoy as *HEALTHY*. + UNKNOWN = 0; + + // Healthy. + HEALTHY = 1; + + // Unhealthy. + UNHEALTHY = 2; + + // Connection draining in progress. E.g., + // ``_ + // or + // ``_. + // This is interpreted by Envoy as *UNHEALTHY*. + DRAINING = 3; + + // Health check timed out. This is part of HDS and is interpreted by Envoy as + // *UNHEALTHY*. + TIMEOUT = 4; + + // Degraded. + DEGRADED = 5; +} + +// [#next-free-field: 23] +message HealthCheck { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HealthCheck"; + + // Describes the encoding of the payload bytes in the payload. + message Payload { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.Payload"; + + oneof payload { + option (validate.required) = true; + + // Hex encoded payload. E.g., "000000FF". + string text = 1 [(validate.rules).string = {min_bytes: 1}]; + + // [#not-implemented-hide:] Binary payload. + bytes binary = 2; + } + } + + // [#next-free-field: 12] + message HttpHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.HttpHealthCheck"; + + reserved 5, 7; + + reserved "service_name", "use_http2"; + + // The value of the host header in the HTTP health check request. If + // left empty (default value), the name of the cluster this health check is associated + // with will be used. The host header can be customized for a specific endpoint by setting the + // :ref:`hostname ` field. + string host = 1; + + // Specifies the HTTP path that will be requested during health checking. For example + // */healthcheck*. + string path = 2 [(validate.rules).string = {min_bytes: 1}]; + + // [#not-implemented-hide:] HTTP specific payload. + Payload send = 3; + + // [#not-implemented-hide:] HTTP specific response. + Payload receive = 4; + + // Specifies a list of HTTP headers that should be added to each request that is sent to the + // health checked cluster. For more information, including details on header value syntax, see + // the documentation on :ref:`custom request headers + // `. + repeated HeaderValueOption request_headers_to_add = 6 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request that is sent to the + // health checked cluster. + repeated string request_headers_to_remove = 8; + + // Specifies a list of HTTP response statuses considered healthy. If provided, replaces default + // 200-only policy - 200 must be included explicitly as needed. Ranges follow half-open + // semantics of :ref:`Int64Range `. The start and end of each + // range are required. Only statuses in the range [100, 600) are allowed. + repeated type.v3.Int64Range expected_statuses = 9; + + // Use specified application protocol for health checks. + type.v3.CodecClientType codec_client_type = 10 [(validate.rules).enum = {defined_only: true}]; + + // An optional service name parameter which is used to validate the identity of + // the health checked cluster using a :ref:`StringMatcher + // `. See the :ref:`architecture overview + // ` for more information. + type.matcher.v3.StringMatcher service_name_matcher = 11; + } + + message TcpHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.TcpHealthCheck"; + + // Empty payloads imply a connect-only health check. + Payload send = 1; + + // When checking the response, “fuzzy” matching is performed such that each + // binary block must be found, and in the order specified, but not + // necessarily contiguous. + repeated Payload receive = 2; + } + + message RedisHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.RedisHealthCheck"; + + // If set, optionally perform ``EXISTS `` instead of ``PING``. A return value + // from Redis of 0 (does not exist) is considered a passing healthcheck. A return value other + // than 0 is considered a failure. This allows the user to mark a Redis instance for maintenance + // by setting the specified key to any value and waiting for traffic to drain. + string key = 1; + } + + // `grpc.health.v1.Health + // `_-based + // healthcheck. See `gRPC doc `_ + // for details. + message GrpcHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.GrpcHealthCheck"; + + // An optional service name parameter which will be sent to gRPC service in + // `grpc.health.v1.HealthCheckRequest + // `_. + // message. See `gRPC health-checking overview + // `_ for more information. + string service_name = 1; + + // The value of the :authority header in the gRPC health check request. If + // left empty (default value), the name of the cluster this health check is associated + // with will be used. The authority header can be customized for a specific endpoint by setting + // the :ref:`hostname ` field. + string authority = 2; + } + + // Custom health check. + message CustomHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.CustomHealthCheck"; + + reserved 2; + + reserved "config"; + + // The registered name of the custom health checker. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // A custom health checker specific configuration which depends on the custom health checker + // being instantiated. See :api:`envoy/config/health_checker` for reference. + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + // Health checks occur over the transport socket specified for the cluster. This implies that if a + // cluster is using a TLS-enabled transport socket, the health check will also occur over TLS. + // + // This allows overriding the cluster TLS settings, just for health check connections. + message TlsOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.TlsOptions"; + + // Specifies the ALPN protocols for health check connections. This is useful if the + // corresponding upstream is using ALPN-based :ref:`FilterChainMatch + // ` along with different protocols for health checks + // versus data connections. If empty, no ALPN protocols will be set on health check connections. + repeated string alpn_protocols = 1; + } + + reserved 10; + + // The time to wait for a health check response. If the timeout is reached the + // health check attempt will be considered a failure. + google.protobuf.Duration timeout = 1 [(validate.rules).duration = { + required: true + gt {} + }]; + + // The interval between health checks. + google.protobuf.Duration interval = 2 [(validate.rules).duration = { + required: true + gt {} + }]; + + // An optional jitter amount in milliseconds. If specified, Envoy will start health + // checking after for a random time in ms between 0 and initial_jitter. This only + // applies to the first health check. + google.protobuf.Duration initial_jitter = 20; + + // An optional jitter amount in milliseconds. If specified, during every + // interval Envoy will add interval_jitter to the wait time. + google.protobuf.Duration interval_jitter = 3; + + // An optional jitter amount as a percentage of interval_ms. If specified, + // during every interval Envoy will add interval_ms * + // interval_jitter_percent / 100 to the wait time. + // + // If interval_jitter_ms and interval_jitter_percent are both set, both of + // them will be used to increase the wait time. + uint32 interval_jitter_percent = 18; + + // The number of unhealthy health checks required before a host is marked + // unhealthy. Note that for *http* health checking if a host responds with 503 + // this threshold is ignored and the host is considered unhealthy immediately. + google.protobuf.UInt32Value unhealthy_threshold = 4 [(validate.rules).message = {required: true}]; + + // The number of healthy health checks required before a host is marked + // healthy. Note that during startup, only a single successful health check is + // required to mark a host healthy. + google.protobuf.UInt32Value healthy_threshold = 5 [(validate.rules).message = {required: true}]; + + // [#not-implemented-hide:] Non-serving port for health checking. + google.protobuf.UInt32Value alt_port = 6; + + // Reuse health check connection between health checks. Default is true. + google.protobuf.BoolValue reuse_connection = 7; + + oneof health_checker { + option (validate.required) = true; + + // HTTP health check. + HttpHealthCheck http_health_check = 8; + + // TCP health check. + TcpHealthCheck tcp_health_check = 9; + + // gRPC health check. + GrpcHealthCheck grpc_health_check = 11; + + // Custom health check. + CustomHealthCheck custom_health_check = 13; + } + + // The "no traffic interval" is a special health check interval that is used when a cluster has + // never had traffic routed to it. This lower interval allows cluster information to be kept up to + // date, without sending a potentially large amount of active health checking traffic for no + // reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the + // standard health check interval that is defined. Note that this interval takes precedence over + // any other. + // + // The default value for "no traffic interval" is 60 seconds. + google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}]; + + // The "unhealthy interval" is a health check interval that is used for hosts that are marked as + // unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the + // standard health check interval that is defined. + // + // The default value for "unhealthy interval" is the same as "interval". + google.protobuf.Duration unhealthy_interval = 14 [(validate.rules).duration = {gt {}}]; + + // The "unhealthy edge interval" is a special health check interval that is used for the first + // health check right after a host is marked as unhealthy. For subsequent health checks + // Envoy will shift back to using either "unhealthy interval" if present or the standard health + // check interval that is defined. + // + // The default value for "unhealthy edge interval" is the same as "unhealthy interval". + google.protobuf.Duration unhealthy_edge_interval = 15 [(validate.rules).duration = {gt {}}]; + + // The "healthy edge interval" is a special health check interval that is used for the first + // health check right after a host is marked as healthy. For subsequent health checks + // Envoy will shift back to using the standard health check interval that is defined. + // + // The default value for "healthy edge interval" is the same as the default interval. + google.protobuf.Duration healthy_edge_interval = 16 [(validate.rules).duration = {gt {}}]; + + // Specifies the path to the :ref:`health check event log `. + // If empty, no event log will be written. + string event_log_path = 17; + + // [#not-implemented-hide:] + // The gRPC service for the health check event service. + // If empty, health check events won't be sent to a remote endpoint. + EventServiceConfig event_service = 22; + + // If set to true, health check failure events will always be logged. If set to false, only the + // initial health check failure event will be logged. + // The default value is false. + bool always_log_health_check_failures = 19; + + // This allows overriding the cluster TLS settings, just for health check connections. + TlsOptions tls_options = 21; +} diff --git a/api/envoy/config/core/v4alpha/http_uri.proto b/api/envoy/config/core/v4alpha/http_uri.proto new file mode 100644 index 0000000000000..e88a9aa7d7dfb --- /dev/null +++ b/api/envoy/config/core/v4alpha/http_uri.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "HttpUriProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP Service URI ] + +// Envoy external URI descriptor +message HttpUri { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HttpUri"; + + // The HTTP server URI. It should be a full FQDN with protocol, host and path. + // + // Example: + // + // .. code-block:: yaml + // + // uri: https://www.googleapis.com/oauth2/v1/certs + // + string uri = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Specify how `uri` is to be fetched. Today, this requires an explicit + // cluster, but in the future we may support dynamic cluster creation or + // inline DNS resolution. See `issue + // `_. + oneof http_upstream_type { + option (validate.required) = true; + + // A cluster is created in the Envoy "cluster_manager" config + // section. This field specifies the cluster name. + // + // Example: + // + // .. code-block:: yaml + // + // cluster: jwks_cluster + // + string cluster = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + // Sets the maximum duration in milliseconds that a response can take to arrive upon request. + google.protobuf.Duration timeout = 3 [(validate.rules).duration = { + required: true + gte {} + }]; +} diff --git a/api/envoy/config/core/v4alpha/protocol.proto b/api/envoy/config/core/v4alpha/protocol.proto new file mode 100644 index 0000000000000..f4bbb35ea4a2a --- /dev/null +++ b/api/envoy/config/core/v4alpha/protocol.proto @@ -0,0 +1,297 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "ProtocolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Protocol options] + +// [#not-implemented-hide:] +message TcpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.TcpProtocolOptions"; +} + +message UpstreamHttpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.UpstreamHttpProtocolOptions"; + + // Set transport socket `SNI `_ for new + // upstream connections based on the downstream HTTP host/authority header, as seen by the + // :ref:`router filter `. + bool auto_sni = 1; + + // Automatic validate upstream presented certificate for new upstream connections based on the + // downstream HTTP host/authority header, as seen by the + // :ref:`router filter `. + // This field is intended to set with `auto_sni` field. + bool auto_san_validation = 2; +} + +message HttpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HttpProtocolOptions"; + + // The idle timeout for connections. The idle timeout is defined as the + // period in which there are no active requests. If not set, there is no idle timeout. When the + // idle timeout is reached the connection will be closed. If the connection is an HTTP/2 + // downstream connection a drain sequence will occur prior to closing the connection, see + // :ref:`drain_timeout + // `. + // Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. + // If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0. + // + // .. warning:: + // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP + // FIN packets, etc. + google.protobuf.Duration idle_timeout = 1; + + // The maximum duration of a connection. The duration is defined as a period since a connection + // was established. If not set, there is no max duration. When max_connection_duration is reached + // the connection will be closed. Drain sequence will occur prior to closing the connection if + // if's applicable. See :ref:`drain_timeout + // `. + // Note: not implemented for upstream connections. + google.protobuf.Duration max_connection_duration = 3; + + // The maximum number of headers. If unconfigured, the default + // maximum number of request headers allowed is 100. Requests that exceed this limit will receive + // a 431 response for HTTP/1.x and cause a stream reset for HTTP/2. + google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}]; + + // Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be + // reset independent of any other timeouts. If not specified, this value is not set. + // The current implementation implements this timeout on downstream connections only. + // [#comment:TODO(shikugawa): add this functionality to upstream.] + google.protobuf.Duration max_stream_duration = 4; +} + +// [#next-free-field: 6] +message Http1ProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http1ProtocolOptions"; + + message HeaderKeyFormat { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http1ProtocolOptions.HeaderKeyFormat"; + + message ProperCaseWords { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http1ProtocolOptions.HeaderKeyFormat.ProperCaseWords"; + } + + oneof header_format { + option (validate.required) = true; + + // Formats the header by proper casing words: the first character and any character following + // a special character will be capitalized if it's an alpha character. For example, + // "content-type" becomes "Content-Type", and "foo$b#$are" becomes "Foo$B#$Are". + // Note that while this results in most headers following conventional casing, certain headers + // are not covered. For example, the "TE" header will be formatted as "Te". + ProperCaseWords proper_case_words = 1; + } + } + + // Handle HTTP requests with absolute URLs in the requests. These requests + // are generally sent by clients to forward/explicit proxies. This allows clients to configure + // envoy as their HTTP proxy. In Unix, for example, this is typically done by setting the + // *http_proxy* environment variable. + google.protobuf.BoolValue allow_absolute_url = 1; + + // Handle incoming HTTP/1.0 and HTTP 0.9 requests. + // This is off by default, and not fully standards compliant. There is support for pre-HTTP/1.1 + // style connect logic, dechunking, and handling lack of client host iff + // *default_host_for_http_10* is configured. + bool accept_http_10 = 2; + + // A default host for HTTP/1.0 requests. This is highly suggested if *accept_http_10* is true as + // Envoy does not otherwise support HTTP/1.0 without a Host header. + // This is a no-op if *accept_http_10* is not true. + string default_host_for_http_10 = 3; + + // Describes how the keys for response headers should be formatted. By default, all header keys + // are lower cased. + HeaderKeyFormat header_key_format = 4; + + // Enables trailers for HTTP/1. By default the HTTP/1 codec drops proxied trailers. + // + // .. attention:: + // + // Note that this only happens when Envoy is chunk encoding which occurs when: + // - The request is HTTP/1.1. + // - Is neither a HEAD only request nor a HTTP Upgrade. + // - Not a response to a HEAD request. + // - The content length header is not present. + bool enable_trailers = 5; +} + +// [#next-free-field: 14] +message Http2ProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http2ProtocolOptions"; + + // Defines a parameter to be sent in the SETTINGS frame. + // See `RFC7540, sec. 6.5.1 `_ for details. + message SettingsParameter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http2ProtocolOptions.SettingsParameter"; + + // The 16 bit parameter identifier. + google.protobuf.UInt32Value identifier = 1 [ + (validate.rules).uint32 = {lte: 65536 gte: 1}, + (validate.rules).message = {required: true} + ]; + + // The 32 bit parameter value. + google.protobuf.UInt32Value value = 2 [(validate.rules).message = {required: true}]; + } + + // `Maximum table size `_ + // (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values + // range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header + // compression. + google.protobuf.UInt32Value hpack_table_size = 1; + + // `Maximum concurrent streams `_ + // allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1) + // and defaults to 2147483647. + // + // For upstream connections, this also limits how many streams Envoy will initiate concurrently + // on a single connection. If the limit is reached, Envoy may queue requests or establish + // additional connections (as allowed per circuit breaker limits). + google.protobuf.UInt32Value max_concurrent_streams = 2 + [(validate.rules).uint32 = {lte: 2147483647 gte: 1}]; + + // `Initial stream-level flow-control window + // `_ size. Valid values range from 65535 + // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456 + // (256 * 1024 * 1024). + // + // NOTE: 65535 is the initial window size from HTTP/2 spec. We only support increasing the default + // window size now, so it's also the minimum. + // + // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the + // HTTP/2 codec buffers. Once the buffer reaches this pointer, watermark callbacks will fire to + // stop the flow of data to the codec buffers. + google.protobuf.UInt32Value initial_stream_window_size = 3 + [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}]; + + // Similar to *initial_stream_window_size*, but for connection-level flow-control + // window. Currently, this has the same minimum/maximum/default as *initial_stream_window_size*. + google.protobuf.UInt32Value initial_connection_window_size = 4 + [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}]; + + // Allows proxying Websocket and other upgrades over H2 connect. + bool allow_connect = 5; + + // [#not-implemented-hide:] Hiding until envoy has full metadata support. + // Still under implementation. DO NOT USE. + // + // Allows metadata. See [metadata + // docs](https://github.com/envoyproxy/envoy/blob/master/source/docs/h2_metadata.md) for more + // information. + bool allow_metadata = 6; + + // Limit the number of pending outbound downstream frames of all types (frames that are waiting to + // be written into the socket). Exceeding this limit triggers flood mitigation and connection is + // terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due + // to flood mitigation. The default limit is 10000. + // [#comment:TODO: implement same limits for upstream outbound frames as well.] + google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}]; + + // Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM, + // preventing high memory utilization when receiving continuous stream of these frames. Exceeding + // this limit triggers flood mitigation and connection is terminated. The + // ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood + // mitigation. The default limit is 1000. + // [#comment:TODO: implement same limits for upstream outbound frames as well.] + google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}]; + + // Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an + // empty payload and no end stream flag. Those frames have no legitimate use and are abusive, but + // might be a result of a broken HTTP/2 implementation. The `http2.inbound_empty_frames_flood`` + // stat tracks the number of connections terminated due to flood mitigation. + // Setting this to 0 will terminate connection upon receiving first frame with an empty payload + // and no end stream flag. The default limit is 1. + // [#comment:TODO: implement same limits for upstream inbound frames as well.] + google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9; + + // Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number + // of PRIORITY frames received over the lifetime of connection exceeds the value calculated + // using this formula:: + // + // max_inbound_priority_frames_per_stream * (1 + inbound_streams) + // + // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks + // the number of connections terminated due to flood mitigation. The default limit is 100. + // [#comment:TODO: implement same limits for upstream inbound frames as well.] + google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10; + + // Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number + // of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated + // using this formula:: + // + // 1 + 2 * (inbound_streams + + // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) + // + // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks + // the number of connections terminated due to flood mitigation. The default limit is 10. + // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, + // but more complex implementations that try to estimate available bandwidth require at least 2. + // [#comment:TODO: implement same limits for upstream inbound frames as well.] + google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11 + [(validate.rules).uint32 = {gte: 1}]; + + // Allows invalid HTTP messaging and headers. When this option is disabled (default), then + // the whole HTTP/2 connection is terminated upon receiving invalid HEADERS frame. However, + // when this option is enabled, only the offending stream is terminated. + // + // See `RFC7540, sec. 8.1 `_ for details. + bool stream_error_on_invalid_http_messaging = 12; + + // [#not-implemented-hide:] + // Specifies SETTINGS frame parameters to be sent to the peer, with two exceptions: + // + // 1. SETTINGS_ENABLE_PUSH (0x2) is not configurable as HTTP/2 server push is not supported by + // Envoy. + // + // 2. SETTINGS_ENABLE_CONNECT_PROTOCOL (0x8) is only configurable through the named field + // 'allow_connect'. + // + // Note that custom parameters specified through this field can not also be set in the + // corresponding named parameters: + // + // .. code-block:: text + // + // ID Field Name + // ---------------- + // 0x1 hpack_table_size + // 0x3 max_concurrent_streams + // 0x4 initial_stream_window_size + // + // Collisions will trigger config validation failure on load/update. Likewise, inconsistencies + // between custom parameters with the same identifier will trigger a failure. + // + // See `IANA HTTP/2 Settings + // `_ for + // standardized identifiers. + repeated SettingsParameter custom_settings_parameters = 13; +} + +// [#not-implemented-hide:] +message GrpcProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcProtocolOptions"; + + Http2ProtocolOptions http2_protocol_options = 1; +} diff --git a/api/envoy/config/core/v4alpha/socket_option.proto b/api/envoy/config/core/v4alpha/socket_option.proto new file mode 100644 index 0000000000000..7dac394a865dc --- /dev/null +++ b/api/envoy/config/core/v4alpha/socket_option.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "SocketOptionProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Socket Option ] + +// Generic socket option message. This would be used to set socket options that +// might not exist in upstream kernels or precompiled Envoy binaries. +// [#next-free-field: 7] +message SocketOption { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.SocketOption"; + + enum SocketState { + // Socket options are applied after socket creation but before binding the socket to a port + STATE_PREBIND = 0; + + // Socket options are applied after binding the socket to a port but before calling listen() + STATE_BOUND = 1; + + // Socket options are applied after calling listen() + STATE_LISTENING = 2; + } + + // An optional name to give this socket option for debugging, etc. + // Uniqueness is not required and no special meaning is assumed. + string description = 1; + + // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP + int64 level = 2; + + // The numeric name as passed to setsockopt + int64 name = 3; + + oneof value { + option (validate.required) = true; + + // Because many sockopts take an int value. + int64 int_value = 4; + + // Otherwise it's a byte buffer. + bytes buf_value = 5; + } + + // The state in which the option will be applied. When used in BindConfig + // STATE_PREBIND is currently the only valid value. + SocketState state = 6 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/api/envoy/config/endpoint/v3/endpoint.proto b/api/envoy/config/endpoint/v3/endpoint.proto index c097d4c4b8cbd..008b4ddc4993f 100644 --- a/api/envoy/config/endpoint/v3/endpoint.proto +++ b/api/envoy/config/endpoint/v3/endpoint.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.endpoint.v3"; option java_outer_classname = "EndpointProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Endpoint configuration] // Endpoint discovery :ref:`architecture overview ` diff --git a/api/envoy/config/endpoint/v3/endpoint_components.proto b/api/envoy/config/endpoint/v3/endpoint_components.proto index b7a1bf8fd51a6..ce7048b5baca7 100644 --- a/api/envoy/config/endpoint/v3/endpoint_components.proto +++ b/api/envoy/config/endpoint/v3/endpoint_components.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.endpoint.v3"; option java_outer_classname = "EndpointComponentsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Endpoints] diff --git a/api/envoy/config/endpoint/v3/load_report.proto b/api/envoy/config/endpoint/v3/load_report.proto index 005d80a36886a..01eb7b12cf1aa 100644 --- a/api/envoy/config/endpoint/v3/load_report.proto +++ b/api/envoy/config/endpoint/v3/load_report.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.endpoint.v3"; option java_outer_classname = "LoadReportProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // These are stats Envoy reports to GLB every so often. Report frequency is // defined by diff --git a/api/envoy/config/filter/accesslog/v2/accesslog.proto b/api/envoy/config/filter/accesslog/v2/accesslog.proto index dad16521d0846..25d27bfbd1064 100644 --- a/api/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/api/envoy/config/filter/accesslog/v2/accesslog.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.accesslog.v2"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.accesslog.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common access log types] diff --git a/api/envoy/config/filter/dubbo/router/v2alpha1/router.proto b/api/envoy/config/filter/dubbo/router/v2alpha1/router.proto index ba312ac958366..2e35bb7f7c5b3 100644 --- a/api/envoy/config/filter/dubbo/router/v2alpha1/router.proto +++ b/api/envoy/config/filter/dubbo/router/v2alpha1/router.proto @@ -10,7 +10,7 @@ option java_outer_classname = "RouterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.dubbo_proxy.router.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Router] // Dubbo router :ref:`configuration overview `. diff --git a/api/envoy/config/filter/fault/v2/fault.proto b/api/envoy/config/filter/fault/v2/fault.proto index 136134781cb8a..016140d10f84a 100644 --- a/api/envoy/config/filter/fault/v2/fault.proto +++ b/api/envoy/config/filter/fault/v2/fault.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.fault.v2"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.common.fault.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common fault injection types] diff --git a/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto b/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto index d89bfe87e3abf..bd9da5a677669 100644 --- a/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto +++ b/api/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto @@ -18,7 +18,7 @@ option java_outer_classname = "AdaptiveConcurrencyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.adaptive_concurrency.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Adaptive Concurrency] // Adaptive Concurrency Control :ref:`configuration overview diff --git a/api/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto b/api/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto index 3c408914b7c0d..754c9b637665f 100644 --- a/api/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto +++ b/api/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto @@ -12,7 +12,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.aws_lambda.v3"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: AWS Lambda] // AWS Lambda :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto b/api/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto index e00cd909ebd73..5ebb92c01dfa8 100644 --- a/api/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto +++ b/api/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto @@ -11,7 +11,7 @@ option java_outer_classname = "AwsRequestSigningProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.aws_request_signing.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: AwsRequestSigning] // AwsRequestSigning :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/buffer/v2/buffer.proto b/api/envoy/config/filter/http/buffer/v2/buffer.proto index a2b97326ff9e5..56961d22fe092 100644 --- a/api/envoy/config/filter/http/buffer/v2/buffer.proto +++ b/api/envoy/config/filter/http/buffer/v2/buffer.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.buffer.v2"; option java_outer_classname = "BufferProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.buffer.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Buffer] // Buffer :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/cache/v2alpha/cache.proto b/api/envoy/config/filter/http/cache/v2alpha/cache.proto index 8e5e35e8ac187..a9e51cf56a103 100644 --- a/api/envoy/config/filter/http/cache/v2alpha/cache.proto +++ b/api/envoy/config/filter/http/cache/v2alpha/cache.proto @@ -17,7 +17,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.cache.v3alpha"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP Cache Filter] // [#extension: envoy.filters.http.cache] diff --git a/api/envoy/config/filter/http/compressor/v2/compressor.proto b/api/envoy/config/filter/http/compressor/v2/compressor.proto index 0d781a13672aa..d62d0d7a42fab 100644 --- a/api/envoy/config/filter/http/compressor/v2/compressor.proto +++ b/api/envoy/config/filter/http/compressor/v2/compressor.proto @@ -14,7 +14,7 @@ option java_outer_classname = "CompressorProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.compressor.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Compressor] diff --git a/api/envoy/config/filter/http/cors/v2/cors.proto b/api/envoy/config/filter/http/cors/v2/cors.proto index 8e5392f6b0011..9060a9c38fda1 100644 --- a/api/envoy/config/filter/http/cors/v2/cors.proto +++ b/api/envoy/config/filter/http/cors/v2/cors.proto @@ -9,7 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.cors.v2"; option java_outer_classname = "CorsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.cors.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Cors] // CORS Filter :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/csrf/v2/csrf.proto b/api/envoy/config/filter/http/csrf/v2/csrf.proto index 23ba6dbdd1f47..3c2c9110e9fe0 100644 --- a/api/envoy/config/filter/http/csrf/v2/csrf.proto +++ b/api/envoy/config/filter/http/csrf/v2/csrf.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.csrf.v2"; option java_outer_classname = "CsrfProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.csrf.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: CSRF] // Cross-Site Request Forgery :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto b/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto index b64691874eae6..29aa8380191b7 100644 --- a/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto +++ b/api/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto @@ -13,7 +13,7 @@ option java_outer_classname = "DynamicForwardProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.dynamic_forward_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamic forward proxy] diff --git a/api/envoy/config/filter/http/dynamo/v2/dynamo.proto b/api/envoy/config/filter/http/dynamo/v2/dynamo.proto index cd41d746f8cbd..011d22f768c8c 100644 --- a/api/envoy/config/filter/http/dynamo/v2/dynamo.proto +++ b/api/envoy/config/filter/http/dynamo/v2/dynamo.proto @@ -9,7 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.dynamo.v2"; option java_outer_classname = "DynamoProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.dynamo.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamo] // Dynamo :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto index 457f2ac1eafc5..a407f4628d2e4 100644 --- a/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto +++ b/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto @@ -18,7 +18,7 @@ option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.ext_authz.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: External Authorization] // External Authorization :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/fault/v2/fault.proto b/api/envoy/config/filter/http/fault/v2/fault.proto index 81572c8ae6a0e..cb99b0d71bbdc 100644 --- a/api/envoy/config/filter/http/fault/v2/fault.proto +++ b/api/envoy/config/filter/http/fault/v2/fault.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.fault.v2"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.fault.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Fault Injection] // Fault Injection :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto b/api/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto index 91a4a2d151aac..b4331dad5031c 100644 --- a/api/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto +++ b/api/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto @@ -10,7 +10,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_http1_bridge.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC HTTP/1.1 Bridge] // gRPC HTTP/1.1 Bridge Filter :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto index b3ed8e77d68af..8b916d327e194 100644 --- a/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto +++ b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto @@ -11,7 +11,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_http1_reverse_bridge.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC HTTP/1.1 Reverse Bridge] // gRPC HTTP/1.1 Reverse Bridge :ref:`configuration overview diff --git a/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto b/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto index 4280a44f66858..7f6dd2ce42263 100644 --- a/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto +++ b/api/envoy/config/filter/http/grpc_stats/v2alpha/config.proto @@ -15,7 +15,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_stats.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC statistics] gRPC statistics filter // :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/grpc_web/v2/grpc_web.proto b/api/envoy/config/filter/http/grpc_web/v2/grpc_web.proto index 5e78af97d4d3a..be23b4d87b585 100644 --- a/api/envoy/config/filter/http/grpc_web/v2/grpc_web.proto +++ b/api/envoy/config/filter/http/grpc_web/v2/grpc_web.proto @@ -10,7 +10,7 @@ option java_outer_classname = "GrpcWebProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_web.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Web] // gRPC Web :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/gzip/v2/gzip.proto b/api/envoy/config/filter/http/gzip/v2/gzip.proto index c47da756a8768..f3601b612b029 100644 --- a/api/envoy/config/filter/http/gzip/v2/gzip.proto +++ b/api/envoy/config/filter/http/gzip/v2/gzip.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.gzip.v2"; option java_outer_classname = "GzipProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.gzip.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Gzip] // Gzip :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto b/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto index aab0395a3fd4d..30de69d98b1c3 100644 --- a/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto +++ b/api/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto @@ -11,7 +11,7 @@ option java_outer_classname = "HeaderToMetadataProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.header_to_metadata.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Header-To-Metadata Filter] // diff --git a/api/envoy/config/filter/http/health_check/v2/health_check.proto b/api/envoy/config/filter/http/health_check/v2/health_check.proto index 462a68c67a502..d7f6da8c82d43 100644 --- a/api/envoy/config/filter/http/health_check/v2/health_check.proto +++ b/api/envoy/config/filter/http/health_check/v2/health_check.proto @@ -17,7 +17,7 @@ option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.health_check.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health check] // Health check :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto b/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto index 60808ceb24e15..f99b18a12c716 100644 --- a/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto +++ b/api/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto @@ -13,7 +13,7 @@ option java_outer_classname = "IpTaggingProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.ip_tagging.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: IP tagging] // IP tagging :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto b/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto index af416b691b634..07044f92201e9 100644 --- a/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto +++ b/api/envoy/config/filter/http/jwt_authn/v2alpha/config.proto @@ -18,7 +18,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.jwt_authn.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: JWT Authentication] // JWT Authentication :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/lua/v2/lua.proto b/api/envoy/config/filter/http/lua/v2/lua.proto index b40a4659c002e..068b5e255df5d 100644 --- a/api/envoy/config/filter/http/lua/v2/lua.proto +++ b/api/envoy/config/filter/http/lua/v2/lua.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.lua.v2"; option java_outer_classname = "LuaProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.lua.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Lua] // Lua :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/on_demand/v2/on_demand.proto b/api/envoy/config/filter/http/on_demand/v2/on_demand.proto index ba83990ed8dae..74d0ee408aebb 100644 --- a/api/envoy/config/filter/http/on_demand/v2/on_demand.proto +++ b/api/envoy/config/filter/http/on_demand/v2/on_demand.proto @@ -11,7 +11,7 @@ option java_outer_classname = "OnDemandProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.on_demand.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: OnDemand] // IP tagging :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto b/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto index 5df23f472ae04..0baf49cebeef0 100644 --- a/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto +++ b/api/envoy/config/filter/http/original_src/v2alpha1/original_src.proto @@ -11,7 +11,7 @@ option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.original_src.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto b/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto index 2e739d92c734f..b9361476bcfde 100644 --- a/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto +++ b/api/envoy/config/filter/http/rate_limit/v2/rate_limit.proto @@ -15,7 +15,7 @@ option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/rbac/v2/rbac.proto b/api/envoy/config/filter/http/rbac/v2/rbac.proto index 3074fe78e53fd..691f23036ba8f 100644 --- a/api/envoy/config/filter/http/rbac/v2/rbac.proto +++ b/api/envoy/config/filter/http/rbac/v2/rbac.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.rbac.v2"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.rbac.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/router/v2/router.proto b/api/envoy/config/filter/http/router/v2/router.proto index 4bb0a7b386d3e..c95500cf8168b 100644 --- a/api/envoy/config/filter/http/router/v2/router.proto +++ b/api/envoy/config/filter/http/router/v2/router.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.router.v2"; option java_outer_classname = "RouterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.router.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Router] // Router :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/squash/v2/squash.proto b/api/envoy/config/filter/http/squash/v2/squash.proto index d754f64456b55..a7ae625d2ee37 100644 --- a/api/envoy/config/filter/http/squash/v2/squash.proto +++ b/api/envoy/config/filter/http/squash/v2/squash.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.squash.v2"; option java_outer_classname = "SquashProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.squash.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Squash] // Squash :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/tap/v2alpha/tap.proto b/api/envoy/config/filter/http/tap/v2alpha/tap.proto index 682cbc129c9fd..3f984cec0d6c3 100644 --- a/api/envoy/config/filter/http/tap/v2alpha/tap.proto +++ b/api/envoy/config/filter/http/tap/v2alpha/tap.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.tap.v2alpha"; option java_outer_classname = "TapProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.tap.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap] // Tap :ref:`configuration overview `. diff --git a/api/envoy/config/filter/http/transcoder/v2/transcoder.proto b/api/envoy/config/filter/http/transcoder/v2/transcoder.proto index cb1655f030e05..ac6d7eefa78a0 100644 --- a/api/envoy/config/filter/http/transcoder/v2/transcoder.proto +++ b/api/envoy/config/filter/http/transcoder/v2/transcoder.proto @@ -11,7 +11,7 @@ option java_outer_classname = "TranscoderProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_json_transcoder.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC-JSON transcoder] // gRPC-JSON transcoder :ref:`configuration overview `. diff --git a/api/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto b/api/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto index 824505a7cfd43..0496207e09bcb 100644 --- a/api/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto +++ b/api/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto @@ -10,7 +10,7 @@ option java_outer_classname = "HttpInspectorProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.http_inspector.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP Inspector Filter] // Detect whether the application protocol is HTTP. diff --git a/api/envoy/config/filter/listener/original_dst/v2/original_dst.proto b/api/envoy/config/filter/listener/original_dst/v2/original_dst.proto index 3d503f4638082..fa4acee45fc11 100644 --- a/api/envoy/config/filter/listener/original_dst/v2/original_dst.proto +++ b/api/envoy/config/filter/listener/original_dst/v2/original_dst.proto @@ -10,7 +10,7 @@ option java_outer_classname = "OriginalDstProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.original_dst.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Original Dst Filter] // Use the Original destination address on downstream connections. diff --git a/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto b/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto index 9d1be091fce1c..1959698fd1009 100644 --- a/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto +++ b/api/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto @@ -11,7 +11,7 @@ option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.original_src.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/api/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto b/api/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto index 039ee7207e510..cabffb9fc0c05 100644 --- a/api/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto +++ b/api/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto @@ -10,7 +10,7 @@ option java_outer_classname = "ProxyProtocolProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.proxy_protocol.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Proxy Protocol Filter] // PROXY protocol listener filter. diff --git a/api/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto b/api/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto index 94949ee2e29c1..7ab679c47dc57 100644 --- a/api/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto +++ b/api/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto @@ -10,7 +10,7 @@ option java_outer_classname = "TlsInspectorProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.tls_inspector.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: TLS Inspector Filter] // Allows detecting whether the transport appears to be TLS or plaintext. diff --git a/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto b/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto index b971a2692d4b6..d1f459078f20e 100644 --- a/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto +++ b/api/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto @@ -15,7 +15,7 @@ option java_outer_classname = "ClientSslAuthProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.client_ssl_auth.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Client TLS authentication] // Client TLS authentication diff --git a/api/envoy/config/filter/network/direct_response/v2/config.proto b/api/envoy/config/filter/network/direct_response/v2/config.proto index 53e498b74dd8f..15de7e3b55379 100644 --- a/api/envoy/config/filter/network/direct_response/v2/config.proto +++ b/api/envoy/config/filter/network/direct_response/v2/config.proto @@ -12,7 +12,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.direct_response.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Direct response] // Direct response :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto b/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto index 72276d1ea004d..47248932f94ce 100644 --- a/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto +++ b/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto @@ -15,7 +15,7 @@ option java_outer_classname = "DubboProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.dubbo_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dubbo Proxy] // Dubbo Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto b/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto index cc3d8788695f7..9af461e3577cb 100644 --- a/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto +++ b/api/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto @@ -15,7 +15,7 @@ option java_outer_classname = "RouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.dubbo_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dubbo Proxy Route Configuration] // Dubbo Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/echo/v2/echo.proto b/api/envoy/config/filter/network/echo/v2/echo.proto index 6c3f5102da837..2b51ce4e18c36 100644 --- a/api/envoy/config/filter/network/echo/v2/echo.proto +++ b/api/envoy/config/filter/network/echo/v2/echo.proto @@ -9,7 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.network.echo.v2"; option java_outer_classname = "EchoProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.echo.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Echo] // Echo :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto index f8d1d55928f2f..40cea7061868c 100644 --- a/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto +++ b/api/envoy/config/filter/network/ext_authz/v2/ext_authz.proto @@ -13,7 +13,7 @@ option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.ext_authz.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Network External Authorization ] // The network layer external authorization service configuration diff --git a/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index 9c7fbd0c1a104..3b4c29066e9a2 100644 --- a/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -26,7 +26,7 @@ option java_outer_classname = "HttpConnectionManagerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.http_connection_manager.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP connection manager] // HTTP connection manager :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto b/api/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto index ad661685ec958..ea2f60e71eed3 100644 --- a/api/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto +++ b/api/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto @@ -11,7 +11,7 @@ option java_outer_classname = "KafkaBrokerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.kafka_broker.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Kafka Broker] // Kafka Broker :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto b/api/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto index aa968a92880bc..791b767f3e6aa 100644 --- a/api/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto +++ b/api/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto @@ -14,7 +14,7 @@ option java_outer_classname = "LocalRateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.local_ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Local rate limit] // Local rate limit :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto b/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto index b20c7d00d48ac..b261897858e21 100644 --- a/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto +++ b/api/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto @@ -13,7 +13,7 @@ option java_outer_classname = "MongoProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.mongo_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Mongo proxy] // MongoDB :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto b/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto index 0285c1bf2f1d1..78c6b7e971df4 100644 --- a/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto +++ b/api/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto @@ -11,7 +11,7 @@ option java_outer_classname = "MysqlProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.mysql_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: MySQL proxy] // MySQL Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto b/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto index 2393284e1922b..aed56c9af6292 100644 --- a/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto +++ b/api/envoy/config/filter/network/rate_limit/v2/rate_limit.proto @@ -16,7 +16,7 @@ option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/rbac/v2/rbac.proto b/api/envoy/config/filter/network/rbac/v2/rbac.proto index 089251ba222e6..ce86794c71cc3 100644 --- a/api/envoy/config/filter/network/rbac/v2/rbac.proto +++ b/api/envoy/config/filter/network/rbac/v2/rbac.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.network.rbac.v2"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.rbac.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto b/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto index 6a6d41eeb1da3..caca630fd297d 100644 --- a/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto +++ b/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto @@ -18,7 +18,7 @@ option java_outer_classname = "RedisProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.redis_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Redis Proxy] // Redis Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto b/api/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto index 31a9d48abb7b2..71c161fc48f69 100644 --- a/api/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto +++ b/api/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto @@ -10,7 +10,7 @@ option java_outer_classname = "SniClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.sni_cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: SNI Cluster Filter] // Set the upstream cluster name from the SNI field in the TLS connection. diff --git a/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto b/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto index c1e98decdfc89..4ec68f320eed7 100644 --- a/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto +++ b/api/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto @@ -19,7 +19,7 @@ option java_outer_classname = "TcpProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.tcp_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: TCP Proxy] // TCP Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto b/api/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto index 1e3ed8b2df547..8230a52e341e7 100644 --- a/api/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto +++ b/api/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto @@ -16,7 +16,7 @@ option java_outer_classname = "RouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.thrift_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Thrift Proxy Route Configuration] // Thrift Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto b/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto index 5c950870de81d..96e750ef310d7 100644 --- a/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto +++ b/api/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto @@ -16,7 +16,7 @@ option java_outer_classname = "ThriftProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.thrift_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Thrift Proxy] // Thrift Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto b/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto index 2ce0b31856591..cae622cecc34e 100644 --- a/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto +++ b/api/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto @@ -13,7 +13,7 @@ option java_outer_classname = "ZookeeperProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.zookeeper_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: ZooKeeper proxy] // ZooKeeper Proxy :ref:`configuration overview `. diff --git a/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto b/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto index a6b2c51242a29..389ddf35990ed 100644 --- a/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto +++ b/api/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto @@ -15,7 +15,7 @@ option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/api/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto b/api/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto index 8c6166241e038..de2608d44306c 100644 --- a/api/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto +++ b/api/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto @@ -15,7 +15,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filter.udp.dns_filter.v3alpha"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: DNS Filter] // DNS Filter :ref:`configuration overview `. diff --git a/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto b/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto index 4e5d62c0964a4..b63d35af4018b 100644 --- a/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto +++ b/api/envoy/config/grpc_credential/v2alpha/aws_iam.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha"; option java_outer_classname = "AwsIamProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Grpc Credentials AWS IAM] // Configuration for AWS IAM Grpc Credentials Plugin diff --git a/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto b/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto index 25e7c79b347c0..41e67f0bf24b3 100644 --- a/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto +++ b/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha"; option java_outer_classname = "FileBasedMetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Grpc Credentials File Based Metadata] // Configuration for File Based Metadata Grpc Credentials Plugin diff --git a/api/envoy/config/grpc_credential/v3/aws_iam.proto b/api/envoy/config/grpc_credential/v3/aws_iam.proto index 7372070e57ce6..eeb5d93ec6892 100644 --- a/api/envoy/config/grpc_credential/v3/aws_iam.proto +++ b/api/envoy/config/grpc_credential/v3/aws_iam.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3"; option java_outer_classname = "AwsIamProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Grpc Credentials AWS IAM] // Configuration for AWS IAM Grpc Credentials Plugin diff --git a/api/envoy/config/grpc_credential/v3/file_based_metadata.proto b/api/envoy/config/grpc_credential/v3/file_based_metadata.proto index f3057d3113962..b364d2917099b 100644 --- a/api/envoy/config/grpc_credential/v3/file_based_metadata.proto +++ b/api/envoy/config/grpc_credential/v3/file_based_metadata.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3"; option java_outer_classname = "FileBasedMetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Grpc Credentials File Based Metadata] // Configuration for File Based Metadata Grpc Credentials Plugin diff --git a/api/envoy/config/listener/v2/api_listener.proto b/api/envoy/config/listener/v2/api_listener.proto index 29fa688d5a6b7..6709d5fe0b524 100644 --- a/api/envoy/config/listener/v2/api_listener.proto +++ b/api/envoy/config/listener/v2/api_listener.proto @@ -11,7 +11,7 @@ option java_package = "io.envoyproxy.envoy.config.listener.v2"; option java_outer_classname = "ApiListenerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: API listener] diff --git a/api/envoy/config/listener/v3/api_listener.proto b/api/envoy/config/listener/v3/api_listener.proto index b5dd805bcb1a7..4d3879a22b1da 100644 --- a/api/envoy/config/listener/v3/api_listener.proto +++ b/api/envoy/config/listener/v3/api_listener.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "ApiListenerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: API listener] diff --git a/api/envoy/config/listener/v3/listener.proto b/api/envoy/config/listener/v3/listener.proto index 0ae284a12f556..473a5eb2b42b6 100644 --- a/api/envoy/config/listener/v3/listener.proto +++ b/api/envoy/config/listener/v3/listener.proto @@ -21,7 +21,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "ListenerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listener configuration] // Listener :ref:`configuration overview ` diff --git a/api/envoy/config/listener/v3/listener_components.proto b/api/envoy/config/listener/v3/listener_components.proto index a30ddfec0909d..88e75e65b5267 100644 --- a/api/envoy/config/listener/v3/listener_components.proto +++ b/api/envoy/config/listener/v3/listener_components.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "ListenerComponentsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listener components] // Listener :ref:`configuration overview ` diff --git a/api/envoy/config/listener/v3/quic_config.proto b/api/envoy/config/listener/v3/quic_config.proto index 984764e6ff692..9949da2e0d708 100644 --- a/api/envoy/config/listener/v3/quic_config.proto +++ b/api/envoy/config/listener/v3/quic_config.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "QuicConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener Config] diff --git a/api/envoy/config/listener/v3/udp_listener_config.proto b/api/envoy/config/listener/v3/udp_listener_config.proto index 4434ba1885b9c..9edbe59548620 100644 --- a/api/envoy/config/listener/v3/udp_listener_config.proto +++ b/api/envoy/config/listener/v3/udp_listener_config.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "UdpListenerConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: UDP Listener Config] // Listener :ref:`configuration overview ` diff --git a/api/envoy/config/metrics/v2/metrics_service.proto b/api/envoy/config/metrics/v2/metrics_service.proto index 9281e6c92a5af..f1f8662f0750d 100644 --- a/api/envoy/config/metrics/v2/metrics_service.proto +++ b/api/envoy/config/metrics/v2/metrics_service.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v2"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metrics service] diff --git a/api/envoy/config/metrics/v2/stats.proto b/api/envoy/config/metrics/v2/stats.proto index 658a084e8386c..c6113bf5a5d38 100644 --- a/api/envoy/config/metrics/v2/stats.proto +++ b/api/envoy/config/metrics/v2/stats.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v2"; option java_outer_classname = "StatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Stats] // Statistics :ref:`architecture overview `. diff --git a/api/envoy/config/metrics/v3/metrics_service.proto b/api/envoy/config/metrics/v3/metrics_service.proto index 66e3cc1443c79..ad9879055ba3c 100644 --- a/api/envoy/config/metrics/v3/metrics_service.proto +++ b/api/envoy/config/metrics/v3/metrics_service.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v3"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metrics service] diff --git a/api/envoy/config/metrics/v3/stats.proto b/api/envoy/config/metrics/v3/stats.proto index 801c01dd54ab1..f2f12d73a6254 100644 --- a/api/envoy/config/metrics/v3/stats.proto +++ b/api/envoy/config/metrics/v3/stats.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v3"; option java_outer_classname = "StatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Stats] // Statistics :ref:`architecture overview `. diff --git a/api/envoy/config/overload/v2alpha/overload.proto b/api/envoy/config/overload/v2alpha/overload.proto index 6c24782bdbcfa..03886cdee6d6e 100644 --- a/api/envoy/config/overload/v2alpha/overload.proto +++ b/api/envoy/config/overload/v2alpha/overload.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.overload.v2alpha"; option java_outer_classname = "OverloadProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Overload Manager] diff --git a/api/envoy/config/overload/v3/overload.proto b/api/envoy/config/overload/v3/overload.proto index e127c4d1810cc..d564e0d0ae3dc 100644 --- a/api/envoy/config/overload/v3/overload.proto +++ b/api/envoy/config/overload/v3/overload.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.overload.v3"; option java_outer_classname = "OverloadProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Overload Manager] diff --git a/api/envoy/config/ratelimit/v2/rls.proto b/api/envoy/config/ratelimit/v2/rls.proto index c89ebfc12fd93..92801ea7b9689 100644 --- a/api/envoy/config/ratelimit/v2/rls.proto +++ b/api/envoy/config/ratelimit/v2/rls.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.ratelimit.v2"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit service] diff --git a/api/envoy/config/ratelimit/v3/rls.proto b/api/envoy/config/ratelimit/v3/rls.proto index 2bea330b23961..bb3c538bbabff 100644 --- a/api/envoy/config/ratelimit/v3/rls.proto +++ b/api/envoy/config/ratelimit/v3/rls.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.ratelimit.v3"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit service] diff --git a/api/envoy/config/rbac/v2/rbac.proto b/api/envoy/config/rbac/v2/rbac.proto index 564777a22465a..8f8323e5c4af0 100644 --- a/api/envoy/config/rbac/v2/rbac.proto +++ b/api/envoy/config/rbac/v2/rbac.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.rbac.v2"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Role Based Access Control (RBAC)] diff --git a/api/envoy/config/rbac/v3/rbac.proto b/api/envoy/config/rbac/v3/rbac.proto index 4ecedfdfb9c9b..055e14253cae4 100644 --- a/api/envoy/config/rbac/v3/rbac.proto +++ b/api/envoy/config/rbac/v3/rbac.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.rbac.v3"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Role Based Access Control (RBAC)] diff --git a/api/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto b/api/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto index 9b06c3bb641bd..d229cffef8ca9 100644 --- a/api/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto +++ b/api/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto @@ -12,7 +12,7 @@ option java_outer_classname = "OmitHostMetadataConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.retry.host.omit_host_metadata.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Omit host metadata retry predicate] diff --git a/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto b/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto index b9e81c7e6a935..e967411785768 100644 --- a/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto +++ b/api/envoy/config/retry/previous_priorities/previous_priorities_config.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.retry.previous_priorities"; option java_outer_classname = "PreviousPrioritiesConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Previous priorities retry selector] diff --git a/api/envoy/config/route/v3/route.proto b/api/envoy/config/route/v3/route.proto index cfdb6caf8e829..a528d99bd4488 100644 --- a/api/envoy/config/route/v3/route.proto +++ b/api/envoy/config/route/v3/route.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.route.v3"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP route configuration] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index d5995c1f7b972..f63f0961249f1 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -22,7 +22,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.route.v3"; option java_outer_classname = "RouteComponentsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP route components] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/config/route/v3/scoped_route.proto b/api/envoy/config/route/v3/scoped_route.proto index fb81ad3f9c92a..f2b28ed974c01 100644 --- a/api/envoy/config/route/v3/scoped_route.proto +++ b/api/envoy/config/route/v3/scoped_route.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.route.v3"; option java_outer_classname = "ScopedRouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP scoped routing configuration] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/config/route/v4alpha/BUILD b/api/envoy/config/route/v4alpha/BUILD new file mode 100644 index 0000000000000..507bedd76bdf3 --- /dev/null +++ b/api/envoy/config/route/v4alpha/BUILD @@ -0,0 +1,17 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/route/v3:pkg", + "//envoy/type/matcher/v3:pkg", + "//envoy/type/tracing/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/config/route/v4alpha/route.proto b/api/envoy/config/route/v4alpha/route.proto new file mode 100644 index 0000000000000..1b805d35344f0 --- /dev/null +++ b/api/envoy/config/route/v4alpha/route.proto @@ -0,0 +1,117 @@ +syntax = "proto3"; + +package envoy.config.route.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/route/v4alpha/route_components.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.route.v4alpha"; +option java_outer_classname = "RouteProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP route configuration] +// * Routing :ref:`architecture overview ` +// * HTTP :ref:`router filter ` + +// [#next-free-field: 11] +message RouteConfiguration { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteConfiguration"; + + // The name of the route configuration. For example, it might match + // :ref:`route_config_name + // ` in + // :ref:`envoy_api_msg_extensions.filters.network.http_connection_manager.v4alpha.Rds`. + string name = 1; + + // An array of virtual hosts that make up the route table. + repeated VirtualHost virtual_hosts = 2; + + // An array of virtual hosts will be dynamically loaded via the VHDS API. + // Both *virtual_hosts* and *vhds* fields will be used when present. *virtual_hosts* can be used + // for a base routing table or for infrequently changing virtual hosts. *vhds* is used for + // on-demand discovery of virtual hosts. The contents of these two fields will be merged to + // generate a routing table for a given RouteConfiguration, with *vhds* derived configuration + // taking precedence. + Vhds vhds = 9; + + // Optionally specifies a list of HTTP headers that the connection manager + // will consider to be internal only. If they are found on external requests they will be cleaned + // prior to filter invocation. See :ref:`config_http_conn_man_headers_x-envoy-internal` for more + // information. + repeated string internal_only_headers = 3 [ + (validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME strict: false}}} + ]; + + // Specifies a list of HTTP headers that should be added to each response that + // the connection manager encodes. Headers specified at this level are applied + // after headers from any enclosed :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` or + // :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 4 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // that the connection manager encodes. + repeated string response_headers_to_remove = 5 [ + (validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME strict: false}}} + ]; + + // Specifies a list of HTTP headers that should be added to each request + // routed by the HTTP connection manager. Headers specified at this level are + // applied after headers from any enclosed :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` or + // :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 6 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // routed by the HTTP connection manager. + repeated string request_headers_to_remove = 8 [ + (validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME strict: false}}} + ]; + + // By default, headers that should be added/removed are evaluated from most to least specific: + // + // * route level + // * virtual host level + // * connection manager level + // + // To allow setting overrides at the route or virtual host level, this order can be reversed + // by setting this option to true. Defaults to false. + // + // [#next-major-version: In the v3 API, this will default to true.] + bool most_specific_header_mutations_wins = 10; + + // An optional boolean that specifies whether the clusters that the route + // table refers to will be validated by the cluster manager. If set to true + // and a route refers to a non-existent cluster, the route table will not + // load. If set to false and a route refers to a non-existent cluster, the + // route table will load and the router filter will return a 404 if the route + // is selected at runtime. This setting defaults to true if the route table + // is statically defined via the :ref:`route_config + // ` + // option. This setting default to false if the route table is loaded dynamically via the + // :ref:`rds + // ` + // option. Users may wish to override the default behavior in certain cases (for example when + // using CDS with a static route table). + google.protobuf.BoolValue validate_clusters = 7; +} + +message Vhds { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Vhds"; + + // Configuration source specifier for VHDS. + core.v4alpha.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto new file mode 100644 index 0000000000000..33f8d64543df6 --- /dev/null +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -0,0 +1,1566 @@ +syntax = "proto3"; + +package envoy.config.route.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/type/matcher/v3/regex.proto"; +import "envoy/type/matcher/v3/string.proto"; +import "envoy/type/tracing/v3/custom_tag.proto"; +import "envoy/type/v3/percent.proto"; +import "envoy/type/v3/range.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.route.v4alpha"; +option java_outer_classname = "RouteComponentsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP route components] +// * Routing :ref:`architecture overview ` +// * HTTP :ref:`router filter ` + +// The top level element in the routing configuration is a virtual host. Each virtual host has +// a logical name as well as a set of domains that get routed to it based on the incoming request's +// host header. This allows a single listener to service multiple top level domain path trees. Once +// a virtual host is selected based on the domain, the routes are processed in order to see which +// upstream cluster to route to or whether to perform a redirect. +// [#next-free-field: 21] +message VirtualHost { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.VirtualHost"; + + enum TlsRequirementType { + // No TLS requirement for the virtual host. + NONE = 0; + + // External requests must use TLS. If a request is external and it is not + // using TLS, a 301 redirect will be sent telling the client to use HTTPS. + EXTERNAL_ONLY = 1; + + // All requests must use TLS. If a request is not using TLS, a 301 redirect + // will be sent telling the client to use HTTPS. + ALL = 2; + } + + reserved 9, 12; + + reserved "per_filter_config"; + + // The logical name of the virtual host. This is used when emitting certain + // statistics but is not relevant for routing. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // A list of domains (host/authority header) that will be matched to this + // virtual host. Wildcard hosts are supported in the suffix or prefix form. + // + // Domain search order: + // 1. Exact domain names: ``www.foo.com``. + // 2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``. + // 3. Prefix domain wildcards: ``foo.*`` or ``foo-*``. + // 4. Special wildcard ``*`` matching any domain. + // + // .. note:: + // + // The wildcard will not match the empty string. + // e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``. + // The longest wildcards match first. + // Only a single virtual host in the entire route configuration can match on ``*``. A domain + // must be unique across all virtual hosts or the config will fail to load. + // + // Domains cannot contain control characters. This is validated by the well_known_regex HTTP_HEADER_VALUE. + repeated string domains = 2 [(validate.rules).repeated = { + min_items: 1 + items {string {well_known_regex: HTTP_HEADER_VALUE strict: false}} + }]; + + // The list of routes that will be matched, in order, for incoming requests. + // The first route that matches will be used. + repeated Route routes = 3; + + // Specifies the type of TLS enforcement the virtual host expects. If this option is not + // specified, there is no TLS requirement for the virtual host. + TlsRequirementType require_tls = 4 [(validate.rules).enum = {defined_only: true}]; + + // A list of virtual clusters defined for this virtual host. Virtual clusters + // are used for additional statistics gathering. + repeated VirtualCluster virtual_clusters = 5; + + // Specifies a set of rate limit configurations that will be applied to the + // virtual host. + repeated RateLimit rate_limits = 6; + + // Specifies a list of HTTP headers that should be added to each request + // handled by this virtual host. Headers specified at this level are applied + // after headers from enclosed :ref:`envoy_api_msg_config.route.v4alpha.Route` and before headers from the + // enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 7 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // handled by this virtual host. + repeated string request_headers_to_remove = 13; + + // Specifies a list of HTTP headers that should be added to each response + // handled by this virtual host. Headers specified at this level are applied + // after headers from enclosed :ref:`envoy_api_msg_config.route.v4alpha.Route` and before headers from the + // enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // handled by this virtual host. + repeated string response_headers_to_remove = 11; + + // Indicates that the virtual host has a CORS policy. + CorsPolicy cors = 8; + + // The per_filter_config field can be used to provide virtual host-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` + // for if and how it is utilized. + map typed_per_filter_config = 15; + + // Decides whether the :ref:`x-envoy-attempt-count + // ` header should be included + // in the upstream request. Setting this option will cause it to override any existing header + // value, so in the case of two Envoys on the request path with this option enabled, the upstream + // will see the attempt count as perceived by the second Envoy. Defaults to false. + // This header is unaffected by the + // :ref:`suppress_envoy_headers + // ` flag. + // + // [#next-major-version: rename to include_attempt_count_in_request.] + bool include_request_attempt_count = 14; + + // Decides whether the :ref:`x-envoy-attempt-count + // ` header should be included + // in the downstream response. Setting this option will cause the router to override any existing header + // value, so in the case of two Envoys on the request path with this option enabled, the downstream + // will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false. + // This header is unaffected by the + // :ref:`suppress_envoy_headers + // ` flag. + bool include_attempt_count_in_response = 19; + + // Indicates the retry policy for all routes in this virtual host. Note that setting a + // route level entry will take precedence over this config and it'll be treated + // independently (e.g.: values are not inherited). + RetryPolicy retry_policy = 16; + + // [#not-implemented-hide:] + // Specifies the configuration for retry policy extension. Note that setting a route level entry + // will take precedence over this config and it'll be treated independently (e.g.: values are not + // inherited). :ref:`Retry policy ` should not be + // set if this field is used. + google.protobuf.Any retry_policy_typed_config = 20; + + // Indicates the hedge policy for all routes in this virtual host. Note that setting a + // route level entry will take precedence over this config and it'll be treated + // independently (e.g.: values are not inherited). + HedgePolicy hedge_policy = 17; + + // The maximum bytes which will be buffered for retries and shadowing. + // If set and a route-specific limit is not set, the bytes actually buffered will be the minimum + // value of this and the listener per_connection_buffer_limit_bytes. + google.protobuf.UInt32Value per_request_buffer_limit_bytes = 18; +} + +// A filter-defined action type. +message FilterAction { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.FilterAction"; + + google.protobuf.Any action = 1; +} + +// A route is both a specification of how to match a request as well as an indication of what to do +// next (e.g., redirect, forward, rewrite, etc.). +// +// .. attention:: +// +// Envoy supports routing on HTTP method via :ref:`header matching +// `. +// [#next-free-field: 18] +message Route { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Route"; + + reserved 6, 8; + + reserved "per_filter_config"; + + // Name for the route. + string name = 14; + + // Route matching parameters. + RouteMatch match = 1 [(validate.rules).message = {required: true}]; + + oneof action { + option (validate.required) = true; + + // Route request to some upstream cluster. + RouteAction route = 2; + + // Return a redirect. + RedirectAction redirect = 3; + + // Return an arbitrary HTTP response directly, without proxying. + DirectResponseAction direct_response = 7; + + // [#not-implemented-hide:] + // If true, a filter will define the action (e.g., it could dynamically generate the + // RouteAction). + FilterAction filter_action = 17; + } + + // The Metadata field can be used to provide additional information + // about the route. It can be used for configuration, stats, and logging. + // The metadata should go under the filter namespace that will need it. + // For instance, if the metadata is intended for the Router filter, + // the filter name should be specified as *envoy.filters.http.router*. + core.v4alpha.Metadata metadata = 4; + + // Decorator for the matched route. + Decorator decorator = 5; + + // The typed_per_filter_config field can be used to provide route-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` for + // if and how it is utilized. + map typed_per_filter_config = 13; + + // Specifies a set of headers that will be added to requests matching this + // route. Headers specified at this level are applied before headers from the + // enclosing :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 9 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // matching this route. + repeated string request_headers_to_remove = 12; + + // Specifies a set of headers that will be added to responses to requests + // matching this route. Headers specified at this level are applied before + // headers from the enclosing :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on + // :ref:`custom request headers `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // to requests matching this route. + repeated string response_headers_to_remove = 11; + + // Presence of the object defines whether the connection manager's tracing configuration + // is overridden by this route specific instance. + Tracing tracing = 15; + + // The maximum bytes which will be buffered for retries and shadowing. + // If set, the bytes actually buffered will be the minimum value of this and the + // listener per_connection_buffer_limit_bytes. + google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16; +} + +// Compared to the :ref:`cluster ` field that specifies a +// single upstream cluster as the target of a request, the :ref:`weighted_clusters +// ` option allows for specification of +// multiple upstream clusters along with weights that indicate the percentage of +// traffic to be forwarded to each cluster. The router selects an upstream cluster based on the +// weights. +message WeightedCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.WeightedCluster"; + + // [#next-free-field: 11] + message ClusterWeight { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.WeightedCluster.ClusterWeight"; + + reserved 7, 8; + + reserved "per_filter_config"; + + // Name of the upstream cluster. The cluster must exist in the + // :ref:`cluster manager configuration `. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // An integer between 0 and :ref:`total_weight + // `. When a request matches the route, + // the choice of an upstream cluster is determined by its weight. The sum of weights across all + // entries in the clusters array must add up to the total_weight, which defaults to 100. + google.protobuf.UInt32Value weight = 2; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in + // the upstream cluster with metadata matching what is set in this field will be considered for + // load balancing. Note that this will be merged with what's provided in + // :ref:`RouteAction.metadata_match `, with + // values here taking precedence. The filter name should be specified as *envoy.lb*. + core.v4alpha.Metadata metadata_match = 3; + + // Specifies a list of headers to be added to requests when this cluster is selected + // through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + // Headers specified at this level are applied before headers from the enclosing + // :ref:`envoy_api_msg_config.route.v4alpha.Route`, :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost`, and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 4 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request when + // this cluster is selected through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + repeated string request_headers_to_remove = 9; + + // Specifies a list of headers to be added to responses when this cluster is selected + // through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + // Headers specified at this level are applied before headers from the enclosing + // :ref:`envoy_api_msg_config.route.v4alpha.Route`, :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost`, and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 5 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of headers to be removed from responses when this cluster is selected + // through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + repeated string response_headers_to_remove = 6; + + // The per_filter_config field can be used to provide weighted cluster-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` + // for if and how it is utilized. + map typed_per_filter_config = 10; + } + + // Specifies one or more upstream clusters associated with the route. + repeated ClusterWeight clusters = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Specifies the total weight across all clusters. The sum of all cluster weights must equal this + // value, which must be greater than 0. Defaults to 100. + google.protobuf.UInt32Value total_weight = 3 [(validate.rules).uint32 = {gte: 1}]; + + // Specifies the runtime key prefix that should be used to construct the + // runtime keys associated with each cluster. When the *runtime_key_prefix* is + // specified, the router will look for weights associated with each upstream + // cluster under the key *runtime_key_prefix* + "." + *cluster[i].name* where + // *cluster[i]* denotes an entry in the clusters array field. If the runtime + // key for the cluster does not exist, the value specified in the + // configuration file will be used as the default weight. See the :ref:`runtime documentation + // ` for how key names map to the underlying implementation. + string runtime_key_prefix = 2; +} + +// [#next-free-field: 12] +message RouteMatch { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RouteMatch"; + + message GrpcRouteMatchOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteMatch.GrpcRouteMatchOptions"; + } + + message TlsContextMatchOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteMatch.TlsContextMatchOptions"; + + // If specified, the route will match against whether or not a certificate is presented. + // If not specified, certificate presentation status (true or false) will not be considered when route matching. + google.protobuf.BoolValue presented = 1; + + // If specified, the route will match against whether or not a certificate is validated. + // If not specified, certificate validation status (true or false) will not be considered when route matching. + google.protobuf.BoolValue validated = 2; + } + + reserved 5, 3; + + reserved "regex"; + + oneof path_specifier { + option (validate.required) = true; + + // If specified, the route is a prefix rule meaning that the prefix must + // match the beginning of the *:path* header. + string prefix = 1; + + // If specified, the route is an exact path rule meaning that the path must + // exactly match the *:path* header once the query string is removed. + string path = 2; + + // If specified, the route is a regular expression rule meaning that the + // regex must match the *:path* header once the query string is removed. The entire path + // (without the query string) must match the regex. The rule will not match if only a + // subsequence of the *:path* header matches the regex. + // + // [#next-major-version: In the v3 API we should redo how path specification works such + // that we utilize StringMatcher, and additionally have consistent options around whether we + // strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive + // to deprecate the existing options. We should even consider whether we want to do away with + // path_specifier entirely and just rely on a set of header matchers which can already match + // on :path, etc. The issue with that is it is unclear how to generically deal with query string + // stripping. This needs more thought.] + type.matcher.v3.RegexMatcher safe_regex = 10 [(validate.rules).message = {required: true}]; + } + + // Indicates that prefix/path matching should be case insensitive. The default + // is true. + google.protobuf.BoolValue case_sensitive = 4; + + // Indicates that the route should additionally match on a runtime key. Every time the route + // is considered for a match, it must also fall under the percentage of matches indicated by + // this field. For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numerator N, or if the key is not present, the default + // value, the router continues to evaluate the remaining match criteria. A runtime_fraction + // route configuration can be used to roll out route changes in a gradual manner without full + // code/config deploys. Refer to the :ref:`traffic shifting + // ` docs for additional documentation. + // + // .. note:: + // + // Parsing this field is implemented such that the runtime key's data may be represented + // as a FractionalPercent proto represented as JSON/YAML and may also be represented as an + // integer with the assumption that the value is an integral percentage out of 100. For + // instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent + // whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics. + core.v4alpha.RuntimeFractionalPercent runtime_fraction = 9; + + // Specifies a set of headers that the route should match on. The router will + // check the request’s headers against all the specified headers in the route + // config. A match will happen if all the headers in the route are present in + // the request with the same values (or based on presence if the value field + // is not in the config). + repeated HeaderMatcher headers = 6; + + // Specifies a set of URL query parameters on which the route should + // match. The router will check the query string from the *path* header + // against all the specified query parameters. If the number of specified + // query parameters is nonzero, they all must match the *path* header's + // query string for a match to occur. + repeated QueryParameterMatcher query_parameters = 7; + + // If specified, only gRPC requests will be matched. The router will check + // that the content-type header has a application/grpc or one of the various + // application/grpc+ values. + GrpcRouteMatchOptions grpc = 8; + + // If specified, the client tls context will be matched against the defined + // match options. + // + // [#next-major-version: unify with RBAC] + TlsContextMatchOptions tls_context = 11; +} + +// [#next-free-field: 12] +message CorsPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.CorsPolicy"; + + reserved 1, 8, 7; + + reserved "allow_origin", "allow_origin_regex", "enabled"; + + // Specifies string patterns that match allowed origins. An origin is allowed if any of the + // string matchers match. + repeated type.matcher.v3.StringMatcher allow_origin_string_match = 11; + + // Specifies the content for the *access-control-allow-methods* header. + string allow_methods = 2; + + // Specifies the content for the *access-control-allow-headers* header. + string allow_headers = 3; + + // Specifies the content for the *access-control-expose-headers* header. + string expose_headers = 4; + + // Specifies the content for the *access-control-max-age* header. + string max_age = 5; + + // Specifies whether the resource allows credentials. + google.protobuf.BoolValue allow_credentials = 6; + + oneof enabled_specifier { + // Specifies the % of requests for which the CORS filter is enabled. + // + // If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS + // filter will be enabled for 100% of the requests. + // + // If :ref:`runtime_key ` is + // specified, Envoy will lookup the runtime key to get the percentage of requests to filter. + core.v4alpha.RuntimeFractionalPercent filter_enabled = 9; + } + + // Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not + // enforced. + // + // This field is intended to be used when ``filter_enabled`` and ``enabled`` are off. One of those + // fields have to explicitly disable the filter in order for this setting to take effect. + // + // If :ref:`runtime_key ` is specified, + // Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate + // and track the request's *Origin* to determine if it's valid but will not enforce any policies. + core.v4alpha.RuntimeFractionalPercent shadow_enabled = 10; +} + +// [#next-free-field: 34] +message RouteAction { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RouteAction"; + + enum ClusterNotFoundResponseCode { + // HTTP status code - 503 Service Unavailable. + SERVICE_UNAVAILABLE = 0; + + // HTTP status code - 404 Not Found. + NOT_FOUND = 1; + } + + // Configures :ref:`internal redirect ` behavior. + enum InternalRedirectAction { + PASS_THROUGH_INTERNAL_REDIRECT = 0; + HANDLE_INTERNAL_REDIRECT = 1; + } + + // The router is capable of shadowing traffic from one cluster to another. The current + // implementation is "fire and forget," meaning Envoy will not wait for the shadow cluster to + // respond before returning the response from the primary cluster. All normal statistics are + // collected for the shadow cluster making this feature useful for testing. + // + // During shadowing, the host/authority header is altered such that *-shadow* is appended. This is + // useful for logging. For example, *cluster1* becomes *cluster1-shadow*. + // + // .. note:: + // + // Shadowing will not be triggered if the primary cluster does not exist. + message RequestMirrorPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.RequestMirrorPolicy"; + + reserved 2; + + reserved "runtime_key"; + + // Specifies the cluster that requests will be mirrored to. The cluster must + // exist in the cluster manager configuration. + string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // If not specified, all requests to the target cluster will be mirrored. + // + // If specified, this field takes precedence over the `runtime_key` field and requests must also + // fall under the percentage of matches indicated by this field. + // + // For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numerator N, or if the key is not present, the default + // value, the request will be mirrored. + core.v4alpha.RuntimeFractionalPercent runtime_fraction = 3; + + // Determines if the trace span should be sampled. Defaults to true. + google.protobuf.BoolValue trace_sampled = 4; + } + + // Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer + // `. + // [#next-free-field: 7] + message HashPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy"; + + message Header { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.Header"; + + // The name of the request header that will be used to obtain the hash + // key. If the request header is not present, no hash will be produced. + string header_name = 1 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false} + ]; + } + + // Envoy supports two types of cookie affinity: + // + // 1. Passive. Envoy takes a cookie that's present in the cookies header and + // hashes on its value. + // + // 2. Generated. Envoy generates and sets a cookie with an expiration (TTL) + // on the first request from the client in its response to the client, + // based on the endpoint the request gets sent to. The client then + // presents this on the next and all subsequent requests. The hash of + // this is sufficient to ensure these requests get sent to the same + // endpoint. The cookie is generated by hashing the source and + // destination ports and addresses so that multiple independent HTTP2 + // streams on the same connection will independently receive the same + // cookie, even if they arrive at the Envoy simultaneously. + message Cookie { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.Cookie"; + + // The name of the cookie that will be used to obtain the hash key. If the + // cookie is not present and ttl below is not set, no hash will be + // produced. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // If specified, a cookie with the TTL will be generated if the cookie is + // not present. If the TTL is present and zero, the generated cookie will + // be a session cookie. + google.protobuf.Duration ttl = 2; + + // The name of the path for the cookie. If no path is specified here, no path + // will be set for the cookie. + string path = 3; + } + + message ConnectionProperties { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.ConnectionProperties"; + + // Hash on source IP address. + bool source_ip = 1; + } + + message QueryParameter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.QueryParameter"; + + // The name of the URL query parameter that will be used to obtain the hash + // key. If the parameter is not present, no hash will be produced. Query + // parameter names are case-sensitive. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + message FilterState { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.FilterState"; + + // The name of the Object in the per-request filterState, which is an + // Envoy::Http::Hashable object. If there is no data associated with the key, + // or the stored object is not Envoy::Http::Hashable, no hash will be produced. + string key = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + oneof policy_specifier { + option (validate.required) = true; + + // Header hash policy. + Header header = 1; + + // Cookie hash policy. + Cookie cookie = 2; + + // Connection properties hash policy. + ConnectionProperties connection_properties = 3; + + // Query parameter hash policy. + QueryParameter query_parameter = 5; + + // Filter state hash policy. + FilterState filter_state = 6; + } + + // The flag that short-circuits the hash computing. This field provides a + // 'fallback' style of configuration: "if a terminal policy doesn't work, + // fallback to rest of the policy list", it saves time when the terminal + // policy works. + // + // If true, and there is already a hash computed, ignore rest of the + // list of hash polices. + // For example, if the following hash methods are configured: + // + // ========= ======== + // specifier terminal + // ========= ======== + // Header A true + // Header B false + // Header C false + // ========= ======== + // + // The generateHash process ends if policy "header A" generates a hash, as + // it's a terminal policy. + bool terminal = 4; + } + + // Allows enabling and disabling upgrades on a per-route basis. + // This overrides any enabled/disabled upgrade filter chain specified in the + // HttpConnectionManager + // :ref:`upgrade_configs + // ` + // but does not affect any custom filter chain specified there. + message UpgradeConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.UpgradeConfig"; + + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] will be proxied upstream. + string upgrade_type = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Determines if upgrades are available on this route. Defaults to true. + google.protobuf.BoolValue enabled = 2; + } + + reserved 12, 18, 19, 16, 22, 21, 10; + + reserved "request_mirror_policy"; + + oneof cluster_specifier { + option (validate.required) = true; + + // Indicates the upstream cluster to which the request should be routed + // to. + string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Envoy will determine the cluster to route to by reading the value of the + // HTTP header named by cluster_header from the request headers. If the + // header is not found or the referenced cluster does not exist, Envoy will + // return a 404 response. + // + // .. attention:: + // + // Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 + // *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. + string cluster_header = 2 + [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. See + // :ref:`traffic splitting ` + // for additional documentation. + WeightedCluster weighted_clusters = 3; + } + + // The HTTP status code to use when configured cluster is not found. + // The default response code is 503 Service Unavailable. + ClusterNotFoundResponseCode cluster_not_found_response_code = 20 + [(validate.rules).enum = {defined_only: true}]; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints + // in the upstream cluster with metadata matching what's set in this field will be considered + // for load balancing. If using :ref:`weighted_clusters + // `, metadata will be merged, with values + // provided there taking precedence. The filter name should be specified as *envoy.lb*. + core.v4alpha.Metadata metadata_match = 4; + + // Indicates that during forwarding, the matched prefix (or path) should be + // swapped with this value. This option allows application URLs to be rooted + // at a different path from those exposed at the reverse proxy layer. The router filter will + // place the original path before rewrite into the :ref:`x-envoy-original-path + // ` header. + // + // Only one of *prefix_rewrite* or + // :ref:`regex_rewrite ` + // may be specified. + // + // .. attention:: + // + // Pay careful attention to the use of trailing slashes in the + // :ref:`route's match ` prefix value. + // Stripping a prefix from a path requires multiple Routes to handle all cases. For example, + // rewriting */prefix* to */* and */prefix/etc* to */etc* cannot be done in a single + // :ref:`Route `, as shown by the below config entries: + // + // .. code-block:: yaml + // + // - match: + // prefix: "/prefix/" + // route: + // prefix_rewrite: "/" + // - match: + // prefix: "/prefix" + // route: + // prefix_rewrite: "/" + // + // Having above entries in the config, requests to */prefix* will be stripped to */*, while + // requests to */prefix/etc* will be stripped to */etc*. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during forwarding, portions of the path that match the + // pattern should be rewritten, even allowing the substitution of capture + // groups from the pattern into the new path as specified by the rewrite + // substitution string. This is useful to allow application paths to be + // rewritten in a way that is aware of segments with variable content like + // identifiers. The router filter will place the original path as it was + // before the rewrite into the :ref:`x-envoy-original-path + // ` header. + // + // Only one of :ref:`prefix_rewrite ` + // or *regex_rewrite* may be specified. + // + // Examples using Google's `RE2 `_ engine: + // + // * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution + // string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` + // into ``/v1/api/instance/foo``. + // + // * The pattern ``one`` paired with a substitution string of ``two`` would + // transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. + // + // * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of + // ``\1two\2`` would replace only the first occurrence of ``one``, + // transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. + // + // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` + // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to + // ``/aaa/yyy/bbb``. + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 32; + + oneof host_rewrite_specifier { + // Indicates that during forwarding, the host header will be swapped with + // this value. + string host_rewrite_literal = 6 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during forwarding, the host header will be swapped with + // the hostname of the upstream host chosen by the cluster manager. This + // option is applicable only when the destination cluster for a route is of + // type *strict_dns* or *logical_dns*. Setting this to true with other cluster + // types has no effect. + google.protobuf.BoolValue auto_host_rewrite = 7; + + // Indicates that during forwarding, the host header will be swapped with the content of given + // downstream or :ref:`custom ` header. + // If header value is empty, host header is left intact. + // + // .. attention:: + // + // Pay attention to the potential security implications of using this option. Provided header + // must come from trusted source. + string host_rewrite_header = 29 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; + } + + // Specifies the upstream timeout for the route. If not specified, the default is 15s. This + // spans between the point at which the entire downstream request (i.e. end-of-stream) has been + // processed and when the upstream response has been completely processed. A value of 0 will + // disable the route's timeout. + // + // .. note:: + // + // This timeout includes all retries. See also + // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the + // :ref:`retry overview `. + google.protobuf.Duration timeout = 8; + + // Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, + // although the connection manager wide :ref:`stream_idle_timeout + // ` + // will still apply. A value of 0 will completely disable the route's idle timeout, even if a + // connection manager stream idle timeout is configured. + // + // The idle timeout is distinct to :ref:`timeout + // `, which provides an upper bound + // on the upstream response time; :ref:`idle_timeout + // ` instead bounds the amount + // of time the request's stream may be idle. + // + // After header decoding, the idle timeout will apply on downstream and + // upstream request events. Each time an encode/decode event for headers or + // data is processed for the stream, the timer will be reset. If the timeout + // fires, the stream is terminated with a 408 Request Timeout error code if no + // upstream response header has been received, otherwise a stream reset + // occurs. + google.protobuf.Duration idle_timeout = 24; + + // Indicates that the route has a retry policy. Note that if this is set, + // it'll take precedence over the virtual host level retry policy entirely + // (e.g.: policies are not merged, most internal one becomes the enforced policy). + RetryPolicy retry_policy = 9; + + // [#not-implemented-hide:] + // Specifies the configuration for retry policy extension. Note that if this is set, it'll take + // precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, + // most internal one becomes the enforced policy). :ref:`Retry policy ` + // should not be set if this field is used. + google.protobuf.Any retry_policy_typed_config = 33; + + // Indicates that the route has request mirroring policies. + repeated RequestMirrorPolicy request_mirror_policies = 30; + + // Optionally specifies the :ref:`routing priority `. + core.v4alpha.RoutingPriority priority = 11 [(validate.rules).enum = {defined_only: true}]; + + // Specifies a set of rate limit configurations that could be applied to the + // route. + repeated RateLimit rate_limits = 13; + + // Specifies if the rate limit filter should include the virtual host rate + // limits. By default, if the route configured rate limits, the virtual host + // :ref:`rate_limits ` are not applied to the + // request. + google.protobuf.BoolValue include_vh_rate_limits = 14; + + // Specifies a list of hash policies to use for ring hash load balancing. Each + // hash policy is evaluated individually and the combined result is used to + // route the request. The method of combination is deterministic such that + // identical lists of hash policies will produce the same hash. Since a hash + // policy examines specific parts of a request, it can fail to produce a hash + // (i.e. if the hashed header is not present). If (and only if) all configured + // hash policies fail to generate a hash, no hash will be produced for + // the route. In this case, the behavior is the same as if no hash policies + // were specified (i.e. the ring hash load balancer will choose a random + // backend). If a hash policy has the "terminal" attribute set to true, and + // there is already a hash generated, the hash is returned immediately, + // ignoring the rest of the hash policy list. + repeated HashPolicy hash_policy = 15; + + // Indicates that the route has a CORS policy. + CorsPolicy cors = 17; + + // If present, and the request is a gRPC request, use the + // `grpc-timeout header `_, + // or its default value (infinity) instead of + // :ref:`timeout `, but limit the applied timeout + // to the maximum value specified here. If configured as 0, the maximum allowed timeout for + // gRPC requests is infinity. If not configured at all, the `grpc-timeout` header is not used + // and gRPC requests time out like any other requests using + // :ref:`timeout ` or its default. + // This can be used to prevent unexpected upstream request timeouts due to potentially long + // time gaps between gRPC request and response in gRPC streaming mode. + // + // .. note:: + // + // If a timeout is specified using :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, it takes + // precedence over `grpc-timeout header `_, when + // both are present. See also + // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the + // :ref:`retry overview `. + google.protobuf.Duration max_grpc_timeout = 23; + + // If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting + // the provided duration from the header. This is useful in allowing Envoy to set its global + // timeout to be less than that of the deadline imposed by the calling client, which makes it more + // likely that Envoy will handle the timeout instead of having the call canceled by the client. + // The offset will only be applied if the provided grpc_timeout is greater than the offset. This + // ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning + // infinity). + google.protobuf.Duration grpc_timeout_offset = 28; + + repeated UpgradeConfig upgrade_configs = 25; + + InternalRedirectAction internal_redirect_action = 26; + + // An internal redirect is handled, iff the number of previous internal redirects that a + // downstream request has encountered is lower than this value, and + // :ref:`internal_redirect_action ` + // is set to :ref:`HANDLE_INTERNAL_REDIRECT + // ` + // In the case where a downstream request is bounced among multiple routes by internal redirect, + // the first route that hits this threshold, or has + // :ref:`internal_redirect_action ` + // set to + // :ref:`PASS_THROUGH_INTERNAL_REDIRECT + // ` + // will pass the redirect back to downstream. + // + // If not specified, at most one redirect will be followed. + google.protobuf.UInt32Value max_internal_redirects = 31; + + // Indicates that the route has a hedge policy. Note that if this is set, + // it'll take precedence over the virtual host level hedge policy entirely + // (e.g.: policies are not merged, most internal one becomes the enforced policy). + HedgePolicy hedge_policy = 27; +} + +// HTTP retry :ref:`architecture overview `. +// [#next-free-field: 11] +message RetryPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RetryPolicy"; + + message RetryPriority { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RetryPolicy.RetryPriority"; + + reserved 2; + + reserved "config"; + + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + message RetryHostPredicate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RetryPolicy.RetryHostPredicate"; + + reserved 2; + + reserved "config"; + + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + message RetryBackOff { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RetryPolicy.RetryBackOff"; + + // Specifies the base interval between retries. This parameter is required and must be greater + // than zero. Values less than 1 ms are rounded up to 1 ms. + // See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion of Envoy's + // back-off algorithm. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gt {} + }]; + + // Specifies the maximum interval between retries. This parameter is optional, but must be + // greater than or equal to the `base_interval` if set. The default is 10 times the + // `base_interval`. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion + // of Envoy's back-off algorithm. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}]; + } + + // Specifies the conditions under which retry takes place. These are the same + // conditions documented for :ref:`config_http_filters_router_x-envoy-retry-on` and + // :ref:`config_http_filters_router_x-envoy-retry-grpc-on`. + string retry_on = 1; + + // Specifies the allowed number of retries. This parameter is optional and + // defaults to 1. These are the same conditions documented for + // :ref:`config_http_filters_router_x-envoy-max-retries`. + google.protobuf.UInt32Value num_retries = 2; + + // Specifies a non-zero upstream timeout per retry attempt. This parameter is optional. The + // same conditions documented for + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms` apply. + // + // .. note:: + // + // If left unspecified, Envoy will use the global + // :ref:`route timeout ` for the request. + // Consequently, when using a :ref:`5xx ` based + // retry policy, a request that times out will not be retried as the total timeout budget + // would have been exhausted. + google.protobuf.Duration per_try_timeout = 3; + + // Specifies an implementation of a RetryPriority which is used to determine the + // distribution of load across priorities used for retries. Refer to + // :ref:`retry plugin configuration ` for more details. + RetryPriority retry_priority = 4; + + // Specifies a collection of RetryHostPredicates that will be consulted when selecting a host + // for retries. If any of the predicates reject the host, host selection will be reattempted. + // Refer to :ref:`retry plugin configuration ` for more + // details. + repeated RetryHostPredicate retry_host_predicate = 5; + + // The maximum number of times host selection will be reattempted before giving up, at which + // point the host that was last selected will be routed to. If unspecified, this will default to + // retrying once. + int64 host_selection_retry_max_attempts = 6; + + // HTTP status codes that should trigger a retry in addition to those specified by retry_on. + repeated uint32 retriable_status_codes = 7; + + // Specifies parameters that control retry back off. This parameter is optional, in which case the + // default base interval is 25 milliseconds or, if set, the current value of the + // `upstream.base_retry_backoff_ms` runtime parameter. The default maximum interval is 10 times + // the base interval. The documentation for :ref:`config_http_filters_router_x-envoy-max-retries` + // describes Envoy's back-off algorithm. + RetryBackOff retry_back_off = 8; + + // HTTP response headers that trigger a retry if present in the response. A retry will be + // triggered if any of the header matches match the upstream response headers. + // The field is only consulted if 'retriable-headers' retry policy is active. + repeated HeaderMatcher retriable_headers = 9; + + // HTTP headers which must be present in the request for retries to be attempted. + repeated HeaderMatcher retriable_request_headers = 10; +} + +// HTTP request hedging :ref:`architecture overview `. +message HedgePolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.HedgePolicy"; + + // Specifies the number of initial requests that should be sent upstream. + // Must be at least 1. + // Defaults to 1. + // [#not-implemented-hide:] + google.protobuf.UInt32Value initial_requests = 1 [(validate.rules).uint32 = {gte: 1}]; + + // Specifies a probability that an additional upstream request should be sent + // on top of what is specified by initial_requests. + // Defaults to 0. + // [#not-implemented-hide:] + type.v3.FractionalPercent additional_request_chance = 2; + + // Indicates that a hedged request should be sent when the per-try timeout + // is hit. This will only occur if the retry policy also indicates that a + // timed out request should be retried. + // Once a timed out request is retried due to per try timeout, the router + // filter will ensure that it is not retried again even if the returned + // response headers would otherwise be retried according the specified + // :ref:`RetryPolicy `. + // Defaults to false. + bool hedge_on_per_try_timeout = 3; +} + +// [#next-free-field: 9] +message RedirectAction { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RedirectAction"; + + enum RedirectResponseCode { + // Moved Permanently HTTP Status Code - 301. + MOVED_PERMANENTLY = 0; + + // Found HTTP Status Code - 302. + FOUND = 1; + + // See Other HTTP Status Code - 303. + SEE_OTHER = 2; + + // Temporary Redirect HTTP Status Code - 307. + TEMPORARY_REDIRECT = 3; + + // Permanent Redirect HTTP Status Code - 308. + PERMANENT_REDIRECT = 4; + } + + // When the scheme redirection take place, the following rules apply: + // 1. If the source URI scheme is `http` and the port is explicitly + // set to `:80`, the port will be removed after the redirection + // 2. If the source URI scheme is `https` and the port is explicitly + // set to `:443`, the port will be removed after the redirection + oneof scheme_rewrite_specifier { + // The scheme portion of the URL will be swapped with "https". + bool https_redirect = 4; + + // The scheme portion of the URL will be swapped with this value. + string scheme_redirect = 7; + } + + // The host portion of the URL will be swapped with this value. + string host_redirect = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // The port value of the URL will be swapped with this value. + uint32 port_redirect = 8; + + oneof path_rewrite_specifier { + // The path portion of the URL will be swapped with this value. + string path_redirect = 2 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during redirection, the matched prefix (or path) + // should be swapped with this value. This option allows redirect URLs be dynamically created + // based on the request. + // + // .. attention:: + // + // Pay attention to the use of trailing slashes as mentioned in + // :ref:`RouteAction's prefix_rewrite `. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + } + + // The HTTP status code to use in the redirect response. The default response + // code is MOVED_PERMANENTLY (301). + RedirectResponseCode response_code = 3 [(validate.rules).enum = {defined_only: true}]; + + // Indicates that during redirection, the query portion of the URL will + // be removed. Default value is false. + bool strip_query = 6; +} + +message DirectResponseAction { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.DirectResponseAction"; + + // Specifies the HTTP response status to be returned. + uint32 status = 1 [(validate.rules).uint32 = {lt: 600 gte: 100}]; + + // Specifies the content of the response body. If this setting is omitted, + // no body is included in the generated response. + // + // .. note:: + // + // Headers can be specified using *response_headers_to_add* in the enclosing + // :ref:`envoy_api_msg_config.route.v4alpha.Route`, :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration` or + // :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost`. + core.v4alpha.DataSource body = 2; +} + +message Decorator { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Decorator"; + + // The operation name associated with the request matched to this route. If tracing is + // enabled, this information will be used as the span name reported for this request. + // + // .. note:: + // + // For ingress (inbound) requests, or egress (outbound) responses, this value may be overridden + // by the :ref:`x-envoy-decorator-operation + // ` header. + string operation = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Whether the decorated details should be propagated to the other party. The default is true. + google.protobuf.BoolValue propagate = 2; +} + +message Tracing { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Tracing"; + + // Target percentage of requests managed by this HTTP connection manager that will be force + // traced if the :ref:`x-client-trace-id ` + // header is set. This field is a direct analog for the runtime variable + // 'tracing.client_sampling' in the :ref:`HTTP Connection Manager + // `. + // Default: 100% + type.v3.FractionalPercent client_sampling = 1; + + // Target percentage of requests managed by this HTTP connection manager that will be randomly + // selected for trace generation, if not requested by the client or not forced. This field is + // a direct analog for the runtime variable 'tracing.random_sampling' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.FractionalPercent random_sampling = 2; + + // Target percentage of requests managed by this HTTP connection manager that will be traced + // after all other sampling checks have been applied (client-directed, force tracing, random + // sampling). This field functions as an upper limit on the total configured sampling rate. For + // instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% + // of client requests with the appropriate headers to be force traced. This field is a direct + // analog for the runtime variable 'tracing.global_enabled' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.FractionalPercent overall_sampling = 3; + + // A list of custom tags with unique tag name to create tags for the active span. + // It will take effect after merging with the :ref:`corresponding configuration + // ` + // configured in the HTTP connection manager. If two tags with the same name are configured + // each in the HTTP connection manager and the route level, the one configured here takes + // priority. + repeated type.tracing.v3.CustomTag custom_tags = 4; +} + +// A virtual cluster is a way of specifying a regex matching rule against +// certain important endpoints such that statistics are generated explicitly for +// the matched requests. The reason this is useful is that when doing +// prefix/path matching Envoy does not always know what the application +// considers to be an endpoint. Thus, it’s impossible for Envoy to generically +// emit per endpoint statistics. However, often systems have highly critical +// endpoints that they wish to get “perfect” statistics on. Virtual cluster +// statistics are perfect in the sense that they are emitted on the downstream +// side such that they include network level failures. +// +// Documentation for :ref:`virtual cluster statistics `. +// +// .. note:: +// +// Virtual clusters are a useful tool, but we do not recommend setting up a virtual cluster for +// every application endpoint. This is both not easily maintainable and as well the matching and +// statistics output are not free. +message VirtualCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.VirtualCluster"; + + reserved 1, 3; + + reserved "pattern", "method"; + + // Specifies a list of header matchers to use for matching requests. Each specified header must + // match. The pseudo-headers `:path` and `:method` can be used to match the request path and + // method, respectively. + repeated HeaderMatcher headers = 4; + + // Specifies the name of the virtual cluster. The virtual cluster name as well + // as the virtual host name are used when emitting statistics. The statistics are emitted by the + // router filter and are documented :ref:`here `. + string name = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// Global rate limiting :ref:`architecture overview `. +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit"; + + // [#next-free-field: 7] + message Action { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action"; + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("source_cluster", "") + // + // is derived from the :option:`--service-cluster` option. + message SourceCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.SourceCluster"; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("destination_cluster", "") + // + // Once a request matches against a route table rule, a routed cluster is determined by one of + // the following :ref:`route table configuration ` + // settings: + // + // * :ref:`cluster ` indicates the upstream cluster + // to route to. + // * :ref:`weighted_clusters ` + // chooses a cluster randomly from a set of clusters with attributed weight. + // * :ref:`cluster_header ` indicates which + // header in the request contains the target cluster. + message DestinationCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.DestinationCluster"; + } + + // The following descriptor entry is appended when a header contains a key that matches the + // *header_name*: + // + // .. code-block:: cpp + // + // ("", "") + message RequestHeaders { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.RequestHeaders"; + + // The header name to be queried from the request headers. The header’s + // value is used to populate the value of the descriptor entry for the + // descriptor_key. + string header_name = 1 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false} + ]; + + // The key to use in the descriptor entry. + string descriptor_key = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + // The following descriptor entry is appended to the descriptor and is populated using the + // trusted address from :ref:`x-forwarded-for `: + // + // .. code-block:: cpp + // + // ("remote_address", "") + message RemoteAddress { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.RemoteAddress"; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("generic_key", "") + message GenericKey { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.GenericKey"; + + // The value to use in the descriptor entry. + string descriptor_value = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("header_match", "") + message HeaderValueMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.HeaderValueMatch"; + + // The value to use in the descriptor entry. + string descriptor_value = 1 [(validate.rules).string = {min_bytes: 1}]; + + // If set to true, the action will append a descriptor entry when the + // request matches the headers. If set to false, the action will append a + // descriptor entry when the request does not match the headers. The + // default value is true. + google.protobuf.BoolValue expect_match = 2; + + // Specifies a set of headers that the rate limit action should match + // on. The action will check the request’s headers against all the + // specified headers in the config. A match will happen if all the + // headers in the config are present in the request with the same values + // (or based on presence if the value field is not in the config). + repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; + } + + oneof action_specifier { + option (validate.required) = true; + + // Rate limit on source cluster. + SourceCluster source_cluster = 1; + + // Rate limit on destination cluster. + DestinationCluster destination_cluster = 2; + + // Rate limit on request headers. + RequestHeaders request_headers = 3; + + // Rate limit on remote address. + RemoteAddress remote_address = 4; + + // Rate limit on a generic key. + GenericKey generic_key = 5; + + // Rate limit on the existence of request headers. + HeaderValueMatch header_value_match = 6; + } + } + + // Refers to the stage set in the filter. The rate limit configuration only + // applies to filters with the same stage number. The default stage number is + // 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + google.protobuf.UInt32Value stage = 1 [(validate.rules).uint32 = {lte: 10}]; + + // The key to be set in runtime to disable this rate limit configuration. + string disable_key = 2; + + // A list of actions that are to be applied for this rate limit configuration. + // Order matters as the actions are processed sequentially and the descriptor + // is composed by appending descriptor entries in that sequence. If an action + // cannot append a descriptor entry, no descriptor is generated for the + // configuration. See :ref:`composing actions + // ` for additional documentation. + repeated Action actions = 3 [(validate.rules).repeated = {min_items: 1}]; +} + +// .. attention:: +// +// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 *Host* +// header. Thus, if attempting to match on *Host*, match on *:authority* instead. +// +// .. attention:: +// +// To route on HTTP method, use the special HTTP/2 *:method* header. This works for both +// HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g., +// +// .. code-block:: json +// +// { +// "name": ":method", +// "exact_match": "POST" +// } +// +// .. attention:: +// In the absence of any header match specifier, match will default to :ref:`present_match +// `. i.e, a request that has the :ref:`name +// ` header will match, regardless of the header's +// value. +// +// [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.] +// [#next-free-field: 12] +message HeaderMatcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.HeaderMatcher"; + + reserved 2, 3, 5; + + reserved "regex_match"; + + // Specifies the name of the header in the request. + string name = 1 + [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Specifies how the header match will be performed to route the request. + oneof header_match_specifier { + // If specified, header match will be performed based on the value of the header. + string exact_match = 4; + + // If specified, this regex string is a regular expression rule which implies the entire request + // header value must match the regex. The rule will not match if only a subsequence of the + // request header value matches the regex. + type.matcher.v3.RegexMatcher safe_regex_match = 11; + + // If specified, header match will be performed based on range. + // The rule will match if the request header value is within this range. + // The entire request header value must represent an integer in base 10 notation: consisting of + // an optional plus or minus sign followed by a sequence of digits. The rule will not match if + // the header value does not represent an integer. Match will fail for empty values, floating + // point numbers or if only a subsequence of the header value is an integer. + // + // Examples: + // + // * For range [-10,0), route will match for header value -1, but not for 0, "somestring", 10.9, + // "-1somestring" + type.v3.Int64Range range_match = 6; + + // If specified, header match will be performed based on whether the header is in the + // request. + bool present_match = 7; + + // If specified, header match will be performed based on the prefix of the header value. + // Note: empty prefix is not allowed, please use present_match instead. + // + // Examples: + // + // * The prefix *abcd* matches the value *abcdxyz*, but not for *abcxyz*. + string prefix_match = 9 [(validate.rules).string = {min_bytes: 1}]; + + // If specified, header match will be performed based on the suffix of the header value. + // Note: empty suffix is not allowed, please use present_match instead. + // + // Examples: + // + // * The suffix *abcd* matches the value *xyzabcd*, but not for *xyzbcd*. + string suffix_match = 10 [(validate.rules).string = {min_bytes: 1}]; + } + + // If specified, the match result will be inverted before checking. Defaults to false. + // + // Examples: + // + // * The regex ``\d{3}`` does not match the value *1234*, so it will match when inverted. + // * The range [-10,0) will match the value -1, so it will not match when inverted. + bool invert_match = 8; +} + +// Query parameter matching treats the query string of a request's :path header +// as an ampersand-separated list of keys and/or key=value elements. +// [#next-free-field: 7] +message QueryParameterMatcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.QueryParameterMatcher"; + + reserved 3, 4; + + reserved "value", "regex"; + + // Specifies the name of a key that must be present in the requested + // *path*'s query string. + string name = 1 [(validate.rules).string = {min_bytes: 1 max_bytes: 1024}]; + + oneof query_parameter_match_specifier { + // Specifies whether a query parameter value should match against a string. + type.matcher.v3.StringMatcher string_match = 5 [(validate.rules).message = {required: true}]; + + // Specifies whether a query parameter should be present. + bool present_match = 6; + } +} diff --git a/api/envoy/config/route/v4alpha/scoped_route.proto b/api/envoy/config/route/v4alpha/scoped_route.proto new file mode 100644 index 0000000000000..ce3d285b0592b --- /dev/null +++ b/api/envoy/config/route/v4alpha/scoped_route.proto @@ -0,0 +1,117 @@ +syntax = "proto3"; + +package envoy.config.route.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.route.v4alpha"; +option java_outer_classname = "ScopedRouteProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP scoped routing configuration] +// * Routing :ref:`architecture overview ` + +// Specifies a routing scope, which associates a +// :ref:`Key` to a +// :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration` (identified by its resource name). +// +// The HTTP connection manager builds up a table consisting of these Key to +// RouteConfiguration mappings, and looks up the RouteConfiguration to use per +// request according to the algorithm specified in the +// :ref:`scope_key_builder` +// assigned to the HttpConnectionManager. +// +// For example, with the following configurations (in YAML): +// +// HttpConnectionManager config: +// +// .. code:: +// +// ... +// scoped_routes: +// name: foo-scoped-routes +// scope_key_builder: +// fragments: +// - header_value_extractor: +// name: X-Route-Selector +// element_separator: , +// element: +// separator: = +// key: vip +// +// ScopedRouteConfiguration resources (specified statically via +// :ref:`scoped_route_configurations_list` +// or obtained dynamically via SRDS): +// +// .. code:: +// +// (1) +// name: route-scope1 +// route_configuration_name: route-config1 +// key: +// fragments: +// - string_key: 172.10.10.20 +// +// (2) +// name: route-scope2 +// route_configuration_name: route-config2 +// key: +// fragments: +// - string_key: 172.20.20.30 +// +// A request from a client such as: +// +// .. code:: +// +// GET / HTTP/1.1 +// Host: foo.com +// X-Route-Selector: vip=172.10.10.20 +// +// would result in the routing table defined by the `route-config1` +// RouteConfiguration being assigned to the HTTP request/stream. +// +message ScopedRouteConfiguration { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.ScopedRouteConfiguration"; + + // Specifies a key which is matched against the output of the + // :ref:`scope_key_builder` + // specified in the HttpConnectionManager. The matching is done per HTTP + // request and is dependent on the order of the fragments contained in the + // Key. + message Key { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.ScopedRouteConfiguration.Key"; + + message Fragment { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.ScopedRouteConfiguration.Key.Fragment"; + + oneof type { + option (validate.required) = true; + + // A string to match against. + string string_key = 1; + } + } + + // The ordered set of fragments to match against. The order must match the + // fragments in the corresponding + // :ref:`scope_key_builder`. + repeated Fragment fragments = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // The name assigned to the routing scope. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The resource name to use for a :ref:`envoy_api_msg_service.discovery.v3.DiscoveryRequest` to an + // RDS server to fetch the :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration` associated + // with this scope. + string route_configuration_name = 2 [(validate.rules).string = {min_bytes: 1}]; + + // The key to match against. + Key key = 3 [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/config/tap/v3/common.proto b/api/envoy/config/tap/v3/common.proto index 9f9c404a7df09..0fea8f88a638e 100644 --- a/api/envoy/config/tap/v3/common.proto +++ b/api/envoy/config/tap/v3/common.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.tap.v3"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common tap configuration] diff --git a/api/envoy/config/trace/v2/trace.proto b/api/envoy/config/trace/v2/trace.proto index a61f519687f6a..393465d2bb248 100644 --- a/api/envoy/config/trace/v2/trace.proto +++ b/api/envoy/config/trace/v2/trace.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v2"; option java_outer_classname = "TraceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tracing] // Tracing :ref:`architecture overview `. diff --git a/api/envoy/config/trace/v2alpha/xray.proto b/api/envoy/config/trace/v2alpha/xray.proto index 3e90a53106c08..27db3ba40b724 100644 --- a/api/envoy/config/trace/v2alpha/xray.proto +++ b/api/envoy/config/trace/v2alpha/xray.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v2alpha"; option java_outer_classname = "XrayProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: AWS X-Ray Tracer Configuration] // Configuration for AWS X-Ray tracer diff --git a/api/envoy/config/trace/v3/trace.proto b/api/envoy/config/trace/v3/trace.proto index 0213ad16c8efa..ec055e3c61b05 100644 --- a/api/envoy/config/trace/v3/trace.proto +++ b/api/envoy/config/trace/v3/trace.proto @@ -18,7 +18,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v3"; option java_outer_classname = "TraceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tracing] // Tracing :ref:`architecture overview `. diff --git a/api/envoy/config/trace/v3/xray.proto b/api/envoy/config/trace/v3/xray.proto index 3a8696694a675..c4259177d6575 100644 --- a/api/envoy/config/trace/v3/xray.proto +++ b/api/envoy/config/trace/v3/xray.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v3"; option java_outer_classname = "XrayProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: AWS X-Ray Tracer Configuration] // Configuration for AWS X-Ray tracer diff --git a/api/envoy/config/trace/v4alpha/BUILD b/api/envoy/config/trace/v4alpha/BUILD new file mode 100644 index 0000000000000..53ae98aac1407 --- /dev/null +++ b/api/envoy/config/trace/v4alpha/BUILD @@ -0,0 +1,15 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/trace/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + "@opencensus_proto//opencensus/proto/trace/v1:trace_config_proto", + ], +) diff --git a/api/envoy/config/trace/v4alpha/trace.proto b/api/envoy/config/trace/v4alpha/trace.proto new file mode 100644 index 0000000000000..c7e24549acffa --- /dev/null +++ b/api/envoy/config/trace/v4alpha/trace.proto @@ -0,0 +1,271 @@ +syntax = "proto3"; + +package envoy.config.trace.v4alpha; + +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "opencensus/proto/trace/v1/trace_config.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v4alpha"; +option java_outer_classname = "TraceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tracing] +// Tracing :ref:`architecture overview `. + +// The tracing configuration specifies global +// settings for the HTTP tracer used by Envoy. The configuration is defined by +// the :ref:`Bootstrap ` :ref:`tracing +// ` field. Envoy may support other tracers +// in the future, but right now the HTTP tracer is the only one supported. +message Tracing { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.Tracing"; + + message Http { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.Tracing.Http"; + + reserved 2; + + reserved "config"; + + // The name of the HTTP trace driver to instantiate. The name must match a + // supported HTTP trace driver. Built-in trace drivers: + // + // - *envoy.tracers.lightstep* + // - *envoy.tracers.zipkin* + // - *envoy.tracers.dynamic_ot* + // - *envoy.tracers.datadog* + // - *envoy.tracers.opencensus* + // - *envoy.tracers.xray* + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Trace driver specific configuration which depends on the driver being instantiated. + // See the trace drivers for examples: + // + // - :ref:`LightstepConfig ` + // - :ref:`ZipkinConfig ` + // - :ref:`DynamicOtConfig ` + // - :ref:`DatadogConfig ` + // - :ref:`OpenCensusConfig ` + // - :ref:`AWS X-Ray ` + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + // Provides configuration for the HTTP tracer. + Http http = 1; +} + +// Configuration for the LightStep tracer. +// [#extension: envoy.tracers.lightstep] +message LightstepConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.LightstepConfig"; + + // Available propagation modes + enum PropagationMode { + // Propagate trace context in the single header x-ot-span-context. + ENVOY = 0; + + // Propagate trace context using LightStep's native format. + LIGHTSTEP = 1; + + // Propagate trace context using the b3 format. + B3 = 2; + + // Propagation trace context using the w3 trace-context standard. + TRACE_CONTEXT = 3; + } + + // The cluster manager cluster that hosts the LightStep collectors. + string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // File containing the access token to the `LightStep + // `_ API. + string access_token_file = 2 [(validate.rules).string = {min_bytes: 1}]; + + // Propagation modes to use by LightStep's tracer. + repeated PropagationMode propagation_modes = 3 + [(validate.rules).repeated = {items {enum {defined_only: true}}}]; +} + +// Configuration for the Zipkin tracer. +// [#extension: envoy.tracers.zipkin] +// [#next-free-field: 6] +message ZipkinConfig { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.ZipkinConfig"; + + // Available Zipkin collector endpoint versions. + enum CollectorEndpointVersion { + // Zipkin API v1, JSON over HTTP. + // [#comment: The default implementation of Zipkin client before this field is added was only v1 + // and the way user configure this was by not explicitly specifying the version. Consequently, + // before this is added, the corresponding Zipkin collector expected to receive v1 payload. + // Hence the motivation of adding HTTP_JSON_V1 as the default is to avoid a breaking change when + // user upgrading Envoy with this change. Furthermore, we also immediately deprecate this field, + // since in Zipkin realm this v1 version is considered to be not preferable anymore.] + DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 + [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true]; + + // Zipkin API v2, JSON over HTTP. + HTTP_JSON = 1; + + // Zipkin API v2, protobuf over HTTP. + HTTP_PROTO = 2; + + // [#not-implemented-hide:] + GRPC = 3; + } + + // The cluster manager cluster that hosts the Zipkin collectors. Note that the + // Zipkin cluster must be defined in the :ref:`Bootstrap static cluster + // resources `. + string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The API endpoint of the Zipkin service where the spans will be sent. When + // using a standard Zipkin installation, the API endpoint is typically + // /api/v1/spans, which is the default value. + string collector_endpoint = 2 [(validate.rules).string = {min_bytes: 1}]; + + // Determines whether a 128bit trace id will be used when creating a new + // trace instance. The default value is false, which will result in a 64 bit trace id being used. + bool trace_id_128bit = 3; + + // Determines whether client and server spans will share the same span context. + // The default value is true. + google.protobuf.BoolValue shared_span_context = 4; + + // Determines the selected collector endpoint version. By default, the ``HTTP_JSON_V1`` will be + // used. + CollectorEndpointVersion collector_endpoint_version = 5; +} + +// DynamicOtConfig is used to dynamically load a tracer from a shared library +// that implements the `OpenTracing dynamic loading API +// `_. +// [#extension: envoy.tracers.dynamic_ot] +message DynamicOtConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.DynamicOtConfig"; + + // Dynamic library implementing the `OpenTracing API + // `_. + string library = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The configuration to use when creating a tracer from the given dynamic + // library. + google.protobuf.Struct config = 2; +} + +// Configuration for the Datadog tracer. +// [#extension: envoy.tracers.datadog] +message DatadogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.DatadogConfig"; + + // The cluster to use for submitting traces to the Datadog agent. + string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The name used for the service when traces are generated by envoy. + string service_name = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// Configuration for the OpenCensus tracer. +// [#next-free-field: 15] +// [#extension: envoy.tracers.opencensus] +message OpenCensusConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.OpenCensusConfig"; + + enum TraceContext { + // No-op default, no trace context is utilized. + NONE = 0; + + // W3C Trace-Context format "traceparent:" header. + TRACE_CONTEXT = 1; + + // Binary "grpc-trace-bin:" header. + GRPC_TRACE_BIN = 2; + + // "X-Cloud-Trace-Context:" header. + CLOUD_TRACE_CONTEXT = 3; + + // X-B3-* headers. + B3 = 4; + } + + reserved 7; + + // Configures tracing, e.g. the sampler, max number of annotations, etc. + opencensus.proto.trace.v1.TraceConfig trace_config = 1; + + // Enables the stdout exporter if set to true. This is intended for debugging + // purposes. + bool stdout_exporter_enabled = 2; + + // Enables the Stackdriver exporter if set to true. The project_id must also + // be set. + bool stackdriver_exporter_enabled = 3; + + // The Cloud project_id to use for Stackdriver tracing. + string stackdriver_project_id = 4; + + // (optional) By default, the Stackdriver exporter will connect to production + // Stackdriver. If stackdriver_address is non-empty, it will instead connect + // to this address, which is in the gRPC format: + // https://github.com/grpc/grpc/blob/master/doc/naming.md + string stackdriver_address = 10; + + // (optional) The gRPC server that hosts Stackdriver tracing service. Only + // Google gRPC is supported. If :ref:`target_uri ` + // is not provided, the default production Stackdriver address will be used. + core.v4alpha.GrpcService stackdriver_grpc_service = 13; + + // Enables the Zipkin exporter if set to true. The url and service name must + // also be set. + bool zipkin_exporter_enabled = 5; + + // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans" + string zipkin_url = 6; + + // Enables the OpenCensus Agent exporter if set to true. The ocagent_address or + // ocagent_grpc_service must also be set. + bool ocagent_exporter_enabled = 11; + + // The address of the OpenCensus Agent, if its exporter is enabled, in gRPC + // format: https://github.com/grpc/grpc/blob/master/doc/naming.md + // [#comment:TODO: deprecate this field] + string ocagent_address = 12; + + // (optional) The gRPC server hosted by the OpenCensus Agent. Only Google gRPC is supported. + // This is only used if the ocagent_address is left empty. + core.v4alpha.GrpcService ocagent_grpc_service = 14; + + // List of incoming trace context headers we will accept. First one found + // wins. + repeated TraceContext incoming_trace_context = 8; + + // List of outgoing trace context headers we will produce. + repeated TraceContext outgoing_trace_context = 9; +} + +// Configuration structure. +message TraceServiceConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.TraceServiceConfig"; + + // The upstream gRPC cluster that hosts the metrics service. + core.v4alpha.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/config/trace/v4alpha/xray.proto b/api/envoy/config/trace/v4alpha/xray.proto new file mode 100644 index 0000000000000..39bcebd1bad7d --- /dev/null +++ b/api/envoy/config/trace/v4alpha/xray.proto @@ -0,0 +1,35 @@ +syntax = "proto3"; + +package envoy.config.trace.v4alpha; + +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v4alpha"; +option java_outer_classname = "XrayProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: AWS X-Ray Tracer Configuration] +// Configuration for AWS X-Ray tracer + +message XRayConfig { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.XRayConfig"; + + // The UDP endpoint of the X-Ray Daemon where the spans will be sent. + // If this value is not set, the default value of 127.0.0.1:2000 will be used. + core.v4alpha.SocketAddress daemon_endpoint = 1; + + // The name of the X-Ray segment. + string segment_name = 2 [(validate.rules).string = {min_len: 1}]; + + // The location of a local custom sampling rules JSON file. + // For an example of the sampling rules see: + // `X-Ray SDK documentation + // `_ + core.v4alpha.DataSource sampling_rule_manifest = 3; +} diff --git a/api/envoy/config/transport_socket/alts/v2alpha/alts.proto b/api/envoy/config/transport_socket/alts/v2alpha/alts.proto index 12b58fe18d089..92d5fb83a49cd 100644 --- a/api/envoy/config/transport_socket/alts/v2alpha/alts.proto +++ b/api/envoy/config/transport_socket/alts/v2alpha/alts.proto @@ -11,7 +11,7 @@ option java_outer_classname = "AltsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.alts.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: ALTS] // [#extension: envoy.transport_sockets.alts] diff --git a/api/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto b/api/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto index ba6df436cb259..1b3fd395d5724 100644 --- a/api/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto +++ b/api/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto @@ -10,7 +10,7 @@ option java_outer_classname = "RawBufferProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.raw_buffer.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Raw Buffer] // [#extension: envoy.transport_sockets.raw_buffer] diff --git a/api/envoy/config/transport_socket/tap/v2alpha/tap.proto b/api/envoy/config/transport_socket/tap/v2alpha/tap.proto index 2900b659fe646..0802c7558ad35 100644 --- a/api/envoy/config/transport_socket/tap/v2alpha/tap.proto +++ b/api/envoy/config/transport_socket/tap/v2alpha/tap.proto @@ -15,7 +15,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.tap.v3"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap] // [#extension: envoy.transport_sockets.tap] diff --git a/api/envoy/config/wasm/v2alpha/wasm.proto b/api/envoy/config/wasm/v2alpha/wasm.proto index dbd4ed92b867f..b8f050a23d2b0 100644 --- a/api/envoy/config/wasm/v2alpha/wasm.proto +++ b/api/envoy/config/wasm/v2alpha/wasm.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.config.wasm.v2alpha"; option java_outer_classname = "WasmProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.wasm.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Wasm service] diff --git a/api/envoy/data/accesslog/v2/accesslog.proto b/api/envoy/data/accesslog/v2/accesslog.proto index 3a616ee19eed2..af19197f62a6a 100644 --- a/api/envoy/data/accesslog/v2/accesslog.proto +++ b/api/envoy/data/accesslog/v2/accesslog.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.accesslog.v2"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC access logs] // Envoy access logs describe incoming interaction with Envoy over a fixed diff --git a/api/envoy/data/accesslog/v3/accesslog.proto b/api/envoy/data/accesslog/v3/accesslog.proto index 48a0f794245c7..374569d937f28 100644 --- a/api/envoy/data/accesslog/v3/accesslog.proto +++ b/api/envoy/data/accesslog/v3/accesslog.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.accesslog.v3"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC access logs] // Envoy access logs describe incoming interaction with Envoy over a fixed diff --git a/api/envoy/data/cluster/v2alpha/outlier_detection_event.proto b/api/envoy/data/cluster/v2alpha/outlier_detection_event.proto index 38ac1f93684ca..3ea8bc2597fd8 100644 --- a/api/envoy/data/cluster/v2alpha/outlier_detection_event.proto +++ b/api/envoy/data/cluster/v2alpha/outlier_detection_event.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.data.cluster.v2alpha"; option java_outer_classname = "OutlierDetectionEventProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.data.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Outlier detection logging events] // :ref:`Outlier detection logging `. diff --git a/api/envoy/data/cluster/v3/outlier_detection_event.proto b/api/envoy/data/cluster/v3/outlier_detection_event.proto index 608df577fa41f..ae1ad4c94d173 100644 --- a/api/envoy/data/cluster/v3/outlier_detection_event.proto +++ b/api/envoy/data/cluster/v3/outlier_detection_event.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.cluster.v3"; option java_outer_classname = "OutlierDetectionEventProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Outlier detection logging events] // :ref:`Outlier detection logging `. diff --git a/api/envoy/data/core/v2alpha/health_check_event.proto b/api/envoy/data/core/v2alpha/health_check_event.proto index 0fc25b8106632..00fd69fd42d3f 100644 --- a/api/envoy/data/core/v2alpha/health_check_event.proto +++ b/api/envoy/data/core/v2alpha/health_check_event.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.core.v2alpha"; option java_outer_classname = "HealthCheckEventProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health check logging events] // :ref:`Health check logging `. diff --git a/api/envoy/data/core/v3/health_check_event.proto b/api/envoy/data/core/v3/health_check_event.proto index 4227fbc5c4cff..88b195b92b3df 100644 --- a/api/envoy/data/core/v3/health_check_event.proto +++ b/api/envoy/data/core/v3/health_check_event.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.core.v3"; option java_outer_classname = "HealthCheckEventProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health check logging events] // :ref:`Health check logging `. diff --git a/api/envoy/data/dns/v2alpha/dns_table.proto b/api/envoy/data/dns/v2alpha/dns_table.proto index b401a54b3498f..7a9e535c4f3a2 100644 --- a/api/envoy/data/dns/v2alpha/dns_table.proto +++ b/api/envoy/data/dns/v2alpha/dns_table.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.data.dns.v2alpha"; option java_outer_classname = "DnsTableProto"; option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: DNS Filter Table Data] // :ref:`DNS Filter config overview `. diff --git a/api/envoy/data/dns/v3/dns_table.proto b/api/envoy/data/dns/v3/dns_table.proto index ebecebebc78fd..a6457e118672d 100644 --- a/api/envoy/data/dns/v3/dns_table.proto +++ b/api/envoy/data/dns/v3/dns_table.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.dns.v3"; option java_outer_classname = "DnsTableProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: DNS Filter Table Data] // :ref:`DNS Filter config overview `. diff --git a/api/envoy/data/tap/v2alpha/common.proto b/api/envoy/data/tap/v2alpha/common.proto index 8030f98afe044..7c02aa7719542 100644 --- a/api/envoy/data/tap/v2alpha/common.proto +++ b/api/envoy/data/tap/v2alpha/common.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap common data] diff --git a/api/envoy/data/tap/v2alpha/http.proto b/api/envoy/data/tap/v2alpha/http.proto index a6839ae16fa95..60ea68b66d4ad 100644 --- a/api/envoy/data/tap/v2alpha/http.proto +++ b/api/envoy/data/tap/v2alpha/http.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP tap data] diff --git a/api/envoy/data/tap/v2alpha/transport.proto b/api/envoy/data/tap/v2alpha/transport.proto index 8f775b94e4755..82c2845ee338f 100644 --- a/api/envoy/data/tap/v2alpha/transport.proto +++ b/api/envoy/data/tap/v2alpha/transport.proto @@ -12,7 +12,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "TransportProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Transport tap data] // Trace format for the tap transport socket extension. This dumps plain text read/write diff --git a/api/envoy/data/tap/v2alpha/wrapper.proto b/api/envoy/data/tap/v2alpha/wrapper.proto index 98e26df09557f..769b95c6160a3 100644 --- a/api/envoy/data/tap/v2alpha/wrapper.proto +++ b/api/envoy/data/tap/v2alpha/wrapper.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "WrapperProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap data wrappers] diff --git a/api/envoy/data/tap/v3/common.proto b/api/envoy/data/tap/v3/common.proto index 601ccbc03f167..861da12e20c1b 100644 --- a/api/envoy/data/tap/v3/common.proto +++ b/api/envoy/data/tap/v3/common.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap common data] diff --git a/api/envoy/data/tap/v3/http.proto b/api/envoy/data/tap/v3/http.proto index ebe6d5eef0094..d4f05fa09522e 100644 --- a/api/envoy/data/tap/v3/http.proto +++ b/api/envoy/data/tap/v3/http.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP tap data] diff --git a/api/envoy/data/tap/v3/transport.proto b/api/envoy/data/tap/v3/transport.proto index 827c53c7b1de0..f596759cb4907 100644 --- a/api/envoy/data/tap/v3/transport.proto +++ b/api/envoy/data/tap/v3/transport.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "TransportProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Transport tap data] // Trace format for the tap transport socket extension. This dumps plain text read/write diff --git a/api/envoy/data/tap/v3/wrapper.proto b/api/envoy/data/tap/v3/wrapper.proto index a3affd77f14af..636547614c268 100644 --- a/api/envoy/data/tap/v3/wrapper.proto +++ b/api/envoy/data/tap/v3/wrapper.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "WrapperProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap data wrappers] diff --git a/api/envoy/extensions/access_loggers/file/v3/file.proto b/api/envoy/extensions/access_loggers/file/v3/file.proto index d0e8a5cb33193..f3c9c0a11612f 100644 --- a/api/envoy/extensions/access_loggers/file/v3/file.proto +++ b/api/envoy/extensions/access_loggers/file/v3/file.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.access_loggers.file.v3"; option java_outer_classname = "FileProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: File access log] // [#extension: envoy.access_loggers.file] diff --git a/api/envoy/extensions/access_loggers/grpc/v3/als.proto b/api/envoy/extensions/access_loggers/grpc/v3/als.proto index a13b2ef06fd89..3cc154416627e 100644 --- a/api/envoy/extensions/access_loggers/grpc/v3/als.proto +++ b/api/envoy/extensions/access_loggers/grpc/v3/als.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.access_loggers.grpc.v3"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/api/envoy/extensions/clusters/aggregate/v3/cluster.proto b/api/envoy/extensions/clusters/aggregate/v3/cluster.proto index c7feab787cb2c..aead1c4517391 100644 --- a/api/envoy/extensions/clusters/aggregate/v3/cluster.proto +++ b/api/envoy/extensions/clusters/aggregate/v3/cluster.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.clusters.aggregate.v3"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Aggregate cluster configuration] diff --git a/api/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto b/api/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto index b2ffecaa0c6ac..6f100d9dbb7e9 100644 --- a/api/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto +++ b/api/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.clusters.dynamic_forward_proxy.v3"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamic forward proxy cluster configuration] diff --git a/api/envoy/extensions/clusters/redis/v3/redis_cluster.proto b/api/envoy/extensions/clusters/redis/v3/redis_cluster.proto index bc9353d7efe2d..cf01359e55abb 100644 --- a/api/envoy/extensions/clusters/redis/v3/redis_cluster.proto +++ b/api/envoy/extensions/clusters/redis/v3/redis_cluster.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.clusters.redis.v3"; option java_outer_classname = "RedisClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Redis Cluster Configuration] // This cluster adds support for `Redis Cluster `_, as part diff --git a/api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto b/api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto index 32f338d0358c3..7c72af35af33e 100644 --- a/api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto +++ b/api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.common.dynamic_forward_proxy.v3"; option java_outer_classname = "DnsCacheProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamic forward proxy common configuration] diff --git a/api/envoy/extensions/common/ratelimit/v3/ratelimit.proto b/api/envoy/extensions/common/ratelimit/v3/ratelimit.proto index 846ecf94f9f7f..187ae3f229c46 100644 --- a/api/envoy/extensions/common/ratelimit/v3/ratelimit.proto +++ b/api/envoy/extensions/common/ratelimit/v3/ratelimit.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.common.ratelimit.v3"; option java_outer_classname = "RatelimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common rate limit components] diff --git a/api/envoy/extensions/common/tap/v3/common.proto b/api/envoy/extensions/common/tap/v3/common.proto index cc67a00308b84..46a25b164d67a 100644 --- a/api/envoy/extensions/common/tap/v3/common.proto +++ b/api/envoy/extensions/common/tap/v3/common.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.common.tap.v3"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common tap extension configuration] diff --git a/api/envoy/extensions/common/tap/v4alpha/BUILD b/api/envoy/extensions/common/tap/v4alpha/BUILD new file mode 100644 index 0000000000000..d1fe49142a8e2 --- /dev/null +++ b/api/envoy/extensions/common/tap/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/tap/v3:pkg", + "//envoy/extensions/common/tap/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/common/tap/v4alpha/common.proto b/api/envoy/extensions/common/tap/v4alpha/common.proto new file mode 100644 index 0000000000000..63de14a3d6f63 --- /dev/null +++ b/api/envoy/extensions/common/tap/v4alpha/common.proto @@ -0,0 +1,61 @@ +syntax = "proto3"; + +package envoy.extensions.common.tap.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/tap/v3/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.common.tap.v4alpha"; +option java_outer_classname = "CommonProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Common tap extension configuration] + +// Common configuration for all tap extensions. +message CommonExtensionConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.common.tap.v3.CommonExtensionConfig"; + + // [#not-implemented-hide:] + message TapDSConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.common.tap.v3.CommonExtensionConfig.TapDSConfig"; + + // Configuration for the source of TapDS updates for this Cluster. + config.core.v4alpha.ConfigSource config_source = 1 + [(validate.rules).message = {required: true}]; + + // Tap config to request from XDS server. + string name = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + oneof config_type { + option (validate.required) = true; + + // If specified, the tap filter will be configured via an admin handler. + AdminConfig admin_config = 1; + + // If specified, the tap filter will be configured via a static configuration that cannot be + // changed. + config.tap.v3.TapConfig static_config = 2; + + // [#not-implemented-hide:] Configuration to use for TapDS updates for the filter. + TapDSConfig tapds_config = 3; + } +} + +// Configuration for the admin handler. See :ref:`here ` for +// more information. +message AdminConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.common.tap.v3.AdminConfig"; + + // Opaque configuration ID. When requests are made to the admin handler, the passed opaque ID is + // matched to the configured filter opaque ID to determine which filter to configure. + string config_id = 1 [(validate.rules).string = {min_bytes: 1}]; +} diff --git a/api/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto b/api/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto index e06c7873f277d..38a8872d323e1 100644 --- a/api/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto +++ b/api/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.extensions.filter.udp.dns_filter.v3al option java_outer_classname = "DnsFilterProto"; option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: DNS Filter] // DNS Filter :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/common/fault/v3/fault.proto b/api/envoy/extensions/filters/common/fault/v3/fault.proto index 32a134b97fe9b..dc4f2c34efb45 100644 --- a/api/envoy/extensions/filters/common/fault/v3/fault.proto +++ b/api/envoy/extensions/filters/common/fault/v3/fault.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.common.fault.v3"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common fault injection types] diff --git a/api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto b/api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto index 6e105dcf228dc..3d2ef3e96d968 100644 --- a/api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto +++ b/api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.adaptive_concurrency.v3"; option java_outer_classname = "AdaptiveConcurrencyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Adaptive Concurrency] // Adaptive Concurrency Control :ref:`configuration overview diff --git a/api/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto b/api/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto index 90d393024776d..7e96c2efb8359 100644 --- a/api/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto +++ b/api/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.aws_lambda.v3"; option java_outer_classname = "AwsLambdaProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: AWS Lambda] // AWS Lambda :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto b/api/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto index 2309de89520c0..b80bc1b821087 100644 --- a/api/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto +++ b/api/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.aws_request_signing.v3"; option java_outer_classname = "AwsRequestSigningProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: AwsRequestSigning] // AwsRequestSigning :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/buffer/v3/buffer.proto b/api/envoy/extensions/filters/http/buffer/v3/buffer.proto index c8b3020414ceb..6f73244032c4e 100644 --- a/api/envoy/extensions/filters/http/buffer/v3/buffer.proto +++ b/api/envoy/extensions/filters/http/buffer/v3/buffer.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.buffer.v3"; option java_outer_classname = "BufferProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Buffer] // Buffer :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/cache/v3alpha/cache.proto b/api/envoy/extensions/filters/http/cache/v3alpha/cache.proto index 736848d1af266..1ff305bb0e279 100644 --- a/api/envoy/extensions/filters/http/cache/v3alpha/cache.proto +++ b/api/envoy/extensions/filters/http/cache/v3alpha/cache.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.extensions.filters.http.cache.v3alpha option java_outer_classname = "CacheProto"; option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP Cache Filter] // [#extension: envoy.filters.http.cache] diff --git a/api/envoy/extensions/filters/http/compressor/v3/compressor.proto b/api/envoy/extensions/filters/http/compressor/v3/compressor.proto index fabcc8dfead63..0eefe55140d26 100644 --- a/api/envoy/extensions/filters/http/compressor/v3/compressor.proto +++ b/api/envoy/extensions/filters/http/compressor/v3/compressor.proto @@ -12,7 +12,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.compressor.v3"; option java_outer_classname = "CompressorProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Compressor] diff --git a/api/envoy/extensions/filters/http/cors/v3/cors.proto b/api/envoy/extensions/filters/http/cors/v3/cors.proto index 176e5c4a1865c..0269e1bdfd8c7 100644 --- a/api/envoy/extensions/filters/http/cors/v3/cors.proto +++ b/api/envoy/extensions/filters/http/cors/v3/cors.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.cors.v3"; option java_outer_classname = "CorsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Cors] // CORS Filter :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/csrf/v3/csrf.proto b/api/envoy/extensions/filters/http/csrf/v3/csrf.proto index 286e7fc954711..263d705e3f545 100644 --- a/api/envoy/extensions/filters/http/csrf/v3/csrf.proto +++ b/api/envoy/extensions/filters/http/csrf/v3/csrf.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.csrf.v3"; option java_outer_classname = "CsrfProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: CSRF] // Cross-Site Request Forgery :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto b/api/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto index a5dc4a9b1fb66..b8a2525dbf543 100644 --- a/api/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto +++ b/api/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamic_forward_proxy.v3"; option java_outer_classname = "DynamicForwardProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamic forward proxy] diff --git a/api/envoy/extensions/filters/http/dynamo/v3/dynamo.proto b/api/envoy/extensions/filters/http/dynamo/v3/dynamo.proto index 600f22686afc7..13a4f1c6ceee0 100644 --- a/api/envoy/extensions/filters/http/dynamo/v3/dynamo.proto +++ b/api/envoy/extensions/filters/http/dynamo/v3/dynamo.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamo.v3"; option java_outer_classname = "DynamoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamo] // Dynamo :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/api/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto index 90304242bdfaf..44673ad6ff263 100644 --- a/api/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto +++ b/api/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3"; option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: External Authorization] // External Authorization :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/fault/v3/fault.proto b/api/envoy/extensions/filters/http/fault/v3/fault.proto index b736fd404bfce..534a0da35b16c 100644 --- a/api/envoy/extensions/filters/http/fault/v3/fault.proto +++ b/api/envoy/extensions/filters/http/fault/v3/fault.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.fault.v3"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Fault Injection] // Fault Injection :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto b/api/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto index 61db52e493e2a..7e31da49e92ba 100644 --- a/api/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto +++ b/api/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_http1_bridge.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC HTTP/1.1 Bridge] // gRPC HTTP/1.1 Bridge Filter :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto b/api/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto index 04fa5c891e7a8..85d7cbe1cecd7 100644 --- a/api/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto +++ b/api/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_http1_reverse_bridge.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC HTTP/1.1 Reverse Bridge] // gRPC HTTP/1.1 Reverse Bridge :ref:`configuration overview diff --git a/api/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto b/api/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto index 770abc303decd..3082089202eef 100644 --- a/api/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto +++ b/api/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_json_transcoder.v3"; option java_outer_classname = "TranscoderProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC-JSON transcoder] // gRPC-JSON transcoder :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/grpc_stats/v3/config.proto b/api/envoy/extensions/filters/http/grpc_stats/v3/config.proto index 037e5efe04f5e..1fecdaea0a164 100644 --- a/api/envoy/extensions/filters/http/grpc_stats/v3/config.proto +++ b/api/envoy/extensions/filters/http/grpc_stats/v3/config.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_stats.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC statistics] gRPC statistics filter // :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto b/api/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto index 3a3f27835856a..8161139f547b5 100644 --- a/api/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto +++ b/api/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_web.v3"; option java_outer_classname = "GrpcWebProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Web] // gRPC Web :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/gzip/v3/gzip.proto b/api/envoy/extensions/filters/http/gzip/v3/gzip.proto index 46c722d15c93e..eb8a69f083ba1 100644 --- a/api/envoy/extensions/filters/http/gzip/v3/gzip.proto +++ b/api/envoy/extensions/filters/http/gzip/v3/gzip.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.gzip.v3"; option java_outer_classname = "GzipProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Gzip] // Gzip :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto b/api/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto index 937d323845a7c..8e7c490f01b66 100644 --- a/api/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto +++ b/api/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.header_to_metadata.v3"; option java_outer_classname = "HeaderToMetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Header-To-Metadata Filter] // diff --git a/api/envoy/extensions/filters/http/health_check/v3/health_check.proto b/api/envoy/extensions/filters/http/health_check/v3/health_check.proto index 7aa1fe1533897..1a5dbf1bb9006 100644 --- a/api/envoy/extensions/filters/http/health_check/v3/health_check.proto +++ b/api/envoy/extensions/filters/http/health_check/v3/health_check.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.health_check.v3"; option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health check] // Health check :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto b/api/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto index a32d06bce1761..a23ad9dea0a90 100644 --- a/api/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto +++ b/api/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.ip_tagging.v3"; option java_outer_classname = "IpTaggingProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: IP tagging] // IP tagging :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/jwt_authn/v3/config.proto b/api/envoy/extensions/filters/http/jwt_authn/v3/config.proto index 3d5ea6de16525..1aabe1bd4390d 100644 --- a/api/envoy/extensions/filters/http/jwt_authn/v3/config.proto +++ b/api/envoy/extensions/filters/http/jwt_authn/v3/config.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.jwt_authn.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: JWT Authentication] // JWT Authentication :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/lua/v3/lua.proto b/api/envoy/extensions/filters/http/lua/v3/lua.proto index 9265fe9479331..da6b0c09a0f61 100644 --- a/api/envoy/extensions/filters/http/lua/v3/lua.proto +++ b/api/envoy/extensions/filters/http/lua/v3/lua.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.lua.v3"; option java_outer_classname = "LuaProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Lua] // Lua :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/on_demand/v3/on_demand.proto b/api/envoy/extensions/filters/http/on_demand/v3/on_demand.proto index aab72b202329b..5c6b96540c19e 100644 --- a/api/envoy/extensions/filters/http/on_demand/v3/on_demand.proto +++ b/api/envoy/extensions/filters/http/on_demand/v3/on_demand.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.on_demand.v3"; option java_outer_classname = "OnDemandProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: OnDemand] // IP tagging :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/original_src/v3/original_src.proto b/api/envoy/extensions/filters/http/original_src/v3/original_src.proto index 33447f6528899..507c9728fbbf1 100644 --- a/api/envoy/extensions/filters/http/original_src/v3/original_src.proto +++ b/api/envoy/extensions/filters/http/original_src/v3/original_src.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.original_src.v3"; option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/api/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto b/api/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto index a9d66843a169e..057b7c3d44032 100644 --- a/api/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto +++ b/api/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.ratelimit.v3"; option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/rbac/v3/rbac.proto b/api/envoy/extensions/filters/http/rbac/v3/rbac.proto index 7bfb45f82f34e..bae67ec5a0a9c 100644 --- a/api/envoy/extensions/filters/http/rbac/v3/rbac.proto +++ b/api/envoy/extensions/filters/http/rbac/v3/rbac.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.rbac.v3"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/router/v3/router.proto b/api/envoy/extensions/filters/http/router/v3/router.proto index 557d2e0a4a218..6ab64f92f2b0f 100644 --- a/api/envoy/extensions/filters/http/router/v3/router.proto +++ b/api/envoy/extensions/filters/http/router/v3/router.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.router.v3"; option java_outer_classname = "RouterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Router] // Router :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/squash/v3/squash.proto b/api/envoy/extensions/filters/http/squash/v3/squash.proto index eb164a4ec68a3..0ea335a414fab 100644 --- a/api/envoy/extensions/filters/http/squash/v3/squash.proto +++ b/api/envoy/extensions/filters/http/squash/v3/squash.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.squash.v3"; option java_outer_classname = "SquashProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Squash] // Squash :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/tap/v3/tap.proto b/api/envoy/extensions/filters/http/tap/v3/tap.proto index 7d2e37feefdd6..81779443e4a54 100644 --- a/api/envoy/extensions/filters/http/tap/v3/tap.proto +++ b/api/envoy/extensions/filters/http/tap/v3/tap.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.tap.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap] // Tap :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/http/tap/v4alpha/BUILD b/api/envoy/extensions/filters/http/tap/v4alpha/BUILD new file mode 100644 index 0000000000000..5204b739b76c5 --- /dev/null +++ b/api/envoy/extensions/filters/http/tap/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/extensions/common/tap/v4alpha:pkg", + "//envoy/extensions/filters/http/tap/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/filters/http/tap/v4alpha/tap.proto b/api/envoy/extensions/filters/http/tap/v4alpha/tap.proto new file mode 100644 index 0000000000000..98798be8bfd2b --- /dev/null +++ b/api/envoy/extensions/filters/http/tap/v4alpha/tap.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.tap.v4alpha; + +import "envoy/extensions/common/tap/v4alpha/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.tap.v4alpha"; +option java_outer_classname = "TapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tap] +// Tap :ref:`configuration overview `. +// [#extension: envoy.filters.http.tap] + +// Top level configuration for the tap filter. +message Tap { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.tap.v3.Tap"; + + // Common configuration for the HTTP tap filter. + common.tap.v4alpha.CommonExtensionConfig common_config = 1 + [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto b/api/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto index 80b5938dfd565..cb439b0973ba9 100644 --- a/api/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto +++ b/api/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.http_inspector.v3"; option java_outer_classname = "HttpInspectorProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP Inspector Filter] // Detect whether the application protocol is HTTP. diff --git a/api/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto b/api/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto index ec69def4a9e95..8239c5c42c528 100644 --- a/api/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto +++ b/api/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.original_dst.v3"; option java_outer_classname = "OriginalDstProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Original Dst Filter] // Use the Original destination address on downstream connections. diff --git a/api/envoy/extensions/filters/listener/original_src/v3/original_src.proto b/api/envoy/extensions/filters/listener/original_src/v3/original_src.proto index d3f017f163457..5fd07924d7fd7 100644 --- a/api/envoy/extensions/filters/listener/original_src/v3/original_src.proto +++ b/api/envoy/extensions/filters/listener/original_src/v3/original_src.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.original_src.v3"; option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto index 4a8899b1aafcb..63ad72945e280 100644 --- a/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto +++ b/api/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.proxy_protocol.v3"; option java_outer_classname = "ProxyProtocolProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Proxy Protocol Filter] // PROXY protocol listener filter. diff --git a/api/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto b/api/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto index 7182155bbadf5..eff9774844f4b 100644 --- a/api/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto +++ b/api/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.tls_inspector.v3"; option java_outer_classname = "TlsInspectorProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: TLS Inspector Filter] // Allows detecting whether the transport appears to be TLS or plaintext. diff --git a/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto b/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto index 624982dae0960..e2da157574f89 100644 --- a/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto +++ b/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.client_ssl_auth.v3"; option java_outer_classname = "ClientSslAuthProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Client TLS authentication] // Client TLS authentication diff --git a/api/envoy/extensions/filters/network/direct_response/v3/config.proto b/api/envoy/extensions/filters/network/direct_response/v3/config.proto index b8866d703571d..2742372b2f91d 100644 --- a/api/envoy/extensions/filters/network/direct_response/v3/config.proto +++ b/api/envoy/extensions/filters/network/direct_response/v3/config.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.direct_response.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Direct response] // Direct response :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto b/api/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto index 24038c93552cd..fa1959a425c8e 100644 --- a/api/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto +++ b/api/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.dubbo_proxy.router.v3"; option java_outer_classname = "RouterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Router] // Dubbo router :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto b/api/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto index f3138d81d6b05..749708880d71c 100644 --- a/api/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto +++ b/api/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.dubbo_proxy.v3"; option java_outer_classname = "DubboProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dubbo Proxy] // Dubbo Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto b/api/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto index d0642620a8314..f06518c0b672e 100644 --- a/api/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto +++ b/api/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.dubbo_proxy.v3"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dubbo Proxy Route Configuration] // Dubbo Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/echo/v3/echo.proto b/api/envoy/extensions/filters/network/echo/v3/echo.proto index 4bcb5d31d8b3b..077d87259b6b2 100644 --- a/api/envoy/extensions/filters/network/echo/v3/echo.proto +++ b/api/envoy/extensions/filters/network/echo/v3/echo.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.echo.v3"; option java_outer_classname = "EchoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Echo] // Echo :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto b/api/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto index 22cf85f39aae4..c3a63ac0a4f65 100644 --- a/api/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto +++ b/api/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.ext_authz.v3"; option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Network External Authorization ] // The network layer external authorization service configuration diff --git a/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 401bed8fed66d..06d66055a0d68 100644 --- a/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -24,7 +24,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3"; option java_outer_classname = "HttpConnectionManagerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP connection manager] // HTTP connection manager :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/BUILD b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/BUILD new file mode 100644 index 0000000000000..792ccf7ab6772 --- /dev/null +++ b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/BUILD @@ -0,0 +1,19 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/accesslog/v3:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/route/v4alpha:pkg", + "//envoy/config/trace/v4alpha:pkg", + "//envoy/extensions/filters/network/http_connection_manager/v3:pkg", + "//envoy/type/tracing/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto new file mode 100644 index 0000000000000..226dc2727fc54 --- /dev/null +++ b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -0,0 +1,685 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.http_connection_manager.v4alpha; + +import "envoy/config/accesslog/v3/accesslog.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/protocol.proto"; +import "envoy/config/route/v4alpha/route.proto"; +import "envoy/config/route/v4alpha/scoped_route.proto"; +import "envoy/config/trace/v4alpha/trace.proto"; +import "envoy/type/tracing/v3/custom_tag.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v4alpha"; +option java_outer_classname = "HttpConnectionManagerProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP connection manager] +// HTTP connection manager :ref:`configuration overview `. +// [#extension: envoy.filters.network.http_connection_manager] + +// [#next-free-field: 37] +message HttpConnectionManager { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"; + + enum CodecType { + // For every new connection, the connection manager will determine which + // codec to use. This mode supports both ALPN for TLS listeners as well as + // protocol inference for plaintext listeners. If ALPN data is available, it + // is preferred, otherwise protocol inference is used. In almost all cases, + // this is the right option to choose for this setting. + AUTO = 0; + + // The connection manager will assume that the client is speaking HTTP/1.1. + HTTP1 = 1; + + // The connection manager will assume that the client is speaking HTTP/2 + // (Envoy does not require HTTP/2 to take place over TLS or to use ALPN. + // Prior knowledge is allowed). + HTTP2 = 2; + + // [#not-implemented-hide:] QUIC implementation is not production ready yet. Use this enum with + // caution to prevent accidental execution of QUIC code. I.e. `!= HTTP2` is no longer sufficient + // to distinguish HTTP1 and HTTP2 traffic. + HTTP3 = 3; + } + + enum ServerHeaderTransformation { + // Overwrite any Server header with the contents of server_name. + OVERWRITE = 0; + + // If no Server header is present, append Server server_name + // If a Server header is present, pass it through. + APPEND_IF_ABSENT = 1; + + // Pass through the value of the server header, and do not append a header + // if none is present. + PASS_THROUGH = 2; + } + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + enum ForwardClientCertDetails { + // Do not send the XFCC header to the next hop. This is the default value. + SANITIZE = 0; + + // When the client connection is mTLS (Mutual TLS), forward the XFCC header + // in the request. + FORWARD_ONLY = 1; + + // When the client connection is mTLS, append the client certificate + // information to the request’s XFCC header and forward it. + APPEND_FORWARD = 2; + + // When the client connection is mTLS, reset the XFCC header with the client + // certificate information and send it to the next hop. + SANITIZE_SET = 3; + + // Always forward the XFCC header in the request, regardless of whether the + // client connection is mTLS. + ALWAYS_FORWARD_ONLY = 4; + } + + // [#next-free-field: 10] + message Tracing { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.Tracing"; + + enum OperationName { + // The HTTP listener is used for ingress/incoming requests. + INGRESS = 0; + + // The HTTP listener is used for egress/outgoing requests. + EGRESS = 1; + } + + reserved 1, 2; + + reserved "operation_name", "request_headers_for_tags"; + + // Target percentage of requests managed by this HTTP connection manager that will be force + // traced if the :ref:`x-client-trace-id ` + // header is set. This field is a direct analog for the runtime variable + // 'tracing.client_sampling' in the :ref:`HTTP Connection Manager + // `. + // Default: 100% + type.v3.Percent client_sampling = 3; + + // Target percentage of requests managed by this HTTP connection manager that will be randomly + // selected for trace generation, if not requested by the client or not forced. This field is + // a direct analog for the runtime variable 'tracing.random_sampling' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.Percent random_sampling = 4; + + // Target percentage of requests managed by this HTTP connection manager that will be traced + // after all other sampling checks have been applied (client-directed, force tracing, random + // sampling). This field functions as an upper limit on the total configured sampling rate. For + // instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% + // of client requests with the appropriate headers to be force traced. This field is a direct + // analog for the runtime variable 'tracing.global_enabled' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.Percent overall_sampling = 5; + + // Whether to annotate spans with additional data. If true, spans will include logs for stream + // events. + bool verbose = 6; + + // Maximum length of the request path to extract and include in the HttpUrl tag. Used to + // truncate lengthy request paths to meet the needs of a tracing backend. + // Default: 256 + google.protobuf.UInt32Value max_path_tag_length = 7; + + // A list of custom tags with unique tag name to create tags for the active span. + repeated type.tracing.v3.CustomTag custom_tags = 8; + + // Configuration for an external tracing provider. + // If not specified, Envoy will fall back to using tracing provider configuration + // from the bootstrap config. + // [#not-implemented-hide:] + config.trace.v4alpha.Tracing.Http provider = 9; + } + + message InternalAddressConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager." + "InternalAddressConfig"; + + // Whether unix socket addresses should be considered internal. + bool unix_sockets = 1; + } + + // [#next-free-field: 7] + message SetCurrentClientCertDetails { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager." + "SetCurrentClientCertDetails"; + + reserved 2; + + // Whether to forward the subject of the client cert. Defaults to false. + google.protobuf.BoolValue subject = 1; + + // Whether to forward the entire client cert in URL encoded PEM format. This will appear in the + // XFCC header comma separated from other values with the value Cert="PEM". + // Defaults to false. + bool cert = 3; + + // Whether to forward the entire client cert chain (including the leaf cert) in URL encoded PEM + // format. This will appear in the XFCC header comma separated from other values with the value + // Chain="PEM". + // Defaults to false. + bool chain = 6; + + // Whether to forward the DNS type Subject Alternative Names of the client cert. + // Defaults to false. + bool dns = 4; + + // Whether to forward the URI type Subject Alternative Name of the client cert. Defaults to + // false. + bool uri = 5; + } + + // The configuration for HTTP upgrades. + // For each upgrade type desired, an UpgradeConfig must be added. + // + // .. warning:: + // + // The current implementation of upgrade headers does not handle + // multi-valued upgrade headers. Support for multi-valued headers may be + // added in the future if needed. + // + // .. warning:: + // The current implementation of upgrade headers does not work with HTTP/2 + // upstreams. + message UpgradeConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager." + "UpgradeConfig"; + + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] + // will be proxied upstream. + string upgrade_type = 1; + + // If present, this represents the filter chain which will be created for + // this type of upgrade. If no filters are present, the filter chain for + // HTTP connections will be used for this upgrade type. + repeated HttpFilter filters = 2; + + // Determines if upgrades are enabled or disabled by default. Defaults to true. + // This can be overridden on a per-route basis with :ref:`cluster + // ` as documented in the + // :ref:`upgrade documentation `. + google.protobuf.BoolValue enabled = 3; + } + + reserved 27, 11; + + reserved "idle_timeout"; + + // Supplies the type of codec that the connection manager should use. + CodecType codec_type = 1 [(validate.rules).enum = {defined_only: true}]; + + // The human readable prefix to use when emitting statistics for the + // connection manager. See the :ref:`statistics documentation ` for + // more information. + string stat_prefix = 2 [(validate.rules).string = {min_bytes: 1}]; + + oneof route_specifier { + option (validate.required) = true; + + // The connection manager’s route table will be dynamically loaded via the RDS API. + Rds rds = 3; + + // The route table for the connection manager is static and is specified in this property. + config.route.v4alpha.RouteConfiguration route_config = 4; + + // A route table will be dynamically assigned to each request based on request attributes + // (e.g., the value of a header). The "routing scopes" (i.e., route tables) and "scope keys" are + // specified in this message. + ScopedRoutes scoped_routes = 31; + } + + // A list of individual HTTP filters that make up the filter chain for + // requests made to the connection manager. Order matters as the filters are + // processed sequentially as request events happen. + repeated HttpFilter http_filters = 5; + + // Whether the connection manager manipulates the :ref:`config_http_conn_man_headers_user-agent` + // and :ref:`config_http_conn_man_headers_downstream-service-cluster` headers. See the linked + // documentation for more information. Defaults to false. + google.protobuf.BoolValue add_user_agent = 6; + + // Presence of the object defines whether the connection manager + // emits :ref:`tracing ` data to the :ref:`configured tracing provider + // `. + Tracing tracing = 7; + + // Additional settings for HTTP requests handled by the connection manager. These will be + // applicable to both HTTP1 and HTTP2 requests. + config.core.v4alpha.HttpProtocolOptions common_http_protocol_options = 35; + + // Additional HTTP/1 settings that are passed to the HTTP/1 codec. + config.core.v4alpha.Http1ProtocolOptions http_protocol_options = 8; + + // Additional HTTP/2 settings that are passed directly to the HTTP/2 codec. + config.core.v4alpha.Http2ProtocolOptions http2_protocol_options = 9; + + // An optional override that the connection manager will write to the server + // header in responses. If not set, the default is *envoy*. + string server_name = 10; + + // Defines the action to be applied to the Server header on the response path. + // By default, Envoy will overwrite the header with the value specified in + // server_name. + ServerHeaderTransformation server_header_transformation = 34 + [(validate.rules).enum = {defined_only: true}]; + + // The maximum request headers size for incoming connections. + // If unconfigured, the default max request headers allowed is 60 KiB. + // Requests that exceed this limit will receive a 431 response. + // The max configurable limit is 96 KiB, based on current implementation + // constraints. + google.protobuf.UInt32Value max_request_headers_kb = 29 + [(validate.rules).uint32 = {lte: 96 gt: 0}]; + + // The stream idle timeout for connections managed by the connection manager. + // If not specified, this defaults to 5 minutes. The default value was selected + // so as not to interfere with any smaller configured timeouts that may have + // existed in configurations prior to the introduction of this feature, while + // introducing robustness to TCP connections that terminate without a FIN. + // + // This idle timeout applies to new streams and is overridable by the + // :ref:`route-level idle_timeout + // `. Even on a stream in + // which the override applies, prior to receipt of the initial request + // headers, the :ref:`stream_idle_timeout + // ` + // applies. Each time an encode/decode event for headers or data is processed + // for the stream, the timer will be reset. If the timeout fires, the stream + // is terminated with a 408 Request Timeout error code if no upstream response + // header has been received, otherwise a stream reset occurs. + // + // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due + // to the granularity of events presented to the connection manager. For example, while receiving + // very large request headers, it may be the case that there is traffic regularly arriving on the + // wire while the connection manage is only able to observe the end-of-headers event, hence the + // stream may still idle timeout. + // + // A value of 0 will completely disable the connection manager stream idle + // timeout, although per-route idle timeout overrides will continue to apply. + google.protobuf.Duration stream_idle_timeout = 24; + + // The amount of time that Envoy will wait for the entire request to be received. + // The timer is activated when the request is initiated, and is disarmed when the last byte of the + // request is sent upstream (i.e. all decoding filters have processed the request), OR when the + // response is initiated. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_timeout = 28; + + // The time that Envoy will wait between sending an HTTP/2 “shutdown + // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. + // This is used so that Envoy provides a grace period for new streams that + // race with the final GOAWAY frame. During this grace period, Envoy will + // continue to accept new streams. After the grace period, a final GOAWAY + // frame is sent and Envoy will start refusing new streams. Draining occurs + // both when a connection hits the idle timeout or during general server + // draining. The default grace period is 5000 milliseconds (5 seconds) if this + // option is not specified. + google.protobuf.Duration drain_timeout = 12; + + // The delayed close timeout is for downstream connections managed by the HTTP connection manager. + // It is defined as a grace period after connection close processing has been locally initiated + // during which Envoy will wait for the peer to close (i.e., a TCP FIN/RST is received by Envoy + // from the downstream connection) prior to Envoy closing the socket associated with that + // connection. + // NOTE: This timeout is enforced even when the socket associated with the downstream connection + // is pending a flush of the write buffer. However, any progress made writing data to the socket + // will restart the timer associated with this timeout. This means that the total grace period for + // a socket in this state will be + // +. + // + // Delaying Envoy's connection close and giving the peer the opportunity to initiate the close + // sequence mitigates a race condition that exists when downstream clients do not drain/process + // data in a connection's receive buffer after a remote close has been detected via a socket + // write(). This race leads to such clients failing to process the response code sent by Envoy, + // which could result in erroneous downstream processing. + // + // If the timeout triggers, Envoy will close the connection's socket. + // + // The default timeout is 1000 ms if this option is not specified. + // + // .. NOTE:: + // To be useful in avoiding the race condition described above, this timeout must be set + // to *at least* +<100ms to account for + // a reasonable "worst" case processing time for a full iteration of Envoy's event loop>. + // + // .. WARNING:: + // A value of 0 will completely disable delayed close processing. When disabled, the downstream + // connection's socket will be closed immediately after the write flush is completed or will + // never close if the write flush does not complete. + google.protobuf.Duration delayed_close_timeout = 26; + + // Configuration for :ref:`HTTP access logs ` + // emitted by the connection manager. + repeated config.accesslog.v3.AccessLog access_log = 13; + + // If set to true, the connection manager will use the real remote address + // of the client connection when determining internal versus external origin and manipulating + // various headers. If set to false or absent, the connection manager will use the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for`, + // :ref:`config_http_conn_man_headers_x-envoy-internal`, and + // :ref:`config_http_conn_man_headers_x-envoy-external-address` for more information. + google.protobuf.BoolValue use_remote_address = 14; + + // The number of additional ingress proxy hops from the right side of the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when + // determining the origin client's IP address. The default is zero if this option + // is not specified. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. + uint32 xff_num_trusted_hops = 19; + + // Configures what network addresses are considered internal for stats and header sanitation + // purposes. If unspecified, only RFC1918 IP addresses will be considered internal. + // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more + // information about internal/external addresses. + InternalAddressConfig internal_address_config = 25; + + // If set, Envoy will not append the remote address to the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. This may be used in + // conjunction with HTTP filters that explicitly manipulate XFF after the HTTP connection manager + // has mutated the request headers. While :ref:`use_remote_address + // ` + // will also suppress XFF addition, it has consequences for logging and other + // Envoy uses of the remote address, so *skip_xff_append* should be used + // when only an elision of XFF addition is intended. + bool skip_xff_append = 21; + + // Via header value to append to request and response headers. If this is + // empty, no via header will be appended. + string via = 22; + + // Whether the connection manager will generate the :ref:`x-request-id + // ` header if it does not exist. This defaults to + // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature + // is not desired it can be disabled. + google.protobuf.BoolValue generate_request_id = 15; + + // Whether the connection manager will keep the :ref:`x-request-id + // ` header if passed for a request that is edge + // (Edge request is the request from external clients to front Envoy) and not reset it, which + // is the current Envoy behaviour. This defaults to false. + bool preserve_external_request_id = 32; + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + ForwardClientCertDetails forward_client_cert_details = 16 + [(validate.rules).enum = {defined_only: true}]; + + // This field is valid only when :ref:`forward_client_cert_details + // ` + // is APPEND_FORWARD or SANITIZE_SET and the client connection is mTLS. It specifies the fields in + // the client certificate to be forwarded. Note that in the + // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, *Hash* is always set, and + // *By* is always set when the client certificate presents the URI type Subject Alternative Name + // value. + SetCurrentClientCertDetails set_current_client_cert_details = 17; + + // If proxy_100_continue is true, Envoy will proxy incoming "Expect: + // 100-continue" headers upstream, and forward "100 Continue" responses + // downstream. If this is false or not set, Envoy will instead strip the + // "Expect: 100-continue" header, and send a "100 Continue" response itself. + bool proxy_100_continue = 18; + + // If + // :ref:`use_remote_address + // ` + // is true and represent_ipv4_remote_address_as_ipv4_mapped_ipv6 is true and the remote address is + // an IPv4 address, the address will be mapped to IPv6 before it is appended to *x-forwarded-for*. + // This is useful for testing compatibility of upstream services that parse the header value. For + // example, 50.0.0.1 is represented as ::FFFF:50.0.0.1. See `IPv4-Mapped IPv6 Addresses + // `_ for details. This will also affect the + // :ref:`config_http_conn_man_headers_x-envoy-external-address` header. See + // :ref:`http_connection_manager.represent_ipv4_remote_address_as_ipv4_mapped_ipv6 + // ` for runtime + // control. + // [#not-implemented-hide:] + bool represent_ipv4_remote_address_as_ipv4_mapped_ipv6 = 20; + + repeated UpgradeConfig upgrade_configs = 23; + + // Should paths be normalized according to RFC 3986 before any processing of + // requests by HTTP filters or routing? This affects the upstream *:path* header + // as well. For paths that fail this check, Envoy will respond with 400 to + // paths that are malformed. This defaults to false currently but will default + // true in the future. When not specified, this value may be overridden by the + // runtime variable + // :ref:`http_connection_manager.normalize_path`. + // See `Normalization and Comparison ` + // for details of normalization. + // Note that Envoy does not perform + // `case normalization ` + google.protobuf.BoolValue normalize_path = 30; + + // Determines if adjacent slashes in the path are merged into one before any processing of + // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without + // setting this option, incoming requests with path `//dir///file` will not match against route + // with `prefix` match set to `/dir`. Defaults to `false`. Note that slash merging is not part of + // `HTTP spec ` and is provided for convenience. + bool merge_slashes = 33; + + // The configuration of the request ID extension. This includes operations such as + // generation, validation, and associated tracing operations. + // + // If not set, Envoy uses the default UUID-based behavior: + // + // 1. Request ID is propagated using *x-request-id* header. + // + // 2. Request ID is a universally unique identifier (UUID). + // + // 3. Tracing decision (sampled, forced, etc) is set in 14th byte of the UUID. + RequestIDExtension request_id_extension = 36; +} + +message Rds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.Rds"; + + // Configuration source specifier for RDS. + config.core.v4alpha.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; + + // The name of the route configuration. This name will be passed to the RDS + // API. This allows an Envoy configuration with multiple HTTP listeners (and + // associated HTTP connection manager filters) to use different route + // configurations. + string route_config_name = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// This message is used to work around the limitations with 'oneof' and repeated fields. +message ScopedRouteConfigurationsList { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRouteConfigurationsList"; + + repeated config.route.v4alpha.ScopedRouteConfiguration scoped_route_configurations = 1 + [(validate.rules).repeated = {min_items: 1}]; +} + +// [#next-free-field: 6] +message ScopedRoutes { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes"; + + // Specifies the mechanism for constructing "scope keys" based on HTTP request attributes. These + // keys are matched against a set of :ref:`Key` + // objects assembled from :ref:`ScopedRouteConfiguration` + // messages distributed via SRDS (the Scoped Route Discovery Service) or assigned statically via + // :ref:`scoped_route_configurations_list`. + // + // Upon receiving a request's headers, the Router will build a key using the algorithm specified + // by this message. This key will be used to look up the routing table (i.e., the + // :ref:`RouteConfiguration`) to use for the request. + message ScopeKeyBuilder { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes.ScopeKeyBuilder"; + + // Specifies the mechanism for constructing key fragments which are composed into scope keys. + message FragmentBuilder { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes." + "ScopeKeyBuilder.FragmentBuilder"; + + // Specifies how the value of a header should be extracted. + // The following example maps the structure of a header to the fields in this message. + // + // .. code:: + // + // <0> <1> <-- index + // X-Header: a=b;c=d + // | || | + // | || \----> + // | || + // | |\----> + // | | + // | \----> + // | + // \----> + // + // Each 'a=b' key-value pair constitutes an 'element' of the header field. + message HeaderValueExtractor { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes." + "ScopeKeyBuilder.FragmentBuilder.HeaderValueExtractor"; + + // Specifies a header field's key value pair to match on. + message KvElement { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes." + "ScopeKeyBuilder.FragmentBuilder.HeaderValueExtractor.KvElement"; + + // The separator between key and value (e.g., '=' separates 'k=v;...'). + // If an element is an empty string, the element is ignored. + // If an element contains no separator, the whole element is parsed as key and the + // fragment value is an empty string. + // If there are multiple values for a matched key, the first value is returned. + string separator = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The key to match on. + string key = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + // The name of the header field to extract the value from. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The element separator (e.g., ';' separates 'a;b;c;d'). + // Default: empty string. This causes the entirety of the header field to be extracted. + // If this field is set to an empty string and 'index' is used in the oneof below, 'index' + // must be set to 0. + string element_separator = 2; + + oneof extract_type { + // Specifies the zero based index of the element to extract. + // Note Envoy concatenates multiple values of the same header key into a comma separated + // string, the splitting always happens after the concatenation. + uint32 index = 3; + + // Specifies the key value pair to extract the value from. + KvElement element = 4; + } + } + + oneof type { + option (validate.required) = true; + + // Specifies how a header field's value should be extracted. + HeaderValueExtractor header_value_extractor = 1; + } + } + + // The final(built) scope key consists of the ordered union of these fragments, which are compared in order with the + // fragments of a :ref:`ScopedRouteConfiguration`. + // A missing fragment during comparison will make the key invalid, i.e., the computed key doesn't match any key. + repeated FragmentBuilder fragments = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // The name assigned to the scoped routing configuration. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The algorithm to use for constructing a scope key for each request. + ScopeKeyBuilder scope_key_builder = 2 [(validate.rules).message = {required: true}]; + + // Configuration source specifier for RDS. + // This config source is used to subscribe to RouteConfiguration resources specified in + // ScopedRouteConfiguration messages. + config.core.v4alpha.ConfigSource rds_config_source = 3 + [(validate.rules).message = {required: true}]; + + oneof config_specifier { + option (validate.required) = true; + + // The set of routing scopes corresponding to the HCM. A scope is assigned to a request by + // matching a key constructed from the request's attributes according to the algorithm specified + // by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRouteConfigurationsList scoped_route_configurations_list = 4; + + // The set of routing scopes associated with the HCM will be dynamically loaded via the SRDS + // API. A scope is assigned to a request by matching a key constructed from the request's + // attributes according to the algorithm specified by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRds scoped_rds = 5; + } +} + +message ScopedRds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRds"; + + // Configuration source specifier for scoped RDS. + config.core.v4alpha.ConfigSource scoped_rds_config_source = 1 + [(validate.rules).message = {required: true}]; +} + +message HttpFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter"; + + reserved 3, 2; + + reserved "config"; + + // The name of the filter to instantiate. The name must match a + // :ref:`supported filter `. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Filter specific configuration which depends on the filter being instantiated. See the supported + // filters for further documentation. + oneof config_type { + google.protobuf.Any typed_config = 4; + } +} + +message RequestIDExtension { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.RequestIDExtension"; + + // Request ID extension specific configuration. + google.protobuf.Any typed_config = 1; +} diff --git a/api/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto b/api/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto index ea05c05f53be6..497e688f4c3d3 100644 --- a/api/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto +++ b/api/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.kafka_broker.v3"; option java_outer_classname = "KafkaBrokerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Kafka Broker] // Kafka Broker :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto b/api/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto index 52b52adebd83e..027bc0e3fc982 100644 --- a/api/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto +++ b/api/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.local_ratelimit.v3"; option java_outer_classname = "LocalRateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Local rate limit] // Local rate limit :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto b/api/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto index 8c62fcf08adf1..7bd17600d1456 100644 --- a/api/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto +++ b/api/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.mongo_proxy.v3"; option java_outer_classname = "MongoProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Mongo proxy] // MongoDB :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto b/api/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto index c9652141e48a7..663449b270358 100644 --- a/api/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto +++ b/api/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.mysql_proxy.v3"; option java_outer_classname = "MysqlProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: MySQL proxy] // MySQL Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto b/api/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto index 0f0c5b5a7ea5a..b92d3cee2541a 100644 --- a/api/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto +++ b/api/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.ratelimit.v3"; option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/rbac/v3/rbac.proto b/api/envoy/extensions/filters/network/rbac/v3/rbac.proto index 1f23c35ba25f8..e62f7b4c419e7 100644 --- a/api/envoy/extensions/filters/network/rbac/v3/rbac.proto +++ b/api/envoy/extensions/filters/network/rbac/v3/rbac.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.rbac.v3"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto b/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto index d5ccc08ece32e..a3341b5ac6067 100644 --- a/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto +++ b/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.redis_proxy.v3"; option java_outer_classname = "RedisProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Redis Proxy] // Redis Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto b/api/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto index 5fe81abafbae6..3d6f0ee234abb 100644 --- a/api/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto +++ b/api/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.sni_cluster.v3"; option java_outer_classname = "SniClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: SNI Cluster Filter] // Set the upstream cluster name from the SNI field in the TLS connection. diff --git a/api/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto b/api/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto index e3dc50a1c1618..3d305cadcf40a 100644 --- a/api/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto +++ b/api/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package envoy.extensions.filters.network.tcp_proxy.v3; import "envoy/config/accesslog/v3/accesslog.proto"; -import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; import "envoy/type/v3/hash_policy.proto"; @@ -17,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.tcp_proxy.v3"; option java_outer_classname = "TcpProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: TCP Proxy] // TCP Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto b/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto index 54beaec40b758..4fc3289ae33de 100644 --- a/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto +++ b/api/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3"; option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto b/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto index 4359ecd0c10f3..5ce18fd06233a 100644 --- a/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto +++ b/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.v3"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Thrift Proxy Route Configuration] // Thrift Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto b/api/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto index 7c0ed96ce9f54..74c71afb5424b 100644 --- a/api/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto +++ b/api/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.v3"; option java_outer_classname = "ThriftProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Thrift Proxy] // Thrift Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto b/api/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto index 9d85dad00781f..a90f777d79ec1 100644 --- a/api/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto +++ b/api/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.zookeeper_proxy.v3"; option java_outer_classname = "ZookeeperProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: ZooKeeper proxy] // ZooKeeper Proxy :ref:`configuration overview `. diff --git a/api/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto b/api/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto index 17ade45cad1f4..fb7adf4402880 100644 --- a/api/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto +++ b/api/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.retry.host.omit_host_metadata.v3"; option java_outer_classname = "OmitHostMetadataConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Omit host metadata retry predicate] diff --git a/api/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto b/api/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto index 7ad664e48e6ab..b6a4bbecbae8c 100644 --- a/api/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto +++ b/api/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.retry.priority.previous_priorities.v3"; option java_outer_classname = "PreviousPrioritiesConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Previous priorities retry selector] diff --git a/api/envoy/extensions/transport_sockets/alts/v3/alts.proto b/api/envoy/extensions/transport_sockets/alts/v3/alts.proto index 3c2509cba27c7..6c001be1c7461 100644 --- a/api/envoy/extensions/transport_sockets/alts/v3/alts.proto +++ b/api/envoy/extensions/transport_sockets/alts/v3/alts.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.alts.v3"; option java_outer_classname = "AltsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: ALTS] // [#extension: envoy.transport_sockets.alts] diff --git a/api/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto b/api/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto index 208e23b0b6f1e..85406c1f77135 100644 --- a/api/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto +++ b/api/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.raw_buffer.v3"; option java_outer_classname = "RawBufferProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Raw Buffer] // [#extension: envoy.transport_sockets.raw_buffer] diff --git a/api/envoy/extensions/transport_sockets/tap/v3/tap.proto b/api/envoy/extensions/transport_sockets/tap/v3/tap.proto index c4ffc2374d39b..ef61575f67f72 100644 --- a/api/envoy/extensions/transport_sockets/tap/v3/tap.proto +++ b/api/envoy/extensions/transport_sockets/tap/v3/tap.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tap.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap] // [#extension: envoy.transport_sockets.tap] diff --git a/api/envoy/extensions/transport_sockets/tap/v4alpha/BUILD b/api/envoy/extensions/transport_sockets/tap/v4alpha/BUILD new file mode 100644 index 0000000000000..76600e3dd2087 --- /dev/null +++ b/api/envoy/extensions/transport_sockets/tap/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/extensions/common/tap/v4alpha:pkg", + "//envoy/extensions/transport_sockets/tap/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/transport_sockets/tap/v4alpha/tap.proto b/api/envoy/extensions/transport_sockets/tap/v4alpha/tap.proto new file mode 100644 index 0000000000000..5e0efc403ab5d --- /dev/null +++ b/api/envoy/extensions/transport_sockets/tap/v4alpha/tap.proto @@ -0,0 +1,33 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tap.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/extensions/common/tap/v4alpha/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tap.v4alpha"; +option java_outer_classname = "TapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tap] +// [#extension: envoy.transport_sockets.tap] + +// Configuration for tap transport socket. This wraps another transport socket, providing the +// ability to interpose and record in plain text any traffic that is surfaced to Envoy. +message Tap { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tap.v3.Tap"; + + // Common configuration for the tap transport socket. + common.tap.v4alpha.CommonExtensionConfig common_config = 1 + [(validate.rules).message = {required: true}]; + + // The underlying transport socket being wrapped. + config.core.v4alpha.TransportSocket transport_socket = 2 + [(validate.rules).message = {required: true}]; +} diff --git a/api/envoy/extensions/transport_sockets/tls/v3/cert.proto b/api/envoy/extensions/transport_sockets/tls/v3/cert.proto index bb12085758aba..52b0c03a05825 100644 --- a/api/envoy/extensions/transport_sockets/tls/v3/cert.proto +++ b/api/envoy/extensions/transport_sockets/tls/v3/cert.proto @@ -19,7 +19,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3"; option java_outer_classname = "CertProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common TLS configuration] diff --git a/api/envoy/extensions/transport_sockets/tls/v4alpha/BUILD b/api/envoy/extensions/transport_sockets/tls/v4alpha/BUILD new file mode 100644 index 0000000000000..e56544584bfe2 --- /dev/null +++ b/api/envoy/extensions/transport_sockets/tls/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/extensions/transport_sockets/tls/v3:pkg", + "//envoy/type/matcher/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/extensions/transport_sockets/tls/v4alpha/cert.proto b/api/envoy/extensions/transport_sockets/tls/v4alpha/cert.proto new file mode 100644 index 0000000000000..6f6a58d08c1b9 --- /dev/null +++ b/api/envoy/extensions/transport_sockets/tls/v4alpha/cert.proto @@ -0,0 +1,508 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/type/matcher/v3/string.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v4alpha"; +option java_outer_classname = "CertProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Common TLS configuration] + +message TlsParameters { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.TlsParameters"; + + enum TlsProtocol { + // Envoy will choose the optimal TLS version. + TLS_AUTO = 0; + + // TLS 1.0 + TLSv1_0 = 1; + + // TLS 1.1 + TLSv1_1 = 2; + + // TLS 1.2 + TLSv1_2 = 3; + + // TLS 1.3 + TLSv1_3 = 4; + } + + // Minimum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_0`` for + // servers. + TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum = {defined_only: true}]; + + // Maximum TLS protocol version. By default, it's ``TLSv1_3`` for servers in non-FIPS builds, and + // ``TLSv1_2`` for clients and for servers using :ref:`BoringSSL FIPS `. + TlsProtocol tls_maximum_protocol_version = 2 [(validate.rules).enum = {defined_only: true}]; + + // If specified, the TLS listener will only support the specified `cipher list + // `_ + // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not + // specified, the default list will be used. + // + // In non-FIPS builds, the default cipher list is: + // + // .. code-block:: none + // + // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] + // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] + // ECDHE-ECDSA-AES128-SHA + // ECDHE-RSA-AES128-SHA + // AES128-GCM-SHA256 + // AES128-SHA + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // ECDHE-ECDSA-AES256-SHA + // ECDHE-RSA-AES256-SHA + // AES256-GCM-SHA384 + // AES256-SHA + // + // In builds using :ref:`BoringSSL FIPS `, the default cipher list is: + // + // .. code-block:: none + // + // ECDHE-ECDSA-AES128-GCM-SHA256 + // ECDHE-RSA-AES128-GCM-SHA256 + // ECDHE-ECDSA-AES128-SHA + // ECDHE-RSA-AES128-SHA + // AES128-GCM-SHA256 + // AES128-SHA + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // ECDHE-ECDSA-AES256-SHA + // ECDHE-RSA-AES256-SHA + // AES256-GCM-SHA384 + // AES256-SHA + repeated string cipher_suites = 3; + + // If specified, the TLS connection will only support the specified ECDH + // curves. If not specified, the default curves will be used. + // + // In non-FIPS builds, the default curves are: + // + // .. code-block:: none + // + // X25519 + // P-256 + // + // In builds using :ref:`BoringSSL FIPS `, the default curve is: + // + // .. code-block:: none + // + // P-256 + repeated string ecdh_curves = 4; +} + +// BoringSSL private key method configuration. The private key methods are used for external +// (potentially asynchronous) signing and decryption operations. Some use cases for private key +// methods would be TPM support and TLS acceleration. +message PrivateKeyProvider { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider"; + + reserved 2; + + reserved "config"; + + // Private key method provider name. The name must match a + // supported private key method provider type. + string provider_name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Private key method provider specific configuration. + oneof config_type { + google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true]; + } +} + +// [#next-free-field: 7] +message TlsCertificate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.TlsCertificate"; + + // The TLS certificate chain. + config.core.v4alpha.DataSource certificate_chain = 1; + + // The TLS private key. + config.core.v4alpha.DataSource private_key = 2 [(udpa.annotations.sensitive) = true]; + + // BoringSSL private key method provider. This is an alternative to :ref:`private_key + // ` field. This can't be + // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key + // ` and + // :ref:`private_key_provider + // ` fields will result in an + // error. + PrivateKeyProvider private_key_provider = 6; + + // The password to decrypt the TLS private key. If this field is not set, it is assumed that the + // TLS private key is not password encrypted. + config.core.v4alpha.DataSource password = 3 [(udpa.annotations.sensitive) = true]; + + // [#not-implemented-hide:] + config.core.v4alpha.DataSource ocsp_staple = 4; + + // [#not-implemented-hide:] + repeated config.core.v4alpha.DataSource signed_certificate_timestamp = 5; +} + +message TlsSessionTicketKeys { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys"; + + // Keys for encrypting and decrypting TLS session tickets. The + // first key in the array contains the key to encrypt all new sessions created by this context. + // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys + // by, for example, putting the new key first, and the previous key second. + // + // If :ref:`session_ticket_keys ` + // is not specified, the TLS library will still support resuming sessions via tickets, but it will + // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts + // or on different hosts. + // + // Each key must contain exactly 80 bytes of cryptographically-secure random data. For + // example, the output of ``openssl rand 80``. + // + // .. attention:: + // + // Using this feature has serious security considerations and risks. Improper handling of keys + // may result in loss of secrecy in connections, even if ciphers supporting perfect forward + // secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some + // discussion. To minimize the risk, you must: + // + // * Keep the session ticket keys at least as secure as your TLS certificate private keys + // * Rotate session ticket keys at least daily, and preferably hourly + // * Always generate keys using a cryptographically-secure random data source + repeated config.core.v4alpha.DataSource keys = 1 + [(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true]; +} + +// [#next-free-field: 11] +message CertificateValidationContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext"; + + // Peer certificate verification mode. + enum TrustChainVerification { + // Perform default certificate verification (e.g., against CA / verification lists) + VERIFY_TRUST_CHAIN = 0; + + // Connections where the certificate fails verification will be permitted. + // For HTTP connections, the result of certificate verification can be used in route matching. ( + // see :ref:`validated ` ). + ACCEPT_UNTRUSTED = 1; + } + + reserved 4; + + reserved "verify_subject_alt_name"; + + // TLS certificate data containing certificate authority certificates to use in verifying + // a presented peer certificate (e.g. server certificate for clusters or client certificate + // for listeners). If not specified and a peer certificate is presented it will not be + // verified. By default, a client certificate is optional, unless one of the additional + // options (:ref:`require_client_certificate + // `, + // :ref:`verify_certificate_spki + // `, + // :ref:`verify_certificate_hash + // `, or + // :ref:`match_subject_alt_names + // `) is also + // specified. + // + // It can optionally contain certificate revocation lists, in which case Envoy will verify + // that the presented peer certificate has not been revoked by one of the included CRLs. + // + // See :ref:`the TLS overview ` for a list of common + // system CA locations. + config.core.v4alpha.DataSource trusted_ca = 1; + + // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the + // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate + // matches one of the specified values. + // + // A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate + // can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -noout -pubkey + // | openssl pkey -pubin -outform DER + // | openssl dgst -sha256 -binary + // | openssl enc -base64 + // NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A= + // + // This is the format used in HTTP Public Key Pinning. + // + // When both: + // :ref:`verify_certificate_hash + // ` and + // :ref:`verify_certificate_spki + // ` are specified, + // a hash matching value from either of the lists will result in the certificate being accepted. + // + // .. attention:: + // + // This option is preferred over :ref:`verify_certificate_hash + // `, + // because SPKI is tied to a private key, so it doesn't change when the certificate + // is renewed using the same private key. + repeated string verify_certificate_spki = 3 + [(validate.rules).repeated = {items {string {min_bytes: 44 max_bytes: 44}}}]; + + // An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that + // the SHA-256 of the DER-encoded presented certificate matches one of the specified values. + // + // A hex-encoded SHA-256 of the certificate can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2 + // df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a + // + // A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate + // can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2 + // DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A + // + // Both of those formats are acceptable. + // + // When both: + // :ref:`verify_certificate_hash + // ` and + // :ref:`verify_certificate_spki + // ` are specified, + // a hash matching value from either of the lists will result in the certificate being accepted. + repeated string verify_certificate_hash = 2 + [(validate.rules).repeated = {items {string {min_bytes: 64 max_bytes: 95}}}]; + + // An optional list of Subject Alternative name matchers. Envoy will verify that the + // Subject Alternative Name of the presented certificate matches one of the specified matches. + // + // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be + // configured with exact match type in the :ref:`string matcher `. + // For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com", + // it should be configured as shown below. + // + // .. code-block:: yaml + // + // match_subject_alt_names: + // exact: "api.example.com" + // + // .. attention:: + // + // Subject Alternative Names are easily spoofable and verifying only them is insecure, + // therefore this option must be used together with :ref:`trusted_ca + // `. + repeated type.matcher.v3.StringMatcher match_subject_alt_names = 9; + + // [#not-implemented-hide:] Must present a signed time-stamped OCSP response. + google.protobuf.BoolValue require_ocsp_staple = 5; + + // [#not-implemented-hide:] Must present signed certificate time-stamp. + google.protobuf.BoolValue require_signed_certificate_timestamp = 6; + + // An optional `certificate revocation list + // `_ + // (in PEM format). If specified, Envoy will verify that the presented peer + // certificate has not been revoked by this CRL. If this DataSource contains + // multiple CRLs, all of them will be used. + config.core.v4alpha.DataSource crl = 7; + + // If specified, Envoy will not reject expired certificates. + bool allow_expired_certificate = 8; + + // Certificate trust chain verification mode. + TrustChainVerification trust_chain_verification = 10 + [(validate.rules).enum = {defined_only: true}]; +} + +// TLS context shared by both client and server TLS contexts. +// [#next-free-field: 9] +message CommonTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.CommonTlsContext"; + + message CombinedCertificateValidationContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.CommonTlsContext." + "CombinedCertificateValidationContext"; + + // How to validate peer certificates. + CertificateValidationContext default_validation_context = 1 + [(validate.rules).message = {required: true}]; + + // Config for fetching validation context via SDS API. + SdsSecretConfig validation_context_sds_secret_config = 2 + [(validate.rules).message = {required: true}]; + } + + reserved 5; + + // TLS protocol versions, cipher suites etc. + TlsParameters tls_params = 1; + + // :ref:`Multiple TLS certificates ` can be associated with the + // same context to allow both RSA and ECDSA certificates. + // + // Only a single TLS certificate is supported in client contexts. In server contexts, the first + // RSA certificate is used for clients that only support RSA and the first ECDSA certificate is + // used for clients that support ECDSA. + repeated TlsCertificate tls_certificates = 2; + + // Configs for fetching TLS certificates via SDS API. + repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6 + [(validate.rules).repeated = {max_items: 1}]; + + oneof validation_context_type { + // How to validate peer certificates. + CertificateValidationContext validation_context = 3; + + // Config for fetching validation context via SDS API. + SdsSecretConfig validation_context_sds_secret_config = 7; + + // Combined certificate validation context holds a default CertificateValidationContext + // and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic + // and default CertificateValidationContext are merged into a new CertificateValidationContext + // for validation. This merge is done by Message::MergeFrom(), so dynamic + // CertificateValidationContext overwrites singular fields in default + // CertificateValidationContext, and concatenates repeated fields to default + // CertificateValidationContext, and logical OR is applied to boolean fields. + CombinedCertificateValidationContext combined_validation_context = 8; + } + + // Supplies the list of ALPN protocols that the listener should expose. In + // practice this is likely to be set to one of two values (see the + // :ref:`codec_type + // ` + // parameter in the HTTP connection manager for more information): + // + // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1. + // * "http/1.1" If the listener is only going to support HTTP/1.1. + // + // There is no default for this parameter. If empty, Envoy will not expose ALPN. + repeated string alpn_protocols = 4; +} + +message UpstreamTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext"; + + // Common TLS context settings. + // + // .. attention:: + // + // Server certificate verification is not enabled by default. Configure + // :ref:`trusted_ca` to enable + // verification. + CommonTlsContext common_tls_context = 1; + + // SNI string to use when creating TLS backend connections. + string sni = 2 [(validate.rules).string = {max_bytes: 255}]; + + // If true, server-initiated TLS renegotiation will be allowed. + // + // .. attention:: + // + // TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary. + bool allow_renegotiation = 3; + + // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets + // for TLSv1.2 and older) to store for the purpose of session resumption. + // + // Defaults to 1, setting this to 0 disables session resumption. + google.protobuf.UInt32Value max_session_keys = 4; +} + +// [#next-free-field: 7] +message DownstreamTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext"; + + // Common TLS context settings. + CommonTlsContext common_tls_context = 1; + + // If specified, Envoy will reject connections without a valid client + // certificate. + google.protobuf.BoolValue require_client_certificate = 2; + + // If specified, Envoy will reject connections without a valid and matching SNI. + // [#not-implemented-hide:] + google.protobuf.BoolValue require_sni = 3; + + oneof session_ticket_keys_type { + // TLS session ticket key settings. + TlsSessionTicketKeys session_ticket_keys = 4; + + // Config for fetching TLS session ticket keys via SDS API. + SdsSecretConfig session_ticket_keys_sds_secret_config = 5; + } + + // If specified, session_timeout will change maximum lifetime (in seconds) of TLS session + // Currently this value is used as a hint to `TLS session ticket lifetime (for TLSv1.2) + // ` + // only seconds could be specified (fractional seconds are going to be ignored). + google.protobuf.Duration session_timeout = 6 [(validate.rules).duration = { + lt {seconds: 4294967296} + gte {} + }]; +} + +message GenericSecret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.GenericSecret"; + + // Secret of generic type and is available to filters. + config.core.v4alpha.DataSource secret = 1 [(udpa.annotations.sensitive) = true]; +} + +message SdsSecretConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig"; + + // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. + // When both name and config are specified, then secret can be fetched and/or reloaded via + // SDS. When only name is specified, then secret will be loaded from static resources. + string name = 1; + + config.core.v4alpha.ConfigSource sds_config = 2; +} + +// [#next-free-field: 6] +message Secret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.Secret"; + + // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. + string name = 1; + + oneof type { + TlsCertificate tls_certificate = 2; + + TlsSessionTicketKeys session_ticket_keys = 3; + + CertificateValidationContext validation_context = 4; + + GenericSecret generic_secret = 5; + } +} diff --git a/api/envoy/extensions/wasm/v3/wasm.proto b/api/envoy/extensions/wasm/v3/wasm.proto index 2c9d22148569d..8cbaf20a39061 100644 --- a/api/envoy/extensions/wasm/v3/wasm.proto +++ b/api/envoy/extensions/wasm/v3/wasm.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.wasm.v3"; option java_outer_classname = "WasmProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Wasm service] diff --git a/api/envoy/service/accesslog/v2/als.proto b/api/envoy/service/accesslog/v2/als.proto index 19cc14a89bc17..bbd871ff83a4a 100644 --- a/api/envoy/service/accesslog/v2/als.proto +++ b/api/envoy/service/accesslog/v2/als.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.service.accesslog.v2"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/api/envoy/service/accesslog/v3/als.proto b/api/envoy/service/accesslog/v3/als.proto index 6ded214888cb4..3f5e37325cc5c 100644 --- a/api/envoy/service/accesslog/v3/als.proto +++ b/api/envoy/service/accesslog/v3/als.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.accesslog.v3"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/api/envoy/service/auth/v2/attribute_context.proto b/api/envoy/service/auth/v2/attribute_context.proto index 59d240090b378..16ac3ee23d49c 100644 --- a/api/envoy/service/auth/v2/attribute_context.proto +++ b/api/envoy/service/auth/v2/attribute_context.proto @@ -12,7 +12,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.service.auth.v2"; option java_outer_classname = "AttributeContextProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Attribute Context ] diff --git a/api/envoy/service/auth/v2/external_auth.proto b/api/envoy/service/auth/v2/external_auth.proto index 0d1f227ed01c8..0f580fe7dc346 100644 --- a/api/envoy/service/auth/v2/external_auth.proto +++ b/api/envoy/service/auth/v2/external_auth.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.auth.v2"; option java_outer_classname = "ExternalAuthProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Authorization Service ] diff --git a/api/envoy/service/auth/v3/attribute_context.proto b/api/envoy/service/auth/v3/attribute_context.proto index 3d47dead3f1f2..3c4fe0af665ea 100644 --- a/api/envoy/service/auth/v3/attribute_context.proto +++ b/api/envoy/service/auth/v3/attribute_context.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.service.auth.v3"; option java_outer_classname = "AttributeContextProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Attribute Context ] diff --git a/api/envoy/service/auth/v3/external_auth.proto b/api/envoy/service/auth/v3/external_auth.proto index 22ea971683523..b93b61a3bde95 100644 --- a/api/envoy/service/auth/v3/external_auth.proto +++ b/api/envoy/service/auth/v3/external_auth.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.auth.v3"; option java_outer_classname = "ExternalAuthProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Authorization Service ] diff --git a/api/envoy/service/cluster/v3/cds.proto b/api/envoy/service/cluster/v3/cds.proto index b0ac811972921..100ecad39a968 100644 --- a/api/envoy/service/cluster/v3/cds.proto +++ b/api/envoy/service/cluster/v3/cds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.cluster.v3"; option java_outer_classname = "CdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: CDS] diff --git a/api/envoy/service/discovery/v2/ads.proto b/api/envoy/service/discovery/v2/ads.proto index 9dbaf45415546..d70e0cdc8e149 100644 --- a/api/envoy/service/discovery/v2/ads.proto +++ b/api/envoy/service/discovery/v2/ads.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.service.discovery.v2"; option java_outer_classname = "AdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Aggregated Discovery Service (ADS)] diff --git a/api/envoy/service/discovery/v2/hds.proto b/api/envoy/service/discovery/v2/hds.proto index 00f928655700d..76f91c5a456de 100644 --- a/api/envoy/service/discovery/v2/hds.proto +++ b/api/envoy/service/discovery/v2/hds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "HdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.health.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health Discovery Service (HDS)] diff --git a/api/envoy/service/discovery/v2/rtds.proto b/api/envoy/service/discovery/v2/rtds.proto index 43803f03100bf..713ac277072bf 100644 --- a/api/envoy/service/discovery/v2/rtds.proto +++ b/api/envoy/service/discovery/v2/rtds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "RtdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.runtime.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Runtime Discovery Service (RTDS)] // RTDS :ref:`configuration overview ` diff --git a/api/envoy/service/discovery/v2/sds.proto b/api/envoy/service/discovery/v2/sds.proto index f0b6846b5912d..4d01d475c59bc 100644 --- a/api/envoy/service/discovery/v2/sds.proto +++ b/api/envoy/service/discovery/v2/sds.proto @@ -15,7 +15,7 @@ option java_outer_classname = "SdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.secret.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Secret Discovery Service (SDS)] diff --git a/api/envoy/service/discovery/v3/ads.proto b/api/envoy/service/discovery/v3/ads.proto index d2c81f8ddc766..03021559ab669 100644 --- a/api/envoy/service/discovery/v3/ads.proto +++ b/api/envoy/service/discovery/v3/ads.proto @@ -11,7 +11,7 @@ option java_package = "io.envoyproxy.envoy.service.discovery.v3"; option java_outer_classname = "AdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Aggregated Discovery Service (ADS)] diff --git a/api/envoy/service/discovery/v3/discovery.proto b/api/envoy/service/discovery/v3/discovery.proto index 9ac8349c268bb..b8e31160a88b8 100644 --- a/api/envoy/service/discovery/v3/discovery.proto +++ b/api/envoy/service/discovery/v3/discovery.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.service.discovery.v3"; option java_outer_classname = "DiscoveryProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common discovery API components] diff --git a/api/envoy/service/endpoint/v3/eds.proto b/api/envoy/service/endpoint/v3/eds.proto index a339d33a3bcd6..e1a8494afc8f2 100644 --- a/api/envoy/service/endpoint/v3/eds.proto +++ b/api/envoy/service/endpoint/v3/eds.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.service.endpoint.v3"; option java_outer_classname = "EdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: EDS] // Endpoint discovery :ref:`architecture overview ` diff --git a/api/envoy/service/event_reporting/v2alpha/event_reporting_service.proto b/api/envoy/service/event_reporting/v2alpha/event_reporting_service.proto index 3b073253ba96f..8d07f04640caf 100644 --- a/api/envoy/service/event_reporting/v2alpha/event_reporting_service.proto +++ b/api/envoy/service/event_reporting/v2alpha/event_reporting_service.proto @@ -15,7 +15,7 @@ option java_outer_classname = "EventReportingServiceProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.event_reporting.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Event Reporting Service] diff --git a/api/envoy/service/event_reporting/v3/event_reporting_service.proto b/api/envoy/service/event_reporting/v3/event_reporting_service.proto index d53358470d711..6f0b325902fb2 100644 --- a/api/envoy/service/event_reporting/v3/event_reporting_service.proto +++ b/api/envoy/service/event_reporting/v3/event_reporting_service.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.event_reporting.v3"; option java_outer_classname = "EventReportingServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Event Reporting Service] diff --git a/api/envoy/service/health/v3/hds.proto b/api/envoy/service/health/v3/hds.proto index 9b6dbf7bfa061..0b09134709c82 100644 --- a/api/envoy/service/health/v3/hds.proto +++ b/api/envoy/service/health/v3/hds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.health.v3"; option java_outer_classname = "HdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health Discovery Service (HDS)] diff --git a/api/envoy/service/listener/v3/lds.proto b/api/envoy/service/listener/v3/lds.proto index ed1f2dc9e959b..a7a8260619f7c 100644 --- a/api/envoy/service/listener/v3/lds.proto +++ b/api/envoy/service/listener/v3/lds.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.service.listener.v3"; option java_outer_classname = "LdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listener] // Listener :ref:`configuration overview ` diff --git a/api/envoy/service/load_stats/v2/lrs.proto b/api/envoy/service/load_stats/v2/lrs.proto index 76f728a4b94b0..a71039e7ceeb0 100644 --- a/api/envoy/service/load_stats/v2/lrs.proto +++ b/api/envoy/service/load_stats/v2/lrs.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.load_stats.v2"; option java_outer_classname = "LrsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Load reporting service] diff --git a/api/envoy/service/load_stats/v3/lrs.proto b/api/envoy/service/load_stats/v3/lrs.proto index ee4de2540f0b1..ce48574826a90 100644 --- a/api/envoy/service/load_stats/v3/lrs.proto +++ b/api/envoy/service/load_stats/v3/lrs.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.load_stats.v3"; option java_outer_classname = "LrsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Load reporting service] diff --git a/api/envoy/service/metrics/v2/metrics_service.proto b/api/envoy/service/metrics/v2/metrics_service.proto index 2df051c829929..aa5e703850155 100644 --- a/api/envoy/service/metrics/v2/metrics_service.proto +++ b/api/envoy/service/metrics/v2/metrics_service.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.metrics.v2"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metrics service] diff --git a/api/envoy/service/metrics/v3/metrics_service.proto b/api/envoy/service/metrics/v3/metrics_service.proto index 2ecb78086ca1b..033c168c32ba1 100644 --- a/api/envoy/service/metrics/v3/metrics_service.proto +++ b/api/envoy/service/metrics/v3/metrics_service.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.metrics.v3"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metrics service] diff --git a/api/envoy/service/ratelimit/v2/rls.proto b/api/envoy/service/ratelimit/v2/rls.proto index 0ca5da8c02b72..123990638b78d 100644 --- a/api/envoy/service/ratelimit/v2/rls.proto +++ b/api/envoy/service/ratelimit/v2/rls.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.ratelimit.v2"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate Limit Service (RLS)] diff --git a/api/envoy/service/ratelimit/v3/rls.proto b/api/envoy/service/ratelimit/v3/rls.proto index ecad5fdc25664..b3bfc73b28c8b 100644 --- a/api/envoy/service/ratelimit/v3/rls.proto +++ b/api/envoy/service/ratelimit/v3/rls.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.ratelimit.v3"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate Limit Service (RLS)] diff --git a/api/envoy/service/route/v3/rds.proto b/api/envoy/service/route/v3/rds.proto index 6b2155cc42d70..3a2c432fd8b2e 100644 --- a/api/envoy/service/route/v3/rds.proto +++ b/api/envoy/service/route/v3/rds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.route.v3"; option java_outer_classname = "RdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: RDS] diff --git a/api/envoy/service/route/v3/srds.proto b/api/envoy/service/route/v3/srds.proto index 90d3d44de971d..7a7f8f7d3a3fa 100644 --- a/api/envoy/service/route/v3/srds.proto +++ b/api/envoy/service/route/v3/srds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.route.v3"; option java_outer_classname = "SrdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: SRDS] // * Routing :ref:`architecture overview ` diff --git a/api/envoy/service/runtime/v3/rtds.proto b/api/envoy/service/runtime/v3/rtds.proto index e53ef4a26b62f..b12844233883a 100644 --- a/api/envoy/service/runtime/v3/rtds.proto +++ b/api/envoy/service/runtime/v3/rtds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.runtime.v3"; option java_outer_classname = "RtdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Runtime Discovery Service (RTDS)] // RTDS :ref:`configuration overview ` diff --git a/api/envoy/service/secret/v3/sds.proto b/api/envoy/service/secret/v3/sds.proto index d8ec771f035de..3c9441d7c7608 100644 --- a/api/envoy/service/secret/v3/sds.proto +++ b/api/envoy/service/secret/v3/sds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.secret.v3"; option java_outer_classname = "SdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Secret Discovery Service (SDS)] diff --git a/api/envoy/service/status/v2/csds.proto b/api/envoy/service/status/v2/csds.proto index 81eb615c0806b..2233f3cef7710 100644 --- a/api/envoy/service/status/v2/csds.proto +++ b/api/envoy/service/status/v2/csds.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.status.v2"; option java_outer_classname = "CsdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Client Status Discovery Service (CSDS)] diff --git a/api/envoy/service/status/v3/csds.proto b/api/envoy/service/status/v3/csds.proto index 7e8995ba4f400..3347def21d8f9 100644 --- a/api/envoy/service/status/v3/csds.proto +++ b/api/envoy/service/status/v3/csds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.status.v3"; option java_outer_classname = "CsdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Client Status Discovery Service (CSDS)] diff --git a/api/envoy/service/tap/v2alpha/common.proto b/api/envoy/service/tap/v2alpha/common.proto index 5452eb777d4d2..990a3826481bd 100644 --- a/api/envoy/service/tap/v2alpha/common.proto +++ b/api/envoy/service/tap/v2alpha/common.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v2alpha"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.tap.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common tap configuration] diff --git a/api/envoy/service/tap/v2alpha/tap.proto b/api/envoy/service/tap/v2alpha/tap.proto index b956968636236..9fd18eae5d361 100644 --- a/api/envoy/service/tap/v2alpha/tap.proto +++ b/api/envoy/service/tap/v2alpha/tap.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v2alpha"; option java_outer_classname = "TapProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap Sink Service] diff --git a/api/envoy/service/tap/v2alpha/tapds.proto b/api/envoy/service/tap/v2alpha/tapds.proto index deb6410568d56..81b9cb0e447bd 100644 --- a/api/envoy/service/tap/v2alpha/tapds.proto +++ b/api/envoy/service/tap/v2alpha/tapds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v2alpha"; option java_outer_classname = "TapdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap discovery service] diff --git a/api/envoy/service/tap/v3/tap.proto b/api/envoy/service/tap/v3/tap.proto index 61a0cef9be230..080aba215c10d 100644 --- a/api/envoy/service/tap/v3/tap.proto +++ b/api/envoy/service/tap/v3/tap.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap Sink Service] diff --git a/api/envoy/service/tap/v3/tapds.proto b/api/envoy/service/tap/v3/tapds.proto index a991a246fb177..51393d6e14c7d 100644 --- a/api/envoy/service/tap/v3/tapds.proto +++ b/api/envoy/service/tap/v3/tapds.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v3"; option java_outer_classname = "TapdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap discovery service] diff --git a/api/envoy/service/trace/v2/trace_service.proto b/api/envoy/service/trace/v2/trace_service.proto index d411144677309..48e65820b387c 100644 --- a/api/envoy/service/trace/v2/trace_service.proto +++ b/api/envoy/service/trace/v2/trace_service.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.trace.v2"; option java_outer_classname = "TraceServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Trace service] diff --git a/api/envoy/service/trace/v3/trace_service.proto b/api/envoy/service/trace/v3/trace_service.proto index a81d42674a3f0..facaa9211c92b 100644 --- a/api/envoy/service/trace/v3/trace_service.proto +++ b/api/envoy/service/trace/v3/trace_service.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.trace.v3"; option java_outer_classname = "TraceServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Trace service] diff --git a/api/envoy/type/hash_policy.proto b/api/envoy/type/hash_policy.proto index 543285608f6d6..b6aeb31fcbfde 100644 --- a/api/envoy/type/hash_policy.proto +++ b/api/envoy/type/hash_policy.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "HashPolicyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Hash Policy] diff --git a/api/envoy/type/http.proto b/api/envoy/type/http.proto index 1b857316e0bde..c1c787411fad8 100644 --- a/api/envoy/type/http.proto +++ b/api/envoy/type/http.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP] diff --git a/api/envoy/type/http_status.proto b/api/envoy/type/http_status.proto index 2f8f350d178c5..99b44a98c2512 100644 --- a/api/envoy/type/http_status.proto +++ b/api/envoy/type/http_status.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "HttpStatusProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP status codes] diff --git a/api/envoy/type/matcher/metadata.proto b/api/envoy/type/matcher/metadata.proto index 6e911095ec6c3..2cbc602564c59 100644 --- a/api/envoy/type/matcher/metadata.proto +++ b/api/envoy/type/matcher/metadata.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metadata matcher] diff --git a/api/envoy/type/matcher/node.proto b/api/envoy/type/matcher/node.proto index 0060dc06b2564..c9e84a46279ab 100644 --- a/api/envoy/type/matcher/node.proto +++ b/api/envoy/type/matcher/node.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "NodeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Node matcher] diff --git a/api/envoy/type/matcher/number.proto b/api/envoy/type/matcher/number.proto index e70ea9a7bec2c..e488f16a4a0c9 100644 --- a/api/envoy/type/matcher/number.proto +++ b/api/envoy/type/matcher/number.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "NumberProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Number matcher] diff --git a/api/envoy/type/matcher/path.proto b/api/envoy/type/matcher/path.proto index ebadc954df08c..860a1c69f18a8 100644 --- a/api/envoy/type/matcher/path.proto +++ b/api/envoy/type/matcher/path.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "PathProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Path matcher] diff --git a/api/envoy/type/matcher/regex.proto b/api/envoy/type/matcher/regex.proto index 92bec3595702b..78b4a2c1d61e6 100644 --- a/api/envoy/type/matcher/regex.proto +++ b/api/envoy/type/matcher/regex.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "RegexProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Regex matcher] diff --git a/api/envoy/type/matcher/string.proto b/api/envoy/type/matcher/string.proto index 522f405019e1f..431043e00ec1f 100644 --- a/api/envoy/type/matcher/string.proto +++ b/api/envoy/type/matcher/string.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "StringProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: String matcher] diff --git a/api/envoy/type/matcher/struct.proto b/api/envoy/type/matcher/struct.proto index 7f0616b527ca5..f65b1d121845a 100644 --- a/api/envoy/type/matcher/struct.proto +++ b/api/envoy/type/matcher/struct.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "StructProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Struct matcher] diff --git a/api/envoy/type/matcher/v3/metadata.proto b/api/envoy/type/matcher/v3/metadata.proto index 918f4980908f3..65ec4f47ffff5 100644 --- a/api/envoy/type/matcher/v3/metadata.proto +++ b/api/envoy/type/matcher/v3/metadata.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata matcher] diff --git a/api/envoy/type/matcher/v3/node.proto b/api/envoy/type/matcher/v3/node.proto index a446104851ec2..fe507312135ff 100644 --- a/api/envoy/type/matcher/v3/node.proto +++ b/api/envoy/type/matcher/v3/node.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "NodeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Node matcher] diff --git a/api/envoy/type/matcher/v3/number.proto b/api/envoy/type/matcher/v3/number.proto index e054b4bc05541..2379efdcbd23a 100644 --- a/api/envoy/type/matcher/v3/number.proto +++ b/api/envoy/type/matcher/v3/number.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "NumberProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Number matcher] diff --git a/api/envoy/type/matcher/v3/path.proto b/api/envoy/type/matcher/v3/path.proto index 3fe9867aaf9c8..0ce89871c9d9f 100644 --- a/api/envoy/type/matcher/v3/path.proto +++ b/api/envoy/type/matcher/v3/path.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "PathProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Path matcher] diff --git a/api/envoy/type/matcher/v3/regex.proto b/api/envoy/type/matcher/v3/regex.proto index 3d0075bc33bf5..393274794abf4 100644 --- a/api/envoy/type/matcher/v3/regex.proto +++ b/api/envoy/type/matcher/v3/regex.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "RegexProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Regex matcher] diff --git a/api/envoy/type/matcher/v3/string.proto b/api/envoy/type/matcher/v3/string.proto index 021c3532e32f3..77fe48ac74cfc 100644 --- a/api/envoy/type/matcher/v3/string.proto +++ b/api/envoy/type/matcher/v3/string.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "StringProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: String matcher] diff --git a/api/envoy/type/matcher/v3/struct.proto b/api/envoy/type/matcher/v3/struct.proto index f08ed96df8536..b88d7b11bc2a9 100644 --- a/api/envoy/type/matcher/v3/struct.proto +++ b/api/envoy/type/matcher/v3/struct.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "StructProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Struct matcher] diff --git a/api/envoy/type/matcher/v3/value.proto b/api/envoy/type/matcher/v3/value.proto index 87465c5ead8cf..040332273ba35 100644 --- a/api/envoy/type/matcher/v3/value.proto +++ b/api/envoy/type/matcher/v3/value.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "ValueProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Value matcher] diff --git a/api/envoy/type/matcher/value.proto b/api/envoy/type/matcher/value.proto index e241a6edb4534..aaecd14e8ecd4 100644 --- a/api/envoy/type/matcher/value.proto +++ b/api/envoy/type/matcher/value.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "ValueProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Value matcher] diff --git a/api/envoy/type/metadata/v2/metadata.proto b/api/envoy/type/metadata/v2/metadata.proto index f8c9fe08c13b8..43a1a7ca92750 100644 --- a/api/envoy/type/metadata/v2/metadata.proto +++ b/api/envoy/type/metadata/v2/metadata.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.type.metadata.v2"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.type.metadata.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metadata] diff --git a/api/envoy/type/metadata/v3/metadata.proto b/api/envoy/type/metadata/v3/metadata.proto index a981e8c1b7a23..ddcce68820573 100644 --- a/api/envoy/type/metadata/v3/metadata.proto +++ b/api/envoy/type/metadata/v3/metadata.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.metadata.v3"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata] diff --git a/api/envoy/type/percent.proto b/api/envoy/type/percent.proto index 1d1f9dd5df9ac..fc41a26662fe7 100644 --- a/api/envoy/type/percent.proto +++ b/api/envoy/type/percent.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "PercentProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Percent] diff --git a/api/envoy/type/range.proto b/api/envoy/type/range.proto index 2c12b80dc053b..79aaa81975c38 100644 --- a/api/envoy/type/range.proto +++ b/api/envoy/type/range.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "RangeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Range] diff --git a/api/envoy/type/semantic_version.proto b/api/envoy/type/semantic_version.proto index 96545149e1287..80fe016bfa161 100644 --- a/api/envoy/type/semantic_version.proto +++ b/api/envoy/type/semantic_version.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "SemanticVersionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Semantic Version] diff --git a/api/envoy/type/token_bucket.proto b/api/envoy/type/token_bucket.proto index cc654c8210080..41b6d268d5f6f 100644 --- a/api/envoy/type/token_bucket.proto +++ b/api/envoy/type/token_bucket.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "TokenBucketProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Token bucket] diff --git a/api/envoy/type/tracing/v2/custom_tag.proto b/api/envoy/type/tracing/v2/custom_tag.proto index 824816fe20338..7506ae8861254 100644 --- a/api/envoy/type/tracing/v2/custom_tag.proto +++ b/api/envoy/type/tracing/v2/custom_tag.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.tracing.v2"; option java_outer_classname = "CustomTagProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Custom Tag] diff --git a/api/envoy/type/tracing/v3/custom_tag.proto b/api/envoy/type/tracing/v3/custom_tag.proto index e6b1d2262bb98..42518ead59d13 100644 --- a/api/envoy/type/tracing/v3/custom_tag.proto +++ b/api/envoy/type/tracing/v3/custom_tag.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.tracing.v3"; option java_outer_classname = "CustomTagProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Custom Tag] diff --git a/api/envoy/type/v3/hash_policy.proto b/api/envoy/type/v3/hash_policy.proto index 29cf13613bdd3..96c39299698fc 100644 --- a/api/envoy/type/v3/hash_policy.proto +++ b/api/envoy/type/v3/hash_policy.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "HashPolicyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Hash Policy] diff --git a/api/envoy/type/v3/http.proto b/api/envoy/type/v3/http.proto index c0aae1d58fc32..fec15d11f871c 100644 --- a/api/envoy/type/v3/http.proto +++ b/api/envoy/type/v3/http.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP] diff --git a/api/envoy/type/v3/http_status.proto b/api/envoy/type/v3/http_status.proto index e12edafd8a3c9..8914b7a0264ae 100644 --- a/api/envoy/type/v3/http_status.proto +++ b/api/envoy/type/v3/http_status.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "HttpStatusProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP status codes] diff --git a/api/envoy/type/v3/percent.proto b/api/envoy/type/v3/percent.proto index 76976f295c759..3a89a3f44fd5f 100644 --- a/api/envoy/type/v3/percent.proto +++ b/api/envoy/type/v3/percent.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "PercentProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Percent] diff --git a/api/envoy/type/v3/range.proto b/api/envoy/type/v3/range.proto index f15ed2895e711..de1d55b09a214 100644 --- a/api/envoy/type/v3/range.proto +++ b/api/envoy/type/v3/range.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "RangeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Range] diff --git a/api/envoy/type/v3/semantic_version.proto b/api/envoy/type/v3/semantic_version.proto index 15df5d4e83866..a4126336f03ae 100644 --- a/api/envoy/type/v3/semantic_version.proto +++ b/api/envoy/type/v3/semantic_version.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "SemanticVersionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Semantic Version] diff --git a/api/envoy/type/v3/token_bucket.proto b/api/envoy/type/v3/token_bucket.proto index 13e42f774d83c..a96d50fbd0abc 100644 --- a/api/envoy/type/v3/token_bucket.proto +++ b/api/envoy/type/v3/token_bucket.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "TokenBucketProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Token bucket] diff --git a/api/versioning/BUILD b/api/versioning/BUILD index 4be7f581cbc72..3c7a036149784 100644 --- a/api/versioning/BUILD +++ b/api/versioning/BUILD @@ -4,10 +4,137 @@ licenses(["notice"]) # Apache 2 load("@rules_proto//proto:defs.bzl", "proto_library") -# This track active development versions of protos. +# This tracks active development versions of protos. proto_library( name = "active_protos", visibility = ["//visibility:public"], + deps = [ + "//envoy/admin/v3:pkg", + "//envoy/config/accesslog/v3:pkg", + "//envoy/config/bootstrap/v3:pkg", + "//envoy/config/cluster/v3:pkg", + "//envoy/config/core/v3:pkg", + "//envoy/config/endpoint/v3:pkg", + "//envoy/config/filter/thrift/router/v2alpha1:pkg", + "//envoy/config/filter/udp/udp_proxy/v2alpha:pkg", + "//envoy/config/grpc_credential/v3:pkg", + "//envoy/config/health_checker/redis/v2:pkg", + "//envoy/config/listener/v3:pkg", + "//envoy/config/metrics/v3:pkg", + "//envoy/config/overload/v3:pkg", + "//envoy/config/ratelimit/v3:pkg", + "//envoy/config/rbac/v3:pkg", + "//envoy/config/resource_monitor/fixed_heap/v2alpha:pkg", + "//envoy/config/resource_monitor/injected_resource/v2alpha:pkg", + "//envoy/config/retry/omit_canary_hosts/v2:pkg", + "//envoy/config/retry/previous_hosts/v2:pkg", + "//envoy/config/route/v3:pkg", + "//envoy/config/tap/v3:pkg", + "//envoy/config/trace/v3:pkg", + "//envoy/data/accesslog/v3:pkg", + "//envoy/data/cluster/v3:pkg", + "//envoy/data/core/v3:pkg", + "//envoy/data/dns/v3:pkg", + "//envoy/data/tap/v3:pkg", + "//envoy/extensions/access_loggers/file/v3:pkg", + "//envoy/extensions/access_loggers/grpc/v3:pkg", + "//envoy/extensions/clusters/aggregate/v3:pkg", + "//envoy/extensions/clusters/dynamic_forward_proxy/v3:pkg", + "//envoy/extensions/clusters/redis/v3:pkg", + "//envoy/extensions/common/dynamic_forward_proxy/v3:pkg", + "//envoy/extensions/common/ratelimit/v3:pkg", + "//envoy/extensions/common/tap/v3:pkg", + "//envoy/extensions/filter/udp/dns_filter/v3alpha:pkg", + "//envoy/extensions/filters/common/fault/v3:pkg", + "//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg", + "//envoy/extensions/filters/http/aws_lambda/v3:pkg", + "//envoy/extensions/filters/http/aws_request_signing/v3:pkg", + "//envoy/extensions/filters/http/buffer/v3:pkg", + "//envoy/extensions/filters/http/cache/v3alpha:pkg", + "//envoy/extensions/filters/http/compressor/v3:pkg", + "//envoy/extensions/filters/http/cors/v3:pkg", + "//envoy/extensions/filters/http/csrf/v3:pkg", + "//envoy/extensions/filters/http/dynamic_forward_proxy/v3:pkg", + "//envoy/extensions/filters/http/dynamo/v3:pkg", + "//envoy/extensions/filters/http/ext_authz/v3:pkg", + "//envoy/extensions/filters/http/fault/v3:pkg", + "//envoy/extensions/filters/http/grpc_http1_bridge/v3:pkg", + "//envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3:pkg", + "//envoy/extensions/filters/http/grpc_json_transcoder/v3:pkg", + "//envoy/extensions/filters/http/grpc_stats/v3:pkg", + "//envoy/extensions/filters/http/grpc_web/v3:pkg", + "//envoy/extensions/filters/http/gzip/v3:pkg", + "//envoy/extensions/filters/http/header_to_metadata/v3:pkg", + "//envoy/extensions/filters/http/health_check/v3:pkg", + "//envoy/extensions/filters/http/ip_tagging/v3:pkg", + "//envoy/extensions/filters/http/jwt_authn/v3:pkg", + "//envoy/extensions/filters/http/lua/v3:pkg", + "//envoy/extensions/filters/http/on_demand/v3:pkg", + "//envoy/extensions/filters/http/original_src/v3:pkg", + "//envoy/extensions/filters/http/ratelimit/v3:pkg", + "//envoy/extensions/filters/http/rbac/v3:pkg", + "//envoy/extensions/filters/http/router/v3:pkg", + "//envoy/extensions/filters/http/squash/v3:pkg", + "//envoy/extensions/filters/http/tap/v3:pkg", + "//envoy/extensions/filters/listener/http_inspector/v3:pkg", + "//envoy/extensions/filters/listener/original_dst/v3:pkg", + "//envoy/extensions/filters/listener/original_src/v3:pkg", + "//envoy/extensions/filters/listener/proxy_protocol/v3:pkg", + "//envoy/extensions/filters/listener/tls_inspector/v3:pkg", + "//envoy/extensions/filters/network/client_ssl_auth/v3:pkg", + "//envoy/extensions/filters/network/direct_response/v3:pkg", + "//envoy/extensions/filters/network/dubbo_proxy/router/v3:pkg", + "//envoy/extensions/filters/network/dubbo_proxy/v3:pkg", + "//envoy/extensions/filters/network/echo/v3:pkg", + "//envoy/extensions/filters/network/ext_authz/v3:pkg", + "//envoy/extensions/filters/network/http_connection_manager/v3:pkg", + "//envoy/extensions/filters/network/kafka_broker/v3:pkg", + "//envoy/extensions/filters/network/local_ratelimit/v3:pkg", + "//envoy/extensions/filters/network/mongo_proxy/v3:pkg", + "//envoy/extensions/filters/network/mysql_proxy/v3:pkg", + "//envoy/extensions/filters/network/ratelimit/v3:pkg", + "//envoy/extensions/filters/network/rbac/v3:pkg", + "//envoy/extensions/filters/network/redis_proxy/v3:pkg", + "//envoy/extensions/filters/network/sni_cluster/v3:pkg", + "//envoy/extensions/filters/network/tcp_proxy/v3:pkg", + "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg", + "//envoy/extensions/filters/network/thrift_proxy/v3:pkg", + "//envoy/extensions/filters/network/zookeeper_proxy/v3:pkg", + "//envoy/extensions/retry/host/omit_host_metadata/v3:pkg", + "//envoy/extensions/retry/priority/previous_priorities/v3:pkg", + "//envoy/extensions/transport_sockets/alts/v3:pkg", + "//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", + "//envoy/extensions/transport_sockets/tap/v3:pkg", + "//envoy/extensions/transport_sockets/tls/v3:pkg", + "//envoy/extensions/wasm/v3:pkg", + "//envoy/service/accesslog/v3:pkg", + "//envoy/service/auth/v3:pkg", + "//envoy/service/cluster/v3:pkg", + "//envoy/service/discovery/v3:pkg", + "//envoy/service/endpoint/v3:pkg", + "//envoy/service/event_reporting/v3:pkg", + "//envoy/service/health/v3:pkg", + "//envoy/service/listener/v3:pkg", + "//envoy/service/load_stats/v3:pkg", + "//envoy/service/metrics/v3:pkg", + "//envoy/service/ratelimit/v3:pkg", + "//envoy/service/route/v3:pkg", + "//envoy/service/runtime/v3:pkg", + "//envoy/service/secret/v3:pkg", + "//envoy/service/status/v3:pkg", + "//envoy/service/tap/v3:pkg", + "//envoy/service/trace/v3:pkg", + "//envoy/type/matcher/v3:pkg", + "//envoy/type/metadata/v3:pkg", + "//envoy/type/tracing/v3:pkg", + "//envoy/type/v3:pkg", + ], +) + +# This tracks frozen versions of protos. +proto_library( + name = "frozen_protos", + visibility = ["//visibility:public"], deps = [ "//envoy/admin/v2alpha:pkg", "//envoy/api/v2:pkg", @@ -81,21 +208,14 @@ proto_library( "//envoy/config/filter/network/thrift_proxy/v2alpha1:pkg", "//envoy/config/filter/network/zookeeper_proxy/v1alpha1:pkg", "//envoy/config/filter/thrift/rate_limit/v2alpha1:pkg", - "//envoy/config/filter/thrift/router/v2alpha1:pkg", "//envoy/config/filter/udp/dns_filter/v2alpha:pkg", - "//envoy/config/filter/udp/udp_proxy/v2alpha:pkg", "//envoy/config/grpc_credential/v2alpha:pkg", - "//envoy/config/health_checker/redis/v2:pkg", "//envoy/config/listener/v2:pkg", "//envoy/config/metrics/v2:pkg", "//envoy/config/overload/v2alpha:pkg", "//envoy/config/ratelimit/v2:pkg", "//envoy/config/rbac/v2:pkg", - "//envoy/config/resource_monitor/fixed_heap/v2alpha:pkg", - "//envoy/config/resource_monitor/injected_resource/v2alpha:pkg", - "//envoy/config/retry/omit_canary_hosts/v2:pkg", "//envoy/config/retry/omit_host_metadata/v2:pkg", - "//envoy/config/retry/previous_hosts/v2:pkg", "//envoy/config/retry/previous_priorities:pkg", "//envoy/config/trace/v2:pkg", "//envoy/config/trace/v2alpha:pkg", diff --git a/docs/root/intro/version_history.rst b/docs/root/intro/version_history.rst index d6d730f2a94ba..8dbbfb41e1ab6 100644 --- a/docs/root/intro/version_history.rst +++ b/docs/root/intro/version_history.rst @@ -12,6 +12,9 @@ Version history minimum. * admin: added support for displaying ip address subject alternate names in :ref:`certs` end point. * admin: added :http:post:`/reopen_logs` endpoint to control log rotation. +* api: froze v2 xDS API. New feature development in the API should occur in v3 xDS. While the v2 xDS API has + been deprecated since 1.13.0, it will continue to be supported by Envoy until EOY 2020. See + :ref:`api_supported_versions`. * aws_lambda: added :ref:`AWS Lambda filter ` that converts HTTP requests to Lambda invokes. This effectively makes Envoy act as an egress gateway to AWS Lambda. * aws_request_signing: a few fixes so that it works with S3. diff --git a/generated_api_shadow/bazel/repository_locations.bzl b/generated_api_shadow/bazel/repository_locations.bzl index 81bd250cb8f21..c275a8c658353 100644 --- a/generated_api_shadow/bazel/repository_locations.bzl +++ b/generated_api_shadow/bazel/repository_locations.bzl @@ -13,8 +13,8 @@ GOOGLEAPIS_SHA = "a45019af4d3290f02eaeb1ce10990166978c807cb33a9692141a076ba46d14 PROMETHEUS_GIT_SHA = "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c" # Nov 17, 2017 PROMETHEUS_SHA = "783bdaf8ee0464b35ec0c8704871e1e72afa0005c3f3587f65d9d6694bf3911b" -UDPA_GIT_SHA = "bae28a880fdbbb687d78823435febdba5fee651a" # Mar 24, 2020 -UDPA_SHA256 = "ce73a39be04e6ecdf8150580b9989bd6e16765887a96f3810b9105f18902fc6a" +UDPA_GIT_SHA = "e8cd3a4bb307e2c810cffff99f93e96e6d7fee85" # Mar 27, 2020 +UDPA_SHA256 = "1fd7857cb61daee7726fca8f4d55e4923774a8d00a53007a4093830dc0482685" ZIPKINAPI_RELEASE = "0.2.2" # Aug 23, 2019 ZIPKINAPI_SHA256 = "688c4fe170821dd589f36ec45aaadc03a618a40283bc1f97da8fa11686fc816b" diff --git a/generated_api_shadow/envoy/admin/v2alpha/certs.proto b/generated_api_shadow/envoy/admin/v2alpha/certs.proto index 00a5adc7c58ac..c7b568ca1e58a 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/certs.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/certs.proto @@ -9,7 +9,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "CertsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Certificates] diff --git a/generated_api_shadow/envoy/admin/v2alpha/clusters.proto b/generated_api_shadow/envoy/admin/v2alpha/clusters.proto index e082fe92a55a4..3b7ec029aa630 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/clusters.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/clusters.proto @@ -13,7 +13,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ClustersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Clusters] diff --git a/generated_api_shadow/envoy/admin/v2alpha/config_dump.proto b/generated_api_shadow/envoy/admin/v2alpha/config_dump.proto index 854ce17cc314b..833c015fb4749 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/config_dump.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/config_dump.proto @@ -12,7 +12,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ConfigDumpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: ConfigDump] diff --git a/generated_api_shadow/envoy/admin/v2alpha/listeners.proto b/generated_api_shadow/envoy/admin/v2alpha/listeners.proto index d580db7c14f38..ca7b736521d0d 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/listeners.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/listeners.proto @@ -9,7 +9,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ListenersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listeners] diff --git a/generated_api_shadow/envoy/admin/v2alpha/memory.proto b/generated_api_shadow/envoy/admin/v2alpha/memory.proto index 1e6182e4c4014..85fd2169d6d70 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/memory.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/memory.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "MemoryProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Memory] diff --git a/generated_api_shadow/envoy/admin/v2alpha/metrics.proto b/generated_api_shadow/envoy/admin/v2alpha/metrics.proto index 0ac42b01d871b..15ad219c13e58 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/metrics.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/metrics.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "MetricsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metrics] diff --git a/generated_api_shadow/envoy/admin/v2alpha/mutex_stats.proto b/generated_api_shadow/envoy/admin/v2alpha/mutex_stats.proto index a3ffa1e728b94..22c65f3de5a64 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/mutex_stats.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/mutex_stats.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "MutexStatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: MutexStats] diff --git a/generated_api_shadow/envoy/admin/v2alpha/server_info.proto b/generated_api_shadow/envoy/admin/v2alpha/server_info.proto index 3b471625569c0..b9db6bbc1e1fb 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/server_info.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/server_info.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "ServerInfoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Server State] diff --git a/generated_api_shadow/envoy/admin/v2alpha/tap.proto b/generated_api_shadow/envoy/admin/v2alpha/tap.proto index 7f3d905c44258..6335b4db62841 100644 --- a/generated_api_shadow/envoy/admin/v2alpha/tap.proto +++ b/generated_api_shadow/envoy/admin/v2alpha/tap.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.admin.v2alpha"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap] diff --git a/generated_api_shadow/envoy/admin/v3/certs.proto b/generated_api_shadow/envoy/admin/v3/certs.proto index bcaa64c5dc37f..158c8aead28f9 100644 --- a/generated_api_shadow/envoy/admin/v3/certs.proto +++ b/generated_api_shadow/envoy/admin/v3/certs.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "CertsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Certificates] diff --git a/generated_api_shadow/envoy/admin/v3/clusters.proto b/generated_api_shadow/envoy/admin/v3/clusters.proto index 7b6c616952667..fc05c8a10de23 100644 --- a/generated_api_shadow/envoy/admin/v3/clusters.proto +++ b/generated_api_shadow/envoy/admin/v3/clusters.proto @@ -14,7 +14,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ClustersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Clusters] diff --git a/generated_api_shadow/envoy/admin/v3/config_dump.proto b/generated_api_shadow/envoy/admin/v3/config_dump.proto index 0e23f5a525715..b3c3836a8cc00 100644 --- a/generated_api_shadow/envoy/admin/v3/config_dump.proto +++ b/generated_api_shadow/envoy/admin/v3/config_dump.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ConfigDumpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: ConfigDump] diff --git a/generated_api_shadow/envoy/admin/v3/listeners.proto b/generated_api_shadow/envoy/admin/v3/listeners.proto index 711410c460e92..6197a44e4243f 100644 --- a/generated_api_shadow/envoy/admin/v3/listeners.proto +++ b/generated_api_shadow/envoy/admin/v3/listeners.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ListenersProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listeners] diff --git a/generated_api_shadow/envoy/admin/v3/memory.proto b/generated_api_shadow/envoy/admin/v3/memory.proto index e69ae6b2157cf..bcf9f271748d8 100644 --- a/generated_api_shadow/envoy/admin/v3/memory.proto +++ b/generated_api_shadow/envoy/admin/v3/memory.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "MemoryProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Memory] diff --git a/generated_api_shadow/envoy/admin/v3/metrics.proto b/generated_api_shadow/envoy/admin/v3/metrics.proto index 37f0fe6c1641f..71592ac1e9ecf 100644 --- a/generated_api_shadow/envoy/admin/v3/metrics.proto +++ b/generated_api_shadow/envoy/admin/v3/metrics.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "MetricsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metrics] diff --git a/generated_api_shadow/envoy/admin/v3/mutex_stats.proto b/generated_api_shadow/envoy/admin/v3/mutex_stats.proto index b9d5fe1eab6a0..49965d87ae805 100644 --- a/generated_api_shadow/envoy/admin/v3/mutex_stats.proto +++ b/generated_api_shadow/envoy/admin/v3/mutex_stats.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "MutexStatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: MutexStats] diff --git a/generated_api_shadow/envoy/admin/v3/server_info.proto b/generated_api_shadow/envoy/admin/v3/server_info.proto index c8df2060c9965..d412a7f011de0 100644 --- a/generated_api_shadow/envoy/admin/v3/server_info.proto +++ b/generated_api_shadow/envoy/admin/v3/server_info.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "ServerInfoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Server State] @@ -137,13 +137,6 @@ message CommandLineOptions { // See :option:`--mode` for details. Mode mode = 19; - // max_stats and max_obj_name_len are now unused and have no effect. - uint64 hidden_envoy_deprecated_max_stats = 20 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - - uint64 hidden_envoy_deprecated_max_obj_name_len = 21 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // See :option:`--disable-hot-restart` for details. bool disable_hot_restart = 22; @@ -158,4 +151,10 @@ message CommandLineOptions { // See :option:`--disable-extensions` for details. repeated string disabled_extensions = 28; + + uint64 hidden_envoy_deprecated_max_stats = 20 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + + uint64 hidden_envoy_deprecated_max_obj_name_len = 21 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; } diff --git a/generated_api_shadow/envoy/admin/v3/tap.proto b/generated_api_shadow/envoy/admin/v3/tap.proto index 05f0dd636daa5..ca7ab4405a9be 100644 --- a/generated_api_shadow/envoy/admin/v3/tap.proto +++ b/generated_api_shadow/envoy/admin/v3/tap.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.admin.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap] diff --git a/generated_api_shadow/envoy/admin/v4alpha/BUILD b/generated_api_shadow/envoy/admin/v4alpha/BUILD new file mode 100644 index 0000000000000..6da5b60bad287 --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/BUILD @@ -0,0 +1,17 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/admin/v3:pkg", + "//envoy/annotations:pkg", + "//envoy/config/bootstrap/v4alpha:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/tap/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/admin/v4alpha/certs.proto b/generated_api_shadow/envoy/admin/v4alpha/certs.proto new file mode 100644 index 0000000000000..585b09bccf4cb --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/certs.proto @@ -0,0 +1,72 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "google/protobuf/timestamp.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "CertsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Certificates] + +// Proto representation of certificate details. Admin endpoint uses this wrapper for `/certs` to +// display certificate information. See :ref:`/certs ` for more +// information. +message Certificates { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Certificates"; + + // List of certificates known to an Envoy. + repeated Certificate certificates = 1; +} + +message Certificate { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Certificate"; + + // Details of CA certificate. + repeated CertificateDetails ca_cert = 1; + + // Details of Certificate Chain + repeated CertificateDetails cert_chain = 2; +} + +// [#next-free-field: 7] +message CertificateDetails { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.CertificateDetails"; + + // Path of the certificate. + string path = 1; + + // Certificate Serial Number. + string serial_number = 2; + + // List of Subject Alternate names. + repeated SubjectAlternateName subject_alt_names = 3; + + // Minimum of days until expiration of certificate and it's chain. + uint64 days_until_expiration = 4; + + // Indicates the time from which the certificate is valid. + google.protobuf.Timestamp valid_from = 5; + + // Indicates the time at which the certificate expires. + google.protobuf.Timestamp expiration_time = 6; +} + +message SubjectAlternateName { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.SubjectAlternateName"; + + // Subject Alternate Name. + oneof name { + string dns = 1; + + string uri = 2; + + string ip_address = 3; + } +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/clusters.proto b/generated_api_shadow/envoy/admin/v4alpha/clusters.proto new file mode 100644 index 0000000000000..9056262cae86a --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/clusters.proto @@ -0,0 +1,162 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/admin/v4alpha/metrics.proto"; +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/health_check.proto"; +import "envoy/type/v3/percent.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ClustersProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Clusters] + +// Admin endpoint uses this wrapper for `/clusters` to display cluster status information. +// See :ref:`/clusters ` for more information. +message Clusters { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Clusters"; + + // Mapping from cluster name to each cluster's status. + repeated ClusterStatus cluster_statuses = 1; +} + +// Details an individual cluster's current status. +// [#next-free-field: 6] +message ClusterStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ClusterStatus"; + + // Name of the cluster. + string name = 1; + + // Denotes whether this cluster was added via API or configured statically. + bool added_via_api = 2; + + // The success rate threshold used in the last interval. + // If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *false*, all errors: externally and locally generated were used to calculate the threshold. + // If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*, only externally generated errors were used to calculate the threshold. + // The threshold is used to eject hosts based on their success rate. See + // :ref:`Cluster outlier detection ` documentation for details. + // + // Note: this field may be omitted in any of the three following cases: + // + // 1. There were not enough hosts with enough request volume to proceed with success rate based + // outlier ejection. + // 2. The threshold is computed to be < 0 because a negative value implies that there was no + // threshold for that interval. + // 3. Outlier detection is not enabled for this cluster. + type.v3.Percent success_rate_ejection_threshold = 3; + + // Mapping from host address to the host's current status. + repeated HostStatus host_statuses = 4; + + // The success rate threshold used in the last interval when only locally originated failures were + // taken into account and externally originated errors were treated as success. + // This field should be interpreted only when + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*. The threshold is used to eject hosts based on their success rate. + // See :ref:`Cluster outlier detection ` documentation for + // details. + // + // Note: this field may be omitted in any of the three following cases: + // + // 1. There were not enough hosts with enough request volume to proceed with success rate based + // outlier ejection. + // 2. The threshold is computed to be < 0 because a negative value implies that there was no + // threshold for that interval. + // 3. Outlier detection is not enabled for this cluster. + type.v3.Percent local_origin_success_rate_ejection_threshold = 5; +} + +// Current state of a particular host. +// [#next-free-field: 10] +message HostStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.HostStatus"; + + // Address of this host. + config.core.v4alpha.Address address = 1; + + // List of stats specific to this host. + repeated SimpleMetric stats = 2; + + // The host's current health status. + HostHealthStatus health_status = 3; + + // Request success rate for this host over the last calculated interval. + // If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *false*, all errors: externally and locally generated were used in success rate + // calculation. If + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*, only externally generated errors were used in success rate calculation. + // See :ref:`Cluster outlier detection ` documentation for + // details. + // + // Note: the message will not be present if host did not have enough request volume to calculate + // success rate or the cluster did not have enough hosts to run through success rate outlier + // ejection. + type.v3.Percent success_rate = 4; + + // The host's weight. If not configured, the value defaults to 1. + uint32 weight = 5; + + // The hostname of the host, if applicable. + string hostname = 6; + + // The host's priority. If not configured, the value defaults to 0 (highest priority). + uint32 priority = 7; + + // Request success rate for this host over the last calculated + // interval when only locally originated errors are taken into account and externally originated + // errors were treated as success. + // This field should be interpreted only when + // :ref:`outlier_detection.split_external_local_origin_errors` + // is *true*. + // See :ref:`Cluster outlier detection ` documentation for + // details. + // + // Note: the message will not be present if host did not have enough request volume to calculate + // success rate or the cluster did not have enough hosts to run through success rate outlier + // ejection. + type.v3.Percent local_origin_success_rate = 8; + + // locality of the host. + config.core.v4alpha.Locality locality = 9; +} + +// Health status for a host. +// [#next-free-field: 7] +message HostHealthStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.HostHealthStatus"; + + // The host is currently failing active health checks. + bool failed_active_health_check = 1; + + // The host is currently considered an outlier and has been ejected. + bool failed_outlier_check = 2; + + // The host is currently being marked as degraded through active health checking. + bool failed_active_degraded_check = 4; + + // The host has been removed from service discovery, but is being stabilized due to active + // health checking. + bool pending_dynamic_removal = 5; + + // The host has not yet been health checked. + bool pending_active_hc = 6; + + // Health status as reported by EDS. Note: only HEALTHY and UNHEALTHY are currently supported + // here. + // [#comment:TODO(mrice32): pipe through remaining EDS health status possibilities.] + config.core.v4alpha.HealthStatus eds_health_status = 3; +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/config_dump.proto b/generated_api_shadow/envoy/admin/v4alpha/config_dump.proto new file mode 100644 index 0000000000000..02709a4145063 --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/config_dump.proto @@ -0,0 +1,342 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/config/bootstrap/v4alpha/bootstrap.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/timestamp.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ConfigDumpProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: ConfigDump] + +// The :ref:`/config_dump ` admin endpoint uses this wrapper +// message to maintain and serve arbitrary configuration information from any component in Envoy. +message ConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ConfigDump"; + + // This list is serialized and dumped in its entirety at the + // :ref:`/config_dump ` endpoint. + // + // The following configurations are currently supported and will be dumped in the order given + // below: + // + // * *bootstrap*: :ref:`BootstrapConfigDump ` + // * *clusters*: :ref:`ClustersConfigDump ` + // * *listeners*: :ref:`ListenersConfigDump ` + // * *routes*: :ref:`RoutesConfigDump ` + // + // You can filter output with the resource and mask query parameters. + // See :ref:`/config_dump?resource={} `, + // :ref:`/config_dump?mask={} `, + // or :ref:`/config_dump?resource={},mask={} + // ` for more information. + repeated google.protobuf.Any configs = 1; +} + +message UpdateFailureState { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.UpdateFailureState"; + + // What the component configuration would have been if the update had succeeded. + google.protobuf.Any failed_configuration = 1; + + // Time of the latest failed update attempt. + google.protobuf.Timestamp last_update_attempt = 2; + + // Details about the last failed update attempt. + string details = 3; +} + +// This message describes the bootstrap configuration that Envoy was started with. This includes +// any CLI overrides that were merged. Bootstrap configuration information can be used to recreate +// the static portions of an Envoy configuration by reusing the output as the bootstrap +// configuration for another Envoy. +message BootstrapConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.BootstrapConfigDump"; + + config.bootstrap.v4alpha.Bootstrap bootstrap = 1; + + // The timestamp when the BootstrapConfig was last updated. + google.protobuf.Timestamp last_updated = 2; +} + +// Envoy's listener manager fills this message with all currently known listeners. Listener +// configuration information can be used to recreate an Envoy configuration by populating all +// listeners as static listeners or by returning them in a LDS response. +message ListenersConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ListenersConfigDump"; + + // Describes a statically loaded listener. + message StaticListener { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ListenersConfigDump.StaticListener"; + + // The listener config. + google.protobuf.Any listener = 1; + + // The timestamp when the Listener was last successfully updated. + google.protobuf.Timestamp last_updated = 2; + } + + message DynamicListenerState { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ListenersConfigDump.DynamicListenerState"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time + // that the listener was loaded. In the future, discrete per-listener versions may be supported + // by the API. + string version_info = 1; + + // The listener config. + google.protobuf.Any listener = 2; + + // The timestamp when the Listener was last successfully updated. + google.protobuf.Timestamp last_updated = 3; + } + + // Describes a dynamically loaded listener via the LDS API. + // [#next-free-field: 6] + message DynamicListener { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ListenersConfigDump.DynamicListener"; + + // The name or unique id of this listener, pulled from the DynamicListenerState config. + string name = 1; + + // The listener state for any active listener by this name. + // These are listeners that are available to service data plane traffic. + DynamicListenerState active_state = 2; + + // The listener state for any warming listener by this name. + // These are listeners that are currently undergoing warming in preparation to service data + // plane traffic. Note that if attempting to recreate an Envoy configuration from a + // configuration dump, the warming listeners should generally be discarded. + DynamicListenerState warming_state = 3; + + // The listener state for any draining listener by this name. + // These are listeners that are currently undergoing draining in preparation to stop servicing + // data plane traffic. Note that if attempting to recreate an Envoy configuration from a + // configuration dump, the draining listeners should generally be discarded. + DynamicListenerState draining_state = 4; + + // Set if the last update failed, cleared after the next successful update. + UpdateFailureState error_state = 5; + } + + // This is the :ref:`version_info ` in the + // last processed LDS discovery response. If there are only static bootstrap listeners, this field + // will be "". + string version_info = 1; + + // The statically loaded listener configs. + repeated StaticListener static_listeners = 2; + + // State for any warming, active, or draining listeners. + repeated DynamicListener dynamic_listeners = 3; +} + +// Envoy's cluster manager fills this message with all currently known clusters. Cluster +// configuration information can be used to recreate an Envoy configuration by populating all +// clusters as static clusters or by returning them in a CDS response. +message ClustersConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ClustersConfigDump"; + + // Describes a statically loaded cluster. + message StaticCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ClustersConfigDump.StaticCluster"; + + // The cluster config. + google.protobuf.Any cluster = 1; + + // The timestamp when the Cluster was last updated. + google.protobuf.Timestamp last_updated = 2; + } + + // Describes a dynamically loaded cluster via the CDS API. + message DynamicCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ClustersConfigDump.DynamicCluster"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time + // that the cluster was loaded. In the future, discrete per-cluster versions may be supported by + // the API. + string version_info = 1; + + // The cluster config. + google.protobuf.Any cluster = 2; + + // The timestamp when the Cluster was last updated. + google.protobuf.Timestamp last_updated = 3; + } + + // This is the :ref:`version_info ` in the + // last processed CDS discovery response. If there are only static bootstrap clusters, this field + // will be "". + string version_info = 1; + + // The statically loaded cluster configs. + repeated StaticCluster static_clusters = 2; + + // The dynamically loaded active clusters. These are clusters that are available to service + // data plane traffic. + repeated DynamicCluster dynamic_active_clusters = 3; + + // The dynamically loaded warming clusters. These are clusters that are currently undergoing + // warming in preparation to service data plane traffic. Note that if attempting to recreate an + // Envoy configuration from a configuration dump, the warming clusters should generally be + // discarded. + repeated DynamicCluster dynamic_warming_clusters = 4; +} + +// Envoy's RDS implementation fills this message with all currently loaded routes, as described by +// their RouteConfiguration objects. Static routes that are either defined in the bootstrap configuration +// or defined inline while configuring listeners are separated from those configured dynamically via RDS. +// Route configuration information can be used to recreate an Envoy configuration by populating all routes +// as static routes or by returning them in RDS responses. +message RoutesConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.RoutesConfigDump"; + + message StaticRouteConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.RoutesConfigDump.StaticRouteConfig"; + + // The route config. + google.protobuf.Any route_config = 1; + + // The timestamp when the Route was last updated. + google.protobuf.Timestamp last_updated = 2; + } + + message DynamicRouteConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.RoutesConfigDump.DynamicRouteConfig"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time that + // the route configuration was loaded. + string version_info = 1; + + // The route config. + google.protobuf.Any route_config = 2; + + // The timestamp when the Route was last updated. + google.protobuf.Timestamp last_updated = 3; + } + + // The statically loaded route configs. + repeated StaticRouteConfig static_route_configs = 2; + + // The dynamically loaded route configs. + repeated DynamicRouteConfig dynamic_route_configs = 3; +} + +// Envoy's scoped RDS implementation fills this message with all currently loaded route +// configuration scopes (defined via ScopedRouteConfigurationsSet protos). This message lists both +// the scopes defined inline with the higher order object (i.e., the HttpConnectionManager) and the +// dynamically obtained scopes via the SRDS API. +message ScopedRoutesConfigDump { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ScopedRoutesConfigDump"; + + message InlineScopedRouteConfigs { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ScopedRoutesConfigDump.InlineScopedRouteConfigs"; + + // The name assigned to the scoped route configurations. + string name = 1; + + // The scoped route configurations. + repeated google.protobuf.Any scoped_route_configs = 2; + + // The timestamp when the scoped route config set was last updated. + google.protobuf.Timestamp last_updated = 3; + } + + message DynamicScopedRouteConfigs { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.ScopedRoutesConfigDump.DynamicScopedRouteConfigs"; + + // The name assigned to the scoped route configurations. + string name = 1; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time that + // the scoped routes configuration was loaded. + string version_info = 2; + + // The scoped route configurations. + repeated google.protobuf.Any scoped_route_configs = 3; + + // The timestamp when the scoped route config set was last updated. + google.protobuf.Timestamp last_updated = 4; + } + + // The statically loaded scoped route configs. + repeated InlineScopedRouteConfigs inline_scoped_route_configs = 1; + + // The dynamically loaded scoped route configs. + repeated DynamicScopedRouteConfigs dynamic_scoped_route_configs = 2; +} + +// Envoys SDS implementation fills this message with all secrets fetched dynamically via SDS. +message SecretsConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.SecretsConfigDump"; + + // DynamicSecret contains secret information fetched via SDS. + message DynamicSecret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.SecretsConfigDump.DynamicSecret"; + + // The name assigned to the secret. + string name = 1; + + // This is the per-resource version information. + string version_info = 2; + + // The timestamp when the secret was last updated. + google.protobuf.Timestamp last_updated = 3; + + // The actual secret information. + // Security sensitive information is redacted (replaced with "[redacted]") for + // private keys and passwords in TLS certificates. + google.protobuf.Any secret = 4; + } + + // StaticSecret specifies statically loaded secret in bootstrap. + message StaticSecret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v3.SecretsConfigDump.StaticSecret"; + + // The name assigned to the secret. + string name = 1; + + // The timestamp when the secret was last updated. + google.protobuf.Timestamp last_updated = 2; + + // The actual secret information. + // Security sensitive information is redacted (replaced with "[redacted]") for + // private keys and passwords in TLS certificates. + google.protobuf.Any secret = 3; + } + + // The statically loaded secrets. + repeated StaticSecret static_secrets = 1; + + // The dynamically loaded active secrets. These are secrets that are available to service + // clusters or listeners. + repeated DynamicSecret dynamic_active_secrets = 2; + + // The dynamically loaded warming secrets. These are secrets that are currently undergoing + // warming in preparation to service clusters or listeners. + repeated DynamicSecret dynamic_warming_secrets = 3; +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/listeners.proto b/generated_api_shadow/envoy/admin/v4alpha/listeners.proto new file mode 100644 index 0000000000000..89bdc4c5bbf8d --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/listeners.proto @@ -0,0 +1,36 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/config/core/v4alpha/address.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ListenersProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Listeners] + +// Admin endpoint uses this wrapper for `/listeners` to display listener status information. +// See :ref:`/listeners ` for more information. +message Listeners { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Listeners"; + + // List of listener statuses. + repeated ListenerStatus listener_statuses = 1; +} + +// Details an individual listener's current status. +message ListenerStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ListenerStatus"; + + // Name of the listener + string name = 1; + + // The actual local address that the listener is listening on. If a listener was configured + // to listen on port 0, then this address has the port that was allocated by the OS. + config.core.v4alpha.Address local_address = 2; +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/memory.proto b/generated_api_shadow/envoy/admin/v4alpha/memory.proto new file mode 100644 index 0000000000000..d2f0b57229ce8 --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/memory.proto @@ -0,0 +1,47 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "MemoryProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Memory] + +// Proto representation of the internal memory consumption of an Envoy instance. These represent +// values extracted from an internal TCMalloc instance. For more information, see the section of the +// docs entitled ["Generic Tcmalloc Status"](https://gperftools.github.io/gperftools/tcmalloc.html). +// [#next-free-field: 7] +message Memory { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.Memory"; + + // The number of bytes allocated by the heap for Envoy. This is an alias for + // `generic.current_allocated_bytes`. + uint64 allocated = 1; + + // The number of bytes reserved by the heap but not necessarily allocated. This is an alias for + // `generic.heap_size`. + uint64 heap_size = 2; + + // The number of bytes in free, unmapped pages in the page heap. These bytes always count towards + // virtual memory usage, and depending on the OS, typically do not count towards physical memory + // usage. This is an alias for `tcmalloc.pageheap_unmapped_bytes`. + uint64 pageheap_unmapped = 3; + + // The number of bytes in free, mapped pages in the page heap. These bytes always count towards + // virtual memory usage, and unless the underlying memory is swapped out by the OS, they also + // count towards physical memory usage. This is an alias for `tcmalloc.pageheap_free_bytes`. + uint64 pageheap_free = 4; + + // The amount of memory used by the TCMalloc thread caches (for small objects). This is an alias + // for `tcmalloc.current_total_thread_cache_bytes`. + uint64 total_thread_cache = 5; + + // The number of bytes of the physical memory usage by the allocator. This is an alias for + // `generic.total_physical_bytes`. + uint64 total_physical_bytes = 6; +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/metrics.proto b/generated_api_shadow/envoy/admin/v4alpha/metrics.proto new file mode 100644 index 0000000000000..78613320038b7 --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/metrics.proto @@ -0,0 +1,32 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "MetricsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Metrics] + +// Proto representation of an Envoy Counter or Gauge value. +message SimpleMetric { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.SimpleMetric"; + + enum Type { + COUNTER = 0; + GAUGE = 1; + } + + // Type of the metric represented. + Type type = 1; + + // Current metric value. + uint64 value = 2; + + // Name of the metric. + string name = 3; +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/mutex_stats.proto b/generated_api_shadow/envoy/admin/v4alpha/mutex_stats.proto new file mode 100644 index 0000000000000..6f9fcd548cc04 --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/mutex_stats.proto @@ -0,0 +1,33 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "MutexStatsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: MutexStats] + +// Proto representation of the statistics collected upon absl::Mutex contention, if Envoy is run +// under :option:`--enable-mutex-tracing`. For more information, see the `absl::Mutex` +// [docs](https://abseil.io/about/design/mutex#extra-features). +// +// *NB*: The wait cycles below are measured by `absl::base_internal::CycleClock`, and may not +// correspond to core clock frequency. For more information, see the `CycleClock` +// [docs](https://github.com/abseil/abseil-cpp/blob/master/absl/base/internal/cycleclock.h). +message MutexStats { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.MutexStats"; + + // The number of individual mutex contentions which have occurred since startup. + uint64 num_contentions = 1; + + // The length of the current contention wait cycle. + uint64 current_wait_cycles = 2; + + // The lifetime total of all contention wait cycles. + uint64 lifetime_wait_cycles = 3; +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/server_info.proto b/generated_api_shadow/envoy/admin/v4alpha/server_info.proto new file mode 100644 index 0000000000000..867a9255bc51f --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/server_info.proto @@ -0,0 +1,155 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "google/protobuf/duration.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "ServerInfoProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Server State] + +// Proto representation of the value returned by /server_info, containing +// server version/server status information. +// [#next-free-field: 7] +message ServerInfo { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.ServerInfo"; + + enum State { + // Server is live and serving traffic. + LIVE = 0; + + // Server is draining listeners in response to external health checks failing. + DRAINING = 1; + + // Server has not yet completed cluster manager initialization. + PRE_INITIALIZING = 2; + + // Server is running the cluster manager initialization callbacks (e.g., RDS). + INITIALIZING = 3; + } + + // Server version. + string version = 1; + + // State of the server. + State state = 2; + + // Uptime since current epoch was started. + google.protobuf.Duration uptime_current_epoch = 3; + + // Uptime since the start of the first epoch. + google.protobuf.Duration uptime_all_epochs = 4; + + // Hot restart version. + string hot_restart_version = 5; + + // Command line options the server is currently running with. + CommandLineOptions command_line_options = 6; +} + +// [#next-free-field: 29] +message CommandLineOptions { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.CommandLineOptions"; + + enum IpVersion { + v4 = 0; + v6 = 1; + } + + enum Mode { + // Validate configs and then serve traffic normally. + Serve = 0; + + // Validate configs and exit. + Validate = 1; + + // Completely load and initialize the config, and then exit without running the listener loop. + InitOnly = 2; + } + + reserved 12, 20, 21; + + reserved "max_stats", "max_obj_name_len"; + + // See :option:`--base-id` for details. + uint64 base_id = 1; + + // See :option:`--concurrency` for details. + uint32 concurrency = 2; + + // See :option:`--config-path` for details. + string config_path = 3; + + // See :option:`--config-yaml` for details. + string config_yaml = 4; + + // See :option:`--allow-unknown-static-fields` for details. + bool allow_unknown_static_fields = 5; + + // See :option:`--reject-unknown-dynamic-fields` for details. + bool reject_unknown_dynamic_fields = 26; + + // See :option:`--admin-address-path` for details. + string admin_address_path = 6; + + // See :option:`--local-address-ip-version` for details. + IpVersion local_address_ip_version = 7; + + // See :option:`--log-level` for details. + string log_level = 8; + + // See :option:`--component-log-level` for details. + string component_log_level = 9; + + // See :option:`--log-format` for details. + string log_format = 10; + + // See :option:`--log-format-escaped` for details. + bool log_format_escaped = 27; + + // See :option:`--log-path` for details. + string log_path = 11; + + // See :option:`--service-cluster` for details. + string service_cluster = 13; + + // See :option:`--service-node` for details. + string service_node = 14; + + // See :option:`--service-zone` for details. + string service_zone = 15; + + // See :option:`--file-flush-interval-msec` for details. + google.protobuf.Duration file_flush_interval = 16; + + // See :option:`--drain-time-s` for details. + google.protobuf.Duration drain_time = 17; + + // See :option:`--parent-shutdown-time-s` for details. + google.protobuf.Duration parent_shutdown_time = 18; + + // See :option:`--mode` for details. + Mode mode = 19; + + // See :option:`--disable-hot-restart` for details. + bool disable_hot_restart = 22; + + // See :option:`--enable-mutex-tracing` for details. + bool enable_mutex_tracing = 23; + + // See :option:`--restart-epoch` for details. + uint32 restart_epoch = 24; + + // See :option:`--cpuset-threads` for details. + bool cpuset_threads = 25; + + // See :option:`--disable-extensions` for details. + repeated string disabled_extensions = 28; +} diff --git a/generated_api_shadow/envoy/admin/v4alpha/tap.proto b/generated_api_shadow/envoy/admin/v4alpha/tap.proto new file mode 100644 index 0000000000000..c47b308d6ee6d --- /dev/null +++ b/generated_api_shadow/envoy/admin/v4alpha/tap.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.admin.v4alpha; + +import "envoy/config/tap/v3/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v4alpha"; +option java_outer_classname = "TapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tap] + +// The /tap admin request body that is used to configure an active tap session. +message TapRequest { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v3.TapRequest"; + + // The opaque configuration ID used to match the configuration to a loaded extension. + // A tap extension configures a similar opaque ID that is used to match. + string config_id = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The tap configuration to load. + config.tap.v3.TapConfig tap_config = 2 [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/api/v2/auth/cert.proto b/generated_api_shadow/envoy/api/v2/auth/cert.proto index 908b161399072..09c53b2520467 100644 --- a/generated_api_shadow/envoy/api/v2/auth/cert.proto +++ b/generated_api_shadow/envoy/api/v2/auth/cert.proto @@ -21,7 +21,7 @@ option java_outer_classname = "CertProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.tls.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common TLS configuration] diff --git a/generated_api_shadow/envoy/api/v2/cds.proto b/generated_api_shadow/envoy/api/v2/cds.proto index f6c73350bf286..0b657a0fa452b 100644 --- a/generated_api_shadow/envoy/api/v2/cds.proto +++ b/generated_api_shadow/envoy/api/v2/cds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "CdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: CDS] diff --git a/generated_api_shadow/envoy/api/v2/cluster.proto b/generated_api_shadow/envoy/api/v2/cluster.proto index 4d23765466f92..5de5c20df570d 100644 --- a/generated_api_shadow/envoy/api/v2/cluster.proto +++ b/generated_api_shadow/envoy/api/v2/cluster.proto @@ -28,7 +28,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Cluster configuration] diff --git a/generated_api_shadow/envoy/api/v2/cluster/circuit_breaker.proto b/generated_api_shadow/envoy/api/v2/cluster/circuit_breaker.proto index 0fb2385a5bcd8..510619b264296 100644 --- a/generated_api_shadow/envoy/api/v2/cluster/circuit_breaker.proto +++ b/generated_api_shadow/envoy/api/v2/cluster/circuit_breaker.proto @@ -17,7 +17,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; option ruby_package = "Envoy.Api.V2.ClusterNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Circuit breakers] diff --git a/generated_api_shadow/envoy/api/v2/cluster/filter.proto b/generated_api_shadow/envoy/api/v2/cluster/filter.proto index bd27332ea02c7..b87ad79d8f352 100644 --- a/generated_api_shadow/envoy/api/v2/cluster/filter.proto +++ b/generated_api_shadow/envoy/api/v2/cluster/filter.proto @@ -14,7 +14,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; option ruby_package = "Envoy.Api.V2.ClusterNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Upstream filters] // Upstream filters apply to the connections to the upstream cluster hosts. diff --git a/generated_api_shadow/envoy/api/v2/cluster/outlier_detection.proto b/generated_api_shadow/envoy/api/v2/cluster/outlier_detection.proto index 5bc51016be91b..6cf35e41ff153 100644 --- a/generated_api_shadow/envoy/api/v2/cluster/outlier_detection.proto +++ b/generated_api_shadow/envoy/api/v2/cluster/outlier_detection.proto @@ -15,7 +15,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; option ruby_package = "Envoy.Api.V2.ClusterNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Outlier detection] diff --git a/generated_api_shadow/envoy/api/v2/core/address.proto b/generated_api_shadow/envoy/api/v2/core/address.proto index f45b55bb2af7c..804da539583bb 100644 --- a/generated_api_shadow/envoy/api/v2/core/address.proto +++ b/generated_api_shadow/envoy/api/v2/core/address.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "AddressProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Network addresses] diff --git a/generated_api_shadow/envoy/api/v2/core/backoff.proto b/generated_api_shadow/envoy/api/v2/core/backoff.proto index 87704ae41e561..e45c71e39be8f 100644 --- a/generated_api_shadow/envoy/api/v2/core/backoff.proto +++ b/generated_api_shadow/envoy/api/v2/core/backoff.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "BackoffProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Backoff Strategy] diff --git a/generated_api_shadow/envoy/api/v2/core/base.proto b/generated_api_shadow/envoy/api/v2/core/base.proto index 55563046ef2aa..34adac56d5e6f 100644 --- a/generated_api_shadow/envoy/api/v2/core/base.proto +++ b/generated_api_shadow/envoy/api/v2/core/base.proto @@ -23,7 +23,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "BaseProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common types] diff --git a/generated_api_shadow/envoy/api/v2/core/config_source.proto b/generated_api_shadow/envoy/api/v2/core/config_source.proto index 2b1a6a7c78068..fa42a7aeec1ce 100644 --- a/generated_api_shadow/envoy/api/v2/core/config_source.proto +++ b/generated_api_shadow/envoy/api/v2/core/config_source.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "ConfigSourceProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Configuration sources] diff --git a/generated_api_shadow/envoy/api/v2/core/event_service_config.proto b/generated_api_shadow/envoy/api/v2/core/event_service_config.proto index 778cbbe14e5f5..f822f8c6b630d 100644 --- a/generated_api_shadow/envoy/api/v2/core/event_service_config.proto +++ b/generated_api_shadow/envoy/api/v2/core/event_service_config.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "EventServiceConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#not-implemented-hide:] // Configuration of the event reporting service endpoint. diff --git a/generated_api_shadow/envoy/api/v2/core/grpc_method_list.proto b/generated_api_shadow/envoy/api/v2/core/grpc_method_list.proto index 9728b2038e1ea..3d646484b359d 100644 --- a/generated_api_shadow/envoy/api/v2/core/grpc_method_list.proto +++ b/generated_api_shadow/envoy/api/v2/core/grpc_method_list.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "GrpcMethodListProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC method list] diff --git a/generated_api_shadow/envoy/api/v2/core/grpc_service.proto b/generated_api_shadow/envoy/api/v2/core/grpc_service.proto index 096b9c246342f..dd789644e1d71 100644 --- a/generated_api_shadow/envoy/api/v2/core/grpc_service.proto +++ b/generated_api_shadow/envoy/api/v2/core/grpc_service.proto @@ -18,7 +18,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "GrpcServiceProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC services] diff --git a/generated_api_shadow/envoy/api/v2/core/health_check.proto b/generated_api_shadow/envoy/api/v2/core/health_check.proto index 2da19e00802a6..bc4ae3e5c8666 100644 --- a/generated_api_shadow/envoy/api/v2/core/health_check.proto +++ b/generated_api_shadow/envoy/api/v2/core/health_check.proto @@ -22,7 +22,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health check] // * Health checking :ref:`architecture overview `. diff --git a/generated_api_shadow/envoy/api/v2/core/http_uri.proto b/generated_api_shadow/envoy/api/v2/core/http_uri.proto index 9b4bc42c0181e..cd1a0660e330a 100644 --- a/generated_api_shadow/envoy/api/v2/core/http_uri.proto +++ b/generated_api_shadow/envoy/api/v2/core/http_uri.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "HttpUriProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP Service URI ] diff --git a/generated_api_shadow/envoy/api/v2/core/protocol.proto b/generated_api_shadow/envoy/api/v2/core/protocol.proto index 6c3a76c1b9749..63a39d84a436a 100644 --- a/generated_api_shadow/envoy/api/v2/core/protocol.proto +++ b/generated_api_shadow/envoy/api/v2/core/protocol.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "ProtocolProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Protocol options] diff --git a/generated_api_shadow/envoy/api/v2/core/socket_option.proto b/generated_api_shadow/envoy/api/v2/core/socket_option.proto index eeb68faa08d99..39678ad1b8bc6 100644 --- a/generated_api_shadow/envoy/api/v2/core/socket_option.proto +++ b/generated_api_shadow/envoy/api/v2/core/socket_option.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.core"; option java_outer_classname = "SocketOptionProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Socket Option ] diff --git a/generated_api_shadow/envoy/api/v2/discovery.proto b/generated_api_shadow/envoy/api/v2/discovery.proto index 495319c703ff9..da2690f867fc3 100644 --- a/generated_api_shadow/envoy/api/v2/discovery.proto +++ b/generated_api_shadow/envoy/api/v2/discovery.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "DiscoveryProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.discovery.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common discovery API components] diff --git a/generated_api_shadow/envoy/api/v2/eds.proto b/generated_api_shadow/envoy/api/v2/eds.proto index 8ac51d1e519ec..b0d5c7c473702 100644 --- a/generated_api_shadow/envoy/api/v2/eds.proto +++ b/generated_api_shadow/envoy/api/v2/eds.proto @@ -20,7 +20,7 @@ option java_outer_classname = "EdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: EDS] // Endpoint discovery :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/api/v2/endpoint.proto b/generated_api_shadow/envoy/api/v2/endpoint.proto index 8645ca8b34eef..e233b0e7d34ea 100644 --- a/generated_api_shadow/envoy/api/v2/endpoint.proto +++ b/generated_api_shadow/envoy/api/v2/endpoint.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "EndpointProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Endpoint configuration] // Endpoint discovery :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/api/v2/endpoint/endpoint.proto b/generated_api_shadow/envoy/api/v2/endpoint/endpoint.proto index fc7d7434c337c..9724fd72818d5 100644 --- a/generated_api_shadow/envoy/api/v2/endpoint/endpoint.proto +++ b/generated_api_shadow/envoy/api/v2/endpoint/endpoint.proto @@ -9,4 +9,3 @@ import public "envoy/api/v2/endpoint/endpoint_components.proto"; option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; option java_outer_classname = "EndpointProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/generated_api_shadow/envoy/api/v2/endpoint/endpoint_components.proto b/generated_api_shadow/envoy/api/v2/endpoint/endpoint_components.proto index d030c8bab5b01..d7f209311697d 100644 --- a/generated_api_shadow/envoy/api/v2/endpoint/endpoint_components.proto +++ b/generated_api_shadow/envoy/api/v2/endpoint/endpoint_components.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; option java_outer_classname = "EndpointComponentsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Endpoints] diff --git a/generated_api_shadow/envoy/api/v2/endpoint/load_report.proto b/generated_api_shadow/envoy/api/v2/endpoint/load_report.proto index bafe846fca05a..928aed6102df8 100644 --- a/generated_api_shadow/envoy/api/v2/endpoint/load_report.proto +++ b/generated_api_shadow/envoy/api/v2/endpoint/load_report.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; option java_outer_classname = "LoadReportProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.endpoint.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // These are stats Envoy reports to GLB every so often. Report frequency is // defined by diff --git a/generated_api_shadow/envoy/api/v2/lds.proto b/generated_api_shadow/envoy/api/v2/lds.proto index 03723d9d07f7e..d1e528f2472d4 100644 --- a/generated_api_shadow/envoy/api/v2/lds.proto +++ b/generated_api_shadow/envoy/api/v2/lds.proto @@ -20,7 +20,7 @@ option java_outer_classname = "LdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listener] // Listener :ref:`configuration overview ` diff --git a/generated_api_shadow/envoy/api/v2/listener.proto b/generated_api_shadow/envoy/api/v2/listener.proto index 10f3d08209fc6..a93df10c3128d 100644 --- a/generated_api_shadow/envoy/api/v2/listener.proto +++ b/generated_api_shadow/envoy/api/v2/listener.proto @@ -22,7 +22,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "ListenerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listener configuration] // Listener :ref:`configuration overview ` diff --git a/generated_api_shadow/envoy/api/v2/listener/listener.proto b/generated_api_shadow/envoy/api/v2/listener/listener.proto index 2d68a46771519..671da24b0445f 100644 --- a/generated_api_shadow/envoy/api/v2/listener/listener.proto +++ b/generated_api_shadow/envoy/api/v2/listener/listener.proto @@ -11,4 +11,3 @@ option java_outer_classname = "ListenerProto"; option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/generated_api_shadow/envoy/api/v2/listener/listener_components.proto b/generated_api_shadow/envoy/api/v2/listener/listener_components.proto index 3acb5f1a3a443..fe449c63358a1 100644 --- a/generated_api_shadow/envoy/api/v2/listener/listener_components.proto +++ b/generated_api_shadow/envoy/api/v2/listener/listener_components.proto @@ -21,7 +21,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Listener components] // Listener :ref:`configuration overview ` diff --git a/generated_api_shadow/envoy/api/v2/listener/quic_config.proto b/generated_api_shadow/envoy/api/v2/listener/quic_config.proto index ccd2f1d116fa5..2a4616bb09c99 100644 --- a/generated_api_shadow/envoy/api/v2/listener/quic_config.proto +++ b/generated_api_shadow/envoy/api/v2/listener/quic_config.proto @@ -14,7 +14,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: QUIC listener Config] diff --git a/generated_api_shadow/envoy/api/v2/listener/udp_listener_config.proto b/generated_api_shadow/envoy/api/v2/listener/udp_listener_config.proto index a04906a61859b..d4d29531f3aaa 100644 --- a/generated_api_shadow/envoy/api/v2/listener/udp_listener_config.proto +++ b/generated_api_shadow/envoy/api/v2/listener/udp_listener_config.proto @@ -14,7 +14,7 @@ option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; option ruby_package = "Envoy.Api.V2.ListenerNS"; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: UDP Listener Config] // Listener :ref:`configuration overview ` diff --git a/generated_api_shadow/envoy/api/v2/ratelimit/ratelimit.proto b/generated_api_shadow/envoy/api/v2/ratelimit/ratelimit.proto index 0b052edb9301b..5ac72c69a6fbb 100644 --- a/generated_api_shadow/envoy/api/v2/ratelimit/ratelimit.proto +++ b/generated_api_shadow/envoy/api/v2/ratelimit/ratelimit.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.ratelimit"; option java_outer_classname = "RatelimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.common.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common rate limit components] diff --git a/generated_api_shadow/envoy/api/v2/rds.proto b/generated_api_shadow/envoy/api/v2/rds.proto index 015864af37163..fad73f1758406 100644 --- a/generated_api_shadow/envoy/api/v2/rds.proto +++ b/generated_api_shadow/envoy/api/v2/rds.proto @@ -19,7 +19,7 @@ option java_outer_classname = "RdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: RDS] diff --git a/generated_api_shadow/envoy/api/v2/route.proto b/generated_api_shadow/envoy/api/v2/route.proto index 864f8a9211246..549f134a7f439 100644 --- a/generated_api_shadow/envoy/api/v2/route.proto +++ b/generated_api_shadow/envoy/api/v2/route.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP route configuration] // * Routing :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/api/v2/route/route.proto b/generated_api_shadow/envoy/api/v2/route/route.proto index fe18bbeb28b39..92e44f1e19df2 100644 --- a/generated_api_shadow/envoy/api/v2/route/route.proto +++ b/generated_api_shadow/envoy/api/v2/route/route.proto @@ -9,4 +9,3 @@ import public "envoy/api/v2/route/route_components.proto"; option java_package = "io.envoyproxy.envoy.api.v2.route"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; diff --git a/generated_api_shadow/envoy/api/v2/route/route_components.proto b/generated_api_shadow/envoy/api/v2/route/route_components.proto index c4ccf2c8c9a18..c890134414e55 100644 --- a/generated_api_shadow/envoy/api/v2/route/route_components.proto +++ b/generated_api_shadow/envoy/api/v2/route/route_components.proto @@ -23,7 +23,7 @@ option java_package = "io.envoyproxy.envoy.api.v2.route"; option java_outer_classname = "RouteComponentsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP route components] // * Routing :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/api/v2/scoped_route.proto b/generated_api_shadow/envoy/api/v2/scoped_route.proto index 03130e1314233..0841bd08723c5 100644 --- a/generated_api_shadow/envoy/api/v2/scoped_route.proto +++ b/generated_api_shadow/envoy/api/v2/scoped_route.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.api.v2"; option java_outer_classname = "ScopedRouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP scoped routing configuration] // * Routing :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/api/v2/srds.proto b/generated_api_shadow/envoy/api/v2/srds.proto index e44fb6f3211fd..0edb99a1eccbb 100644 --- a/generated_api_shadow/envoy/api/v2/srds.proto +++ b/generated_api_shadow/envoy/api/v2/srds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "SrdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.route.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: SRDS] // * Routing :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/config/accesslog/v2/als.proto b/generated_api_shadow/envoy/config/accesslog/v2/als.proto index 864f44fac4317..5b4106af106ed 100644 --- a/generated_api_shadow/envoy/config/accesslog/v2/als.proto +++ b/generated_api_shadow/envoy/config/accesslog/v2/als.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.config.accesslog.v2"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.access_loggers.grpc.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/generated_api_shadow/envoy/config/accesslog/v2/file.proto b/generated_api_shadow/envoy/config/accesslog/v2/file.proto index a003f222ccb02..9b8671c81358e 100644 --- a/generated_api_shadow/envoy/config/accesslog/v2/file.proto +++ b/generated_api_shadow/envoy/config/accesslog/v2/file.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.accesslog.v2"; option java_outer_classname = "FileProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.access_loggers.file.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: File access log] // [#extension: envoy.access_loggers.file] diff --git a/generated_api_shadow/envoy/config/accesslog/v3/accesslog.proto b/generated_api_shadow/envoy/config/accesslog/v3/accesslog.proto index 265999a12bdd5..da29f198802f2 100644 --- a/generated_api_shadow/envoy/config/accesslog/v3/accesslog.proto +++ b/generated_api_shadow/envoy/config/accesslog/v3/accesslog.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.accesslog.v3"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common access log types] @@ -45,9 +45,9 @@ message AccessLog { // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig // ` oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 3 [deprecated = true]; - google.protobuf.Any typed_config = 4; + + google.protobuf.Struct hidden_envoy_deprecated_config = 3 [deprecated = true]; } } @@ -288,8 +288,8 @@ message ExtensionFilter { // Custom configuration that depends on the filter being instantiated. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/config/bootstrap/v2/bootstrap.proto b/generated_api_shadow/envoy/config/bootstrap/v2/bootstrap.proto index 09b6303e6b10f..2aea0e3780420 100644 --- a/generated_api_shadow/envoy/config/bootstrap/v2/bootstrap.proto +++ b/generated_api_shadow/envoy/config/bootstrap/v2/bootstrap.proto @@ -25,7 +25,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.bootstrap.v2"; option java_outer_classname = "BootstrapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Bootstrap] // This proto is supplied via the :option:`-c` CLI flag and acts as the root diff --git a/generated_api_shadow/envoy/config/bootstrap/v3/bootstrap.proto b/generated_api_shadow/envoy/config/bootstrap/v3/bootstrap.proto index 91121cad28f76..82c1566194dba 100644 --- a/generated_api_shadow/envoy/config/bootstrap/v3/bootstrap.proto +++ b/generated_api_shadow/envoy/config/bootstrap/v3/bootstrap.proto @@ -26,7 +26,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.bootstrap.v3"; option java_outer_classname = "BootstrapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Bootstrap] // This proto is supplied via the :option:`-c` CLI flag and acts as the root @@ -131,12 +131,6 @@ message Bootstrap { // tracing will be performed. trace.v3.Tracing tracing = 9; - // Configuration for the runtime configuration provider (deprecated). If not - // specified, a “null” provider will be used which will result in all defaults - // being used. - Runtime hidden_envoy_deprecated_runtime = 11 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // Configuration for the runtime configuration provider. If not // specified, a “null” provider will be used which will result in all defaults // being used. @@ -178,6 +172,9 @@ message Bootstrap { // :ref:`use_tcp_for_dns_lookups ` are // specified. bool use_tcp_for_dns_lookups = 20; + + Runtime hidden_envoy_deprecated_runtime = 11 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; } // Administration interface :ref:`operations documentation diff --git a/generated_api_shadow/envoy/config/bootstrap/v4alpha/BUILD b/generated_api_shadow/envoy/config/bootstrap/v4alpha/BUILD new file mode 100644 index 0000000000000..005603632b4c5 --- /dev/null +++ b/generated_api_shadow/envoy/config/bootstrap/v4alpha/BUILD @@ -0,0 +1,20 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/bootstrap/v3:pkg", + "//envoy/config/cluster/v4alpha:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/listener/v3:pkg", + "//envoy/config/metrics/v3:pkg", + "//envoy/config/overload/v3:pkg", + "//envoy/config/trace/v4alpha:pkg", + "//envoy/extensions/transport_sockets/tls/v4alpha:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/config/bootstrap/v4alpha/bootstrap.proto b/generated_api_shadow/envoy/config/bootstrap/v4alpha/bootstrap.proto new file mode 100644 index 0000000000000..ab670faad430b --- /dev/null +++ b/generated_api_shadow/envoy/config/bootstrap/v4alpha/bootstrap.proto @@ -0,0 +1,379 @@ +syntax = "proto3"; + +package envoy.config.bootstrap.v4alpha; + +import "envoy/config/cluster/v4alpha/cluster.proto"; +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/event_service_config.proto"; +import "envoy/config/core/v4alpha/socket_option.proto"; +import "envoy/config/listener/v3/listener.proto"; +import "envoy/config/metrics/v3/stats.proto"; +import "envoy/config/overload/v3/overload.proto"; +import "envoy/config/trace/v4alpha/trace.proto"; +import "envoy/extensions/transport_sockets/tls/v4alpha/cert.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.bootstrap.v4alpha"; +option java_outer_classname = "BootstrapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Bootstrap] +// This proto is supplied via the :option:`-c` CLI flag and acts as the root +// of the Envoy v2 configuration. See the :ref:`v2 configuration overview +// ` for more detail. + +// Bootstrap :ref:`configuration overview `. +// [#next-free-field: 21] +message Bootstrap { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.Bootstrap"; + + message StaticResources { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.Bootstrap.StaticResources"; + + // Static :ref:`Listeners `. These listeners are + // available regardless of LDS configuration. + repeated listener.v3.Listener listeners = 1; + + // If a network based configuration source is specified for :ref:`cds_config + // `, it's necessary + // to have some initial cluster definitions available to allow Envoy to know + // how to speak to the management server. These cluster definitions may not + // use :ref:`EDS ` (i.e. they should be static + // IP or DNS-based). + repeated cluster.v4alpha.Cluster clusters = 2; + + // These static secrets can be used by :ref:`SdsSecretConfig + // ` + repeated envoy.extensions.transport_sockets.tls.v4alpha.Secret secrets = 3; + } + + message DynamicResources { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.Bootstrap.DynamicResources"; + + reserved 4; + + // All :ref:`Listeners ` are provided by a single + // :ref:`LDS ` configuration source. + core.v4alpha.ConfigSource lds_config = 1; + + // All post-bootstrap :ref:`Cluster ` definitions are + // provided by a single :ref:`CDS ` + // configuration source. + core.v4alpha.ConfigSource cds_config = 2; + + // A single :ref:`ADS ` source may be optionally + // specified. This must have :ref:`api_type + // ` :ref:`GRPC + // `. Only + // :ref:`ConfigSources ` that have + // the :ref:`ads ` field set will be + // streamed on the ADS channel. + core.v4alpha.ApiConfigSource ads_config = 3; + } + + reserved 10, 11; + + reserved "runtime"; + + // Node identity to present to the management server and for instance + // identification purposes (e.g. in generated headers). + core.v4alpha.Node node = 1; + + // Statically specified resources. + StaticResources static_resources = 2; + + // xDS configuration sources. + DynamicResources dynamic_resources = 3; + + // Configuration for the cluster manager which owns all upstream clusters + // within the server. + ClusterManager cluster_manager = 4; + + // Health discovery service config option. + // (:ref:`core.ApiConfigSource `) + core.v4alpha.ApiConfigSource hds_config = 14; + + // Optional file system path to search for startup flag files. + string flags_path = 5; + + // Optional set of stats sinks. + repeated metrics.v3.StatsSink stats_sinks = 6; + + // Configuration for internal processing of stats. + metrics.v3.StatsConfig stats_config = 13; + + // Optional duration between flushes to configured stats sinks. For + // performance reasons Envoy latches counters and only flushes counters and + // gauges at a periodic interval. If not specified the default is 5000ms (5 + // seconds). + // Duration must be at least 1ms and at most 5 min. + google.protobuf.Duration stats_flush_interval = 7 [(validate.rules).duration = { + lt {seconds: 300} + gte {nanos: 1000000} + }]; + + // Optional watchdog configuration. + Watchdog watchdog = 8; + + // Configuration for an external tracing provider. If not specified, no + // tracing will be performed. + trace.v4alpha.Tracing tracing = 9; + + // Configuration for the runtime configuration provider. If not + // specified, a “null” provider will be used which will result in all defaults + // being used. + LayeredRuntime layered_runtime = 17; + + // Configuration for the local administration HTTP server. + Admin admin = 12; + + // Optional overload manager configuration. + overload.v3.OverloadManager overload_manager = 15; + + // Enable :ref:`stats for event dispatcher `, defaults to false. + // Note that this records a value for each iteration of the event loop on every thread. This + // should normally be minimal overhead, but when using + // :ref:`statsd `, it will send each observed value + // over the wire individually because the statsd protocol doesn't have any way to represent a + // histogram summary. Be aware that this can be a very large volume of data. + bool enable_dispatcher_stats = 16; + + // Optional string which will be used in lieu of x-envoy in prefixing headers. + // + // For example, if this string is present and set to X-Foo, then x-envoy-retry-on will be + // transformed into x-foo-retry-on etc. + // + // Note this applies to the headers Envoy will generate, the headers Envoy will sanitize, and the + // headers Envoy will trust for core code and core extensions only. Be VERY careful making + // changes to this string, especially in multi-layer Envoy deployments or deployments using + // extensions which are not upstream. + string header_prefix = 18; + + // Optional proxy version which will be used to set the value of :ref:`server.version statistic + // ` if specified. Envoy will not process this value, it will be sent as is to + // :ref:`stats sinks `. + google.protobuf.UInt64Value stats_server_version_override = 19; + + // Always use TCP queries instead of UDP queries for DNS lookups. + // This may be overridden on a per-cluster basis in cds_config, + // when :ref:`dns_resolvers ` and + // :ref:`use_tcp_for_dns_lookups ` are + // specified. + bool use_tcp_for_dns_lookups = 20; +} + +// Administration interface :ref:`operations documentation +// `. +message Admin { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Admin"; + + // The path to write the access log for the administration server. If no + // access log is desired specify ‘/dev/null’. This is only required if + // :ref:`address ` is set. + string access_log_path = 1; + + // The cpu profiler output path for the administration server. If no profile + // path is specified, the default is ‘/var/log/envoy/envoy.prof’. + string profile_path = 2; + + // The TCP address that the administration server will listen on. + // If not specified, Envoy will not start an administration server. + core.v4alpha.Address address = 3; + + // Additional socket options that may not be present in Envoy source code or + // precompiled binaries. + repeated core.v4alpha.SocketOption socket_options = 4; +} + +// Cluster manager :ref:`architecture overview `. +message ClusterManager { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.ClusterManager"; + + message OutlierDetection { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.ClusterManager.OutlierDetection"; + + // Specifies the path to the outlier event log. + string event_log_path = 1; + + // [#not-implemented-hide:] + // The gRPC service for the outlier detection event service. + // If empty, outlier detection events won't be sent to a remote endpoint. + core.v4alpha.EventServiceConfig event_service = 2; + } + + // Name of the local cluster (i.e., the cluster that owns the Envoy running + // this configuration). In order to enable :ref:`zone aware routing + // ` this option must be set. + // If *local_cluster_name* is defined then :ref:`clusters + // ` must be defined in the :ref:`Bootstrap + // static cluster resources + // `. This is unrelated to + // the :option:`--service-cluster` option which does not `affect zone aware + // routing `_. + string local_cluster_name = 1; + + // Optional global configuration for outlier detection. + OutlierDetection outlier_detection = 2; + + // Optional configuration used to bind newly established upstream connections. + // This may be overridden on a per-cluster basis by upstream_bind_config in the cds_config. + core.v4alpha.BindConfig upstream_bind_config = 3; + + // A management server endpoint to stream load stats to via + // *StreamLoadStats*. This must have :ref:`api_type + // ` :ref:`GRPC + // `. + core.v4alpha.ApiConfigSource load_stats_config = 4; +} + +// Envoy process watchdog configuration. When configured, this monitors for +// nonresponsive threads and kills the process after the configured thresholds. +// See the :ref:`watchdog documentation ` for more information. +message Watchdog { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Watchdog"; + + // The duration after which Envoy counts a nonresponsive thread in the + // *watchdog_miss* statistic. If not specified the default is 200ms. + google.protobuf.Duration miss_timeout = 1; + + // The duration after which Envoy counts a nonresponsive thread in the + // *watchdog_mega_miss* statistic. If not specified the default is + // 1000ms. + google.protobuf.Duration megamiss_timeout = 2; + + // If a watched thread has been nonresponsive for this duration, assume a + // programming error and kill the entire Envoy process. Set to 0 to disable + // kill behavior. If not specified the default is 0 (disabled). + google.protobuf.Duration kill_timeout = 3; + + // If at least two watched threads have been nonresponsive for at least this + // duration assume a true deadlock and kill the entire Envoy process. Set to 0 + // to disable this behavior. If not specified the default is 0 (disabled). + google.protobuf.Duration multikill_timeout = 4; +} + +// Runtime :ref:`configuration overview ` (deprecated). +message Runtime { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v3.Runtime"; + + // The implementation assumes that the file system tree is accessed via a + // symbolic link. An atomic link swap is used when a new tree should be + // switched to. This parameter specifies the path to the symbolic link. Envoy + // will watch the location for changes and reload the file system tree when + // they happen. If this parameter is not set, there will be no disk based + // runtime. + string symlink_root = 1; + + // Specifies the subdirectory to load within the root directory. This is + // useful if multiple systems share the same delivery mechanism. Envoy + // configuration elements can be contained in a dedicated subdirectory. + string subdirectory = 2; + + // Specifies an optional subdirectory to load within the root directory. If + // specified and the directory exists, configuration values within this + // directory will override those found in the primary subdirectory. This is + // useful when Envoy is deployed across many different types of servers. + // Sometimes it is useful to have a per service cluster directory for runtime + // configuration. See below for exactly how the override directory is used. + string override_subdirectory = 3; + + // Static base runtime. This will be :ref:`overridden + // ` by other runtime layers, e.g. + // disk or admin. This follows the :ref:`runtime protobuf JSON representation + // encoding `. + google.protobuf.Struct base = 4; +} + +// [#next-free-field: 6] +message RuntimeLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer"; + + // :ref:`Disk runtime ` layer. + message DiskLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer.DiskLayer"; + + // The implementation assumes that the file system tree is accessed via a + // symbolic link. An atomic link swap is used when a new tree should be + // switched to. This parameter specifies the path to the symbolic link. + // Envoy will watch the location for changes and reload the file system tree + // when they happen. See documentation on runtime :ref:`atomicity + // ` for further details on how reloads are + // treated. + string symlink_root = 1; + + // Specifies the subdirectory to load within the root directory. This is + // useful if multiple systems share the same delivery mechanism. Envoy + // configuration elements can be contained in a dedicated subdirectory. + string subdirectory = 3; + + // :ref:`Append ` the + // service cluster to the path under symlink root. + bool append_service_cluster = 2; + } + + // :ref:`Admin console runtime ` layer. + message AdminLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer.AdminLayer"; + } + + // :ref:`Runtime Discovery Service (RTDS) ` layer. + message RtdsLayer { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.RuntimeLayer.RtdsLayer"; + + // Resource to subscribe to at *rtds_config* for the RTDS layer. + string name = 1; + + // RTDS configuration source. + core.v4alpha.ConfigSource rtds_config = 2; + } + + // Descriptive name for the runtime layer. This is only used for the runtime + // :http:get:`/runtime` output. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + oneof layer_specifier { + option (validate.required) = true; + + // :ref:`Static runtime ` layer. + // This follows the :ref:`runtime protobuf JSON representation encoding + // `. Unlike static xDS resources, this static + // layer is overridable by later layers in the runtime virtual filesystem. + google.protobuf.Struct static_layer = 2; + + DiskLayer disk_layer = 3; + + AdminLayer admin_layer = 4; + + RtdsLayer rtds_layer = 5; + } +} + +// Runtime :ref:`configuration overview `. +message LayeredRuntime { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.bootstrap.v3.LayeredRuntime"; + + // The :ref:`layers ` of the runtime. This is ordered + // such that later layers in the list overlay earlier entries. + repeated RuntimeLayer layers = 1; +} diff --git a/generated_api_shadow/envoy/config/cluster/aggregate/v2alpha/cluster.proto b/generated_api_shadow/envoy/config/cluster/aggregate/v2alpha/cluster.proto index e050bff1a699b..a0fdadd75724c 100644 --- a/generated_api_shadow/envoy/config/cluster/aggregate/v2alpha/cluster.proto +++ b/generated_api_shadow/envoy/config/cluster/aggregate/v2alpha/cluster.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.config.cluster.aggregate.v2alpha"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.clusters.aggregate.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Aggregate cluster configuration] diff --git a/generated_api_shadow/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto b/generated_api_shadow/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto index 7c8c56083bf34..33f5ffe057e3a 100644 --- a/generated_api_shadow/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto +++ b/generated_api_shadow/envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto @@ -13,7 +13,7 @@ option java_outer_classname = "ClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.clusters.dynamic_forward_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamic forward proxy cluster configuration] diff --git a/generated_api_shadow/envoy/config/cluster/redis/redis_cluster.proto b/generated_api_shadow/envoy/config/cluster/redis/redis_cluster.proto index e6652d51d7a6a..b1872501e8eb2 100644 --- a/generated_api_shadow/envoy/config/cluster/redis/redis_cluster.proto +++ b/generated_api_shadow/envoy/config/cluster/redis/redis_cluster.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.redis"; option java_outer_classname = "RedisClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Redis Cluster Configuration] // This cluster adds support for `Redis Cluster `_, as part diff --git a/generated_api_shadow/envoy/config/cluster/v3/circuit_breaker.proto b/generated_api_shadow/envoy/config/cluster/v3/circuit_breaker.proto index 1661501c5861a..96e69701cda21 100644 --- a/generated_api_shadow/envoy/config/cluster/v3/circuit_breaker.proto +++ b/generated_api_shadow/envoy/config/cluster/v3/circuit_breaker.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "CircuitBreakerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Circuit breakers] diff --git a/generated_api_shadow/envoy/config/cluster/v3/cluster.proto b/generated_api_shadow/envoy/config/cluster/v3/cluster.proto index 532a5286324dc..e8e451de8e6b7 100644 --- a/generated_api_shadow/envoy/config/cluster/v3/cluster.proto +++ b/generated_api_shadow/envoy/config/cluster/v3/cluster.proto @@ -27,7 +27,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Cluster configuration] @@ -86,17 +86,6 @@ message Cluster { // for an explanation. RANDOM = 3; - // Refer to the :ref:`original destination load balancing - // policy` - // for an explanation. - // - // .. attention:: - // - // **This load balancing policy is deprecated**. Use CLUSTER_PROVIDED instead. - // - hidden_envoy_deprecated_ORIGINAL_DST_LB = 4 - [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true]; - // Refer to the :ref:`Maglev load balancing policy` // for an explanation. MAGLEV = 5; @@ -112,6 +101,9 @@ message Cluster { // and instead using the new load_balancing_policy field as the one and only mechanism for // configuring this.] LOAD_BALANCING_POLICY_CONFIG = 7; + + hidden_envoy_deprecated_ORIGINAL_DST_LB = 4 + [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true]; } // When V4_ONLY is selected, the DNS resolver will only perform a lookup for @@ -438,11 +430,9 @@ message Cluster { // The specified percent will be truncated to the nearest 1%. type.v3.Percent healthy_panic_threshold = 1; - oneof locality_config_specifier { - ZoneAwareLbConfig zone_aware_lb_config = 2; + google.protobuf.Duration update_merge_window = 4; - LocalityWeightedLbConfig locality_weighted_lb_config = 3; - } + bool ignore_new_hosts_until_first_hc = 5; // If set, all health check/weight/metadata updates that happen within this duration will be // merged and delivered in one shot when the duration expires. The start of the duration is when @@ -458,7 +448,7 @@ message Cluster { // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is // because merging those updates isn't currently safe. See // https://github.com/envoyproxy/envoy/pull/3941. - google.protobuf.Duration update_merge_window = 4; + bool close_connections_on_host_set_change = 6; // If set to true, Envoy will not consider new hosts when computing load balancing weights until // they have been health checked for the first time. This will have no effect unless @@ -479,14 +469,16 @@ message Cluster { // // If panic mode is triggered, new hosts are still eligible for traffic; they simply do not // contribute to the calculation when deciding whether panic mode is enabled or not. - bool ignore_new_hosts_until_first_hc = 5; + ConsistentHashingLbConfig consistent_hashing_lb_config = 7; - // If set to `true`, the cluster manager will drain all existing - // connections to upstream hosts whenever hosts are added or removed from the cluster. - bool close_connections_on_host_set_change = 6; + oneof locality_config_specifier { + // If set to `true`, the cluster manager will drain all existing + // connections to upstream hosts whenever hosts are added or removed from the cluster. + ZoneAwareLbConfig zone_aware_lb_config = 2; - //Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) - ConsistentHashingLbConfig consistent_hashing_lb_config = 7; + //Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) + LocalityWeightedLbConfig locality_weighted_lb_config = 3; + } } message RefreshRate { @@ -569,41 +561,26 @@ message Cluster { // `. string alt_stat_name = 28; - oneof cluster_discovery_type { - // The :ref:`service discovery type ` - // to use for resolving the cluster. - DiscoveryType type = 2 [(validate.rules).enum = {defined_only: true}]; + // The :ref:`service discovery type ` + // to use for resolving the cluster. + EdsClusterConfig eds_cluster_config = 3; - // The custom cluster type. - CustomClusterType cluster_type = 38; - } + // The custom cluster type. + google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}]; // Configuration to use for EDS updates for the Cluster. - EdsClusterConfig eds_cluster_config = 3; + google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5; // The timeout for new network connections to hosts in the cluster. - google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}]; + LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}]; // Soft limit on size of the cluster’s connections read and write buffers. If // unspecified, an implementation defined default is applied (1MiB). - google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5; + endpoint.v3.ClusterLoadAssignment load_assignment = 33; // The :ref:`load balancer type ` to use // when picking a host in the cluster. - LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}]; - - // If the service discovery type is - // :ref:`STATIC`, - // :ref:`STRICT_DNS` - // or :ref:`LOGICAL_DNS`, - // then hosts is required. - // - // .. attention:: - // - // **This field is deprecated**. Set the - // :ref:`load_assignment` field instead. - // - repeated core.v3.Address hidden_envoy_deprecated_hosts = 7 [deprecated = true]; + repeated core.v3.HealthCheck health_checks = 8; // Setting this is required for specifying members of // :ref:`STATIC`, @@ -616,42 +593,33 @@ message Cluster { // Setting this allows non-EDS cluster types to contain embedded EDS equivalent // :ref:`endpoint assignments`. // - endpoint.v3.ClusterLoadAssignment load_assignment = 33; + google.protobuf.UInt32Value max_requests_per_connection = 9; // Optional :ref:`active health checking ` // configuration for the cluster. If no // configuration is specified no health checking will be done and all cluster // members will be considered healthy at all times. - repeated core.v3.HealthCheck health_checks = 8; + CircuitBreakers circuit_breakers = 10; // Optional maximum requests for a single upstream connection. This parameter // is respected by both the HTTP/1.1 and HTTP/2 connection pool // implementations. If not specified, there is no limit. Setting this // parameter to 1 will effectively disable keep alive. - google.protobuf.UInt32Value max_requests_per_connection = 9; + core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46; // Optional :ref:`circuit breaking ` for the cluster. - CircuitBreakers circuit_breakers = 10; - - // The TLS configuration for connections to the upstream cluster. - // - // .. attention:: - // - // **This field is deprecated**. Use `transport_socket` with name `tls` instead. If both are - // set, `transport_socket` takes priority. - envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext hidden_envoy_deprecated_tls_context = - 11 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + core.v3.HttpProtocolOptions common_http_protocol_options = 29; // HTTP protocol options that are applied only to upstream HTTP connections. // These options apply to all HTTP versions. - core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46; + core.v3.Http1ProtocolOptions http_protocol_options = 13; // Additional options when handling HTTP requests upstream. These options will be applicable to // both HTTP1 and HTTP2 requests. - core.v3.HttpProtocolOptions common_http_protocol_options = 29; + core.v3.Http2ProtocolOptions http2_protocol_options = 14; // Additional options when handling HTTP1 requests. - core.v3.Http1ProtocolOptions http_protocol_options = 13; + map typed_extension_protocol_options = 36; // Even if default HTTP2 protocol options are desired, this field must be // set so that Envoy will assume that the upstream supports HTTP/2 when @@ -659,20 +627,14 @@ message Cluster { // supports prior knowledge for upstream connections. Even if TLS is used // with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2 // connections to happen over plain text. - core.v3.Http2ProtocolOptions http2_protocol_options = 14; - - // The extension_protocol_options field is used to provide extension-specific protocol options - // for upstream connections. The key should match the extension filter name, such as - // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on - // specific options. - map hidden_envoy_deprecated_extension_protocol_options = 35 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + google.protobuf.Duration dns_refresh_rate = 16 + [(validate.rules).duration = {gt {nanos: 1000000}}]; // The extension_protocol_options field is used to provide extension-specific protocol options // for upstream connections. The key should match the extension filter name, such as // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on // specific options. - map typed_extension_protocol_options = 36; + RefreshRate dns_failure_refresh_rate = 44; // If the DNS refresh rate is specified and the cluster type is either // :ref:`STRICT_DNS`, @@ -683,8 +645,7 @@ message Cluster { // :ref:`STRICT_DNS` // and :ref:`LOGICAL_DNS` // this setting is ignored. - google.protobuf.Duration dns_refresh_rate = 16 - [(validate.rules).duration = {gt {nanos: 1000000}}]; + bool respect_dns_ttl = 39; // If the DNS failure refresh rate is specified and the cluster type is either // :ref:`STRICT_DNS`, @@ -694,17 +655,17 @@ message Cluster { // other than :ref:`STRICT_DNS` and // :ref:`LOGICAL_DNS` this setting is // ignored. - RefreshRate dns_failure_refresh_rate = 44; + DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}]; // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true, // cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS // resolution. - bool respect_dns_ttl = 39; + repeated core.v3.Address dns_resolvers = 18; // The DNS IP address resolution policy. If this setting is not specified, the // value defaults to // :ref:`AUTO`. - DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}]; + bool use_tcp_for_dns_lookups = 45; // If DNS resolvers are specified and the cluster type is either // :ref:`STRICT_DNS`, @@ -716,16 +677,16 @@ message Cluster { // :ref:`STRICT_DNS` // and :ref:`LOGICAL_DNS` // this setting is ignored. - repeated core.v3.Address dns_resolvers = 18; + OutlierDetection outlier_detection = 19; // [#next-major-version: Reconcile DNS options in a single message.] // Always use TCP queries instead of UDP queries for DNS lookups. - bool use_tcp_for_dns_lookups = 45; + google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}]; // If specified, outlier detection will be enabled for this upstream cluster. // Each of the configuration values can be overridden via // :ref:`runtime values `. - OutlierDetection outlier_detection = 19; + core.v3.BindConfig upstream_bind_config = 21; // The interval for removing stale hosts from a cluster type // :ref:`ORIGINAL_DST`. @@ -740,56 +701,47 @@ message Cluster { // value defaults to 5000ms. For cluster types other than // :ref:`ORIGINAL_DST` // this setting is ignored. - google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}]; + LbSubsetConfig lb_subset_config = 22; // Optional configuration used to bind newly established upstream connections. // This overrides any bind_config specified in the bootstrap proto. // If the address and port are empty, no bind will be performed. - core.v3.BindConfig upstream_bind_config = 21; + CommonLbConfig common_lb_config = 27; // Configuration for load balancing subsetting. - LbSubsetConfig lb_subset_config = 22; + core.v3.TransportSocket transport_socket = 24; - // Optional configuration for the load balancing algorithm selected by - // LbPolicy. Currently only - // :ref:`RING_HASH` and - // :ref:`LEAST_REQUEST` - // has additional configuration options. - // Specifying ring_hash_lb_config or least_request_lb_config without setting the corresponding - // LbPolicy will generate an error at runtime. - oneof lb_config { - // Optional configuration for the Ring Hash load balancing policy. - RingHashLbConfig ring_hash_lb_config = 23; + // Optional configuration for the Ring Hash load balancing policy. + core.v3.Metadata metadata = 25; - // Optional configuration for the Original Destination load balancing policy. - OriginalDstLbConfig original_dst_lb_config = 34; + // Optional configuration for the Original Destination load balancing policy. + ClusterProtocolSelection protocol_selection = 26; - // Optional configuration for the LeastRequest load balancing policy. - LeastRequestLbConfig least_request_lb_config = 37; - } + // Optional configuration for the LeastRequest load balancing policy. + UpstreamConnectionOptions upstream_connection_options = 30; // Common configuration for all load balancer implementations. - CommonLbConfig common_lb_config = 27; + bool close_connections_on_host_health_failure = 31; // Optional custom transport socket implementation to use for upstream connections. // To setup TLS, set a transport socket with name `tls` and // :ref:`UpstreamTlsContexts ` in the `typed_config`. // If no transport socket configuration is specified, new connections // will be set up with plaintext. - core.v3.TransportSocket transport_socket = 24; + bool ignore_health_on_host_removal = 32; // The Metadata field can be used to provide additional information about the // cluster. It can be used for stats, logging, and varying filter behavior. // Fields should use reverse DNS notation to denote which entity within Envoy // will need the information. For instance, if the metadata is intended for // the Router filter, the filter name should be specified as *envoy.filters.http.router*. - core.v3.Metadata metadata = 25; + repeated Filter filters = 40; // Determines how Envoy selects the protocol used to speak to upstream hosts. - ClusterProtocolSelection protocol_selection = 26; + LoadBalancingPolicy load_balancing_policy = 41; // Optional options for upstream connections. - UpstreamConnectionOptions upstream_connection_options = 30; + core.v3.ConfigSource lrs_server = 42; // If an upstream host becomes unhealthy (as determined by the configured health checks // or outlier detection), immediately close all connections to the failed host. @@ -804,45 +756,64 @@ message Cluster { // the unhealthy status is detected. If there are a large number of connections open // to an upstream host that becomes unhealthy, Envoy may spend a substantial amount of // time exclusively closing these connections, and not processing any other traffic. - bool close_connections_on_host_health_failure = 31; + bool track_timeout_budgets = 47; // If set to true, Envoy will ignore the health value of a host when processing its removal // from service discovery. This means that if active health checking is used, Envoy will *not* // wait for the endpoint to go unhealthy before removing it. - bool ignore_health_on_host_removal = 32; + repeated core.v3.Address hidden_envoy_deprecated_hosts = 7 [deprecated = true]; // An (optional) network filter chain, listed in the order the filters should be applied. // The chain will be applied to all outgoing connections that Envoy makes to the upstream // servers of this cluster. - repeated Filter filters = 40; + envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext hidden_envoy_deprecated_tls_context = + 11 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; // [#not-implemented-hide:] New mechanism for LB policy configuration. Used only if the // :ref:`lb_policy` field has the value // :ref:`LOAD_BALANCING_POLICY_CONFIG`. - LoadBalancingPolicy load_balancing_policy = 41; + map hidden_envoy_deprecated_extension_protocol_options = 35 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // [#not-implemented-hide:] - // If present, tells the client where to send load reports via LRS. If not present, the - // client will fall back to a client-side default, which may be either (a) don't send any - // load reports or (b) send load reports for all clusters to a single default server - // (which may be configured in the bootstrap file). - // - // Note that if multiple clusters point to the same LRS server, the client may choose to - // create a separate stream for each cluster or it may choose to coalesce the data for - // multiple clusters onto a single stream. Either way, the client must make sure to send - // the data for any given cluster on no more than one stream. - // - // [#next-major-version: In the v3 API, we should consider restructuring this somehow, - // maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation - // from the LRS stream here.] - core.v3.ConfigSource lrs_server = 42; + oneof cluster_discovery_type { + // [#not-implemented-hide:] + // If present, tells the client where to send load reports via LRS. If not present, the + // client will fall back to a client-side default, which may be either (a) don't send any + // load reports or (b) send load reports for all clusters to a single default server + // (which may be configured in the bootstrap file). + // + // Note that if multiple clusters point to the same LRS server, the client may choose to + // create a separate stream for each cluster or it may choose to coalesce the data for + // multiple clusters onto a single stream. Either way, the client must make sure to send + // the data for any given cluster on no more than one stream. + // + // [#next-major-version: In the v3 API, we should consider restructuring this somehow, + // maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation + // from the LRS stream here.] + DiscoveryType type = 2 [(validate.rules).enum = {defined_only: true}]; - // If track_timeout_budgets is true, the :ref:`timeout budget histograms - // ` will be published for each - // request. These show what percentage of a request's per try and global timeout was used. A value - // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value - // of 100 would indicate that the request took the entirety of the timeout given to it. - bool track_timeout_budgets = 47; + // If track_timeout_budgets is true, the :ref:`timeout budget histograms + // ` will be published for each + // request. These show what percentage of a request's per try and global timeout was used. A value + // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value + // of 100 would indicate that the request took the entirety of the timeout given to it. + CustomClusterType cluster_type = 38; + } + + // Optional configuration for the load balancing algorithm selected by + // LbPolicy. Currently only + // :ref:`RING_HASH` and + // :ref:`LEAST_REQUEST` + // has additional configuration options. + // Specifying ring_hash_lb_config or least_request_lb_config without setting the corresponding + // LbPolicy will generate an error at runtime. + oneof lb_config { + RingHashLbConfig ring_hash_lb_config = 23; + + OriginalDstLbConfig original_dst_lb_config = 34; + + LeastRequestLbConfig least_request_lb_config = 37; + } } // [#not-implemented-hide:] Extensible load balancing policy configuration. @@ -874,11 +845,9 @@ message LoadBalancingPolicy { // Required. The name of the LB policy. string name = 1; - // Optional config for the LB policy. - // No more than one of these two fields may be populated. - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } // Each client will iterate over the list in order and stop at the first policy that it diff --git a/generated_api_shadow/envoy/config/cluster/v3/filter.proto b/generated_api_shadow/envoy/config/cluster/v3/filter.proto index 0d2f35f0cd44d..af3116ec26eb2 100644 --- a/generated_api_shadow/envoy/config/cluster/v3/filter.proto +++ b/generated_api_shadow/envoy/config/cluster/v3/filter.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "FilterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Upstream filters] // Upstream filters apply to the connections to the upstream cluster hosts. diff --git a/generated_api_shadow/envoy/config/cluster/v3/outlier_detection.proto b/generated_api_shadow/envoy/config/cluster/v3/outlier_detection.proto index f3eac3a1ba84e..c0b4d5732db55 100644 --- a/generated_api_shadow/envoy/config/cluster/v3/outlier_detection.proto +++ b/generated_api_shadow/envoy/config/cluster/v3/outlier_detection.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.cluster.v3"; option java_outer_classname = "OutlierDetectionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Outlier detection] diff --git a/generated_api_shadow/envoy/config/cluster/v4alpha/BUILD b/generated_api_shadow/envoy/config/cluster/v4alpha/BUILD new file mode 100644 index 0000000000000..3aff84b82faa4 --- /dev/null +++ b/generated_api_shadow/envoy/config/cluster/v4alpha/BUILD @@ -0,0 +1,16 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/cluster/v3:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/endpoint/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/config/cluster/v4alpha/circuit_breaker.proto b/generated_api_shadow/envoy/config/cluster/v4alpha/circuit_breaker.proto new file mode 100644 index 0000000000000..57a263a70d2e1 --- /dev/null +++ b/generated_api_shadow/envoy/config/cluster/v4alpha/circuit_breaker.proto @@ -0,0 +1,105 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "CircuitBreakerProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Circuit breakers] + +// :ref:`Circuit breaking` settings can be +// specified individually for each defined priority. +message CircuitBreakers { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.CircuitBreakers"; + + // A Thresholds defines CircuitBreaker settings for a + // :ref:`RoutingPriority`. + // [#next-free-field: 9] + message Thresholds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.CircuitBreakers.Thresholds"; + + message RetryBudget { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.CircuitBreakers.Thresholds.RetryBudget"; + + // Specifies the limit on concurrent retries as a percentage of the sum of active requests and + // active pending requests. For example, if there are 100 active requests and the + // budget_percent is set to 25, there may be 25 active retries. + // + // This parameter is optional. Defaults to 20%. + type.v3.Percent budget_percent = 1; + + // Specifies the minimum retry concurrency allowed for the retry budget. The limit on the + // number of active retries may never go below this number. + // + // This parameter is optional. Defaults to 3. + google.protobuf.UInt32Value min_retry_concurrency = 2; + } + + // The :ref:`RoutingPriority` + // the specified CircuitBreaker settings apply to. + core.v4alpha.RoutingPriority priority = 1 [(validate.rules).enum = {defined_only: true}]; + + // The maximum number of connections that Envoy will make to the upstream + // cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_connections = 2; + + // The maximum number of pending requests that Envoy will allow to the + // upstream cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_pending_requests = 3; + + // The maximum number of parallel requests that Envoy will make to the + // upstream cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_requests = 4; + + // The maximum number of parallel retries that Envoy will allow to the + // upstream cluster. If not specified, the default is 3. + google.protobuf.UInt32Value max_retries = 5; + + // Specifies a limit on concurrent retries in relation to the number of active requests. This + // parameter is optional. + // + // .. note:: + // + // If this field is set, the retry budget will override any configured retry circuit + // breaker. + RetryBudget retry_budget = 8; + + // If track_remaining is true, then stats will be published that expose + // the number of resources remaining until the circuit breakers open. If + // not specified, the default is false. + // + // .. note:: + // + // If a retry budget is used in lieu of the max_retries circuit breaker, + // the remaining retry resources remaining will not be tracked. + bool track_remaining = 6; + + // The maximum number of connection pools per cluster that Envoy will concurrently support at + // once. If not specified, the default is unlimited. Set this for clusters which create a + // large number of connection pools. See + // :ref:`Circuit Breaking ` for + // more details. + google.protobuf.UInt32Value max_connection_pools = 7; + } + + // If multiple :ref:`Thresholds` + // are defined with the same :ref:`RoutingPriority`, + // the first one in the list is used. If no Thresholds is defined for a given + // :ref:`RoutingPriority`, the default values + // are used. + repeated Thresholds thresholds = 1; +} diff --git a/generated_api_shadow/envoy/config/cluster/v4alpha/cluster.proto b/generated_api_shadow/envoy/config/cluster/v4alpha/cluster.proto new file mode 100644 index 0000000000000..887ef9c3fe337 --- /dev/null +++ b/generated_api_shadow/envoy/config/cluster/v4alpha/cluster.proto @@ -0,0 +1,873 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "envoy/config/cluster/v4alpha/circuit_breaker.proto"; +import "envoy/config/cluster/v4alpha/filter.proto"; +import "envoy/config/cluster/v4alpha/outlier_detection.proto"; +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/health_check.proto"; +import "envoy/config/core/v4alpha/protocol.proto"; +import "envoy/config/endpoint/v3/endpoint.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "ClusterProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Cluster configuration] + +// Configuration for a single upstream cluster. +// [#next-free-field: 48] +message Cluster { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.Cluster"; + + // Refer to :ref:`service discovery type ` + // for an explanation on each type. + enum DiscoveryType { + // Refer to the :ref:`static discovery type` + // for an explanation. + STATIC = 0; + + // Refer to the :ref:`strict DNS discovery + // type` + // for an explanation. + STRICT_DNS = 1; + + // Refer to the :ref:`logical DNS discovery + // type` + // for an explanation. + LOGICAL_DNS = 2; + + // Refer to the :ref:`service discovery type` + // for an explanation. + EDS = 3; + + // Refer to the :ref:`original destination discovery + // type` + // for an explanation. + ORIGINAL_DST = 4; + } + + // Refer to :ref:`load balancer type ` architecture + // overview section for information on each type. + enum LbPolicy { + reserved 4; + + reserved "ORIGINAL_DST_LB"; + + // Refer to the :ref:`round robin load balancing + // policy` + // for an explanation. + ROUND_ROBIN = 0; + + // Refer to the :ref:`least request load balancing + // policy` + // for an explanation. + LEAST_REQUEST = 1; + + // Refer to the :ref:`ring hash load balancing + // policy` + // for an explanation. + RING_HASH = 2; + + // Refer to the :ref:`random load balancing + // policy` + // for an explanation. + RANDOM = 3; + + // Refer to the :ref:`Maglev load balancing policy` + // for an explanation. + MAGLEV = 5; + + // This load balancer type must be specified if the configured cluster provides a cluster + // specific load balancer. Consult the configured cluster's documentation for whether to set + // this option or not. + CLUSTER_PROVIDED = 6; + + // [#not-implemented-hide:] Use the new :ref:`load_balancing_policy + // ` field to determine the LB policy. + // [#next-major-version: In the v3 API, we should consider deprecating the lb_policy field + // and instead using the new load_balancing_policy field as the one and only mechanism for + // configuring this.] + LOAD_BALANCING_POLICY_CONFIG = 7; + } + + // When V4_ONLY is selected, the DNS resolver will only perform a lookup for + // addresses in the IPv4 family. If V6_ONLY is selected, the DNS resolver will + // only perform a lookup for addresses in the IPv6 family. If AUTO is + // specified, the DNS resolver will first perform a lookup for addresses in + // the IPv6 family and fallback to a lookup for addresses in the IPv4 family. + // For cluster types other than + // :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS`, + // this setting is + // ignored. + enum DnsLookupFamily { + AUTO = 0; + V4_ONLY = 1; + V6_ONLY = 2; + } + + enum ClusterProtocolSelection { + // Cluster can only operate on one of the possible upstream protocols (HTTP1.1, HTTP2). + // If :ref:`http2_protocol_options ` are + // present, HTTP2 will be used, otherwise HTTP1.1 will be used. + USE_CONFIGURED_PROTOCOL = 0; + + // Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection. + USE_DOWNSTREAM_PROTOCOL = 1; + } + + // TransportSocketMatch specifies what transport socket config will be used + // when the match conditions are satisfied. + message TransportSocketMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.TransportSocketMatch"; + + // The name of the match, used in stats generation. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Optional endpoint metadata match criteria. + // The connection to the endpoint with metadata matching what is set in this field + // will use the transport socket configuration specified here. + // The endpoint's metadata entry in *envoy.transport_socket_match* is used to match + // against the values specified in this field. + google.protobuf.Struct match = 2; + + // The configuration of the transport socket. + core.v4alpha.TransportSocket transport_socket = 3; + } + + // Extended cluster type. + message CustomClusterType { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CustomClusterType"; + + // The type of the cluster to instantiate. The name must match a supported cluster type. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Cluster specific configuration which depends on the cluster being instantiated. + // See the supported cluster for further documentation. + google.protobuf.Any typed_config = 2; + } + + // Only valid when discovery type is EDS. + message EdsClusterConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.EdsClusterConfig"; + + // Configuration for the source of EDS updates for this Cluster. + core.v4alpha.ConfigSource eds_config = 1; + + // Optional alternative to cluster name to present to EDS. This does not + // have the same restrictions as cluster name, i.e. it may be arbitrary + // length. + string service_name = 2; + } + + // Optionally divide the endpoints in this cluster into subsets defined by + // endpoint metadata and selected by route and weighted cluster metadata. + // [#next-free-field: 8] + message LbSubsetConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.LbSubsetConfig"; + + // If NO_FALLBACK is selected, a result + // equivalent to no healthy hosts is reported. If ANY_ENDPOINT is selected, + // any cluster endpoint may be returned (subject to policy, health checks, + // etc). If DEFAULT_SUBSET is selected, load balancing is performed over the + // endpoints matching the values from the default_subset field. + enum LbSubsetFallbackPolicy { + NO_FALLBACK = 0; + ANY_ENDPOINT = 1; + DEFAULT_SUBSET = 2; + } + + // Specifications for subsets. + message LbSubsetSelector { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector"; + + // Allows to override top level fallback policy per selector. + enum LbSubsetSelectorFallbackPolicy { + // If NOT_DEFINED top level config fallback policy is used instead. + NOT_DEFINED = 0; + + // If NO_FALLBACK is selected, a result equivalent to no healthy hosts is reported. + NO_FALLBACK = 1; + + // If ANY_ENDPOINT is selected, any cluster endpoint may be returned + // (subject to policy, health checks, etc). + ANY_ENDPOINT = 2; + + // If DEFAULT_SUBSET is selected, load balancing is performed over the + // endpoints matching the values from the default_subset field. + DEFAULT_SUBSET = 3; + + // If KEYS_SUBSET is selected, subset selector matching is performed again with metadata + // keys reduced to + // :ref:`fallback_keys_subset`. + // It allows for a fallback to a different, less specific selector if some of the keys of + // the selector are considered optional. + KEYS_SUBSET = 4; + } + + // List of keys to match with the weighted cluster metadata. + repeated string keys = 1; + + // The behavior used when no endpoint subset matches the selected route's + // metadata. + LbSubsetSelectorFallbackPolicy fallback_policy = 2 + [(validate.rules).enum = {defined_only: true}]; + + // Subset of + // :ref:`keys` used by + // :ref:`KEYS_SUBSET` + // fallback policy. + // It has to be a non empty list if KEYS_SUBSET fallback policy is selected. + // For any other fallback policy the parameter is not used and should not be set. + // Only values also present in + // :ref:`keys` are allowed, but + // `fallback_keys_subset` cannot be equal to `keys`. + repeated string fallback_keys_subset = 3; + } + + // The behavior used when no endpoint subset matches the selected route's + // metadata. The value defaults to + // :ref:`NO_FALLBACK`. + LbSubsetFallbackPolicy fallback_policy = 1 [(validate.rules).enum = {defined_only: true}]; + + // Specifies the default subset of endpoints used during fallback if + // fallback_policy is + // :ref:`DEFAULT_SUBSET`. + // Each field in default_subset is + // compared to the matching LbEndpoint.Metadata under the *envoy.lb* + // namespace. It is valid for no hosts to match, in which case the behavior + // is the same as a fallback_policy of + // :ref:`NO_FALLBACK`. + google.protobuf.Struct default_subset = 2; + + // For each entry, LbEndpoint.Metadata's + // *envoy.lb* namespace is traversed and a subset is created for each unique + // combination of key and value. For example: + // + // .. code-block:: json + // + // { "subset_selectors": [ + // { "keys": [ "version" ] }, + // { "keys": [ "stage", "hardware_type" ] } + // ]} + // + // A subset is matched when the metadata from the selected route and + // weighted cluster contains the same keys and values as the subset's + // metadata. The same host may appear in multiple subsets. + repeated LbSubsetSelector subset_selectors = 3; + + // If true, routing to subsets will take into account the localities and locality weights of the + // endpoints when making the routing decision. + // + // There are some potential pitfalls associated with enabling this feature, as the resulting + // traffic split after applying both a subset match and locality weights might be undesirable. + // + // Consider for example a situation in which you have 50/50 split across two localities X/Y + // which have 100 hosts each without subsetting. If the subset LB results in X having only 1 + // host selected but Y having 100, then a lot more load is being dumped on the single host in X + // than originally anticipated in the load balancing assignment delivered via EDS. + bool locality_weight_aware = 4; + + // When used with locality_weight_aware, scales the weight of each locality by the ratio + // of hosts in the subset vs hosts in the original subset. This aims to even out the load + // going to an individual locality if said locality is disproportionately affected by the + // subset predicate. + bool scale_locality_weight = 5; + + // If true, when a fallback policy is configured and its corresponding subset fails to find + // a host this will cause any host to be selected instead. + // + // This is useful when using the default subset as the fallback policy, given the default + // subset might become empty. With this option enabled, if that happens the LB will attempt + // to select a host from the entire cluster. + bool panic_mode_any = 6; + + // If true, metadata specified for a metadata key will be matched against the corresponding + // endpoint metadata if the endpoint metadata matches the value exactly OR it is a list value + // and any of the elements in the list matches the criteria. + bool list_as_any = 7; + } + + // Specific configuration for the LeastRequest load balancing policy. + message LeastRequestLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.LeastRequestLbConfig"; + + // The number of random healthy hosts from which the host with the fewest active requests will + // be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set. + google.protobuf.UInt32Value choice_count = 1 [(validate.rules).uint32 = {gte: 2}]; + } + + // Specific configuration for the :ref:`RingHash` + // load balancing policy. + message RingHashLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.RingHashLbConfig"; + + // The hash function used to hash hosts onto the ketama ring. + enum HashFunction { + // Use `xxHash `_, this is the default hash function. + XX_HASH = 0; + + // Use `MurmurHash2 `_, this is compatible with + // std:hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled + // on Linux and not macOS. + MURMUR_HASH_2 = 1; + } + + reserved 2; + + // Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each + // provided host) the better the request distribution will reflect the desired weights. Defaults + // to 1024 entries, and limited to 8M entries. See also + // :ref:`maximum_ring_size`. + google.protobuf.UInt64Value minimum_ring_size = 1 [(validate.rules).uint64 = {lte: 8388608}]; + + // The hash function used to hash hosts onto the ketama ring. The value defaults to + // :ref:`XX_HASH`. + HashFunction hash_function = 3 [(validate.rules).enum = {defined_only: true}]; + + // Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered + // to further constrain resource use. See also + // :ref:`minimum_ring_size`. + google.protobuf.UInt64Value maximum_ring_size = 4 [(validate.rules).uint64 = {lte: 8388608}]; + } + + // Specific configuration for the + // :ref:`Original Destination ` + // load balancing policy. + message OriginalDstLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.OriginalDstLbConfig"; + + // When true, :ref:`x-envoy-original-dst-host + // ` can be used to override destination + // address. + // + // .. attention:: + // + // This header isn't sanitized by default, so enabling this feature allows HTTP clients to + // route traffic to arbitrary hosts and/or ports, which may have serious security + // consequences. + bool use_http_header = 1; + } + + // Common configuration for all load balancer implementations. + // [#next-free-field: 8] + message CommonLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig"; + + // Configuration for :ref:`zone aware routing + // `. + message ZoneAwareLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig.ZoneAwareLbConfig"; + + // Configures percentage of requests that will be considered for zone aware routing + // if zone aware routing is configured. If not specified, the default is 100%. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + type.v3.Percent routing_enabled = 1; + + // Configures minimum upstream cluster size required for zone aware routing + // If upstream cluster size is less than specified, zone aware routing is not performed + // even if zone aware routing is configured. If not specified, the default is 6. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + google.protobuf.UInt64Value min_cluster_size = 2; + + // If set to true, Envoy will not consider any hosts when the cluster is in :ref:`panic + // mode`. Instead, the cluster will fail all + // requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a + // failing service. + bool fail_traffic_on_panic = 3; + } + + // Configuration for :ref:`locality weighted load balancing + // ` + message LocalityWeightedLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig.LocalityWeightedLbConfig"; + } + + // Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) + message ConsistentHashingLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.CommonLbConfig.ConsistentHashingLbConfig"; + + // If set to `true`, the cluster will use hostname instead of the resolved + // address as the key to consistently hash to an upstream host. Only valid for StrictDNS clusters with hostnames which resolve to a single IP address. + bool use_hostname_for_hashing = 1; + } + + // Configures the :ref:`healthy panic threshold `. + // If not specified, the default is 50%. + // To disable panic mode, set to 0%. + // + // .. note:: + // The specified percent will be truncated to the nearest 1%. + type.v3.Percent healthy_panic_threshold = 1; + + oneof locality_config_specifier { + ZoneAwareLbConfig zone_aware_lb_config = 2; + + LocalityWeightedLbConfig locality_weighted_lb_config = 3; + } + + // If set, all health check/weight/metadata updates that happen within this duration will be + // merged and delivered in one shot when the duration expires. The start of the duration is when + // the first update happens. This is useful for big clusters, with potentially noisy deploys + // that might trigger excessive CPU usage due to a constant stream of healthcheck state changes + // or metadata updates. The first set of updates to be seen apply immediately (e.g.: a new + // cluster). Please always keep in mind that the use of sandbox technologies may change this + // behavior. + // + // If this is not set, we default to a merge window of 1000ms. To disable it, set the merge + // window to 0. + // + // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is + // because merging those updates isn't currently safe. See + // https://github.com/envoyproxy/envoy/pull/3941. + google.protobuf.Duration update_merge_window = 4; + + // If set to true, Envoy will not consider new hosts when computing load balancing weights until + // they have been health checked for the first time. This will have no effect unless + // active health checking is also configured. + // + // Ignoring a host means that for any load balancing calculations that adjust weights based + // on the ratio of eligible hosts and total hosts (priority spillover, locality weighting and + // panic mode) Envoy will exclude these hosts in the denominator. + // + // For example, with hosts in two priorities P0 and P1, where P0 looks like + // {healthy, unhealthy (new), unhealthy (new)} + // and where P1 looks like + // {healthy, healthy} + // all traffic will still hit P0, as 1 / (3 - 2) = 1. + // + // Enabling this will allow scaling up the number of hosts for a given cluster without entering + // panic mode or triggering priority spillover, assuming the hosts pass the first health check. + // + // If panic mode is triggered, new hosts are still eligible for traffic; they simply do not + // contribute to the calculation when deciding whether panic mode is enabled or not. + bool ignore_new_hosts_until_first_hc = 5; + + // If set to `true`, the cluster manager will drain all existing + // connections to upstream hosts whenever hosts are added or removed from the cluster. + bool close_connections_on_host_set_change = 6; + + //Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) + ConsistentHashingLbConfig consistent_hashing_lb_config = 7; + } + + message RefreshRate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.Cluster.RefreshRate"; + + // Specifies the base interval between refreshes. This parameter is required and must be greater + // than zero and less than + // :ref:`max_interval `. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gt {nanos: 1000000} + }]; + + // Specifies the maximum interval between refreshes. This parameter is optional, but must be + // greater than or equal to the + // :ref:`base_interval ` if set. The default + // is 10 times the :ref:`base_interval `. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}]; + } + + reserved 12, 15, 7, 11, 35; + + reserved "hosts", "tls_context", "extension_protocol_options"; + + // Configuration to use different transport sockets for different endpoints. + // The entry of *envoy.transport_socket* in the + // :ref:`LbEndpoint.Metadata ` + // is used to match against the transport sockets as they appear in the list. The first + // :ref:`match ` is used. + // For example, with the following match + // + // .. code-block:: yaml + // + // transport_socket_matches: + // - name: "enableMTLS" + // match: + // acceptMTLS: true + // transport_socket: + // name: envoy.transport_sockets.tls + // config: { ... } # tls socket configuration + // - name: "defaultToPlaintext" + // match: {} + // transport_socket: + // name: envoy.transport_sockets.raw_buffer + // + // Connections to the endpoints whose metadata value under *envoy.transport_socket* + // having "acceptMTLS"/"true" key/value pair use the "enableMTLS" socket configuration. + // + // If a :ref:`socket match ` with empty match + // criteria is provided, that always match any endpoint. For example, the "defaultToPlaintext" + // socket match in case above. + // + // If an endpoint metadata's value under *envoy.transport_socket* does not match any + // *TransportSocketMatch*, socket configuration fallbacks to use the *tls_context* or + // *transport_socket* specified in this cluster. + // + // This field allows gradual and flexible transport socket configuration changes. + // + // The metadata of endpoints in EDS can indicate transport socket capabilities. For example, + // an endpoint's metadata can have two key value pairs as "acceptMTLS": "true", + // "acceptPlaintext": "true". While some other endpoints, only accepting plaintext traffic + // has "acceptPlaintext": "true" metadata information. + // + // Then the xDS server can configure the CDS to a client, Envoy A, to send mutual TLS + // traffic for endpoints with "acceptMTLS": "true", by adding a corresponding + // *TransportSocketMatch* in this field. Other client Envoys receive CDS without + // *transport_socket_match* set, and still send plain text traffic to the same cluster. + // + // [#comment:TODO(incfly): add a detailed architecture doc on intended usage.] + repeated TransportSocketMatch transport_socket_matches = 43; + + // Supplies the name of the cluster which must be unique across all clusters. + // The cluster name is used when emitting + // :ref:`statistics ` if :ref:`alt_stat_name + // ` is not provided. + // Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // An optional alternative to the cluster name to be used while emitting stats. + // Any ``:`` in the name will be converted to ``_`` when emitting statistics. This should not be + // confused with :ref:`Router Filter Header + // `. + string alt_stat_name = 28; + + oneof cluster_discovery_type { + // The :ref:`service discovery type ` + // to use for resolving the cluster. + DiscoveryType type = 2 [(validate.rules).enum = {defined_only: true}]; + + // The custom cluster type. + CustomClusterType cluster_type = 38; + } + + // Configuration to use for EDS updates for the Cluster. + EdsClusterConfig eds_cluster_config = 3; + + // The timeout for new network connections to hosts in the cluster. + google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}]; + + // Soft limit on size of the cluster’s connections read and write buffers. If + // unspecified, an implementation defined default is applied (1MiB). + google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5; + + // The :ref:`load balancer type ` to use + // when picking a host in the cluster. + LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}]; + + // Setting this is required for specifying members of + // :ref:`STATIC`, + // :ref:`STRICT_DNS` + // or :ref:`LOGICAL_DNS` clusters. + // This field supersedes the *hosts* field in the v2 API. + // + // .. attention:: + // + // Setting this allows non-EDS cluster types to contain embedded EDS equivalent + // :ref:`endpoint assignments`. + // + endpoint.v3.ClusterLoadAssignment load_assignment = 33; + + // Optional :ref:`active health checking ` + // configuration for the cluster. If no + // configuration is specified no health checking will be done and all cluster + // members will be considered healthy at all times. + repeated core.v4alpha.HealthCheck health_checks = 8; + + // Optional maximum requests for a single upstream connection. This parameter + // is respected by both the HTTP/1.1 and HTTP/2 connection pool + // implementations. If not specified, there is no limit. Setting this + // parameter to 1 will effectively disable keep alive. + google.protobuf.UInt32Value max_requests_per_connection = 9; + + // Optional :ref:`circuit breaking ` for the cluster. + CircuitBreakers circuit_breakers = 10; + + // HTTP protocol options that are applied only to upstream HTTP connections. + // These options apply to all HTTP versions. + core.v4alpha.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46; + + // Additional options when handling HTTP requests upstream. These options will be applicable to + // both HTTP1 and HTTP2 requests. + core.v4alpha.HttpProtocolOptions common_http_protocol_options = 29; + + // Additional options when handling HTTP1 requests. + core.v4alpha.Http1ProtocolOptions http_protocol_options = 13; + + // Even if default HTTP2 protocol options are desired, this field must be + // set so that Envoy will assume that the upstream supports HTTP/2 when + // making new HTTP connection pool connections. Currently, Envoy only + // supports prior knowledge for upstream connections. Even if TLS is used + // with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2 + // connections to happen over plain text. + core.v4alpha.Http2ProtocolOptions http2_protocol_options = 14; + + // The extension_protocol_options field is used to provide extension-specific protocol options + // for upstream connections. The key should match the extension filter name, such as + // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on + // specific options. + map typed_extension_protocol_options = 36; + + // If the DNS refresh rate is specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this value is used as the cluster’s DNS refresh + // rate. The value configured must be at least 1ms. If this setting is not specified, the + // value defaults to 5000ms. For cluster types other than + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` + // this setting is ignored. + google.protobuf.Duration dns_refresh_rate = 16 + [(validate.rules).duration = {gt {nanos: 1000000}}]; + + // If the DNS failure refresh rate is specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this is used as the cluster’s DNS refresh rate when requests are failing. If this setting is + // not specified, the failure refresh rate defaults to the DNS refresh rate. For cluster types + // other than :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS` this setting is + // ignored. + RefreshRate dns_failure_refresh_rate = 44; + + // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true, + // cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS + // resolution. + bool respect_dns_ttl = 39; + + // The DNS IP address resolution policy. If this setting is not specified, the + // value defaults to + // :ref:`AUTO`. + DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}]; + + // If DNS resolvers are specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this value is used to specify the cluster’s dns resolvers. + // If this setting is not specified, the value defaults to the default + // resolver, which uses /etc/resolv.conf for configuration. For cluster types + // other than + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` + // this setting is ignored. + repeated core.v4alpha.Address dns_resolvers = 18; + + // [#next-major-version: Reconcile DNS options in a single message.] + // Always use TCP queries instead of UDP queries for DNS lookups. + bool use_tcp_for_dns_lookups = 45; + + // If specified, outlier detection will be enabled for this upstream cluster. + // Each of the configuration values can be overridden via + // :ref:`runtime values `. + OutlierDetection outlier_detection = 19; + + // The interval for removing stale hosts from a cluster type + // :ref:`ORIGINAL_DST`. + // Hosts are considered stale if they have not been used + // as upstream destinations during this interval. New hosts are added + // to original destination clusters on demand as new connections are + // redirected to Envoy, causing the number of hosts in the cluster to + // grow over time. Hosts that are not stale (they are actively used as + // destinations) are kept in the cluster, which allows connections to + // them remain open, saving the latency that would otherwise be spent + // on opening new connections. If this setting is not specified, the + // value defaults to 5000ms. For cluster types other than + // :ref:`ORIGINAL_DST` + // this setting is ignored. + google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}]; + + // Optional configuration used to bind newly established upstream connections. + // This overrides any bind_config specified in the bootstrap proto. + // If the address and port are empty, no bind will be performed. + core.v4alpha.BindConfig upstream_bind_config = 21; + + // Configuration for load balancing subsetting. + LbSubsetConfig lb_subset_config = 22; + + // Optional configuration for the load balancing algorithm selected by + // LbPolicy. Currently only + // :ref:`RING_HASH` and + // :ref:`LEAST_REQUEST` + // has additional configuration options. + // Specifying ring_hash_lb_config or least_request_lb_config without setting the corresponding + // LbPolicy will generate an error at runtime. + oneof lb_config { + // Optional configuration for the Ring Hash load balancing policy. + RingHashLbConfig ring_hash_lb_config = 23; + + // Optional configuration for the Original Destination load balancing policy. + OriginalDstLbConfig original_dst_lb_config = 34; + + // Optional configuration for the LeastRequest load balancing policy. + LeastRequestLbConfig least_request_lb_config = 37; + } + + // Common configuration for all load balancer implementations. + CommonLbConfig common_lb_config = 27; + + // Optional custom transport socket implementation to use for upstream connections. + // To setup TLS, set a transport socket with name `tls` and + // :ref:`UpstreamTlsContexts ` in the `typed_config`. + // If no transport socket configuration is specified, new connections + // will be set up with plaintext. + core.v4alpha.TransportSocket transport_socket = 24; + + // The Metadata field can be used to provide additional information about the + // cluster. It can be used for stats, logging, and varying filter behavior. + // Fields should use reverse DNS notation to denote which entity within Envoy + // will need the information. For instance, if the metadata is intended for + // the Router filter, the filter name should be specified as *envoy.filters.http.router*. + core.v4alpha.Metadata metadata = 25; + + // Determines how Envoy selects the protocol used to speak to upstream hosts. + ClusterProtocolSelection protocol_selection = 26; + + // Optional options for upstream connections. + UpstreamConnectionOptions upstream_connection_options = 30; + + // If an upstream host becomes unhealthy (as determined by the configured health checks + // or outlier detection), immediately close all connections to the failed host. + // + // .. note:: + // + // This is currently only supported for connections created by tcp_proxy. + // + // .. note:: + // + // The current implementation of this feature closes all connections immediately when + // the unhealthy status is detected. If there are a large number of connections open + // to an upstream host that becomes unhealthy, Envoy may spend a substantial amount of + // time exclusively closing these connections, and not processing any other traffic. + bool close_connections_on_host_health_failure = 31; + + // If set to true, Envoy will ignore the health value of a host when processing its removal + // from service discovery. This means that if active health checking is used, Envoy will *not* + // wait for the endpoint to go unhealthy before removing it. + bool ignore_health_on_host_removal = 32; + + // An (optional) network filter chain, listed in the order the filters should be applied. + // The chain will be applied to all outgoing connections that Envoy makes to the upstream + // servers of this cluster. + repeated Filter filters = 40; + + // [#not-implemented-hide:] New mechanism for LB policy configuration. Used only if the + // :ref:`lb_policy` field has the value + // :ref:`LOAD_BALANCING_POLICY_CONFIG`. + LoadBalancingPolicy load_balancing_policy = 41; + + // [#not-implemented-hide:] + // If present, tells the client where to send load reports via LRS. If not present, the + // client will fall back to a client-side default, which may be either (a) don't send any + // load reports or (b) send load reports for all clusters to a single default server + // (which may be configured in the bootstrap file). + // + // Note that if multiple clusters point to the same LRS server, the client may choose to + // create a separate stream for each cluster or it may choose to coalesce the data for + // multiple clusters onto a single stream. Either way, the client must make sure to send + // the data for any given cluster on no more than one stream. + // + // [#next-major-version: In the v3 API, we should consider restructuring this somehow, + // maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation + // from the LRS stream here.] + core.v4alpha.ConfigSource lrs_server = 42; + + // If track_timeout_budgets is true, the :ref:`timeout budget histograms + // ` will be published for each + // request. These show what percentage of a request's per try and global timeout was used. A value + // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value + // of 100 would indicate that the request took the entirety of the timeout given to it. + bool track_timeout_budgets = 47; +} + +// [#not-implemented-hide:] Extensible load balancing policy configuration. +// +// Every LB policy defined via this mechanism will be identified via a unique name using reverse +// DNS notation. If the policy needs configuration parameters, it must define a message for its +// own configuration, which will be stored in the config field. The name of the policy will tell +// clients which type of message they should expect to see in the config field. +// +// Note that there are cases where it is useful to be able to independently select LB policies +// for choosing a locality and for choosing an endpoint within that locality. For example, a +// given deployment may always use the same policy to choose the locality, but for choosing the +// endpoint within the locality, some clusters may use weighted-round-robin, while others may +// use some sort of session-based balancing. +// +// This can be accomplished via hierarchical LB policies, where the parent LB policy creates a +// child LB policy for each locality. For each request, the parent chooses the locality and then +// delegates to the child policy for that locality to choose the endpoint within the locality. +// +// To facilitate this, the config message for the top-level LB policy may include a field of +// type LoadBalancingPolicy that specifies the child policy. +message LoadBalancingPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.LoadBalancingPolicy"; + + message Policy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.LoadBalancingPolicy.Policy"; + + reserved 2; + + reserved "config"; + + // Required. The name of the LB policy. + string name = 1; + + google.protobuf.Any typed_config = 3; + } + + // Each client will iterate over the list in order and stop at the first policy that it + // supports. This provides a mechanism for starting to use new LB policies that are not yet + // supported by all clients. + repeated Policy policies = 1; +} + +// An extensible structure containing the address Envoy should bind to when +// establishing upstream connections. +message UpstreamBindConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.UpstreamBindConfig"; + + // The address Envoy should bind to when establishing upstream connections. + core.v4alpha.Address source_address = 1; +} + +message UpstreamConnectionOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.UpstreamConnectionOptions"; + + // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. + core.v4alpha.TcpKeepalive tcp_keepalive = 1; +} diff --git a/generated_api_shadow/envoy/config/cluster/v4alpha/filter.proto b/generated_api_shadow/envoy/config/cluster/v4alpha/filter.proto new file mode 100644 index 0000000000000..eb825fdeb6d58 --- /dev/null +++ b/generated_api_shadow/envoy/config/cluster/v4alpha/filter.proto @@ -0,0 +1,29 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "google/protobuf/any.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "FilterProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Upstream filters] +// Upstream filters apply to the connections to the upstream cluster hosts. + +message Filter { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.cluster.v3.Filter"; + + // The name of the filter to instantiate. The name must match a + // :ref:`supported filter `. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. + google.protobuf.Any typed_config = 2; +} diff --git a/generated_api_shadow/envoy/config/cluster/v4alpha/outlier_detection.proto b/generated_api_shadow/envoy/config/cluster/v4alpha/outlier_detection.proto new file mode 100644 index 0000000000000..29a1e01270d96 --- /dev/null +++ b/generated_api_shadow/envoy/config/cluster/v4alpha/outlier_detection.proto @@ -0,0 +1,151 @@ +syntax = "proto3"; + +package envoy.config.cluster.v4alpha; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v4alpha"; +option java_outer_classname = "OutlierDetectionProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Outlier detection] + +// See the :ref:`architecture overview ` for +// more information on outlier detection. +// [#next-free-field: 21] +message OutlierDetection { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.v3.OutlierDetection"; + + // The number of consecutive 5xx responses or local origin errors that are mapped + // to 5xx error codes before a consecutive 5xx ejection + // occurs. Defaults to 5. + google.protobuf.UInt32Value consecutive_5xx = 1; + + // The time interval between ejection analysis sweeps. This can result in + // both new ejections as well as hosts being returned to service. Defaults + // to 10000ms or 10s. + google.protobuf.Duration interval = 2 [(validate.rules).duration = {gt {}}]; + + // The base time that a host is ejected for. The real time is equal to the + // base time multiplied by the number of times the host has been ejected. + // Defaults to 30000ms or 30s. + google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration = {gt {}}]; + + // The maximum % of an upstream cluster that can be ejected due to outlier + // detection. Defaults to 10% but will eject at least one host regardless of the value. + google.protobuf.UInt32Value max_ejection_percent = 4 [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive 5xx. This setting can be used to disable + // ejection or to ramp it up slowly. Defaults to 100. + google.protobuf.UInt32Value enforcing_consecutive_5xx = 5 [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through success rate statistics. This setting can be used to + // disable ejection or to ramp it up slowly. Defaults to 100. + google.protobuf.UInt32Value enforcing_success_rate = 6 [(validate.rules).uint32 = {lte: 100}]; + + // The number of hosts in a cluster that must have enough request volume to + // detect success rate outliers. If the number of hosts is less than this + // setting, outlier detection via success rate statistics is not performed + // for any host in the cluster. Defaults to 5. + google.protobuf.UInt32Value success_rate_minimum_hosts = 7; + + // The minimum number of total requests that must be collected in one + // interval (as defined by the interval duration above) to include this host + // in success rate based outlier detection. If the volume is lower than this + // setting, outlier detection via success rate statistics is not performed + // for that host. Defaults to 100. + google.protobuf.UInt32Value success_rate_request_volume = 8; + + // This factor is used to determine the ejection threshold for success rate + // outlier ejection. The ejection threshold is the difference between the + // mean success rate, and the product of this factor and the standard + // deviation of the mean success rate: mean - (stdev * + // success_rate_stdev_factor). This factor is divided by a thousand to get a + // double. That is, if the desired factor is 1.9, the runtime value should + // be 1900. Defaults to 1900. + google.protobuf.UInt32Value success_rate_stdev_factor = 9; + + // The number of consecutive gateway failures (502, 503, 504 status codes) + // before a consecutive gateway failure ejection occurs. Defaults to 5. + google.protobuf.UInt32Value consecutive_gateway_failure = 10; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive gateway failures. This setting can be + // used to disable ejection or to ramp it up slowly. Defaults to 0. + google.protobuf.UInt32Value enforcing_consecutive_gateway_failure = 11 + [(validate.rules).uint32 = {lte: 100}]; + + // Determines whether to distinguish local origin failures from external errors. If set to true + // the following configuration parameters are taken into account: + // :ref:`consecutive_local_origin_failure`, + // :ref:`enforcing_consecutive_local_origin_failure` + // and + // :ref:`enforcing_local_origin_success_rate`. + // Defaults to false. + bool split_external_local_origin_errors = 12; + + // The number of consecutive locally originated failures before ejection + // occurs. Defaults to 5. Parameter takes effect only when + // :ref:`split_external_local_origin_errors` + // is set to true. + google.protobuf.UInt32Value consecutive_local_origin_failure = 13; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive locally originated failures. This setting can be + // used to disable ejection or to ramp it up slowly. Defaults to 100. + // Parameter takes effect only when + // :ref:`split_external_local_origin_errors` + // is set to true. + google.protobuf.UInt32Value enforcing_consecutive_local_origin_failure = 14 + [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through success rate statistics for locally originated errors. + // This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. + // Parameter takes effect only when + // :ref:`split_external_local_origin_errors` + // is set to true. + google.protobuf.UInt32Value enforcing_local_origin_success_rate = 15 + [(validate.rules).uint32 = {lte: 100}]; + + // The failure percentage to use when determining failure percentage-based outlier detection. If + // the failure percentage of a given host is greater than or equal to this value, it will be + // ejected. Defaults to 85. + google.protobuf.UInt32Value failure_percentage_threshold = 16 + [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status is detected through + // failure percentage statistics. This setting can be used to disable ejection or to ramp it up + // slowly. Defaults to 0. + // + // [#next-major-version: setting this without setting failure_percentage_threshold should be + // invalid in v4.] + google.protobuf.UInt32Value enforcing_failure_percentage = 17 + [(validate.rules).uint32 = {lte: 100}]; + + // The % chance that a host will be actually ejected when an outlier status is detected through + // local-origin failure percentage statistics. This setting can be used to disable ejection or to + // ramp it up slowly. Defaults to 0. + google.protobuf.UInt32Value enforcing_failure_percentage_local_origin = 18 + [(validate.rules).uint32 = {lte: 100}]; + + // The minimum number of hosts in a cluster in order to perform failure percentage-based ejection. + // If the total number of hosts in the cluster is less than this value, failure percentage-based + // ejection will not be performed. Defaults to 5. + google.protobuf.UInt32Value failure_percentage_minimum_hosts = 19; + + // The minimum number of total requests that must be collected in one interval (as defined by the + // interval duration above) to perform failure percentage-based ejection for this host. If the + // volume is lower than this setting, failure percentage-based ejection will not be performed for + // this host. Defaults to 50. + google.protobuf.UInt32Value failure_percentage_request_volume = 20; +} diff --git a/generated_api_shadow/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto b/generated_api_shadow/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto index 07871d875599e..3941c20aeb805 100644 --- a/generated_api_shadow/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto +++ b/generated_api_shadow/envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto @@ -16,7 +16,7 @@ option java_outer_classname = "DnsCacheProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.common.dynamic_forward_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamic forward proxy common configuration] diff --git a/generated_api_shadow/envoy/config/common/tap/v2alpha/common.proto b/generated_api_shadow/envoy/config/common/tap/v2alpha/common.proto index 870bd762b11b1..262557b356235 100644 --- a/generated_api_shadow/envoy/config/common/tap/v2alpha/common.proto +++ b/generated_api_shadow/envoy/config/common/tap/v2alpha/common.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.config.common.tap.v2alpha"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.common.tap.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common tap extension configuration] diff --git a/generated_api_shadow/envoy/config/core/v3/address.proto b/generated_api_shadow/envoy/config/core/v3/address.proto index d9bae6e31eeef..a9dc3c6e1e300 100644 --- a/generated_api_shadow/envoy/config/core/v3/address.proto +++ b/generated_api_shadow/envoy/config/core/v3/address.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "AddressProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Network addresses] @@ -54,29 +54,29 @@ message SocketAddress { // via :ref:`resolver_name `. string address = 2 [(validate.rules).string = {min_bytes: 1}]; + string resolver_name = 5; + + // This is only valid if :ref:`resolver_name + // ` is specified below and the + // named resolver is capable of named port resolution. + bool ipv4_compat = 6; + oneof port_specifier { option (validate.required) = true; + // The name of the custom resolver. This must have been registered with Envoy. If + // this is empty, a context dependent default applies. If the address is a concrete + // IP address, no resolution will occur. If address is a hostname this + // should be set for resolution other than DNS. Specifying a custom resolver with + // *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime. uint32 port_value = 3 [(validate.rules).uint32 = {lte: 65535}]; - // This is only valid if :ref:`resolver_name - // ` is specified below and the - // named resolver is capable of named port resolution. + // When binding to an IPv6 address above, this enables `IPv4 compatibility + // `_. Binding to ``::`` will + // allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into + // IPv6 space as ``::FFFF:``. string named_port = 4; } - - // The name of the custom resolver. This must have been registered with Envoy. If - // this is empty, a context dependent default applies. If the address is a concrete - // IP address, no resolution will occur. If address is a hostname this - // should be set for resolution other than DNS. Specifying a custom resolver with - // *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime. - string resolver_name = 5; - - // When binding to an IPv6 address above, this enables `IPv4 compatibility - // `_. Binding to ``::`` will - // allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into - // IPv6 space as ``::FFFF:``. - bool ipv4_compat = 6; } message TcpKeepalive { diff --git a/generated_api_shadow/envoy/config/core/v3/backoff.proto b/generated_api_shadow/envoy/config/core/v3/backoff.proto index 696d7e2526b00..55b504e716577 100644 --- a/generated_api_shadow/envoy/config/core/v3/backoff.proto +++ b/generated_api_shadow/envoy/config/core/v3/backoff.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "BackoffProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Backoff Strategy] diff --git a/generated_api_shadow/envoy/config/core/v3/base.proto b/generated_api_shadow/envoy/config/core/v3/base.proto index afec704acc5ad..57c54a19f1e3a 100644 --- a/generated_api_shadow/envoy/config/core/v3/base.proto +++ b/generated_api_shadow/envoy/config/core/v3/base.proto @@ -20,7 +20,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "BaseProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common types] @@ -164,40 +164,36 @@ message Node { // Locality specifying where the Envoy instance is running. Locality locality = 4; - // This is motivated by informing a management server during canary which - // version of Envoy is being tested in a heterogeneous fleet. This will be set - // by Envoy in management server RPCs. - // This field is deprecated in favor of the user_agent_name and user_agent_version values. - string hidden_envoy_deprecated_build_version = 5 [deprecated = true]; - // Free-form string that identifies the entity requesting config. // E.g. "envoy" or "grpc" string user_agent_name = 6; - oneof user_agent_version_type { - // Free-form string that identifies the version of the entity requesting config. - // E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild" - string user_agent_version = 7; + // Free-form string that identifies the version of the entity requesting config. + // E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild" + repeated Extension extensions = 9; - // Structured version of the entity requesting config. - BuildVersion user_agent_build_version = 8; - } + // Structured version of the entity requesting config. + repeated string client_features = 10; // List of extensions and their versions supported by the node. - repeated Extension extensions = 9; + repeated Address listening_addresses = 11; // Client feature support list. These are well known features described // in the Envoy API repository for a given major version of an API. Client features // use reverse DNS naming scheme, for example `com.acme.feature`. // See :ref:`the list of features ` that xDS client may // support. - repeated string client_features = 10; + string hidden_envoy_deprecated_build_version = 5 [deprecated = true]; - // Known listening ports on the node as a generic hint to the management server - // for filtering :ref:`listeners ` to be returned. For example, - // if there is a listener bound to port 80, the list can optionally contain the - // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint. - repeated Address listening_addresses = 11; + oneof user_agent_version_type { + // Known listening ports on the node as a generic hint to the management server + // for filtering :ref:`listeners ` to be returned. For example, + // if there is a listener bound to port 80, the list can optionally contain the + // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint. + string user_agent_version = 7; + + BuildVersion user_agent_build_version = 8; + } } // Metadata provides additional inputs to filters based on matched listeners, @@ -369,9 +365,9 @@ message TransportSocket { // Implementation specific configuration which depends on the implementation being instantiated. // See the supported transport socket implementations for further documentation. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/config/core/v3/config_source.proto b/generated_api_shadow/envoy/config/core/v3/config_source.proto index 536ebeeef1c6f..159542a3e909a 100644 --- a/generated_api_shadow/envoy/config/core/v3/config_source.proto +++ b/generated_api_shadow/envoy/config/core/v3/config_source.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "ConfigSourceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Configuration sources] @@ -140,30 +140,30 @@ message RateLimitSettings { message ConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource"; - oneof config_source_specifier { - option (validate.required) = true; + // Path on the filesystem to source and watch for configuration updates. + // When sourcing configuration for :ref:`secret `, + // the certificate and key files are also watched for updates. + // + // .. note:: + // + // The path to the source must exist at config load time. + // + // .. note:: + // + // Envoy will only watch the file path for *moves.* This is because in general only moves + // are atomic. The same method of swapping files as is demonstrated in the + // :ref:`runtime documentation ` can be used here also. + google.protobuf.Duration initial_fetch_timeout = 4; - // Path on the filesystem to source and watch for configuration updates. - // When sourcing configuration for :ref:`secret `, - // the certificate and key files are also watched for updates. - // - // .. note:: - // - // The path to the source must exist at config load time. - // - // .. note:: - // - // Envoy will only watch the file path for *moves.* This is because in general only moves - // are atomic. The same method of swapping files as is demonstrated in the - // :ref:`runtime documentation ` can be used here also. - string path = 1; + // API configuration source. + ApiVersion resource_api_version = 6 [(validate.rules).enum = {defined_only: true}]; - // API configuration source. - ApiConfigSource api_config_source = 2; + oneof config_source_specifier { + option (validate.required) = true; // When set, ADS will be used to fetch resources. The ADS API configuration // source in the bootstrap configuration is used. - AggregatedConfigSource ads = 3; + string path = 1; // [#not-implemented-hide:] // When set, the client will access the resources from the same server it got the @@ -176,20 +176,20 @@ message ConfigSource { // [#next-major-version: In xDS v3, consider replacing the ads field with this one, since // this field can implicitly mean to use the same stream in the case where the ConfigSource // is provided via ADS and the specified data can also be obtained via ADS.] - SelfConfigSource self = 5; - } + ApiConfigSource api_config_source = 2; - // When this timeout is specified, Envoy will wait no longer than the specified time for first - // config response on this xDS subscription during the :ref:`initialization process - // `. After reaching the timeout, Envoy will move to the next - // initialization phase, even if the first config is not delivered yet. The timer is activated - // when the xDS API subscription starts, and is disarmed on first config update or on error. 0 - // means no timeout - Envoy will wait indefinitely for the first xDS config (unless another - // timeout applies). The default is 15s. - google.protobuf.Duration initial_fetch_timeout = 4; + // When this timeout is specified, Envoy will wait no longer than the specified time for first + // config response on this xDS subscription during the :ref:`initialization process + // `. After reaching the timeout, Envoy will move to the next + // initialization phase, even if the first config is not delivered yet. The timer is activated + // when the xDS API subscription starts, and is disarmed on first config update or on error. 0 + // means no timeout - Envoy will wait indefinitely for the first xDS config (unless another + // timeout applies). The default is 15s. + AggregatedConfigSource ads = 3; - // API version for xDS resources. This implies the type URLs that the client - // will request for resources and the resource type that the client will in - // turn expect to be delivered. - ApiVersion resource_api_version = 6 [(validate.rules).enum = {defined_only: true}]; + // API version for xDS resources. This implies the type URLs that the client + // will request for resources and the resource type that the client will in + // turn expect to be delivered. + SelfConfigSource self = 5; + } } diff --git a/generated_api_shadow/envoy/config/core/v3/event_service_config.proto b/generated_api_shadow/envoy/config/core/v3/event_service_config.proto index 6be0b061e37bb..b3552e3975a36 100644 --- a/generated_api_shadow/envoy/config/core/v3/event_service_config.proto +++ b/generated_api_shadow/envoy/config/core/v3/event_service_config.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "EventServiceConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#not-implemented-hide:] // Configuration of the event reporting service endpoint. diff --git a/generated_api_shadow/envoy/config/core/v3/grpc_method_list.proto b/generated_api_shadow/envoy/config/core/v3/grpc_method_list.proto index 2bc24e36cad50..800d7b5332a0d 100644 --- a/generated_api_shadow/envoy/config/core/v3/grpc_method_list.proto +++ b/generated_api_shadow/envoy/config/core/v3/grpc_method_list.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "GrpcMethodListProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC method list] diff --git a/generated_api_shadow/envoy/config/core/v3/grpc_service.proto b/generated_api_shadow/envoy/config/core/v3/grpc_service.proto index 05ace06c6bc7f..654d3ed81b561 100644 --- a/generated_api_shadow/envoy/config/core/v3/grpc_service.proto +++ b/generated_api_shadow/envoy/config/core/v3/grpc_service.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "GrpcServiceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC services] @@ -114,9 +114,9 @@ message GrpcService { string name = 1; oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } @@ -234,26 +234,26 @@ message GrpcService { reserved 4; + // Envoy's in-built gRPC client. + // See the :ref:`gRPC services overview ` + // documentation for discussion on gRPC client selection. + google.protobuf.Duration timeout = 3; + + // `Google C++ gRPC client `_ + // See the :ref:`gRPC services overview ` + // documentation for discussion on gRPC client selection. + repeated HeaderValue initial_metadata = 5; + oneof target_specifier { option (validate.required) = true; - // Envoy's in-built gRPC client. - // See the :ref:`gRPC services overview ` - // documentation for discussion on gRPC client selection. + // The timeout for the gRPC request. This is the timeout for a specific + // request. EnvoyGrpc envoy_grpc = 1; - // `Google C++ gRPC client `_ - // See the :ref:`gRPC services overview ` - // documentation for discussion on gRPC client selection. + // Additional metadata to include in streams initiated to the GrpcService. + // This can be used for scenarios in which additional ad hoc authorization + // headers (e.g. ``x-foo-bar: baz-key``) are to be injected. GoogleGrpc google_grpc = 2; } - - // The timeout for the gRPC request. This is the timeout for a specific - // request. - google.protobuf.Duration timeout = 3; - - // Additional metadata to include in streams initiated to the GrpcService. - // This can be used for scenarios in which additional ad hoc authorization - // headers (e.g. ``x-foo-bar: baz-key``) are to be injected. - repeated HeaderValue initial_metadata = 5; } diff --git a/generated_api_shadow/envoy/config/core/v3/health_check.proto b/generated_api_shadow/envoy/config/core/v3/health_check.proto index 9a830cb09fd2a..2ed3b69eaa4f4 100644 --- a/generated_api_shadow/envoy/config/core/v3/health_check.proto +++ b/generated_api_shadow/envoy/config/core/v3/health_check.proto @@ -21,7 +21,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health check] // * Health checking :ref:`architecture overview `. @@ -95,16 +95,6 @@ message HealthCheck { // [#not-implemented-hide:] HTTP specific response. Payload receive = 4; - // An optional service name parameter which is used to validate the identity of - // the health checked cluster. See the :ref:`architecture overview - // ` for more information. - // - // .. attention:: - // - // This field has been deprecated in favor of `service_name_matcher` for better flexibility - // over matching with service-cluster name. - string hidden_envoy_deprecated_service_name = 5 [deprecated = true]; - // Specifies a list of HTTP headers that should be added to each request that is sent to the // health checked cluster. For more information, including details on header value syntax, see // the documentation on :ref:`custom request headers @@ -116,12 +106,6 @@ message HealthCheck { // health checked cluster. repeated string request_headers_to_remove = 8; - // If set, health checks will be made using http/2. - // Deprecated, use :ref:`codec_client_type - // ` instead. - bool hidden_envoy_deprecated_use_http2 = 7 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // Specifies a list of HTTP response statuses considered healthy. If provided, replaces default // 200-only policy - 200 must be included explicitly as needed. Ranges follow half-open // semantics of :ref:`Int64Range `. The start and end of each @@ -136,6 +120,11 @@ message HealthCheck { // `. See the :ref:`architecture overview // ` for more information. type.matcher.v3.StringMatcher service_name_matcher = 11; + + string hidden_envoy_deprecated_service_name = 5 [deprecated = true]; + + bool hidden_envoy_deprecated_use_http2 = 7 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; } message TcpHealthCheck { @@ -195,9 +184,9 @@ message HealthCheck { // A custom health checker specific configuration which depends on the custom health checker // being instantiated. See :api:`envoy/config/health_checker` for reference. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } @@ -264,21 +253,17 @@ message HealthCheck { // Reuse health check connection between health checks. Default is true. google.protobuf.BoolValue reuse_connection = 7; - oneof health_checker { - option (validate.required) = true; - - // HTTP health check. - HttpHealthCheck http_health_check = 8; + // HTTP health check. + google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}]; - // TCP health check. - TcpHealthCheck tcp_health_check = 9; + // TCP health check. + google.protobuf.Duration unhealthy_interval = 14 [(validate.rules).duration = {gt {}}]; - // gRPC health check. - GrpcHealthCheck grpc_health_check = 11; + // gRPC health check. + google.protobuf.Duration unhealthy_edge_interval = 15 [(validate.rules).duration = {gt {}}]; - // Custom health check. - CustomHealthCheck custom_health_check = 13; - } + // Custom health check. + google.protobuf.Duration healthy_edge_interval = 16 [(validate.rules).duration = {gt {}}]; // The "no traffic interval" is a special health check interval that is used when a cluster has // never had traffic routed to it. This lower interval allows cluster information to be kept up to @@ -288,14 +273,14 @@ message HealthCheck { // any other. // // The default value for "no traffic interval" is 60 seconds. - google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}]; + string event_log_path = 17; // The "unhealthy interval" is a health check interval that is used for hosts that are marked as // unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the // standard health check interval that is defined. // // The default value for "unhealthy interval" is the same as "interval". - google.protobuf.Duration unhealthy_interval = 14 [(validate.rules).duration = {gt {}}]; + EventServiceConfig event_service = 22; // The "unhealthy edge interval" is a special health check interval that is used for the first // health check right after a host is marked as unhealthy. For subsequent health checks @@ -303,29 +288,33 @@ message HealthCheck { // check interval that is defined. // // The default value for "unhealthy edge interval" is the same as "unhealthy interval". - google.protobuf.Duration unhealthy_edge_interval = 15 [(validate.rules).duration = {gt {}}]; + bool always_log_health_check_failures = 19; // The "healthy edge interval" is a special health check interval that is used for the first // health check right after a host is marked as healthy. For subsequent health checks // Envoy will shift back to using the standard health check interval that is defined. // // The default value for "healthy edge interval" is the same as the default interval. - google.protobuf.Duration healthy_edge_interval = 16 [(validate.rules).duration = {gt {}}]; + TlsOptions tls_options = 21; - // Specifies the path to the :ref:`health check event log `. - // If empty, no event log will be written. - string event_log_path = 17; + oneof health_checker { + option (validate.required) = true; - // [#not-implemented-hide:] - // The gRPC service for the health check event service. - // If empty, health check events won't be sent to a remote endpoint. - EventServiceConfig event_service = 22; + // Specifies the path to the :ref:`health check event log `. + // If empty, no event log will be written. + HttpHealthCheck http_health_check = 8; - // If set to true, health check failure events will always be logged. If set to false, only the - // initial health check failure event will be logged. - // The default value is false. - bool always_log_health_check_failures = 19; + // [#not-implemented-hide:] + // The gRPC service for the health check event service. + // If empty, health check events won't be sent to a remote endpoint. + TcpHealthCheck tcp_health_check = 9; - // This allows overriding the cluster TLS settings, just for health check connections. - TlsOptions tls_options = 21; + // If set to true, health check failure events will always be logged. If set to false, only the + // initial health check failure event will be logged. + // The default value is false. + GrpcHealthCheck grpc_health_check = 11; + + // This allows overriding the cluster TLS settings, just for health check connections. + CustomHealthCheck custom_health_check = 13; + } } diff --git a/generated_api_shadow/envoy/config/core/v3/http_uri.proto b/generated_api_shadow/envoy/config/core/v3/http_uri.proto index 00fae8e7430b4..6cc4d36d3944e 100644 --- a/generated_api_shadow/envoy/config/core/v3/http_uri.proto +++ b/generated_api_shadow/envoy/config/core/v3/http_uri.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "HttpUriProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP Service URI ] @@ -29,6 +29,20 @@ message HttpUri { // string uri = 1 [(validate.rules).string = {min_bytes: 1}]; + // A cluster is created in the Envoy "cluster_manager" config + // section. This field specifies the cluster name. + // + // Example: + // + // .. code-block:: yaml + // + // cluster: jwks_cluster + // + google.protobuf.Duration timeout = 3 [(validate.rules).duration = { + required: true + gte {} + }]; + // Specify how `uri` is to be fetched. Today, this requires an explicit // cluster, but in the future we may support dynamic cluster creation or // inline DNS resolution. See `issue @@ -36,21 +50,7 @@ message HttpUri { oneof http_upstream_type { option (validate.required) = true; - // A cluster is created in the Envoy "cluster_manager" config - // section. This field specifies the cluster name. - // - // Example: - // - // .. code-block:: yaml - // - // cluster: jwks_cluster - // + // Sets the maximum duration in milliseconds that a response can take to arrive upon request. string cluster = 2 [(validate.rules).string = {min_bytes: 1}]; } - - // Sets the maximum duration in milliseconds that a response can take to arrive upon request. - google.protobuf.Duration timeout = 3 [(validate.rules).duration = { - required: true - gte {} - }]; } diff --git a/generated_api_shadow/envoy/config/core/v3/protocol.proto b/generated_api_shadow/envoy/config/core/v3/protocol.proto index a75fbb80c0126..467dbf41e223e 100644 --- a/generated_api_shadow/envoy/config/core/v3/protocol.proto +++ b/generated_api_shadow/envoy/config/core/v3/protocol.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "ProtocolProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Protocol options] diff --git a/generated_api_shadow/envoy/config/core/v3/socket_option.proto b/generated_api_shadow/envoy/config/core/v3/socket_option.proto index 464d1b25f4ddf..836b8f5538139 100644 --- a/generated_api_shadow/envoy/config/core/v3/socket_option.proto +++ b/generated_api_shadow/envoy/config/core/v3/socket_option.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "SocketOptionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Socket Option ] @@ -40,17 +40,17 @@ message SocketOption { // The numeric name as passed to setsockopt int64 name = 3; + // Because many sockopts take an int value. + SocketState state = 6 [(validate.rules).enum = {defined_only: true}]; + oneof value { option (validate.required) = true; - // Because many sockopts take an int value. + // Otherwise it's a byte buffer. int64 int_value = 4; - // Otherwise it's a byte buffer. + // The state in which the option will be applied. When used in BindConfig + // STATE_PREBIND is currently the only valid value. bytes buf_value = 5; } - - // The state in which the option will be applied. When used in BindConfig - // STATE_PREBIND is currently the only valid value. - SocketState state = 6 [(validate.rules).enum = {defined_only: true}]; } diff --git a/generated_api_shadow/envoy/config/core/v4alpha/BUILD b/generated_api_shadow/envoy/config/core/v4alpha/BUILD new file mode 100644 index 0000000000000..aeac38ac2833c --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/BUILD @@ -0,0 +1,15 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/core/v3:pkg", + "//envoy/type/matcher/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/config/core/v4alpha/address.proto b/generated_api_shadow/envoy/config/core/v4alpha/address.proto new file mode 100644 index 0000000000000..a2e6070103aef --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/address.proto @@ -0,0 +1,145 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/socket_option.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "AddressProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Network addresses] + +message Pipe { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Pipe"; + + // Unix Domain Socket path. On Linux, paths starting with '@' will use the + // abstract namespace. The starting '@' is replaced by a null byte by Envoy. + // Paths starting with '@' will result in an error in environments other than + // Linux. + string path = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The mode for the Pipe. Not applicable for abstract sockets. + uint32 mode = 2 [(validate.rules).uint32 = {lte: 511}]; +} + +// [#next-free-field: 7] +message SocketAddress { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.SocketAddress"; + + enum Protocol { + TCP = 0; + UDP = 1; + } + + Protocol protocol = 1 [(validate.rules).enum = {defined_only: true}]; + + // The address for this socket. :ref:`Listeners ` will bind + // to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` + // to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: + // It is possible to distinguish a Listener address via the prefix/suffix matching + // in :ref:`FilterChainMatch `.] When used + // within an upstream :ref:`BindConfig `, the address + // controls the source address of outbound connections. For :ref:`clusters + // `, the cluster type determines whether the + // address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS + // (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized + // via :ref:`resolver_name `. + string address = 2 [(validate.rules).string = {min_bytes: 1}]; + + oneof port_specifier { + option (validate.required) = true; + + uint32 port_value = 3 [(validate.rules).uint32 = {lte: 65535}]; + + // This is only valid if :ref:`resolver_name + // ` is specified below and the + // named resolver is capable of named port resolution. + string named_port = 4; + } + + // The name of the custom resolver. This must have been registered with Envoy. If + // this is empty, a context dependent default applies. If the address is a concrete + // IP address, no resolution will occur. If address is a hostname this + // should be set for resolution other than DNS. Specifying a custom resolver with + // *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime. + string resolver_name = 5; + + // When binding to an IPv6 address above, this enables `IPv4 compatibility + // `_. Binding to ``::`` will + // allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into + // IPv6 space as ``::FFFF:``. + bool ipv4_compat = 6; +} + +message TcpKeepalive { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.TcpKeepalive"; + + // Maximum number of keepalive probes to send without response before deciding + // the connection is dead. Default is to use the OS level configuration (unless + // overridden, Linux defaults to 9.) + google.protobuf.UInt32Value keepalive_probes = 1; + + // The number of seconds a connection needs to be idle before keep-alive probes + // start being sent. Default is to use the OS level configuration (unless + // overridden, Linux defaults to 7200s (i.e., 2 hours.) + google.protobuf.UInt32Value keepalive_time = 2; + + // The number of seconds between keep-alive probes. Default is to use the OS + // level configuration (unless overridden, Linux defaults to 75s.) + google.protobuf.UInt32Value keepalive_interval = 3; +} + +message BindConfig { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.BindConfig"; + + // The address to bind to when creating a socket. + SocketAddress source_address = 1 [(validate.rules).message = {required: true}]; + + // Whether to set the *IP_FREEBIND* option when creating the socket. When this + // flag is set to true, allows the :ref:`source_address + // ` to be an IP address + // that is not configured on the system running Envoy. When this flag is set + // to false, the option *IP_FREEBIND* is disabled on the socket. When this + // flag is not set (default), the socket is not modified, i.e. the option is + // neither enabled nor disabled. + google.protobuf.BoolValue freebind = 2; + + // Additional socket options that may not be present in Envoy source code or + // precompiled binaries. + repeated SocketOption socket_options = 3; +} + +// Addresses specify either a logical or physical address and port, which are +// used to tell Envoy where to bind/listen, connect to upstream and find +// management servers. +message Address { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Address"; + + oneof address { + option (validate.required) = true; + + SocketAddress socket_address = 1; + + Pipe pipe = 2; + } +} + +// CidrRange specifies an IP Address and a prefix length to construct +// the subnet mask for a `CIDR `_ range. +message CidrRange { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.CidrRange"; + + // IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``. + string address_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Length of prefix, e.g. 0, 32. + google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}]; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/backoff.proto b/generated_api_shadow/envoy/config/core/v4alpha/backoff.proto new file mode 100644 index 0000000000000..07a2bdff175e9 --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/backoff.proto @@ -0,0 +1,37 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "BackoffProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Backoff Strategy] + +// Configuration defining a jittered exponential back off strategy. +message BackoffStrategy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.BackoffStrategy"; + + // The base interval to be used for the next back off computation. It should + // be greater than zero and less than or equal to :ref:`max_interval + // `. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gte {nanos: 1000000} + }]; + + // Specifies the maximum interval between retries. This parameter is optional, + // but must be greater than or equal to the :ref:`base_interval + // ` if set. The default + // is 10 times the :ref:`base_interval + // `. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}]; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/base.proto b/generated_api_shadow/envoy/config/core/v4alpha/base.proto new file mode 100644 index 0000000000000..3cc6968a9df33 --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/base.proto @@ -0,0 +1,410 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/backoff.proto"; +import "envoy/config/core/v4alpha/http_uri.proto"; +import "envoy/type/v3/percent.proto"; +import "envoy/type/v3/semantic_version.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "BaseProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Common types] + +// Envoy supports :ref:`upstream priority routing +// ` both at the route and the virtual +// cluster level. The current priority implementation uses different connection +// pool and circuit breaking settings for each priority level. This means that +// even for HTTP/2 requests, two physical connections will be used to an +// upstream host. In the future Envoy will likely support true HTTP/2 priority +// over a single upstream connection. +enum RoutingPriority { + DEFAULT = 0; + HIGH = 1; +} + +// HTTP request method. +enum RequestMethod { + METHOD_UNSPECIFIED = 0; + GET = 1; + HEAD = 2; + POST = 3; + PUT = 4; + DELETE = 5; + CONNECT = 6; + OPTIONS = 7; + TRACE = 8; + PATCH = 9; +} + +// Identifies the direction of the traffic relative to the local Envoy. +enum TrafficDirection { + // Default option is unspecified. + UNSPECIFIED = 0; + + // The transport is used for incoming traffic. + INBOUND = 1; + + // The transport is used for outgoing traffic. + OUTBOUND = 2; +} + +// Identifies location of where either Envoy runs or where upstream hosts run. +message Locality { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Locality"; + + // Region this :ref:`zone ` belongs to. + string region = 1; + + // Defines the local service zone where Envoy is running. Though optional, it + // should be set if discovery service routing is used and the discovery + // service exposes :ref:`zone data `, + // either in this message or via :option:`--service-zone`. The meaning of zone + // is context dependent, e.g. `Availability Zone (AZ) + // `_ + // on AWS, `Zone `_ on + // GCP, etc. + string zone = 2; + + // When used for locality of upstream hosts, this field further splits zone + // into smaller chunks of sub-zones so they can be load balanced + // independently. + string sub_zone = 3; +} + +// BuildVersion combines SemVer version of extension with free-form build information +// (i.e. 'alpha', 'private-build') as a set of strings. +message BuildVersion { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.BuildVersion"; + + // SemVer version of extension. + type.v3.SemanticVersion version = 1; + + // Free-form build information. + // Envoy defines several well known keys in the source/common/common/version.h file + google.protobuf.Struct metadata = 2; +} + +// Version and identification for an Envoy extension. +// [#next-free-field: 6] +message Extension { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Extension"; + + // This is the name of the Envoy filter as specified in the Envoy + // configuration, e.g. envoy.filters.http.router, com.acme.widget. + string name = 1; + + // Category of the extension. + // Extension category names use reverse DNS notation. For instance "envoy.filters.listener" + // for Envoy's built-in listener filters or "com.acme.filters.http" for HTTP filters from + // acme.com vendor. + // [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.] + string category = 2; + + // [#not-implemented-hide:] Type descriptor of extension configuration proto. + // [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] + // [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.] + string type_descriptor = 3; + + // The version is a property of the extension and maintained independently + // of other extensions and the Envoy API. + // This field is not set when extension did not provide version information. + BuildVersion version = 4; + + // Indicates that the extension is present but was disabled via dynamic configuration. + bool disabled = 5; +} + +// Identifies a specific Envoy instance. The node identifier is presented to the +// management server, which may use this identifier to distinguish per Envoy +// configuration for serving. +// [#next-free-field: 12] +message Node { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Node"; + + reserved 5; + + reserved "build_version"; + + // An opaque node identifier for the Envoy node. This also provides the local + // service node name. It should be set if any of the following features are + // used: :ref:`statsd `, :ref:`CDS + // `, and :ref:`HTTP tracing + // `, either in this message or via + // :option:`--service-node`. + string id = 1; + + // Defines the local service cluster name where Envoy is running. Though + // optional, it should be set if any of the following features are used: + // :ref:`statsd `, :ref:`health check cluster + // verification + // `, + // :ref:`runtime override directory `, + // :ref:`user agent addition + // `, + // :ref:`HTTP global rate limiting `, + // :ref:`CDS `, and :ref:`HTTP tracing + // `, either in this message or via + // :option:`--service-cluster`. + string cluster = 2; + + // Opaque metadata extending the node identifier. Envoy will pass this + // directly to the management server. + google.protobuf.Struct metadata = 3; + + // Locality specifying where the Envoy instance is running. + Locality locality = 4; + + // Free-form string that identifies the entity requesting config. + // E.g. "envoy" or "grpc" + string user_agent_name = 6; + + oneof user_agent_version_type { + // Free-form string that identifies the version of the entity requesting config. + // E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild" + string user_agent_version = 7; + + // Structured version of the entity requesting config. + BuildVersion user_agent_build_version = 8; + } + + // List of extensions and their versions supported by the node. + repeated Extension extensions = 9; + + // Client feature support list. These are well known features described + // in the Envoy API repository for a given major version of an API. Client features + // use reverse DNS naming scheme, for example `com.acme.feature`. + // See :ref:`the list of features ` that xDS client may + // support. + repeated string client_features = 10; + + // Known listening ports on the node as a generic hint to the management server + // for filtering :ref:`listeners ` to be returned. For example, + // if there is a listener bound to port 80, the list can optionally contain the + // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint. + repeated Address listening_addresses = 11; +} + +// Metadata provides additional inputs to filters based on matched listeners, +// filter chains, routes and endpoints. It is structured as a map, usually from +// filter name (in reverse DNS format) to metadata specific to the filter. Metadata +// key-values for a filter are merged as connection and request handling occurs, +// with later values for the same key overriding earlier values. +// +// An example use of metadata is providing additional values to +// http_connection_manager in the envoy.http_connection_manager.access_log +// namespace. +// +// Another example use of metadata is to per service config info in cluster metadata, which may get +// consumed by multiple filters. +// +// For load balancing, Metadata provides a means to subset cluster endpoints. +// Endpoints have a Metadata object associated and routes contain a Metadata +// object to match against. There are some well defined metadata used today for +// this purpose: +// +// * ``{"envoy.lb": {"canary": }}`` This indicates the canary status of an +// endpoint and is also used during header processing +// (x-envoy-upstream-canary) and for stats purposes. +// [#next-major-version: move to type/metadata/v2] +message Metadata { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.Metadata"; + + // Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.* + // namespace is reserved for Envoy's built-in filters. + map filter_metadata = 1; +} + +// Runtime derived uint32 with a default when not specified. +message RuntimeUInt32 { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.RuntimeUInt32"; + + // Default value if runtime value is not available. + uint32 default_value = 2; + + // Runtime key to get value for comparison. This value is used if defined. + string runtime_key = 3 [(validate.rules).string = {min_bytes: 1}]; +} + +// Runtime derived bool with a default when not specified. +message RuntimeFeatureFlag { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RuntimeFeatureFlag"; + + // Default value if runtime value is not available. + google.protobuf.BoolValue default_value = 1 [(validate.rules).message = {required: true}]; + + // Runtime key to get value for comparison. This value is used if defined. The boolean value must + // be represented via its + // `canonical JSON encoding `_. + string runtime_key = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// Header name/value pair. +message HeaderValue { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HeaderValue"; + + // Header name. + string key = 1 + [(validate.rules).string = + {min_bytes: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Header value. + // + // The same :ref:`format specifier ` as used for + // :ref:`HTTP access logging ` applies here, however + // unknown header values are replaced with the empty string instead of `-`. + string value = 2 [ + (validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false} + ]; +} + +// Header name/value pair plus option to control append behavior. +message HeaderValueOption { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HeaderValueOption"; + + // Header name/value pair that this option applies to. + HeaderValue header = 1 [(validate.rules).message = {required: true}]; + + // Should the value be appended? If true (default), the value is appended to + // existing values. + google.protobuf.BoolValue append = 2; +} + +// Wrapper for a set of headers. +message HeaderMap { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HeaderMap"; + + repeated HeaderValue headers = 1; +} + +// Data source consisting of either a file or an inline value. +message DataSource { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.DataSource"; + + oneof specifier { + option (validate.required) = true; + + // Local filesystem data source. + string filename = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Bytes inlined in the configuration. + bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}]; + + // String inlined in the configuration. + string inline_string = 3 [(validate.rules).string = {min_bytes: 1}]; + } +} + +// The message specifies the retry policy of remote data source when fetching fails. +message RetryPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.RetryPolicy"; + + // Specifies parameters that control :ref:`retry backoff strategy `. + // This parameter is optional, in which case the default base interval is 1000 milliseconds. The + // default maximum interval is 10 times the base interval. + BackoffStrategy retry_back_off = 1; + + // Specifies the allowed number of retries. This parameter is optional and + // defaults to 1. + google.protobuf.UInt32Value num_retries = 2; +} + +// The message specifies how to fetch data from remote and how to verify it. +message RemoteDataSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RemoteDataSource"; + + // The HTTP URI to fetch the remote data. + HttpUri http_uri = 1 [(validate.rules).message = {required: true}]; + + // SHA256 string for verifying data. + string sha256 = 2 [(validate.rules).string = {min_bytes: 1}]; + + // Retry policy for fetching remote data. + RetryPolicy retry_policy = 3; +} + +// Async data source which support async data fetch. +message AsyncDataSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.AsyncDataSource"; + + oneof specifier { + option (validate.required) = true; + + // Local async data source. + DataSource local = 1; + + // Remote async data source. + RemoteDataSource remote = 2; + } +} + +// Configuration for transport socket in :ref:`listeners ` and +// :ref:`clusters `. If the configuration is +// empty, a default transport socket implementation and configuration will be +// chosen based on the platform and existence of tls_context. +message TransportSocket { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.TransportSocket"; + + reserved 2; + + reserved "config"; + + // The name of the transport socket to instantiate. The name must match a supported transport + // socket implementation. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Implementation specific configuration which depends on the implementation being instantiated. + // See the supported transport socket implementations for further documentation. + oneof config_type { + google.protobuf.Any typed_config = 3; + } +} + +// Runtime derived FractionalPercent with defaults for when the numerator or denominator is not +// specified via a runtime key. +// +// .. note:: +// +// Parsing of the runtime key's data is implemented such that it may be represented as a +// :ref:`FractionalPercent ` proto represented as JSON/YAML +// and may also be represented as an integer with the assumption that the value is an integral +// percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse +// as a `FractionalPercent` whose numerator is 42 and denominator is HUNDRED. +message RuntimeFractionalPercent { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RuntimeFractionalPercent"; + + // Default value if the runtime value's for the numerator/denominator keys are not available. + type.v3.FractionalPercent default_value = 1 [(validate.rules).message = {required: true}]; + + // Runtime key for a YAML representation of a FractionalPercent. + string runtime_key = 2; +} + +// Identifies a specific ControlPlane instance that Envoy is connected to. +message ControlPlane { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.ControlPlane"; + + // An opaque control plane identifier that uniquely identifies an instance + // of control plane. This can be used to identify which control plane instance, + // the Envoy is connected to. + string identifier = 1; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/config_source.proto b/generated_api_shadow/envoy/config/core/v4alpha/config_source.proto new file mode 100644 index 0000000000000..0cfc7fc59b94b --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/config_source.proto @@ -0,0 +1,197 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "ConfigSourceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Configuration sources] + +// xDS API version. This is used to describe both resource and transport +// protocol versions (in distinct configuration fields). +enum ApiVersion { + // When not specified, we assume v2, to ease migration to Envoy's stable API + // versioning. If a client does not support v2 (e.g. due to deprecation), this + // is an invalid value. + AUTO = 0; + + // Use xDS v2 API. + V2 = 1; + + // Use xDS v3 API. + V3 = 2; +} + +// API configuration source. This identifies the API type and cluster that Envoy +// will use to fetch an xDS API. +// [#next-free-field: 9] +message ApiConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.ApiConfigSource"; + + // APIs may be fetched via either REST or gRPC. + enum ApiType { + // Ideally this would be 'reserved 0' but one can't reserve the default + // value. Instead we throw an exception if this is ever used. + hidden_envoy_deprecated_DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 + [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true]; + + // REST-JSON v2 API. The `canonical JSON encoding + // `_ for + // the v2 protos is used. + REST = 1; + + // gRPC v2 API. + GRPC = 2; + + // Using the delta xDS gRPC service, i.e. DeltaDiscovery{Request,Response} + // rather than Discovery{Request,Response}. Rather than sending Envoy the entire state + // with every update, the xDS server only sends what has changed since the last update. + // + // DELTA_GRPC is not yet entirely implemented! Initially, only CDS is available. + // Do not use for other xDSes. + // [#comment:TODO(fredlas) update/remove this warning when appropriate.] + DELTA_GRPC = 3; + } + + // API type (gRPC, REST, delta gRPC) + ApiType api_type = 1 [(validate.rules).enum = {defined_only: true}]; + + // API version for xDS transport protocol. This describes the xDS gRPC/REST + // endpoint and version of [Delta]DiscoveryRequest/Response used on the wire. + ApiVersion transport_api_version = 8 [(validate.rules).enum = {defined_only: true}]; + + // Cluster names should be used only with REST. If > 1 + // cluster is defined, clusters will be cycled through if any kind of failure + // occurs. + // + // .. note:: + // + // The cluster with name ``cluster_name`` must be statically defined and its + // type must not be ``EDS``. + repeated string cluster_names = 2; + + // Multiple gRPC services be provided for GRPC. If > 1 cluster is defined, + // services will be cycled through if any kind of failure occurs. + repeated GrpcService grpc_services = 4; + + // For REST APIs, the delay between successive polls. + google.protobuf.Duration refresh_delay = 3; + + // For REST APIs, the request timeout. If not set, a default value of 1s will be used. + google.protobuf.Duration request_timeout = 5 [(validate.rules).duration = {gt {}}]; + + // For GRPC APIs, the rate limit settings. If present, discovery requests made by Envoy will be + // rate limited. + RateLimitSettings rate_limit_settings = 6; + + // Skip the node identifier in subsequent discovery requests for streaming gRPC config types. + bool set_node_on_first_message_only = 7; +} + +// Aggregated Discovery Service (ADS) options. This is currently empty, but when +// set in :ref:`ConfigSource ` can be used to +// specify that ADS is to be used. +message AggregatedConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.AggregatedConfigSource"; +} + +// [#not-implemented-hide:] +// Self-referencing config source options. This is currently empty, but when +// set in :ref:`ConfigSource ` can be used to +// specify that other data can be obtained from the same server. +message SelfConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.SelfConfigSource"; +} + +// Rate Limit settings to be applied for discovery requests made by Envoy. +message RateLimitSettings { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.RateLimitSettings"; + + // Maximum number of tokens to be used for rate limiting discovery request calls. If not set, a + // default value of 100 will be used. + google.protobuf.UInt32Value max_tokens = 1; + + // Rate at which tokens will be filled per second. If not set, a default fill rate of 10 tokens + // per second will be used. + google.protobuf.DoubleValue fill_rate = 2 [(validate.rules).double = {gt: 0.0}]; +} + +// Configuration for :ref:`listeners `, :ref:`clusters +// `, :ref:`routes +// `, :ref:`endpoints +// ` etc. may either be sourced from the +// filesystem or from an xDS API source. Filesystem configs are watched with +// inotify for updates. +// [#next-free-field: 7] +message ConfigSource { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.ConfigSource"; + + oneof config_source_specifier { + option (validate.required) = true; + + // Path on the filesystem to source and watch for configuration updates. + // When sourcing configuration for :ref:`secret `, + // the certificate and key files are also watched for updates. + // + // .. note:: + // + // The path to the source must exist at config load time. + // + // .. note:: + // + // Envoy will only watch the file path for *moves.* This is because in general only moves + // are atomic. The same method of swapping files as is demonstrated in the + // :ref:`runtime documentation ` can be used here also. + string path = 1; + + // API configuration source. + ApiConfigSource api_config_source = 2; + + // When set, ADS will be used to fetch resources. The ADS API configuration + // source in the bootstrap configuration is used. + AggregatedConfigSource ads = 3; + + // [#not-implemented-hide:] + // When set, the client will access the resources from the same server it got the + // ConfigSource from, although not necessarily from the same stream. This is similar to the + // :ref:`ads` field, except that the client may use a + // different stream to the same server. As a result, this field can be used for things + // like LRS that cannot be sent on an ADS stream. It can also be used to link from (e.g.) + // LDS to RDS on the same server without requiring the management server to know its name + // or required credentials. + // [#next-major-version: In xDS v3, consider replacing the ads field with this one, since + // this field can implicitly mean to use the same stream in the case where the ConfigSource + // is provided via ADS and the specified data can also be obtained via ADS.] + SelfConfigSource self = 5; + } + + // When this timeout is specified, Envoy will wait no longer than the specified time for first + // config response on this xDS subscription during the :ref:`initialization process + // `. After reaching the timeout, Envoy will move to the next + // initialization phase, even if the first config is not delivered yet. The timer is activated + // when the xDS API subscription starts, and is disarmed on first config update or on error. 0 + // means no timeout - Envoy will wait indefinitely for the first xDS config (unless another + // timeout applies). The default is 15s. + google.protobuf.Duration initial_fetch_timeout = 4; + + // API version for xDS resources. This implies the type URLs that the client + // will request for resources and the resource type that the client will in + // turn expect to be delivered. + ApiVersion resource_api_version = 6 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/event_service_config.proto b/generated_api_shadow/envoy/config/core/v4alpha/event_service_config.proto new file mode 100644 index 0000000000000..a0b4e5590d1d5 --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/event_service_config.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "EventServiceConfigProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#not-implemented-hide:] +// Configuration of the event reporting service endpoint. +message EventServiceConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.EventServiceConfig"; + + oneof config_source_specifier { + option (validate.required) = true; + + // Specifies the gRPC service that hosts the event reporting service. + GrpcService grpc_service = 1; + } +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/grpc_method_list.proto b/generated_api_shadow/envoy/config/core/v4alpha/grpc_method_list.proto new file mode 100644 index 0000000000000..a4a7be077b279 --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/grpc_method_list.proto @@ -0,0 +1,33 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "GrpcMethodListProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC method list] + +// A list of gRPC methods which can be used as an allowlist, for example. +message GrpcMethodList { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcMethodList"; + + message Service { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcMethodList.Service"; + + // The name of the gRPC service. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The names of the gRPC methods in this service. + repeated string method_names = 2 [(validate.rules).repeated = {min_items: 1}]; + } + + repeated Service services = 1; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/grpc_service.proto b/generated_api_shadow/envoy/config/core/v4alpha/grpc_service.proto new file mode 100644 index 0000000000000..64bbc6b5f0778 --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/grpc_service.proto @@ -0,0 +1,261 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/struct.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "GrpcServiceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC services] + +// gRPC service configuration. This is used by :ref:`ApiConfigSource +// ` and filter configurations. +// [#next-free-field: 6] +message GrpcService { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.GrpcService"; + + message EnvoyGrpc { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.EnvoyGrpc"; + + // The name of the upstream gRPC cluster. SSL credentials will be supplied + // in the :ref:`Cluster ` :ref:`transport_socket + // `. + string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + // [#next-free-field: 7] + message GoogleGrpc { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc"; + + // See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html. + message SslCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.SslCredentials"; + + // PEM encoded server root certificates. + DataSource root_certs = 1; + + // PEM encoded client private key. + DataSource private_key = 2 [(udpa.annotations.sensitive) = true]; + + // PEM encoded client certificate chain. + DataSource cert_chain = 3; + } + + // Local channel credentials. Only UDS is supported for now. + // See https://github.com/grpc/grpc/pull/15909. + message GoogleLocalCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials"; + } + + // See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call + // credential types. + message ChannelCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials"; + + oneof credential_specifier { + option (validate.required) = true; + + SslCredentials ssl_credentials = 1; + + // https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61 + google.protobuf.Empty google_default = 2; + + GoogleLocalCredentials local_credentials = 3; + } + } + + // [#next-free-field: 8] + message CallCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials"; + + message ServiceAccountJWTAccessCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials." + "ServiceAccountJWTAccessCredentials"; + + string json_key = 1; + + uint64 token_lifetime_seconds = 2; + } + + message GoogleIAMCredentials { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials"; + + string authorization_token = 1; + + string authority_selector = 2; + } + + message MetadataCredentialsFromPlugin { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials." + "MetadataCredentialsFromPlugin"; + + reserved 2; + + reserved "config"; + + string name = 1; + + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + // Security token service configuration that allows Google gRPC to + // fetch security token from an OAuth 2.0 authorization server. + // See https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 and + // https://github.com/grpc/grpc/pull/19587. + // [#next-free-field: 10] + message StsService { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService"; + + // URI of the token exchange service that handles token exchange requests. + // [#comment:TODO(asraa): Add URI validation when implemented. Tracked by + // https://github.com/envoyproxy/protoc-gen-validate/issues/303] + string token_exchange_service_uri = 1; + + // Location of the target service or resource where the client + // intends to use the requested security token. + string resource = 2; + + // Logical name of the target service where the client intends to + // use the requested security token. + string audience = 3; + + // The desired scope of the requested security token in the + // context of the service or resource where the token will be used. + string scope = 4; + + // Type of the requested security token. + string requested_token_type = 5; + + // The path of subject token, a security token that represents the + // identity of the party on behalf of whom the request is being made. + string subject_token_path = 6 [(validate.rules).string = {min_bytes: 1}]; + + // Type of the subject token. + string subject_token_type = 7 [(validate.rules).string = {min_bytes: 1}]; + + // The path of actor token, a security token that represents the identity + // of the acting party. The acting party is authorized to use the + // requested security token and act on behalf of the subject. + string actor_token_path = 8; + + // Type of the actor token. + string actor_token_type = 9; + } + + oneof credential_specifier { + option (validate.required) = true; + + // Access token credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d. + string access_token = 1; + + // Google Compute Engine credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61 + google.protobuf.Empty google_compute_engine = 2; + + // Google refresh token credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c. + string google_refresh_token = 3; + + // Service Account JWT Access credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa. + ServiceAccountJWTAccessCredentials service_account_jwt_access = 4; + + // Google IAM credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0. + GoogleIAMCredentials google_iam = 5; + + // Custom authenticator credentials. + // https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07. + // https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms. + MetadataCredentialsFromPlugin from_plugin = 6; + + // Custom security token service which implements OAuth 2.0 token exchange. + // https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 + // See https://github.com/grpc/grpc/pull/19587. + StsService sts_service = 7; + } + } + + // The target URI when using the `Google C++ gRPC client + // `_. SSL credentials will be supplied in + // :ref:`channel_credentials `. + string target_uri = 1 [(validate.rules).string = {min_bytes: 1}]; + + ChannelCredentials channel_credentials = 2; + + // A set of call credentials that can be composed with `channel credentials + // `_. + repeated CallCredentials call_credentials = 3; + + // The human readable prefix to use when emitting statistics for the gRPC + // service. + // + // .. csv-table:: + // :header: Name, Type, Description + // :widths: 1, 1, 2 + // + // streams_total, Counter, Total number of streams opened + // streams_closed_, Counter, Total streams closed with + string stat_prefix = 4 [(validate.rules).string = {min_bytes: 1}]; + + // The name of the Google gRPC credentials factory to use. This must have been registered with + // Envoy. If this is empty, a default credentials factory will be used that sets up channel + // credentials based on other configuration parameters. + string credentials_factory_name = 5; + + // Additional configuration for site-specific customizations of the Google + // gRPC library. + google.protobuf.Struct config = 6; + } + + reserved 4; + + oneof target_specifier { + option (validate.required) = true; + + // Envoy's in-built gRPC client. + // See the :ref:`gRPC services overview ` + // documentation for discussion on gRPC client selection. + EnvoyGrpc envoy_grpc = 1; + + // `Google C++ gRPC client `_ + // See the :ref:`gRPC services overview ` + // documentation for discussion on gRPC client selection. + GoogleGrpc google_grpc = 2; + } + + // The timeout for the gRPC request. This is the timeout for a specific + // request. + google.protobuf.Duration timeout = 3; + + // Additional metadata to include in streams initiated to the GrpcService. + // This can be used for scenarios in which additional ad hoc authorization + // headers (e.g. ``x-foo-bar: baz-key``) are to be injected. + repeated HeaderValue initial_metadata = 5; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/health_check.proto b/generated_api_shadow/envoy/config/core/v4alpha/health_check.proto new file mode 100644 index 0000000000000..0e6c4e73c2a25 --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/health_check.proto @@ -0,0 +1,321 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/event_service_config.proto"; +import "envoy/type/matcher/v3/string.proto"; +import "envoy/type/v3/http.proto"; +import "envoy/type/v3/range.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "HealthCheckProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Health check] +// * Health checking :ref:`architecture overview `. +// * If health checking is configured for a cluster, additional statistics are emitted. They are +// documented :ref:`here `. + +// Endpoint health status. +enum HealthStatus { + // The health status is not known. This is interpreted by Envoy as *HEALTHY*. + UNKNOWN = 0; + + // Healthy. + HEALTHY = 1; + + // Unhealthy. + UNHEALTHY = 2; + + // Connection draining in progress. E.g., + // ``_ + // or + // ``_. + // This is interpreted by Envoy as *UNHEALTHY*. + DRAINING = 3; + + // Health check timed out. This is part of HDS and is interpreted by Envoy as + // *UNHEALTHY*. + TIMEOUT = 4; + + // Degraded. + DEGRADED = 5; +} + +// [#next-free-field: 23] +message HealthCheck { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HealthCheck"; + + // Describes the encoding of the payload bytes in the payload. + message Payload { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.Payload"; + + oneof payload { + option (validate.required) = true; + + // Hex encoded payload. E.g., "000000FF". + string text = 1 [(validate.rules).string = {min_bytes: 1}]; + + // [#not-implemented-hide:] Binary payload. + bytes binary = 2; + } + } + + // [#next-free-field: 12] + message HttpHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.HttpHealthCheck"; + + reserved 5, 7; + + reserved "service_name", "use_http2"; + + // The value of the host header in the HTTP health check request. If + // left empty (default value), the name of the cluster this health check is associated + // with will be used. The host header can be customized for a specific endpoint by setting the + // :ref:`hostname ` field. + string host = 1; + + // Specifies the HTTP path that will be requested during health checking. For example + // */healthcheck*. + string path = 2 [(validate.rules).string = {min_bytes: 1}]; + + // [#not-implemented-hide:] HTTP specific payload. + Payload send = 3; + + // [#not-implemented-hide:] HTTP specific response. + Payload receive = 4; + + // Specifies a list of HTTP headers that should be added to each request that is sent to the + // health checked cluster. For more information, including details on header value syntax, see + // the documentation on :ref:`custom request headers + // `. + repeated HeaderValueOption request_headers_to_add = 6 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request that is sent to the + // health checked cluster. + repeated string request_headers_to_remove = 8; + + // Specifies a list of HTTP response statuses considered healthy. If provided, replaces default + // 200-only policy - 200 must be included explicitly as needed. Ranges follow half-open + // semantics of :ref:`Int64Range `. The start and end of each + // range are required. Only statuses in the range [100, 600) are allowed. + repeated type.v3.Int64Range expected_statuses = 9; + + // Use specified application protocol for health checks. + type.v3.CodecClientType codec_client_type = 10 [(validate.rules).enum = {defined_only: true}]; + + // An optional service name parameter which is used to validate the identity of + // the health checked cluster using a :ref:`StringMatcher + // `. See the :ref:`architecture overview + // ` for more information. + type.matcher.v3.StringMatcher service_name_matcher = 11; + } + + message TcpHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.TcpHealthCheck"; + + // Empty payloads imply a connect-only health check. + Payload send = 1; + + // When checking the response, “fuzzy” matching is performed such that each + // binary block must be found, and in the order specified, but not + // necessarily contiguous. + repeated Payload receive = 2; + } + + message RedisHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.RedisHealthCheck"; + + // If set, optionally perform ``EXISTS `` instead of ``PING``. A return value + // from Redis of 0 (does not exist) is considered a passing healthcheck. A return value other + // than 0 is considered a failure. This allows the user to mark a Redis instance for maintenance + // by setting the specified key to any value and waiting for traffic to drain. + string key = 1; + } + + // `grpc.health.v1.Health + // `_-based + // healthcheck. See `gRPC doc `_ + // for details. + message GrpcHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.GrpcHealthCheck"; + + // An optional service name parameter which will be sent to gRPC service in + // `grpc.health.v1.HealthCheckRequest + // `_. + // message. See `gRPC health-checking overview + // `_ for more information. + string service_name = 1; + + // The value of the :authority header in the gRPC health check request. If + // left empty (default value), the name of the cluster this health check is associated + // with will be used. The authority header can be customized for a specific endpoint by setting + // the :ref:`hostname ` field. + string authority = 2; + } + + // Custom health check. + message CustomHealthCheck { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.CustomHealthCheck"; + + reserved 2; + + reserved "config"; + + // The registered name of the custom health checker. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // A custom health checker specific configuration which depends on the custom health checker + // being instantiated. See :api:`envoy/config/health_checker` for reference. + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + // Health checks occur over the transport socket specified for the cluster. This implies that if a + // cluster is using a TLS-enabled transport socket, the health check will also occur over TLS. + // + // This allows overriding the cluster TLS settings, just for health check connections. + message TlsOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HealthCheck.TlsOptions"; + + // Specifies the ALPN protocols for health check connections. This is useful if the + // corresponding upstream is using ALPN-based :ref:`FilterChainMatch + // ` along with different protocols for health checks + // versus data connections. If empty, no ALPN protocols will be set on health check connections. + repeated string alpn_protocols = 1; + } + + reserved 10; + + // The time to wait for a health check response. If the timeout is reached the + // health check attempt will be considered a failure. + google.protobuf.Duration timeout = 1 [(validate.rules).duration = { + required: true + gt {} + }]; + + // The interval between health checks. + google.protobuf.Duration interval = 2 [(validate.rules).duration = { + required: true + gt {} + }]; + + // An optional jitter amount in milliseconds. If specified, Envoy will start health + // checking after for a random time in ms between 0 and initial_jitter. This only + // applies to the first health check. + google.protobuf.Duration initial_jitter = 20; + + // An optional jitter amount in milliseconds. If specified, during every + // interval Envoy will add interval_jitter to the wait time. + google.protobuf.Duration interval_jitter = 3; + + // An optional jitter amount as a percentage of interval_ms. If specified, + // during every interval Envoy will add interval_ms * + // interval_jitter_percent / 100 to the wait time. + // + // If interval_jitter_ms and interval_jitter_percent are both set, both of + // them will be used to increase the wait time. + uint32 interval_jitter_percent = 18; + + // The number of unhealthy health checks required before a host is marked + // unhealthy. Note that for *http* health checking if a host responds with 503 + // this threshold is ignored and the host is considered unhealthy immediately. + google.protobuf.UInt32Value unhealthy_threshold = 4 [(validate.rules).message = {required: true}]; + + // The number of healthy health checks required before a host is marked + // healthy. Note that during startup, only a single successful health check is + // required to mark a host healthy. + google.protobuf.UInt32Value healthy_threshold = 5 [(validate.rules).message = {required: true}]; + + // [#not-implemented-hide:] Non-serving port for health checking. + google.protobuf.UInt32Value alt_port = 6; + + // Reuse health check connection between health checks. Default is true. + google.protobuf.BoolValue reuse_connection = 7; + + oneof health_checker { + option (validate.required) = true; + + // HTTP health check. + HttpHealthCheck http_health_check = 8; + + // TCP health check. + TcpHealthCheck tcp_health_check = 9; + + // gRPC health check. + GrpcHealthCheck grpc_health_check = 11; + + // Custom health check. + CustomHealthCheck custom_health_check = 13; + } + + // The "no traffic interval" is a special health check interval that is used when a cluster has + // never had traffic routed to it. This lower interval allows cluster information to be kept up to + // date, without sending a potentially large amount of active health checking traffic for no + // reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the + // standard health check interval that is defined. Note that this interval takes precedence over + // any other. + // + // The default value for "no traffic interval" is 60 seconds. + google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}]; + + // The "unhealthy interval" is a health check interval that is used for hosts that are marked as + // unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the + // standard health check interval that is defined. + // + // The default value for "unhealthy interval" is the same as "interval". + google.protobuf.Duration unhealthy_interval = 14 [(validate.rules).duration = {gt {}}]; + + // The "unhealthy edge interval" is a special health check interval that is used for the first + // health check right after a host is marked as unhealthy. For subsequent health checks + // Envoy will shift back to using either "unhealthy interval" if present or the standard health + // check interval that is defined. + // + // The default value for "unhealthy edge interval" is the same as "unhealthy interval". + google.protobuf.Duration unhealthy_edge_interval = 15 [(validate.rules).duration = {gt {}}]; + + // The "healthy edge interval" is a special health check interval that is used for the first + // health check right after a host is marked as healthy. For subsequent health checks + // Envoy will shift back to using the standard health check interval that is defined. + // + // The default value for "healthy edge interval" is the same as the default interval. + google.protobuf.Duration healthy_edge_interval = 16 [(validate.rules).duration = {gt {}}]; + + // Specifies the path to the :ref:`health check event log `. + // If empty, no event log will be written. + string event_log_path = 17; + + // [#not-implemented-hide:] + // The gRPC service for the health check event service. + // If empty, health check events won't be sent to a remote endpoint. + EventServiceConfig event_service = 22; + + // If set to true, health check failure events will always be logged. If set to false, only the + // initial health check failure event will be logged. + // The default value is false. + bool always_log_health_check_failures = 19; + + // This allows overriding the cluster TLS settings, just for health check connections. + TlsOptions tls_options = 21; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/http_uri.proto b/generated_api_shadow/envoy/config/core/v4alpha/http_uri.proto new file mode 100644 index 0000000000000..e88a9aa7d7dfb --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/http_uri.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "HttpUriProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP Service URI ] + +// Envoy external URI descriptor +message HttpUri { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.HttpUri"; + + // The HTTP server URI. It should be a full FQDN with protocol, host and path. + // + // Example: + // + // .. code-block:: yaml + // + // uri: https://www.googleapis.com/oauth2/v1/certs + // + string uri = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Specify how `uri` is to be fetched. Today, this requires an explicit + // cluster, but in the future we may support dynamic cluster creation or + // inline DNS resolution. See `issue + // `_. + oneof http_upstream_type { + option (validate.required) = true; + + // A cluster is created in the Envoy "cluster_manager" config + // section. This field specifies the cluster name. + // + // Example: + // + // .. code-block:: yaml + // + // cluster: jwks_cluster + // + string cluster = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + // Sets the maximum duration in milliseconds that a response can take to arrive upon request. + google.protobuf.Duration timeout = 3 [(validate.rules).duration = { + required: true + gte {} + }]; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/protocol.proto b/generated_api_shadow/envoy/config/core/v4alpha/protocol.proto new file mode 100644 index 0000000000000..f4bbb35ea4a2a --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/protocol.proto @@ -0,0 +1,297 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "ProtocolProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Protocol options] + +// [#not-implemented-hide:] +message TcpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.TcpProtocolOptions"; +} + +message UpstreamHttpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.UpstreamHttpProtocolOptions"; + + // Set transport socket `SNI `_ for new + // upstream connections based on the downstream HTTP host/authority header, as seen by the + // :ref:`router filter `. + bool auto_sni = 1; + + // Automatic validate upstream presented certificate for new upstream connections based on the + // downstream HTTP host/authority header, as seen by the + // :ref:`router filter `. + // This field is intended to set with `auto_sni` field. + bool auto_san_validation = 2; +} + +message HttpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.HttpProtocolOptions"; + + // The idle timeout for connections. The idle timeout is defined as the + // period in which there are no active requests. If not set, there is no idle timeout. When the + // idle timeout is reached the connection will be closed. If the connection is an HTTP/2 + // downstream connection a drain sequence will occur prior to closing the connection, see + // :ref:`drain_timeout + // `. + // Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. + // If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0. + // + // .. warning:: + // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP + // FIN packets, etc. + google.protobuf.Duration idle_timeout = 1; + + // The maximum duration of a connection. The duration is defined as a period since a connection + // was established. If not set, there is no max duration. When max_connection_duration is reached + // the connection will be closed. Drain sequence will occur prior to closing the connection if + // if's applicable. See :ref:`drain_timeout + // `. + // Note: not implemented for upstream connections. + google.protobuf.Duration max_connection_duration = 3; + + // The maximum number of headers. If unconfigured, the default + // maximum number of request headers allowed is 100. Requests that exceed this limit will receive + // a 431 response for HTTP/1.x and cause a stream reset for HTTP/2. + google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}]; + + // Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be + // reset independent of any other timeouts. If not specified, this value is not set. + // The current implementation implements this timeout on downstream connections only. + // [#comment:TODO(shikugawa): add this functionality to upstream.] + google.protobuf.Duration max_stream_duration = 4; +} + +// [#next-free-field: 6] +message Http1ProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http1ProtocolOptions"; + + message HeaderKeyFormat { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http1ProtocolOptions.HeaderKeyFormat"; + + message ProperCaseWords { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http1ProtocolOptions.HeaderKeyFormat.ProperCaseWords"; + } + + oneof header_format { + option (validate.required) = true; + + // Formats the header by proper casing words: the first character and any character following + // a special character will be capitalized if it's an alpha character. For example, + // "content-type" becomes "Content-Type", and "foo$b#$are" becomes "Foo$B#$Are". + // Note that while this results in most headers following conventional casing, certain headers + // are not covered. For example, the "TE" header will be formatted as "Te". + ProperCaseWords proper_case_words = 1; + } + } + + // Handle HTTP requests with absolute URLs in the requests. These requests + // are generally sent by clients to forward/explicit proxies. This allows clients to configure + // envoy as their HTTP proxy. In Unix, for example, this is typically done by setting the + // *http_proxy* environment variable. + google.protobuf.BoolValue allow_absolute_url = 1; + + // Handle incoming HTTP/1.0 and HTTP 0.9 requests. + // This is off by default, and not fully standards compliant. There is support for pre-HTTP/1.1 + // style connect logic, dechunking, and handling lack of client host iff + // *default_host_for_http_10* is configured. + bool accept_http_10 = 2; + + // A default host for HTTP/1.0 requests. This is highly suggested if *accept_http_10* is true as + // Envoy does not otherwise support HTTP/1.0 without a Host header. + // This is a no-op if *accept_http_10* is not true. + string default_host_for_http_10 = 3; + + // Describes how the keys for response headers should be formatted. By default, all header keys + // are lower cased. + HeaderKeyFormat header_key_format = 4; + + // Enables trailers for HTTP/1. By default the HTTP/1 codec drops proxied trailers. + // + // .. attention:: + // + // Note that this only happens when Envoy is chunk encoding which occurs when: + // - The request is HTTP/1.1. + // - Is neither a HEAD only request nor a HTTP Upgrade. + // - Not a response to a HEAD request. + // - The content length header is not present. + bool enable_trailers = 5; +} + +// [#next-free-field: 14] +message Http2ProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http2ProtocolOptions"; + + // Defines a parameter to be sent in the SETTINGS frame. + // See `RFC7540, sec. 6.5.1 `_ for details. + message SettingsParameter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.Http2ProtocolOptions.SettingsParameter"; + + // The 16 bit parameter identifier. + google.protobuf.UInt32Value identifier = 1 [ + (validate.rules).uint32 = {lte: 65536 gte: 1}, + (validate.rules).message = {required: true} + ]; + + // The 32 bit parameter value. + google.protobuf.UInt32Value value = 2 [(validate.rules).message = {required: true}]; + } + + // `Maximum table size `_ + // (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values + // range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header + // compression. + google.protobuf.UInt32Value hpack_table_size = 1; + + // `Maximum concurrent streams `_ + // allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1) + // and defaults to 2147483647. + // + // For upstream connections, this also limits how many streams Envoy will initiate concurrently + // on a single connection. If the limit is reached, Envoy may queue requests or establish + // additional connections (as allowed per circuit breaker limits). + google.protobuf.UInt32Value max_concurrent_streams = 2 + [(validate.rules).uint32 = {lte: 2147483647 gte: 1}]; + + // `Initial stream-level flow-control window + // `_ size. Valid values range from 65535 + // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456 + // (256 * 1024 * 1024). + // + // NOTE: 65535 is the initial window size from HTTP/2 spec. We only support increasing the default + // window size now, so it's also the minimum. + // + // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the + // HTTP/2 codec buffers. Once the buffer reaches this pointer, watermark callbacks will fire to + // stop the flow of data to the codec buffers. + google.protobuf.UInt32Value initial_stream_window_size = 3 + [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}]; + + // Similar to *initial_stream_window_size*, but for connection-level flow-control + // window. Currently, this has the same minimum/maximum/default as *initial_stream_window_size*. + google.protobuf.UInt32Value initial_connection_window_size = 4 + [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}]; + + // Allows proxying Websocket and other upgrades over H2 connect. + bool allow_connect = 5; + + // [#not-implemented-hide:] Hiding until envoy has full metadata support. + // Still under implementation. DO NOT USE. + // + // Allows metadata. See [metadata + // docs](https://github.com/envoyproxy/envoy/blob/master/source/docs/h2_metadata.md) for more + // information. + bool allow_metadata = 6; + + // Limit the number of pending outbound downstream frames of all types (frames that are waiting to + // be written into the socket). Exceeding this limit triggers flood mitigation and connection is + // terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due + // to flood mitigation. The default limit is 10000. + // [#comment:TODO: implement same limits for upstream outbound frames as well.] + google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}]; + + // Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM, + // preventing high memory utilization when receiving continuous stream of these frames. Exceeding + // this limit triggers flood mitigation and connection is terminated. The + // ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood + // mitigation. The default limit is 1000. + // [#comment:TODO: implement same limits for upstream outbound frames as well.] + google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}]; + + // Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an + // empty payload and no end stream flag. Those frames have no legitimate use and are abusive, but + // might be a result of a broken HTTP/2 implementation. The `http2.inbound_empty_frames_flood`` + // stat tracks the number of connections terminated due to flood mitigation. + // Setting this to 0 will terminate connection upon receiving first frame with an empty payload + // and no end stream flag. The default limit is 1. + // [#comment:TODO: implement same limits for upstream inbound frames as well.] + google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9; + + // Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number + // of PRIORITY frames received over the lifetime of connection exceeds the value calculated + // using this formula:: + // + // max_inbound_priority_frames_per_stream * (1 + inbound_streams) + // + // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks + // the number of connections terminated due to flood mitigation. The default limit is 100. + // [#comment:TODO: implement same limits for upstream inbound frames as well.] + google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10; + + // Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number + // of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated + // using this formula:: + // + // 1 + 2 * (inbound_streams + + // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) + // + // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks + // the number of connections terminated due to flood mitigation. The default limit is 10. + // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, + // but more complex implementations that try to estimate available bandwidth require at least 2. + // [#comment:TODO: implement same limits for upstream inbound frames as well.] + google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11 + [(validate.rules).uint32 = {gte: 1}]; + + // Allows invalid HTTP messaging and headers. When this option is disabled (default), then + // the whole HTTP/2 connection is terminated upon receiving invalid HEADERS frame. However, + // when this option is enabled, only the offending stream is terminated. + // + // See `RFC7540, sec. 8.1 `_ for details. + bool stream_error_on_invalid_http_messaging = 12; + + // [#not-implemented-hide:] + // Specifies SETTINGS frame parameters to be sent to the peer, with two exceptions: + // + // 1. SETTINGS_ENABLE_PUSH (0x2) is not configurable as HTTP/2 server push is not supported by + // Envoy. + // + // 2. SETTINGS_ENABLE_CONNECT_PROTOCOL (0x8) is only configurable through the named field + // 'allow_connect'. + // + // Note that custom parameters specified through this field can not also be set in the + // corresponding named parameters: + // + // .. code-block:: text + // + // ID Field Name + // ---------------- + // 0x1 hpack_table_size + // 0x3 max_concurrent_streams + // 0x4 initial_stream_window_size + // + // Collisions will trigger config validation failure on load/update. Likewise, inconsistencies + // between custom parameters with the same identifier will trigger a failure. + // + // See `IANA HTTP/2 Settings + // `_ for + // standardized identifiers. + repeated SettingsParameter custom_settings_parameters = 13; +} + +// [#not-implemented-hide:] +message GrpcProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.GrpcProtocolOptions"; + + Http2ProtocolOptions http2_protocol_options = 1; +} diff --git a/generated_api_shadow/envoy/config/core/v4alpha/socket_option.proto b/generated_api_shadow/envoy/config/core/v4alpha/socket_option.proto new file mode 100644 index 0000000000000..7dac394a865dc --- /dev/null +++ b/generated_api_shadow/envoy/config/core/v4alpha/socket_option.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.config.core.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v4alpha"; +option java_outer_classname = "SocketOptionProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Socket Option ] + +// Generic socket option message. This would be used to set socket options that +// might not exist in upstream kernels or precompiled Envoy binaries. +// [#next-free-field: 7] +message SocketOption { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.core.v3.SocketOption"; + + enum SocketState { + // Socket options are applied after socket creation but before binding the socket to a port + STATE_PREBIND = 0; + + // Socket options are applied after binding the socket to a port but before calling listen() + STATE_BOUND = 1; + + // Socket options are applied after calling listen() + STATE_LISTENING = 2; + } + + // An optional name to give this socket option for debugging, etc. + // Uniqueness is not required and no special meaning is assumed. + string description = 1; + + // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP + int64 level = 2; + + // The numeric name as passed to setsockopt + int64 name = 3; + + oneof value { + option (validate.required) = true; + + // Because many sockopts take an int value. + int64 int_value = 4; + + // Otherwise it's a byte buffer. + bytes buf_value = 5; + } + + // The state in which the option will be applied. When used in BindConfig + // STATE_PREBIND is currently the only valid value. + SocketState state = 6 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/generated_api_shadow/envoy/config/endpoint/v3/endpoint.proto b/generated_api_shadow/envoy/config/endpoint/v3/endpoint.proto index a3dfd10c125ca..a65db5e7d7d8e 100644 --- a/generated_api_shadow/envoy/config/endpoint/v3/endpoint.proto +++ b/generated_api_shadow/envoy/config/endpoint/v3/endpoint.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.endpoint.v3"; option java_outer_classname = "EndpointProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Endpoint configuration] // Endpoint discovery :ref:`architecture overview ` @@ -96,14 +96,6 @@ message ClusterLoadAssignment { // Defaults to 0 which means endpoints never go stale. google.protobuf.Duration endpoint_stale_after = 4 [(validate.rules).duration = {gt {}}]; - // The flag to disable overprovisioning. If it is set to true, - // :ref:`overprovisioning factor - // ` will be ignored - // and Envoy will not perform graceful failover between priority levels or - // localities as endpoints become unhealthy. Otherwise Envoy will perform - // graceful failover as :ref:`overprovisioning factor - // ` suggests. - // [#not-implemented-hide:] bool hidden_envoy_deprecated_disable_overprovisioning = 5 [deprecated = true]; } diff --git a/generated_api_shadow/envoy/config/endpoint/v3/endpoint_components.proto b/generated_api_shadow/envoy/config/endpoint/v3/endpoint_components.proto index b7a1bf8fd51a6..60df915f2a9fb 100644 --- a/generated_api_shadow/envoy/config/endpoint/v3/endpoint_components.proto +++ b/generated_api_shadow/envoy/config/endpoint/v3/endpoint_components.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.endpoint.v3"; option java_outer_classname = "EndpointComponentsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Endpoints] @@ -76,35 +76,35 @@ message Endpoint { message LbEndpoint { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.endpoint.LbEndpoint"; + core.v3.HealthStatus health_status = 2; + + // [#not-implemented-hide:] + core.v3.Metadata metadata = 3; + + // Optional health status when known and supplied by EDS server. + google.protobuf.UInt32Value load_balancing_weight = 4 [(validate.rules).uint32 = {gte: 1}]; + // Upstream host identifier or a named reference. oneof host_identifier { + // The endpoint metadata specifies values that may be used by the load + // balancer to select endpoints in a cluster for a given request. The filter + // name should be specified as *envoy.lb*. An example boolean key-value pair + // is *canary*, providing the optional canary status of the upstream host. + // This may be matched against in a route's + // :ref:`RouteAction ` metadata_match field + // to subset the endpoints considered in cluster load balancing. Endpoint endpoint = 1; - // [#not-implemented-hide:] + // The optional load balancing weight of the upstream host; at least 1. + // Envoy uses the load balancing weight in some of the built in load + // balancers. The load balancing weight for an endpoint is divided by the sum + // of the weights of all endpoints in the endpoint's locality to produce a + // percentage of traffic for the endpoint. This percentage is then further + // weighted by the endpoint's locality's load balancing weight from + // LocalityLbEndpoints. If unspecified, each host is presumed to have equal + // weight in a locality. string endpoint_name = 5; } - - // Optional health status when known and supplied by EDS server. - core.v3.HealthStatus health_status = 2; - - // The endpoint metadata specifies values that may be used by the load - // balancer to select endpoints in a cluster for a given request. The filter - // name should be specified as *envoy.lb*. An example boolean key-value pair - // is *canary*, providing the optional canary status of the upstream host. - // This may be matched against in a route's - // :ref:`RouteAction ` metadata_match field - // to subset the endpoints considered in cluster load balancing. - core.v3.Metadata metadata = 3; - - // The optional load balancing weight of the upstream host; at least 1. - // Envoy uses the load balancing weight in some of the built in load - // balancers. The load balancing weight for an endpoint is divided by the sum - // of the weights of all endpoints in the endpoint's locality to produce a - // percentage of traffic for the endpoint. This percentage is then further - // weighted by the endpoint's locality's load balancing weight from - // LocalityLbEndpoints. If unspecified, each host is presumed to have equal - // weight in a locality. - google.protobuf.UInt32Value load_balancing_weight = 4 [(validate.rules).uint32 = {gte: 1}]; } // A group of endpoints belonging to a Locality. diff --git a/generated_api_shadow/envoy/config/endpoint/v3/load_report.proto b/generated_api_shadow/envoy/config/endpoint/v3/load_report.proto index 005d80a36886a..01eb7b12cf1aa 100644 --- a/generated_api_shadow/envoy/config/endpoint/v3/load_report.proto +++ b/generated_api_shadow/envoy/config/endpoint/v3/load_report.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.endpoint.v3"; option java_outer_classname = "LoadReportProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // These are stats Envoy reports to GLB every so often. Report frequency is // defined by diff --git a/generated_api_shadow/envoy/config/filter/accesslog/v2/accesslog.proto b/generated_api_shadow/envoy/config/filter/accesslog/v2/accesslog.proto index dad16521d0846..25d27bfbd1064 100644 --- a/generated_api_shadow/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/generated_api_shadow/envoy/config/filter/accesslog/v2/accesslog.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.accesslog.v2"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.accesslog.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common access log types] diff --git a/generated_api_shadow/envoy/config/filter/dubbo/router/v2alpha1/router.proto b/generated_api_shadow/envoy/config/filter/dubbo/router/v2alpha1/router.proto index ba312ac958366..2e35bb7f7c5b3 100644 --- a/generated_api_shadow/envoy/config/filter/dubbo/router/v2alpha1/router.proto +++ b/generated_api_shadow/envoy/config/filter/dubbo/router/v2alpha1/router.proto @@ -10,7 +10,7 @@ option java_outer_classname = "RouterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.dubbo_proxy.router.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Router] // Dubbo router :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/fault/v2/fault.proto b/generated_api_shadow/envoy/config/filter/fault/v2/fault.proto index 136134781cb8a..016140d10f84a 100644 --- a/generated_api_shadow/envoy/config/filter/fault/v2/fault.proto +++ b/generated_api_shadow/envoy/config/filter/fault/v2/fault.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.fault.v2"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.common.fault.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common fault injection types] diff --git a/generated_api_shadow/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto b/generated_api_shadow/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto index d89bfe87e3abf..bd9da5a677669 100644 --- a/generated_api_shadow/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto +++ b/generated_api_shadow/envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto @@ -18,7 +18,7 @@ option java_outer_classname = "AdaptiveConcurrencyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.adaptive_concurrency.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Adaptive Concurrency] // Adaptive Concurrency Control :ref:`configuration overview diff --git a/generated_api_shadow/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto b/generated_api_shadow/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto index 3c408914b7c0d..754c9b637665f 100644 --- a/generated_api_shadow/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto +++ b/generated_api_shadow/envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto @@ -12,7 +12,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.aws_lambda.v3"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: AWS Lambda] // AWS Lambda :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto b/generated_api_shadow/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto index e00cd909ebd73..5ebb92c01dfa8 100644 --- a/generated_api_shadow/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto +++ b/generated_api_shadow/envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto @@ -11,7 +11,7 @@ option java_outer_classname = "AwsRequestSigningProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.aws_request_signing.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: AwsRequestSigning] // AwsRequestSigning :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/buffer/v2/buffer.proto b/generated_api_shadow/envoy/config/filter/http/buffer/v2/buffer.proto index a2b97326ff9e5..56961d22fe092 100644 --- a/generated_api_shadow/envoy/config/filter/http/buffer/v2/buffer.proto +++ b/generated_api_shadow/envoy/config/filter/http/buffer/v2/buffer.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.buffer.v2"; option java_outer_classname = "BufferProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.buffer.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Buffer] // Buffer :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/cache/v2alpha/cache.proto b/generated_api_shadow/envoy/config/filter/http/cache/v2alpha/cache.proto index 8e5e35e8ac187..a9e51cf56a103 100644 --- a/generated_api_shadow/envoy/config/filter/http/cache/v2alpha/cache.proto +++ b/generated_api_shadow/envoy/config/filter/http/cache/v2alpha/cache.proto @@ -17,7 +17,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.cache.v3alpha"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP Cache Filter] // [#extension: envoy.filters.http.cache] diff --git a/generated_api_shadow/envoy/config/filter/http/compressor/v2/compressor.proto b/generated_api_shadow/envoy/config/filter/http/compressor/v2/compressor.proto index 0d781a13672aa..d62d0d7a42fab 100644 --- a/generated_api_shadow/envoy/config/filter/http/compressor/v2/compressor.proto +++ b/generated_api_shadow/envoy/config/filter/http/compressor/v2/compressor.proto @@ -14,7 +14,7 @@ option java_outer_classname = "CompressorProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.compressor.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Compressor] diff --git a/generated_api_shadow/envoy/config/filter/http/cors/v2/cors.proto b/generated_api_shadow/envoy/config/filter/http/cors/v2/cors.proto index 8e5392f6b0011..9060a9c38fda1 100644 --- a/generated_api_shadow/envoy/config/filter/http/cors/v2/cors.proto +++ b/generated_api_shadow/envoy/config/filter/http/cors/v2/cors.proto @@ -9,7 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.cors.v2"; option java_outer_classname = "CorsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.cors.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Cors] // CORS Filter :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/csrf/v2/csrf.proto b/generated_api_shadow/envoy/config/filter/http/csrf/v2/csrf.proto index 23ba6dbdd1f47..3c2c9110e9fe0 100644 --- a/generated_api_shadow/envoy/config/filter/http/csrf/v2/csrf.proto +++ b/generated_api_shadow/envoy/config/filter/http/csrf/v2/csrf.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.csrf.v2"; option java_outer_classname = "CsrfProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.csrf.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: CSRF] // Cross-Site Request Forgery :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto b/generated_api_shadow/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto index b64691874eae6..29aa8380191b7 100644 --- a/generated_api_shadow/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto @@ -13,7 +13,7 @@ option java_outer_classname = "DynamicForwardProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.dynamic_forward_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamic forward proxy] diff --git a/generated_api_shadow/envoy/config/filter/http/dynamo/v2/dynamo.proto b/generated_api_shadow/envoy/config/filter/http/dynamo/v2/dynamo.proto index cd41d746f8cbd..011d22f768c8c 100644 --- a/generated_api_shadow/envoy/config/filter/http/dynamo/v2/dynamo.proto +++ b/generated_api_shadow/envoy/config/filter/http/dynamo/v2/dynamo.proto @@ -9,7 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.dynamo.v2"; option java_outer_classname = "DynamoProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.dynamo.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dynamo] // Dynamo :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/generated_api_shadow/envoy/config/filter/http/ext_authz/v2/ext_authz.proto index 457f2ac1eafc5..a407f4628d2e4 100644 --- a/generated_api_shadow/envoy/config/filter/http/ext_authz/v2/ext_authz.proto +++ b/generated_api_shadow/envoy/config/filter/http/ext_authz/v2/ext_authz.proto @@ -18,7 +18,7 @@ option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.ext_authz.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: External Authorization] // External Authorization :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/fault/v2/fault.proto b/generated_api_shadow/envoy/config/filter/http/fault/v2/fault.proto index 81572c8ae6a0e..cb99b0d71bbdc 100644 --- a/generated_api_shadow/envoy/config/filter/http/fault/v2/fault.proto +++ b/generated_api_shadow/envoy/config/filter/http/fault/v2/fault.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.fault.v2"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.fault.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Fault Injection] // Fault Injection :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto b/generated_api_shadow/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto index 91a4a2d151aac..b4331dad5031c 100644 --- a/generated_api_shadow/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto +++ b/generated_api_shadow/envoy/config/filter/http/grpc_http1_bridge/v2/config.proto @@ -10,7 +10,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_http1_bridge.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC HTTP/1.1 Bridge] // gRPC HTTP/1.1 Bridge Filter :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto b/generated_api_shadow/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto index b3ed8e77d68af..8b916d327e194 100644 --- a/generated_api_shadow/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto +++ b/generated_api_shadow/envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto @@ -11,7 +11,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_http1_reverse_bridge.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC HTTP/1.1 Reverse Bridge] // gRPC HTTP/1.1 Reverse Bridge :ref:`configuration overview diff --git a/generated_api_shadow/envoy/config/filter/http/grpc_stats/v2alpha/config.proto b/generated_api_shadow/envoy/config/filter/http/grpc_stats/v2alpha/config.proto index 4280a44f66858..7f6dd2ce42263 100644 --- a/generated_api_shadow/envoy/config/filter/http/grpc_stats/v2alpha/config.proto +++ b/generated_api_shadow/envoy/config/filter/http/grpc_stats/v2alpha/config.proto @@ -15,7 +15,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_stats.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC statistics] gRPC statistics filter // :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/grpc_web/v2/grpc_web.proto b/generated_api_shadow/envoy/config/filter/http/grpc_web/v2/grpc_web.proto index 5e78af97d4d3a..be23b4d87b585 100644 --- a/generated_api_shadow/envoy/config/filter/http/grpc_web/v2/grpc_web.proto +++ b/generated_api_shadow/envoy/config/filter/http/grpc_web/v2/grpc_web.proto @@ -10,7 +10,7 @@ option java_outer_classname = "GrpcWebProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_web.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Web] // gRPC Web :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/gzip/v2/gzip.proto b/generated_api_shadow/envoy/config/filter/http/gzip/v2/gzip.proto index c47da756a8768..f3601b612b029 100644 --- a/generated_api_shadow/envoy/config/filter/http/gzip/v2/gzip.proto +++ b/generated_api_shadow/envoy/config/filter/http/gzip/v2/gzip.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.gzip.v2"; option java_outer_classname = "GzipProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.gzip.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Gzip] // Gzip :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto b/generated_api_shadow/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto index aab0395a3fd4d..30de69d98b1c3 100644 --- a/generated_api_shadow/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto +++ b/generated_api_shadow/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto @@ -11,7 +11,7 @@ option java_outer_classname = "HeaderToMetadataProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.header_to_metadata.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Header-To-Metadata Filter] // diff --git a/generated_api_shadow/envoy/config/filter/http/health_check/v2/health_check.proto b/generated_api_shadow/envoy/config/filter/http/health_check/v2/health_check.proto index 462a68c67a502..d7f6da8c82d43 100644 --- a/generated_api_shadow/envoy/config/filter/http/health_check/v2/health_check.proto +++ b/generated_api_shadow/envoy/config/filter/http/health_check/v2/health_check.proto @@ -17,7 +17,7 @@ option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.health_check.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health check] // Health check :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto b/generated_api_shadow/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto index 60808ceb24e15..f99b18a12c716 100644 --- a/generated_api_shadow/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto +++ b/generated_api_shadow/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto @@ -13,7 +13,7 @@ option java_outer_classname = "IpTaggingProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.ip_tagging.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: IP tagging] // IP tagging :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/jwt_authn/v2alpha/config.proto b/generated_api_shadow/envoy/config/filter/http/jwt_authn/v2alpha/config.proto index af416b691b634..07044f92201e9 100644 --- a/generated_api_shadow/envoy/config/filter/http/jwt_authn/v2alpha/config.proto +++ b/generated_api_shadow/envoy/config/filter/http/jwt_authn/v2alpha/config.proto @@ -18,7 +18,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.jwt_authn.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: JWT Authentication] // JWT Authentication :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/lua/v2/lua.proto b/generated_api_shadow/envoy/config/filter/http/lua/v2/lua.proto index b40a4659c002e..068b5e255df5d 100644 --- a/generated_api_shadow/envoy/config/filter/http/lua/v2/lua.proto +++ b/generated_api_shadow/envoy/config/filter/http/lua/v2/lua.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.lua.v2"; option java_outer_classname = "LuaProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.lua.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Lua] // Lua :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/on_demand/v2/on_demand.proto b/generated_api_shadow/envoy/config/filter/http/on_demand/v2/on_demand.proto index ba83990ed8dae..74d0ee408aebb 100644 --- a/generated_api_shadow/envoy/config/filter/http/on_demand/v2/on_demand.proto +++ b/generated_api_shadow/envoy/config/filter/http/on_demand/v2/on_demand.proto @@ -11,7 +11,7 @@ option java_outer_classname = "OnDemandProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.on_demand.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: OnDemand] // IP tagging :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/original_src/v2alpha1/original_src.proto b/generated_api_shadow/envoy/config/filter/http/original_src/v2alpha1/original_src.proto index 5df23f472ae04..0baf49cebeef0 100644 --- a/generated_api_shadow/envoy/config/filter/http/original_src/v2alpha1/original_src.proto +++ b/generated_api_shadow/envoy/config/filter/http/original_src/v2alpha1/original_src.proto @@ -11,7 +11,7 @@ option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.original_src.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/generated_api_shadow/envoy/config/filter/http/rate_limit/v2/rate_limit.proto b/generated_api_shadow/envoy/config/filter/http/rate_limit/v2/rate_limit.proto index 2e739d92c734f..b9361476bcfde 100644 --- a/generated_api_shadow/envoy/config/filter/http/rate_limit/v2/rate_limit.proto +++ b/generated_api_shadow/envoy/config/filter/http/rate_limit/v2/rate_limit.proto @@ -15,7 +15,7 @@ option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/rbac/v2/rbac.proto b/generated_api_shadow/envoy/config/filter/http/rbac/v2/rbac.proto index 3074fe78e53fd..691f23036ba8f 100644 --- a/generated_api_shadow/envoy/config/filter/http/rbac/v2/rbac.proto +++ b/generated_api_shadow/envoy/config/filter/http/rbac/v2/rbac.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.rbac.v2"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.rbac.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/router/v2/router.proto b/generated_api_shadow/envoy/config/filter/http/router/v2/router.proto index 4bb0a7b386d3e..c95500cf8168b 100644 --- a/generated_api_shadow/envoy/config/filter/http/router/v2/router.proto +++ b/generated_api_shadow/envoy/config/filter/http/router/v2/router.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.router.v2"; option java_outer_classname = "RouterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.router.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Router] // Router :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/squash/v2/squash.proto b/generated_api_shadow/envoy/config/filter/http/squash/v2/squash.proto index d754f64456b55..a7ae625d2ee37 100644 --- a/generated_api_shadow/envoy/config/filter/http/squash/v2/squash.proto +++ b/generated_api_shadow/envoy/config/filter/http/squash/v2/squash.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.squash.v2"; option java_outer_classname = "SquashProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.squash.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Squash] // Squash :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/tap/v2alpha/tap.proto b/generated_api_shadow/envoy/config/filter/http/tap/v2alpha/tap.proto index 682cbc129c9fd..3f984cec0d6c3 100644 --- a/generated_api_shadow/envoy/config/filter/http/tap/v2alpha/tap.proto +++ b/generated_api_shadow/envoy/config/filter/http/tap/v2alpha/tap.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.http.tap.v2alpha"; option java_outer_classname = "TapProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.tap.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap] // Tap :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/http/transcoder/v2/transcoder.proto b/generated_api_shadow/envoy/config/filter/http/transcoder/v2/transcoder.proto index cb1655f030e05..ac6d7eefa78a0 100644 --- a/generated_api_shadow/envoy/config/filter/http/transcoder/v2/transcoder.proto +++ b/generated_api_shadow/envoy/config/filter/http/transcoder/v2/transcoder.proto @@ -11,7 +11,7 @@ option java_outer_classname = "TranscoderProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.http.grpc_json_transcoder.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC-JSON transcoder] // gRPC-JSON transcoder :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto b/generated_api_shadow/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto index 824505a7cfd43..0496207e09bcb 100644 --- a/generated_api_shadow/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto +++ b/generated_api_shadow/envoy/config/filter/listener/http_inspector/v2/http_inspector.proto @@ -10,7 +10,7 @@ option java_outer_classname = "HttpInspectorProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.http_inspector.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP Inspector Filter] // Detect whether the application protocol is HTTP. diff --git a/generated_api_shadow/envoy/config/filter/listener/original_dst/v2/original_dst.proto b/generated_api_shadow/envoy/config/filter/listener/original_dst/v2/original_dst.proto index 3d503f4638082..fa4acee45fc11 100644 --- a/generated_api_shadow/envoy/config/filter/listener/original_dst/v2/original_dst.proto +++ b/generated_api_shadow/envoy/config/filter/listener/original_dst/v2/original_dst.proto @@ -10,7 +10,7 @@ option java_outer_classname = "OriginalDstProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.original_dst.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Original Dst Filter] // Use the Original destination address on downstream connections. diff --git a/generated_api_shadow/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto b/generated_api_shadow/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto index 9d1be091fce1c..1959698fd1009 100644 --- a/generated_api_shadow/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto +++ b/generated_api_shadow/envoy/config/filter/listener/original_src/v2alpha1/original_src.proto @@ -11,7 +11,7 @@ option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.original_src.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/generated_api_shadow/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto b/generated_api_shadow/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto index 039ee7207e510..cabffb9fc0c05 100644 --- a/generated_api_shadow/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto +++ b/generated_api_shadow/envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto @@ -10,7 +10,7 @@ option java_outer_classname = "ProxyProtocolProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.proxy_protocol.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Proxy Protocol Filter] // PROXY protocol listener filter. diff --git a/generated_api_shadow/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto b/generated_api_shadow/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto index 94949ee2e29c1..7ab679c47dc57 100644 --- a/generated_api_shadow/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto +++ b/generated_api_shadow/envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto @@ -10,7 +10,7 @@ option java_outer_classname = "TlsInspectorProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.listener.tls_inspector.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: TLS Inspector Filter] // Allows detecting whether the transport appears to be TLS or plaintext. diff --git a/generated_api_shadow/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto b/generated_api_shadow/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto index b971a2692d4b6..d1f459078f20e 100644 --- a/generated_api_shadow/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto +++ b/generated_api_shadow/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto @@ -15,7 +15,7 @@ option java_outer_classname = "ClientSslAuthProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.client_ssl_auth.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Client TLS authentication] // Client TLS authentication diff --git a/generated_api_shadow/envoy/config/filter/network/direct_response/v2/config.proto b/generated_api_shadow/envoy/config/filter/network/direct_response/v2/config.proto index 53e498b74dd8f..15de7e3b55379 100644 --- a/generated_api_shadow/envoy/config/filter/network/direct_response/v2/config.proto +++ b/generated_api_shadow/envoy/config/filter/network/direct_response/v2/config.proto @@ -12,7 +12,7 @@ option java_outer_classname = "ConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.direct_response.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Direct response] // Direct response :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto b/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto index 72276d1ea004d..47248932f94ce 100644 --- a/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto @@ -15,7 +15,7 @@ option java_outer_classname = "DubboProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.dubbo_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dubbo Proxy] // Dubbo Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto b/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto index cc3d8788695f7..9af461e3577cb 100644 --- a/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto +++ b/generated_api_shadow/envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto @@ -15,7 +15,7 @@ option java_outer_classname = "RouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.dubbo_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Dubbo Proxy Route Configuration] // Dubbo Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/echo/v2/echo.proto b/generated_api_shadow/envoy/config/filter/network/echo/v2/echo.proto index 6c3f5102da837..2b51ce4e18c36 100644 --- a/generated_api_shadow/envoy/config/filter/network/echo/v2/echo.proto +++ b/generated_api_shadow/envoy/config/filter/network/echo/v2/echo.proto @@ -9,7 +9,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.network.echo.v2"; option java_outer_classname = "EchoProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.echo.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Echo] // Echo :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/generated_api_shadow/envoy/config/filter/network/ext_authz/v2/ext_authz.proto index f8d1d55928f2f..40cea7061868c 100644 --- a/generated_api_shadow/envoy/config/filter/network/ext_authz/v2/ext_authz.proto +++ b/generated_api_shadow/envoy/config/filter/network/ext_authz/v2/ext_authz.proto @@ -13,7 +13,7 @@ option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.ext_authz.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Network External Authorization ] // The network layer external authorization service configuration diff --git a/generated_api_shadow/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/generated_api_shadow/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index 9c7fbd0c1a104..3b4c29066e9a2 100644 --- a/generated_api_shadow/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/generated_api_shadow/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -26,7 +26,7 @@ option java_outer_classname = "HttpConnectionManagerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.http_connection_manager.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP connection manager] // HTTP connection manager :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto b/generated_api_shadow/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto index ad661685ec958..ea2f60e71eed3 100644 --- a/generated_api_shadow/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto +++ b/generated_api_shadow/envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto @@ -11,7 +11,7 @@ option java_outer_classname = "KafkaBrokerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.kafka_broker.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Kafka Broker] // Kafka Broker :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto b/generated_api_shadow/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto index aa968a92880bc..791b767f3e6aa 100644 --- a/generated_api_shadow/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto +++ b/generated_api_shadow/envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto @@ -14,7 +14,7 @@ option java_outer_classname = "LocalRateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.local_ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Local rate limit] // Local rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto b/generated_api_shadow/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto index b20c7d00d48ac..b261897858e21 100644 --- a/generated_api_shadow/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto @@ -13,7 +13,7 @@ option java_outer_classname = "MongoProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.mongo_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Mongo proxy] // MongoDB :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto b/generated_api_shadow/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto index 0285c1bf2f1d1..78c6b7e971df4 100644 --- a/generated_api_shadow/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto @@ -11,7 +11,7 @@ option java_outer_classname = "MysqlProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.mysql_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: MySQL proxy] // MySQL Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/rate_limit/v2/rate_limit.proto b/generated_api_shadow/envoy/config/filter/network/rate_limit/v2/rate_limit.proto index 2393284e1922b..aed56c9af6292 100644 --- a/generated_api_shadow/envoy/config/filter/network/rate_limit/v2/rate_limit.proto +++ b/generated_api_shadow/envoy/config/filter/network/rate_limit/v2/rate_limit.proto @@ -16,7 +16,7 @@ option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/rbac/v2/rbac.proto b/generated_api_shadow/envoy/config/filter/network/rbac/v2/rbac.proto index 089251ba222e6..ce86794c71cc3 100644 --- a/generated_api_shadow/envoy/config/filter/network/rbac/v2/rbac.proto +++ b/generated_api_shadow/envoy/config/filter/network/rbac/v2/rbac.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.config.filter.network.rbac.v2"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.rbac.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto b/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto index 6a6d41eeb1da3..caca630fd297d 100644 --- a/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto @@ -18,7 +18,7 @@ option java_outer_classname = "RedisProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.redis_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Redis Proxy] // Redis Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto b/generated_api_shadow/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto index 31a9d48abb7b2..71c161fc48f69 100644 --- a/generated_api_shadow/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto +++ b/generated_api_shadow/envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto @@ -10,7 +10,7 @@ option java_outer_classname = "SniClusterProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.sni_cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: SNI Cluster Filter] // Set the upstream cluster name from the SNI field in the TLS connection. diff --git a/generated_api_shadow/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto b/generated_api_shadow/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto index c1e98decdfc89..4ec68f320eed7 100644 --- a/generated_api_shadow/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto @@ -19,7 +19,7 @@ option java_outer_classname = "TcpProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.tcp_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: TCP Proxy] // TCP Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto b/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto index 1e3ed8b2df547..8230a52e341e7 100644 --- a/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto +++ b/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto @@ -16,7 +16,7 @@ option java_outer_classname = "RouteProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.thrift_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Thrift Proxy Route Configuration] // Thrift Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto b/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto index 5c950870de81d..96e750ef310d7 100644 --- a/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto @@ -16,7 +16,7 @@ option java_outer_classname = "ThriftProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.thrift_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Thrift Proxy] // Thrift Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto b/generated_api_shadow/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto index 2ce0b31856591..cae622cecc34e 100644 --- a/generated_api_shadow/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto +++ b/generated_api_shadow/envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto @@ -13,7 +13,7 @@ option java_outer_classname = "ZookeeperProxyProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.zookeeper_proxy.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: ZooKeeper proxy] // ZooKeeper Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto b/generated_api_shadow/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto index a6b2c51242a29..389ddf35990ed 100644 --- a/generated_api_shadow/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto +++ b/generated_api_shadow/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto @@ -15,7 +15,7 @@ option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto b/generated_api_shadow/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto index 8c6166241e038..de2608d44306c 100644 --- a/generated_api_shadow/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto +++ b/generated_api_shadow/envoy/config/filter/udp/dns_filter/v2alpha/dns_filter.proto @@ -15,7 +15,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.filter.udp.dns_filter.v3alpha"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: DNS Filter] // DNS Filter :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/aws_iam.proto b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/aws_iam.proto index 4e5d62c0964a4..b63d35af4018b 100644 --- a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/aws_iam.proto +++ b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/aws_iam.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha"; option java_outer_classname = "AwsIamProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Grpc Credentials AWS IAM] // Configuration for AWS IAM Grpc Credentials Plugin diff --git a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto index 25e7c79b347c0..41e67f0bf24b3 100644 --- a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto +++ b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha"; option java_outer_classname = "FileBasedMetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Grpc Credentials File Based Metadata] // Configuration for File Based Metadata Grpc Credentials Plugin diff --git a/generated_api_shadow/envoy/config/grpc_credential/v3/aws_iam.proto b/generated_api_shadow/envoy/config/grpc_credential/v3/aws_iam.proto index 7372070e57ce6..eeb5d93ec6892 100644 --- a/generated_api_shadow/envoy/config/grpc_credential/v3/aws_iam.proto +++ b/generated_api_shadow/envoy/config/grpc_credential/v3/aws_iam.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3"; option java_outer_classname = "AwsIamProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Grpc Credentials AWS IAM] // Configuration for AWS IAM Grpc Credentials Plugin diff --git a/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto b/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto index f3057d3113962..b364d2917099b 100644 --- a/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto +++ b/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3"; option java_outer_classname = "FileBasedMetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Grpc Credentials File Based Metadata] // Configuration for File Based Metadata Grpc Credentials Plugin diff --git a/generated_api_shadow/envoy/config/listener/v2/api_listener.proto b/generated_api_shadow/envoy/config/listener/v2/api_listener.proto index 29fa688d5a6b7..6709d5fe0b524 100644 --- a/generated_api_shadow/envoy/config/listener/v2/api_listener.proto +++ b/generated_api_shadow/envoy/config/listener/v2/api_listener.proto @@ -11,7 +11,7 @@ option java_package = "io.envoyproxy.envoy.config.listener.v2"; option java_outer_classname = "ApiListenerProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: API listener] diff --git a/generated_api_shadow/envoy/config/listener/v3/api_listener.proto b/generated_api_shadow/envoy/config/listener/v3/api_listener.proto index b5dd805bcb1a7..4d3879a22b1da 100644 --- a/generated_api_shadow/envoy/config/listener/v3/api_listener.proto +++ b/generated_api_shadow/envoy/config/listener/v3/api_listener.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "ApiListenerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: API listener] diff --git a/generated_api_shadow/envoy/config/listener/v3/listener.proto b/generated_api_shadow/envoy/config/listener/v3/listener.proto index 624b26e9ae9a8..2b4ecb826d86e 100644 --- a/generated_api_shadow/envoy/config/listener/v3/listener.proto +++ b/generated_api_shadow/envoy/config/listener/v3/listener.proto @@ -21,7 +21,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "ListenerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listener configuration] // Listener :ref:`configuration overview ` @@ -104,23 +104,6 @@ message Listener { // :ref:`FAQ entry `. repeated FilterChain filter_chains = 3; - // If a connection is redirected using *iptables*, the port on which the proxy - // receives it might be different from the original destination address. When this flag is set to - // true, the listener hands off redirected connections to the listener associated with the - // original destination address. If there is no listener associated with the original destination - // address, the connection is handled by the listener that receives it. Defaults to false. - // - // .. attention:: - // - // This field is deprecated. Use :ref:`an original_dst ` - // :ref:`listener filter ` instead. - // - // Note that hand off to another listener is *NOT* performed without this flag. Once - // :ref:`FilterChainMatch ` is implemented this flag - // will be removed, as filter chain matching can be used to select a filter chain based on the - // restored destination address. - google.protobuf.BoolValue hidden_envoy_deprecated_use_original_dst = 4 [deprecated = true]; - // Soft limit on size of the listener’s new connection read and write buffers. // If unspecified, an implementation defined default is applied (1MiB). google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5; @@ -253,4 +236,6 @@ message Listener { // Configuration for :ref:`access logs ` // emitted by this listener. repeated accesslog.v3.AccessLog access_log = 22; + + google.protobuf.BoolValue hidden_envoy_deprecated_use_original_dst = 4 [deprecated = true]; } diff --git a/generated_api_shadow/envoy/config/listener/v3/listener_components.proto b/generated_api_shadow/envoy/config/listener/v3/listener_components.proto index 627f69354a3ee..25d39e24620eb 100644 --- a/generated_api_shadow/envoy/config/listener/v3/listener_components.proto +++ b/generated_api_shadow/envoy/config/listener/v3/listener_components.proto @@ -18,7 +18,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "ListenerComponentsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listener components] // Listener :ref:`configuration overview ` @@ -35,9 +35,9 @@ message Filter { // Filter specific configuration which depends on the filter being // instantiated. See the supported filters for further documentation. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 4; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } @@ -175,15 +175,6 @@ message FilterChain { // The criteria to use when matching a connection to this filter chain. FilterChainMatch filter_chain_match = 1; - // The TLS context for this filter chain. - // - // .. attention:: - // - // **This field is deprecated**. Use `transport_socket` with name `tls` instead. If both are - // set, `transport_socket` takes priority. - envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext - hidden_envoy_deprecated_tls_context = 2 [deprecated = true]; - // A list of individual network filters that make up the filter chain for // connections established with the listener. Order matters as the filters are // processed sequentially as connection events happen. Note: If the filter @@ -212,6 +203,9 @@ message FilterChain { // name is provided, Envoy will allocate an internal UUID for the filter chain. If the filter // chain is to be dynamically updated or removed via FCDS a unique name must be provided. string name = 7; + + envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext + hidden_envoy_deprecated_tls_context = 2 [deprecated = true]; } // Listener filter chain match configuration. This is a recursive structure which allows complex @@ -286,16 +280,16 @@ message ListenerFilter { // :ref:`supported filter `. string name = 1 [(validate.rules).string = {min_bytes: 1}]; + ListenerFilterChainMatchPredicate filter_disabled = 4; + // Filter specific configuration which depends on the filter being instantiated. // See the supported filters for further documentation. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - + // Optional match predicate used to disable the filter. The filter is enabled when this field is empty. + // See :ref:`ListenerFilterChainMatchPredicate ` + // for further examples. google.protobuf.Any typed_config = 3; - } - // Optional match predicate used to disable the filter. The filter is enabled when this field is empty. - // See :ref:`ListenerFilterChainMatchPredicate ` - // for further examples. - ListenerFilterChainMatchPredicate filter_disabled = 4; + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; + } } diff --git a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto index 984764e6ff692..9949da2e0d708 100644 --- a/generated_api_shadow/envoy/config/listener/v3/quic_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/quic_config.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "QuicConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener Config] diff --git a/generated_api_shadow/envoy/config/listener/v3/udp_listener_config.proto b/generated_api_shadow/envoy/config/listener/v3/udp_listener_config.proto index 98d3c78029941..7d9bef4b67690 100644 --- a/generated_api_shadow/envoy/config/listener/v3/udp_listener_config.proto +++ b/generated_api_shadow/envoy/config/listener/v3/udp_listener_config.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "UdpListenerConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: UDP Listener Config] // Listener :ref:`configuration overview ` @@ -28,9 +28,9 @@ message UdpListenerConfig { // Used to create a specific listener factory. To some factory, e.g. // "raw_udp_listener", config is not needed. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/config/metrics/v2/metrics_service.proto b/generated_api_shadow/envoy/config/metrics/v2/metrics_service.proto index 9281e6c92a5af..f1f8662f0750d 100644 --- a/generated_api_shadow/envoy/config/metrics/v2/metrics_service.proto +++ b/generated_api_shadow/envoy/config/metrics/v2/metrics_service.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v2"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metrics service] diff --git a/generated_api_shadow/envoy/config/metrics/v2/stats.proto b/generated_api_shadow/envoy/config/metrics/v2/stats.proto index 658a084e8386c..c6113bf5a5d38 100644 --- a/generated_api_shadow/envoy/config/metrics/v2/stats.proto +++ b/generated_api_shadow/envoy/config/metrics/v2/stats.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v2"; option java_outer_classname = "StatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Stats] // Statistics :ref:`architecture overview `. diff --git a/generated_api_shadow/envoy/config/metrics/v3/metrics_service.proto b/generated_api_shadow/envoy/config/metrics/v3/metrics_service.proto index 66e3cc1443c79..ad9879055ba3c 100644 --- a/generated_api_shadow/envoy/config/metrics/v3/metrics_service.proto +++ b/generated_api_shadow/envoy/config/metrics/v3/metrics_service.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v3"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metrics service] diff --git a/generated_api_shadow/envoy/config/metrics/v3/stats.proto b/generated_api_shadow/envoy/config/metrics/v3/stats.proto index d993ec8906674..bd5e0e8c49732 100644 --- a/generated_api_shadow/envoy/config/metrics/v3/stats.proto +++ b/generated_api_shadow/envoy/config/metrics/v3/stats.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.metrics.v3"; option java_outer_classname = "StatsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Stats] // Statistics :ref:`architecture overview `. @@ -39,9 +39,9 @@ message StatsSink { // Stats sink specific configuration which depends on the sink being instantiated. See // :ref:`StatsdSink ` for an example. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } @@ -263,47 +263,47 @@ message TagSpecifier { message StatsdSink { option (udpa.annotations.versioning).previous_message_type = "envoy.config.metrics.v2.StatsdSink"; + // The UDP address of a running `statsd `_ + // compliant listener. If specified, statistics will be flushed to this + // address. + string prefix = 3; + oneof statsd_specifier { option (validate.required) = true; - // The UDP address of a running `statsd `_ - // compliant listener. If specified, statistics will be flushed to this - // address. - core.v3.Address address = 1; - // The name of a cluster that is running a TCP `statsd // `_ compliant listener. If specified, // Envoy will connect to this cluster to flush statistics. + core.v3.Address address = 1; + + // Optional custom prefix for StatsdSink. If + // specified, this will override the default prefix. + // For example: + // + // .. code-block:: json + // + // { + // "prefix" : "envoy-prod" + // } + // + // will change emitted stats to + // + // .. code-block:: cpp + // + // envoy-prod.test_counter:1|c + // envoy-prod.test_timer:5|ms + // + // Note that the default prefix, "envoy", will be used if a prefix is not + // specified. + // + // Stats with default prefix: + // + // .. code-block:: cpp + // + // envoy.test_counter:1|c + // envoy.test_timer:5|ms string tcp_cluster_name = 2; } - - // Optional custom prefix for StatsdSink. If - // specified, this will override the default prefix. - // For example: - // - // .. code-block:: json - // - // { - // "prefix" : "envoy-prod" - // } - // - // will change emitted stats to - // - // .. code-block:: cpp - // - // envoy-prod.test_counter:1|c - // envoy-prod.test_timer:5|ms - // - // Note that the default prefix, "envoy", will be used if a prefix is not - // specified. - // - // Stats with default prefix: - // - // .. code-block:: cpp - // - // envoy.test_counter:1|c - // envoy.test_timer:5|ms - string prefix = 3; } // Stats configuration proto schema for built-in *envoy.stat_sinks.dog_statsd* sink. @@ -317,17 +317,17 @@ message DogStatsdSink { reserved 2; + // The UDP address of a running DogStatsD compliant listener. If specified, + // statistics will be flushed to this address. + string prefix = 3; + oneof dog_statsd_specifier { option (validate.required) = true; - // The UDP address of a running DogStatsD compliant listener. If specified, - // statistics will be flushed to this address. + // Optional custom metric name prefix. See :ref:`StatsdSink's prefix field + // ` for more details. core.v3.Address address = 1; } - - // Optional custom metric name prefix. See :ref:`StatsdSink's prefix field - // ` for more details. - string prefix = 3; } // Stats configuration proto schema for built-in *envoy.stat_sinks.hystrix* sink. diff --git a/generated_api_shadow/envoy/config/overload/v2alpha/overload.proto b/generated_api_shadow/envoy/config/overload/v2alpha/overload.proto index 6c24782bdbcfa..03886cdee6d6e 100644 --- a/generated_api_shadow/envoy/config/overload/v2alpha/overload.proto +++ b/generated_api_shadow/envoy/config/overload/v2alpha/overload.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.overload.v2alpha"; option java_outer_classname = "OverloadProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Overload Manager] diff --git a/generated_api_shadow/envoy/config/overload/v3/overload.proto b/generated_api_shadow/envoy/config/overload/v3/overload.proto index 17eaf6e56a436..337150657b14c 100644 --- a/generated_api_shadow/envoy/config/overload/v3/overload.proto +++ b/generated_api_shadow/envoy/config/overload/v3/overload.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.overload.v3"; option java_outer_classname = "OverloadProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Overload Manager] @@ -37,9 +37,9 @@ message ResourceMonitor { // Configuration for the resource monitor being instantiated. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/config/ratelimit/v2/rls.proto b/generated_api_shadow/envoy/config/ratelimit/v2/rls.proto index c89ebfc12fd93..92801ea7b9689 100644 --- a/generated_api_shadow/envoy/config/ratelimit/v2/rls.proto +++ b/generated_api_shadow/envoy/config/ratelimit/v2/rls.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.ratelimit.v2"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate limit service] diff --git a/generated_api_shadow/envoy/config/ratelimit/v3/rls.proto b/generated_api_shadow/envoy/config/ratelimit/v3/rls.proto index 2bea330b23961..bb3c538bbabff 100644 --- a/generated_api_shadow/envoy/config/ratelimit/v3/rls.proto +++ b/generated_api_shadow/envoy/config/ratelimit/v3/rls.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.ratelimit.v3"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit service] diff --git a/generated_api_shadow/envoy/config/rbac/v2/rbac.proto b/generated_api_shadow/envoy/config/rbac/v2/rbac.proto index 564777a22465a..8f8323e5c4af0 100644 --- a/generated_api_shadow/envoy/config/rbac/v2/rbac.proto +++ b/generated_api_shadow/envoy/config/rbac/v2/rbac.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.rbac.v2"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Role Based Access Control (RBAC)] diff --git a/generated_api_shadow/envoy/config/rbac/v3/rbac.proto b/generated_api_shadow/envoy/config/rbac/v3/rbac.proto index 4ecedfdfb9c9b..055e14253cae4 100644 --- a/generated_api_shadow/envoy/config/rbac/v3/rbac.proto +++ b/generated_api_shadow/envoy/config/rbac/v3/rbac.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.rbac.v3"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Role Based Access Control (RBAC)] diff --git a/generated_api_shadow/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto b/generated_api_shadow/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto index 9b06c3bb641bd..d229cffef8ca9 100644 --- a/generated_api_shadow/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto +++ b/generated_api_shadow/envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto @@ -12,7 +12,7 @@ option java_outer_classname = "OmitHostMetadataConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.retry.host.omit_host_metadata.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Omit host metadata retry predicate] diff --git a/generated_api_shadow/envoy/config/retry/previous_priorities/previous_priorities_config.proto b/generated_api_shadow/envoy/config/retry/previous_priorities/previous_priorities_config.proto index b9e81c7e6a935..e967411785768 100644 --- a/generated_api_shadow/envoy/config/retry/previous_priorities/previous_priorities_config.proto +++ b/generated_api_shadow/envoy/config/retry/previous_priorities/previous_priorities_config.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.retry.previous_priorities"; option java_outer_classname = "PreviousPrioritiesConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Previous priorities retry selector] diff --git a/generated_api_shadow/envoy/config/route/v3/route.proto b/generated_api_shadow/envoy/config/route/v3/route.proto index cfdb6caf8e829..a528d99bd4488 100644 --- a/generated_api_shadow/envoy/config/route/v3/route.proto +++ b/generated_api_shadow/envoy/config/route/v3/route.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.route.v3"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP route configuration] // * Routing :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index 859b3721b77a7..8ef58ba20798d 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -22,7 +22,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.route.v3"; option java_outer_classname = "RouteComponentsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP route components] // * Routing :ref:`architecture overview ` @@ -124,14 +124,6 @@ message VirtualHost { // Indicates that the virtual host has a CORS policy. CorsPolicy cors = 8; - // The per_filter_config field can be used to provide virtual host-specific - // configurations for filters. The key should match the filter name, such as - // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter - // specific; see the :ref:`HTTP filter documentation ` - // for if and how it is utilized. - map hidden_envoy_deprecated_per_filter_config = 12 - [deprecated = true]; - // The per_filter_config field can be used to provide virtual host-specific // configurations for filters. The key should match the filter name, such as // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter @@ -182,6 +174,9 @@ message VirtualHost { // If set and a route-specific limit is not set, the bytes actually buffered will be the minimum // value of this and the listener per_connection_buffer_limit_bytes. google.protobuf.UInt32Value per_request_buffer_limit_bytes = 18; + + map hidden_envoy_deprecated_per_filter_config = 12 + [deprecated = true]; } // A filter-defined action type. @@ -210,48 +205,38 @@ message Route { // Route matching parameters. RouteMatch match = 1 [(validate.rules).message = {required: true}]; - oneof action { - option (validate.required) = true; - - // Route request to some upstream cluster. - RouteAction route = 2; + // Route request to some upstream cluster. + core.v3.Metadata metadata = 4; - // Return a redirect. - RedirectAction redirect = 3; + // Return a redirect. + Decorator decorator = 5; - // Return an arbitrary HTTP response directly, without proxying. - DirectResponseAction direct_response = 7; + // Return an arbitrary HTTP response directly, without proxying. + map typed_per_filter_config = 13; - // [#not-implemented-hide:] - // If true, a filter will define the action (e.g., it could dynamically generate the - // RouteAction). - FilterAction filter_action = 17; - } + // [#not-implemented-hide:] + // If true, a filter will define the action (e.g., it could dynamically generate the + // RouteAction). + repeated core.v3.HeaderValueOption request_headers_to_add = 9 + [(validate.rules).repeated = {max_items: 1000}]; // The Metadata field can be used to provide additional information // about the route. It can be used for configuration, stats, and logging. // The metadata should go under the filter namespace that will need it. // For instance, if the metadata is intended for the Router filter, // the filter name should be specified as *envoy.filters.http.router*. - core.v3.Metadata metadata = 4; + repeated string request_headers_to_remove = 12; // Decorator for the matched route. - Decorator decorator = 5; - - // The per_filter_config field can be used to provide route-specific - // configurations for filters. The key should match the filter name, such as - // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter - // specific; see the :ref:`HTTP filter documentation ` for - // if and how it is utilized. - map hidden_envoy_deprecated_per_filter_config = 8 - [deprecated = true]; + repeated core.v3.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated = {max_items: 1000}]; // The typed_per_filter_config field can be used to provide route-specific // configurations for filters. The key should match the filter name, such as // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter // specific; see the :ref:`HTTP filter documentation ` for // if and how it is utilized. - map typed_per_filter_config = 13; + repeated string response_headers_to_remove = 11; // Specifies a set of headers that will be added to requests matching this // route. Headers specified at this level are applied before headers from the @@ -259,12 +244,11 @@ message Route { // :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.v3.HeaderValueOption request_headers_to_add = 9 - [(validate.rules).repeated = {max_items: 1000}]; + Tracing tracing = 15; // Specifies a list of HTTP headers that should be removed from each request // matching this route. - repeated string request_headers_to_remove = 12; + google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16; // Specifies a set of headers that will be added to responses to requests // matching this route. Headers specified at this level are applied before @@ -272,21 +256,27 @@ message Route { // :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on // :ref:`custom request headers `. - repeated core.v3.HeaderValueOption response_headers_to_add = 10 - [(validate.rules).repeated = {max_items: 1000}]; + map hidden_envoy_deprecated_per_filter_config = 8 + [deprecated = true]; - // Specifies a list of HTTP headers that should be removed from each response - // to requests matching this route. - repeated string response_headers_to_remove = 11; + oneof action { + option (validate.required) = true; - // Presence of the object defines whether the connection manager's tracing configuration - // is overridden by this route specific instance. - Tracing tracing = 15; + // Specifies a list of HTTP headers that should be removed from each response + // to requests matching this route. + RouteAction route = 2; - // The maximum bytes which will be buffered for retries and shadowing. - // If set, the bytes actually buffered will be the minimum value of this and the - // listener per_connection_buffer_limit_bytes. - google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16; + // Presence of the object defines whether the connection manager's tracing configuration + // is overridden by this route specific instance. + RedirectAction redirect = 3; + + // The maximum bytes which will be buffered for retries and shadowing. + // If set, the bytes actually buffered will be the minimum value of this and the + // listener per_connection_buffer_limit_bytes. + DirectResponseAction direct_response = 7; + + FilterAction filter_action = 17; + } } // Compared to the :ref:`cluster ` field that specifies a @@ -355,15 +345,10 @@ message WeightedCluster { // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter // specific; see the :ref:`HTTP filter documentation ` // for if and how it is utilized. + map typed_per_filter_config = 10; + map hidden_envoy_deprecated_per_filter_config = 8 [deprecated = true]; - - // The per_filter_config field can be used to provide weighted cluster-specific - // configurations for filters. The key should match the filter name, such as - // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter - // specific; see the :ref:`HTTP filter documentation ` - // for if and how it is utilized. - map typed_per_filter_config = 10; } // Specifies one or more upstream clusters associated with the route. @@ -408,57 +393,31 @@ message RouteMatch { reserved 5; - oneof path_specifier { - option (validate.required) = true; - - // If specified, the route is a prefix rule meaning that the prefix must - // match the beginning of the *:path* header. - string prefix = 1; - - // If specified, the route is an exact path rule meaning that the path must - // exactly match the *:path* header once the query string is removed. - string path = 2; + // If specified, the route is a prefix rule meaning that the prefix must + // match the beginning of the *:path* header. + google.protobuf.BoolValue case_sensitive = 4; - // If specified, the route is a regular expression rule meaning that the - // regex must match the *:path* header once the query string is removed. The entire path - // (without the query string) must match the regex. The rule will not match if only a - // subsequence of the *:path* header matches the regex. The regex grammar is defined `here - // `_. - // - // Examples: - // - // * The regex ``/b[io]t`` matches the path */bit* - // * The regex ``/b[io]t`` matches the path */bot* - // * The regex ``/b[io]t`` does not match the path */bite* - // * The regex ``/b[io]t`` does not match the path */bit/bot* - // - // .. attention:: - // This field has been deprecated in favor of `safe_regex` as it is not safe for use with - // untrusted input in all cases. - string hidden_envoy_deprecated_regex = 3 [ - deprecated = true, - (validate.rules).string = {max_bytes: 1024}, - (envoy.annotations.disallowed_by_default) = true - ]; + // If specified, the route is an exact path rule meaning that the path must + // exactly match the *:path* header once the query string is removed. + core.v3.RuntimeFractionalPercent runtime_fraction = 9; - // If specified, the route is a regular expression rule meaning that the - // regex must match the *:path* header once the query string is removed. The entire path - // (without the query string) must match the regex. The rule will not match if only a - // subsequence of the *:path* header matches the regex. - // - // [#next-major-version: In the v3 API we should redo how path specification works such - // that we utilize StringMatcher, and additionally have consistent options around whether we - // strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive - // to deprecate the existing options. We should even consider whether we want to do away with - // path_specifier entirely and just rely on a set of header matchers which can already match - // on :path, etc. The issue with that is it is unclear how to generically deal with query string - // stripping. This needs more thought.] - type.matcher.v3.RegexMatcher safe_regex = 10 [(validate.rules).message = {required: true}]; - } + // If specified, the route is a regular expression rule meaning that the + // regex must match the *:path* header once the query string is removed. The entire path + // (without the query string) must match the regex. The rule will not match if only a + // subsequence of the *:path* header matches the regex. + // + // [#next-major-version: In the v3 API we should redo how path specification works such + // that we utilize StringMatcher, and additionally have consistent options around whether we + // strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive + // to deprecate the existing options. We should even consider whether we want to do away with + // path_specifier entirely and just rely on a set of header matchers which can already match + // on :path, etc. The issue with that is it is unclear how to generically deal with query string + // stripping. This needs more thought.] + repeated HeaderMatcher headers = 6; // Indicates that prefix/path matching should be case insensitive. The default // is true. - google.protobuf.BoolValue case_sensitive = 4; + repeated QueryParameterMatcher query_parameters = 7; // Indicates that the route should additionally match on a runtime key. Every time the route // is considered for a match, it must also fall under the percentage of matches indicated by @@ -476,57 +435,48 @@ message RouteMatch { // integer with the assumption that the value is an integral percentage out of 100. For // instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent // whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics. - core.v3.RuntimeFractionalPercent runtime_fraction = 9; + GrpcRouteMatchOptions grpc = 8; // Specifies a set of headers that the route should match on. The router will // check the request’s headers against all the specified headers in the route // config. A match will happen if all the headers in the route are present in // the request with the same values (or based on presence if the value field // is not in the config). - repeated HeaderMatcher headers = 6; + TlsContextMatchOptions tls_context = 11; - // Specifies a set of URL query parameters on which the route should - // match. The router will check the query string from the *path* header - // against all the specified query parameters. If the number of specified - // query parameters is nonzero, they all must match the *path* header's - // query string for a match to occur. - repeated QueryParameterMatcher query_parameters = 7; + oneof path_specifier { + option (validate.required) = true; - // If specified, only gRPC requests will be matched. The router will check - // that the content-type header has a application/grpc or one of the various - // application/grpc+ values. - GrpcRouteMatchOptions grpc = 8; + // Specifies a set of URL query parameters on which the route should + // match. The router will check the query string from the *path* header + // against all the specified query parameters. If the number of specified + // query parameters is nonzero, they all must match the *path* header's + // query string for a match to occur. + string prefix = 1; - // If specified, the client tls context will be matched against the defined - // match options. - // - // [#next-major-version: unify with RBAC] - TlsContextMatchOptions tls_context = 11; + // If specified, only gRPC requests will be matched. The router will check + // that the content-type header has a application/grpc or one of the various + // application/grpc+ values. + string path = 2; + + // If specified, the client tls context will be matched against the defined + // match options. + // + // [#next-major-version: unify with RBAC] + type.matcher.v3.RegexMatcher safe_regex = 10 [(validate.rules).message = {required: true}]; + + string hidden_envoy_deprecated_regex = 3 [ + deprecated = true, + (validate.rules).string = {max_bytes: 1024}, + (envoy.annotations.disallowed_by_default) = true + ]; + } } // [#next-free-field: 12] message CorsPolicy { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.CorsPolicy"; - // Specifies the origins that will be allowed to do CORS requests. - // - // An origin is allowed if either allow_origin or allow_origin_regex match. - // - // .. attention:: - // This field has been deprecated in favor of `allow_origin_string_match`. - repeated string hidden_envoy_deprecated_allow_origin = 1 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - - // Specifies regex patterns that match allowed origins. - // - // An origin is allowed if either allow_origin or allow_origin_regex match. - // - // .. attention:: - // This field has been deprecated in favor of `allow_origin_string_match` as it is not safe for - // use with untrusted input in all cases. - repeated string hidden_envoy_deprecated_allow_origin_regex = 8 - [deprecated = true, (validate.rules).repeated = {items {string {max_bytes: 1024}}}]; - // Specifies string patterns that match allowed origins. An origin is allowed if any of the // string matchers match. repeated type.matcher.v3.StringMatcher allow_origin_string_match = 11; @@ -546,25 +496,14 @@ message CorsPolicy { // Specifies whether the resource allows credentials. google.protobuf.BoolValue allow_credentials = 6; - oneof enabled_specifier { - // Specifies if the CORS filter is enabled. Defaults to true. Only effective on route. - // - // .. attention:: - // - // **This field is deprecated**. Set the - // :ref:`filter_enabled` field instead. - google.protobuf.BoolValue hidden_envoy_deprecated_enabled = 7 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - - // Specifies the % of requests for which the CORS filter is enabled. - // - // If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS - // filter will be enabled for 100% of the requests. - // - // If :ref:`runtime_key ` is - // specified, Envoy will lookup the runtime key to get the percentage of requests to filter. - core.v3.RuntimeFractionalPercent filter_enabled = 9; - } + // Specifies the % of requests for which the CORS filter is enabled. + // + // If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS + // filter will be enabled for 100% of the requests. + // + // If :ref:`runtime_key ` is + // specified, Envoy will lookup the runtime key to get the percentage of requests to filter. + core.v3.RuntimeFractionalPercent shadow_enabled = 10; // Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not // enforced. @@ -575,7 +514,18 @@ message CorsPolicy { // If :ref:`runtime_key ` is specified, // Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate // and track the request's *Origin* to determine if it's valid but will not enforce any policies. - core.v3.RuntimeFractionalPercent shadow_enabled = 10; + repeated string hidden_envoy_deprecated_allow_origin = 1 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + + repeated string hidden_envoy_deprecated_allow_origin_regex = 8 + [deprecated = true, (validate.rules).repeated = {items {string {max_bytes: 1024}}}]; + + oneof enabled_specifier { + core.v3.RuntimeFractionalPercent filter_enabled = 9; + + google.protobuf.BoolValue hidden_envoy_deprecated_enabled = 7 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + } } // [#next-free-field: 34] @@ -615,24 +565,6 @@ message RouteAction { // exist in the cluster manager configuration. string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; - // If not specified, all requests to the target cluster will be mirrored. If - // specified, Envoy will lookup the runtime key to get the % of requests to - // mirror. Valid values are from 0 to 10000, allowing for increments of - // 0.01% of requests to be mirrored. If the runtime key is specified in the - // configuration but not present in runtime, 0 is the default and thus 0% of - // requests will be mirrored. - // - // .. attention:: - // - // **This field is deprecated**. Set the - // :ref:`runtime_fraction - // ` - // field instead. Mirroring occurs if both this and - // ` - // are not set. - string hidden_envoy_deprecated_runtime_key = 2 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // If not specified, all requests to the target cluster will be mirrored. // // If specified, this field takes precedence over the `runtime_key` field and requests must also @@ -645,6 +577,9 @@ message RouteAction { // Determines if the trace span should be sampled. Defaults to true. google.protobuf.BoolValue trace_sampled = 4; + + string hidden_envoy_deprecated_runtime_key = 2 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; } // Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer @@ -726,45 +661,45 @@ message RouteAction { string key = 1 [(validate.rules).string = {min_bytes: 1}]; } + // Header hash policy. + bool terminal = 4; + oneof policy_specifier { option (validate.required) = true; - // Header hash policy. + // Cookie hash policy. Header header = 1; - // Cookie hash policy. + // Connection properties hash policy. Cookie cookie = 2; - // Connection properties hash policy. + // Query parameter hash policy. ConnectionProperties connection_properties = 3; - // Query parameter hash policy. + // Filter state hash policy. QueryParameter query_parameter = 5; - // Filter state hash policy. + // The flag that short-circuits the hash computing. This field provides a + // 'fallback' style of configuration: "if a terminal policy doesn't work, + // fallback to rest of the policy list", it saves time when the terminal + // policy works. + // + // If true, and there is already a hash computed, ignore rest of the + // list of hash polices. + // For example, if the following hash methods are configured: + // + // ========= ======== + // specifier terminal + // ========= ======== + // Header A true + // Header B false + // Header C false + // ========= ======== + // + // The generateHash process ends if policy "header A" generates a hash, as + // it's a terminal policy. FilterState filter_state = 6; } - - // The flag that short-circuits the hash computing. This field provides a - // 'fallback' style of configuration: "if a terminal policy doesn't work, - // fallback to rest of the policy list", it saves time when the terminal - // policy works. - // - // If true, and there is already a hash computed, ignore rest of the - // list of hash polices. - // For example, if the following hash methods are configured: - // - // ========= ======== - // specifier terminal - // ========= ======== - // Header A true - // Header B false - // Header C false - // ========= ======== - // - // The generateHash process ends if policy "header A" generates a hash, as - // it's a terminal policy. - bool terminal = 4; } // Allows enabling and disabling upgrades on a per-route basis. @@ -789,44 +724,40 @@ message RouteAction { reserved 12, 18, 19, 16, 22, 21; - oneof cluster_specifier { - option (validate.required) = true; - - // Indicates the upstream cluster to which the request should be routed - // to. - string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + // Indicates the upstream cluster to which the request should be routed + // to. + ClusterNotFoundResponseCode cluster_not_found_response_code = 20 + [(validate.rules).enum = {defined_only: true}]; - // Envoy will determine the cluster to route to by reading the value of the - // HTTP header named by cluster_header from the request headers. If the - // header is not found or the referenced cluster does not exist, Envoy will - // return a 404 response. - // - // .. attention:: - // - // Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 - // *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. - string cluster_header = 2 - [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + // Envoy will determine the cluster to route to by reading the value of the + // HTTP header named by cluster_header from the request headers. If the + // header is not found or the referenced cluster does not exist, Envoy will + // return a 404 response. + // + // .. attention:: + // + // Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 + // *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. + core.v3.Metadata metadata_match = 4; - // Multiple upstream clusters can be specified for a given route. The - // request is routed to one of the upstream clusters based on weights - // assigned to each cluster. See - // :ref:`traffic splitting ` - // for additional documentation. - WeightedCluster weighted_clusters = 3; - } + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. See + // :ref:`traffic splitting ` + // for additional documentation. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; // The HTTP status code to use when configured cluster is not found. // The default response code is 503 Service Unavailable. - ClusterNotFoundResponseCode cluster_not_found_response_code = 20 - [(validate.rules).enum = {defined_only: true}]; + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 32; // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints // in the upstream cluster with metadata matching what's set in this field will be considered // for load balancing. If using :ref:`weighted_clusters // `, metadata will be merged, with values // provided there taking precedence. The filter name should be specified as *envoy.lb*. - core.v3.Metadata metadata_match = 4; + google.protobuf.Duration timeout = 8; // Indicates that during forwarding, the matched prefix (or path) should be // swapped with this value. This option allows application URLs to be rooted @@ -859,8 +790,7 @@ message RouteAction { // // Having above entries in the config, requests to */prefix* will be stripped to */*, while // requests to */prefix/etc* will be stripped to */etc*. - string prefix_rewrite = 5 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + google.protobuf.Duration idle_timeout = 24; // Indicates that during forwarding, portions of the path that match the // pattern should be rewritten, even allowing the substitution of capture @@ -890,32 +820,28 @@ message RouteAction { // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to // ``/aaa/yyy/bbb``. - type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 32; + RetryPolicy retry_policy = 9; - oneof host_rewrite_specifier { - // Indicates that during forwarding, the host header will be swapped with - // this value. - string host_rewrite_literal = 6 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + // Indicates that during forwarding, the host header will be swapped with + // this value. + google.protobuf.Any retry_policy_typed_config = 33; - // Indicates that during forwarding, the host header will be swapped with - // the hostname of the upstream host chosen by the cluster manager. This - // option is applicable only when the destination cluster for a route is of - // type *strict_dns* or *logical_dns*. Setting this to true with other cluster - // types has no effect. - google.protobuf.BoolValue auto_host_rewrite = 7; + // Indicates that during forwarding, the host header will be swapped with + // the hostname of the upstream host chosen by the cluster manager. This + // option is applicable only when the destination cluster for a route is of + // type *strict_dns* or *logical_dns*. Setting this to true with other cluster + // types has no effect. + repeated RequestMirrorPolicy request_mirror_policies = 30; - // Indicates that during forwarding, the host header will be swapped with the content of given - // downstream or :ref:`custom ` header. - // If header value is empty, host header is left intact. - // - // .. attention:: - // - // Pay attention to the potential security implications of using this option. Provided header - // must come from trusted source. - string host_rewrite_header = 29 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; - } + // Indicates that during forwarding, the host header will be swapped with the content of given + // downstream or :ref:`custom ` header. + // If header value is empty, host header is left intact. + // + // .. attention:: + // + // Pay attention to the potential security implications of using this option. Provided header + // must come from trusted source. + core.v3.RoutingPriority priority = 11 [(validate.rules).enum = {defined_only: true}]; // Specifies the upstream timeout for the route. If not specified, the default is 15s. This // spans between the point at which the entire downstream request (i.e. end-of-stream) has been @@ -928,7 +854,7 @@ message RouteAction { // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the // :ref:`retry overview `. - google.protobuf.Duration timeout = 8; + repeated RateLimit rate_limits = 13; // Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, // although the connection manager wide :ref:`stream_idle_timeout @@ -948,42 +874,35 @@ message RouteAction { // fires, the stream is terminated with a 408 Request Timeout error code if no // upstream response header has been received, otherwise a stream reset // occurs. - google.protobuf.Duration idle_timeout = 24; + google.protobuf.BoolValue include_vh_rate_limits = 14; // Indicates that the route has a retry policy. Note that if this is set, // it'll take precedence over the virtual host level retry policy entirely // (e.g.: policies are not merged, most internal one becomes the enforced policy). - RetryPolicy retry_policy = 9; + repeated HashPolicy hash_policy = 15; // [#not-implemented-hide:] // Specifies the configuration for retry policy extension. Note that if this is set, it'll take // precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, // most internal one becomes the enforced policy). :ref:`Retry policy ` // should not be set if this field is used. - google.protobuf.Any retry_policy_typed_config = 33; - - // Indicates that the route has a request mirroring policy. - // - // .. attention:: - // This field has been deprecated in favor of `request_mirror_policies` which supports one or - // more mirroring policies. - RequestMirrorPolicy hidden_envoy_deprecated_request_mirror_policy = 10 [deprecated = true]; + CorsPolicy cors = 17; // Indicates that the route has request mirroring policies. - repeated RequestMirrorPolicy request_mirror_policies = 30; + google.protobuf.Duration max_grpc_timeout = 23; // Optionally specifies the :ref:`routing priority `. - core.v3.RoutingPriority priority = 11 [(validate.rules).enum = {defined_only: true}]; + google.protobuf.Duration grpc_timeout_offset = 28; // Specifies a set of rate limit configurations that could be applied to the // route. - repeated RateLimit rate_limits = 13; + repeated UpgradeConfig upgrade_configs = 25; // Specifies if the rate limit filter should include the virtual host rate // limits. By default, if the route configured rate limits, the virtual host // :ref:`rate_limits ` are not applied to the // request. - google.protobuf.BoolValue include_vh_rate_limits = 14; + InternalRedirectAction internal_redirect_action = 26; // Specifies a list of hash policies to use for ring hash load balancing. Each // hash policy is evaluated individually and the combined result is used to @@ -997,10 +916,10 @@ message RouteAction { // backend). If a hash policy has the "terminal" attribute set to true, and // there is already a hash generated, the hash is returned immediately, // ignoring the rest of the hash policy list. - repeated HashPolicy hash_policy = 15; + google.protobuf.UInt32Value max_internal_redirects = 31; // Indicates that the route has a CORS policy. - CorsPolicy cors = 17; + HedgePolicy hedge_policy = 27; // If present, and the request is a gRPC request, use the // `grpc-timeout header `_, @@ -1021,41 +940,52 @@ message RouteAction { // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the // :ref:`retry overview `. - google.protobuf.Duration max_grpc_timeout = 23; + RequestMirrorPolicy hidden_envoy_deprecated_request_mirror_policy = 10 [deprecated = true]; - // If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting - // the provided duration from the header. This is useful in allowing Envoy to set its global - // timeout to be less than that of the deadline imposed by the calling client, which makes it more - // likely that Envoy will handle the timeout instead of having the call canceled by the client. - // The offset will only be applied if the provided grpc_timeout is greater than the offset. This - // ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning - // infinity). - google.protobuf.Duration grpc_timeout_offset = 28; + oneof cluster_specifier { + option (validate.required) = true; - repeated UpgradeConfig upgrade_configs = 25; + // If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting + // the provided duration from the header. This is useful in allowing Envoy to set its global + // timeout to be less than that of the deadline imposed by the calling client, which makes it more + // likely that Envoy will handle the timeout instead of having the call canceled by the client. + // The offset will only be applied if the provided grpc_timeout is greater than the offset. This + // ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning + // infinity). + string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; - InternalRedirectAction internal_redirect_action = 26; + string cluster_header = 2 + [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; - // An internal redirect is handled, iff the number of previous internal redirects that a - // downstream request has encountered is lower than this value, and - // :ref:`internal_redirect_action ` - // is set to :ref:`HANDLE_INTERNAL_REDIRECT - // ` - // In the case where a downstream request is bounced among multiple routes by internal redirect, - // the first route that hits this threshold, or has - // :ref:`internal_redirect_action ` - // set to - // :ref:`PASS_THROUGH_INTERNAL_REDIRECT - // ` - // will pass the redirect back to downstream. - // - // If not specified, at most one redirect will be followed. - google.protobuf.UInt32Value max_internal_redirects = 31; + WeightedCluster weighted_clusters = 3; + } - // Indicates that the route has a hedge policy. Note that if this is set, - // it'll take precedence over the virtual host level hedge policy entirely - // (e.g.: policies are not merged, most internal one becomes the enforced policy). - HedgePolicy hedge_policy = 27; + oneof host_rewrite_specifier { + // An internal redirect is handled, iff the number of previous internal redirects that a + // downstream request has encountered is lower than this value, and + // :ref:`internal_redirect_action ` + // is set to :ref:`HANDLE_INTERNAL_REDIRECT + // ` + // In the case where a downstream request is bounced among multiple routes by internal redirect, + // the first route that hits this threshold, or has + // :ref:`internal_redirect_action ` + // set to + // :ref:`PASS_THROUGH_INTERNAL_REDIRECT + // ` + // will pass the redirect back to downstream. + // + // If not specified, at most one redirect will be followed. + string host_rewrite_literal = 6 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that the route has a hedge policy. Note that if this is set, + // it'll take precedence over the virtual host level hedge policy entirely + // (e.g.: policies are not merged, most internal one becomes the enforced policy). + google.protobuf.BoolValue auto_host_rewrite = 7; + + string host_rewrite_header = 29 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; + } } // HTTP retry :ref:`architecture overview `. @@ -1070,9 +1000,9 @@ message RetryPolicy { string name = 1 [(validate.rules).string = {min_bytes: 1}]; oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } @@ -1083,9 +1013,9 @@ message RetryPolicy { string name = 1 [(validate.rules).string = {min_bytes: 1}]; oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } @@ -1215,30 +1145,27 @@ message RedirectAction { PERMANENT_REDIRECT = 4; } - // When the scheme redirection take place, the following rules apply: - // 1. If the source URI scheme is `http` and the port is explicitly - // set to `:80`, the port will be removed after the redirection - // 2. If the source URI scheme is `https` and the port is explicitly - // set to `:443`, the port will be removed after the redirection - oneof scheme_rewrite_specifier { - // The scheme portion of the URL will be swapped with "https". - bool https_redirect = 4; + // The scheme portion of the URL will be swapped with "https". + string host_redirect = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; - // The scheme portion of the URL will be swapped with this value. - string scheme_redirect = 7; - } + // The scheme portion of the URL will be swapped with this value. + uint32 port_redirect = 8; // The host portion of the URL will be swapped with this value. - string host_redirect = 1 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + RedirectResponseCode response_code = 3 [(validate.rules).enum = {defined_only: true}]; // The port value of the URL will be swapped with this value. - uint32 port_redirect = 8; + bool strip_query = 6; - oneof path_rewrite_specifier { + // When the scheme redirection take place, the following rules apply: + // 1. If the source URI scheme is `http` and the port is explicitly + // set to `:80`, the port will be removed after the redirection + // 2. If the source URI scheme is `https` and the port is explicitly + // set to `:443`, the port will be removed after the redirection + oneof scheme_rewrite_specifier { // The path portion of the URL will be swapped with this value. - string path_redirect = 2 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + bool https_redirect = 4; // Indicates that during redirection, the matched prefix (or path) // should be swapped with this value. This option allows redirect URLs be dynamically created @@ -1248,17 +1175,20 @@ message RedirectAction { // // Pay attention to the use of trailing slashes as mentioned in // :ref:`RouteAction's prefix_rewrite `. - string prefix_rewrite = 5 - [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + string scheme_redirect = 7; } - // The HTTP status code to use in the redirect response. The default response - // code is MOVED_PERMANENTLY (301). - RedirectResponseCode response_code = 3 [(validate.rules).enum = {defined_only: true}]; + oneof path_rewrite_specifier { + // The HTTP status code to use in the redirect response. The default response + // code is MOVED_PERMANENTLY (301). + string path_redirect = 2 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; - // Indicates that during redirection, the query portion of the URL will - // be removed. Default value is false. - bool strip_query = 6; + // Indicates that during redirection, the query portion of the URL will + // be removed. Default value is false. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + } } message DirectResponseAction { @@ -1353,25 +1283,6 @@ message Tracing { message VirtualCluster { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.VirtualCluster"; - // Specifies a regex pattern to use for matching requests. The entire path of the request - // must match the regex. The regex grammar used is defined `here - // `_. - // - // Examples: - // - // * The regex ``/rides/\d+`` matches the path */rides/0* - // * The regex ``/rides/\d+`` matches the path */rides/123* - // * The regex ``/rides/\d+`` does not match the path */rides/123/456* - // - // .. attention:: - // This field has been deprecated in favor of `headers` as it is not safe for use with - // untrusted input in all cases. - string hidden_envoy_deprecated_pattern = 1 [ - deprecated = true, - (validate.rules).string = {max_bytes: 1024}, - (envoy.annotations.disallowed_by_default) = true - ]; - // Specifies a list of header matchers to use for matching requests. Each specified header must // match. The pseudo-headers `:path` and `:method` can be used to match the request path and // method, respectively. @@ -1382,11 +1293,12 @@ message VirtualCluster { // router filter and are documented :ref:`here `. string name = 2 [(validate.rules).string = {min_bytes: 1}]; - // Optionally specifies the HTTP method to match on. For example GET, PUT, - // etc. - // - // .. attention:: - // This field has been deprecated in favor of `headers`. + string hidden_envoy_deprecated_pattern = 1 [ + deprecated = true, + (validate.rules).string = {max_bytes: 1024}, + (envoy.annotations.disallowed_by_default) = true + ]; + core.v3.RequestMethod hidden_envoy_deprecated_method = 3 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; } @@ -1582,35 +1494,15 @@ message HeaderMatcher { string name = 1 [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + // If specified, header match will be performed based on the value of the header. + bool invert_match = 8; + // Specifies how the header match will be performed to route the request. oneof header_match_specifier { - // If specified, header match will be performed based on the value of the header. - string exact_match = 4; - - // If specified, this regex string is a regular expression rule which implies the entire request - // header value must match the regex. The rule will not match if only a subsequence of the - // request header value matches the regex. The regex grammar used in the value field is defined - // `here `_. - // - // Examples: - // - // * The regex ``\d{3}`` matches the value *123* - // * The regex ``\d{3}`` does not match the value *1234* - // * The regex ``\d{3}`` does not match the value *123.456* - // - // .. attention:: - // This field has been deprecated in favor of `safe_regex_match` as it is not safe for use - // with untrusted input in all cases. - string hidden_envoy_deprecated_regex_match = 5 [ - deprecated = true, - (validate.rules).string = {max_bytes: 1024}, - (envoy.annotations.disallowed_by_default) = true - ]; - // If specified, this regex string is a regular expression rule which implies the entire request // header value must match the regex. The rule will not match if only a subsequence of the // request header value matches the regex. - type.matcher.v3.RegexMatcher safe_regex_match = 11; + string exact_match = 4; // If specified, header match will be performed based on range. // The rule will match if the request header value is within this range. @@ -1623,11 +1515,11 @@ message HeaderMatcher { // // * For range [-10,0), route will match for header value -1, but not for 0, "somestring", 10.9, // "-1somestring" - type.v3.Int64Range range_match = 6; + type.matcher.v3.RegexMatcher safe_regex_match = 11; // If specified, header match will be performed based on whether the header is in the // request. - bool present_match = 7; + type.v3.Int64Range range_match = 6; // If specified, header match will be performed based on the prefix of the header value. // Note: empty prefix is not allowed, please use present_match instead. @@ -1635,7 +1527,7 @@ message HeaderMatcher { // Examples: // // * The prefix *abcd* matches the value *abcdxyz*, but not for *abcxyz*. - string prefix_match = 9 [(validate.rules).string = {min_bytes: 1}]; + bool present_match = 7; // If specified, header match will be performed based on the suffix of the header value. // Note: empty suffix is not allowed, please use present_match instead. @@ -1643,16 +1535,22 @@ message HeaderMatcher { // Examples: // // * The suffix *abcd* matches the value *xyzabcd*, but not for *xyzbcd*. + string prefix_match = 9 [(validate.rules).string = {min_bytes: 1}]; + + // If specified, the match result will be inverted before checking. Defaults to false. + // + // Examples: + // + // * The regex ``\d{3}`` does not match the value *1234*, so it will match when inverted. + // * The range [-10,0) will match the value -1, so it will not match when inverted. string suffix_match = 10 [(validate.rules).string = {min_bytes: 1}]; - } - // If specified, the match result will be inverted before checking. Defaults to false. - // - // Examples: - // - // * The regex ``\d{3}`` does not match the value *1234*, so it will match when inverted. - // * The range [-10,0) will match the value -1, so it will not match when inverted. - bool invert_match = 8; + string hidden_envoy_deprecated_regex_match = 5 [ + deprecated = true, + (validate.rules).string = {max_bytes: 1024}, + (envoy.annotations.disallowed_by_default) = true + ]; + } } // Query parameter matching treats the query string of a request's :path header @@ -1666,30 +1564,17 @@ message QueryParameterMatcher { // *path*'s query string. string name = 1 [(validate.rules).string = {min_bytes: 1 max_bytes: 1024}]; - // Specifies the value of the key. If the value is absent, a request - // that contains the key in its query string will match, whether the - // key appears with a value (e.g., "?debug=true") or not (e.g., "?debug") - // - // ..attention:: - // This field is deprecated. Use an `exact` match inside the `string_match` field. + // Specifies whether a query parameter value should match against a string. string hidden_envoy_deprecated_value = 3 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // Specifies whether the query parameter value is a regular expression. - // Defaults to false. The entire query parameter value (i.e., the part to - // the right of the equals sign in "key=value") must match the regex. - // E.g., the regex ``\d+$`` will match *123* but not *a123* or *123a*. - // - // ..attention:: - // This field is deprecated. Use a `safe_regex` match inside the `string_match` field. + // Specifies whether a query parameter should be present. google.protobuf.BoolValue hidden_envoy_deprecated_regex = 4 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; oneof query_parameter_match_specifier { - // Specifies whether a query parameter value should match against a string. type.matcher.v3.StringMatcher string_match = 5 [(validate.rules).message = {required: true}]; - // Specifies whether a query parameter should be present. bool present_match = 6; } } diff --git a/generated_api_shadow/envoy/config/route/v3/scoped_route.proto b/generated_api_shadow/envoy/config/route/v3/scoped_route.proto index fb81ad3f9c92a..f2b28ed974c01 100644 --- a/generated_api_shadow/envoy/config/route/v3/scoped_route.proto +++ b/generated_api_shadow/envoy/config/route/v3/scoped_route.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.route.v3"; option java_outer_classname = "ScopedRouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP scoped routing configuration] // * Routing :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/config/route/v4alpha/BUILD b/generated_api_shadow/envoy/config/route/v4alpha/BUILD new file mode 100644 index 0000000000000..507bedd76bdf3 --- /dev/null +++ b/generated_api_shadow/envoy/config/route/v4alpha/BUILD @@ -0,0 +1,17 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/route/v3:pkg", + "//envoy/type/matcher/v3:pkg", + "//envoy/type/tracing/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route.proto b/generated_api_shadow/envoy/config/route/v4alpha/route.proto new file mode 100644 index 0000000000000..1b805d35344f0 --- /dev/null +++ b/generated_api_shadow/envoy/config/route/v4alpha/route.proto @@ -0,0 +1,117 @@ +syntax = "proto3"; + +package envoy.config.route.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/route/v4alpha/route_components.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.route.v4alpha"; +option java_outer_classname = "RouteProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP route configuration] +// * Routing :ref:`architecture overview ` +// * HTTP :ref:`router filter ` + +// [#next-free-field: 11] +message RouteConfiguration { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteConfiguration"; + + // The name of the route configuration. For example, it might match + // :ref:`route_config_name + // ` in + // :ref:`envoy_api_msg_extensions.filters.network.http_connection_manager.v4alpha.Rds`. + string name = 1; + + // An array of virtual hosts that make up the route table. + repeated VirtualHost virtual_hosts = 2; + + // An array of virtual hosts will be dynamically loaded via the VHDS API. + // Both *virtual_hosts* and *vhds* fields will be used when present. *virtual_hosts* can be used + // for a base routing table or for infrequently changing virtual hosts. *vhds* is used for + // on-demand discovery of virtual hosts. The contents of these two fields will be merged to + // generate a routing table for a given RouteConfiguration, with *vhds* derived configuration + // taking precedence. + Vhds vhds = 9; + + // Optionally specifies a list of HTTP headers that the connection manager + // will consider to be internal only. If they are found on external requests they will be cleaned + // prior to filter invocation. See :ref:`config_http_conn_man_headers_x-envoy-internal` for more + // information. + repeated string internal_only_headers = 3 [ + (validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME strict: false}}} + ]; + + // Specifies a list of HTTP headers that should be added to each response that + // the connection manager encodes. Headers specified at this level are applied + // after headers from any enclosed :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` or + // :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 4 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // that the connection manager encodes. + repeated string response_headers_to_remove = 5 [ + (validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME strict: false}}} + ]; + + // Specifies a list of HTTP headers that should be added to each request + // routed by the HTTP connection manager. Headers specified at this level are + // applied after headers from any enclosed :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` or + // :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 6 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // routed by the HTTP connection manager. + repeated string request_headers_to_remove = 8 [ + (validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME strict: false}}} + ]; + + // By default, headers that should be added/removed are evaluated from most to least specific: + // + // * route level + // * virtual host level + // * connection manager level + // + // To allow setting overrides at the route or virtual host level, this order can be reversed + // by setting this option to true. Defaults to false. + // + // [#next-major-version: In the v3 API, this will default to true.] + bool most_specific_header_mutations_wins = 10; + + // An optional boolean that specifies whether the clusters that the route + // table refers to will be validated by the cluster manager. If set to true + // and a route refers to a non-existent cluster, the route table will not + // load. If set to false and a route refers to a non-existent cluster, the + // route table will load and the router filter will return a 404 if the route + // is selected at runtime. This setting defaults to true if the route table + // is statically defined via the :ref:`route_config + // ` + // option. This setting default to false if the route table is loaded dynamically via the + // :ref:`rds + // ` + // option. Users may wish to override the default behavior in certain cases (for example when + // using CDS with a static route table). + google.protobuf.BoolValue validate_clusters = 7; +} + +message Vhds { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Vhds"; + + // Configuration source specifier for VHDS. + core.v4alpha.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto new file mode 100644 index 0000000000000..33f8d64543df6 --- /dev/null +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -0,0 +1,1566 @@ +syntax = "proto3"; + +package envoy.config.route.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/type/matcher/v3/regex.proto"; +import "envoy/type/matcher/v3/string.proto"; +import "envoy/type/tracing/v3/custom_tag.proto"; +import "envoy/type/v3/percent.proto"; +import "envoy/type/v3/range.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.route.v4alpha"; +option java_outer_classname = "RouteComponentsProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP route components] +// * Routing :ref:`architecture overview ` +// * HTTP :ref:`router filter ` + +// The top level element in the routing configuration is a virtual host. Each virtual host has +// a logical name as well as a set of domains that get routed to it based on the incoming request's +// host header. This allows a single listener to service multiple top level domain path trees. Once +// a virtual host is selected based on the domain, the routes are processed in order to see which +// upstream cluster to route to or whether to perform a redirect. +// [#next-free-field: 21] +message VirtualHost { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.VirtualHost"; + + enum TlsRequirementType { + // No TLS requirement for the virtual host. + NONE = 0; + + // External requests must use TLS. If a request is external and it is not + // using TLS, a 301 redirect will be sent telling the client to use HTTPS. + EXTERNAL_ONLY = 1; + + // All requests must use TLS. If a request is not using TLS, a 301 redirect + // will be sent telling the client to use HTTPS. + ALL = 2; + } + + reserved 9, 12; + + reserved "per_filter_config"; + + // The logical name of the virtual host. This is used when emitting certain + // statistics but is not relevant for routing. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // A list of domains (host/authority header) that will be matched to this + // virtual host. Wildcard hosts are supported in the suffix or prefix form. + // + // Domain search order: + // 1. Exact domain names: ``www.foo.com``. + // 2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``. + // 3. Prefix domain wildcards: ``foo.*`` or ``foo-*``. + // 4. Special wildcard ``*`` matching any domain. + // + // .. note:: + // + // The wildcard will not match the empty string. + // e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``. + // The longest wildcards match first. + // Only a single virtual host in the entire route configuration can match on ``*``. A domain + // must be unique across all virtual hosts or the config will fail to load. + // + // Domains cannot contain control characters. This is validated by the well_known_regex HTTP_HEADER_VALUE. + repeated string domains = 2 [(validate.rules).repeated = { + min_items: 1 + items {string {well_known_regex: HTTP_HEADER_VALUE strict: false}} + }]; + + // The list of routes that will be matched, in order, for incoming requests. + // The first route that matches will be used. + repeated Route routes = 3; + + // Specifies the type of TLS enforcement the virtual host expects. If this option is not + // specified, there is no TLS requirement for the virtual host. + TlsRequirementType require_tls = 4 [(validate.rules).enum = {defined_only: true}]; + + // A list of virtual clusters defined for this virtual host. Virtual clusters + // are used for additional statistics gathering. + repeated VirtualCluster virtual_clusters = 5; + + // Specifies a set of rate limit configurations that will be applied to the + // virtual host. + repeated RateLimit rate_limits = 6; + + // Specifies a list of HTTP headers that should be added to each request + // handled by this virtual host. Headers specified at this level are applied + // after headers from enclosed :ref:`envoy_api_msg_config.route.v4alpha.Route` and before headers from the + // enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 7 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // handled by this virtual host. + repeated string request_headers_to_remove = 13; + + // Specifies a list of HTTP headers that should be added to each response + // handled by this virtual host. Headers specified at this level are applied + // after headers from enclosed :ref:`envoy_api_msg_config.route.v4alpha.Route` and before headers from the + // enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // handled by this virtual host. + repeated string response_headers_to_remove = 11; + + // Indicates that the virtual host has a CORS policy. + CorsPolicy cors = 8; + + // The per_filter_config field can be used to provide virtual host-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` + // for if and how it is utilized. + map typed_per_filter_config = 15; + + // Decides whether the :ref:`x-envoy-attempt-count + // ` header should be included + // in the upstream request. Setting this option will cause it to override any existing header + // value, so in the case of two Envoys on the request path with this option enabled, the upstream + // will see the attempt count as perceived by the second Envoy. Defaults to false. + // This header is unaffected by the + // :ref:`suppress_envoy_headers + // ` flag. + // + // [#next-major-version: rename to include_attempt_count_in_request.] + bool include_request_attempt_count = 14; + + // Decides whether the :ref:`x-envoy-attempt-count + // ` header should be included + // in the downstream response. Setting this option will cause the router to override any existing header + // value, so in the case of two Envoys on the request path with this option enabled, the downstream + // will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false. + // This header is unaffected by the + // :ref:`suppress_envoy_headers + // ` flag. + bool include_attempt_count_in_response = 19; + + // Indicates the retry policy for all routes in this virtual host. Note that setting a + // route level entry will take precedence over this config and it'll be treated + // independently (e.g.: values are not inherited). + RetryPolicy retry_policy = 16; + + // [#not-implemented-hide:] + // Specifies the configuration for retry policy extension. Note that setting a route level entry + // will take precedence over this config and it'll be treated independently (e.g.: values are not + // inherited). :ref:`Retry policy ` should not be + // set if this field is used. + google.protobuf.Any retry_policy_typed_config = 20; + + // Indicates the hedge policy for all routes in this virtual host. Note that setting a + // route level entry will take precedence over this config and it'll be treated + // independently (e.g.: values are not inherited). + HedgePolicy hedge_policy = 17; + + // The maximum bytes which will be buffered for retries and shadowing. + // If set and a route-specific limit is not set, the bytes actually buffered will be the minimum + // value of this and the listener per_connection_buffer_limit_bytes. + google.protobuf.UInt32Value per_request_buffer_limit_bytes = 18; +} + +// A filter-defined action type. +message FilterAction { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.FilterAction"; + + google.protobuf.Any action = 1; +} + +// A route is both a specification of how to match a request as well as an indication of what to do +// next (e.g., redirect, forward, rewrite, etc.). +// +// .. attention:: +// +// Envoy supports routing on HTTP method via :ref:`header matching +// `. +// [#next-free-field: 18] +message Route { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Route"; + + reserved 6, 8; + + reserved "per_filter_config"; + + // Name for the route. + string name = 14; + + // Route matching parameters. + RouteMatch match = 1 [(validate.rules).message = {required: true}]; + + oneof action { + option (validate.required) = true; + + // Route request to some upstream cluster. + RouteAction route = 2; + + // Return a redirect. + RedirectAction redirect = 3; + + // Return an arbitrary HTTP response directly, without proxying. + DirectResponseAction direct_response = 7; + + // [#not-implemented-hide:] + // If true, a filter will define the action (e.g., it could dynamically generate the + // RouteAction). + FilterAction filter_action = 17; + } + + // The Metadata field can be used to provide additional information + // about the route. It can be used for configuration, stats, and logging. + // The metadata should go under the filter namespace that will need it. + // For instance, if the metadata is intended for the Router filter, + // the filter name should be specified as *envoy.filters.http.router*. + core.v4alpha.Metadata metadata = 4; + + // Decorator for the matched route. + Decorator decorator = 5; + + // The typed_per_filter_config field can be used to provide route-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` for + // if and how it is utilized. + map typed_per_filter_config = 13; + + // Specifies a set of headers that will be added to requests matching this + // route. Headers specified at this level are applied before headers from the + // enclosing :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 9 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // matching this route. + repeated string request_headers_to_remove = 12; + + // Specifies a set of headers that will be added to responses to requests + // matching this route. Headers specified at this level are applied before + // headers from the enclosing :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost` and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on + // :ref:`custom request headers `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // to requests matching this route. + repeated string response_headers_to_remove = 11; + + // Presence of the object defines whether the connection manager's tracing configuration + // is overridden by this route specific instance. + Tracing tracing = 15; + + // The maximum bytes which will be buffered for retries and shadowing. + // If set, the bytes actually buffered will be the minimum value of this and the + // listener per_connection_buffer_limit_bytes. + google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16; +} + +// Compared to the :ref:`cluster ` field that specifies a +// single upstream cluster as the target of a request, the :ref:`weighted_clusters +// ` option allows for specification of +// multiple upstream clusters along with weights that indicate the percentage of +// traffic to be forwarded to each cluster. The router selects an upstream cluster based on the +// weights. +message WeightedCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.WeightedCluster"; + + // [#next-free-field: 11] + message ClusterWeight { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.WeightedCluster.ClusterWeight"; + + reserved 7, 8; + + reserved "per_filter_config"; + + // Name of the upstream cluster. The cluster must exist in the + // :ref:`cluster manager configuration `. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // An integer between 0 and :ref:`total_weight + // `. When a request matches the route, + // the choice of an upstream cluster is determined by its weight. The sum of weights across all + // entries in the clusters array must add up to the total_weight, which defaults to 100. + google.protobuf.UInt32Value weight = 2; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in + // the upstream cluster with metadata matching what is set in this field will be considered for + // load balancing. Note that this will be merged with what's provided in + // :ref:`RouteAction.metadata_match `, with + // values here taking precedence. The filter name should be specified as *envoy.lb*. + core.v4alpha.Metadata metadata_match = 3; + + // Specifies a list of headers to be added to requests when this cluster is selected + // through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + // Headers specified at this level are applied before headers from the enclosing + // :ref:`envoy_api_msg_config.route.v4alpha.Route`, :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost`, and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption request_headers_to_add = 4 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request when + // this cluster is selected through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + repeated string request_headers_to_remove = 9; + + // Specifies a list of headers to be added to responses when this cluster is selected + // through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + // Headers specified at this level are applied before headers from the enclosing + // :ref:`envoy_api_msg_config.route.v4alpha.Route`, :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost`, and + // :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v4alpha.HeaderValueOption response_headers_to_add = 5 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of headers to be removed from responses when this cluster is selected + // through the enclosing :ref:`envoy_api_msg_config.route.v4alpha.RouteAction`. + repeated string response_headers_to_remove = 6; + + // The per_filter_config field can be used to provide weighted cluster-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` + // for if and how it is utilized. + map typed_per_filter_config = 10; + } + + // Specifies one or more upstream clusters associated with the route. + repeated ClusterWeight clusters = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Specifies the total weight across all clusters. The sum of all cluster weights must equal this + // value, which must be greater than 0. Defaults to 100. + google.protobuf.UInt32Value total_weight = 3 [(validate.rules).uint32 = {gte: 1}]; + + // Specifies the runtime key prefix that should be used to construct the + // runtime keys associated with each cluster. When the *runtime_key_prefix* is + // specified, the router will look for weights associated with each upstream + // cluster under the key *runtime_key_prefix* + "." + *cluster[i].name* where + // *cluster[i]* denotes an entry in the clusters array field. If the runtime + // key for the cluster does not exist, the value specified in the + // configuration file will be used as the default weight. See the :ref:`runtime documentation + // ` for how key names map to the underlying implementation. + string runtime_key_prefix = 2; +} + +// [#next-free-field: 12] +message RouteMatch { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RouteMatch"; + + message GrpcRouteMatchOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteMatch.GrpcRouteMatchOptions"; + } + + message TlsContextMatchOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteMatch.TlsContextMatchOptions"; + + // If specified, the route will match against whether or not a certificate is presented. + // If not specified, certificate presentation status (true or false) will not be considered when route matching. + google.protobuf.BoolValue presented = 1; + + // If specified, the route will match against whether or not a certificate is validated. + // If not specified, certificate validation status (true or false) will not be considered when route matching. + google.protobuf.BoolValue validated = 2; + } + + reserved 5, 3; + + reserved "regex"; + + oneof path_specifier { + option (validate.required) = true; + + // If specified, the route is a prefix rule meaning that the prefix must + // match the beginning of the *:path* header. + string prefix = 1; + + // If specified, the route is an exact path rule meaning that the path must + // exactly match the *:path* header once the query string is removed. + string path = 2; + + // If specified, the route is a regular expression rule meaning that the + // regex must match the *:path* header once the query string is removed. The entire path + // (without the query string) must match the regex. The rule will not match if only a + // subsequence of the *:path* header matches the regex. + // + // [#next-major-version: In the v3 API we should redo how path specification works such + // that we utilize StringMatcher, and additionally have consistent options around whether we + // strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive + // to deprecate the existing options. We should even consider whether we want to do away with + // path_specifier entirely and just rely on a set of header matchers which can already match + // on :path, etc. The issue with that is it is unclear how to generically deal with query string + // stripping. This needs more thought.] + type.matcher.v3.RegexMatcher safe_regex = 10 [(validate.rules).message = {required: true}]; + } + + // Indicates that prefix/path matching should be case insensitive. The default + // is true. + google.protobuf.BoolValue case_sensitive = 4; + + // Indicates that the route should additionally match on a runtime key. Every time the route + // is considered for a match, it must also fall under the percentage of matches indicated by + // this field. For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numerator N, or if the key is not present, the default + // value, the router continues to evaluate the remaining match criteria. A runtime_fraction + // route configuration can be used to roll out route changes in a gradual manner without full + // code/config deploys. Refer to the :ref:`traffic shifting + // ` docs for additional documentation. + // + // .. note:: + // + // Parsing this field is implemented such that the runtime key's data may be represented + // as a FractionalPercent proto represented as JSON/YAML and may also be represented as an + // integer with the assumption that the value is an integral percentage out of 100. For + // instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent + // whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics. + core.v4alpha.RuntimeFractionalPercent runtime_fraction = 9; + + // Specifies a set of headers that the route should match on. The router will + // check the request’s headers against all the specified headers in the route + // config. A match will happen if all the headers in the route are present in + // the request with the same values (or based on presence if the value field + // is not in the config). + repeated HeaderMatcher headers = 6; + + // Specifies a set of URL query parameters on which the route should + // match. The router will check the query string from the *path* header + // against all the specified query parameters. If the number of specified + // query parameters is nonzero, they all must match the *path* header's + // query string for a match to occur. + repeated QueryParameterMatcher query_parameters = 7; + + // If specified, only gRPC requests will be matched. The router will check + // that the content-type header has a application/grpc or one of the various + // application/grpc+ values. + GrpcRouteMatchOptions grpc = 8; + + // If specified, the client tls context will be matched against the defined + // match options. + // + // [#next-major-version: unify with RBAC] + TlsContextMatchOptions tls_context = 11; +} + +// [#next-free-field: 12] +message CorsPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.CorsPolicy"; + + reserved 1, 8, 7; + + reserved "allow_origin", "allow_origin_regex", "enabled"; + + // Specifies string patterns that match allowed origins. An origin is allowed if any of the + // string matchers match. + repeated type.matcher.v3.StringMatcher allow_origin_string_match = 11; + + // Specifies the content for the *access-control-allow-methods* header. + string allow_methods = 2; + + // Specifies the content for the *access-control-allow-headers* header. + string allow_headers = 3; + + // Specifies the content for the *access-control-expose-headers* header. + string expose_headers = 4; + + // Specifies the content for the *access-control-max-age* header. + string max_age = 5; + + // Specifies whether the resource allows credentials. + google.protobuf.BoolValue allow_credentials = 6; + + oneof enabled_specifier { + // Specifies the % of requests for which the CORS filter is enabled. + // + // If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS + // filter will be enabled for 100% of the requests. + // + // If :ref:`runtime_key ` is + // specified, Envoy will lookup the runtime key to get the percentage of requests to filter. + core.v4alpha.RuntimeFractionalPercent filter_enabled = 9; + } + + // Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not + // enforced. + // + // This field is intended to be used when ``filter_enabled`` and ``enabled`` are off. One of those + // fields have to explicitly disable the filter in order for this setting to take effect. + // + // If :ref:`runtime_key ` is specified, + // Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate + // and track the request's *Origin* to determine if it's valid but will not enforce any policies. + core.v4alpha.RuntimeFractionalPercent shadow_enabled = 10; +} + +// [#next-free-field: 34] +message RouteAction { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RouteAction"; + + enum ClusterNotFoundResponseCode { + // HTTP status code - 503 Service Unavailable. + SERVICE_UNAVAILABLE = 0; + + // HTTP status code - 404 Not Found. + NOT_FOUND = 1; + } + + // Configures :ref:`internal redirect ` behavior. + enum InternalRedirectAction { + PASS_THROUGH_INTERNAL_REDIRECT = 0; + HANDLE_INTERNAL_REDIRECT = 1; + } + + // The router is capable of shadowing traffic from one cluster to another. The current + // implementation is "fire and forget," meaning Envoy will not wait for the shadow cluster to + // respond before returning the response from the primary cluster. All normal statistics are + // collected for the shadow cluster making this feature useful for testing. + // + // During shadowing, the host/authority header is altered such that *-shadow* is appended. This is + // useful for logging. For example, *cluster1* becomes *cluster1-shadow*. + // + // .. note:: + // + // Shadowing will not be triggered if the primary cluster does not exist. + message RequestMirrorPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.RequestMirrorPolicy"; + + reserved 2; + + reserved "runtime_key"; + + // Specifies the cluster that requests will be mirrored to. The cluster must + // exist in the cluster manager configuration. + string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // If not specified, all requests to the target cluster will be mirrored. + // + // If specified, this field takes precedence over the `runtime_key` field and requests must also + // fall under the percentage of matches indicated by this field. + // + // For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numerator N, or if the key is not present, the default + // value, the request will be mirrored. + core.v4alpha.RuntimeFractionalPercent runtime_fraction = 3; + + // Determines if the trace span should be sampled. Defaults to true. + google.protobuf.BoolValue trace_sampled = 4; + } + + // Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer + // `. + // [#next-free-field: 7] + message HashPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy"; + + message Header { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.Header"; + + // The name of the request header that will be used to obtain the hash + // key. If the request header is not present, no hash will be produced. + string header_name = 1 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false} + ]; + } + + // Envoy supports two types of cookie affinity: + // + // 1. Passive. Envoy takes a cookie that's present in the cookies header and + // hashes on its value. + // + // 2. Generated. Envoy generates and sets a cookie with an expiration (TTL) + // on the first request from the client in its response to the client, + // based on the endpoint the request gets sent to. The client then + // presents this on the next and all subsequent requests. The hash of + // this is sufficient to ensure these requests get sent to the same + // endpoint. The cookie is generated by hashing the source and + // destination ports and addresses so that multiple independent HTTP2 + // streams on the same connection will independently receive the same + // cookie, even if they arrive at the Envoy simultaneously. + message Cookie { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.Cookie"; + + // The name of the cookie that will be used to obtain the hash key. If the + // cookie is not present and ttl below is not set, no hash will be + // produced. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // If specified, a cookie with the TTL will be generated if the cookie is + // not present. If the TTL is present and zero, the generated cookie will + // be a session cookie. + google.protobuf.Duration ttl = 2; + + // The name of the path for the cookie. If no path is specified here, no path + // will be set for the cookie. + string path = 3; + } + + message ConnectionProperties { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.ConnectionProperties"; + + // Hash on source IP address. + bool source_ip = 1; + } + + message QueryParameter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.QueryParameter"; + + // The name of the URL query parameter that will be used to obtain the hash + // key. If the parameter is not present, no hash will be produced. Query + // parameter names are case-sensitive. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + message FilterState { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.HashPolicy.FilterState"; + + // The name of the Object in the per-request filterState, which is an + // Envoy::Http::Hashable object. If there is no data associated with the key, + // or the stored object is not Envoy::Http::Hashable, no hash will be produced. + string key = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + oneof policy_specifier { + option (validate.required) = true; + + // Header hash policy. + Header header = 1; + + // Cookie hash policy. + Cookie cookie = 2; + + // Connection properties hash policy. + ConnectionProperties connection_properties = 3; + + // Query parameter hash policy. + QueryParameter query_parameter = 5; + + // Filter state hash policy. + FilterState filter_state = 6; + } + + // The flag that short-circuits the hash computing. This field provides a + // 'fallback' style of configuration: "if a terminal policy doesn't work, + // fallback to rest of the policy list", it saves time when the terminal + // policy works. + // + // If true, and there is already a hash computed, ignore rest of the + // list of hash polices. + // For example, if the following hash methods are configured: + // + // ========= ======== + // specifier terminal + // ========= ======== + // Header A true + // Header B false + // Header C false + // ========= ======== + // + // The generateHash process ends if policy "header A" generates a hash, as + // it's a terminal policy. + bool terminal = 4; + } + + // Allows enabling and disabling upgrades on a per-route basis. + // This overrides any enabled/disabled upgrade filter chain specified in the + // HttpConnectionManager + // :ref:`upgrade_configs + // ` + // but does not affect any custom filter chain specified there. + message UpgradeConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RouteAction.UpgradeConfig"; + + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] will be proxied upstream. + string upgrade_type = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Determines if upgrades are available on this route. Defaults to true. + google.protobuf.BoolValue enabled = 2; + } + + reserved 12, 18, 19, 16, 22, 21, 10; + + reserved "request_mirror_policy"; + + oneof cluster_specifier { + option (validate.required) = true; + + // Indicates the upstream cluster to which the request should be routed + // to. + string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Envoy will determine the cluster to route to by reading the value of the + // HTTP header named by cluster_header from the request headers. If the + // header is not found or the referenced cluster does not exist, Envoy will + // return a 404 response. + // + // .. attention:: + // + // Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 + // *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. + string cluster_header = 2 + [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. See + // :ref:`traffic splitting ` + // for additional documentation. + WeightedCluster weighted_clusters = 3; + } + + // The HTTP status code to use when configured cluster is not found. + // The default response code is 503 Service Unavailable. + ClusterNotFoundResponseCode cluster_not_found_response_code = 20 + [(validate.rules).enum = {defined_only: true}]; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints + // in the upstream cluster with metadata matching what's set in this field will be considered + // for load balancing. If using :ref:`weighted_clusters + // `, metadata will be merged, with values + // provided there taking precedence. The filter name should be specified as *envoy.lb*. + core.v4alpha.Metadata metadata_match = 4; + + // Indicates that during forwarding, the matched prefix (or path) should be + // swapped with this value. This option allows application URLs to be rooted + // at a different path from those exposed at the reverse proxy layer. The router filter will + // place the original path before rewrite into the :ref:`x-envoy-original-path + // ` header. + // + // Only one of *prefix_rewrite* or + // :ref:`regex_rewrite ` + // may be specified. + // + // .. attention:: + // + // Pay careful attention to the use of trailing slashes in the + // :ref:`route's match ` prefix value. + // Stripping a prefix from a path requires multiple Routes to handle all cases. For example, + // rewriting */prefix* to */* and */prefix/etc* to */etc* cannot be done in a single + // :ref:`Route `, as shown by the below config entries: + // + // .. code-block:: yaml + // + // - match: + // prefix: "/prefix/" + // route: + // prefix_rewrite: "/" + // - match: + // prefix: "/prefix" + // route: + // prefix_rewrite: "/" + // + // Having above entries in the config, requests to */prefix* will be stripped to */*, while + // requests to */prefix/etc* will be stripped to */etc*. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during forwarding, portions of the path that match the + // pattern should be rewritten, even allowing the substitution of capture + // groups from the pattern into the new path as specified by the rewrite + // substitution string. This is useful to allow application paths to be + // rewritten in a way that is aware of segments with variable content like + // identifiers. The router filter will place the original path as it was + // before the rewrite into the :ref:`x-envoy-original-path + // ` header. + // + // Only one of :ref:`prefix_rewrite ` + // or *regex_rewrite* may be specified. + // + // Examples using Google's `RE2 `_ engine: + // + // * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution + // string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` + // into ``/v1/api/instance/foo``. + // + // * The pattern ``one`` paired with a substitution string of ``two`` would + // transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. + // + // * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of + // ``\1two\2`` would replace only the first occurrence of ``one``, + // transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. + // + // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` + // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to + // ``/aaa/yyy/bbb``. + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 32; + + oneof host_rewrite_specifier { + // Indicates that during forwarding, the host header will be swapped with + // this value. + string host_rewrite_literal = 6 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during forwarding, the host header will be swapped with + // the hostname of the upstream host chosen by the cluster manager. This + // option is applicable only when the destination cluster for a route is of + // type *strict_dns* or *logical_dns*. Setting this to true with other cluster + // types has no effect. + google.protobuf.BoolValue auto_host_rewrite = 7; + + // Indicates that during forwarding, the host header will be swapped with the content of given + // downstream or :ref:`custom ` header. + // If header value is empty, host header is left intact. + // + // .. attention:: + // + // Pay attention to the potential security implications of using this option. Provided header + // must come from trusted source. + string host_rewrite_header = 29 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; + } + + // Specifies the upstream timeout for the route. If not specified, the default is 15s. This + // spans between the point at which the entire downstream request (i.e. end-of-stream) has been + // processed and when the upstream response has been completely processed. A value of 0 will + // disable the route's timeout. + // + // .. note:: + // + // This timeout includes all retries. See also + // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the + // :ref:`retry overview `. + google.protobuf.Duration timeout = 8; + + // Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, + // although the connection manager wide :ref:`stream_idle_timeout + // ` + // will still apply. A value of 0 will completely disable the route's idle timeout, even if a + // connection manager stream idle timeout is configured. + // + // The idle timeout is distinct to :ref:`timeout + // `, which provides an upper bound + // on the upstream response time; :ref:`idle_timeout + // ` instead bounds the amount + // of time the request's stream may be idle. + // + // After header decoding, the idle timeout will apply on downstream and + // upstream request events. Each time an encode/decode event for headers or + // data is processed for the stream, the timer will be reset. If the timeout + // fires, the stream is terminated with a 408 Request Timeout error code if no + // upstream response header has been received, otherwise a stream reset + // occurs. + google.protobuf.Duration idle_timeout = 24; + + // Indicates that the route has a retry policy. Note that if this is set, + // it'll take precedence over the virtual host level retry policy entirely + // (e.g.: policies are not merged, most internal one becomes the enforced policy). + RetryPolicy retry_policy = 9; + + // [#not-implemented-hide:] + // Specifies the configuration for retry policy extension. Note that if this is set, it'll take + // precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, + // most internal one becomes the enforced policy). :ref:`Retry policy ` + // should not be set if this field is used. + google.protobuf.Any retry_policy_typed_config = 33; + + // Indicates that the route has request mirroring policies. + repeated RequestMirrorPolicy request_mirror_policies = 30; + + // Optionally specifies the :ref:`routing priority `. + core.v4alpha.RoutingPriority priority = 11 [(validate.rules).enum = {defined_only: true}]; + + // Specifies a set of rate limit configurations that could be applied to the + // route. + repeated RateLimit rate_limits = 13; + + // Specifies if the rate limit filter should include the virtual host rate + // limits. By default, if the route configured rate limits, the virtual host + // :ref:`rate_limits ` are not applied to the + // request. + google.protobuf.BoolValue include_vh_rate_limits = 14; + + // Specifies a list of hash policies to use for ring hash load balancing. Each + // hash policy is evaluated individually and the combined result is used to + // route the request. The method of combination is deterministic such that + // identical lists of hash policies will produce the same hash. Since a hash + // policy examines specific parts of a request, it can fail to produce a hash + // (i.e. if the hashed header is not present). If (and only if) all configured + // hash policies fail to generate a hash, no hash will be produced for + // the route. In this case, the behavior is the same as if no hash policies + // were specified (i.e. the ring hash load balancer will choose a random + // backend). If a hash policy has the "terminal" attribute set to true, and + // there is already a hash generated, the hash is returned immediately, + // ignoring the rest of the hash policy list. + repeated HashPolicy hash_policy = 15; + + // Indicates that the route has a CORS policy. + CorsPolicy cors = 17; + + // If present, and the request is a gRPC request, use the + // `grpc-timeout header `_, + // or its default value (infinity) instead of + // :ref:`timeout `, but limit the applied timeout + // to the maximum value specified here. If configured as 0, the maximum allowed timeout for + // gRPC requests is infinity. If not configured at all, the `grpc-timeout` header is not used + // and gRPC requests time out like any other requests using + // :ref:`timeout ` or its default. + // This can be used to prevent unexpected upstream request timeouts due to potentially long + // time gaps between gRPC request and response in gRPC streaming mode. + // + // .. note:: + // + // If a timeout is specified using :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, it takes + // precedence over `grpc-timeout header `_, when + // both are present. See also + // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the + // :ref:`retry overview `. + google.protobuf.Duration max_grpc_timeout = 23; + + // If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting + // the provided duration from the header. This is useful in allowing Envoy to set its global + // timeout to be less than that of the deadline imposed by the calling client, which makes it more + // likely that Envoy will handle the timeout instead of having the call canceled by the client. + // The offset will only be applied if the provided grpc_timeout is greater than the offset. This + // ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning + // infinity). + google.protobuf.Duration grpc_timeout_offset = 28; + + repeated UpgradeConfig upgrade_configs = 25; + + InternalRedirectAction internal_redirect_action = 26; + + // An internal redirect is handled, iff the number of previous internal redirects that a + // downstream request has encountered is lower than this value, and + // :ref:`internal_redirect_action ` + // is set to :ref:`HANDLE_INTERNAL_REDIRECT + // ` + // In the case where a downstream request is bounced among multiple routes by internal redirect, + // the first route that hits this threshold, or has + // :ref:`internal_redirect_action ` + // set to + // :ref:`PASS_THROUGH_INTERNAL_REDIRECT + // ` + // will pass the redirect back to downstream. + // + // If not specified, at most one redirect will be followed. + google.protobuf.UInt32Value max_internal_redirects = 31; + + // Indicates that the route has a hedge policy. Note that if this is set, + // it'll take precedence over the virtual host level hedge policy entirely + // (e.g.: policies are not merged, most internal one becomes the enforced policy). + HedgePolicy hedge_policy = 27; +} + +// HTTP retry :ref:`architecture overview `. +// [#next-free-field: 11] +message RetryPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RetryPolicy"; + + message RetryPriority { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RetryPolicy.RetryPriority"; + + reserved 2; + + reserved "config"; + + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + message RetryHostPredicate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RetryPolicy.RetryHostPredicate"; + + reserved 2; + + reserved "config"; + + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + message RetryBackOff { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RetryPolicy.RetryBackOff"; + + // Specifies the base interval between retries. This parameter is required and must be greater + // than zero. Values less than 1 ms are rounded up to 1 ms. + // See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion of Envoy's + // back-off algorithm. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gt {} + }]; + + // Specifies the maximum interval between retries. This parameter is optional, but must be + // greater than or equal to the `base_interval` if set. The default is 10 times the + // `base_interval`. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion + // of Envoy's back-off algorithm. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}]; + } + + // Specifies the conditions under which retry takes place. These are the same + // conditions documented for :ref:`config_http_filters_router_x-envoy-retry-on` and + // :ref:`config_http_filters_router_x-envoy-retry-grpc-on`. + string retry_on = 1; + + // Specifies the allowed number of retries. This parameter is optional and + // defaults to 1. These are the same conditions documented for + // :ref:`config_http_filters_router_x-envoy-max-retries`. + google.protobuf.UInt32Value num_retries = 2; + + // Specifies a non-zero upstream timeout per retry attempt. This parameter is optional. The + // same conditions documented for + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms` apply. + // + // .. note:: + // + // If left unspecified, Envoy will use the global + // :ref:`route timeout ` for the request. + // Consequently, when using a :ref:`5xx ` based + // retry policy, a request that times out will not be retried as the total timeout budget + // would have been exhausted. + google.protobuf.Duration per_try_timeout = 3; + + // Specifies an implementation of a RetryPriority which is used to determine the + // distribution of load across priorities used for retries. Refer to + // :ref:`retry plugin configuration ` for more details. + RetryPriority retry_priority = 4; + + // Specifies a collection of RetryHostPredicates that will be consulted when selecting a host + // for retries. If any of the predicates reject the host, host selection will be reattempted. + // Refer to :ref:`retry plugin configuration ` for more + // details. + repeated RetryHostPredicate retry_host_predicate = 5; + + // The maximum number of times host selection will be reattempted before giving up, at which + // point the host that was last selected will be routed to. If unspecified, this will default to + // retrying once. + int64 host_selection_retry_max_attempts = 6; + + // HTTP status codes that should trigger a retry in addition to those specified by retry_on. + repeated uint32 retriable_status_codes = 7; + + // Specifies parameters that control retry back off. This parameter is optional, in which case the + // default base interval is 25 milliseconds or, if set, the current value of the + // `upstream.base_retry_backoff_ms` runtime parameter. The default maximum interval is 10 times + // the base interval. The documentation for :ref:`config_http_filters_router_x-envoy-max-retries` + // describes Envoy's back-off algorithm. + RetryBackOff retry_back_off = 8; + + // HTTP response headers that trigger a retry if present in the response. A retry will be + // triggered if any of the header matches match the upstream response headers. + // The field is only consulted if 'retriable-headers' retry policy is active. + repeated HeaderMatcher retriable_headers = 9; + + // HTTP headers which must be present in the request for retries to be attempted. + repeated HeaderMatcher retriable_request_headers = 10; +} + +// HTTP request hedging :ref:`architecture overview `. +message HedgePolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.HedgePolicy"; + + // Specifies the number of initial requests that should be sent upstream. + // Must be at least 1. + // Defaults to 1. + // [#not-implemented-hide:] + google.protobuf.UInt32Value initial_requests = 1 [(validate.rules).uint32 = {gte: 1}]; + + // Specifies a probability that an additional upstream request should be sent + // on top of what is specified by initial_requests. + // Defaults to 0. + // [#not-implemented-hide:] + type.v3.FractionalPercent additional_request_chance = 2; + + // Indicates that a hedged request should be sent when the per-try timeout + // is hit. This will only occur if the retry policy also indicates that a + // timed out request should be retried. + // Once a timed out request is retried due to per try timeout, the router + // filter will ensure that it is not retried again even if the returned + // response headers would otherwise be retried according the specified + // :ref:`RetryPolicy `. + // Defaults to false. + bool hedge_on_per_try_timeout = 3; +} + +// [#next-free-field: 9] +message RedirectAction { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RedirectAction"; + + enum RedirectResponseCode { + // Moved Permanently HTTP Status Code - 301. + MOVED_PERMANENTLY = 0; + + // Found HTTP Status Code - 302. + FOUND = 1; + + // See Other HTTP Status Code - 303. + SEE_OTHER = 2; + + // Temporary Redirect HTTP Status Code - 307. + TEMPORARY_REDIRECT = 3; + + // Permanent Redirect HTTP Status Code - 308. + PERMANENT_REDIRECT = 4; + } + + // When the scheme redirection take place, the following rules apply: + // 1. If the source URI scheme is `http` and the port is explicitly + // set to `:80`, the port will be removed after the redirection + // 2. If the source URI scheme is `https` and the port is explicitly + // set to `:443`, the port will be removed after the redirection + oneof scheme_rewrite_specifier { + // The scheme portion of the URL will be swapped with "https". + bool https_redirect = 4; + + // The scheme portion of the URL will be swapped with this value. + string scheme_redirect = 7; + } + + // The host portion of the URL will be swapped with this value. + string host_redirect = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // The port value of the URL will be swapped with this value. + uint32 port_redirect = 8; + + oneof path_rewrite_specifier { + // The path portion of the URL will be swapped with this value. + string path_redirect = 2 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during redirection, the matched prefix (or path) + // should be swapped with this value. This option allows redirect URLs be dynamically created + // based on the request. + // + // .. attention:: + // + // Pay attention to the use of trailing slashes as mentioned in + // :ref:`RouteAction's prefix_rewrite `. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + } + + // The HTTP status code to use in the redirect response. The default response + // code is MOVED_PERMANENTLY (301). + RedirectResponseCode response_code = 3 [(validate.rules).enum = {defined_only: true}]; + + // Indicates that during redirection, the query portion of the URL will + // be removed. Default value is false. + bool strip_query = 6; +} + +message DirectResponseAction { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.DirectResponseAction"; + + // Specifies the HTTP response status to be returned. + uint32 status = 1 [(validate.rules).uint32 = {lt: 600 gte: 100}]; + + // Specifies the content of the response body. If this setting is omitted, + // no body is included in the generated response. + // + // .. note:: + // + // Headers can be specified using *response_headers_to_add* in the enclosing + // :ref:`envoy_api_msg_config.route.v4alpha.Route`, :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration` or + // :ref:`envoy_api_msg_config.route.v4alpha.VirtualHost`. + core.v4alpha.DataSource body = 2; +} + +message Decorator { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Decorator"; + + // The operation name associated with the request matched to this route. If tracing is + // enabled, this information will be used as the span name reported for this request. + // + // .. note:: + // + // For ingress (inbound) requests, or egress (outbound) responses, this value may be overridden + // by the :ref:`x-envoy-decorator-operation + // ` header. + string operation = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Whether the decorated details should be propagated to the other party. The default is true. + google.protobuf.BoolValue propagate = 2; +} + +message Tracing { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.Tracing"; + + // Target percentage of requests managed by this HTTP connection manager that will be force + // traced if the :ref:`x-client-trace-id ` + // header is set. This field is a direct analog for the runtime variable + // 'tracing.client_sampling' in the :ref:`HTTP Connection Manager + // `. + // Default: 100% + type.v3.FractionalPercent client_sampling = 1; + + // Target percentage of requests managed by this HTTP connection manager that will be randomly + // selected for trace generation, if not requested by the client or not forced. This field is + // a direct analog for the runtime variable 'tracing.random_sampling' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.FractionalPercent random_sampling = 2; + + // Target percentage of requests managed by this HTTP connection manager that will be traced + // after all other sampling checks have been applied (client-directed, force tracing, random + // sampling). This field functions as an upper limit on the total configured sampling rate. For + // instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% + // of client requests with the appropriate headers to be force traced. This field is a direct + // analog for the runtime variable 'tracing.global_enabled' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.FractionalPercent overall_sampling = 3; + + // A list of custom tags with unique tag name to create tags for the active span. + // It will take effect after merging with the :ref:`corresponding configuration + // ` + // configured in the HTTP connection manager. If two tags with the same name are configured + // each in the HTTP connection manager and the route level, the one configured here takes + // priority. + repeated type.tracing.v3.CustomTag custom_tags = 4; +} + +// A virtual cluster is a way of specifying a regex matching rule against +// certain important endpoints such that statistics are generated explicitly for +// the matched requests. The reason this is useful is that when doing +// prefix/path matching Envoy does not always know what the application +// considers to be an endpoint. Thus, it’s impossible for Envoy to generically +// emit per endpoint statistics. However, often systems have highly critical +// endpoints that they wish to get “perfect” statistics on. Virtual cluster +// statistics are perfect in the sense that they are emitted on the downstream +// side such that they include network level failures. +// +// Documentation for :ref:`virtual cluster statistics `. +// +// .. note:: +// +// Virtual clusters are a useful tool, but we do not recommend setting up a virtual cluster for +// every application endpoint. This is both not easily maintainable and as well the matching and +// statistics output are not free. +message VirtualCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.VirtualCluster"; + + reserved 1, 3; + + reserved "pattern", "method"; + + // Specifies a list of header matchers to use for matching requests. Each specified header must + // match. The pseudo-headers `:path` and `:method` can be used to match the request path and + // method, respectively. + repeated HeaderMatcher headers = 4; + + // Specifies the name of the virtual cluster. The virtual cluster name as well + // as the virtual host name are used when emitting statistics. The statistics are emitted by the + // router filter and are documented :ref:`here `. + string name = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// Global rate limiting :ref:`architecture overview `. +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.route.v3.RateLimit"; + + // [#next-free-field: 7] + message Action { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action"; + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("source_cluster", "") + // + // is derived from the :option:`--service-cluster` option. + message SourceCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.SourceCluster"; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("destination_cluster", "") + // + // Once a request matches against a route table rule, a routed cluster is determined by one of + // the following :ref:`route table configuration ` + // settings: + // + // * :ref:`cluster ` indicates the upstream cluster + // to route to. + // * :ref:`weighted_clusters ` + // chooses a cluster randomly from a set of clusters with attributed weight. + // * :ref:`cluster_header ` indicates which + // header in the request contains the target cluster. + message DestinationCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.DestinationCluster"; + } + + // The following descriptor entry is appended when a header contains a key that matches the + // *header_name*: + // + // .. code-block:: cpp + // + // ("", "") + message RequestHeaders { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.RequestHeaders"; + + // The header name to be queried from the request headers. The header’s + // value is used to populate the value of the descriptor entry for the + // descriptor_key. + string header_name = 1 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false} + ]; + + // The key to use in the descriptor entry. + string descriptor_key = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + // The following descriptor entry is appended to the descriptor and is populated using the + // trusted address from :ref:`x-forwarded-for `: + // + // .. code-block:: cpp + // + // ("remote_address", "") + message RemoteAddress { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.RemoteAddress"; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("generic_key", "") + message GenericKey { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.GenericKey"; + + // The value to use in the descriptor entry. + string descriptor_value = 1 [(validate.rules).string = {min_bytes: 1}]; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("header_match", "") + message HeaderValueMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.RateLimit.Action.HeaderValueMatch"; + + // The value to use in the descriptor entry. + string descriptor_value = 1 [(validate.rules).string = {min_bytes: 1}]; + + // If set to true, the action will append a descriptor entry when the + // request matches the headers. If set to false, the action will append a + // descriptor entry when the request does not match the headers. The + // default value is true. + google.protobuf.BoolValue expect_match = 2; + + // Specifies a set of headers that the rate limit action should match + // on. The action will check the request’s headers against all the + // specified headers in the config. A match will happen if all the + // headers in the config are present in the request with the same values + // (or based on presence if the value field is not in the config). + repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; + } + + oneof action_specifier { + option (validate.required) = true; + + // Rate limit on source cluster. + SourceCluster source_cluster = 1; + + // Rate limit on destination cluster. + DestinationCluster destination_cluster = 2; + + // Rate limit on request headers. + RequestHeaders request_headers = 3; + + // Rate limit on remote address. + RemoteAddress remote_address = 4; + + // Rate limit on a generic key. + GenericKey generic_key = 5; + + // Rate limit on the existence of request headers. + HeaderValueMatch header_value_match = 6; + } + } + + // Refers to the stage set in the filter. The rate limit configuration only + // applies to filters with the same stage number. The default stage number is + // 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + google.protobuf.UInt32Value stage = 1 [(validate.rules).uint32 = {lte: 10}]; + + // The key to be set in runtime to disable this rate limit configuration. + string disable_key = 2; + + // A list of actions that are to be applied for this rate limit configuration. + // Order matters as the actions are processed sequentially and the descriptor + // is composed by appending descriptor entries in that sequence. If an action + // cannot append a descriptor entry, no descriptor is generated for the + // configuration. See :ref:`composing actions + // ` for additional documentation. + repeated Action actions = 3 [(validate.rules).repeated = {min_items: 1}]; +} + +// .. attention:: +// +// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 *Host* +// header. Thus, if attempting to match on *Host*, match on *:authority* instead. +// +// .. attention:: +// +// To route on HTTP method, use the special HTTP/2 *:method* header. This works for both +// HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g., +// +// .. code-block:: json +// +// { +// "name": ":method", +// "exact_match": "POST" +// } +// +// .. attention:: +// In the absence of any header match specifier, match will default to :ref:`present_match +// `. i.e, a request that has the :ref:`name +// ` header will match, regardless of the header's +// value. +// +// [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.] +// [#next-free-field: 12] +message HeaderMatcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.HeaderMatcher"; + + reserved 2, 3, 5; + + reserved "regex_match"; + + // Specifies the name of the header in the request. + string name = 1 + [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Specifies how the header match will be performed to route the request. + oneof header_match_specifier { + // If specified, header match will be performed based on the value of the header. + string exact_match = 4; + + // If specified, this regex string is a regular expression rule which implies the entire request + // header value must match the regex. The rule will not match if only a subsequence of the + // request header value matches the regex. + type.matcher.v3.RegexMatcher safe_regex_match = 11; + + // If specified, header match will be performed based on range. + // The rule will match if the request header value is within this range. + // The entire request header value must represent an integer in base 10 notation: consisting of + // an optional plus or minus sign followed by a sequence of digits. The rule will not match if + // the header value does not represent an integer. Match will fail for empty values, floating + // point numbers or if only a subsequence of the header value is an integer. + // + // Examples: + // + // * For range [-10,0), route will match for header value -1, but not for 0, "somestring", 10.9, + // "-1somestring" + type.v3.Int64Range range_match = 6; + + // If specified, header match will be performed based on whether the header is in the + // request. + bool present_match = 7; + + // If specified, header match will be performed based on the prefix of the header value. + // Note: empty prefix is not allowed, please use present_match instead. + // + // Examples: + // + // * The prefix *abcd* matches the value *abcdxyz*, but not for *abcxyz*. + string prefix_match = 9 [(validate.rules).string = {min_bytes: 1}]; + + // If specified, header match will be performed based on the suffix of the header value. + // Note: empty suffix is not allowed, please use present_match instead. + // + // Examples: + // + // * The suffix *abcd* matches the value *xyzabcd*, but not for *xyzbcd*. + string suffix_match = 10 [(validate.rules).string = {min_bytes: 1}]; + } + + // If specified, the match result will be inverted before checking. Defaults to false. + // + // Examples: + // + // * The regex ``\d{3}`` does not match the value *1234*, so it will match when inverted. + // * The range [-10,0) will match the value -1, so it will not match when inverted. + bool invert_match = 8; +} + +// Query parameter matching treats the query string of a request's :path header +// as an ampersand-separated list of keys and/or key=value elements. +// [#next-free-field: 7] +message QueryParameterMatcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.QueryParameterMatcher"; + + reserved 3, 4; + + reserved "value", "regex"; + + // Specifies the name of a key that must be present in the requested + // *path*'s query string. + string name = 1 [(validate.rules).string = {min_bytes: 1 max_bytes: 1024}]; + + oneof query_parameter_match_specifier { + // Specifies whether a query parameter value should match against a string. + type.matcher.v3.StringMatcher string_match = 5 [(validate.rules).message = {required: true}]; + + // Specifies whether a query parameter should be present. + bool present_match = 6; + } +} diff --git a/generated_api_shadow/envoy/config/route/v4alpha/scoped_route.proto b/generated_api_shadow/envoy/config/route/v4alpha/scoped_route.proto new file mode 100644 index 0000000000000..ce3d285b0592b --- /dev/null +++ b/generated_api_shadow/envoy/config/route/v4alpha/scoped_route.proto @@ -0,0 +1,117 @@ +syntax = "proto3"; + +package envoy.config.route.v4alpha; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.route.v4alpha"; +option java_outer_classname = "ScopedRouteProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP scoped routing configuration] +// * Routing :ref:`architecture overview ` + +// Specifies a routing scope, which associates a +// :ref:`Key` to a +// :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration` (identified by its resource name). +// +// The HTTP connection manager builds up a table consisting of these Key to +// RouteConfiguration mappings, and looks up the RouteConfiguration to use per +// request according to the algorithm specified in the +// :ref:`scope_key_builder` +// assigned to the HttpConnectionManager. +// +// For example, with the following configurations (in YAML): +// +// HttpConnectionManager config: +// +// .. code:: +// +// ... +// scoped_routes: +// name: foo-scoped-routes +// scope_key_builder: +// fragments: +// - header_value_extractor: +// name: X-Route-Selector +// element_separator: , +// element: +// separator: = +// key: vip +// +// ScopedRouteConfiguration resources (specified statically via +// :ref:`scoped_route_configurations_list` +// or obtained dynamically via SRDS): +// +// .. code:: +// +// (1) +// name: route-scope1 +// route_configuration_name: route-config1 +// key: +// fragments: +// - string_key: 172.10.10.20 +// +// (2) +// name: route-scope2 +// route_configuration_name: route-config2 +// key: +// fragments: +// - string_key: 172.20.20.30 +// +// A request from a client such as: +// +// .. code:: +// +// GET / HTTP/1.1 +// Host: foo.com +// X-Route-Selector: vip=172.10.10.20 +// +// would result in the routing table defined by the `route-config1` +// RouteConfiguration being assigned to the HTTP request/stream. +// +message ScopedRouteConfiguration { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.ScopedRouteConfiguration"; + + // Specifies a key which is matched against the output of the + // :ref:`scope_key_builder` + // specified in the HttpConnectionManager. The matching is done per HTTP + // request and is dependent on the order of the fragments contained in the + // Key. + message Key { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.ScopedRouteConfiguration.Key"; + + message Fragment { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.route.v3.ScopedRouteConfiguration.Key.Fragment"; + + oneof type { + option (validate.required) = true; + + // A string to match against. + string string_key = 1; + } + } + + // The ordered set of fragments to match against. The order must match the + // fragments in the corresponding + // :ref:`scope_key_builder`. + repeated Fragment fragments = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // The name assigned to the routing scope. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The resource name to use for a :ref:`envoy_api_msg_service.discovery.v3.DiscoveryRequest` to an + // RDS server to fetch the :ref:`envoy_api_msg_config.route.v4alpha.RouteConfiguration` associated + // with this scope. + string route_configuration_name = 2 [(validate.rules).string = {min_bytes: 1}]; + + // The key to match against. + Key key = 3 [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/config/tap/v3/common.proto b/generated_api_shadow/envoy/config/tap/v3/common.proto index 9f9c404a7df09..0fea8f88a638e 100644 --- a/generated_api_shadow/envoy/config/tap/v3/common.proto +++ b/generated_api_shadow/envoy/config/tap/v3/common.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.tap.v3"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common tap configuration] diff --git a/generated_api_shadow/envoy/config/trace/v2/trace.proto b/generated_api_shadow/envoy/config/trace/v2/trace.proto index a61f519687f6a..393465d2bb248 100644 --- a/generated_api_shadow/envoy/config/trace/v2/trace.proto +++ b/generated_api_shadow/envoy/config/trace/v2/trace.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v2"; option java_outer_classname = "TraceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tracing] // Tracing :ref:`architecture overview `. diff --git a/generated_api_shadow/envoy/config/trace/v2alpha/xray.proto b/generated_api_shadow/envoy/config/trace/v2alpha/xray.proto index 3e90a53106c08..27db3ba40b724 100644 --- a/generated_api_shadow/envoy/config/trace/v2alpha/xray.proto +++ b/generated_api_shadow/envoy/config/trace/v2alpha/xray.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v2alpha"; option java_outer_classname = "XrayProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: AWS X-Ray Tracer Configuration] // Configuration for AWS X-Ray tracer diff --git a/generated_api_shadow/envoy/config/trace/v3/trace.proto b/generated_api_shadow/envoy/config/trace/v3/trace.proto index fb1cb596d7aa4..174ab5dceb01f 100644 --- a/generated_api_shadow/envoy/config/trace/v3/trace.proto +++ b/generated_api_shadow/envoy/config/trace/v3/trace.proto @@ -18,7 +18,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v3"; option java_outer_classname = "TraceProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tracing] // Tracing :ref:`architecture overview `. @@ -56,9 +56,9 @@ message Tracing { // - :ref:`OpenCensusConfig ` // - :ref:`AWS X-Ray ` oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/config/trace/v3/xray.proto b/generated_api_shadow/envoy/config/trace/v3/xray.proto index 3a8696694a675..c4259177d6575 100644 --- a/generated_api_shadow/envoy/config/trace/v3/xray.proto +++ b/generated_api_shadow/envoy/config/trace/v3/xray.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v3"; option java_outer_classname = "XrayProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: AWS X-Ray Tracer Configuration] // Configuration for AWS X-Ray tracer diff --git a/generated_api_shadow/envoy/config/trace/v4alpha/BUILD b/generated_api_shadow/envoy/config/trace/v4alpha/BUILD new file mode 100644 index 0000000000000..53ae98aac1407 --- /dev/null +++ b/generated_api_shadow/envoy/config/trace/v4alpha/BUILD @@ -0,0 +1,15 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/trace/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + "@opencensus_proto//opencensus/proto/trace/v1:trace_config_proto", + ], +) diff --git a/generated_api_shadow/envoy/config/trace/v4alpha/trace.proto b/generated_api_shadow/envoy/config/trace/v4alpha/trace.proto new file mode 100644 index 0000000000000..ae8ecc8465976 --- /dev/null +++ b/generated_api_shadow/envoy/config/trace/v4alpha/trace.proto @@ -0,0 +1,271 @@ +syntax = "proto3"; + +package envoy.config.trace.v4alpha; + +import "envoy/config/core/v4alpha/grpc_service.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "opencensus/proto/trace/v1/trace_config.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v4alpha"; +option java_outer_classname = "TraceProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tracing] +// Tracing :ref:`architecture overview `. + +// The tracing configuration specifies global +// settings for the HTTP tracer used by Envoy. The configuration is defined by +// the :ref:`Bootstrap ` :ref:`tracing +// ` field. Envoy may support other tracers +// in the future, but right now the HTTP tracer is the only one supported. +message Tracing { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.Tracing"; + + message Http { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.Tracing.Http"; + + reserved 2; + + reserved "config"; + + // The name of the HTTP trace driver to instantiate. The name must match a + // supported HTTP trace driver. Built-in trace drivers: + // + // - *envoy.tracers.lightstep* + // - *envoy.tracers.zipkin* + // - *envoy.tracers.dynamic_ot* + // - *envoy.tracers.datadog* + // - *envoy.tracers.opencensus* + // - *envoy.tracers.xray* + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Trace driver specific configuration which depends on the driver being instantiated. + // See the trace drivers for examples: + // + // - :ref:`LightstepConfig ` + // - :ref:`ZipkinConfig ` + // - :ref:`DynamicOtConfig ` + // - :ref:`DatadogConfig ` + // - :ref:`OpenCensusConfig ` + // - :ref:`AWS X-Ray ` + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + // Provides configuration for the HTTP tracer. + Http http = 1; +} + +// Configuration for the LightStep tracer. +// [#extension: envoy.tracers.lightstep] +message LightstepConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.LightstepConfig"; + + // Available propagation modes + enum PropagationMode { + // Propagate trace context in the single header x-ot-span-context. + ENVOY = 0; + + // Propagate trace context using LightStep's native format. + LIGHTSTEP = 1; + + // Propagate trace context using the b3 format. + B3 = 2; + + // Propagation trace context using the w3 trace-context standard. + TRACE_CONTEXT = 3; + } + + // The cluster manager cluster that hosts the LightStep collectors. + string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // File containing the access token to the `LightStep + // `_ API. + string access_token_file = 2 [(validate.rules).string = {min_bytes: 1}]; + + // Propagation modes to use by LightStep's tracer. + repeated PropagationMode propagation_modes = 3 + [(validate.rules).repeated = {items {enum {defined_only: true}}}]; +} + +// Configuration for the Zipkin tracer. +// [#extension: envoy.tracers.zipkin] +// [#next-free-field: 6] +message ZipkinConfig { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.ZipkinConfig"; + + // Available Zipkin collector endpoint versions. + enum CollectorEndpointVersion { + // Zipkin API v1, JSON over HTTP. + // [#comment: The default implementation of Zipkin client before this field is added was only v1 + // and the way user configure this was by not explicitly specifying the version. Consequently, + // before this is added, the corresponding Zipkin collector expected to receive v1 payload. + // Hence the motivation of adding HTTP_JSON_V1 as the default is to avoid a breaking change when + // user upgrading Envoy with this change. Furthermore, we also immediately deprecate this field, + // since in Zipkin realm this v1 version is considered to be not preferable anymore.] + hidden_envoy_deprecated_DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 + [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true]; + + // Zipkin API v2, JSON over HTTP. + HTTP_JSON = 1; + + // Zipkin API v2, protobuf over HTTP. + HTTP_PROTO = 2; + + // [#not-implemented-hide:] + GRPC = 3; + } + + // The cluster manager cluster that hosts the Zipkin collectors. Note that the + // Zipkin cluster must be defined in the :ref:`Bootstrap static cluster + // resources `. + string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The API endpoint of the Zipkin service where the spans will be sent. When + // using a standard Zipkin installation, the API endpoint is typically + // /api/v1/spans, which is the default value. + string collector_endpoint = 2 [(validate.rules).string = {min_bytes: 1}]; + + // Determines whether a 128bit trace id will be used when creating a new + // trace instance. The default value is false, which will result in a 64 bit trace id being used. + bool trace_id_128bit = 3; + + // Determines whether client and server spans will share the same span context. + // The default value is true. + google.protobuf.BoolValue shared_span_context = 4; + + // Determines the selected collector endpoint version. By default, the ``HTTP_JSON_V1`` will be + // used. + CollectorEndpointVersion collector_endpoint_version = 5; +} + +// DynamicOtConfig is used to dynamically load a tracer from a shared library +// that implements the `OpenTracing dynamic loading API +// `_. +// [#extension: envoy.tracers.dynamic_ot] +message DynamicOtConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.DynamicOtConfig"; + + // Dynamic library implementing the `OpenTracing API + // `_. + string library = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The configuration to use when creating a tracer from the given dynamic + // library. + google.protobuf.Struct config = 2; +} + +// Configuration for the Datadog tracer. +// [#extension: envoy.tracers.datadog] +message DatadogConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.DatadogConfig"; + + // The cluster to use for submitting traces to the Datadog agent. + string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The name used for the service when traces are generated by envoy. + string service_name = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// Configuration for the OpenCensus tracer. +// [#next-free-field: 15] +// [#extension: envoy.tracers.opencensus] +message OpenCensusConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.OpenCensusConfig"; + + enum TraceContext { + // No-op default, no trace context is utilized. + NONE = 0; + + // W3C Trace-Context format "traceparent:" header. + TRACE_CONTEXT = 1; + + // Binary "grpc-trace-bin:" header. + GRPC_TRACE_BIN = 2; + + // "X-Cloud-Trace-Context:" header. + CLOUD_TRACE_CONTEXT = 3; + + // X-B3-* headers. + B3 = 4; + } + + reserved 7; + + // Configures tracing, e.g. the sampler, max number of annotations, etc. + opencensus.proto.trace.v1.TraceConfig trace_config = 1; + + // Enables the stdout exporter if set to true. This is intended for debugging + // purposes. + bool stdout_exporter_enabled = 2; + + // Enables the Stackdriver exporter if set to true. The project_id must also + // be set. + bool stackdriver_exporter_enabled = 3; + + // The Cloud project_id to use for Stackdriver tracing. + string stackdriver_project_id = 4; + + // (optional) By default, the Stackdriver exporter will connect to production + // Stackdriver. If stackdriver_address is non-empty, it will instead connect + // to this address, which is in the gRPC format: + // https://github.com/grpc/grpc/blob/master/doc/naming.md + string stackdriver_address = 10; + + // (optional) The gRPC server that hosts Stackdriver tracing service. Only + // Google gRPC is supported. If :ref:`target_uri ` + // is not provided, the default production Stackdriver address will be used. + core.v4alpha.GrpcService stackdriver_grpc_service = 13; + + // Enables the Zipkin exporter if set to true. The url and service name must + // also be set. + bool zipkin_exporter_enabled = 5; + + // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans" + string zipkin_url = 6; + + // Enables the OpenCensus Agent exporter if set to true. The ocagent_address or + // ocagent_grpc_service must also be set. + bool ocagent_exporter_enabled = 11; + + // The address of the OpenCensus Agent, if its exporter is enabled, in gRPC + // format: https://github.com/grpc/grpc/blob/master/doc/naming.md + // [#comment:TODO: deprecate this field] + string ocagent_address = 12; + + // (optional) The gRPC server hosted by the OpenCensus Agent. Only Google gRPC is supported. + // This is only used if the ocagent_address is left empty. + core.v4alpha.GrpcService ocagent_grpc_service = 14; + + // List of incoming trace context headers we will accept. First one found + // wins. + repeated TraceContext incoming_trace_context = 8; + + // List of outgoing trace context headers we will produce. + repeated TraceContext outgoing_trace_context = 9; +} + +// Configuration structure. +message TraceServiceConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.trace.v3.TraceServiceConfig"; + + // The upstream gRPC cluster that hosts the metrics service. + core.v4alpha.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/config/trace/v4alpha/xray.proto b/generated_api_shadow/envoy/config/trace/v4alpha/xray.proto new file mode 100644 index 0000000000000..39bcebd1bad7d --- /dev/null +++ b/generated_api_shadow/envoy/config/trace/v4alpha/xray.proto @@ -0,0 +1,35 @@ +syntax = "proto3"; + +package envoy.config.trace.v4alpha; + +import "envoy/config/core/v4alpha/address.proto"; +import "envoy/config/core/v4alpha/base.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v4alpha"; +option java_outer_classname = "XrayProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: AWS X-Ray Tracer Configuration] +// Configuration for AWS X-Ray tracer + +message XRayConfig { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v3.XRayConfig"; + + // The UDP endpoint of the X-Ray Daemon where the spans will be sent. + // If this value is not set, the default value of 127.0.0.1:2000 will be used. + core.v4alpha.SocketAddress daemon_endpoint = 1; + + // The name of the X-Ray segment. + string segment_name = 2 [(validate.rules).string = {min_len: 1}]; + + // The location of a local custom sampling rules JSON file. + // For an example of the sampling rules see: + // `X-Ray SDK documentation + // `_ + core.v4alpha.DataSource sampling_rule_manifest = 3; +} diff --git a/generated_api_shadow/envoy/config/transport_socket/alts/v2alpha/alts.proto b/generated_api_shadow/envoy/config/transport_socket/alts/v2alpha/alts.proto index 12b58fe18d089..92d5fb83a49cd 100644 --- a/generated_api_shadow/envoy/config/transport_socket/alts/v2alpha/alts.proto +++ b/generated_api_shadow/envoy/config/transport_socket/alts/v2alpha/alts.proto @@ -11,7 +11,7 @@ option java_outer_classname = "AltsProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.alts.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: ALTS] // [#extension: envoy.transport_sockets.alts] diff --git a/generated_api_shadow/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto b/generated_api_shadow/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto index ba6df436cb259..1b3fd395d5724 100644 --- a/generated_api_shadow/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto +++ b/generated_api_shadow/envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto @@ -10,7 +10,7 @@ option java_outer_classname = "RawBufferProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.raw_buffer.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Raw Buffer] // [#extension: envoy.transport_sockets.raw_buffer] diff --git a/generated_api_shadow/envoy/config/transport_socket/tap/v2alpha/tap.proto b/generated_api_shadow/envoy/config/transport_socket/tap/v2alpha/tap.proto index 2900b659fe646..0802c7558ad35 100644 --- a/generated_api_shadow/envoy/config/transport_socket/tap/v2alpha/tap.proto +++ b/generated_api_shadow/envoy/config/transport_socket/tap/v2alpha/tap.proto @@ -15,7 +15,7 @@ option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.transport_sockets.tap.v3"; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap] // [#extension: envoy.transport_sockets.tap] diff --git a/generated_api_shadow/envoy/config/wasm/v2alpha/wasm.proto b/generated_api_shadow/envoy/config/wasm/v2alpha/wasm.proto index dbd4ed92b867f..b8f050a23d2b0 100644 --- a/generated_api_shadow/envoy/config/wasm/v2alpha/wasm.proto +++ b/generated_api_shadow/envoy/config/wasm/v2alpha/wasm.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.config.wasm.v2alpha"; option java_outer_classname = "WasmProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.wasm.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Wasm service] diff --git a/generated_api_shadow/envoy/data/accesslog/v2/accesslog.proto b/generated_api_shadow/envoy/data/accesslog/v2/accesslog.proto index 3a616ee19eed2..af19197f62a6a 100644 --- a/generated_api_shadow/envoy/data/accesslog/v2/accesslog.proto +++ b/generated_api_shadow/envoy/data/accesslog/v2/accesslog.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.accesslog.v2"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC access logs] // Envoy access logs describe incoming interaction with Envoy over a fixed diff --git a/generated_api_shadow/envoy/data/accesslog/v3/accesslog.proto b/generated_api_shadow/envoy/data/accesslog/v3/accesslog.proto index 48a0f794245c7..374569d937f28 100644 --- a/generated_api_shadow/envoy/data/accesslog/v3/accesslog.proto +++ b/generated_api_shadow/envoy/data/accesslog/v3/accesslog.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.accesslog.v3"; option java_outer_classname = "AccesslogProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC access logs] // Envoy access logs describe incoming interaction with Envoy over a fixed diff --git a/generated_api_shadow/envoy/data/cluster/v2alpha/outlier_detection_event.proto b/generated_api_shadow/envoy/data/cluster/v2alpha/outlier_detection_event.proto index 38ac1f93684ca..3ea8bc2597fd8 100644 --- a/generated_api_shadow/envoy/data/cluster/v2alpha/outlier_detection_event.proto +++ b/generated_api_shadow/envoy/data/cluster/v2alpha/outlier_detection_event.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.data.cluster.v2alpha"; option java_outer_classname = "OutlierDetectionEventProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.data.cluster.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Outlier detection logging events] // :ref:`Outlier detection logging `. diff --git a/generated_api_shadow/envoy/data/cluster/v3/outlier_detection_event.proto b/generated_api_shadow/envoy/data/cluster/v3/outlier_detection_event.proto index 608df577fa41f..ae1ad4c94d173 100644 --- a/generated_api_shadow/envoy/data/cluster/v3/outlier_detection_event.proto +++ b/generated_api_shadow/envoy/data/cluster/v3/outlier_detection_event.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.cluster.v3"; option java_outer_classname = "OutlierDetectionEventProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Outlier detection logging events] // :ref:`Outlier detection logging `. diff --git a/generated_api_shadow/envoy/data/core/v2alpha/health_check_event.proto b/generated_api_shadow/envoy/data/core/v2alpha/health_check_event.proto index 0fc25b8106632..00fd69fd42d3f 100644 --- a/generated_api_shadow/envoy/data/core/v2alpha/health_check_event.proto +++ b/generated_api_shadow/envoy/data/core/v2alpha/health_check_event.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.core.v2alpha"; option java_outer_classname = "HealthCheckEventProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health check logging events] // :ref:`Health check logging `. diff --git a/generated_api_shadow/envoy/data/core/v3/health_check_event.proto b/generated_api_shadow/envoy/data/core/v3/health_check_event.proto index 4227fbc5c4cff..cff0e381bd193 100644 --- a/generated_api_shadow/envoy/data/core/v3/health_check_event.proto +++ b/generated_api_shadow/envoy/data/core/v3/health_check_event.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.core.v3"; option java_outer_classname = "HealthCheckEventProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health check logging events] // :ref:`Health check logging `. @@ -42,27 +42,27 @@ message HealthCheckEvent { string cluster_name = 3 [(validate.rules).string = {min_bytes: 1}]; + // Host ejection. + google.protobuf.Timestamp timestamp = 6; + oneof event { option (validate.required) = true; - // Host ejection. + // Host addition. HealthCheckEjectUnhealthy eject_unhealthy_event = 4; - // Host addition. + // Host failure. HealthCheckAddHealthy add_healthy_event = 5; - // Host failure. + // Healthy host became degraded. HealthCheckFailure health_check_failure_event = 7; - // Healthy host became degraded. + // A degraded host returned to being healthy. DegradedHealthyHost degraded_healthy_host = 8; - // A degraded host returned to being healthy. + // Timestamp for event. NoLongerDegradedHost no_longer_degraded_host = 9; } - - // Timestamp for event. - google.protobuf.Timestamp timestamp = 6; } message HealthCheckEjectUnhealthy { diff --git a/generated_api_shadow/envoy/data/dns/v2alpha/dns_table.proto b/generated_api_shadow/envoy/data/dns/v2alpha/dns_table.proto index b401a54b3498f..7a9e535c4f3a2 100644 --- a/generated_api_shadow/envoy/data/dns/v2alpha/dns_table.proto +++ b/generated_api_shadow/envoy/data/dns/v2alpha/dns_table.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.data.dns.v2alpha"; option java_outer_classname = "DnsTableProto"; option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: DNS Filter Table Data] // :ref:`DNS Filter config overview `. diff --git a/generated_api_shadow/envoy/data/dns/v3/dns_table.proto b/generated_api_shadow/envoy/data/dns/v3/dns_table.proto index ebecebebc78fd..a6457e118672d 100644 --- a/generated_api_shadow/envoy/data/dns/v3/dns_table.proto +++ b/generated_api_shadow/envoy/data/dns/v3/dns_table.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.dns.v3"; option java_outer_classname = "DnsTableProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: DNS Filter Table Data] // :ref:`DNS Filter config overview `. diff --git a/generated_api_shadow/envoy/data/tap/v2alpha/common.proto b/generated_api_shadow/envoy/data/tap/v2alpha/common.proto index 8030f98afe044..7c02aa7719542 100644 --- a/generated_api_shadow/envoy/data/tap/v2alpha/common.proto +++ b/generated_api_shadow/envoy/data/tap/v2alpha/common.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap common data] diff --git a/generated_api_shadow/envoy/data/tap/v2alpha/http.proto b/generated_api_shadow/envoy/data/tap/v2alpha/http.proto index a6839ae16fa95..60ea68b66d4ad 100644 --- a/generated_api_shadow/envoy/data/tap/v2alpha/http.proto +++ b/generated_api_shadow/envoy/data/tap/v2alpha/http.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP tap data] diff --git a/generated_api_shadow/envoy/data/tap/v2alpha/transport.proto b/generated_api_shadow/envoy/data/tap/v2alpha/transport.proto index 8f775b94e4755..82c2845ee338f 100644 --- a/generated_api_shadow/envoy/data/tap/v2alpha/transport.proto +++ b/generated_api_shadow/envoy/data/tap/v2alpha/transport.proto @@ -12,7 +12,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "TransportProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Transport tap data] // Trace format for the tap transport socket extension. This dumps plain text read/write diff --git a/generated_api_shadow/envoy/data/tap/v2alpha/wrapper.proto b/generated_api_shadow/envoy/data/tap/v2alpha/wrapper.proto index 98e26df09557f..769b95c6160a3 100644 --- a/generated_api_shadow/envoy/data/tap/v2alpha/wrapper.proto +++ b/generated_api_shadow/envoy/data/tap/v2alpha/wrapper.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; option java_outer_classname = "WrapperProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap data wrappers] diff --git a/generated_api_shadow/envoy/data/tap/v3/common.proto b/generated_api_shadow/envoy/data/tap/v3/common.proto index 601ccbc03f167..c954b1b6747d7 100644 --- a/generated_api_shadow/envoy/data/tap/v3/common.proto +++ b/generated_api_shadow/envoy/data/tap/v3/common.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap common data] @@ -17,21 +17,21 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO message Body { option (udpa.annotations.versioning).previous_message_type = "envoy.data.tap.v2alpha.Body"; - oneof body_type { - // Body data as bytes. By default, tap body data will be present in this field, as the proto - // `bytes` type can contain any valid byte. - bytes as_bytes = 1; + // Body data as bytes. By default, tap body data will be present in this field, as the proto + // `bytes` type can contain any valid byte. + bool truncated = 3; + oneof body_type { // Body data as string. This field is only used when the :ref:`JSON_BODY_AS_STRING // ` sink // format type is selected. See the documentation for that option for why this is useful. + bytes as_bytes = 1; + + // Specifies whether body data has been truncated to fit within the specified + // :ref:`max_buffered_rx_bytes + // ` and + // :ref:`max_buffered_tx_bytes + // ` settings. string as_string = 2; } - - // Specifies whether body data has been truncated to fit within the specified - // :ref:`max_buffered_rx_bytes - // ` and - // :ref:`max_buffered_tx_bytes - // ` settings. - bool truncated = 3; } diff --git a/generated_api_shadow/envoy/data/tap/v3/http.proto b/generated_api_shadow/envoy/data/tap/v3/http.proto index ebe6d5eef0094..d4f05fa09522e 100644 --- a/generated_api_shadow/envoy/data/tap/v3/http.proto +++ b/generated_api_shadow/envoy/data/tap/v3/http.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP tap data] diff --git a/generated_api_shadow/envoy/data/tap/v3/transport.proto b/generated_api_shadow/envoy/data/tap/v3/transport.proto index 827c53c7b1de0..f596759cb4907 100644 --- a/generated_api_shadow/envoy/data/tap/v3/transport.proto +++ b/generated_api_shadow/envoy/data/tap/v3/transport.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "TransportProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Transport tap data] // Trace format for the tap transport socket extension. This dumps plain text read/write diff --git a/generated_api_shadow/envoy/data/tap/v3/wrapper.proto b/generated_api_shadow/envoy/data/tap/v3/wrapper.proto index a3affd77f14af..636547614c268 100644 --- a/generated_api_shadow/envoy/data/tap/v3/wrapper.proto +++ b/generated_api_shadow/envoy/data/tap/v3/wrapper.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.data.tap.v3"; option java_outer_classname = "WrapperProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap data wrappers] diff --git a/generated_api_shadow/envoy/extensions/access_loggers/file/v3/file.proto b/generated_api_shadow/envoy/extensions/access_loggers/file/v3/file.proto index d0e8a5cb33193..f3c9c0a11612f 100644 --- a/generated_api_shadow/envoy/extensions/access_loggers/file/v3/file.proto +++ b/generated_api_shadow/envoy/extensions/access_loggers/file/v3/file.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.access_loggers.file.v3"; option java_outer_classname = "FileProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: File access log] // [#extension: envoy.access_loggers.file] diff --git a/generated_api_shadow/envoy/extensions/access_loggers/grpc/v3/als.proto b/generated_api_shadow/envoy/extensions/access_loggers/grpc/v3/als.proto index a13b2ef06fd89..3cc154416627e 100644 --- a/generated_api_shadow/envoy/extensions/access_loggers/grpc/v3/als.proto +++ b/generated_api_shadow/envoy/extensions/access_loggers/grpc/v3/als.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.access_loggers.grpc.v3"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/generated_api_shadow/envoy/extensions/clusters/aggregate/v3/cluster.proto b/generated_api_shadow/envoy/extensions/clusters/aggregate/v3/cluster.proto index c7feab787cb2c..aead1c4517391 100644 --- a/generated_api_shadow/envoy/extensions/clusters/aggregate/v3/cluster.proto +++ b/generated_api_shadow/envoy/extensions/clusters/aggregate/v3/cluster.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.clusters.aggregate.v3"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Aggregate cluster configuration] diff --git a/generated_api_shadow/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto b/generated_api_shadow/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto index b2ffecaa0c6ac..6f100d9dbb7e9 100644 --- a/generated_api_shadow/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto +++ b/generated_api_shadow/envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.clusters.dynamic_forward_proxy.v3"; option java_outer_classname = "ClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamic forward proxy cluster configuration] diff --git a/generated_api_shadow/envoy/extensions/clusters/redis/v3/redis_cluster.proto b/generated_api_shadow/envoy/extensions/clusters/redis/v3/redis_cluster.proto index bc9353d7efe2d..cf01359e55abb 100644 --- a/generated_api_shadow/envoy/extensions/clusters/redis/v3/redis_cluster.proto +++ b/generated_api_shadow/envoy/extensions/clusters/redis/v3/redis_cluster.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.clusters.redis.v3"; option java_outer_classname = "RedisClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Redis Cluster Configuration] // This cluster adds support for `Redis Cluster `_, as part diff --git a/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto b/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto index 32f338d0358c3..7c72af35af33e 100644 --- a/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto +++ b/generated_api_shadow/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.common.dynamic_forward_proxy.v3"; option java_outer_classname = "DnsCacheProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamic forward proxy common configuration] diff --git a/generated_api_shadow/envoy/extensions/common/ratelimit/v3/ratelimit.proto b/generated_api_shadow/envoy/extensions/common/ratelimit/v3/ratelimit.proto index 846ecf94f9f7f..187ae3f229c46 100644 --- a/generated_api_shadow/envoy/extensions/common/ratelimit/v3/ratelimit.proto +++ b/generated_api_shadow/envoy/extensions/common/ratelimit/v3/ratelimit.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.common.ratelimit.v3"; option java_outer_classname = "RatelimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common rate limit components] diff --git a/generated_api_shadow/envoy/extensions/common/tap/v3/common.proto b/generated_api_shadow/envoy/extensions/common/tap/v3/common.proto index cc67a00308b84..46a25b164d67a 100644 --- a/generated_api_shadow/envoy/extensions/common/tap/v3/common.proto +++ b/generated_api_shadow/envoy/extensions/common/tap/v3/common.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.common.tap.v3"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common tap extension configuration] diff --git a/generated_api_shadow/envoy/extensions/common/tap/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/common/tap/v4alpha/BUILD new file mode 100644 index 0000000000000..d1fe49142a8e2 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/common/tap/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/tap/v3:pkg", + "//envoy/extensions/common/tap/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/common/tap/v4alpha/common.proto b/generated_api_shadow/envoy/extensions/common/tap/v4alpha/common.proto new file mode 100644 index 0000000000000..63de14a3d6f63 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/common/tap/v4alpha/common.proto @@ -0,0 +1,61 @@ +syntax = "proto3"; + +package envoy.extensions.common.tap.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/tap/v3/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.common.tap.v4alpha"; +option java_outer_classname = "CommonProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Common tap extension configuration] + +// Common configuration for all tap extensions. +message CommonExtensionConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.common.tap.v3.CommonExtensionConfig"; + + // [#not-implemented-hide:] + message TapDSConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.common.tap.v3.CommonExtensionConfig.TapDSConfig"; + + // Configuration for the source of TapDS updates for this Cluster. + config.core.v4alpha.ConfigSource config_source = 1 + [(validate.rules).message = {required: true}]; + + // Tap config to request from XDS server. + string name = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + oneof config_type { + option (validate.required) = true; + + // If specified, the tap filter will be configured via an admin handler. + AdminConfig admin_config = 1; + + // If specified, the tap filter will be configured via a static configuration that cannot be + // changed. + config.tap.v3.TapConfig static_config = 2; + + // [#not-implemented-hide:] Configuration to use for TapDS updates for the filter. + TapDSConfig tapds_config = 3; + } +} + +// Configuration for the admin handler. See :ref:`here ` for +// more information. +message AdminConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.common.tap.v3.AdminConfig"; + + // Opaque configuration ID. When requests are made to the admin handler, the passed opaque ID is + // matched to the configured filter opaque ID to determine which filter to configure. + string config_id = 1 [(validate.rules).string = {min_bytes: 1}]; +} diff --git a/generated_api_shadow/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto b/generated_api_shadow/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto index e06c7873f277d..38a8872d323e1 100644 --- a/generated_api_shadow/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto +++ b/generated_api_shadow/envoy/extensions/filter/udp/dns_filter/v3alpha/dns_filter.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.extensions.filter.udp.dns_filter.v3al option java_outer_classname = "DnsFilterProto"; option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: DNS Filter] // DNS Filter :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/common/fault/v3/fault.proto b/generated_api_shadow/envoy/extensions/filters/common/fault/v3/fault.proto index e62686eae8a48..a5a688468fb4d 100644 --- a/generated_api_shadow/envoy/extensions/filters/common/fault/v3/fault.proto +++ b/generated_api_shadow/envoy/extensions/filters/common/fault/v3/fault.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.common.fault.v3"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common fault injection types] @@ -40,27 +40,26 @@ message FaultDelay { reserved 2; - // Unused and deprecated. Will be removed in the next release. + // Add a fixed delay before forwarding the operation upstream. See + // https://developers.google.com/protocol-buffers/docs/proto3#json for + // the JSON/YAML Duration mapping. For HTTP/Mongo/Redis, the specified + // delay will be injected before a new request/operation. For TCP + // connections, the proxying of the connection upstream will be delayed + // for the specified period. This is required if type is FIXED. + type.v3.FractionalPercent percentage = 4; + + // Fault delays are controlled via an HTTP header (if applicable). FaultDelayType hidden_envoy_deprecated_type = 1 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; oneof fault_delay_secifier { option (validate.required) = true; - // Add a fixed delay before forwarding the operation upstream. See - // https://developers.google.com/protocol-buffers/docs/proto3#json for - // the JSON/YAML Duration mapping. For HTTP/Mongo/Redis, the specified - // delay will be injected before a new request/operation. For TCP - // connections, the proxying of the connection upstream will be delayed - // for the specified period. This is required if type is FIXED. + // The percentage of operations/connections/requests on which the delay will be injected. google.protobuf.Duration fixed_delay = 3 [(validate.rules).duration = {gt {}}]; - // Fault delays are controlled via an HTTP header (if applicable). HeaderDelay header_delay = 5; } - - // The percentage of operations/connections/requests on which the delay will be injected. - type.v3.FractionalPercent percentage = 4; } // Describes a rate limit to be applied. @@ -85,16 +84,16 @@ message FaultRateLimit { "envoy.config.filter.fault.v2.FaultRateLimit.HeaderLimit"; } + // A fixed rate limit. + type.v3.FractionalPercent percentage = 2; + oneof limit_type { option (validate.required) = true; - // A fixed rate limit. + // Rate limits are controlled via an HTTP header (if applicable). FixedLimit fixed_limit = 1; - // Rate limits are controlled via an HTTP header (if applicable). + // The percentage of operations/connections/requests on which the rate limit will be injected. HeaderLimit header_limit = 3; } - - // The percentage of operations/connections/requests on which the rate limit will be injected. - type.v3.FractionalPercent percentage = 2; } diff --git a/generated_api_shadow/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto b/generated_api_shadow/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto index 6e105dcf228dc..7ff9bb6a0f5f1 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.adaptive_concurrency.v3"; option java_outer_classname = "AdaptiveConcurrencyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Adaptive Concurrency] // Adaptive Concurrency Control :ref:`configuration overview @@ -93,15 +93,15 @@ message AdaptiveConcurrency { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.adaptive_concurrency.v2alpha.AdaptiveConcurrency"; + // Gradient concurrency control will be used. + config.core.v3.RuntimeFeatureFlag enabled = 2; + oneof concurrency_controller_config { option (validate.required) = true; - // Gradient concurrency control will be used. + // If set to false, the adaptive concurrency filter will operate as a pass-through filter. If the + // message is unspecified, the filter will be enabled. GradientControllerConfig gradient_controller_config = 1 [(validate.rules).message = {required: true}]; } - - // If set to false, the adaptive concurrency filter will operate as a pass-through filter. If the - // message is unspecified, the filter will be enabled. - config.core.v3.RuntimeFeatureFlag enabled = 2; } diff --git a/generated_api_shadow/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto b/generated_api_shadow/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto index 90d393024776d..7e96c2efb8359 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.aws_lambda.v3"; option java_outer_classname = "AwsLambdaProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: AWS Lambda] // AWS Lambda :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto b/generated_api_shadow/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto index 2309de89520c0..b80bc1b821087 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.aws_request_signing.v3"; option java_outer_classname = "AwsRequestSigningProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: AwsRequestSigning] // AwsRequestSigning :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/buffer/v3/buffer.proto b/generated_api_shadow/envoy/extensions/filters/http/buffer/v3/buffer.proto index c8b3020414ceb..6f73244032c4e 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/buffer/v3/buffer.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/buffer/v3/buffer.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.buffer.v3"; option java_outer_classname = "BufferProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Buffer] // Buffer :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/cache/v3alpha/cache.proto b/generated_api_shadow/envoy/extensions/filters/http/cache/v3alpha/cache.proto index 736848d1af266..1ff305bb0e279 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/cache/v3alpha/cache.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/cache/v3alpha/cache.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.extensions.filters.http.cache.v3alpha option java_outer_classname = "CacheProto"; option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP Cache Filter] // [#extension: envoy.filters.http.cache] diff --git a/generated_api_shadow/envoy/extensions/filters/http/compressor/v3/compressor.proto b/generated_api_shadow/envoy/extensions/filters/http/compressor/v3/compressor.proto index fabcc8dfead63..0eefe55140d26 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/compressor/v3/compressor.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/compressor/v3/compressor.proto @@ -12,7 +12,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.compressor.v3"; option java_outer_classname = "CompressorProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Compressor] diff --git a/generated_api_shadow/envoy/extensions/filters/http/cors/v3/cors.proto b/generated_api_shadow/envoy/extensions/filters/http/cors/v3/cors.proto index 176e5c4a1865c..0269e1bdfd8c7 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/cors/v3/cors.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/cors/v3/cors.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.cors.v3"; option java_outer_classname = "CorsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Cors] // CORS Filter :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/csrf/v3/csrf.proto b/generated_api_shadow/envoy/extensions/filters/http/csrf/v3/csrf.proto index 286e7fc954711..263d705e3f545 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/csrf/v3/csrf.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/csrf/v3/csrf.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.csrf.v3"; option java_outer_classname = "CsrfProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: CSRF] // Cross-Site Request Forgery :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto b/generated_api_shadow/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto index a5dc4a9b1fb66..b8a2525dbf543 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamic_forward_proxy.v3"; option java_outer_classname = "DynamicForwardProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamic forward proxy] diff --git a/generated_api_shadow/envoy/extensions/filters/http/dynamo/v3/dynamo.proto b/generated_api_shadow/envoy/extensions/filters/http/dynamo/v3/dynamo.proto index 600f22686afc7..13a4f1c6ceee0 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/dynamo/v3/dynamo.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/dynamo/v3/dynamo.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamo.v3"; option java_outer_classname = "DynamoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dynamo] // Dynamo :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto index daed820a1497e..64e82c7b16145 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3"; option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: External Authorization] // External Authorization :ref:`configuration overview `. @@ -27,14 +27,11 @@ message ExtAuthz { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.ext_authz.v2.ExtAuthz"; - // External authorization service configuration. - oneof services { - // gRPC service configuration (default timeout: 200ms). - config.core.v3.GrpcService grpc_service = 1; + // gRPC service configuration (default timeout: 200ms). + bool failure_mode_allow = 2; - // HTTP service configuration (default timeout: 200ms). - HttpService http_service = 3; - } + // HTTP service configuration (default timeout: 200ms). + BufferSettings with_request_body = 5; // Changes filter's behaviour on errors: // @@ -48,19 +45,12 @@ message ExtAuthz { // // Note that errors can be *always* tracked in the :ref:`stats // `. - bool failure_mode_allow = 2; - - // Sets the package version the gRPC service should use. This is particularly - // useful when transitioning from alpha to release versions assuming that both definitions are - // semantically compatible. Deprecation note: This field is deprecated and should only be used for - // version upgrade. See release notes for more details. - bool hidden_envoy_deprecated_use_alpha = 4 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + bool clear_route_cache = 6; // Enables filter to buffer the client request body and send it within the authorization request. // A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization // request message indicating if the body data is partial. - BufferSettings with_request_body = 5; + type.v3.HttpStatus status_on_error = 7; // Clears route cache in order to allow the external authorization service to correctly affect // routing decisions. Filter clears all cached routes when: @@ -72,11 +62,11 @@ message ExtAuthz { // 3. At least one *authorization response header* is added to the client request, or is used for // altering another client request header. // - bool clear_route_cache = 6; + repeated string metadata_context_namespaces = 8; // Sets the HTTP status that is returned to the client when there is a network error between the // filter and the authorization server. The default status is HTTP 403 Forbidden. - type.v3.HttpStatus status_on_error = 7; + config.core.v3.RuntimeFractionalPercent filter_enabled = 9; // Specifies a list of metadata namespaces whose values, if present, will be passed to the // ext_authz service as an opaque *protobuf::Struct*. @@ -90,7 +80,7 @@ message ExtAuthz { // metadata_context_namespaces: // - envoy.filters.http.jwt_authn // - repeated string metadata_context_namespaces = 8; + bool include_peer_certificate = 10; // Specifies if the filter is enabled. // @@ -98,13 +88,19 @@ message ExtAuthz { // Envoy will lookup the runtime key to get the percentage of requests to filter. // // If this field is not specified, the filter will be enabled for all requests. - config.core.v3.RuntimeFractionalPercent filter_enabled = 9; + bool hidden_envoy_deprecated_use_alpha = 4 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // Specifies if the peer certificate is sent to the external service. - // - // When this field is true, Envoy will include the peer X.509 certificate, if available, in the - // :ref:`certificate`. - bool include_peer_certificate = 10; + // External authorization service configuration. + oneof services { + // Specifies if the peer certificate is sent to the external service. + // + // When this field is true, Envoy will include the peer X.509 certificate, if available, in the + // :ref:`certificate`. + config.core.v3.GrpcService grpc_service = 1; + + HttpService http_service = 3; + } } // Configuration for buffering the request data. diff --git a/generated_api_shadow/envoy/extensions/filters/http/fault/v3/fault.proto b/generated_api_shadow/envoy/extensions/filters/http/fault/v3/fault.proto index b736fd404bfce..07996a9507ff9 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/fault/v3/fault.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/fault/v3/fault.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.fault.v3"; option java_outer_classname = "FaultProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Fault Injection] // Fault Injection :ref:`configuration overview `. @@ -35,19 +35,19 @@ message FaultAbort { reserved 1; + // HTTP status code to use to abort the HTTP request. + type.v3.FractionalPercent percentage = 3; + oneof error_type { option (validate.required) = true; - // HTTP status code to use to abort the HTTP request. + // Fault aborts are controlled via an HTTP header (if applicable). uint32 http_status = 2 [(validate.rules).uint32 = {lt: 600 gte: 200}]; - // Fault aborts are controlled via an HTTP header (if applicable). + // The percentage of requests/operations/connections that will be aborted with the error code + // provided. HeaderAbort header_abort = 4; } - - // The percentage of requests/operations/connections that will be aborted with the error code - // provided. - type.v3.FractionalPercent percentage = 3; } // [#next-free-field: 14] diff --git a/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto b/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto index 61db52e493e2a..7e31da49e92ba 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_http1_bridge.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC HTTP/1.1 Bridge] // gRPC HTTP/1.1 Bridge Filter :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto b/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto index 04fa5c891e7a8..85d7cbe1cecd7 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_http1_reverse_bridge.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC HTTP/1.1 Reverse Bridge] // gRPC HTTP/1.1 Reverse Bridge :ref:`configuration overview diff --git a/generated_api_shadow/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto b/generated_api_shadow/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto index 770abc303decd..da27441f2acab 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_json_transcoder.v3"; option java_outer_classname = "TranscoderProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC-JSON transcoder] // gRPC-JSON transcoder :ref:`configuration overview `. @@ -45,36 +45,32 @@ message GrpcJsonTranscoder { bool preserve_proto_field_names = 4; } - oneof descriptor_set { - option (validate.required) = true; - - // Supplies the filename of - // :ref:`the proto descriptor set ` for the gRPC - // services. - string proto_descriptor = 1; + // Supplies the filename of + // :ref:`the proto descriptor set ` for the gRPC + // services. + repeated string services = 2 [(validate.rules).repeated = {min_items: 1}]; - // Supplies the binary content of - // :ref:`the proto descriptor set ` for the gRPC - // services. - bytes proto_descriptor_bin = 4; - } + // Supplies the binary content of + // :ref:`the proto descriptor set ` for the gRPC + // services. + PrintOptions print_options = 3; // A list of strings that // supplies the fully qualified service names (i.e. "package_name.service_name") that // the transcoder will translate. If the service name doesn't exist in ``proto_descriptor``, // Envoy will fail at startup. The ``proto_descriptor`` may contain more services than // the service names specified here, but they won't be translated. - repeated string services = 2 [(validate.rules).repeated = {min_items: 1}]; + bool match_incoming_request_route = 5; // Control options for response JSON. These options are passed directly to // `JsonPrintOptions `_. - PrintOptions print_options = 3; + repeated string ignored_query_parameters = 6; // Whether to keep the incoming request route after the outgoing headers have been transformed to // the match the upstream gRPC service. Note: This means that routes for gRPC services that are // not transcoded cannot be used in combination with *match_incoming_request_route*. - bool match_incoming_request_route = 5; + bool auto_mapping = 7; // A list of query parameters to be ignored for transcoding method mapping. // By default, the transcoder filter will not transcode a request if there are any @@ -101,7 +97,7 @@ message GrpcJsonTranscoder { // The request ``/shelves/100?foo=bar`` will not be mapped to ``GetShelf``` because variable // binding for ``foo`` is not defined. Adding ``foo`` to ``ignored_query_parameters`` will allow // the same request to be mapped to ``GetShelf``. - repeated string ignored_query_parameters = 6; + bool ignore_unknown_query_parameters = 8; // Whether to route methods without the ``google.api.http`` option. // @@ -123,41 +119,45 @@ message GrpcJsonTranscoder { // // The client could ``post`` a json body ``{"shelf": 1234}`` with the path of // ``/bookstore.Bookstore/GetShelfRequest`` to call ``GetShelfRequest``. - bool auto_mapping = 7; + bool convert_grpc_status = 9; - // Whether to ignore query parameters that cannot be mapped to a corresponding - // protobuf field. Use this if you cannot control the query parameters and do - // not know them beforehand. Otherwise use ``ignored_query_parameters``. - // Defaults to false. - bool ignore_unknown_query_parameters = 8; + oneof descriptor_set { + option (validate.required) = true; - // Whether to convert gRPC status headers to JSON. - // When trailer indicates a gRPC error and there was no HTTP body, take ``google.rpc.Status`` - // from the ``grpc-status-details-bin`` header and use it as JSON body. - // If there was no such header, make ``google.rpc.Status`` out of the ``grpc-status`` and - // ``grpc-message`` headers. - // The error details types must be present in the ``proto_descriptor``. - // - // For example, if an upstream server replies with headers: - // - // .. code-block:: none - // - // grpc-status: 5 - // grpc-status-details-bin: - // CAUaMwoqdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUucnBjLlJlcXVlc3RJbmZvEgUKA3ItMQ - // - // The ``grpc-status-details-bin`` header contains a base64-encoded protobuf message - // ``google.rpc.Status``. It will be transcoded into: - // - // .. code-block:: none - // - // HTTP/1.1 404 Not Found - // content-type: application/json - // - // {"code":5,"details":[{"@type":"type.googleapis.com/google.rpc.RequestInfo","requestId":"r-1"}]} - // - // In order to transcode the message, the ``google.rpc.RequestInfo`` type from - // the ``google/rpc/error_details.proto`` should be included in the configured - // :ref:`proto descriptor set `. - bool convert_grpc_status = 9; + // Whether to ignore query parameters that cannot be mapped to a corresponding + // protobuf field. Use this if you cannot control the query parameters and do + // not know them beforehand. Otherwise use ``ignored_query_parameters``. + // Defaults to false. + string proto_descriptor = 1; + + // Whether to convert gRPC status headers to JSON. + // When trailer indicates a gRPC error and there was no HTTP body, take ``google.rpc.Status`` + // from the ``grpc-status-details-bin`` header and use it as JSON body. + // If there was no such header, make ``google.rpc.Status`` out of the ``grpc-status`` and + // ``grpc-message`` headers. + // The error details types must be present in the ``proto_descriptor``. + // + // For example, if an upstream server replies with headers: + // + // .. code-block:: none + // + // grpc-status: 5 + // grpc-status-details-bin: + // CAUaMwoqdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUucnBjLlJlcXVlc3RJbmZvEgUKA3ItMQ + // + // The ``grpc-status-details-bin`` header contains a base64-encoded protobuf message + // ``google.rpc.Status``. It will be transcoded into: + // + // .. code-block:: none + // + // HTTP/1.1 404 Not Found + // content-type: application/json + // + // {"code":5,"details":[{"@type":"type.googleapis.com/google.rpc.RequestInfo","requestId":"r-1"}]} + // + // In order to transcode the message, the ``google.rpc.RequestInfo`` type from + // the ``google/rpc/error_details.proto`` should be included in the configured + // :ref:`proto descriptor set `. + bytes proto_descriptor_bin = 4; + } } diff --git a/generated_api_shadow/envoy/extensions/filters/http/grpc_stats/v3/config.proto b/generated_api_shadow/envoy/extensions/filters/http/grpc_stats/v3/config.proto index 037e5efe04f5e..1fecdaea0a164 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/grpc_stats/v3/config.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/grpc_stats/v3/config.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_stats.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC statistics] gRPC statistics filter // :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto b/generated_api_shadow/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto index 3a3f27835856a..8161139f547b5 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_web.v3"; option java_outer_classname = "GrpcWebProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Web] // gRPC Web :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/gzip/v3/gzip.proto b/generated_api_shadow/envoy/extensions/filters/http/gzip/v3/gzip.proto index 50ac499b16451..3206037723de0 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/gzip/v3/gzip.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/gzip/v3/gzip.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.gzip.v3"; option java_outer_classname = "GzipProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Gzip] // Gzip :ref:`configuration overview `. @@ -46,12 +46,6 @@ message Gzip { // use more memory, but are faster and produce better compression results. The default value is 5. google.protobuf.UInt32Value memory_level = 1 [(validate.rules).uint32 = {lte: 9 gte: 1}]; - // Minimum response length, in bytes, which will trigger compression. The default value is 30. - // .. attention: - // - // **This field is deprecated**. Set the `compressor` field instead. - google.protobuf.UInt32Value hidden_envoy_deprecated_content_length = 2 [deprecated = true]; - // A value used for selecting the zlib compression level. This setting will affect speed and // amount of compression applied to the content. "BEST" provides higher compression at the cost of // higher latency, "SPEED" provides lower compression with minimum impact on response time. @@ -67,29 +61,6 @@ message Gzip { // refer to zlib manual. CompressionStrategy compression_strategy = 4 [(validate.rules).enum = {defined_only: true}]; - // Set of strings that allows specifying which mime-types yield compression; e.g., - // application/json, text/html, etc. When this field is not defined, compression will be applied - // to the following mime-types: "application/javascript", "application/json", - // "application/xhtml+xml", "image/svg+xml", "text/css", "text/html", "text/plain", "text/xml". - // .. attention: - // - // **This field is deprecated**. Set the `compressor` field instead. - repeated string hidden_envoy_deprecated_content_type = 6 [deprecated = true]; - - // If true, disables compression when the response contains an etag header. When it is false, the - // filter will preserve weak etags and remove the ones that require strong validation. - // .. attention: - // - // **This field is deprecated**. Set the `compressor` field instead. - bool hidden_envoy_deprecated_disable_on_etag_header = 7 [deprecated = true]; - - // If true, removes accept-encoding from the request headers before dispatching it to the upstream - // so that responses do not get compressed before reaching the filter. - // .. attention: - // - // **This field is deprecated**. Set the `compressor` field instead. - bool hidden_envoy_deprecated_remove_accept_encoding_header = 8 [deprecated = true]; - // Value from 9 to 15 that represents the base two logarithmic of the compressor's window size. // Larger window results in better compression at the expense of memory usage. The default is 12 // which will produce a 4096 bytes window. For more details about this parameter, please refer to @@ -100,4 +71,12 @@ message Gzip { // the fields `content_length`, `content_type`, `disable_on_etag_header` and // `remove_accept_encoding_header` are ignored. compressor.v3.Compressor compressor = 10; + + google.protobuf.UInt32Value hidden_envoy_deprecated_content_length = 2 [deprecated = true]; + + repeated string hidden_envoy_deprecated_content_type = 6 [deprecated = true]; + + bool hidden_envoy_deprecated_disable_on_etag_header = 7 [deprecated = true]; + + bool hidden_envoy_deprecated_remove_accept_encoding_header = 8 [deprecated = true]; } diff --git a/generated_api_shadow/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto b/generated_api_shadow/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto index 937d323845a7c..8e7c490f01b66 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.header_to_metadata.v3"; option java_outer_classname = "HeaderToMetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Header-To-Metadata Filter] // diff --git a/generated_api_shadow/envoy/extensions/filters/http/health_check/v3/health_check.proto b/generated_api_shadow/envoy/extensions/filters/http/health_check/v3/health_check.proto index 7aa1fe1533897..1a5dbf1bb9006 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/health_check/v3/health_check.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/health_check/v3/health_check.proto @@ -15,7 +15,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.health_check.v3"; option java_outer_classname = "HealthCheckProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health check] // Health check :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto b/generated_api_shadow/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto index a32d06bce1761..a23ad9dea0a90 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.ip_tagging.v3"; option java_outer_classname = "IpTaggingProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: IP tagging] // IP tagging :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/jwt_authn/v3/config.proto b/generated_api_shadow/envoy/extensions/filters/http/jwt_authn/v3/config.proto index 3d5ea6de16525..802a582a572a9 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/jwt_authn/v3/config.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/jwt_authn/v3/config.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.jwt_authn.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: JWT Authentication] // JWT Authentication :ref:`configuration overview `. @@ -78,50 +78,44 @@ message JwtProvider { // repeated string audiences = 2; - // `JSON Web Key Set (JWKS) `_ is needed to - // validate signature of a JWT. This field specifies where to fetch JWKS. - oneof jwks_source_specifier { - option (validate.required) = true; - - // JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP - // URI and how the fetched JWKS should be cached. - // - // Example: - // - // .. code-block:: yaml - // - // remote_jwks: - // http_uri: - // uri: https://www.googleapis.com/oauth2/v1/certs - // cluster: jwt.www.googleapis.com|443 - // cache_duration: - // seconds: 300 - // - RemoteJwks remote_jwks = 3; + // JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP + // URI and how the fetched JWKS should be cached. + // + // Example: + // + // .. code-block:: yaml + // + // remote_jwks: + // http_uri: + // uri: https://www.googleapis.com/oauth2/v1/certs + // cluster: jwt.www.googleapis.com|443 + // cache_duration: + // seconds: 300 + // + bool forward = 5; - // JWKS is in local data source. It could be either in a local file or embedded in the - // inline_string. - // - // Example: local file - // - // .. code-block:: yaml - // - // local_jwks: - // filename: /etc/envoy/jwks/jwks1.txt - // - // Example: inline_string - // - // .. code-block:: yaml - // - // local_jwks: - // inline_string: ACADADADADA - // - config.core.v3.DataSource local_jwks = 4; - } + // JWKS is in local data source. It could be either in a local file or embedded in the + // inline_string. + // + // Example: local file + // + // .. code-block:: yaml + // + // local_jwks: + // filename: /etc/envoy/jwks/jwks1.txt + // + // Example: inline_string + // + // .. code-block:: yaml + // + // local_jwks: + // inline_string: ACADADADADA + // + repeated JwtHeader from_headers = 6; // If false, the JWT is removed in the request after a success verification. If true, the JWT is // not removed in the request. Default value is false. - bool forward = 5; + repeated string from_params = 7; // Two fields below define where to extract the JWT from an HTTP request. // @@ -148,7 +142,7 @@ message JwtProvider { // // ``x-goog-iap-jwt-assertion: ``. // - repeated JwtHeader from_headers = 6; + string forward_payload_header = 8; // JWT is sent in a query parameter. `jwt_params` represents the query parameter names. // @@ -163,33 +157,39 @@ message JwtProvider { // // /path?jwt_token= // - repeated string from_params = 7; + string payload_in_metadata = 9; - // This field specifies the header name to forward a successfully verified JWT payload to the - // backend. The forwarded data is:: - // - // base64url_encoded(jwt_payload_in_JSON) - // - // If it is not specified, the payload will not be forwarded. - string forward_payload_header = 8; + // `JSON Web Key Set (JWKS) `_ is needed to + // validate signature of a JWT. This field specifies where to fetch JWKS. + oneof jwks_source_specifier { + option (validate.required) = true; - // If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata - // in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** - // The value is the *protobuf::Struct*. The value of this field will be the key for its *fields* - // and the value is the *protobuf::Struct* converted from JWT JSON payload. - // - // For example, if payload_in_metadata is *my_payload*: - // - // .. code-block:: yaml - // - // envoy.filters.http.jwt_authn: - // my_payload: - // iss: https://example.com - // sub: test@example.com - // aud: https://example.com - // exp: 1501281058 - // - string payload_in_metadata = 9; + // This field specifies the header name to forward a successfully verified JWT payload to the + // backend. The forwarded data is:: + // + // base64url_encoded(jwt_payload_in_JSON) + // + // If it is not specified, the payload will not be forwarded. + RemoteJwks remote_jwks = 3; + + // If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata + // in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** + // The value is the *protobuf::Struct*. The value of this field will be the key for its *fields* + // and the value is the *protobuf::Struct* converted from JWT JSON payload. + // + // For example, if payload_in_metadata is *my_payload*: + // + // .. code-block:: yaml + // + // envoy.filters.http.jwt_authn: + // my_payload: + // iss: https://example.com + // sub: test@example.com + // aud: https://example.com + // exp: 1501281058 + // + config.core.v3.DataSource local_jwks = 4; + } } // This message specifies how to fetch JWKS from remote and how to cache it. diff --git a/generated_api_shadow/envoy/extensions/filters/http/lua/v3/lua.proto b/generated_api_shadow/envoy/extensions/filters/http/lua/v3/lua.proto index 9265fe9479331..da6b0c09a0f61 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/lua/v3/lua.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/lua/v3/lua.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.lua.v3"; option java_outer_classname = "LuaProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Lua] // Lua :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/on_demand/v3/on_demand.proto b/generated_api_shadow/envoy/extensions/filters/http/on_demand/v3/on_demand.proto index aab72b202329b..5c6b96540c19e 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/on_demand/v3/on_demand.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/on_demand/v3/on_demand.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.on_demand.v3"; option java_outer_classname = "OnDemandProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: OnDemand] // IP tagging :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/original_src/v3/original_src.proto b/generated_api_shadow/envoy/extensions/filters/http/original_src/v3/original_src.proto index 33447f6528899..507c9728fbbf1 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/original_src/v3/original_src.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/original_src/v3/original_src.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.original_src.v3"; option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto b/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto index a9d66843a169e..057b7c3d44032 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.ratelimit.v3"; option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/rbac/v3/rbac.proto b/generated_api_shadow/envoy/extensions/filters/http/rbac/v3/rbac.proto index 7bfb45f82f34e..bae67ec5a0a9c 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/rbac/v3/rbac.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/rbac/v3/rbac.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.rbac.v3"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/router/v3/router.proto b/generated_api_shadow/envoy/extensions/filters/http/router/v3/router.proto index 557d2e0a4a218..6ab64f92f2b0f 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/router/v3/router.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/router/v3/router.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.router.v3"; option java_outer_classname = "RouterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Router] // Router :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/squash/v3/squash.proto b/generated_api_shadow/envoy/extensions/filters/http/squash/v3/squash.proto index eb164a4ec68a3..0ea335a414fab 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/squash/v3/squash.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/squash/v3/squash.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.squash.v3"; option java_outer_classname = "SquashProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Squash] // Squash :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/tap/v3/tap.proto b/generated_api_shadow/envoy/extensions/filters/http/tap/v3/tap.proto index 7d2e37feefdd6..81779443e4a54 100644 --- a/generated_api_shadow/envoy/extensions/filters/http/tap/v3/tap.proto +++ b/generated_api_shadow/envoy/extensions/filters/http/tap/v3/tap.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.tap.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap] // Tap :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/http/tap/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/filters/http/tap/v4alpha/BUILD new file mode 100644 index 0000000000000..5204b739b76c5 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/http/tap/v4alpha/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/extensions/common/tap/v4alpha:pkg", + "//envoy/extensions/filters/http/tap/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/filters/http/tap/v4alpha/tap.proto b/generated_api_shadow/envoy/extensions/filters/http/tap/v4alpha/tap.proto new file mode 100644 index 0000000000000..98798be8bfd2b --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/http/tap/v4alpha/tap.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.tap.v4alpha; + +import "envoy/extensions/common/tap/v4alpha/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.tap.v4alpha"; +option java_outer_classname = "TapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tap] +// Tap :ref:`configuration overview `. +// [#extension: envoy.filters.http.tap] + +// Top level configuration for the tap filter. +message Tap { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.http.tap.v3.Tap"; + + // Common configuration for the HTTP tap filter. + common.tap.v4alpha.CommonExtensionConfig common_config = 1 + [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto b/generated_api_shadow/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto index 80b5938dfd565..cb439b0973ba9 100644 --- a/generated_api_shadow/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto +++ b/generated_api_shadow/envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.http_inspector.v3"; option java_outer_classname = "HttpInspectorProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP Inspector Filter] // Detect whether the application protocol is HTTP. diff --git a/generated_api_shadow/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto b/generated_api_shadow/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto index ec69def4a9e95..8239c5c42c528 100644 --- a/generated_api_shadow/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto +++ b/generated_api_shadow/envoy/extensions/filters/listener/original_dst/v3/original_dst.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.original_dst.v3"; option java_outer_classname = "OriginalDstProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Original Dst Filter] // Use the Original destination address on downstream connections. diff --git a/generated_api_shadow/envoy/extensions/filters/listener/original_src/v3/original_src.proto b/generated_api_shadow/envoy/extensions/filters/listener/original_src/v3/original_src.proto index d3f017f163457..5fd07924d7fd7 100644 --- a/generated_api_shadow/envoy/extensions/filters/listener/original_src/v3/original_src.proto +++ b/generated_api_shadow/envoy/extensions/filters/listener/original_src/v3/original_src.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.original_src.v3"; option java_outer_classname = "OriginalSrcProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Original Src Filter] // Use the Original source address on upstream connections. diff --git a/generated_api_shadow/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto b/generated_api_shadow/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto index 4a8899b1aafcb..63ad72945e280 100644 --- a/generated_api_shadow/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto +++ b/generated_api_shadow/envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.proxy_protocol.v3"; option java_outer_classname = "ProxyProtocolProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Proxy Protocol Filter] // PROXY protocol listener filter. diff --git a/generated_api_shadow/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto b/generated_api_shadow/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto index 7182155bbadf5..eff9774844f4b 100644 --- a/generated_api_shadow/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto +++ b/generated_api_shadow/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.listener.tls_inspector.v3"; option java_outer_classname = "TlsInspectorProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: TLS Inspector Filter] // Allows detecting whether the transport appears to be TLS or plaintext. diff --git a/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto b/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto index 624982dae0960..e2da157574f89 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.client_ssl_auth.v3"; option java_outer_classname = "ClientSslAuthProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Client TLS authentication] // Client TLS authentication diff --git a/generated_api_shadow/envoy/extensions/filters/network/direct_response/v3/config.proto b/generated_api_shadow/envoy/extensions/filters/network/direct_response/v3/config.proto index b8866d703571d..2742372b2f91d 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/direct_response/v3/config.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/direct_response/v3/config.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.direct_response.v3"; option java_outer_classname = "ConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Direct response] // Direct response :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto b/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto index 24038c93552cd..fa1959a425c8e 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.dubbo_proxy.router.v3"; option java_outer_classname = "RouterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Router] // Dubbo router :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto index f3138d81d6b05..749708880d71c 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.dubbo_proxy.v3"; option java_outer_classname = "DubboProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dubbo Proxy] // Dubbo Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto b/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto index d0642620a8314..f06518c0b672e 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/dubbo_proxy/v3/route.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.dubbo_proxy.v3"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Dubbo Proxy Route Configuration] // Dubbo Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/echo/v3/echo.proto b/generated_api_shadow/envoy/extensions/filters/network/echo/v3/echo.proto index 4bcb5d31d8b3b..077d87259b6b2 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/echo/v3/echo.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/echo/v3/echo.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.echo.v3"; option java_outer_classname = "EchoProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Echo] // Echo :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto b/generated_api_shadow/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto index 22cf85f39aae4..c3a63ac0a4f65 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.ext_authz.v3"; option java_outer_classname = "ExtAuthzProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Network External Authorization ] // The network layer external authorization service configuration diff --git a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 6732f2c193975..6d1044caa76be 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -24,7 +24,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3"; option java_outer_classname = "HttpConnectionManagerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP connection manager] // HTTP connection manager :ref:`configuration overview `. @@ -106,27 +106,6 @@ message HttpConnectionManager { EGRESS = 1; } - // The span name will be derived from this field. If - // :ref:`traffic_direction ` is - // specified on the parent listener, then it is used instead of this field. - // - // .. attention:: - // This field has been deprecated in favor of `traffic_direction`. - OperationName hidden_envoy_deprecated_operation_name = 1 [ - deprecated = true, - (validate.rules).enum = {defined_only: true}, - (envoy.annotations.disallowed_by_default) = true - ]; - - // A list of header names used to create tags for the active span. The header name is used to - // populate the tag name, and the header value is used to populate the tag value. The tag is - // created if the specified header name is present in the request's headers. - // - // .. attention:: - // This field has been deprecated in favor of :ref:`custom_tags - // `. - repeated string hidden_envoy_deprecated_request_headers_for_tags = 2 [deprecated = true]; - // Target percentage of requests managed by this HTTP connection manager that will be force // traced if the :ref:`x-client-trace-id ` // header is set. This field is a direct analog for the runtime variable @@ -169,6 +148,14 @@ message HttpConnectionManager { // from the bootstrap config. // [#not-implemented-hide:] config.trace.v3.Tracing.Http provider = 9; + + OperationName hidden_envoy_deprecated_operation_name = 1 [ + deprecated = true, + (validate.rules).enum = {defined_only: true}, + (envoy.annotations.disallowed_by_default) = true + ]; + + repeated string hidden_envoy_deprecated_request_headers_for_tags = 2 [deprecated = true]; } message InternalAddressConfig { @@ -256,74 +243,59 @@ message HttpConnectionManager { // more information. string stat_prefix = 2 [(validate.rules).string = {min_bytes: 1}]; - oneof route_specifier { - option (validate.required) = true; - - // The connection manager’s route table will be dynamically loaded via the RDS API. - Rds rds = 3; + // The connection manager’s route table will be dynamically loaded via the RDS API. + repeated HttpFilter http_filters = 5; - // The route table for the connection manager is static and is specified in this property. - config.route.v3.RouteConfiguration route_config = 4; + // The route table for the connection manager is static and is specified in this property. + google.protobuf.BoolValue add_user_agent = 6; - // A route table will be dynamically assigned to each request based on request attributes - // (e.g., the value of a header). The "routing scopes" (i.e., route tables) and "scope keys" are - // specified in this message. - ScopedRoutes scoped_routes = 31; - } + // A route table will be dynamically assigned to each request based on request attributes + // (e.g., the value of a header). The "routing scopes" (i.e., route tables) and "scope keys" are + // specified in this message. + Tracing tracing = 7; // A list of individual HTTP filters that make up the filter chain for // requests made to the connection manager. Order matters as the filters are // processed sequentially as request events happen. - repeated HttpFilter http_filters = 5; + config.core.v3.HttpProtocolOptions common_http_protocol_options = 35; // Whether the connection manager manipulates the :ref:`config_http_conn_man_headers_user-agent` // and :ref:`config_http_conn_man_headers_downstream-service-cluster` headers. See the linked // documentation for more information. Defaults to false. - google.protobuf.BoolValue add_user_agent = 6; + config.core.v3.Http1ProtocolOptions http_protocol_options = 8; // Presence of the object defines whether the connection manager // emits :ref:`tracing ` data to the :ref:`configured tracing provider // `. - Tracing tracing = 7; + config.core.v3.Http2ProtocolOptions http2_protocol_options = 9; // Additional settings for HTTP requests handled by the connection manager. These will be // applicable to both HTTP1 and HTTP2 requests. - config.core.v3.HttpProtocolOptions common_http_protocol_options = 35; + string server_name = 10; // Additional HTTP/1 settings that are passed to the HTTP/1 codec. - config.core.v3.Http1ProtocolOptions http_protocol_options = 8; + ServerHeaderTransformation server_header_transformation = 34 + [(validate.rules).enum = {defined_only: true}]; // Additional HTTP/2 settings that are passed directly to the HTTP/2 codec. - config.core.v3.Http2ProtocolOptions http2_protocol_options = 9; + google.protobuf.UInt32Value max_request_headers_kb = 29 + [(validate.rules).uint32 = {lte: 96 gt: 0}]; // An optional override that the connection manager will write to the server // header in responses. If not set, the default is *envoy*. - string server_name = 10; + google.protobuf.Duration stream_idle_timeout = 24; // Defines the action to be applied to the Server header on the response path. // By default, Envoy will overwrite the header with the value specified in // server_name. - ServerHeaderTransformation server_header_transformation = 34 - [(validate.rules).enum = {defined_only: true}]; + google.protobuf.Duration request_timeout = 28; // The maximum request headers size for incoming connections. // If unconfigured, the default max request headers allowed is 60 KiB. // Requests that exceed this limit will receive a 431 response. // The max configurable limit is 96 KiB, based on current implementation // constraints. - google.protobuf.UInt32Value max_request_headers_kb = 29 - [(validate.rules).uint32 = {lte: 96 gt: 0}]; - - // The idle timeout for connections managed by the connection manager. The - // idle timeout is defined as the period in which there are no active - // requests. If not set, there is no idle timeout. When the idle timeout is - // reached the connection will be closed. If the connection is an HTTP/2 - // connection a drain sequence will occur prior to closing the connection. - // This field is deprecated. Use :ref:`idle_timeout - // ` - // instead. - google.protobuf.Duration hidden_envoy_deprecated_idle_timeout = 11 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + google.protobuf.Duration drain_timeout = 12; // The stream idle timeout for connections managed by the connection manager. // If not specified, this defaults to 5 minutes. The default value was selected @@ -350,13 +322,13 @@ message HttpConnectionManager { // // A value of 0 will completely disable the connection manager stream idle // timeout, although per-route idle timeout overrides will continue to apply. - google.protobuf.Duration stream_idle_timeout = 24; + google.protobuf.Duration delayed_close_timeout = 26; // The amount of time that Envoy will wait for the entire request to be received. // The timer is activated when the request is initiated, and is disarmed when the last byte of the // request is sent upstream (i.e. all decoding filters have processed the request), OR when the // response is initiated. If not specified or set to 0, this timeout is disabled. - google.protobuf.Duration request_timeout = 28; + repeated config.accesslog.v3.AccessLog access_log = 13; // The time that Envoy will wait between sending an HTTP/2 “shutdown // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. @@ -367,7 +339,7 @@ message HttpConnectionManager { // both when a connection hits the idle timeout or during general server // draining. The default grace period is 5000 milliseconds (5 seconds) if this // option is not specified. - google.protobuf.Duration drain_timeout = 12; + google.protobuf.BoolValue use_remote_address = 14; // The delayed close timeout is for downstream connections managed by the HTTP connection manager. // It is defined as a grace period after connection close processing has been locally initiated @@ -399,11 +371,11 @@ message HttpConnectionManager { // A value of 0 will completely disable delayed close processing. When disabled, the downstream // connection's socket will be closed immediately after the write flush is completed or will // never close if the write flush does not complete. - google.protobuf.Duration delayed_close_timeout = 26; + uint32 xff_num_trusted_hops = 19; // Configuration for :ref:`HTTP access logs ` // emitted by the connection manager. - repeated config.accesslog.v3.AccessLog access_log = 13; + InternalAddressConfig internal_address_config = 25; // If set to true, the connection manager will use the real remote address // of the client connection when determining internal versus external origin and manipulating @@ -412,20 +384,20 @@ message HttpConnectionManager { // :ref:`config_http_conn_man_headers_x-forwarded-for`, // :ref:`config_http_conn_man_headers_x-envoy-internal`, and // :ref:`config_http_conn_man_headers_x-envoy-external-address` for more information. - google.protobuf.BoolValue use_remote_address = 14; + bool skip_xff_append = 21; // The number of additional ingress proxy hops from the right side of the // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when // determining the origin client's IP address. The default is zero if this option // is not specified. See the documentation for // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. - uint32 xff_num_trusted_hops = 19; + string via = 22; // Configures what network addresses are considered internal for stats and header sanitation // purposes. If unspecified, only RFC1918 IP addresses will be considered internal. // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more // information about internal/external addresses. - InternalAddressConfig internal_address_config = 25; + google.protobuf.BoolValue generate_request_id = 15; // If set, Envoy will not append the remote address to the // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. This may be used in @@ -435,28 +407,28 @@ message HttpConnectionManager { // will also suppress XFF addition, it has consequences for logging and other // Envoy uses of the remote address, so *skip_xff_append* should be used // when only an elision of XFF addition is intended. - bool skip_xff_append = 21; + bool preserve_external_request_id = 32; // Via header value to append to request and response headers. If this is // empty, no via header will be appended. - string via = 22; + ForwardClientCertDetails forward_client_cert_details = 16 + [(validate.rules).enum = {defined_only: true}]; // Whether the connection manager will generate the :ref:`x-request-id // ` header if it does not exist. This defaults to // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature // is not desired it can be disabled. - google.protobuf.BoolValue generate_request_id = 15; + SetCurrentClientCertDetails set_current_client_cert_details = 17; // Whether the connection manager will keep the :ref:`x-request-id // ` header if passed for a request that is edge // (Edge request is the request from external clients to front Envoy) and not reset it, which // is the current Envoy behaviour. This defaults to false. - bool preserve_external_request_id = 32; + bool proxy_100_continue = 18; // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP // header. - ForwardClientCertDetails forward_client_cert_details = 16 - [(validate.rules).enum = {defined_only: true}]; + bool represent_ipv4_remote_address_as_ipv4_mapped_ipv6 = 20; // This field is valid only when :ref:`forward_client_cert_details // ` @@ -465,13 +437,13 @@ message HttpConnectionManager { // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, *Hash* is always set, and // *By* is always set when the client certificate presents the URI type Subject Alternative Name // value. - SetCurrentClientCertDetails set_current_client_cert_details = 17; + repeated UpgradeConfig upgrade_configs = 23; // If proxy_100_continue is true, Envoy will proxy incoming "Expect: // 100-continue" headers upstream, and forward "100 Continue" responses // downstream. If this is false or not set, Envoy will instead strip the // "Expect: 100-continue" header, and send a "100 Continue" response itself. - bool proxy_100_continue = 18; + google.protobuf.BoolValue normalize_path = 30; // If // :ref:`use_remote_address @@ -486,9 +458,9 @@ message HttpConnectionManager { // ` for runtime // control. // [#not-implemented-hide:] - bool represent_ipv4_remote_address_as_ipv4_mapped_ipv6 = 20; + bool merge_slashes = 33; - repeated UpgradeConfig upgrade_configs = 23; + RequestIDExtension request_id_extension = 36; // Should paths be normalized according to RFC 3986 before any processing of // requests by HTTP filters or routing? This affects the upstream *:path* header @@ -501,26 +473,33 @@ message HttpConnectionManager { // for details of normalization. // Note that Envoy does not perform // `case normalization ` - google.protobuf.BoolValue normalize_path = 30; + google.protobuf.Duration hidden_envoy_deprecated_idle_timeout = 11 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // Determines if adjacent slashes in the path are merged into one before any processing of - // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without - // setting this option, incoming requests with path `//dir///file` will not match against route - // with `prefix` match set to `/dir`. Defaults to `false`. Note that slash merging is not part of - // `HTTP spec ` and is provided for convenience. - bool merge_slashes = 33; + oneof route_specifier { + option (validate.required) = true; - // The configuration of the request ID extension. This includes operations such as - // generation, validation, and associated tracing operations. - // - // If not set, Envoy uses the default UUID-based behavior: - // - // 1. Request ID is propagated using *x-request-id* header. - // - // 2. Request ID is a universally unique identifier (UUID). - // - // 3. Tracing decision (sampled, forced, etc) is set in 14th byte of the UUID. - RequestIDExtension request_id_extension = 36; + // Determines if adjacent slashes in the path are merged into one before any processing of + // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without + // setting this option, incoming requests with path `//dir///file` will not match against route + // with `prefix` match set to `/dir`. Defaults to `false`. Note that slash merging is not part of + // `HTTP spec ` and is provided for convenience. + Rds rds = 3; + + // The configuration of the request ID extension. This includes operations such as + // generation, validation, and associated tracing operations. + // + // If not set, Envoy uses the default UUID-based behavior: + // + // 1. Request ID is propagated using *x-request-id* header. + // + // 2. Request ID is a universally unique identifier (UUID). + // + // 3. Tracing decision (sampled, forced, etc) is set in 14th byte of the UUID. + config.route.v3.RouteConfiguration route_config = 4; + + ScopedRoutes scoped_routes = 31; + } } message Rds { @@ -695,9 +674,9 @@ message HttpFilter { // Filter specific configuration which depends on the filter being instantiated. See the supported // filters for further documentation. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 4; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/BUILD new file mode 100644 index 0000000000000..792ccf7ab6772 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/BUILD @@ -0,0 +1,19 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/annotations:pkg", + "//envoy/config/accesslog/v3:pkg", + "//envoy/config/core/v4alpha:pkg", + "//envoy/config/route/v4alpha:pkg", + "//envoy/config/trace/v4alpha:pkg", + "//envoy/extensions/filters/network/http_connection_manager/v3:pkg", + "//envoy/type/tracing/v3:pkg", + "//envoy/type/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto new file mode 100644 index 0000000000000..226dc2727fc54 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -0,0 +1,685 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.http_connection_manager.v4alpha; + +import "envoy/config/accesslog/v3/accesslog.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/protocol.proto"; +import "envoy/config/route/v4alpha/route.proto"; +import "envoy/config/route/v4alpha/scoped_route.proto"; +import "envoy/config/trace/v4alpha/trace.proto"; +import "envoy/type/tracing/v3/custom_tag.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v4alpha"; +option java_outer_classname = "HttpConnectionManagerProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: HTTP connection manager] +// HTTP connection manager :ref:`configuration overview `. +// [#extension: envoy.filters.network.http_connection_manager] + +// [#next-free-field: 37] +message HttpConnectionManager { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"; + + enum CodecType { + // For every new connection, the connection manager will determine which + // codec to use. This mode supports both ALPN for TLS listeners as well as + // protocol inference for plaintext listeners. If ALPN data is available, it + // is preferred, otherwise protocol inference is used. In almost all cases, + // this is the right option to choose for this setting. + AUTO = 0; + + // The connection manager will assume that the client is speaking HTTP/1.1. + HTTP1 = 1; + + // The connection manager will assume that the client is speaking HTTP/2 + // (Envoy does not require HTTP/2 to take place over TLS or to use ALPN. + // Prior knowledge is allowed). + HTTP2 = 2; + + // [#not-implemented-hide:] QUIC implementation is not production ready yet. Use this enum with + // caution to prevent accidental execution of QUIC code. I.e. `!= HTTP2` is no longer sufficient + // to distinguish HTTP1 and HTTP2 traffic. + HTTP3 = 3; + } + + enum ServerHeaderTransformation { + // Overwrite any Server header with the contents of server_name. + OVERWRITE = 0; + + // If no Server header is present, append Server server_name + // If a Server header is present, pass it through. + APPEND_IF_ABSENT = 1; + + // Pass through the value of the server header, and do not append a header + // if none is present. + PASS_THROUGH = 2; + } + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + enum ForwardClientCertDetails { + // Do not send the XFCC header to the next hop. This is the default value. + SANITIZE = 0; + + // When the client connection is mTLS (Mutual TLS), forward the XFCC header + // in the request. + FORWARD_ONLY = 1; + + // When the client connection is mTLS, append the client certificate + // information to the request’s XFCC header and forward it. + APPEND_FORWARD = 2; + + // When the client connection is mTLS, reset the XFCC header with the client + // certificate information and send it to the next hop. + SANITIZE_SET = 3; + + // Always forward the XFCC header in the request, regardless of whether the + // client connection is mTLS. + ALWAYS_FORWARD_ONLY = 4; + } + + // [#next-free-field: 10] + message Tracing { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.Tracing"; + + enum OperationName { + // The HTTP listener is used for ingress/incoming requests. + INGRESS = 0; + + // The HTTP listener is used for egress/outgoing requests. + EGRESS = 1; + } + + reserved 1, 2; + + reserved "operation_name", "request_headers_for_tags"; + + // Target percentage of requests managed by this HTTP connection manager that will be force + // traced if the :ref:`x-client-trace-id ` + // header is set. This field is a direct analog for the runtime variable + // 'tracing.client_sampling' in the :ref:`HTTP Connection Manager + // `. + // Default: 100% + type.v3.Percent client_sampling = 3; + + // Target percentage of requests managed by this HTTP connection manager that will be randomly + // selected for trace generation, if not requested by the client or not forced. This field is + // a direct analog for the runtime variable 'tracing.random_sampling' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.Percent random_sampling = 4; + + // Target percentage of requests managed by this HTTP connection manager that will be traced + // after all other sampling checks have been applied (client-directed, force tracing, random + // sampling). This field functions as an upper limit on the total configured sampling rate. For + // instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% + // of client requests with the appropriate headers to be force traced. This field is a direct + // analog for the runtime variable 'tracing.global_enabled' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.Percent overall_sampling = 5; + + // Whether to annotate spans with additional data. If true, spans will include logs for stream + // events. + bool verbose = 6; + + // Maximum length of the request path to extract and include in the HttpUrl tag. Used to + // truncate lengthy request paths to meet the needs of a tracing backend. + // Default: 256 + google.protobuf.UInt32Value max_path_tag_length = 7; + + // A list of custom tags with unique tag name to create tags for the active span. + repeated type.tracing.v3.CustomTag custom_tags = 8; + + // Configuration for an external tracing provider. + // If not specified, Envoy will fall back to using tracing provider configuration + // from the bootstrap config. + // [#not-implemented-hide:] + config.trace.v4alpha.Tracing.Http provider = 9; + } + + message InternalAddressConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager." + "InternalAddressConfig"; + + // Whether unix socket addresses should be considered internal. + bool unix_sockets = 1; + } + + // [#next-free-field: 7] + message SetCurrentClientCertDetails { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager." + "SetCurrentClientCertDetails"; + + reserved 2; + + // Whether to forward the subject of the client cert. Defaults to false. + google.protobuf.BoolValue subject = 1; + + // Whether to forward the entire client cert in URL encoded PEM format. This will appear in the + // XFCC header comma separated from other values with the value Cert="PEM". + // Defaults to false. + bool cert = 3; + + // Whether to forward the entire client cert chain (including the leaf cert) in URL encoded PEM + // format. This will appear in the XFCC header comma separated from other values with the value + // Chain="PEM". + // Defaults to false. + bool chain = 6; + + // Whether to forward the DNS type Subject Alternative Names of the client cert. + // Defaults to false. + bool dns = 4; + + // Whether to forward the URI type Subject Alternative Name of the client cert. Defaults to + // false. + bool uri = 5; + } + + // The configuration for HTTP upgrades. + // For each upgrade type desired, an UpgradeConfig must be added. + // + // .. warning:: + // + // The current implementation of upgrade headers does not handle + // multi-valued upgrade headers. Support for multi-valued headers may be + // added in the future if needed. + // + // .. warning:: + // The current implementation of upgrade headers does not work with HTTP/2 + // upstreams. + message UpgradeConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager." + "UpgradeConfig"; + + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] + // will be proxied upstream. + string upgrade_type = 1; + + // If present, this represents the filter chain which will be created for + // this type of upgrade. If no filters are present, the filter chain for + // HTTP connections will be used for this upgrade type. + repeated HttpFilter filters = 2; + + // Determines if upgrades are enabled or disabled by default. Defaults to true. + // This can be overridden on a per-route basis with :ref:`cluster + // ` as documented in the + // :ref:`upgrade documentation `. + google.protobuf.BoolValue enabled = 3; + } + + reserved 27, 11; + + reserved "idle_timeout"; + + // Supplies the type of codec that the connection manager should use. + CodecType codec_type = 1 [(validate.rules).enum = {defined_only: true}]; + + // The human readable prefix to use when emitting statistics for the + // connection manager. See the :ref:`statistics documentation ` for + // more information. + string stat_prefix = 2 [(validate.rules).string = {min_bytes: 1}]; + + oneof route_specifier { + option (validate.required) = true; + + // The connection manager’s route table will be dynamically loaded via the RDS API. + Rds rds = 3; + + // The route table for the connection manager is static and is specified in this property. + config.route.v4alpha.RouteConfiguration route_config = 4; + + // A route table will be dynamically assigned to each request based on request attributes + // (e.g., the value of a header). The "routing scopes" (i.e., route tables) and "scope keys" are + // specified in this message. + ScopedRoutes scoped_routes = 31; + } + + // A list of individual HTTP filters that make up the filter chain for + // requests made to the connection manager. Order matters as the filters are + // processed sequentially as request events happen. + repeated HttpFilter http_filters = 5; + + // Whether the connection manager manipulates the :ref:`config_http_conn_man_headers_user-agent` + // and :ref:`config_http_conn_man_headers_downstream-service-cluster` headers. See the linked + // documentation for more information. Defaults to false. + google.protobuf.BoolValue add_user_agent = 6; + + // Presence of the object defines whether the connection manager + // emits :ref:`tracing ` data to the :ref:`configured tracing provider + // `. + Tracing tracing = 7; + + // Additional settings for HTTP requests handled by the connection manager. These will be + // applicable to both HTTP1 and HTTP2 requests. + config.core.v4alpha.HttpProtocolOptions common_http_protocol_options = 35; + + // Additional HTTP/1 settings that are passed to the HTTP/1 codec. + config.core.v4alpha.Http1ProtocolOptions http_protocol_options = 8; + + // Additional HTTP/2 settings that are passed directly to the HTTP/2 codec. + config.core.v4alpha.Http2ProtocolOptions http2_protocol_options = 9; + + // An optional override that the connection manager will write to the server + // header in responses. If not set, the default is *envoy*. + string server_name = 10; + + // Defines the action to be applied to the Server header on the response path. + // By default, Envoy will overwrite the header with the value specified in + // server_name. + ServerHeaderTransformation server_header_transformation = 34 + [(validate.rules).enum = {defined_only: true}]; + + // The maximum request headers size for incoming connections. + // If unconfigured, the default max request headers allowed is 60 KiB. + // Requests that exceed this limit will receive a 431 response. + // The max configurable limit is 96 KiB, based on current implementation + // constraints. + google.protobuf.UInt32Value max_request_headers_kb = 29 + [(validate.rules).uint32 = {lte: 96 gt: 0}]; + + // The stream idle timeout for connections managed by the connection manager. + // If not specified, this defaults to 5 minutes. The default value was selected + // so as not to interfere with any smaller configured timeouts that may have + // existed in configurations prior to the introduction of this feature, while + // introducing robustness to TCP connections that terminate without a FIN. + // + // This idle timeout applies to new streams and is overridable by the + // :ref:`route-level idle_timeout + // `. Even on a stream in + // which the override applies, prior to receipt of the initial request + // headers, the :ref:`stream_idle_timeout + // ` + // applies. Each time an encode/decode event for headers or data is processed + // for the stream, the timer will be reset. If the timeout fires, the stream + // is terminated with a 408 Request Timeout error code if no upstream response + // header has been received, otherwise a stream reset occurs. + // + // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due + // to the granularity of events presented to the connection manager. For example, while receiving + // very large request headers, it may be the case that there is traffic regularly arriving on the + // wire while the connection manage is only able to observe the end-of-headers event, hence the + // stream may still idle timeout. + // + // A value of 0 will completely disable the connection manager stream idle + // timeout, although per-route idle timeout overrides will continue to apply. + google.protobuf.Duration stream_idle_timeout = 24; + + // The amount of time that Envoy will wait for the entire request to be received. + // The timer is activated when the request is initiated, and is disarmed when the last byte of the + // request is sent upstream (i.e. all decoding filters have processed the request), OR when the + // response is initiated. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_timeout = 28; + + // The time that Envoy will wait between sending an HTTP/2 “shutdown + // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. + // This is used so that Envoy provides a grace period for new streams that + // race with the final GOAWAY frame. During this grace period, Envoy will + // continue to accept new streams. After the grace period, a final GOAWAY + // frame is sent and Envoy will start refusing new streams. Draining occurs + // both when a connection hits the idle timeout or during general server + // draining. The default grace period is 5000 milliseconds (5 seconds) if this + // option is not specified. + google.protobuf.Duration drain_timeout = 12; + + // The delayed close timeout is for downstream connections managed by the HTTP connection manager. + // It is defined as a grace period after connection close processing has been locally initiated + // during which Envoy will wait for the peer to close (i.e., a TCP FIN/RST is received by Envoy + // from the downstream connection) prior to Envoy closing the socket associated with that + // connection. + // NOTE: This timeout is enforced even when the socket associated with the downstream connection + // is pending a flush of the write buffer. However, any progress made writing data to the socket + // will restart the timer associated with this timeout. This means that the total grace period for + // a socket in this state will be + // +. + // + // Delaying Envoy's connection close and giving the peer the opportunity to initiate the close + // sequence mitigates a race condition that exists when downstream clients do not drain/process + // data in a connection's receive buffer after a remote close has been detected via a socket + // write(). This race leads to such clients failing to process the response code sent by Envoy, + // which could result in erroneous downstream processing. + // + // If the timeout triggers, Envoy will close the connection's socket. + // + // The default timeout is 1000 ms if this option is not specified. + // + // .. NOTE:: + // To be useful in avoiding the race condition described above, this timeout must be set + // to *at least* +<100ms to account for + // a reasonable "worst" case processing time for a full iteration of Envoy's event loop>. + // + // .. WARNING:: + // A value of 0 will completely disable delayed close processing. When disabled, the downstream + // connection's socket will be closed immediately after the write flush is completed or will + // never close if the write flush does not complete. + google.protobuf.Duration delayed_close_timeout = 26; + + // Configuration for :ref:`HTTP access logs ` + // emitted by the connection manager. + repeated config.accesslog.v3.AccessLog access_log = 13; + + // If set to true, the connection manager will use the real remote address + // of the client connection when determining internal versus external origin and manipulating + // various headers. If set to false or absent, the connection manager will use the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for`, + // :ref:`config_http_conn_man_headers_x-envoy-internal`, and + // :ref:`config_http_conn_man_headers_x-envoy-external-address` for more information. + google.protobuf.BoolValue use_remote_address = 14; + + // The number of additional ingress proxy hops from the right side of the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when + // determining the origin client's IP address. The default is zero if this option + // is not specified. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. + uint32 xff_num_trusted_hops = 19; + + // Configures what network addresses are considered internal for stats and header sanitation + // purposes. If unspecified, only RFC1918 IP addresses will be considered internal. + // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more + // information about internal/external addresses. + InternalAddressConfig internal_address_config = 25; + + // If set, Envoy will not append the remote address to the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. This may be used in + // conjunction with HTTP filters that explicitly manipulate XFF after the HTTP connection manager + // has mutated the request headers. While :ref:`use_remote_address + // ` + // will also suppress XFF addition, it has consequences for logging and other + // Envoy uses of the remote address, so *skip_xff_append* should be used + // when only an elision of XFF addition is intended. + bool skip_xff_append = 21; + + // Via header value to append to request and response headers. If this is + // empty, no via header will be appended. + string via = 22; + + // Whether the connection manager will generate the :ref:`x-request-id + // ` header if it does not exist. This defaults to + // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature + // is not desired it can be disabled. + google.protobuf.BoolValue generate_request_id = 15; + + // Whether the connection manager will keep the :ref:`x-request-id + // ` header if passed for a request that is edge + // (Edge request is the request from external clients to front Envoy) and not reset it, which + // is the current Envoy behaviour. This defaults to false. + bool preserve_external_request_id = 32; + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + ForwardClientCertDetails forward_client_cert_details = 16 + [(validate.rules).enum = {defined_only: true}]; + + // This field is valid only when :ref:`forward_client_cert_details + // ` + // is APPEND_FORWARD or SANITIZE_SET and the client connection is mTLS. It specifies the fields in + // the client certificate to be forwarded. Note that in the + // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, *Hash* is always set, and + // *By* is always set when the client certificate presents the URI type Subject Alternative Name + // value. + SetCurrentClientCertDetails set_current_client_cert_details = 17; + + // If proxy_100_continue is true, Envoy will proxy incoming "Expect: + // 100-continue" headers upstream, and forward "100 Continue" responses + // downstream. If this is false or not set, Envoy will instead strip the + // "Expect: 100-continue" header, and send a "100 Continue" response itself. + bool proxy_100_continue = 18; + + // If + // :ref:`use_remote_address + // ` + // is true and represent_ipv4_remote_address_as_ipv4_mapped_ipv6 is true and the remote address is + // an IPv4 address, the address will be mapped to IPv6 before it is appended to *x-forwarded-for*. + // This is useful for testing compatibility of upstream services that parse the header value. For + // example, 50.0.0.1 is represented as ::FFFF:50.0.0.1. See `IPv4-Mapped IPv6 Addresses + // `_ for details. This will also affect the + // :ref:`config_http_conn_man_headers_x-envoy-external-address` header. See + // :ref:`http_connection_manager.represent_ipv4_remote_address_as_ipv4_mapped_ipv6 + // ` for runtime + // control. + // [#not-implemented-hide:] + bool represent_ipv4_remote_address_as_ipv4_mapped_ipv6 = 20; + + repeated UpgradeConfig upgrade_configs = 23; + + // Should paths be normalized according to RFC 3986 before any processing of + // requests by HTTP filters or routing? This affects the upstream *:path* header + // as well. For paths that fail this check, Envoy will respond with 400 to + // paths that are malformed. This defaults to false currently but will default + // true in the future. When not specified, this value may be overridden by the + // runtime variable + // :ref:`http_connection_manager.normalize_path`. + // See `Normalization and Comparison ` + // for details of normalization. + // Note that Envoy does not perform + // `case normalization ` + google.protobuf.BoolValue normalize_path = 30; + + // Determines if adjacent slashes in the path are merged into one before any processing of + // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without + // setting this option, incoming requests with path `//dir///file` will not match against route + // with `prefix` match set to `/dir`. Defaults to `false`. Note that slash merging is not part of + // `HTTP spec ` and is provided for convenience. + bool merge_slashes = 33; + + // The configuration of the request ID extension. This includes operations such as + // generation, validation, and associated tracing operations. + // + // If not set, Envoy uses the default UUID-based behavior: + // + // 1. Request ID is propagated using *x-request-id* header. + // + // 2. Request ID is a universally unique identifier (UUID). + // + // 3. Tracing decision (sampled, forced, etc) is set in 14th byte of the UUID. + RequestIDExtension request_id_extension = 36; +} + +message Rds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.Rds"; + + // Configuration source specifier for RDS. + config.core.v4alpha.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; + + // The name of the route configuration. This name will be passed to the RDS + // API. This allows an Envoy configuration with multiple HTTP listeners (and + // associated HTTP connection manager filters) to use different route + // configurations. + string route_config_name = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// This message is used to work around the limitations with 'oneof' and repeated fields. +message ScopedRouteConfigurationsList { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRouteConfigurationsList"; + + repeated config.route.v4alpha.ScopedRouteConfiguration scoped_route_configurations = 1 + [(validate.rules).repeated = {min_items: 1}]; +} + +// [#next-free-field: 6] +message ScopedRoutes { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes"; + + // Specifies the mechanism for constructing "scope keys" based on HTTP request attributes. These + // keys are matched against a set of :ref:`Key` + // objects assembled from :ref:`ScopedRouteConfiguration` + // messages distributed via SRDS (the Scoped Route Discovery Service) or assigned statically via + // :ref:`scoped_route_configurations_list`. + // + // Upon receiving a request's headers, the Router will build a key using the algorithm specified + // by this message. This key will be used to look up the routing table (i.e., the + // :ref:`RouteConfiguration`) to use for the request. + message ScopeKeyBuilder { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes.ScopeKeyBuilder"; + + // Specifies the mechanism for constructing key fragments which are composed into scope keys. + message FragmentBuilder { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes." + "ScopeKeyBuilder.FragmentBuilder"; + + // Specifies how the value of a header should be extracted. + // The following example maps the structure of a header to the fields in this message. + // + // .. code:: + // + // <0> <1> <-- index + // X-Header: a=b;c=d + // | || | + // | || \----> + // | || + // | |\----> + // | | + // | \----> + // | + // \----> + // + // Each 'a=b' key-value pair constitutes an 'element' of the header field. + message HeaderValueExtractor { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes." + "ScopeKeyBuilder.FragmentBuilder.HeaderValueExtractor"; + + // Specifies a header field's key value pair to match on. + message KvElement { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRoutes." + "ScopeKeyBuilder.FragmentBuilder.HeaderValueExtractor.KvElement"; + + // The separator between key and value (e.g., '=' separates 'k=v;...'). + // If an element is an empty string, the element is ignored. + // If an element contains no separator, the whole element is parsed as key and the + // fragment value is an empty string. + // If there are multiple values for a matched key, the first value is returned. + string separator = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The key to match on. + string key = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + // The name of the header field to extract the value from. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The element separator (e.g., ';' separates 'a;b;c;d'). + // Default: empty string. This causes the entirety of the header field to be extracted. + // If this field is set to an empty string and 'index' is used in the oneof below, 'index' + // must be set to 0. + string element_separator = 2; + + oneof extract_type { + // Specifies the zero based index of the element to extract. + // Note Envoy concatenates multiple values of the same header key into a comma separated + // string, the splitting always happens after the concatenation. + uint32 index = 3; + + // Specifies the key value pair to extract the value from. + KvElement element = 4; + } + } + + oneof type { + option (validate.required) = true; + + // Specifies how a header field's value should be extracted. + HeaderValueExtractor header_value_extractor = 1; + } + } + + // The final(built) scope key consists of the ordered union of these fragments, which are compared in order with the + // fragments of a :ref:`ScopedRouteConfiguration`. + // A missing fragment during comparison will make the key invalid, i.e., the computed key doesn't match any key. + repeated FragmentBuilder fragments = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // The name assigned to the scoped routing configuration. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The algorithm to use for constructing a scope key for each request. + ScopeKeyBuilder scope_key_builder = 2 [(validate.rules).message = {required: true}]; + + // Configuration source specifier for RDS. + // This config source is used to subscribe to RouteConfiguration resources specified in + // ScopedRouteConfiguration messages. + config.core.v4alpha.ConfigSource rds_config_source = 3 + [(validate.rules).message = {required: true}]; + + oneof config_specifier { + option (validate.required) = true; + + // The set of routing scopes corresponding to the HCM. A scope is assigned to a request by + // matching a key constructed from the request's attributes according to the algorithm specified + // by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRouteConfigurationsList scoped_route_configurations_list = 4; + + // The set of routing scopes associated with the HCM will be dynamically loaded via the SRDS + // API. A scope is assigned to a request by matching a key constructed from the request's + // attributes according to the algorithm specified by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRds scoped_rds = 5; + } +} + +message ScopedRds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.ScopedRds"; + + // Configuration source specifier for scoped RDS. + config.core.v4alpha.ConfigSource scoped_rds_config_source = 1 + [(validate.rules).message = {required: true}]; +} + +message HttpFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter"; + + reserved 3, 2; + + reserved "config"; + + // The name of the filter to instantiate. The name must match a + // :ref:`supported filter `. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Filter specific configuration which depends on the filter being instantiated. See the supported + // filters for further documentation. + oneof config_type { + google.protobuf.Any typed_config = 4; + } +} + +message RequestIDExtension { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.RequestIDExtension"; + + // Request ID extension specific configuration. + google.protobuf.Any typed_config = 1; +} diff --git a/generated_api_shadow/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto b/generated_api_shadow/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto index ea05c05f53be6..497e688f4c3d3 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.kafka_broker.v3"; option java_outer_classname = "KafkaBrokerProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Kafka Broker] // Kafka Broker :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto b/generated_api_shadow/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto index 52b52adebd83e..027bc0e3fc982 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.local_ratelimit.v3"; option java_outer_classname = "LocalRateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Local rate limit] // Local rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto index 8c62fcf08adf1..7bd17600d1456 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.mongo_proxy.v3"; option java_outer_classname = "MongoProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Mongo proxy] // MongoDB :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto index c9652141e48a7..663449b270358 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.mysql_proxy.v3"; option java_outer_classname = "MysqlProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: MySQL proxy] // MySQL Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto b/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto index 0f0c5b5a7ea5a..b92d3cee2541a 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.ratelimit.v3"; option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/rbac/v3/rbac.proto b/generated_api_shadow/envoy/extensions/filters/network/rbac/v3/rbac.proto index 1f23c35ba25f8..e62f7b4c419e7 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/rbac/v3/rbac.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/rbac/v3/rbac.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.rbac.v3"; option java_outer_classname = "RbacProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: RBAC] // Role-Based Access Control :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto index 342e87a2fc2fd..60ab28cfcf1fb 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto @@ -16,7 +16,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.redis_proxy.v3"; option java_outer_classname = "RedisProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Redis Proxy] // Redis Proxy :ref:`configuration overview `. @@ -175,34 +175,15 @@ message RedisProxy { // Optional catch-all route to forward commands that doesn't match any of the routes. The // catch-all route becomes required when no routes are specified. - // .. attention:: - // - // This field is deprecated. Use a :ref:`catch_all - // route` - // instead. + Route catch_all_route = 4; + string hidden_envoy_deprecated_catch_all_cluster = 3 [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - - // Optional catch-all route to forward commands that doesn't match any of the routes. The - // catch-all route becomes required when no routes are specified. - Route catch_all_route = 4; } // The prefix to use when emitting :ref:`statistics `. string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; - // Name of cluster from cluster manager. See the :ref:`configuration section - // ` of the architecture overview for recommendations on - // configuring the backing cluster. - // - // .. attention:: - // - // This field is deprecated. Use a :ref:`catch_all - // route` - // instead. - string hidden_envoy_deprecated_cluster = 2 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; - // Network settings for the connection pool to the upstream clusters. ConnPoolSettings settings = 3 [(validate.rules).message = {required: true}]; @@ -248,6 +229,9 @@ message RedisProxy { // client. If an AUTH command is received when the password is not set, then an "ERR Client sent // AUTH, but no password is set" error will be returned. config.core.v3.DataSource downstream_auth_password = 6 [(udpa.annotations.sensitive) = true]; + + string hidden_envoy_deprecated_cluster = 2 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; } // RedisProtocolOptions specifies Redis upstream protocol options. This object is used in diff --git a/generated_api_shadow/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto b/generated_api_shadow/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto index 5fe81abafbae6..3d6f0ee234abb 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.sni_cluster.v3"; option java_outer_classname = "SniClusterProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: SNI Cluster Filter] // Set the upstream cluster name from the SNI field in the TLS connection. diff --git a/generated_api_shadow/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto index ca5adeef36831..6024a6d552bcd 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto @@ -17,7 +17,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.tcp_proxy.v3"; option java_outer_classname = "TcpProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: TCP Proxy] // TCP Proxy :ref:`configuration overview `. @@ -28,68 +28,6 @@ message TcpProxy { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.tcp_proxy.v2.TcpProxy"; - // [#not-implemented-hide:] Deprecated. - // TCP Proxy filter configuration using V1 format. - message DeprecatedV1 { - option deprecated = true; - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1"; - - // A TCP proxy route consists of a set of optional L4 criteria and the - // name of a cluster. If a downstream connection matches all the - // specified criteria, the cluster in the route is used for the - // corresponding upstream connection. Routes are tried in the order - // specified until a match is found. If no match is found, the connection - // is closed. A route with no criteria is valid and always produces a - // match. - // [#next-free-field: 6] - message TCPRoute { - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1.TCPRoute"; - - // The cluster to connect to when a the downstream network connection - // matches the specified criteria. - string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; - - // An optional list of IP address subnets in the form - // “ip_address/xx”. The criteria is satisfied if the destination IP - // address of the downstream connection is contained in at least one of - // the specified subnets. If the parameter is not specified or the list - // is empty, the destination IP address is ignored. The destination IP - // address of the downstream connection might be different from the - // addresses on which the proxy is listening if the connection has been - // redirected. - repeated config.core.v3.CidrRange destination_ip_list = 2; - - // An optional string containing a comma-separated list of port numbers - // or ranges. The criteria is satisfied if the destination port of the - // downstream connection is contained in at least one of the specified - // ranges. If the parameter is not specified, the destination port is - // ignored. The destination port address of the downstream connection - // might be different from the port on which the proxy is listening if - // the connection has been redirected. - string destination_ports = 3; - - // An optional list of IP address subnets in the form - // “ip_address/xx”. The criteria is satisfied if the source IP address - // of the downstream connection is contained in at least one of the - // specified subnets. If the parameter is not specified or the list is - // empty, the source IP address is ignored. - repeated config.core.v3.CidrRange source_ip_list = 4; - - // An optional string containing a comma-separated list of port numbers - // or ranges. The criteria is satisfied if the source port of the - // downstream connection is contained in at least one of the specified - // ranges. If the parameter is not specified, the source port is - // ignored. - string source_ports = 5; - } - - // The route table for the filter. All filter instances must have a route - // table, even if it is empty. - repeated TCPRoute routes = 1 [(validate.rules).repeated = {min_items: 1}]; - } - // Allows for specification of multiple upstream clusters along with weights // that indicate the percentage of traffic to be forwarded to each cluster. // The router selects an upstream cluster based on these weights. @@ -133,26 +71,46 @@ message TcpProxy { string hostname = 1 [(validate.rules).string = {min_bytes: 1}]; } + message DeprecatedV1 { + option deprecated = true; + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1"; + + // [#next-free-field: 6] + message TCPRoute { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.tcp_proxy.v2.TcpProxy.DeprecatedV1.TCPRoute"; + + string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + + repeated config.core.v3.CidrRange destination_ip_list = 2; + + string destination_ports = 3; + + repeated config.core.v3.CidrRange source_ip_list = 4; + + string source_ports = 5; + } + + repeated TCPRoute routes = 1 [(validate.rules).repeated = {min_items: 1}]; + } + // The prefix to use when emitting :ref:`statistics // `. string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; - oneof cluster_specifier { - option (validate.required) = true; - - // The upstream cluster to connect to. - string cluster = 2; + // The upstream cluster to connect to. + config.core.v3.Metadata metadata_match = 9; - // Multiple upstream clusters can be specified for a given route. The - // request is routed to one of the upstream clusters based on weights - // assigned to each cluster. - WeightedCluster weighted_clusters = 10; - } + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. + google.protobuf.Duration idle_timeout = 8; // Optional endpoint metadata match criteria. Only endpoints in the upstream // cluster with metadata matching that set in metadata_match will be // considered. The filter name should be specified as *envoy.lb*. - config.core.v3.Metadata metadata_match = 9; + google.protobuf.Duration downstream_idle_timeout = 3; // The idle timeout for connections managed by the TCP proxy filter. The idle timeout // is defined as the period in which there are no bytes sent or received on either @@ -162,7 +120,7 @@ message TcpProxy { // .. warning:: // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP // FIN packets, etc. - google.protobuf.Duration idle_timeout = 8; + google.protobuf.Duration upstream_idle_timeout = 4; // [#not-implemented-hide:] The idle timeout for connections managed by the TCP proxy // filter. The idle timeout is defined as the period in which there is no @@ -170,30 +128,33 @@ message TcpProxy { // is reached the connection will be closed. The distinction between // downstream_idle_timeout/upstream_idle_timeout provides a means to set // timeout based on the last byte sent on the downstream/upstream connection. - google.protobuf.Duration downstream_idle_timeout = 3; + repeated config.accesslog.v3.AccessLog access_log = 5; // [#not-implemented-hide:] - google.protobuf.Duration upstream_idle_timeout = 4; + google.protobuf.UInt32Value max_connect_attempts = 7 [(validate.rules).uint32 = {gte: 1}]; // Configuration for :ref:`access logs ` // emitted by the this tcp_proxy. - repeated config.accesslog.v3.AccessLog access_log = 5; - - // [#not-implemented-hide:] Deprecated. - DeprecatedV1 hidden_envoy_deprecated_deprecated_v1 = 6 [deprecated = true]; + repeated type.v3.HashPolicy hash_policy = 11 [(validate.rules).repeated = {max_items: 1}]; // The maximum number of unsuccessful connection attempts that will be made before // giving up. If the parameter is not specified, 1 connection attempt will be made. - google.protobuf.UInt32Value max_connect_attempts = 7 [(validate.rules).uint32 = {gte: 1}]; + TunnelingConfig tunneling_config = 12; // Optional configuration for TCP proxy hash policy. If hash_policy is not set, the hash-based // load balancing algorithms will select a host randomly. Currently the number of hash policies is // limited to 1. - repeated type.v3.HashPolicy hash_policy = 11 [(validate.rules).repeated = {max_items: 1}]; + DeprecatedV1 hidden_envoy_deprecated_deprecated_v1 = 6 [deprecated = true]; - // [#not-implemented-hide:] feature in progress - // If set, this configures tunneling, e.g. configuration options to tunnel multiple TCP - // payloads over a shared HTTP/2 tunnel. If this message is absent, the payload - // will be proxied upstream as per usual. - TunnelingConfig tunneling_config = 12; + oneof cluster_specifier { + option (validate.required) = true; + + // [#not-implemented-hide:] feature in progress + // If set, this configures tunneling, e.g. configuration options to tunnel multiple TCP + // payloads over a shared HTTP/2 tunnel. If this message is absent, the payload + // will be proxied upstream as per usual. + string cluster = 2; + + WeightedCluster weighted_clusters = 10; + } } diff --git a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto index 54beaec40b758..4fc3289ae33de 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3"; option java_outer_classname = "RateLimitProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate limit] // Rate limit :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto index 4359ecd0c10f3..3eeae0cba594d 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.v3"; option java_outer_classname = "RouteProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Thrift Proxy Route Configuration] // Thrift Proxy :ref:`configuration overview `. @@ -46,39 +46,39 @@ message RouteMatch { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.thrift_proxy.v2alpha1.RouteMatch"; + // If specified, the route must exactly match the request method name. As a special case, an + // empty string matches any request method name. + bool invert = 3; + + // If specified, the route must have the service name as the request method name prefix. As a + // special case, an empty string matches any service name. Only relevant when service + // multiplexing. + repeated config.route.v3.HeaderMatcher headers = 4; + oneof match_specifier { option (validate.required) = true; - // If specified, the route must exactly match the request method name. As a special case, an - // empty string matches any request method name. + // Inverts whatever matching is done in the :ref:`method_name + // ` or + // :ref:`service_name + // ` fields. + // Cannot be combined with wildcard matching as that would result in routes never being matched. + // + // .. note:: + // + // This does not invert matching done as part of the :ref:`headers field + // ` field. To + // invert header matching, see :ref:`invert_match + // `. string method_name = 1; - // If specified, the route must have the service name as the request method name prefix. As a - // special case, an empty string matches any service name. Only relevant when service - // multiplexing. + // Specifies a set of headers that the route should match on. The router will check the request’s + // headers against all the specified headers in the route config. A match will happen if all the + // headers in the route are present in the request with the same values (or based on presence if + // the value field is not in the config). Note that this only applies for Thrift transports and/or + // protocols that support headers. string service_name = 2; } - - // Inverts whatever matching is done in the :ref:`method_name - // ` or - // :ref:`service_name - // ` fields. - // Cannot be combined with wildcard matching as that would result in routes never being matched. - // - // .. note:: - // - // This does not invert matching done as part of the :ref:`headers field - // ` field. To - // invert header matching, see :ref:`invert_match - // `. - bool invert = 3; - - // Specifies a set of headers that the route should match on. The router will check the request’s - // headers against all the specified headers in the route config. A match will happen if all the - // headers in the route are present in the request with the same values (or based on presence if - // the value field is not in the config). Note that this only applies for Thrift transports and/or - // protocols that support headers. - repeated config.route.v3.HeaderMatcher headers = 4; } // [#next-free-field: 7] @@ -86,42 +86,42 @@ message RouteAction { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.thrift_proxy.v2alpha1.RouteAction"; + // Indicates a single upstream cluster to which the request should be routed + // to. + config.core.v3.Metadata metadata_match = 3; + + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. + repeated config.route.v3.RateLimit rate_limits = 4; + + // Envoy will determine the cluster to route to by reading the value of the + // Thrift header named by cluster_header from the request headers. If the + // header is not found or the referenced cluster does not exist Envoy will + // respond with an unknown method exception or an internal error exception, + // respectively. + bool strip_service_name = 5; + oneof cluster_specifier { option (validate.required) = true; - // Indicates a single upstream cluster to which the request should be routed - // to. + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in + // the upstream cluster with metadata matching what is set in this field will be considered. + // Note that this will be merged with what's provided in :ref:`WeightedCluster.metadata_match + // `, + // with values there taking precedence. Keys and values should be provided under the "envoy.lb" + // metadata key. string cluster = 1 [(validate.rules).string = {min_bytes: 1}]; - // Multiple upstream clusters can be specified for a given route. The - // request is routed to one of the upstream clusters based on weights - // assigned to each cluster. + // Specifies a set of rate limit configurations that could be applied to the route. + // N.B. Thrift service or method name matching can be achieved by specifying a RequestHeaders + // action with the header name ":method-name". WeightedCluster weighted_clusters = 2; - // Envoy will determine the cluster to route to by reading the value of the - // Thrift header named by cluster_header from the request headers. If the - // header is not found or the referenced cluster does not exist Envoy will - // respond with an unknown method exception or an internal error exception, - // respectively. + // Strip the service prefix from the method name, if there's a prefix. For + // example, the method call Service:method would end up being just method. string cluster_header = 6 [(validate.rules).string = {min_bytes: 1}]; } - - // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in - // the upstream cluster with metadata matching what is set in this field will be considered. - // Note that this will be merged with what's provided in :ref:`WeightedCluster.metadata_match - // `, - // with values there taking precedence. Keys and values should be provided under the "envoy.lb" - // metadata key. - config.core.v3.Metadata metadata_match = 3; - - // Specifies a set of rate limit configurations that could be applied to the route. - // N.B. Thrift service or method name matching can be achieved by specifying a RequestHeaders - // action with the header name ":method-name". - repeated config.route.v3.RateLimit rate_limits = 4; - - // Strip the service prefix from the method name, if there's a prefix. For - // example, the method call Service:method would end up being just method. - bool strip_service_name = 5; } // Allows for specification of multiple upstream clusters along with weights that indicate the diff --git a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto index a2bf0b7fbf064..cc8e894394201 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto @@ -14,7 +14,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.v3"; option java_outer_classname = "ThriftProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Thrift Proxy] // Thrift Proxy :ref:`configuration overview `. @@ -100,9 +100,9 @@ message ThriftFilter { // Filter specific configuration which depends on the filter being instantiated. See the supported // filters for further documentation. oneof config_type { - google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; - google.protobuf.Any typed_config = 3; + + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto index 9d85dad00781f..a90f777d79ec1 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.network.zookeeper_proxy.v3"; option java_outer_classname = "ZookeeperProxyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: ZooKeeper proxy] // ZooKeeper Proxy :ref:`configuration overview `. diff --git a/generated_api_shadow/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto b/generated_api_shadow/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto index 17ade45cad1f4..fb7adf4402880 100644 --- a/generated_api_shadow/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto +++ b/generated_api_shadow/envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto @@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.retry.host.omit_host_metadata.v3"; option java_outer_classname = "OmitHostMetadataConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Omit host metadata retry predicate] diff --git a/generated_api_shadow/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto b/generated_api_shadow/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto index 7ad664e48e6ab..b6a4bbecbae8c 100644 --- a/generated_api_shadow/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto +++ b/generated_api_shadow/envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.retry.priority.previous_priorities.v3"; option java_outer_classname = "PreviousPrioritiesConfigProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Previous priorities retry selector] diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/alts/v3/alts.proto b/generated_api_shadow/envoy/extensions/transport_sockets/alts/v3/alts.proto index 3c2509cba27c7..6c001be1c7461 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/alts/v3/alts.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/alts/v3/alts.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.alts.v3"; option java_outer_classname = "AltsProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: ALTS] // [#extension: envoy.transport_sockets.alts] diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto b/generated_api_shadow/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto index 208e23b0b6f1e..85406c1f77135 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.raw_buffer.v3"; option java_outer_classname = "RawBufferProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Raw Buffer] // [#extension: envoy.transport_sockets.raw_buffer] diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tap/v3/tap.proto b/generated_api_shadow/envoy/extensions/transport_sockets/tap/v3/tap.proto index c4ffc2374d39b..ef61575f67f72 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/tap/v3/tap.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tap/v3/tap.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tap.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap] // [#extension: envoy.transport_sockets.tap] diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tap/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/transport_sockets/tap/v4alpha/BUILD new file mode 100644 index 0000000000000..76600e3dd2087 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tap/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/extensions/common/tap/v4alpha:pkg", + "//envoy/extensions/transport_sockets/tap/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tap/v4alpha/tap.proto b/generated_api_shadow/envoy/extensions/transport_sockets/tap/v4alpha/tap.proto new file mode 100644 index 0000000000000..5e0efc403ab5d --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tap/v4alpha/tap.proto @@ -0,0 +1,33 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tap.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/extensions/common/tap/v4alpha/common.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tap.v4alpha"; +option java_outer_classname = "TapProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Tap] +// [#extension: envoy.transport_sockets.tap] + +// Configuration for tap transport socket. This wraps another transport socket, providing the +// ability to interpose and record in plain text any traffic that is surfaced to Envoy. +message Tap { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tap.v3.Tap"; + + // Common configuration for the tap transport socket. + common.tap.v4alpha.CommonExtensionConfig common_config = 1 + [(validate.rules).message = {required: true}]; + + // The underlying transport socket being wrapped. + config.core.v4alpha.TransportSocket transport_socket = 2 + [(validate.rules).message = {required: true}]; +} diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto index c2aa0b2e056fe..7840bee3de06f 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto @@ -19,7 +19,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3"; option java_outer_classname = "CertProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common TLS configuration] @@ -122,10 +122,10 @@ message PrivateKeyProvider { // Private key method provider specific configuration. oneof config_type { + google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true]; + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true, (udpa.annotations.sensitive) = true]; - - google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true]; } } @@ -289,16 +289,6 @@ message CertificateValidationContext { repeated string verify_certificate_hash = 2 [(validate.rules).repeated = {items {string {min_bytes: 64 max_bytes: 95}}}]; - // An optional list of Subject Alternative Names. If specified, Envoy will verify that the - // Subject Alternative Name of the presented certificate matches one of the specified values. - // - // .. attention:: - // - // Subject Alternative Names are easily spoofable and verifying only them is insecure, - // therefore this option must be used together with :ref:`trusted_ca - // `. - repeated string hidden_envoy_deprecated_verify_subject_alt_name = 4 [deprecated = true]; - // An optional list of Subject Alternative name matchers. Envoy will verify that the // Subject Alternative Name of the presented certificate matches one of the specified matches. // @@ -338,6 +328,8 @@ message CertificateValidationContext { // Certificate trust chain verification mode. TrustChainVerification trust_chain_verification = 10 [(validate.rules).enum = {defined_only: true}]; + + repeated string hidden_envoy_deprecated_verify_subject_alt_name = 4 [deprecated = true]; } // TLS context shared by both client and server TLS contexts. @@ -375,12 +367,12 @@ message CommonTlsContext { repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6 [(validate.rules).repeated = {max_items: 1}]; - oneof validation_context_type { - // How to validate peer certificates. - CertificateValidationContext validation_context = 3; + // How to validate peer certificates. + repeated string alpn_protocols = 4; + oneof validation_context_type { // Config for fetching validation context via SDS API. - SdsSecretConfig validation_context_sds_secret_config = 7; + CertificateValidationContext validation_context = 3; // Combined certificate validation context holds a default CertificateValidationContext // and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic @@ -389,20 +381,20 @@ message CommonTlsContext { // CertificateValidationContext overwrites singular fields in default // CertificateValidationContext, and concatenates repeated fields to default // CertificateValidationContext, and logical OR is applied to boolean fields. + SdsSecretConfig validation_context_sds_secret_config = 7; + + // Supplies the list of ALPN protocols that the listener should expose. In + // practice this is likely to be set to one of two values (see the + // :ref:`codec_type + // ` + // parameter in the HTTP connection manager for more information): + // + // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1. + // * "http/1.1" If the listener is only going to support HTTP/1.1. + // + // There is no default for this parameter. If empty, Envoy will not expose ALPN. CombinedCertificateValidationContext combined_validation_context = 8; } - - // Supplies the list of ALPN protocols that the listener should expose. In - // practice this is likely to be set to one of two values (see the - // :ref:`codec_type - // ` - // parameter in the HTTP connection manager for more information): - // - // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1. - // * "http/1.1" If the listener is only going to support HTTP/1.1. - // - // There is no default for this parameter. If empty, Envoy will not expose ALPN. - repeated string alpn_protocols = 4; } message UpstreamTlsContext { @@ -451,22 +443,22 @@ message DownstreamTlsContext { // [#not-implemented-hide:] google.protobuf.BoolValue require_sni = 3; + // TLS session ticket key settings. + google.protobuf.Duration session_timeout = 6 [(validate.rules).duration = { + lt {seconds: 4294967296} + gte {} + }]; + oneof session_ticket_keys_type { - // TLS session ticket key settings. + // Config for fetching TLS session ticket keys via SDS API. TlsSessionTicketKeys session_ticket_keys = 4; - // Config for fetching TLS session ticket keys via SDS API. + // If specified, session_timeout will change maximum lifetime (in seconds) of TLS session + // Currently this value is used as a hint to `TLS session ticket lifetime (for TLSv1.2) + // ` + // only seconds could be specified (fractional seconds are going to be ignored). SdsSecretConfig session_ticket_keys_sds_secret_config = 5; } - - // If specified, session_timeout will change maximum lifetime (in seconds) of TLS session - // Currently this value is used as a hint to `TLS session ticket lifetime (for TLSv1.2) - // ` - // only seconds could be specified (fractional seconds are going to be ignored). - google.protobuf.Duration session_timeout = 6 [(validate.rules).duration = { - lt {seconds: 4294967296} - gte {} - }]; } message GenericSecret { diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/BUILD b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/BUILD new file mode 100644 index 0000000000000..e56544584bfe2 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v4alpha:pkg", + "//envoy/extensions/transport_sockets/tls/v3:pkg", + "//envoy/type/matcher/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/cert.proto b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/cert.proto new file mode 100644 index 0000000000000..6f6a58d08c1b9 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/cert.proto @@ -0,0 +1,508 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v4alpha; + +import "envoy/config/core/v4alpha/base.proto"; +import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/type/matcher/v3/string.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v4alpha"; +option java_outer_classname = "CertProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: Common TLS configuration] + +message TlsParameters { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.TlsParameters"; + + enum TlsProtocol { + // Envoy will choose the optimal TLS version. + TLS_AUTO = 0; + + // TLS 1.0 + TLSv1_0 = 1; + + // TLS 1.1 + TLSv1_1 = 2; + + // TLS 1.2 + TLSv1_2 = 3; + + // TLS 1.3 + TLSv1_3 = 4; + } + + // Minimum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_0`` for + // servers. + TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum = {defined_only: true}]; + + // Maximum TLS protocol version. By default, it's ``TLSv1_3`` for servers in non-FIPS builds, and + // ``TLSv1_2`` for clients and for servers using :ref:`BoringSSL FIPS `. + TlsProtocol tls_maximum_protocol_version = 2 [(validate.rules).enum = {defined_only: true}]; + + // If specified, the TLS listener will only support the specified `cipher list + // `_ + // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not + // specified, the default list will be used. + // + // In non-FIPS builds, the default cipher list is: + // + // .. code-block:: none + // + // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] + // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] + // ECDHE-ECDSA-AES128-SHA + // ECDHE-RSA-AES128-SHA + // AES128-GCM-SHA256 + // AES128-SHA + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // ECDHE-ECDSA-AES256-SHA + // ECDHE-RSA-AES256-SHA + // AES256-GCM-SHA384 + // AES256-SHA + // + // In builds using :ref:`BoringSSL FIPS `, the default cipher list is: + // + // .. code-block:: none + // + // ECDHE-ECDSA-AES128-GCM-SHA256 + // ECDHE-RSA-AES128-GCM-SHA256 + // ECDHE-ECDSA-AES128-SHA + // ECDHE-RSA-AES128-SHA + // AES128-GCM-SHA256 + // AES128-SHA + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // ECDHE-ECDSA-AES256-SHA + // ECDHE-RSA-AES256-SHA + // AES256-GCM-SHA384 + // AES256-SHA + repeated string cipher_suites = 3; + + // If specified, the TLS connection will only support the specified ECDH + // curves. If not specified, the default curves will be used. + // + // In non-FIPS builds, the default curves are: + // + // .. code-block:: none + // + // X25519 + // P-256 + // + // In builds using :ref:`BoringSSL FIPS `, the default curve is: + // + // .. code-block:: none + // + // P-256 + repeated string ecdh_curves = 4; +} + +// BoringSSL private key method configuration. The private key methods are used for external +// (potentially asynchronous) signing and decryption operations. Some use cases for private key +// methods would be TPM support and TLS acceleration. +message PrivateKeyProvider { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider"; + + reserved 2; + + reserved "config"; + + // Private key method provider name. The name must match a + // supported private key method provider type. + string provider_name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Private key method provider specific configuration. + oneof config_type { + google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true]; + } +} + +// [#next-free-field: 7] +message TlsCertificate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.TlsCertificate"; + + // The TLS certificate chain. + config.core.v4alpha.DataSource certificate_chain = 1; + + // The TLS private key. + config.core.v4alpha.DataSource private_key = 2 [(udpa.annotations.sensitive) = true]; + + // BoringSSL private key method provider. This is an alternative to :ref:`private_key + // ` field. This can't be + // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key + // ` and + // :ref:`private_key_provider + // ` fields will result in an + // error. + PrivateKeyProvider private_key_provider = 6; + + // The password to decrypt the TLS private key. If this field is not set, it is assumed that the + // TLS private key is not password encrypted. + config.core.v4alpha.DataSource password = 3 [(udpa.annotations.sensitive) = true]; + + // [#not-implemented-hide:] + config.core.v4alpha.DataSource ocsp_staple = 4; + + // [#not-implemented-hide:] + repeated config.core.v4alpha.DataSource signed_certificate_timestamp = 5; +} + +message TlsSessionTicketKeys { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys"; + + // Keys for encrypting and decrypting TLS session tickets. The + // first key in the array contains the key to encrypt all new sessions created by this context. + // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys + // by, for example, putting the new key first, and the previous key second. + // + // If :ref:`session_ticket_keys ` + // is not specified, the TLS library will still support resuming sessions via tickets, but it will + // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts + // or on different hosts. + // + // Each key must contain exactly 80 bytes of cryptographically-secure random data. For + // example, the output of ``openssl rand 80``. + // + // .. attention:: + // + // Using this feature has serious security considerations and risks. Improper handling of keys + // may result in loss of secrecy in connections, even if ciphers supporting perfect forward + // secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some + // discussion. To minimize the risk, you must: + // + // * Keep the session ticket keys at least as secure as your TLS certificate private keys + // * Rotate session ticket keys at least daily, and preferably hourly + // * Always generate keys using a cryptographically-secure random data source + repeated config.core.v4alpha.DataSource keys = 1 + [(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true]; +} + +// [#next-free-field: 11] +message CertificateValidationContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext"; + + // Peer certificate verification mode. + enum TrustChainVerification { + // Perform default certificate verification (e.g., against CA / verification lists) + VERIFY_TRUST_CHAIN = 0; + + // Connections where the certificate fails verification will be permitted. + // For HTTP connections, the result of certificate verification can be used in route matching. ( + // see :ref:`validated ` ). + ACCEPT_UNTRUSTED = 1; + } + + reserved 4; + + reserved "verify_subject_alt_name"; + + // TLS certificate data containing certificate authority certificates to use in verifying + // a presented peer certificate (e.g. server certificate for clusters or client certificate + // for listeners). If not specified and a peer certificate is presented it will not be + // verified. By default, a client certificate is optional, unless one of the additional + // options (:ref:`require_client_certificate + // `, + // :ref:`verify_certificate_spki + // `, + // :ref:`verify_certificate_hash + // `, or + // :ref:`match_subject_alt_names + // `) is also + // specified. + // + // It can optionally contain certificate revocation lists, in which case Envoy will verify + // that the presented peer certificate has not been revoked by one of the included CRLs. + // + // See :ref:`the TLS overview ` for a list of common + // system CA locations. + config.core.v4alpha.DataSource trusted_ca = 1; + + // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the + // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate + // matches one of the specified values. + // + // A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate + // can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -noout -pubkey + // | openssl pkey -pubin -outform DER + // | openssl dgst -sha256 -binary + // | openssl enc -base64 + // NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A= + // + // This is the format used in HTTP Public Key Pinning. + // + // When both: + // :ref:`verify_certificate_hash + // ` and + // :ref:`verify_certificate_spki + // ` are specified, + // a hash matching value from either of the lists will result in the certificate being accepted. + // + // .. attention:: + // + // This option is preferred over :ref:`verify_certificate_hash + // `, + // because SPKI is tied to a private key, so it doesn't change when the certificate + // is renewed using the same private key. + repeated string verify_certificate_spki = 3 + [(validate.rules).repeated = {items {string {min_bytes: 44 max_bytes: 44}}}]; + + // An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that + // the SHA-256 of the DER-encoded presented certificate matches one of the specified values. + // + // A hex-encoded SHA-256 of the certificate can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2 + // df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a + // + // A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate + // can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2 + // DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A + // + // Both of those formats are acceptable. + // + // When both: + // :ref:`verify_certificate_hash + // ` and + // :ref:`verify_certificate_spki + // ` are specified, + // a hash matching value from either of the lists will result in the certificate being accepted. + repeated string verify_certificate_hash = 2 + [(validate.rules).repeated = {items {string {min_bytes: 64 max_bytes: 95}}}]; + + // An optional list of Subject Alternative name matchers. Envoy will verify that the + // Subject Alternative Name of the presented certificate matches one of the specified matches. + // + // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be + // configured with exact match type in the :ref:`string matcher `. + // For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com", + // it should be configured as shown below. + // + // .. code-block:: yaml + // + // match_subject_alt_names: + // exact: "api.example.com" + // + // .. attention:: + // + // Subject Alternative Names are easily spoofable and verifying only them is insecure, + // therefore this option must be used together with :ref:`trusted_ca + // `. + repeated type.matcher.v3.StringMatcher match_subject_alt_names = 9; + + // [#not-implemented-hide:] Must present a signed time-stamped OCSP response. + google.protobuf.BoolValue require_ocsp_staple = 5; + + // [#not-implemented-hide:] Must present signed certificate time-stamp. + google.protobuf.BoolValue require_signed_certificate_timestamp = 6; + + // An optional `certificate revocation list + // `_ + // (in PEM format). If specified, Envoy will verify that the presented peer + // certificate has not been revoked by this CRL. If this DataSource contains + // multiple CRLs, all of them will be used. + config.core.v4alpha.DataSource crl = 7; + + // If specified, Envoy will not reject expired certificates. + bool allow_expired_certificate = 8; + + // Certificate trust chain verification mode. + TrustChainVerification trust_chain_verification = 10 + [(validate.rules).enum = {defined_only: true}]; +} + +// TLS context shared by both client and server TLS contexts. +// [#next-free-field: 9] +message CommonTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.CommonTlsContext"; + + message CombinedCertificateValidationContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.CommonTlsContext." + "CombinedCertificateValidationContext"; + + // How to validate peer certificates. + CertificateValidationContext default_validation_context = 1 + [(validate.rules).message = {required: true}]; + + // Config for fetching validation context via SDS API. + SdsSecretConfig validation_context_sds_secret_config = 2 + [(validate.rules).message = {required: true}]; + } + + reserved 5; + + // TLS protocol versions, cipher suites etc. + TlsParameters tls_params = 1; + + // :ref:`Multiple TLS certificates ` can be associated with the + // same context to allow both RSA and ECDSA certificates. + // + // Only a single TLS certificate is supported in client contexts. In server contexts, the first + // RSA certificate is used for clients that only support RSA and the first ECDSA certificate is + // used for clients that support ECDSA. + repeated TlsCertificate tls_certificates = 2; + + // Configs for fetching TLS certificates via SDS API. + repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6 + [(validate.rules).repeated = {max_items: 1}]; + + oneof validation_context_type { + // How to validate peer certificates. + CertificateValidationContext validation_context = 3; + + // Config for fetching validation context via SDS API. + SdsSecretConfig validation_context_sds_secret_config = 7; + + // Combined certificate validation context holds a default CertificateValidationContext + // and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic + // and default CertificateValidationContext are merged into a new CertificateValidationContext + // for validation. This merge is done by Message::MergeFrom(), so dynamic + // CertificateValidationContext overwrites singular fields in default + // CertificateValidationContext, and concatenates repeated fields to default + // CertificateValidationContext, and logical OR is applied to boolean fields. + CombinedCertificateValidationContext combined_validation_context = 8; + } + + // Supplies the list of ALPN protocols that the listener should expose. In + // practice this is likely to be set to one of two values (see the + // :ref:`codec_type + // ` + // parameter in the HTTP connection manager for more information): + // + // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1. + // * "http/1.1" If the listener is only going to support HTTP/1.1. + // + // There is no default for this parameter. If empty, Envoy will not expose ALPN. + repeated string alpn_protocols = 4; +} + +message UpstreamTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext"; + + // Common TLS context settings. + // + // .. attention:: + // + // Server certificate verification is not enabled by default. Configure + // :ref:`trusted_ca` to enable + // verification. + CommonTlsContext common_tls_context = 1; + + // SNI string to use when creating TLS backend connections. + string sni = 2 [(validate.rules).string = {max_bytes: 255}]; + + // If true, server-initiated TLS renegotiation will be allowed. + // + // .. attention:: + // + // TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary. + bool allow_renegotiation = 3; + + // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets + // for TLSv1.2 and older) to store for the purpose of session resumption. + // + // Defaults to 1, setting this to 0 disables session resumption. + google.protobuf.UInt32Value max_session_keys = 4; +} + +// [#next-free-field: 7] +message DownstreamTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext"; + + // Common TLS context settings. + CommonTlsContext common_tls_context = 1; + + // If specified, Envoy will reject connections without a valid client + // certificate. + google.protobuf.BoolValue require_client_certificate = 2; + + // If specified, Envoy will reject connections without a valid and matching SNI. + // [#not-implemented-hide:] + google.protobuf.BoolValue require_sni = 3; + + oneof session_ticket_keys_type { + // TLS session ticket key settings. + TlsSessionTicketKeys session_ticket_keys = 4; + + // Config for fetching TLS session ticket keys via SDS API. + SdsSecretConfig session_ticket_keys_sds_secret_config = 5; + } + + // If specified, session_timeout will change maximum lifetime (in seconds) of TLS session + // Currently this value is used as a hint to `TLS session ticket lifetime (for TLSv1.2) + // ` + // only seconds could be specified (fractional seconds are going to be ignored). + google.protobuf.Duration session_timeout = 6 [(validate.rules).duration = { + lt {seconds: 4294967296} + gte {} + }]; +} + +message GenericSecret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.GenericSecret"; + + // Secret of generic type and is available to filters. + config.core.v4alpha.DataSource secret = 1 [(udpa.annotations.sensitive) = true]; +} + +message SdsSecretConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig"; + + // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. + // When both name and config are specified, then secret can be fetched and/or reloaded via + // SDS. When only name is specified, then secret will be loaded from static resources. + string name = 1; + + config.core.v4alpha.ConfigSource sds_config = 2; +} + +// [#next-free-field: 6] +message Secret { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.Secret"; + + // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. + string name = 1; + + oneof type { + TlsCertificate tls_certificate = 2; + + TlsSessionTicketKeys session_ticket_keys = 3; + + CertificateValidationContext validation_context = 4; + + GenericSecret generic_secret = 5; + } +} diff --git a/generated_api_shadow/envoy/extensions/wasm/v3/wasm.proto b/generated_api_shadow/envoy/extensions/wasm/v3/wasm.proto index 2c9d22148569d..16cae01897e03 100644 --- a/generated_api_shadow/envoy/extensions/wasm/v3/wasm.proto +++ b/generated_api_shadow/envoy/extensions/wasm/v3/wasm.proto @@ -13,7 +13,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.extensions.wasm.v3"; option java_outer_classname = "WasmProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Wasm service] @@ -62,15 +62,15 @@ message PluginConfig { // filters/services with a blank group_name with the same *vm_id* will share Context(s). string group_name = 2; + google.protobuf.Any configuration = 5; + // In the future add referential VM configurations. + // Configuration for finding or starting VM. oneof vm_config { + // Filter/service configuration used to configure or reconfigure a plugin + // (proxy_on_configuration). VmConfig inline_vm_config = 3; - // In the future add referential VM configurations. } - - // Filter/service configuration used to configure or reconfigure a plugin - // (proxy_on_configuration). - google.protobuf.Any configuration = 5; } // WasmService is configured as a built-in *envoy.wasm_service* :ref:`ServiceConfig diff --git a/generated_api_shadow/envoy/service/accesslog/v2/als.proto b/generated_api_shadow/envoy/service/accesslog/v2/als.proto index 19cc14a89bc17..bbd871ff83a4a 100644 --- a/generated_api_shadow/envoy/service/accesslog/v2/als.proto +++ b/generated_api_shadow/envoy/service/accesslog/v2/als.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.service.accesslog.v2"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/generated_api_shadow/envoy/service/accesslog/v3/als.proto b/generated_api_shadow/envoy/service/accesslog/v3/als.proto index 6ded214888cb4..3f5e37325cc5c 100644 --- a/generated_api_shadow/envoy/service/accesslog/v3/als.proto +++ b/generated_api_shadow/envoy/service/accesslog/v3/als.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.accesslog.v3"; option java_outer_classname = "AlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Access Log Service (ALS)] diff --git a/generated_api_shadow/envoy/service/auth/v2/attribute_context.proto b/generated_api_shadow/envoy/service/auth/v2/attribute_context.proto index 59d240090b378..16ac3ee23d49c 100644 --- a/generated_api_shadow/envoy/service/auth/v2/attribute_context.proto +++ b/generated_api_shadow/envoy/service/auth/v2/attribute_context.proto @@ -12,7 +12,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.service.auth.v2"; option java_outer_classname = "AttributeContextProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Attribute Context ] diff --git a/generated_api_shadow/envoy/service/auth/v2/external_auth.proto b/generated_api_shadow/envoy/service/auth/v2/external_auth.proto index 0d1f227ed01c8..0f580fe7dc346 100644 --- a/generated_api_shadow/envoy/service/auth/v2/external_auth.proto +++ b/generated_api_shadow/envoy/service/auth/v2/external_auth.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.auth.v2"; option java_outer_classname = "ExternalAuthProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Authorization Service ] diff --git a/generated_api_shadow/envoy/service/auth/v3/attribute_context.proto b/generated_api_shadow/envoy/service/auth/v3/attribute_context.proto index 3d47dead3f1f2..3c4fe0af665ea 100644 --- a/generated_api_shadow/envoy/service/auth/v3/attribute_context.proto +++ b/generated_api_shadow/envoy/service/auth/v3/attribute_context.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.service.auth.v3"; option java_outer_classname = "AttributeContextProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Attribute Context ] diff --git a/generated_api_shadow/envoy/service/auth/v3/external_auth.proto b/generated_api_shadow/envoy/service/auth/v3/external_auth.proto index 22ea971683523..b93b61a3bde95 100644 --- a/generated_api_shadow/envoy/service/auth/v3/external_auth.proto +++ b/generated_api_shadow/envoy/service/auth/v3/external_auth.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.auth.v3"; option java_outer_classname = "ExternalAuthProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Authorization Service ] diff --git a/generated_api_shadow/envoy/service/cluster/v3/cds.proto b/generated_api_shadow/envoy/service/cluster/v3/cds.proto index b0ac811972921..100ecad39a968 100644 --- a/generated_api_shadow/envoy/service/cluster/v3/cds.proto +++ b/generated_api_shadow/envoy/service/cluster/v3/cds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.cluster.v3"; option java_outer_classname = "CdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: CDS] diff --git a/generated_api_shadow/envoy/service/discovery/v2/ads.proto b/generated_api_shadow/envoy/service/discovery/v2/ads.proto index 9dbaf45415546..d70e0cdc8e149 100644 --- a/generated_api_shadow/envoy/service/discovery/v2/ads.proto +++ b/generated_api_shadow/envoy/service/discovery/v2/ads.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.service.discovery.v2"; option java_outer_classname = "AdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Aggregated Discovery Service (ADS)] diff --git a/generated_api_shadow/envoy/service/discovery/v2/hds.proto b/generated_api_shadow/envoy/service/discovery/v2/hds.proto index 00f928655700d..76f91c5a456de 100644 --- a/generated_api_shadow/envoy/service/discovery/v2/hds.proto +++ b/generated_api_shadow/envoy/service/discovery/v2/hds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "HdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.health.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Health Discovery Service (HDS)] diff --git a/generated_api_shadow/envoy/service/discovery/v2/rtds.proto b/generated_api_shadow/envoy/service/discovery/v2/rtds.proto index 43803f03100bf..713ac277072bf 100644 --- a/generated_api_shadow/envoy/service/discovery/v2/rtds.proto +++ b/generated_api_shadow/envoy/service/discovery/v2/rtds.proto @@ -17,7 +17,7 @@ option java_outer_classname = "RtdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.runtime.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Runtime Discovery Service (RTDS)] // RTDS :ref:`configuration overview ` diff --git a/generated_api_shadow/envoy/service/discovery/v2/sds.proto b/generated_api_shadow/envoy/service/discovery/v2/sds.proto index f0b6846b5912d..4d01d475c59bc 100644 --- a/generated_api_shadow/envoy/service/discovery/v2/sds.proto +++ b/generated_api_shadow/envoy/service/discovery/v2/sds.proto @@ -15,7 +15,7 @@ option java_outer_classname = "SdsProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.secret.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Secret Discovery Service (SDS)] diff --git a/generated_api_shadow/envoy/service/discovery/v3/ads.proto b/generated_api_shadow/envoy/service/discovery/v3/ads.proto index d2c81f8ddc766..03021559ab669 100644 --- a/generated_api_shadow/envoy/service/discovery/v3/ads.proto +++ b/generated_api_shadow/envoy/service/discovery/v3/ads.proto @@ -11,7 +11,7 @@ option java_package = "io.envoyproxy.envoy.service.discovery.v3"; option java_outer_classname = "AdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Aggregated Discovery Service (ADS)] diff --git a/generated_api_shadow/envoy/service/discovery/v3/discovery.proto b/generated_api_shadow/envoy/service/discovery/v3/discovery.proto index 9ac8349c268bb..b8e31160a88b8 100644 --- a/generated_api_shadow/envoy/service/discovery/v3/discovery.proto +++ b/generated_api_shadow/envoy/service/discovery/v3/discovery.proto @@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.service.discovery.v3"; option java_outer_classname = "DiscoveryProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Common discovery API components] diff --git a/generated_api_shadow/envoy/service/endpoint/v3/eds.proto b/generated_api_shadow/envoy/service/endpoint/v3/eds.proto index a339d33a3bcd6..e1a8494afc8f2 100644 --- a/generated_api_shadow/envoy/service/endpoint/v3/eds.proto +++ b/generated_api_shadow/envoy/service/endpoint/v3/eds.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.service.endpoint.v3"; option java_outer_classname = "EdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: EDS] // Endpoint discovery :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/service/event_reporting/v2alpha/event_reporting_service.proto b/generated_api_shadow/envoy/service/event_reporting/v2alpha/event_reporting_service.proto index 3b073253ba96f..8d07f04640caf 100644 --- a/generated_api_shadow/envoy/service/event_reporting/v2alpha/event_reporting_service.proto +++ b/generated_api_shadow/envoy/service/event_reporting/v2alpha/event_reporting_service.proto @@ -15,7 +15,7 @@ option java_outer_classname = "EventReportingServiceProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.service.event_reporting.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: gRPC Event Reporting Service] diff --git a/generated_api_shadow/envoy/service/event_reporting/v3/event_reporting_service.proto b/generated_api_shadow/envoy/service/event_reporting/v3/event_reporting_service.proto index d53358470d711..6f0b325902fb2 100644 --- a/generated_api_shadow/envoy/service/event_reporting/v3/event_reporting_service.proto +++ b/generated_api_shadow/envoy/service/event_reporting/v3/event_reporting_service.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.event_reporting.v3"; option java_outer_classname = "EventReportingServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC Event Reporting Service] diff --git a/generated_api_shadow/envoy/service/health/v3/hds.proto b/generated_api_shadow/envoy/service/health/v3/hds.proto index 9b6dbf7bfa061..0b09134709c82 100644 --- a/generated_api_shadow/envoy/service/health/v3/hds.proto +++ b/generated_api_shadow/envoy/service/health/v3/hds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.health.v3"; option java_outer_classname = "HdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Health Discovery Service (HDS)] diff --git a/generated_api_shadow/envoy/service/listener/v3/lds.proto b/generated_api_shadow/envoy/service/listener/v3/lds.proto index ed1f2dc9e959b..a7a8260619f7c 100644 --- a/generated_api_shadow/envoy/service/listener/v3/lds.proto +++ b/generated_api_shadow/envoy/service/listener/v3/lds.proto @@ -17,7 +17,7 @@ option java_package = "io.envoyproxy.envoy.service.listener.v3"; option java_outer_classname = "LdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listener] // Listener :ref:`configuration overview ` diff --git a/generated_api_shadow/envoy/service/load_stats/v2/lrs.proto b/generated_api_shadow/envoy/service/load_stats/v2/lrs.proto index 76f728a4b94b0..a71039e7ceeb0 100644 --- a/generated_api_shadow/envoy/service/load_stats/v2/lrs.proto +++ b/generated_api_shadow/envoy/service/load_stats/v2/lrs.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.load_stats.v2"; option java_outer_classname = "LrsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Load reporting service] diff --git a/generated_api_shadow/envoy/service/load_stats/v3/lrs.proto b/generated_api_shadow/envoy/service/load_stats/v3/lrs.proto index ee4de2540f0b1..ce48574826a90 100644 --- a/generated_api_shadow/envoy/service/load_stats/v3/lrs.proto +++ b/generated_api_shadow/envoy/service/load_stats/v3/lrs.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.load_stats.v3"; option java_outer_classname = "LrsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Load reporting service] diff --git a/generated_api_shadow/envoy/service/metrics/v2/metrics_service.proto b/generated_api_shadow/envoy/service/metrics/v2/metrics_service.proto index 2df051c829929..aa5e703850155 100644 --- a/generated_api_shadow/envoy/service/metrics/v2/metrics_service.proto +++ b/generated_api_shadow/envoy/service/metrics/v2/metrics_service.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.metrics.v2"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metrics service] diff --git a/generated_api_shadow/envoy/service/metrics/v3/metrics_service.proto b/generated_api_shadow/envoy/service/metrics/v3/metrics_service.proto index 2ecb78086ca1b..033c168c32ba1 100644 --- a/generated_api_shadow/envoy/service/metrics/v3/metrics_service.proto +++ b/generated_api_shadow/envoy/service/metrics/v3/metrics_service.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.metrics.v3"; option java_outer_classname = "MetricsServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metrics service] diff --git a/generated_api_shadow/envoy/service/ratelimit/v2/rls.proto b/generated_api_shadow/envoy/service/ratelimit/v2/rls.proto index 0ca5da8c02b72..123990638b78d 100644 --- a/generated_api_shadow/envoy/service/ratelimit/v2/rls.proto +++ b/generated_api_shadow/envoy/service/ratelimit/v2/rls.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.ratelimit.v2"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Rate Limit Service (RLS)] diff --git a/generated_api_shadow/envoy/service/ratelimit/v3/rls.proto b/generated_api_shadow/envoy/service/ratelimit/v3/rls.proto index ecad5fdc25664..b3bfc73b28c8b 100644 --- a/generated_api_shadow/envoy/service/ratelimit/v3/rls.proto +++ b/generated_api_shadow/envoy/service/ratelimit/v3/rls.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.ratelimit.v3"; option java_outer_classname = "RlsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Rate Limit Service (RLS)] diff --git a/generated_api_shadow/envoy/service/route/v3/rds.proto b/generated_api_shadow/envoy/service/route/v3/rds.proto index 6b2155cc42d70..3a2c432fd8b2e 100644 --- a/generated_api_shadow/envoy/service/route/v3/rds.proto +++ b/generated_api_shadow/envoy/service/route/v3/rds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.route.v3"; option java_outer_classname = "RdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: RDS] diff --git a/generated_api_shadow/envoy/service/route/v3/srds.proto b/generated_api_shadow/envoy/service/route/v3/srds.proto index 90d3d44de971d..7a7f8f7d3a3fa 100644 --- a/generated_api_shadow/envoy/service/route/v3/srds.proto +++ b/generated_api_shadow/envoy/service/route/v3/srds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.route.v3"; option java_outer_classname = "SrdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: SRDS] // * Routing :ref:`architecture overview ` diff --git a/generated_api_shadow/envoy/service/runtime/v3/rtds.proto b/generated_api_shadow/envoy/service/runtime/v3/rtds.proto index e53ef4a26b62f..b12844233883a 100644 --- a/generated_api_shadow/envoy/service/runtime/v3/rtds.proto +++ b/generated_api_shadow/envoy/service/runtime/v3/rtds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.runtime.v3"; option java_outer_classname = "RtdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Runtime Discovery Service (RTDS)] // RTDS :ref:`configuration overview ` diff --git a/generated_api_shadow/envoy/service/secret/v3/sds.proto b/generated_api_shadow/envoy/service/secret/v3/sds.proto index d8ec771f035de..3c9441d7c7608 100644 --- a/generated_api_shadow/envoy/service/secret/v3/sds.proto +++ b/generated_api_shadow/envoy/service/secret/v3/sds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.secret.v3"; option java_outer_classname = "SdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Secret Discovery Service (SDS)] diff --git a/generated_api_shadow/envoy/service/status/v2/csds.proto b/generated_api_shadow/envoy/service/status/v2/csds.proto index 81eb615c0806b..2233f3cef7710 100644 --- a/generated_api_shadow/envoy/service/status/v2/csds.proto +++ b/generated_api_shadow/envoy/service/status/v2/csds.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.status.v2"; option java_outer_classname = "CsdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Client Status Discovery Service (CSDS)] diff --git a/generated_api_shadow/envoy/service/status/v3/csds.proto b/generated_api_shadow/envoy/service/status/v3/csds.proto index 7e8995ba4f400..3347def21d8f9 100644 --- a/generated_api_shadow/envoy/service/status/v3/csds.proto +++ b/generated_api_shadow/envoy/service/status/v3/csds.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.status.v3"; option java_outer_classname = "CsdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Client Status Discovery Service (CSDS)] diff --git a/generated_api_shadow/envoy/service/tap/v2alpha/common.proto b/generated_api_shadow/envoy/service/tap/v2alpha/common.proto index 5452eb777d4d2..990a3826481bd 100644 --- a/generated_api_shadow/envoy/service/tap/v2alpha/common.proto +++ b/generated_api_shadow/envoy/service/tap/v2alpha/common.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v2alpha"; option java_outer_classname = "CommonProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.config.tap.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Common tap configuration] diff --git a/generated_api_shadow/envoy/service/tap/v2alpha/tap.proto b/generated_api_shadow/envoy/service/tap/v2alpha/tap.proto index b956968636236..9fd18eae5d361 100644 --- a/generated_api_shadow/envoy/service/tap/v2alpha/tap.proto +++ b/generated_api_shadow/envoy/service/tap/v2alpha/tap.proto @@ -12,7 +12,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v2alpha"; option java_outer_classname = "TapProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap Sink Service] diff --git a/generated_api_shadow/envoy/service/tap/v2alpha/tapds.proto b/generated_api_shadow/envoy/service/tap/v2alpha/tapds.proto index deb6410568d56..81b9cb0e447bd 100644 --- a/generated_api_shadow/envoy/service/tap/v2alpha/tapds.proto +++ b/generated_api_shadow/envoy/service/tap/v2alpha/tapds.proto @@ -14,7 +14,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v2alpha"; option java_outer_classname = "TapdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Tap discovery service] diff --git a/generated_api_shadow/envoy/service/tap/v3/tap.proto b/generated_api_shadow/envoy/service/tap/v3/tap.proto index 61a0cef9be230..080aba215c10d 100644 --- a/generated_api_shadow/envoy/service/tap/v3/tap.proto +++ b/generated_api_shadow/envoy/service/tap/v3/tap.proto @@ -13,7 +13,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v3"; option java_outer_classname = "TapProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap Sink Service] diff --git a/generated_api_shadow/envoy/service/tap/v3/tapds.proto b/generated_api_shadow/envoy/service/tap/v3/tapds.proto index a991a246fb177..51393d6e14c7d 100644 --- a/generated_api_shadow/envoy/service/tap/v3/tapds.proto +++ b/generated_api_shadow/envoy/service/tap/v3/tapds.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.tap.v3"; option java_outer_classname = "TapdsProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Tap discovery service] diff --git a/generated_api_shadow/envoy/service/trace/v2/trace_service.proto b/generated_api_shadow/envoy/service/trace/v2/trace_service.proto index d411144677309..48e65820b387c 100644 --- a/generated_api_shadow/envoy/service/trace/v2/trace_service.proto +++ b/generated_api_shadow/envoy/service/trace/v2/trace_service.proto @@ -15,7 +15,7 @@ option java_package = "io.envoyproxy.envoy.service.trace.v2"; option java_outer_classname = "TraceServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Trace service] diff --git a/generated_api_shadow/envoy/service/trace/v3/trace_service.proto b/generated_api_shadow/envoy/service/trace/v3/trace_service.proto index a81d42674a3f0..facaa9211c92b 100644 --- a/generated_api_shadow/envoy/service/trace/v3/trace_service.proto +++ b/generated_api_shadow/envoy/service/trace/v3/trace_service.proto @@ -16,7 +16,7 @@ option java_package = "io.envoyproxy.envoy.service.trace.v3"; option java_outer_classname = "TraceServiceProto"; option java_multiple_files = true; option java_generic_services = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Trace service] diff --git a/generated_api_shadow/envoy/type/hash_policy.proto b/generated_api_shadow/envoy/type/hash_policy.proto index 543285608f6d6..b6aeb31fcbfde 100644 --- a/generated_api_shadow/envoy/type/hash_policy.proto +++ b/generated_api_shadow/envoy/type/hash_policy.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "HashPolicyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Hash Policy] diff --git a/generated_api_shadow/envoy/type/http.proto b/generated_api_shadow/envoy/type/http.proto index 1b857316e0bde..c1c787411fad8 100644 --- a/generated_api_shadow/envoy/type/http.proto +++ b/generated_api_shadow/envoy/type/http.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP] diff --git a/generated_api_shadow/envoy/type/http_status.proto b/generated_api_shadow/envoy/type/http_status.proto index 2f8f350d178c5..99b44a98c2512 100644 --- a/generated_api_shadow/envoy/type/http_status.proto +++ b/generated_api_shadow/envoy/type/http_status.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "HttpStatusProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: HTTP status codes] diff --git a/generated_api_shadow/envoy/type/matcher/metadata.proto b/generated_api_shadow/envoy/type/matcher/metadata.proto index 6e911095ec6c3..2cbc602564c59 100644 --- a/generated_api_shadow/envoy/type/matcher/metadata.proto +++ b/generated_api_shadow/envoy/type/matcher/metadata.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metadata matcher] diff --git a/generated_api_shadow/envoy/type/matcher/node.proto b/generated_api_shadow/envoy/type/matcher/node.proto index 0060dc06b2564..c9e84a46279ab 100644 --- a/generated_api_shadow/envoy/type/matcher/node.proto +++ b/generated_api_shadow/envoy/type/matcher/node.proto @@ -10,7 +10,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "NodeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Node matcher] diff --git a/generated_api_shadow/envoy/type/matcher/number.proto b/generated_api_shadow/envoy/type/matcher/number.proto index e70ea9a7bec2c..e488f16a4a0c9 100644 --- a/generated_api_shadow/envoy/type/matcher/number.proto +++ b/generated_api_shadow/envoy/type/matcher/number.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "NumberProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Number matcher] diff --git a/generated_api_shadow/envoy/type/matcher/path.proto b/generated_api_shadow/envoy/type/matcher/path.proto index ebadc954df08c..860a1c69f18a8 100644 --- a/generated_api_shadow/envoy/type/matcher/path.proto +++ b/generated_api_shadow/envoy/type/matcher/path.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "PathProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Path matcher] diff --git a/generated_api_shadow/envoy/type/matcher/regex.proto b/generated_api_shadow/envoy/type/matcher/regex.proto index 92bec3595702b..78b4a2c1d61e6 100644 --- a/generated_api_shadow/envoy/type/matcher/regex.proto +++ b/generated_api_shadow/envoy/type/matcher/regex.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "RegexProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Regex matcher] diff --git a/generated_api_shadow/envoy/type/matcher/string.proto b/generated_api_shadow/envoy/type/matcher/string.proto index 522f405019e1f..431043e00ec1f 100644 --- a/generated_api_shadow/envoy/type/matcher/string.proto +++ b/generated_api_shadow/envoy/type/matcher/string.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "StringProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: String matcher] diff --git a/generated_api_shadow/envoy/type/matcher/struct.proto b/generated_api_shadow/envoy/type/matcher/struct.proto index 7f0616b527ca5..f65b1d121845a 100644 --- a/generated_api_shadow/envoy/type/matcher/struct.proto +++ b/generated_api_shadow/envoy/type/matcher/struct.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "StructProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Struct matcher] diff --git a/generated_api_shadow/envoy/type/matcher/v3/metadata.proto b/generated_api_shadow/envoy/type/matcher/v3/metadata.proto index 918f4980908f3..65ec4f47ffff5 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/metadata.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/metadata.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata matcher] diff --git a/generated_api_shadow/envoy/type/matcher/v3/node.proto b/generated_api_shadow/envoy/type/matcher/v3/node.proto index a446104851ec2..fe507312135ff 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/node.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/node.proto @@ -11,7 +11,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "NodeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Node matcher] diff --git a/generated_api_shadow/envoy/type/matcher/v3/number.proto b/generated_api_shadow/envoy/type/matcher/v3/number.proto index e054b4bc05541..2379efdcbd23a 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/number.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/number.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "NumberProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Number matcher] diff --git a/generated_api_shadow/envoy/type/matcher/v3/path.proto b/generated_api_shadow/envoy/type/matcher/v3/path.proto index 3fe9867aaf9c8..0ce89871c9d9f 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/path.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/path.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "PathProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Path matcher] diff --git a/generated_api_shadow/envoy/type/matcher/v3/regex.proto b/generated_api_shadow/envoy/type/matcher/v3/regex.proto index 3d0075bc33bf5..1b10df3ff1bac 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/regex.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/regex.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "RegexProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Regex matcher] @@ -33,15 +33,15 @@ message RegexMatcher { google.protobuf.UInt32Value max_program_size = 1; } + // Google's RE2 regex engine. + string regex = 2 [(validate.rules).string = {min_bytes: 1}]; + oneof engine_type { option (validate.required) = true; - // Google's RE2 regex engine. + // The regex match string. The string must be supported by the configured engine. GoogleRE2 google_re2 = 1 [(validate.rules).message = {required: true}]; } - - // The regex match string. The string must be supported by the configured engine. - string regex = 2 [(validate.rules).string = {min_bytes: 1}]; } // Describes how to match a string and then produce a new string using a regular diff --git a/generated_api_shadow/envoy/type/matcher/v3/string.proto b/generated_api_shadow/envoy/type/matcher/v3/string.proto index 2a9d29a48c7e5..2f9d43de40dcd 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/string.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/string.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "StringProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: String matcher] @@ -21,23 +21,23 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO message StringMatcher { option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.StringMatcher"; + // The input string must match exactly the string specified here. + // + // Examples: + // + // * *abc* only matches the value *abc*. + bool ignore_case = 6; + oneof match_pattern { option (validate.required) = true; - // The input string must match exactly the string specified here. - // - // Examples: - // - // * *abc* only matches the value *abc*. - string exact = 1; - // The input string must have the prefix specified here. // Note: empty prefix is not allowed, please use regex instead. // // Examples: // // * *abc* matches the value *abc.xyz* - string prefix = 2 [(validate.rules).string = {min_bytes: 1}]; + string exact = 1; // The input string must have the suffix specified here. // Note: empty prefix is not allowed, please use regex instead. @@ -45,35 +45,22 @@ message StringMatcher { // Examples: // // * *abc* matches the value *xyz.abc* - string suffix = 3 [(validate.rules).string = {min_bytes: 1}]; + string prefix = 2 [(validate.rules).string = {min_bytes: 1}]; // The input string must match the regular expression specified here. - // The regex grammar is defined `here - // `_. - // - // Examples: - // - // * The regex ``\d{3}`` matches the value *123* - // * The regex ``\d{3}`` does not match the value *1234* - // * The regex ``\d{3}`` does not match the value *123.456* - // - // .. attention:: - // This field has been deprecated in favor of `safe_regex` as it is not safe for use with - // untrusted input in all cases. + string suffix = 3 [(validate.rules).string = {min_bytes: 1}]; + + // If true, indicates the exact/prefix/suffix matching should be case insensitive. This has no + // effect for the safe_regex match. + // For example, the matcher *data* will match both input string *Data* and *data* if set to true. + RegexMatcher safe_regex = 5 [(validate.rules).message = {required: true}]; + string hidden_envoy_deprecated_regex = 4 [ deprecated = true, (validate.rules).string = {max_bytes: 1024}, (envoy.annotations.disallowed_by_default) = true ]; - - // The input string must match the regular expression specified here. - RegexMatcher safe_regex = 5 [(validate.rules).message = {required: true}]; } - - // If true, indicates the exact/prefix/suffix matching should be case insensitive. This has no - // effect for the safe_regex match. - // For example, the matcher *data* will match both input string *Data* and *data* if set to true. - bool ignore_case = 6; } // Specifies a list of ways to match a string. diff --git a/generated_api_shadow/envoy/type/matcher/v3/struct.proto b/generated_api_shadow/envoy/type/matcher/v3/struct.proto index f08ed96df8536..b88d7b11bc2a9 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/struct.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/struct.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "StructProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Struct matcher] diff --git a/generated_api_shadow/envoy/type/matcher/v3/value.proto b/generated_api_shadow/envoy/type/matcher/v3/value.proto index 87465c5ead8cf..040332273ba35 100644 --- a/generated_api_shadow/envoy/type/matcher/v3/value.proto +++ b/generated_api_shadow/envoy/type/matcher/v3/value.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher.v3"; option java_outer_classname = "ValueProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Value matcher] diff --git a/generated_api_shadow/envoy/type/matcher/value.proto b/generated_api_shadow/envoy/type/matcher/value.proto index e241a6edb4534..aaecd14e8ecd4 100644 --- a/generated_api_shadow/envoy/type/matcher/value.proto +++ b/generated_api_shadow/envoy/type/matcher/value.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.matcher"; option java_outer_classname = "ValueProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Value matcher] diff --git a/generated_api_shadow/envoy/type/metadata/v2/metadata.proto b/generated_api_shadow/envoy/type/metadata/v2/metadata.proto index f8c9fe08c13b8..43a1a7ca92750 100644 --- a/generated_api_shadow/envoy/type/metadata/v2/metadata.proto +++ b/generated_api_shadow/envoy/type/metadata/v2/metadata.proto @@ -10,7 +10,7 @@ option java_package = "io.envoyproxy.envoy.type.metadata.v2"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; option (udpa.annotations.file_migrate).move_to_package = "envoy.type.metadata.v3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Metadata] diff --git a/generated_api_shadow/envoy/type/metadata/v3/metadata.proto b/generated_api_shadow/envoy/type/metadata/v3/metadata.proto index a981e8c1b7a23..ddcce68820573 100644 --- a/generated_api_shadow/envoy/type/metadata/v3/metadata.proto +++ b/generated_api_shadow/envoy/type/metadata/v3/metadata.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.metadata.v3"; option java_outer_classname = "MetadataProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata] diff --git a/generated_api_shadow/envoy/type/percent.proto b/generated_api_shadow/envoy/type/percent.proto index 1d1f9dd5df9ac..fc41a26662fe7 100644 --- a/generated_api_shadow/envoy/type/percent.proto +++ b/generated_api_shadow/envoy/type/percent.proto @@ -8,7 +8,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "PercentProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Percent] diff --git a/generated_api_shadow/envoy/type/range.proto b/generated_api_shadow/envoy/type/range.proto index 2c12b80dc053b..79aaa81975c38 100644 --- a/generated_api_shadow/envoy/type/range.proto +++ b/generated_api_shadow/envoy/type/range.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "RangeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Range] diff --git a/generated_api_shadow/envoy/type/semantic_version.proto b/generated_api_shadow/envoy/type/semantic_version.proto index 96545149e1287..80fe016bfa161 100644 --- a/generated_api_shadow/envoy/type/semantic_version.proto +++ b/generated_api_shadow/envoy/type/semantic_version.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "SemanticVersionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Semantic Version] diff --git a/generated_api_shadow/envoy/type/token_bucket.proto b/generated_api_shadow/envoy/type/token_bucket.proto index cc654c8210080..41b6d268d5f6f 100644 --- a/generated_api_shadow/envoy/type/token_bucket.proto +++ b/generated_api_shadow/envoy/type/token_bucket.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type"; option java_outer_classname = "TokenBucketProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Token bucket] diff --git a/generated_api_shadow/envoy/type/tracing/v2/custom_tag.proto b/generated_api_shadow/envoy/type/tracing/v2/custom_tag.proto index 824816fe20338..7506ae8861254 100644 --- a/generated_api_shadow/envoy/type/tracing/v2/custom_tag.proto +++ b/generated_api_shadow/envoy/type/tracing/v2/custom_tag.proto @@ -10,7 +10,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.tracing.v2"; option java_outer_classname = "CustomTagProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (udpa.annotations.file_status).package_version_status = FROZEN; // [#protodoc-title: Custom Tag] diff --git a/generated_api_shadow/envoy/type/tracing/v3/custom_tag.proto b/generated_api_shadow/envoy/type/tracing/v3/custom_tag.proto index e6b1d2262bb98..42518ead59d13 100644 --- a/generated_api_shadow/envoy/type/tracing/v3/custom_tag.proto +++ b/generated_api_shadow/envoy/type/tracing/v3/custom_tag.proto @@ -11,7 +11,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.tracing.v3"; option java_outer_classname = "CustomTagProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Custom Tag] diff --git a/generated_api_shadow/envoy/type/v3/hash_policy.proto b/generated_api_shadow/envoy/type/v3/hash_policy.proto index 29cf13613bdd3..96c39299698fc 100644 --- a/generated_api_shadow/envoy/type/v3/hash_policy.proto +++ b/generated_api_shadow/envoy/type/v3/hash_policy.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "HashPolicyProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Hash Policy] diff --git a/generated_api_shadow/envoy/type/v3/http.proto b/generated_api_shadow/envoy/type/v3/http.proto index c0aae1d58fc32..fec15d11f871c 100644 --- a/generated_api_shadow/envoy/type/v3/http.proto +++ b/generated_api_shadow/envoy/type/v3/http.proto @@ -7,7 +7,7 @@ import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "HttpProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP] diff --git a/generated_api_shadow/envoy/type/v3/http_status.proto b/generated_api_shadow/envoy/type/v3/http_status.proto index e12edafd8a3c9..8914b7a0264ae 100644 --- a/generated_api_shadow/envoy/type/v3/http_status.proto +++ b/generated_api_shadow/envoy/type/v3/http_status.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "HttpStatusProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: HTTP status codes] diff --git a/generated_api_shadow/envoy/type/v3/percent.proto b/generated_api_shadow/envoy/type/v3/percent.proto index 76976f295c759..3a89a3f44fd5f 100644 --- a/generated_api_shadow/envoy/type/v3/percent.proto +++ b/generated_api_shadow/envoy/type/v3/percent.proto @@ -9,7 +9,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "PercentProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Percent] diff --git a/generated_api_shadow/envoy/type/v3/range.proto b/generated_api_shadow/envoy/type/v3/range.proto index f15ed2895e711..de1d55b09a214 100644 --- a/generated_api_shadow/envoy/type/v3/range.proto +++ b/generated_api_shadow/envoy/type/v3/range.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "RangeProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Range] diff --git a/generated_api_shadow/envoy/type/v3/semantic_version.proto b/generated_api_shadow/envoy/type/v3/semantic_version.proto index 15df5d4e83866..a4126336f03ae 100644 --- a/generated_api_shadow/envoy/type/v3/semantic_version.proto +++ b/generated_api_shadow/envoy/type/v3/semantic_version.proto @@ -8,7 +8,7 @@ import "udpa/annotations/versioning.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "SemanticVersionProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Semantic Version] diff --git a/generated_api_shadow/envoy/type/v3/token_bucket.proto b/generated_api_shadow/envoy/type/v3/token_bucket.proto index 13e42f774d83c..a96d50fbd0abc 100644 --- a/generated_api_shadow/envoy/type/v3/token_bucket.proto +++ b/generated_api_shadow/envoy/type/v3/token_bucket.proto @@ -12,7 +12,7 @@ import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.type.v3"; option java_outer_classname = "TokenBucketProto"; option java_multiple_files = true; -option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; +option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Token bucket] diff --git a/tools/api_boost/testdata/decl_ref_expr.cc.gold b/tools/api_boost/testdata/decl_ref_expr.cc.gold index c21cd57518ab5..d7a337fc38b5b 100644 --- a/tools/api_boost/testdata/decl_ref_expr.cc.gold +++ b/tools/api_boost/testdata/decl_ref_expr.cc.gold @@ -1,5 +1,5 @@ #include "envoy/api/v2/route/route_components.pb.h" -#include "envoy/config/cluster/v3/cluster.pb.h" +#include "envoy/config/cluster/v4alpha/cluster.pb.h" #include "envoy/config/overload/v2alpha/overload.pb.h" #include "envoy/config/overload/v3/overload.pb.h" @@ -9,7 +9,7 @@ using envoy::config::overload::v3::Trigger; -using envoy::config::cluster::v3::Cluster; +using envoy::config::cluster::v4alpha::Cluster; using MutableStringClusterAccessor = std::string* (Cluster::*)(); class ThresholdTriggerImpl { @@ -35,9 +35,9 @@ public: envoy::config::overload::v3::ThresholdTrigger::default_instance(); ASSERT(envoy::config::overload::v3::Trigger::TriggerOneofCase::kThreshold == Trigger::kThreshold); ASSERT(Foo::kThreshold == Trigger::kThreshold); - envoy::config::cluster::v3::Cluster::LbPolicy_Name(0); - static_cast(envoy::config::cluster::v3::Cluster::MAGLEV); - MutableStringClusterAccessor foo2 = &envoy::config::cluster::v3::Cluster::mutable_name; + envoy::config::cluster::v4alpha::Cluster::LbPolicy_Name(0); + static_cast(envoy::config::cluster::v4alpha::Cluster::MAGLEV); + MutableStringClusterAccessor foo2 = &envoy::config::cluster::v4alpha::Cluster::mutable_name; static_cast(foo2); } diff --git a/tools/api_boost/testdata/deprecate.cc.gold b/tools/api_boost/testdata/deprecate.cc.gold index cdae14e43c685..bee1dacfe56e7 100644 --- a/tools/api_boost/testdata/deprecate.cc.gold +++ b/tools/api_boost/testdata/deprecate.cc.gold @@ -1,11 +1,11 @@ -#include "envoy/config/cluster/v3/cluster.pb.h" -#include "envoy/config/route/v3/route_components.pb.h" +#include "envoy/config/cluster/v4alpha/cluster.pb.h" +#include "envoy/config/route/v4alpha/route_components.pb.h" #include "envoy/type/matcher/v3/string.pb.h" void test() { - envoy::config::route::v3::VirtualHost vhost; + envoy::config::route::v4alpha::VirtualHost vhost; vhost.hidden_envoy_deprecated_per_filter_config(); vhost.mutable_hidden_envoy_deprecated_per_filter_config(); static_cast(envoy::type::matcher::v3::StringMatcher::MatchPatternCase::kHiddenEnvoyDeprecatedRegex); - static_cast(envoy::config::cluster::v3::Cluster::hidden_envoy_deprecated_ORIGINAL_DST_LB); + static_cast(envoy::config::cluster::v4alpha::Cluster::hidden_envoy_deprecated_ORIGINAL_DST_LB); } diff --git a/tools/api_boost/testdata/elaborated_type.cc.gold b/tools/api_boost/testdata/elaborated_type.cc.gold index 213e579f46e60..442426177598e 100644 --- a/tools/api_boost/testdata/elaborated_type.cc.gold +++ b/tools/api_boost/testdata/elaborated_type.cc.gold @@ -1,10 +1,10 @@ -#include "envoy/config/cluster/v3/cluster.pb.h" +#include "envoy/config/cluster/v4alpha/cluster.pb.h" #include "envoy/config/overload/v3/overload.pb.h" class ThresholdTriggerImpl { public: ThresholdTriggerImpl(const envoy::config::overload::v3::ThresholdTrigger& /*config*/) {} - void someMethod(envoy::config::cluster::v3::Cluster::LbPolicy) {} + void someMethod(envoy::config::cluster::v4alpha::Cluster::LbPolicy) {} const envoy::config::overload::v3::Trigger::TriggerOneofCase case_{}; }; diff --git a/tools/api_boost/testdata/rename.cc.gold b/tools/api_boost/testdata/rename.cc.gold index 98a823fb18269..124a528b05fdc 100644 --- a/tools/api_boost/testdata/rename.cc.gold +++ b/tools/api_boost/testdata/rename.cc.gold @@ -1,7 +1,7 @@ -#include "envoy/config/route/v3/route_components.pb.h" +#include "envoy/config/route/v4alpha/route_components.pb.h" void test() { - envoy::config::route::v3::RouteAction route_action; + envoy::config::route::v4alpha::RouteAction route_action; route_action.host_rewrite_literal(); route_action.set_host_rewrite_literal("blah"); } diff --git a/tools/api_boost/testdata/validate.cc.gold b/tools/api_boost/testdata/validate.cc.gold index 6479cc251a320..f358c7aec7158 100644 --- a/tools/api_boost/testdata/validate.cc.gold +++ b/tools/api_boost/testdata/validate.cc.gold @@ -1,10 +1,10 @@ -#include "envoy/config/cluster/v3/cluster.pb.h" -#include "envoy/config/cluster/v3/cluster.pb.validate.h" +#include "envoy/config/cluster/v4alpha/cluster.pb.h" +#include "envoy/config/cluster/v4alpha/cluster.pb.validate.h" #include "envoy/protobuf/message_validator.h" #include "common/protobuf/utility.h" void foo(Envoy::ProtobufMessage::ValidationVisitor& validator) { - envoy::config::cluster::v3::Cluster msg; - Envoy::MessageUtil::downcastAndValidate(msg, validator); + envoy::config::cluster::v4alpha::Cluster msg; + Envoy::MessageUtil::downcastAndValidate(msg, validator); } diff --git a/tools/api_proto_plugin/BUILD b/tools/api_proto_plugin/BUILD index 0bec15eb6bd32..5c6c535a4a88a 100644 --- a/tools/api_proto_plugin/BUILD +++ b/tools/api_proto_plugin/BUILD @@ -1,5 +1,6 @@ licenses(["notice"]) # Apache 2 +load("@bazel_skylib//rules:common_settings.bzl", "string_flag") load("@rules_python//python:defs.bzl", "py_library") load("//tools/type_whisperer:type_database.bzl", "type_database") @@ -36,3 +37,9 @@ type_database( targets = [":default_type_db_target"], visibility = ["//visibility:public"], ) + +string_flag( + name = "extra_args", + build_setting_default = "", + visibility = ["//visibility:public"], +) diff --git a/tools/api_proto_plugin/plugin.bzl b/tools/api_proto_plugin/plugin.bzl index 5bc0ef7f71123..95568e47123ad 100644 --- a/tools/api_proto_plugin/plugin.bzl +++ b/tools/api_proto_plugin/plugin.bzl @@ -1,3 +1,4 @@ +load("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo") load("@rules_proto//proto:defs.bzl", "ProtoInfo") # Borrowed from https://github.com/grpc/grpc-java/blob/v1.24.1/java_grpc_library.bzl#L61 @@ -56,6 +57,8 @@ def api_proto_plugin_impl(target, ctx, output_group, mnemonic, output_suffixes): if len(ctx.attr._type_db.files.to_list()) != 1: fail("{} must have one type database file".format(ctx.attr._type_db)) args += ["--api_proto_plugin_opt=type_db_path=" + ctx.attr._type_db.files.to_list()[0].path] + if hasattr(ctx.attr, "_extra_args"): + args += ["--api_proto_plugin_opt=extra_args=" + ctx.attr._extra_args[BuildSettingInfo].value] args += [src.path for src in target[ProtoInfo].direct_sources] env = {} @@ -89,6 +92,9 @@ def api_proto_plugin_aspect(tool_label, aspect_impl, use_type_db = False): _attrs["_type_db"] = attr.label( default = Label("@envoy//tools/api_proto_plugin:default_type_db"), ) + _attrs["_extra_args"] = attr.label( + default = Label("@envoy//tools/api_proto_plugin:extra_args"), + ) return aspect( attr_aspects = ["deps"], attrs = _attrs, diff --git a/tools/api_proto_plugin/plugin.py b/tools/api_proto_plugin/plugin.py index 31ac2c0dbb94a..684bef38dee6a 100644 --- a/tools/api_proto_plugin/plugin.py +++ b/tools/api_proto_plugin/plugin.py @@ -23,14 +23,18 @@ # FileDescriptorProto transformer; this is applied to the input # before any output generation. 'xform', + # Supply --//tools/api_proto_plugin CLI args as a parameters dictionary + # to visitor_factory constructor and xform function? + 'want_params', ]) -def DirectOutputDescriptor(output_suffix, visitor): - return OutputDescriptor(output_suffix, visitor, lambda x: x) +def DirectOutputDescriptor(output_suffix, visitor, want_params=False): + return OutputDescriptor(output_suffix, visitor, (lambda x, _: x) if want_params else lambda x: x, + want_params) -def Plugin(output_descriptors, parameter_callback=None): +def Plugin(output_descriptors): """Protoc plugin entry point. This defines protoc plugin and manages the stdin -> stdout flow. An @@ -48,9 +52,6 @@ def Plugin(output_descriptors, parameter_callback=None): response = plugin_pb2.CodeGeneratorResponse() cprofile_enabled = os.getenv('CPROFILE_ENABLED') - if request.HasField("parameter") and parameter_callback: - parameter_callback(request.parameter) - # We use request.file_to_generate rather than request.file_proto here since we # are invoked inside a Bazel aspect, each node in the DAG will be visited once # by the aspect and we only want to generate docs for the current node. @@ -63,9 +64,17 @@ def Plugin(output_descriptors, parameter_callback=None): for od in output_descriptors: f = response.file.add() f.name = file_proto.name + od.output_suffix - xformed_proto = od.xform(file_proto) - f.content = traverse.TraverseFile(xformed_proto, - od.visitor_factory()) if xformed_proto else '' + # Don't run API proto plugins on things like WKT types etc. + if not file_proto.package.startswith('envoy.'): + continue + if request.HasField("parameter") and od.want_params: + params = dict(param.split('=') for param in request.parameter.split(',')) + xformed_proto = od.xform(file_proto, params) + visitor_factory = od.visitor_factory(params) + else: + xformed_proto = od.xform(file_proto) + visitor_factory = od.visitor_factory() + f.content = traverse.TraverseFile(xformed_proto, visitor_factory) if xformed_proto else '' if cprofile_enabled: pr.disable() stats_stream = io.StringIO() diff --git a/tools/api_proto_plugin/traverse.py b/tools/api_proto_plugin/traverse.py index 7d74905379041..2718e678fc32f 100644 --- a/tools/api_proto_plugin/traverse.py +++ b/tools/api_proto_plugin/traverse.py @@ -50,12 +50,14 @@ def TraverseMessage(type_context, msg_proto, visitor): if nested_msg.options.map_entry } nested_msgs = [ - TraverseMessage(type_context.ExtendNestedMessage(index, nested_msg.name), nested_msg, visitor) - for index, nested_msg in enumerate(msg_proto.nested_type) + TraverseMessage( + type_context.ExtendNestedMessage(index, nested_msg.name, nested_msg.options.deprecated), + nested_msg, visitor) for index, nested_msg in enumerate(msg_proto.nested_type) ] nested_enums = [ - TraverseEnum(type_context.ExtendNestedEnum(index, nested_enum.name), nested_enum, visitor) - for index, nested_enum in enumerate(msg_proto.enum_type) + TraverseEnum( + type_context.ExtendNestedEnum(index, nested_enum.name, nested_enum.options.deprecated), + nested_enum, visitor) for index, nested_enum in enumerate(msg_proto.enum_type) ] return visitor.VisitMessage(msg_proto, type_context, nested_msgs, nested_enums) @@ -77,11 +79,11 @@ def TraverseFile(file_proto, visitor): for index, service in enumerate(file_proto.service) ] msgs = [ - TraverseMessage(package_type_context.ExtendMessage(index, msg.name), msg, visitor) - for index, msg in enumerate(file_proto.message_type) + TraverseMessage(package_type_context.ExtendMessage(index, msg.name, msg.options.deprecated), + msg, visitor) for index, msg in enumerate(file_proto.message_type) ] enums = [ - TraverseEnum(package_type_context.ExtendEnum(index, enum.name), enum, visitor) - for index, enum in enumerate(file_proto.enum_type) + TraverseEnum(package_type_context.ExtendEnum(index, enum.name, enum.options.deprecated), enum, + visitor) for index, enum in enumerate(file_proto.enum_type) ] return visitor.VisitFile(file_proto, package_type_context, services, msgs, enums) diff --git a/tools/api_proto_plugin/type_context.py b/tools/api_proto_plugin/type_context.py index 5ba6bb06a6b00..a8ba0bc17fd9c 100644 --- a/tools/api_proto_plugin/type_context.py +++ b/tools/api_proto_plugin/type_context.py @@ -152,8 +152,9 @@ def __init__(self, source_code_info, name): # Map from a message's oneof index to the "required" bool property. self.oneof_required = {} self.type_name = 'file' + self.deprecated = False - def _Extend(self, path, type_name, name): + def _Extend(self, path, type_name, name, deprecated=False): if not self.name: extended_name = name else: @@ -165,25 +166,28 @@ def _Extend(self, path, type_name, name): extended.oneof_fields = self.oneof_fields.copy() extended.oneof_names = self.oneof_names.copy() extended.oneof_required = self.oneof_required.copy() + extended.deprecated = self.deprecated or deprecated return extended - def ExtendMessage(self, index, name): + def ExtendMessage(self, index, name, deprecated): """Extend type context with a message. Args: index: message index in file. name: message name. + deprecated: is the message depreacted? """ - return self._Extend([4, index], 'message', name) + return self._Extend([4, index], 'message', name, deprecated) - def ExtendNestedMessage(self, index, name): + def ExtendNestedMessage(self, index, name, deprecated): """Extend type context with a nested message. Args: index: nested message index in message. name: message name. + deprecated: is the message depreacted? """ - return self._Extend([3, index], 'message', name) + return self._Extend([3, index], 'message', name, deprecated) def ExtendField(self, index, name): """Extend type context with a field. @@ -194,14 +198,15 @@ def ExtendField(self, index, name): """ return self._Extend([2, index], 'field', name) - def ExtendEnum(self, index, name): + def ExtendEnum(self, index, name, deprecated): """Extend type context with an enum. Args: index: enum index in file. name: enum name. + deprecated: is the message depreacted? """ - return self._Extend([5, index], 'enum', name) + return self._Extend([5, index], 'enum', name, deprecated) def ExtendService(self, index, name): """Extend type context with a service. @@ -212,14 +217,15 @@ def ExtendService(self, index, name): """ return self._Extend([6, index], 'service', name) - def ExtendNestedEnum(self, index, name): + def ExtendNestedEnum(self, index, name, deprecated): """Extend type context with a nested enum. Args: index: enum index in message. name: enum name. + deprecated: is the message depreacted? """ - return self._Extend([4, index], 'enum', name) + return self._Extend([4, index], 'enum', name, deprecated) def ExtendEnumValue(self, index, name): """Extend type context with an enum enum. diff --git a/tools/api_proto_plugin/utils.py b/tools/api_proto_plugin/utils.py index a8a9f2c14ae81..a2ac62f039497 100644 --- a/tools/api_proto_plugin/utils.py +++ b/tools/api_proto_plugin/utils.py @@ -1,4 +1,3 @@ -import glob import os @@ -27,15 +26,6 @@ def BazelBinPathForOutputArtifact(label, suffix, root=''): Returns: Path in bazel-bin/external/envoy_api_canonical for label output with given suffix. """ - # We use ** glob matching here to deal with the fact that we have something - # like - # bazel-bin/external/envoy_api/envoy/admin/v2alpha/pkg/envoy/admin/v2alpha/certs.proto.proto - # and we don't want to have to do a nested loop and slow bazel query to - # recover the canonical package part of the path. - # While we may have reformatted the file multiple times due to the transitive - # dependencies in the aspect above, they all look the same. So, just pick an - # arbitrary match and we're done. - glob_pattern = os.path.join( - root, 'bazel-bin/external/envoy_api_canonical/**/%s%s' % - (ProtoFileCanonicalFromLabel(label), suffix)) - return glob.glob(glob_pattern, recursive=True)[0] + proto_file_path = ProtoFileCanonicalFromLabel(label) + return os.path.join(root, 'bazel-bin/external/envoy_api_canonical', + os.path.dirname(proto_file_path), 'pkg', proto_file_path + suffix) diff --git a/tools/proto_format/active_protos_gen.py b/tools/proto_format/active_protos_gen.py index 65a014953766d..5634d2849caed 100755 --- a/tools/proto_format/active_protos_gen.py +++ b/tools/proto_format/active_protos_gen.py @@ -15,7 +15,7 @@ load("@rules_proto//proto:defs.bzl", "proto_library") -# This track active development versions of protos. +# This tracks active development versions of protos. proto_library( name = "active_protos", visibility = ["//visibility:public"], @@ -23,6 +23,15 @@ $active_pkgs ], ) + +# This tracks frozen versions of protos. +proto_library( + name = "frozen_protos", + visibility = ["//visibility:public"], + deps = [ +$frozen_pkgs + ], +) """) @@ -36,10 +45,22 @@ def DepsFormat(pkgs): ' "//%s:pkg",' % p.replace('.', '/') for p in sorted(pkgs, key=BuildOrderKey)) +# Find packages with a given package version status in a given API tree root. +def FindPkgs(package_version_status, api_root): + try: + api_protos = subprocess.check_output( + ['grep', '-l', '-r', + 'package_version_status = %s;' % package_version_status, + api_root]).decode().strip().split('\n') + except subprocess.CalledProcessError: + api_protos = [] + return set([os.path.dirname(p)[len(api_root) + 1:] for p in api_protos]) + + if __name__ == '__main__': api_root = sys.argv[1] - api_protos = subprocess.check_output( - ['grep', '-l', '-r', 'package_version_status = ACTIVE;', - api_root]).decode().strip().split('\n') - active_pkgs = set([os.path.dirname(p)[len(api_root) + 1:] for p in api_protos]) - sys.stdout.write(BUILD_FILE_TEMPLATE.substitute(active_pkgs=DepsFormat(active_pkgs))) + active_pkgs = FindPkgs('ACTIVE', api_root) + frozen_pkgs = FindPkgs('FROZEN', api_root) + sys.stdout.write( + BUILD_FILE_TEMPLATE.substitute(active_pkgs=DepsFormat(active_pkgs), + frozen_pkgs=DepsFormat(frozen_pkgs))) diff --git a/tools/proto_format/proto_format.sh b/tools/proto_format/proto_format.sh index b7f07cb71e8d2..2dfcb1e378406 100755 --- a/tools/proto_format/proto_format.sh +++ b/tools/proto_format/proto_format.sh @@ -3,8 +3,10 @@ # Reformat API protos to canonical proto style using protoxform. set -e +set -x -[[ "$1" == "check" || "$1" == "fix" ]] || (echo "Usage: $0 "; exit 1) +[[ "$1" == "check" || "$1" == "fix" || "$1" == "freeze" ]] || \ + (echo "Usage: $0 "; exit 1) # Developers working on protoxform and other proto format tooling changes will need to override the # following check by setting FORCE_PROTO_FORMAT=yes in the environment. @@ -16,32 +18,53 @@ if [[ "$2" == "--test" ]] then echo "protoxform_test..." ./tools/protoxform/protoxform_test.sh + bazel test ${BAZEL_BUILD_OPTIONS} //tools/protoxform:merge_active_shadow_test fi -# Clean up any stale files in the API tree output. Bazel remembers valid cached -# files still. -# rm -rf bazel-bin/external/envoy_api - # Generate //versioning:active_protos. ./tools/proto_format/active_protos_gen.py ./api > ./api/versioning/BUILD -# Find all source protos. -declare -r PROTO_TARGETS=$(bazel query "labels(srcs, labels(deps, @envoy_api_canonical//versioning:active_protos))") - # This is for local RBE setup, should be no-op for builds without RBE setting in bazelrc files. BAZEL_BUILD_OPTIONS+=" --remote_download_outputs=all" -bazel build ${BAZEL_BUILD_OPTIONS} --//tools/api_proto_plugin:default_type_db_target=@envoy_api_canonical//versioning:active_protos \ +# If the specified command is 'freeze', we tell protoxform to adjust package version status to +# reflect a major version freeze and then do a regular 'fix'. +PROTO_SYNC_CMD="$1" +if [[ "$1" == "freeze" ]] +then + declare -r FREEZE_ARG="--//tools/api_proto_plugin:extra_args=freeze" + PROTO_SYNC_CMD="fix" +fi + +# Invoke protoxform aspect. +bazel build ${BAZEL_BUILD_OPTIONS} --//tools/api_proto_plugin:default_type_db_target=@envoy_api_canonical//versioning:active_protos ${FREEZE_ARG} \ @envoy_api_canonical//versioning:active_protos --aspects //tools/protoxform:protoxform.bzl%protoxform_aspect --output_groups=proto +# Find all source protos. +declare -r ACTIVE_PROTO_TARGETS=$(bazel query "labels(srcs, labels(deps, @envoy_api_canonical//versioning:active_protos))") +declare -r FROZEN_PROTO_TARGETS=$(bazel query "labels(srcs, labels(deps, @envoy_api_canonical//versioning:frozen_protos))") + +# Setup for proto_sync.py. TOOLS=$(dirname $(dirname $(realpath $0))) -# to satisfy dependency on api_proto_plugin +# To satisfy dependency on api_proto_plugin. export PYTHONPATH="$TOOLS" -# Build protoprint for use in proto_sync.py. -bazel build ${BAZEL_BUILD_OPTIONS} //tools/protoxform:protoprint -./tools/proto_format/proto_sync.py "--mode=$1" ${PROTO_TARGETS} +# Build protoprint and merge_active_shadow_tools for use in proto_sync.py. +bazel build ${BAZEL_BUILD_OPTIONS} //tools/protoxform:protoprint //tools/protoxform:merge_active_shadow + +# Copy back the FileDescriptorProtos that protoxform emittted to the source tree. This involves +# pretty-printing to format with protoprint and potentially merging active/shadow versions of protos +# with merge_active_shadow. +./tools/proto_format/proto_sync.py "--mode=${PROTO_SYNC_CMD}" ${ACTIVE_PROTO_TARGETS} ${FROZEN_PROTO_TARGETS} + +# Need to regenerate //versioning:active_protos before building type DB below if freezing. +if [[ "$1" == "freeze" ]] +then + ./tools/proto_format/active_protos_gen.py ./api > ./api/versioning/BUILD +fi +# Generate api/BUILD file based on updated type database. bazel build ${BAZEL_BUILD_OPTIONS} //tools/type_whisperer:api_build_file cp -f bazel-bin/tools/type_whisperer/BUILD.api_build_file api/BUILD +# Misc. manual copies to keep generated_api_shadow/ in sync with api/. cp -f ./api/bazel/*.bzl ./api/bazel/BUILD ./generated_api_shadow/bazel diff --git a/tools/proto_format/proto_sync.py b/tools/proto_format/proto_sync.py index 9959daed50c36..cf952597e88d0 100755 --- a/tools/proto_format/proto_sync.py +++ b/tools/proto_format/proto_sync.py @@ -1,8 +1,14 @@ #!/usr/bin/env python3 -# Diff or copy protoxform artifacts from Bazel cache back to the source tree. +# 1. Take protoxform artifacts from Bazel cache and pretty-print with protoprint.py. +# 2. In the case where we are generating an Envoy internal shadow, it may be +# necessary to combine the current active proto, subject to hand editing, with +# shadow artifacts from the previous verion; this is done via +# merge_active_shadow.py. +# 3. Diff or copy resulting artifacts to the source tree. import argparse +from collections import defaultdict import functools import multiprocessing as mp import os @@ -119,14 +125,59 @@ def ProtoPrint(src, dst): ]) -def SyncProtoFile(src_dst_pair): - """Diff or in-place update a single proto file from protoxform.py Bazel cache artifacts." +def MergeActiveShadow(active_src, shadow_src, dst): + """Merge active/shadow FileDescriptorProto to a destination file. Args: - src_dst_pair: source/destination path tuple. + active_src: source path for active FileDescriptorProto. + shadow_src: source path for active FileDescriptorProto. + dst: destination path for FileDescriptorProto. """ - rel_dst_path = GetDestinationPath(src_dst_pair[0]) - ProtoPrint(*src_dst_pair) + print('MergeActiveShadow %s' % dst) + subprocess.check_output([ + 'bazel-bin/tools/protoxform/merge_active_shadow', + active_src, + shadow_src, + dst, + ]) + + +def SyncProtoFile(dst_srcs): + """Pretty-print a proto descriptor from protoxform.py Bazel cache artifacts." + + In the case where we are generating an Envoy internal shadow, it may be + necessary to combine the current active proto, subject to hand editing, with + shadow artifacts from the previous verion; this is done via + MergeActiveShadow(). + + Args: + dst_srcs: destination/sources path tuple. + """ + dst, srcs = dst_srcs + assert (len(srcs) > 0) + # If we only have one candidate source for a destination, just pretty-print. + if len(srcs) == 1: + src = srcs[0] + ProtoPrint(src, dst) + else: + # We should only see an active and next major version candidate from + # previous version today. + assert (len(srcs) == 2) + shadow_srcs = [ + s for s in srcs if s.endswith('.next_major_version_candidate.envoy_internal.proto') + ] + active_src = [s for s in srcs if s.endswith('active_or_frozen.proto')][0] + # If we're building the shadow, we need to combine the next major version + # candidate shadow with the potentially hand edited active version. + if len(shadow_srcs) > 0: + assert (len(shadow_srcs) == 1) + with tempfile.NamedTemporaryFile() as f: + MergeActiveShadow(active_src, shadow_srcs[0], f.name) + ProtoPrint(f.name, dst) + else: + ProtoPrint(active_src, dst) + src = active_src + rel_dst_path = GetDestinationPath(src) return ['//%s:pkg' % str(rel_dst_path.parent)] @@ -280,16 +331,17 @@ def Sync(api_root, mode, labels, shadow): dst_dir = pathlib.Path(tmp).joinpath("b") paths = [] for label in labels: - paths.append(utils.BazelBinPathForOutputArtifact(label, '.active.proto')) + paths.append(utils.BazelBinPathForOutputArtifact(label, '.active_or_frozen.proto')) paths.append( utils.BazelBinPathForOutputArtifact( label, '.next_major_version_candidate.envoy_internal.proto' if shadow else '.next_major_version_candidate.proto')) - src_dst_paths = [ - (path, GetAbsDestinationPath(dst_dir, path)) for path in paths if os.stat(path).st_size > 0 - ] + dst_src_paths = defaultdict(list) + for path in paths: + if os.stat(path).st_size > 0: + dst_src_paths[GetAbsDestinationPath(dst_dir, path)].append(path) with mp.Pool() as p: - pkg_deps = p.map(SyncProtoFile, src_dst_paths) + pkg_deps = p.map(SyncProtoFile, dst_src_paths.items()) SyncBuildFiles(mode, dst_dir) current_api_dir = pathlib.Path(tmp).joinpath("a") diff --git a/tools/protoxform/BUILD b/tools/protoxform/BUILD index 082bce7cd07cf..d5d46bce81ee4 100644 --- a/tools/protoxform/BUILD +++ b/tools/protoxform/BUILD @@ -1,5 +1,26 @@ licenses(["notice"]) # Apache 2 +py_binary( + name = "merge_active_shadow", + srcs = ["merge_active_shadow.py"], + deps = [ + "@com_envoyproxy_protoc_gen_validate//validate:validate_py", + "@com_github_cncf_udpa//udpa/annotations:pkg_py_proto", + "@com_google_googleapis//google/api:annotations_py_proto", + "@com_google_protobuf//:protobuf_python", + "@envoy_api_canonical//envoy/annotations:pkg_py_proto", + ], +) + +py_test( + name = "merge_active_shadow_test", + srcs = ["merge_active_shadow_test.py"], + deps = [ + ":merge_active_shadow", + "@com_google_protobuf//:protobuf_python", + ], +) + py_binary( name = "protoxform", srcs = [ diff --git a/tools/protoxform/merge_active_shadow.py b/tools/protoxform/merge_active_shadow.py new file mode 100644 index 0000000000000..ecd3cf31c1238 --- /dev/null +++ b/tools/protoxform/merge_active_shadow.py @@ -0,0 +1,142 @@ +# Merge active and previous version's generated next major version candidate +# shadow. This involve simultaneously traversing both FileDescriptorProtos and: +# 1. Recovering hidden_envoy_depreacted_* fields and enum values in active proto. +# 2. Recovering deprecated (sub)message types. +# 3. Misc. fixups for oneof metadata and reserved ranges/names. + +import copy +import pathlib +import sys + +from google.protobuf import descriptor_pb2 +from google.protobuf import text_format + +# Note: we have to include those proto definitions for text_format sanity. +from google.api import annotations_pb2 as _ +from validate import validate_pb2 as _ +from envoy.annotations import deprecation_pb2 as _ +from envoy.annotations import resource_pb2 as _ +from udpa.annotations import migrate_pb2 as _ +from udpa.annotations import sensitive_pb2 as _ +from udpa.annotations import status_pb2 as _ +from udpa.annotations import versioning_pb2 as _ + + +# Set reserved_range in target_proto to reflex previous_reserved_range skipping +# skip_reserved_numbers. +def AdjustReservedRange(target_proto, previous_reserved_range, skip_reserved_numbers): + del target_proto.reserved_range[:] + for rr in previous_reserved_range: + # We can only handle singleton ranges today. + assert ((rr.start == rr.end) or (rr.end == rr.start + 1)) + if rr.start not in skip_reserved_numbers: + target_proto.reserved_range.add().MergeFrom(rr) + + +# Merge active/shadow EnumDescriptorProtos to a fresh target EnumDescriptorProto. +def MergeActiveShadowEnum(active_proto, shadow_proto, target_proto): + target_proto.MergeFrom(active_proto) + shadow_values = {v.name: v for v in shadow_proto.value} + skip_reserved_numbers = [] + # For every reserved name, check to see if it's in the shadow, and if so, + # reintroduce in target_proto. + del target_proto.reserved_name[:] + for n in active_proto.reserved_name: + hidden_n = 'hidden_envoy_deprecated_' + n + if hidden_n in shadow_values: + v = shadow_values[hidden_n] + skip_reserved_numbers.append(v.number) + target_proto.value.add().MergeFrom(v) + else: + target_proto.reserved_name.append(n) + AdjustReservedRange(target_proto, active_proto.reserved_range, skip_reserved_numbers) + # Special fixup for deprecation of default enum values. + for tv in target_proto.value: + if tv.name == 'DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE': + for sv in shadow_proto.value: + if sv.number == tv.number: + assert (sv.number == 0) + tv.CopyFrom(sv) + + +# Merge active/shadow DescriptorProtos to a fresh target DescriptorProto. +def MergeActiveShadowMessage(active_proto, shadow_proto, target_proto): + target_proto.MergeFrom(active_proto) + shadow_fields = {f.name: f for f in shadow_proto.field} + skip_reserved_numbers = [] + # For every reserved name, check to see if it's in the shadow, and if so, + # reintroduce in target_proto. + del target_proto.reserved_name[:] + for n in active_proto.reserved_name: + hidden_n = 'hidden_envoy_deprecated_' + n + if hidden_n in shadow_fields: + f = shadow_fields[hidden_n] + skip_reserved_numbers.append(f.number) + missing_field = target_proto.field.add() + missing_field.MergeFrom(f) + # oneof fields from the shadow need to have their index set to the + # corresponding index in active/target_proto. + if missing_field.HasField('oneof_index'): + oneof_name = shadow_proto.oneof_decl[missing_field.oneof_index].name + missing_oneof_index = None + for oneof_index, oneof_decl in enumerate(active_proto.oneof_decl): + if oneof_decl.name == oneof_name: + missing_oneof_index = oneof_index + assert (missing_oneof_index is not None) + missing_field.oneof_index = missing_oneof_index + else: + target_proto.reserved_name.append(n) + # protoprint.py expects that oneof fields are consecutive, so need to sort for + # this. + if len(active_proto.oneof_decl) > 0: + fields = copy.deepcopy(target_proto.field) + fields.sort(key=lambda f: f.oneof_index if f.HasField('oneof_index') else -1) + del target_proto.field[:] + for f in fields: + target_proto.field.append(f) + AdjustReservedRange(target_proto, active_proto.reserved_range, skip_reserved_numbers) + # Visit nested message types + del target_proto.nested_type[:] + shadow_msgs = {msg.name: msg for msg in shadow_proto.nested_type} + for msg in active_proto.nested_type: + MergeActiveShadowMessage(msg, shadow_msgs[msg.name], target_proto.nested_type.add()) + # Visit nested enum types + del target_proto.enum_type[:] + shadow_enums = {msg.name: msg for msg in shadow_proto.enum_type} + for enum in active_proto.enum_type: + MergeActiveShadowEnum(enum, shadow_enums[enum.name], target_proto.enum_type.add()) + # Ensure target has any deprecated sub-message types in case they are needed. + active_msg_names = set([msg.name for msg in active_proto.nested_type]) + for msg in shadow_proto.nested_type: + if msg.name not in active_msg_names: + target_proto.nested_type.add().MergeFrom(msg) + + +# Merge active/shadow FileDescriptorProtos, returning a the resulting FileDescriptorProto. +def MergeActiveShadowFile(active_file_proto, shadow_file_proto): + target_file_proto = copy.deepcopy(active_file_proto) + # Visit message types + del target_file_proto.message_type[:] + shadow_msgs = {msg.name: msg for msg in shadow_file_proto.message_type} + for msg in active_file_proto.message_type: + MergeActiveShadowMessage(msg, shadow_msgs[msg.name], target_file_proto.message_type.add()) + # Visit enum types + del target_file_proto.enum_type[:] + shadow_enums = {msg.name: msg for msg in shadow_file_proto.enum_type} + for enum in active_file_proto.enum_type: + MergeActiveShadowEnum(enum, shadow_enums[enum.name], target_file_proto.enum_type.add()) + # Ensure target has any deprecated message types in case they are needed. + active_msg_names = set([msg.name for msg in active_file_proto.message_type]) + for msg in shadow_file_proto.message_type: + if msg.name not in active_msg_names: + target_file_proto.message_type.add().MergeFrom(msg) + return target_file_proto + + +if __name__ == '__main__': + active_src, shadow_src, dst = sys.argv[1:] + active_proto = descriptor_pb2.FileDescriptorProto() + text_format.Merge(pathlib.Path(active_src).read_text(), active_proto) + shadow_proto = descriptor_pb2.FileDescriptorProto() + text_format.Merge(pathlib.Path(shadow_src).read_text(), shadow_proto) + pathlib.Path(dst).write_text(str(MergeActiveShadowFile(active_proto, shadow_proto))) diff --git a/tools/protoxform/merge_active_shadow_test.py b/tools/protoxform/merge_active_shadow_test.py new file mode 100644 index 0000000000000..8d473910403d8 --- /dev/null +++ b/tools/protoxform/merge_active_shadow_test.py @@ -0,0 +1,128 @@ +import unittest + +import merge_active_shadow + +from google.protobuf import descriptor_pb2 + + +class MergeActiveShadowTest(unittest.TestCase): + + def testAdjustReservedRange(self): + """AdjustReservedRange removes specified skip_reserved_numbers.""" + desc = descriptor_pb2.DescriptorProto() + rr = desc.reserved_range.add() + rr.start, rr.end = 41, 41 + rr = desc.reserved_range.add() + rr.start, rr.end = 42, 42 + rr = desc.reserved_range.add() + rr.start, rr.end = 43, 44 + rr = desc.reserved_range.add() + rr.start, rr.end = 50, 51 + target = descriptor_pb2.DescriptorProto() + merge_active_shadow.AdjustReservedRange(target, desc.reserved_range, [42, 43]) + assert len(target.reserved_range) == 2 + assert target.reserved_range[0].start == 41 + assert target.reserved_range[1].start == 50 + + def testMergeActiveShadowEnum(self): + """MergeActiveShadowEnum recovers shadow values.""" + active_proto = descriptor_pb2.EnumDescriptorProto() + v = active_proto.value.add() + v.number = 1 + v.name = 'foo' + v = active_proto.value.add() + v.number = 0 + v.name = 'DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE' + v = active_proto.value.add() + v.number = 3 + v.name = 'bar' + active_proto.reserved_name.append('baz') + rr = active_proto.reserved_range.add() + rr.start = 2 + rr.end = 3 + shadow_proto = descriptor_pb2.EnumDescriptorProto() + v = shadow_proto.value.add() + v.number = 1 + v.name = 'foo' + v = shadow_proto.value.add() + v.number = 0 + v.name = 'wow' + v = shadow_proto.value.add() + v.number = 3 + v.name = 'bar' + v = shadow_proto.value.add() + v.number = 2 + v.name = 'hidden_envoy_deprecated_baz' + target_proto = descriptor_pb2.EnumDescriptorProto() + merge_active_shadow.MergeActiveShadowEnum(active_proto, shadow_proto, target_proto) + tv = target_proto.value + assert len(tv) == 4 + assert tv[1].name == 'wow' + assert tv[3].name == 'hidden_envoy_deprecated_baz' + + def testMergeActiveShadowMessage(self): + """MergeActiveShadowMessage recovers shadow fields with oneofs.""" + active_proto = descriptor_pb2.DescriptorProto() + f = active_proto.field.add() + f.number = 1 + f.name = 'foo' + f = active_proto.field.add() + f.number = 0 + f.name = 'bar' + f.oneof_index = 2 + f = active_proto.field.add() + f.number = 3 + f.name = 'baz' + active_proto.reserved_name.append('wow') + rr = active_proto.reserved_range.add() + rr.start = 2 + rr.end = 3 + active_proto.oneof_decl.add().name = 'ign' + active_proto.oneof_decl.add().name = 'ign2' + active_proto.oneof_decl.add().name = 'some_oneof' + shadow_proto = descriptor_pb2.DescriptorProto() + f = shadow_proto.field.add() + f.number = 1 + f.name = 'foo' + f = shadow_proto.field.add() + f.number = 0 + f.name = 'bar' + f = shadow_proto.field.add() + f.number = 3 + f.name = 'baz' + f = shadow_proto.field.add() + f.number = 2 + f.name = 'hidden_envoy_deprecated_wow' + f.oneof_index = 0 + shadow_proto.oneof_decl.add().name = 'some_oneof' + target_proto = descriptor_pb2.DescriptorProto() + merge_active_shadow.MergeActiveShadowMessage(active_proto, shadow_proto, target_proto) + tf = target_proto.field + assert len(tf) == 4 + assert tf[2].name == 'bar' + assert tf[3].name == 'hidden_envoy_deprecated_wow' + assert tf[3].oneof_index == 2 + + def testMergeActiveShadowMessageMissing(self): + """MergeActiveShadowMessage recovers missing messages from shadow.""" + active_proto = descriptor_pb2.DescriptorProto() + shadow_proto = descriptor_pb2.DescriptorProto() + shadow_proto.nested_type.add().name = 'foo' + target_proto = descriptor_pb2.DescriptorProto() + merge_active_shadow.MergeActiveShadowMessage(active_proto, shadow_proto, target_proto) + assert target_proto.nested_type[0].name == 'foo' + + def testMergeActiveShadowFileMissing(self): + """MergeActiveShadowFile recovers missing messages from shadow.""" + active_proto = descriptor_pb2.FileDescriptorProto() + shadow_proto = descriptor_pb2.FileDescriptorProto() + shadow_proto.message_type.add().name = 'foo' + target_proto = descriptor_pb2.DescriptorProto() + target_proto = merge_active_shadow.MergeActiveShadowFile(active_proto, shadow_proto) + assert target_proto.message_type[0].name == 'foo' + + +# TODO(htuch): add some test for recursion. + +if __name__ == '__main__': + unittest.main() diff --git a/tools/protoxform/migrate.py b/tools/protoxform/migrate.py index c2c74bb2aea33..1be44af91acb0 100644 --- a/tools/protoxform/migrate.py +++ b/tools/protoxform/migrate.py @@ -10,6 +10,7 @@ from envoy.annotations import resource_pb2 from udpa.annotations import migrate_pb2 +from udpa.annotations import status_pb2 from google.api import annotations_pb2 ENVOY_API_TYPE_REGEX_STR = 'envoy_api_(msg|enum_value|field|enum)_([\w\.]+)' @@ -23,10 +24,11 @@ class UpgradeVisitor(visitor.Visitor): See visitor.Visitor for visitor method docs comments. """ - def __init__(self, n, typedb, envoy_internal_shadow): + def __init__(self, n, typedb, envoy_internal_shadow, package_version_status): self._base_version = n self._typedb = typedb self._envoy_internal_shadow = envoy_internal_shadow + self._package_version_status = package_version_status def _UpgradedComment(self, c): @@ -213,6 +215,8 @@ def VisitFile(self, file_proto, type_context, services, msgs, enums): upgraded_proto.package = self._typedb.next_version_protos[upgraded_proto.name].qualified_package upgraded_proto.name = self._typedb.next_version_protos[upgraded_proto.name].proto_path upgraded_proto.options.ClearExtension(migrate_pb2.file_migrate) + upgraded_proto.options.Extensions[ + status_pb2.file_status].package_version_status = self._package_version_status # Upgrade comments. for location in upgraded_proto.source_code_info.location: location.leading_comments = self._UpgradedComment(location.leading_comments) @@ -232,13 +236,14 @@ def VisitFile(self, file_proto, type_context, services, msgs, enums): return upgraded_proto -def VersionUpgradeXform(n, envoy_internal_shadow, file_proto): +def VersionUpgradeXform(n, envoy_internal_shadow, file_proto, params): """Transform a FileDescriptorProto from vN[alpha\d] to v(N+1). Args: n: version N to upgrade from. envoy_internal_shadow: generate a shadow for Envoy internal use containing deprecated fields. file_proto: vN[alpha\d] FileDescriptorProto message. + params: plugin parameters. Returns: v(N+1) FileDescriptorProto message. @@ -250,4 +255,15 @@ def VersionUpgradeXform(n, envoy_internal_shadow, file_proto): file_proto.name]: return None # Otherwise, this .proto needs upgrading, do it. - return traverse.TraverseFile(file_proto, UpgradeVisitor(n, typedb, envoy_internal_shadow)) + freeze = 'extra_args' in params and params['extra_args'] == 'freeze' + existing_pkg_version_status = file_proto.options.Extensions[ + status_pb2.file_status].package_version_status + # Normally, we are generating the NEXT_MAJOR_VERSION_CANDIDATE. However, if + # freezing and previously this was the active major version, the migrated + # version is now the ACTIVE version. + if freeze and existing_pkg_version_status == status_pb2.ACTIVE: + package_version_status = status_pb2.ACTIVE + else: + package_version_status = status_pb2.NEXT_MAJOR_VERSION_CANDIDATE + return traverse.TraverseFile( + file_proto, UpgradeVisitor(n, typedb, envoy_internal_shadow, package_version_status)) diff --git a/tools/protoxform/protoprint.py b/tools/protoxform/protoprint.py index 70cf2f1eb1d86..51bb9c5737955 100755 --- a/tools/protoxform/protoprint.py +++ b/tools/protoxform/protoprint.py @@ -8,6 +8,7 @@ # Usage: protoprint.py from collections import deque +import copy import functools import io import os @@ -41,8 +42,8 @@ NEXT_FREE_FIELD_MIN = 5 -class ProtoXformError(Exception): - """Base error class for the protoxform module.""" +class ProtoPrintError(Exception): + """Base error class for the protoprint module.""" def ExtractClangProtoStyle(clang_format_text): @@ -169,12 +170,13 @@ def FormatTypeContextComments(type_context, annotation_xforms=None): return leading, trailing -def FormatHeaderFromFile(source_code_info, file_proto): +def FormatHeaderFromFile(source_code_info, file_proto, empty_file): """Format proto header. Args: source_code_info: SourceCodeInfo object. file_proto: FileDescriptorProto for file. + empty_file: are there no message/enum/service defs in file? Returns: Formatted proto header as a string. @@ -226,8 +228,10 @@ def CamelCase(s): options.Extensions[status_pb2.file_status].CopyFrom( file_proto.options.Extensions[status_pb2.file_status]) - options.Extensions[status_pb2.file_status].package_version_status = file_proto.options.Extensions[ - status_pb2.file_status].package_version_status + if not empty_file: + options.Extensions[ + status_pb2.file_status].package_version_status = file_proto.options.Extensions[ + status_pb2.file_status].package_version_status options_block = FormatOptions(options) @@ -385,7 +389,7 @@ def FormatFieldType(type_context, field): } if field.type in pretty_type_names: return label + pretty_type_names[field.type] - raise ProtoXformError('Unknown field type ' + str(field.type)) + raise ProtoPrintError('Unknown field type ' + str(field.type)) def FormatServiceMethod(type_context, method): @@ -504,9 +508,15 @@ def FormatReserved(enum_or_msg_proto): Returns: Formatted enum_or_msg_proto as a string. """ - reserved_fields = FormatBlock('reserved %s;\n' % ','.join( - map(str, sum([list(range(rr.start, rr.end)) for rr in enum_or_msg_proto.reserved_range], - [])))) if enum_or_msg_proto.reserved_range else '' + rrs = copy.deepcopy(enum_or_msg_proto.reserved_range) + # Fixups for singletons that don't seem to always have [inclusive, exclusive) + # format when parsed by protoc. + for rr in rrs: + if rr.start == rr.end: + rr.end += 1 + reserved_fields = FormatBlock( + 'reserved %s;\n' % + ','.join(map(str, sum([list(range(rr.start, rr.end)) for rr in rrs], [])))) if rrs else '' if enum_or_msg_proto.reserved_name: reserved_fields += FormatBlock('reserved %s;\n' % ', '.join('"%s"' % n for n in enum_or_msg_proto.reserved_name)) @@ -566,6 +576,7 @@ def VisitMessage(self, msg_proto, type_context, nested_msgs, nested_enums): oneof_index = None if oneof_index is None and field.HasField('oneof_index'): oneof_index = field.oneof_index + assert (oneof_index < len(msg_proto.oneof_decl)) oneof_proto = msg_proto.oneof_decl[oneof_index] oneof_leading_comment, oneof_trailing_comment = FormatTypeContextComments( type_context.ExtendOneof(oneof_index, field.name)) @@ -580,7 +591,8 @@ def VisitMessage(self, msg_proto, type_context, nested_msgs, nested_enums): formatted_msgs, reserved_fields, fields) def VisitFile(self, file_proto, type_context, services, msgs, enums): - header = FormatHeaderFromFile(type_context.source_code_info, file_proto) + empty_file = len(services) == 0 and len(enums) == 0 and len(msgs) == 0 + header = FormatHeaderFromFile(type_context.source_code_info, file_proto, empty_file) formatted_services = FormatBlock('\n'.join(services)) formatted_enums = FormatBlock('\n'.join(enums)) formatted_msgs = FormatBlock('\n'.join(msgs)) @@ -590,7 +602,10 @@ def VisitFile(self, file_proto, type_context, services, msgs, enums): if __name__ == '__main__': proto_desc_path = sys.argv[1] file_proto = descriptor_pb2.FileDescriptorProto() - text_format.Merge(pathlib.Path(proto_desc_path).read_text(), file_proto) + input_text = pathlib.Path(proto_desc_path).read_text() + if not input_text: + sys.exit(0) + text_format.Merge(input_text, file_proto) dst_path = pathlib.Path(sys.argv[2]) utils.LoadTypeDb(sys.argv[3]) dst_path.write_bytes(traverse.TraverseFile(file_proto, ProtoFormatVisitor())) diff --git a/tools/protoxform/protoxform.bzl b/tools/protoxform/protoxform.bzl index 5910d71f12b6d..d3ea805348963 100644 --- a/tools/protoxform/protoxform.bzl +++ b/tools/protoxform/protoxform.bzl @@ -7,7 +7,7 @@ def _protoxform_impl(target, ctx): "proto", "protoxform", [ - ".active.proto", + ".active_or_frozen.proto", ".next_major_version_candidate.proto", ".next_major_version_candidate.envoy_internal.proto", ], diff --git a/tools/protoxform/protoxform.py b/tools/protoxform/protoxform.py index f99649cb8b0d5..abda362a79288 100755 --- a/tools/protoxform/protoxform.py +++ b/tools/protoxform/protoxform.py @@ -4,6 +4,7 @@ # version candidate FileDescriptorProtos. The resulting FileDescriptorProtos are # then later processed by proto_sync.py, which invokes protoprint.py to format. +import copy import functools from tools.api_proto_plugin import plugin @@ -22,14 +23,21 @@ from udpa.annotations import status_pb2 +class ProtoXformError(Exception): + """Base error class for the protoxform module.""" + + class ProtoFormatVisitor(visitor.Visitor): """Visitor to generate a proto representation from a FileDescriptor proto. See visitor.Visitor for visitor method docs comments. """ - def __init__(self, pkg_version_status): - self._pkg_version_status = pkg_version_status + def __init__(self, active_or_frozen, params): + if params['type_db_path']: + utils.LoadTypeDb(params['type_db_path']) + self._freeze = 'extra_args' in params and params['extra_args'] == 'freeze' + self._active_or_frozen = active_or_frozen def VisitService(self, service_proto, type_context): return None @@ -41,30 +49,48 @@ def VisitMessage(self, msg_proto, type_context, nested_msgs, nested_enums): return None def VisitFile(self, file_proto, type_context, services, msgs, enums): - file_proto.options.Extensions[ - status_pb2.file_status].package_version_status = self._pkg_version_status - return str(file_proto) - - -def ParameterCallback(parameter): - params = dict(param.split('=') for param in parameter.split(',')) - if params['type_db_path']: - utils.LoadTypeDb(params['type_db_path']) + # Freeze protos that have next major version canddidates. + typedb = utils.GetTypeDb() + output_proto = copy.deepcopy(file_proto) + existing_pkg_version_status = output_proto.options.Extensions[ + status_pb2.file_status].package_version_status + empty_file = len(services) == 0 and len(enums) == 0 and len(msgs) == 0 + pkg_version_status_exempt = file_proto.name.startswith('envoy/annotations') or empty_file + # It's a format error not to set package_version_status. + if existing_pkg_version_status == status_pb2.UNKNOWN and not pkg_version_status_exempt: + raise ProtoXformError('package_version_status must be set in %s' % file_proto.name) + # Only update package_version_status for .active_or_frozen.proto, + # migrate.VersionUpgradeXform has taken care of next major version + # candidates. + if self._active_or_frozen and not pkg_version_status_exempt: + # Freeze if this is an active package with a next major version. Preserve + # frozen status otherwise. + if self._freeze and typedb.next_version_protos.get(output_proto.name, None): + target_pkg_version_status = status_pb2.FROZEN + elif existing_pkg_version_status == status_pb2.FROZEN: + target_pkg_version_status = status_pb2.FROZEN + else: + assert (existing_pkg_version_status == status_pb2.ACTIVE) + target_pkg_version_status = status_pb2.ACTIVE + output_proto.options.Extensions[ + status_pb2.file_status].package_version_status = target_pkg_version_status + return str(output_proto) def Main(): plugin.Plugin([ - plugin.DirectOutputDescriptor('.active.proto', - functools.partial(ProtoFormatVisitor, status_pb2.ACTIVE)), - plugin.OutputDescriptor( - '.next_major_version_candidate.proto', - functools.partial(ProtoFormatVisitor, status_pb2.NEXT_MAJOR_VERSION_CANDIDATE), - functools.partial(migrate.VersionUpgradeXform, 2, False)), - plugin.OutputDescriptor( - '.next_major_version_candidate.envoy_internal.proto', - functools.partial(ProtoFormatVisitor, status_pb2.NEXT_MAJOR_VERSION_CANDIDATE), - functools.partial(migrate.VersionUpgradeXform, 2, True)) - ], ParameterCallback) + plugin.DirectOutputDescriptor('.active_or_frozen.proto', + functools.partial(ProtoFormatVisitor, True), + want_params=True), + plugin.OutputDescriptor('.next_major_version_candidate.proto', + functools.partial(ProtoFormatVisitor, False), + functools.partial(migrate.VersionUpgradeXform, 2, False), + want_params=True), + plugin.OutputDescriptor('.next_major_version_candidate.envoy_internal.proto', + functools.partial(ProtoFormatVisitor, False), + functools.partial(migrate.VersionUpgradeXform, 2, True), + want_params=True) + ]) if __name__ == '__main__': diff --git a/tools/protoxform/protoxform_test.sh b/tools/protoxform/protoxform_test.sh index 4f70193dd0bfb..3fe0a53197579 100755 --- a/tools/protoxform/protoxform_test.sh +++ b/tools/protoxform/protoxform_test.sh @@ -1,18 +1,26 @@ #!/bin/bash -rm -rf bazel-bin/tools +set -e -declare -r PROTO_TARGETS=$(bazel query "labels(srcs, labels(deps, //tools/testdata/protoxform:protos))") +rm -rf bazel-bin/tools BAZEL_BUILD_OPTIONS+=" --remote_download_outputs=all" -bazel build ${BAZEL_BUILD_OPTIONS} --//tools/api_proto_plugin:default_type_db_target=//tools/testdata/protoxform:protos \ - //tools/testdata/protoxform:protos --aspects //tools/protoxform:protoxform.bzl%protoxform_aspect --output_groups=proto - TOOLS=$(dirname $(dirname $(realpath $0))) # to satisfy dependency on run_command export PYTHONPATH="$TOOLS" -# Build protoprint for use in protoxform_test_helper.py. + +# protoxform fix test cases +PROTO_TARGETS=$(bazel query "labels(srcs, labels(deps, //tools/testdata/protoxform:fix_protos))") +bazel build ${BAZEL_BUILD_OPTIONS} --//tools/api_proto_plugin:default_type_db_target=//tools/testdata/protoxform:fix_protos \ + //tools/testdata/protoxform:fix_protos --aspects //tools/protoxform:protoxform.bzl%protoxform_aspect --output_groups=proto bazel build ${BAZEL_BUILD_OPTIONS} //tools/protoxform:protoprint +./tools/protoxform/protoxform_test_helper.py fix ${PROTO_TARGETS} -./tools/protoxform/protoxform_test_helper.py ${PROTO_TARGETS} +# protoxform freeze test cases +PROTO_TARGETS=$(bazel query "labels(srcs, labels(deps, //tools/testdata/protoxform:freeze_protos))") +bazel build ${BAZEL_BUILD_OPTIONS} --//tools/api_proto_plugin:default_type_db_target=//tools/testdata/protoxform:freeze_protos \ + --//tools/api_proto_plugin:extra_args=freeze \ + //tools/testdata/protoxform:freeze_protos --aspects //tools/protoxform:protoxform.bzl%protoxform_aspect --output_groups=proto +bazel build ${BAZEL_BUILD_OPTIONS} //tools/protoxform:protoprint +./tools/protoxform/protoxform_test_helper.py freeze ${PROTO_TARGETS} diff --git a/tools/protoxform/protoxform_test_helper.py b/tools/protoxform/protoxform_test_helper.py index 6e592b59f8606..dfa4c3ab78139 100755 --- a/tools/protoxform/protoxform_test_helper.py +++ b/tools/protoxform/protoxform_test_helper.py @@ -40,7 +40,7 @@ def GoldenProtoFile(path, filename, version): version: api version to specify target golden proto filename Returns: - actual golden proto absolute path + actual golden proto absolute path """ base = "./" base += path + "/" + filename + "." + version + ".gold" @@ -54,17 +54,18 @@ def ProtoPrint(src, dst): src: source path for FileDescriptorProto. dst: destination path for formatted proto. """ - print('ProtoPrint %s' % dst) + print('ProtoPrint %s -> %s' % (src, dst)) subprocess.check_call([ 'bazel-bin/tools/protoxform/protoprint', src, dst, './bazel-bin/tools/protoxform/protoprint.runfiles/envoy/tools/type_whisperer/api_type_db.pb_text' ]) -def ResultProtoFile(path, tmp, filename, version): +def ResultProtoFile(cmd, path, tmp, filename, version): """Retrieve result proto file path. In general, those are placed in bazel artifacts. Args: + cmd: fix or freeze? path: target proto path tmp: temporary directory. filename: target proto filename @@ -74,7 +75,7 @@ def ResultProtoFile(path, tmp, filename, version): actual result proto absolute path """ base = "./bazel-bin" - base += os.path.join(path, "protos") + base += os.path.join(path, "%s_protos" % cmd) base += os.path.join(base, path) base += "/{0}.{1}.proto".format(filename, version) dst = os.path.join(tmp, filename) @@ -99,10 +100,11 @@ def Diff(result_file, golden_file): return [status, stdout, stderr] -def Run(path, filename, version): +def Run(cmd, path, filename, version): """Run main execution for protoxform test Args: + cmd: fix or freeze? path: target proto path filename: target proto filename version: api version to specify target result proto filename @@ -113,7 +115,9 @@ def Run(path, filename, version): message = "" with tempfile.TemporaryDirectory() as tmp: golden_path = GoldenProtoFile(path, filename, version) - test_path = ResultProtoFile(path, tmp, filename, version) + test_path = ResultProtoFile(cmd, path, tmp, filename, version) + if os.stat(golden_path).st_size == 0 and not os.path.exists(test_path): + return message status, stdout, stderr = Diff(golden_path, test_path) @@ -126,12 +130,13 @@ def Run(path, filename, version): if __name__ == "__main__": messages = "" logging.basicConfig(format='%(message)s') - for target in sys.argv[1:]: + cmd = sys.argv[1] + for target in sys.argv[2:]: path, filename = PathAndFilename(target) - messages += Run(path, filename, 'active') - messages += Run(path, filename, 'next_major_version_candidate') - messages += Run(path, filename, 'next_major_version_candidate') - messages += Run(path, filename, 'next_major_version_candidate.envoy_internal') + messages += Run(cmd, path, filename, 'active_or_frozen') + messages += Run(cmd, path, filename, 'next_major_version_candidate') + messages += Run(cmd, path, filename, 'next_major_version_candidate') + messages += Run(cmd, path, filename, 'next_major_version_candidate.envoy_internal') if len(messages) == 0: logging.warning("PASS") diff --git a/tools/testdata/protoxform/BUILD b/tools/testdata/protoxform/BUILD index 2ffec2e74aef8..382cffec50e4e 100644 --- a/tools/testdata/protoxform/BUILD +++ b/tools/testdata/protoxform/BUILD @@ -1,9 +1,20 @@ licenses(["notice"]) # Apache 2 proto_library( - name = "protos", + name = "fix_protos", visibility = ["//visibility:public"], deps = [ - "//tools/testdata/protoxform/envoy/v2:protos", + "//tools/testdata/protoxform/envoy/v2:fix_protos", + ], +) + +proto_library( + name = "freeze_protos", + visibility = ["//visibility:public"], + deps = [ + "//tools/testdata/protoxform/envoy/active_non_terminal/v2:freeze_protos", + "//tools/testdata/protoxform/envoy/active_terminal/v2:freeze_protos", + "//tools/testdata/protoxform/envoy/frozen/v2:freeze_protos", + "//tools/testdata/protoxform/envoy/frozen/v3:freeze_protos", ], ) diff --git a/tools/testdata/protoxform/envoy/active_non_terminal/v2/BUILD b/tools/testdata/protoxform/envoy/active_non_terminal/v2/BUILD new file mode 100644 index 0000000000000..4c756ea941378 --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_non_terminal/v2/BUILD @@ -0,0 +1,8 @@ +licenses(["notice"]) # Apache 2 + +proto_library( + name = "freeze_protos", + srcs = ["active_non_terminal.proto"], + visibility = ["//visibility:public"], + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto new file mode 100644 index 0000000000000..0e21d4700c62c --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto @@ -0,0 +1,12 @@ +syntax = "proto3"; + +package envoy.active_non_terminal.v2; + +import "udpa/annotations/status.proto"; + +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +message ActiveNonTerminal { + int32 foo = 1 [deprecated = true]; + int32 bar = 2; +} diff --git a/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.active_or_frozen.gold b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.active_or_frozen.gold new file mode 100644 index 0000000000000..859456d5bb8de --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.active_or_frozen.gold @@ -0,0 +1,16 @@ +syntax = "proto3"; + +package envoy.active_non_terminal.v2; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.active_non_terminal.v2"; +option java_outer_classname = "ActiveNonTerminalProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = FROZEN; + +message ActiveNonTerminal { + int32 foo = 1 [deprecated = true]; + + int32 bar = 2; +} diff --git a/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.next_major_version_candidate.envoy_internal.gold b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.next_major_version_candidate.envoy_internal.gold new file mode 100644 index 0000000000000..e351dc4331e1b --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.next_major_version_candidate.envoy_internal.gold @@ -0,0 +1,20 @@ +syntax = "proto3"; + +package envoy.active_non_terminal.v3; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.active_non_terminal.v3"; +option java_outer_classname = "ActiveNonTerminalProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +message ActiveNonTerminal { + option (udpa.annotations.versioning).previous_message_type = + "envoy.active_non_terminal.v2.ActiveNonTerminal"; + + int32 hidden_envoy_deprecated_foo = 1 [deprecated = true]; + + int32 bar = 2; +} diff --git a/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.next_major_version_candidate.gold b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.next_major_version_candidate.gold new file mode 100644 index 0000000000000..5d369aefd96df --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_non_terminal/v2/active_non_terminal.proto.next_major_version_candidate.gold @@ -0,0 +1,22 @@ +syntax = "proto3"; + +package envoy.active_non_terminal.v3; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.active_non_terminal.v3"; +option java_outer_classname = "ActiveNonTerminalProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +message ActiveNonTerminal { + option (udpa.annotations.versioning).previous_message_type = + "envoy.active_non_terminal.v2.ActiveNonTerminal"; + + reserved 1; + + reserved "foo"; + + int32 bar = 2; +} diff --git a/tools/testdata/protoxform/envoy/active_terminal/v2/BUILD b/tools/testdata/protoxform/envoy/active_terminal/v2/BUILD new file mode 100644 index 0000000000000..d97319b2631ac --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_terminal/v2/BUILD @@ -0,0 +1,8 @@ +licenses(["notice"]) # Apache 2 + +proto_library( + name = "freeze_protos", + srcs = ["active_terminal.proto"], + visibility = ["//visibility:public"], + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto b/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto new file mode 100644 index 0000000000000..1c5bdaca36832 --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto @@ -0,0 +1,11 @@ +syntax = "proto3"; + +package envoy.active_terminal.v2; + +import "udpa/annotations/status.proto"; + +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +message ActiveTerminal { + int32 foo = 1; +} diff --git a/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto.active_or_frozen.gold b/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto.active_or_frozen.gold new file mode 100644 index 0000000000000..5e49be1e63b4e --- /dev/null +++ b/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto.active_or_frozen.gold @@ -0,0 +1,14 @@ +syntax = "proto3"; + +package envoy.active_terminal.v2; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.active_terminal.v2"; +option java_outer_classname = "ActiveTerminalProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +message ActiveTerminal { + int32 foo = 1; +} diff --git a/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto.next_major_version_candidate.envoy_internal.gold b/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto.next_major_version_candidate.envoy_internal.gold new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto.next_major_version_candidate.gold b/tools/testdata/protoxform/envoy/active_terminal/v2/active_terminal.proto.next_major_version_candidate.gold new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/tools/testdata/protoxform/envoy/frozen/v2/BUILD b/tools/testdata/protoxform/envoy/frozen/v2/BUILD new file mode 100644 index 0000000000000..bbbcaffdbc754 --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v2/BUILD @@ -0,0 +1,8 @@ +licenses(["notice"]) # Apache 2 + +proto_library( + name = "freeze_protos", + srcs = ["frozen.proto"], + visibility = ["//visibility:public"], + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto new file mode 100644 index 0000000000000..defe7ff3eac40 --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto @@ -0,0 +1,12 @@ +syntax = "proto3"; + +package envoy.frozen.v2; + +import "udpa/annotations/status.proto"; + +option (udpa.annotations.file_status).package_version_status = FROZEN; + +message Frozen { + int32 foo = 1; + int32 bar = 2 [deprecated = true]; +} diff --git a/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.active_or_frozen.gold b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.active_or_frozen.gold new file mode 100644 index 0000000000000..5086376ee4354 --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.active_or_frozen.gold @@ -0,0 +1,16 @@ +syntax = "proto3"; + +package envoy.frozen.v2; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.frozen.v2"; +option java_outer_classname = "FrozenProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = FROZEN; + +message Frozen { + int32 foo = 1; + + int32 bar = 2 [deprecated = true]; +} diff --git a/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.next_major_version_candidate.envoy_internal.gold b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.next_major_version_candidate.envoy_internal.gold new file mode 100644 index 0000000000000..fa0b405ec586c --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.next_major_version_candidate.envoy_internal.gold @@ -0,0 +1,19 @@ +syntax = "proto3"; + +package envoy.frozen.v3; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.frozen.v3"; +option java_outer_classname = "FrozenProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +message Frozen { + option (udpa.annotations.versioning).previous_message_type = "envoy.frozen.v2.Frozen"; + + int32 foo = 1; + + int32 hidden_envoy_deprecated_bar = 2 [deprecated = true]; +} diff --git a/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.next_major_version_candidate.gold b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.next_major_version_candidate.gold new file mode 100644 index 0000000000000..7c10c1313b27c --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v2/frozen.proto.next_major_version_candidate.gold @@ -0,0 +1,21 @@ +syntax = "proto3"; + +package envoy.frozen.v3; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.frozen.v3"; +option java_outer_classname = "FrozenProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +message Frozen { + option (udpa.annotations.versioning).previous_message_type = "envoy.frozen.v2.Frozen"; + + reserved 2; + + reserved "bar"; + + int32 foo = 1; +} diff --git a/tools/testdata/protoxform/envoy/frozen/v3/BUILD b/tools/testdata/protoxform/envoy/frozen/v3/BUILD new file mode 100644 index 0000000000000..bbbcaffdbc754 --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v3/BUILD @@ -0,0 +1,8 @@ +licenses(["notice"]) # Apache 2 + +proto_library( + name = "freeze_protos", + srcs = ["frozen.proto"], + visibility = ["//visibility:public"], + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto b/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto new file mode 100644 index 0000000000000..0e09acf92fe69 --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto @@ -0,0 +1,12 @@ +syntax = "proto3"; + +package envoy.frozen.v3; + +import "udpa/annotations/status.proto"; + +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +message Frozen { + int32 foo = 1; + reserved 2; +} diff --git a/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto.active_or_frozen.gold b/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto.active_or_frozen.gold new file mode 100644 index 0000000000000..23740e54e11f3 --- /dev/null +++ b/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto.active_or_frozen.gold @@ -0,0 +1,16 @@ +syntax = "proto3"; + +package envoy.frozen.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.frozen.v3"; +option java_outer_classname = "FrozenProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +message Frozen { + reserved 2; + + int32 foo = 1; +} diff --git a/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto.next_major_version_candidate.envoy_internal.gold b/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto.next_major_version_candidate.envoy_internal.gold new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto.next_major_version_candidate.gold b/tools/testdata/protoxform/envoy/frozen/v3/frozen.proto.next_major_version_candidate.gold new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/tools/testdata/protoxform/envoy/v2/BUILD b/tools/testdata/protoxform/envoy/v2/BUILD index 61eeb69ded13f..f381f26cfa5f5 100644 --- a/tools/testdata/protoxform/envoy/v2/BUILD +++ b/tools/testdata/protoxform/envoy/v2/BUILD @@ -1,7 +1,7 @@ licenses(["notice"]) # Apache 2 proto_library( - name = "protos", + name = "fix_protos", srcs = [ "discovery_service.proto", "oneof.proto", @@ -15,3 +15,18 @@ proto_library( "@envoy_api//envoy/api/v2:pkg", ], ) + +proto_library( + name = "freeze_protos", + srcs = [ + "active_non_terminal.proto", + "active_terminal.proto", + "frozen.proto", + ], + visibility = ["//visibility:public"], + deps = [ + "@com_github_cncf_udpa//udpa/annotations:pkg", + "@envoy_api//envoy/annotations:pkg", + "@envoy_api//envoy/api/v2:pkg", + ], +) diff --git a/tools/testdata/protoxform/envoy/v2/discovery_service.proto b/tools/testdata/protoxform/envoy/v2/discovery_service.proto index 1a4530176ff34..921f27133dfbf 100644 --- a/tools/testdata/protoxform/envoy/v2/discovery_service.proto +++ b/tools/testdata/protoxform/envoy/v2/discovery_service.proto @@ -8,6 +8,9 @@ import "google/api/annotations.proto"; import "envoy/annotations/resource.proto"; import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; + +option (udpa.annotations.file_status).package_version_status = ACTIVE; service SomeDiscoveryService { option (envoy.annotations.resource).type = "envoy.v2.SomeResource"; diff --git a/tools/testdata/protoxform/envoy/v2/discovery_service.proto.active.gold b/tools/testdata/protoxform/envoy/v2/discovery_service.proto.active_or_frozen.gold similarity index 100% rename from tools/testdata/protoxform/envoy/v2/discovery_service.proto.active.gold rename to tools/testdata/protoxform/envoy/v2/discovery_service.proto.active_or_frozen.gold diff --git a/tools/testdata/protoxform/envoy/v2/oneof.proto b/tools/testdata/protoxform/envoy/v2/oneof.proto index 07a3f7bbfae0b..8630b23e37b59 100644 --- a/tools/testdata/protoxform/envoy/v2/oneof.proto +++ b/tools/testdata/protoxform/envoy/v2/oneof.proto @@ -3,6 +3,9 @@ syntax = "proto3"; package envoy.v2; import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; + +option (udpa.annotations.file_status).package_version_status = ACTIVE; message OneofExample { string foo = 1 [(udpa.annotations.field_migrate).oneof_promotion = "baz_specifier"]; diff --git a/tools/testdata/protoxform/envoy/v2/oneof.proto.active.gold b/tools/testdata/protoxform/envoy/v2/oneof.proto.active_or_frozen.gold similarity index 100% rename from tools/testdata/protoxform/envoy/v2/oneof.proto.active.gold rename to tools/testdata/protoxform/envoy/v2/oneof.proto.active_or_frozen.gold diff --git a/tools/testdata/protoxform/envoy/v2/package_move.proto b/tools/testdata/protoxform/envoy/v2/package_move.proto index 3356dd60152e3..0bf083bb58c8b 100644 --- a/tools/testdata/protoxform/envoy/v2/package_move.proto +++ b/tools/testdata/protoxform/envoy/v2/package_move.proto @@ -3,8 +3,10 @@ syntax = "proto3"; package envoy.v2; import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; option (udpa.annotations.file_migrate).move_to_package = "envoy.foo.v3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; message Package { message Entry { diff --git a/tools/testdata/protoxform/envoy/v2/package_move.proto.active.gold b/tools/testdata/protoxform/envoy/v2/package_move.proto.active_or_frozen.gold similarity index 100% rename from tools/testdata/protoxform/envoy/v2/package_move.proto.active.gold rename to tools/testdata/protoxform/envoy/v2/package_move.proto.active_or_frozen.gold diff --git a/tools/testdata/protoxform/envoy/v2/sample.proto b/tools/testdata/protoxform/envoy/v2/sample.proto index 1ab0052851ebf..73649fb32db0a 100644 --- a/tools/testdata/protoxform/envoy/v2/sample.proto +++ b/tools/testdata/protoxform/envoy/v2/sample.proto @@ -3,6 +3,9 @@ syntax = "proto3"; package envoy.v2; import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; + +option (udpa.annotations.file_status).package_version_status = ACTIVE; enum SomeEnum { DEFAULT = 0 [deprecated = true]; diff --git a/tools/testdata/protoxform/envoy/v2/sample.proto.active.gold b/tools/testdata/protoxform/envoy/v2/sample.proto.active_or_frozen.gold similarity index 100% rename from tools/testdata/protoxform/envoy/v2/sample.proto.active.gold rename to tools/testdata/protoxform/envoy/v2/sample.proto.active_or_frozen.gold diff --git a/tools/type_whisperer/proto_build_targets_gen.py b/tools/type_whisperer/proto_build_targets_gen.py index 22df422666ab8..c68895edc7d30 100644 --- a/tools/type_whisperer/proto_build_targets_gen.py +++ b/tools/type_whisperer/proto_build_targets_gen.py @@ -1,7 +1,9 @@ # Generate api/BUILD based on API type database. This contains target for v2, v3 -# and all API protos. +# and all API protos. This is not the ideal way to be generating docs, see +# https://github.com/envoyproxy/envoy/issues/10311#issuecomment-603518498. import os +import re import string import sys @@ -9,6 +11,18 @@ from google.protobuf import text_format +V2_REGEXES = list( + map(re.compile, [ + r'(envoy[\w\.]*\.)(v1alpha\d?|v1)', + r'(envoy[\w\.]*\.)(v2alpha\d?|v2)', + r'envoy\.type\.matcher', + r'envoy\.type', + r'envoy\.config\.cluster\.redis', + r'envoy\.config\.retry\.previous_priorities', + ])) + +V3_REGEX = re.compile(r'(envoy[\w\.]*\.)(v3alpha\d?|v3)') + API_BUILD_FILE_TEMPLATE = string.Template( """# DO NOT EDIT. This file is generated by tools/proto_sync.py. @@ -69,25 +83,33 @@ def DepsFormat(pkgs): for p in sorted(FilterPkgs(pkgs), key=BuildOrderKey)) +def IsV2Package(pkg): + for regex in V2_REGEXES: + if regex.match(pkg): + return True + return False + + +def IsV3Package(pkg): + return V3_REGEX.match(pkg) is not None + + if __name__ == '__main__': type_db_path, output_path = sys.argv[1:] type_db = LoadTypeDb(type_db_path) # TODO(htuch): generalize to > 2 versions v2_packages = set([]) v3_packages = set([]) - # Phase 1, we use the upgraded packages as a means to figure out which - # packages are explicitly in v2 vs. v3 by virtue of some breaking change. - for name, desc in type_db.types.items(): - if desc.next_version_type_name: - v2_packages.add(desc.qualified_package) - v3_packages.add(type_db.types[desc.next_version_type_name].qualified_package) - # Phase 2, we collect the rest of the packages not already binned and consider - # them to be both v2 and v3. - for name, desc in type_db.types.items(): + for desc in type_db.types.values(): pkg = desc.qualified_package - if pkg not in v2_packages and pkg not in v3_packages: - v2_packages.add(pkg) + if IsV3Package(pkg): v3_packages.add(pkg) + continue + if IsV2Package(pkg): + v2_packages.add(pkg) + # Special case for v2 packages that are part of v3 (still active) + if not desc.next_version_type_name: + v3_packages.add(pkg) # Generate BUILD file. build_file_contents = API_BUILD_FILE_TEMPLATE.substitute(v2_deps=DepsFormat(v2_packages), v3_deps=DepsFormat(v3_packages)) diff --git a/tools/type_whisperer/type_whisperer.py b/tools/type_whisperer/type_whisperer.py index a185d58eb8b8f..611574d705bdb 100755 --- a/tools/type_whisperer/type_whisperer.py +++ b/tools/type_whisperer/type_whisperer.py @@ -7,6 +7,7 @@ from tools.type_whisperer.types_pb2 import Types from udpa.annotations import migrate_pb2 +from udpa.annotations import status_pb2 class TypeWhispererVisitor(visitor.Visitor): @@ -25,9 +26,12 @@ def VisitService(self, service_proto, type_context): def VisitEnum(self, enum_proto, type_context): type_desc = self._types.types[type_context.name] type_desc.next_version_upgrade = any(v.options.deprecated for v in enum_proto.value) + type_desc.deprecated_type = type_context.deprecated def VisitMessage(self, msg_proto, type_context, nested_msgs, nested_enums): type_desc = self._types.types[type_context.name] + type_desc.map_entry = msg_proto.options.map_entry + type_desc.deprecated_type = type_context.deprecated type_deps = set([]) for f in msg_proto.field: if f.type_name.startswith('.'): @@ -37,12 +41,14 @@ def VisitMessage(self, msg_proto, type_context, nested_msgs, nested_enums): type_desc.type_dependencies.extend(type_deps) def VisitFile(self, file_proto, type_context, services, msgs, enums): - next_version_package = "" + next_version_package = '' if file_proto.options.HasExtension(migrate_pb2.file_migrate): next_version_package = file_proto.options.Extensions[migrate_pb2.file_migrate].move_to_package for t in self._types.types.values(): t.qualified_package = file_proto.package t.proto_path = file_proto.name + t.active = file_proto.options.Extensions[ + status_pb2.file_status].package_version_status == status_pb2.ACTIVE if next_version_package: t.next_version_package = next_version_package t.next_version_upgrade = True diff --git a/tools/type_whisperer/typedb_gen.py b/tools/type_whisperer/typedb_gen.py index c530e47e7ee12..ac6e7ee85e43a 100644 --- a/tools/type_whisperer/typedb_gen.py +++ b/tools/type_whisperer/typedb_gen.py @@ -13,6 +13,7 @@ # Regexes governing v3upgrades. TODO(htuch): The regex approach will have # to be rethought as we go beyond v3, this is WiP. TYPE_UPGRADE_REGEXES = [ + (r'(envoy[\w\.]*\.)(v3alpha\d?|v3)', r'\1v4alpha'), (r'(envoy[\w\.]*\.)(v1alpha\d?|v1)', r'\1v3'), (r'(envoy[\w\.]*\.)(v2alpha\d?|v2)', r'\1v3'), # These are special cases, e.g. upgrading versionless packages. @@ -70,6 +71,8 @@ def UpgradedTypeWithDescription(type_name, type_desc): upgrade_type_desc.qualified_package = UpgradedPackage(type_desc) upgrade_type_desc.proto_path = UpgradedPath(type_desc.proto_path, upgrade_type_desc.qualified_package) + upgrade_type_desc.deprecated_type = type_desc.deprecated_type + upgrade_type_desc.map_entry = type_desc.map_entry return (UpgradedType(type_name, type_desc), upgrade_type_desc) @@ -149,12 +152,16 @@ def NextVersionUpgrade(type_name, type_map, next_version_upgrade_memo, visited=N if NextVersionUpgrade(type_name, type_map, next_version_upgrade_memo) ]).union(set(['envoy.config.retry.previous_priorities', 'envoy.config.cluster.redis'])) - # Generate type map entries for upgraded types. - type_map.update([ - UpgradedTypeWithDescription(type_name, type_desc) - for type_name, type_desc in type_map.items() - if type_desc.qualified_package in next_versions_pkgs - ]) + # Generate type map entries for upgraded types. We run this twice to allow + # things like a v2 deprecated map field's synthesized map entry to forward + # propagate to v4alpha (for shadowing purposes). + for _ in range(2): + type_map.update([ + UpgradedTypeWithDescription(type_name, type_desc) + for type_name, type_desc in type_map.items() + if type_desc.qualified_package in next_versions_pkgs and + (type_desc.active or type_desc.deprecated_type or type_desc.map_entry) + ]) # Generate the type database proto. To provide some stability across runs, in # terms of the emitted proto binary blob that we track in git, we sort before diff --git a/tools/type_whisperer/types.proto b/tools/type_whisperer/types.proto index 493b5e363157d..1f64931ef2330 100644 --- a/tools/type_whisperer/types.proto +++ b/tools/type_whisperer/types.proto @@ -19,6 +19,15 @@ message TypeDescription { // The package of the type in next version string next_version_package = 6; + + // Is this a type in an active package? + bool active = 7; + + // Is this type a synthesized map entry? + bool map_entry = 8; + + // Is this type deprecated? + bool deprecated_type = 9; } message Types {