api: move generic matcher proto to its own package

[snowp]

In order to unblock a dependency between route_components.proto and the matcher tree, move the alpha Matcher to
its own package. To provide an upgrade path for users using this, we'll keep the old copy around for a single deprecation
cycle.

Signed-off-by: Snow Pettersen snowp@lyft.com

Risk Level: Low
Testing: n/a
Docs Changes: n/a
Release Notes: Deprecation note

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/envoy/.
envoyproxy/api-shepherds assignee is @htuch
CC @envoyproxy/api-watchers: FYI only for changes made to api/envoy/.

🐱

Caused by: #17096 was opened by snowp.

see: more, trace.

[snowp]

@htuch This moves the proto as per #17037. I figured we'd provide some kind of upgrade path via supporting both the new and old proto, though let me know if you think we should just do an aggressive move given the alpha status.

[htuch]

@snowp very exciting to see routing and sub-linear matchers coming together.

One question I have on this is whether we are breaking the circular dependency at the ideal place. The fact that generic matchers depend on HeaderMatcher in router seems wrong, ideally the header matcher would be somewhere generic. OTOH to fix this would require wasting time deprecating the existing location and moving the type for route table, which is very disruptive to existing users (almost everyone using Envoy and HTTP).

Is what you ahve here the least bad you can think of?

[markdroth]

While you're at it, can you also update the following doc to indicate an exception for [#alpha:]?

https://github.com/envoyproxy/envoy/blob/main/api/API_VERSIONING.md#backwards-compatibility

Thanks!

[snowp]

Is what you ahve here the least bad you can think of?

I think this is the least bad in terms how many people this would be affected by it (only users of the new matching API). I'm also not sure if moving the header matching protos would help without a breaking API change: the protos currently referencing them are not in alpha, so even if we copied them we wouldn't be able to remove the build time dependency on the existing route matching protos since we need to keep the deprecated field around. With this change we can remove the old matching tree proto (immediately? or maybe following a deprecation cycle?) and continue to evolve the new proto without being held back by the API stability policy.

[markdroth]

Another thought: Since we're moving this any way, would it make sense to move it to the cncf/xds repo at this point?

[snowp]

@markdroth I'm not opposed to that since I don't think it would be too much work, so happy to do that if we feel like it's the right call. @envoyproxy/api-shepherds thoughts?

[snowp]

Also: given the exception we're now giving breaking changes to alpha protos, does it still make sense to provide the migration path that this PR offers at the moment? After looking at it some more, none of the affected protos are referenced by type url (only ExtensionWithMatch is, which isnt changed), so if we were to swap the type of the matcher field to something that looks the same that should not break anything on the wire

Thoughts?

[htuch]

I think moving to cncf/xds would make sense as this is a fairly fundamental generic construct. But, don't feel so strongly I'd bike shed a ton.

Migration path makes sense if it helps out in your situation @snowp, otherwise I think it's fine to just make the breaking change in alpha.

[snowp]

Looking into what it would take to migrate this to udpa there are two messages outside of the immediate field that would also need to be migrated: TypedExtensionConfig and matcher.v3.StringMatcher. We could add these to udpa as well, though that will involve duck typing more functions (like I've done in this PR via templating) to make them compatible with the identical protos in the Envoy repo vs the udpa repo.

Thoughts? Not sure if this makes things more complicated than they have to be

[markdroth]

I'd be fine with creating a copy of both TypedExtensionConfig and StringMatcher in the cncf/xds repo.

[markdroth]

Please put this in the bulletted list below, which lists the other items that have an exception.

[repokitteh-read-only]

CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).

🐱

Caused by: #17096 was synchronize by snowp.

see: more, trace.

[htuch]

Looks like CI failures.
/wait

[moderation]

I think it's lack of any release, but this seems strange it should be the first time since there are other deps in this situation. @moderation @phlax any thoughts?

Seems like the deps issue is resolved and there shouldn't be problems with deps without releases or targeting specific commits.

/lgtm deps

[htuch]

LGTM, thanks!

[mathetake]

LGTM for changes to SPIFFE validator extension

[snowp]

Finally passed CI on this on, ptal @htuch

[htuch]

LGTM, thanks!