From 1b8cd2a586a4184a6b2b95755d3d304f8d9f74cb Mon Sep 17 00:00:00 2001 From: "Penn (Dapeng) Zhang" Date: Thu, 3 Jan 2019 13:34:04 -0800 Subject: [PATCH 1/2] api: update envoy to 02659d4 Signed-off-by: Penn (Dapeng) Zhang --- .../proto/envoy/admin/v2alpha/certs.proto | 55 +++++ .../proto/envoy/admin/v2alpha/clusters.proto | 8 + .../envoy/admin/v2alpha/config_dump.proto | 2 + .../proto/envoy/admin/v2alpha/memory.proto | 16 ++ .../proto/envoy/admin/v2alpha/metrics.proto | 2 + .../envoy/admin/v2alpha/mutex_stats.proto | 26 ++ .../envoy/admin/v2alpha/server_info.proto | 129 ++++++++++ .../main/proto/envoy/api/v2/auth/cert.proto | 99 ++++++-- api/src/main/proto/envoy/api/v2/cds.proto | 54 +++-- .../api/v2/cluster/circuit_breaker.proto | 2 + .../api/v2/cluster/outlier_detection.proto | 2 + .../proto/envoy/api/v2/core/address.proto | 2 + .../main/proto/envoy/api/v2/core/base.proto | 33 ++- .../envoy/api/v2/core/config_source.proto | 20 +- .../envoy/api/v2/core/grpc_service.proto | 10 +- .../envoy/api/v2/core/health_check.proto | 35 ++- .../proto/envoy/api/v2/core/http_uri.proto | 2 + .../proto/envoy/api/v2/core/protocol.proto | 21 +- .../main/proto/envoy/api/v2/discovery.proto | 2 + api/src/main/proto/envoy/api/v2/eds.proto | 9 +- .../envoy/api/v2/endpoint/endpoint.proto | 2 + .../envoy/api/v2/endpoint/load_report.proto | 7 + api/src/main/proto/envoy/api/v2/lds.proto | 19 ++ .../envoy/api/v2/listener/listener.proto | 38 ++- .../envoy/api/v2/ratelimit/ratelimit.proto | 2 + api/src/main/proto/envoy/api/v2/rds.proto | 9 +- .../main/proto/envoy/api/v2/route/route.proto | 224 ++++++++++++------ .../proto/envoy/config/accesslog/v2/als.proto | 2 + .../envoy/config/accesslog/v2/file.proto | 11 +- .../envoy/config/bootstrap/v2/bootstrap.proto | 25 +- .../filter/accesslog/v2/accesslog.proto | 33 ++- .../envoy/config/filter/fault/v2/fault.proto | 10 +- .../config/filter/http/buffer/v2/buffer.proto | 13 +- .../http/ext_authz/v2alpha/ext_authz.proto | 41 +++- .../config/filter/http/fault/v2/fault.proto | 22 +- .../config/filter/http/gzip/v2/gzip.proto | 2 + .../v2/header_to_metadata.proto | 2 + .../http/health_check/v2/health_check.proto | 2 + .../http/ip_tagging/v2/ip_tagging.proto | 2 + .../http/jwt_authn/v2alpha/config.proto | 131 ++++++---- .../envoy/config/filter/http/lua/v2/lua.proto | 2 + .../http/rate_limit/v2/rate_limit.proto | 16 ++ .../config/filter/http/rbac/v2/rbac.proto | 2 + .../config/filter/http/router/v2/router.proto | 2 + .../config/filter/http/squash/v2/squash.proto | 2 + .../http/transcoder/v2/transcoder.proto | 29 +++ .../client_ssl_auth/v2/client_ssl_auth.proto | 2 + .../dubbo_proxy/v2alpha1/dubbo_proxy.proto | 28 +++ .../network/ext_authz/v2/ext_authz.proto | 2 + .../v2/http_connection_manager.proto | 42 +++- .../network/mongo_proxy/v2/mongo_proxy.proto | 6 + .../network/rate_limit/v2/rate_limit.proto | 11 + .../config/filter/network/rbac/v2/rbac.proto | 22 +- .../network/redis_proxy/v2/redis_proxy.proto | 2 + .../network/tcp_proxy/v2/tcp_proxy.proto | 2 + .../network/thrift_proxy/v2alpha1/route.proto | 9 +- .../thrift_proxy/v2alpha1/thrift_proxy.proto | 15 +- .../rate_limit/v2alpha1/rate_limit.proto | 50 ++++ .../thrift/router/v2alpha1/router.proto | 2 + .../v2alpha/file_based_metadata.proto | 2 + .../health_checker/redis/v2/redis.proto | 2 + .../config/metrics/v2/metrics_service.proto | 2 + .../proto/envoy/config/metrics/v2/stats.proto | 112 ++++++++- .../config/overload/v2alpha/overload.proto | 10 +- .../proto/envoy/config/ratelimit/v2/rls.proto | 38 +-- .../envoy/config/rbac/v2alpha/rbac.proto | 29 ++- .../fixed_heap/v2alpha/fixed_heap.proto | 2 + .../v2alpha/injected_resource.proto | 2 + .../previous_priorities_config.proto | 42 ++++ .../proto/envoy/config/trace/v2/trace.proto | 38 ++- .../transport_socket/alts/v2alpha/alts.proto | 22 ++ .../capture/v2alpha/capture.proto | 2 + .../envoy/data/accesslog/v2/accesslog.proto | 11 +- .../core/v2alpha/health_check_event.proto | 15 +- .../envoy/data/tap/v2alpha/capture.proto | 2 + .../envoy/service/accesslog/v2/als.proto | 2 + .../auth/v2alpha/attribute_context.proto | 2 + .../service/auth/v2alpha/external_auth.proto | 2 + .../envoy/service/discovery/v2/ads.proto | 2 + .../envoy/service/discovery/v2/hds.proto | 2 + .../envoy/service/discovery/v2/sds.proto | 2 + .../envoy/service/load_stats/v2/lrs.proto | 2 + .../service/metrics/v2/metrics_service.proto | 2 + .../envoy/service/ratelimit/v2/rls.proto | 16 +- .../service/trace/v2/trace_service.proto | 4 +- .../main/proto/envoy/type/http_status.proto | 2 + .../proto/envoy/type/matcher/metadata.proto | 2 + .../proto/envoy/type/matcher/number.proto | 2 + .../proto/envoy/type/matcher/string.proto | 7 + .../main/proto/envoy/type/matcher/value.proto | 2 + api/src/main/proto/envoy/type/percent.proto | 2 + api/src/main/proto/envoy/type/range.proto | 2 + api/src/main/proto/gogoproto/gogo.proto | 11 + api/src/main/proto/trace.proto | 38 ++- tools/API_SHAS | 6 +- tools/update-api.sh | 2 +- 96 files changed, 1483 insertions(+), 332 deletions(-) create mode 100644 api/src/main/proto/envoy/admin/v2alpha/certs.proto create mode 100644 api/src/main/proto/envoy/admin/v2alpha/mutex_stats.proto create mode 100644 api/src/main/proto/envoy/admin/v2alpha/server_info.proto create mode 100644 api/src/main/proto/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto create mode 100644 api/src/main/proto/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto create mode 100644 api/src/main/proto/envoy/config/retry/previous_priorities/previous_priorities_config.proto create mode 100644 api/src/main/proto/envoy/config/transport_socket/alts/v2alpha/alts.proto diff --git a/api/src/main/proto/envoy/admin/v2alpha/certs.proto b/api/src/main/proto/envoy/admin/v2alpha/certs.proto new file mode 100644 index 000000000..ffcd06954 --- /dev/null +++ b/api/src/main/proto/envoy/admin/v2alpha/certs.proto @@ -0,0 +1,55 @@ +syntax = "proto3"; + +package envoy.admin.v2alpha; +option java_package = "io.envoyproxy.envoy.admin.v2alpha"; +option java_multiple_files = true; + +import "google/protobuf/timestamp.proto"; + +// [#protodoc-title: Certificates] + +// Proto representation of certificate details. Admin endpoint uses this wrapper for `/certs` to +// display certificate information. See :ref:`/certs ` for more +// information. +message Certificates { + // List of certificates known to an Envoy. + repeated Certificate certificates = 1; +} + +message Certificate { + + // Details of CA certificate. + repeated CertificateDetails ca_cert = 1; + + // Details of Certificate Chain + repeated CertificateDetails cert_chain = 2; +} + +message CertificateDetails { + // Path of the certificate. + string path = 1; + + // Certificate Serial Number. + string serial_number = 2; + + // List of Subject Alternate names. + repeated SubjectAlternateName subject_alt_names = 3; + + // Minimum of days until expiration of certificate and it's chain. + uint64 days_until_expiration = 4; + + // Indicates the time from which the certificate is valid. + google.protobuf.Timestamp valid_from = 5; + + // Indicates the time at which the certificate expires. + google.protobuf.Timestamp expiration_time = 6; +} + +message SubjectAlternateName { + + // Subject Alternate Name. + oneof name { + string dns = 1; + string uri = 2; + } +} diff --git a/api/src/main/proto/envoy/admin/v2alpha/clusters.proto b/api/src/main/proto/envoy/admin/v2alpha/clusters.proto index 558d13ed2..b41d97335 100644 --- a/api/src/main/proto/envoy/admin/v2alpha/clusters.proto +++ b/api/src/main/proto/envoy/admin/v2alpha/clusters.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.admin.v2alpha; +option java_package = "io.envoyproxy.envoy.admin.v2alpha"; +option java_multiple_files = true; import "envoy/admin/v2alpha/metrics.proto"; import "envoy/api/v2/core/address.proto"; @@ -58,6 +60,9 @@ message HostStatus { // success rate or the cluster did not have enough hosts to run through success rate outlier // ejection. envoy.type.Percent success_rate = 4; + + // The host's weight. If not configured, the value defaults to 1. + uint32 weight = 5; } // Health status for a host. @@ -68,6 +73,9 @@ message HostHealthStatus { // The host is currently considered an outlier and has been ejected. bool failed_outlier_check = 2; + // The host is currently being marked as degraded through active health checking. + bool failed_active_degraded_check = 4; + // Health status as reported by EDS. Note: only HEALTHY and UNHEALTHY are currently supported // here. // TODO(mrice32): pipe through remaining EDS health status possibilities. diff --git a/api/src/main/proto/envoy/admin/v2alpha/config_dump.proto b/api/src/main/proto/envoy/admin/v2alpha/config_dump.proto index 8f78148ff..f02acaffe 100644 --- a/api/src/main/proto/envoy/admin/v2alpha/config_dump.proto +++ b/api/src/main/proto/envoy/admin/v2alpha/config_dump.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.admin.v2alpha; +option java_package = "io.envoyproxy.envoy.admin.v2alpha"; +option java_multiple_files = true; import "envoy/api/v2/cds.proto"; import "envoy/api/v2/lds.proto"; diff --git a/api/src/main/proto/envoy/admin/v2alpha/memory.proto b/api/src/main/proto/envoy/admin/v2alpha/memory.proto index 927663753..556af7348 100644 --- a/api/src/main/proto/envoy/admin/v2alpha/memory.proto +++ b/api/src/main/proto/envoy/admin/v2alpha/memory.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.admin.v2alpha; +option java_package = "io.envoyproxy.envoy.admin.v2alpha"; +option java_multiple_files = true; // [#protodoc-title: Memory] @@ -16,4 +18,18 @@ message Memory { // The number of bytes reserved by the heap but not necessarily allocated. This is an alias for // `generic.heap_size`. uint64 heap_size = 2; + + // The number of bytes in free, unmapped pages in the page heap. These bytes always count towards + // virtual memory usage, and depending on the OS, typically do not count towards physical memory + // usage. This is an alias for `tcmalloc.pageheap_unmapped_bytes`. + uint64 pageheap_unmapped = 3; + + // The number of bytes in free, mapped pages in the page heap. These bytes always count towards + // virtual memory usage, and unless the underlying memory is swapped out by the OS, they also + // count towards physical memory usage. This is an alias for `tcmalloc.pageheap_free_bytes`. + uint64 pageheap_free = 4; + + // The amount of memory used by the TCMalloc thread caches (for small objects). This is an alias + // for `tcmalloc.current_total_thread_cache_bytes`. + uint64 total_thread_cache = 5; } diff --git a/api/src/main/proto/envoy/admin/v2alpha/metrics.proto b/api/src/main/proto/envoy/admin/v2alpha/metrics.proto index a22f3eed0..936ef2181 100644 --- a/api/src/main/proto/envoy/admin/v2alpha/metrics.proto +++ b/api/src/main/proto/envoy/admin/v2alpha/metrics.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.admin.v2alpha; +option java_package = "io.envoyproxy.envoy.admin.v2alpha"; +option java_multiple_files = true; // [#protodoc-title: Metrics] diff --git a/api/src/main/proto/envoy/admin/v2alpha/mutex_stats.proto b/api/src/main/proto/envoy/admin/v2alpha/mutex_stats.proto new file mode 100644 index 000000000..6b6b58451 --- /dev/null +++ b/api/src/main/proto/envoy/admin/v2alpha/mutex_stats.proto @@ -0,0 +1,26 @@ +syntax = "proto3"; + +package envoy.admin.v2alpha; +option java_package = "io.envoyproxy.envoy.admin.v2alpha"; +option java_multiple_files = true; + +// [#protodoc-title: MutexStats] + +// Proto representation of the statistics collected upon absl::Mutex contention, if Envoy is run +// under :option:`--enable-mutex-tracing`. For more information, see the `absl::Mutex` +// [docs](https://abseil.io/about/design/mutex#extra-features). +// +// *NB*: The wait cycles below are measured by `absl::base_internal::CycleClock`, and may not +// correspond to core clock frequency. For more information, see the `CycleClock` +// [docs](https://github.com/abseil/abseil-cpp/blob/master/absl/base/internal/cycleclock.h). +message MutexStats { + + // The number of individual mutex contentions which have occurred since startup. + uint64 num_contentions = 1; + + // The length of the current contention wait cycle. + uint64 current_wait_cycles = 2; + + // The lifetime total of all contention wait cycles. + uint64 lifetime_wait_cycles = 3; +} diff --git a/api/src/main/proto/envoy/admin/v2alpha/server_info.proto b/api/src/main/proto/envoy/admin/v2alpha/server_info.proto new file mode 100644 index 000000000..51595efef --- /dev/null +++ b/api/src/main/proto/envoy/admin/v2alpha/server_info.proto @@ -0,0 +1,129 @@ +syntax = "proto3"; + +package envoy.admin.v2alpha; +option java_package = "io.envoyproxy.envoy.admin.v2alpha"; +option java_multiple_files = true; + +import "google/protobuf/duration.proto"; + +// [#protodoc-title: Server State] + +// Proto representation of the value returned by /server_info, containing +// server version/server status information. +message ServerInfo { + // Server version. + string version = 1; + + enum State { + // Server is live and serving traffic. + LIVE = 0; + // Server is draining listeners in response to external health checks failing. + DRAINING = 1; + // Server has not yet completed cluster manager initialization. + PRE_INITIALIZING = 2; + // Server is running the cluster manager initialization callbacks (e.g., RDS). + INITIALIZING = 3; + } + + // State of the server. + State state = 2; + + // Uptime since current epoch was started. + google.protobuf.Duration uptime_current_epoch = 3; + + // Uptime since the start of the first epoch. + google.protobuf.Duration uptime_all_epochs = 4; + + // Command line options the server is currently running with. + CommandLineOptions command_line_options = 6; +} + +message CommandLineOptions { + // See :option:`--base-id` for details. + uint64 base_id = 1; + + // See :option:`--concurrency` for details. + uint32 concurrency = 2; + + // See :option:`--config-path` for details. + string config_path = 3; + + // See :option:`--config-yaml` for details. + string config_yaml = 4; + + // See :option:`--allow-unknown-fields` for details. + bool allow_unknown_fields = 5; + + // See :option:`--admin-address-path` for details. + string admin_address_path = 6; + + enum IpVersion { + v4 = 0; + v6 = 1; + } + + // See :option:`--local-address-ip-version` for details. + IpVersion local_address_ip_version = 7; + + // See :option:`--log-level` for details. + string log_level = 8; + + // See :option:`--component-log-level` for details. + string component_log_level = 9; + + // See :option:`--log-format` for details. + string log_format = 10; + + // See :option:`--log-path` for details. + string log_path = 11; + + // See :option:`--hot-restart-version` for details. + bool hot_restart_version = 12; + + // See :option:`--service-cluster` for details. + string service_cluster = 13; + + // See :option:`--service-node` for details. + string service_node = 14; + + // See :option:`--service-zone` for details. + string service_zone = 15; + + // See :option:`--file-flush-interval-msec` for details. + google.protobuf.Duration file_flush_interval = 16; + + // See :option:`--drain-time-s` for details. + google.protobuf.Duration drain_time = 17; + + // See :option:`--parent-shutdown-time-s` for details. + google.protobuf.Duration parent_shutdown_time = 18; + + enum Mode { + // Validate configs and then serve traffic normally. + Serve = 0; + + // Validate configs and exit. + Validate = 1; + + // Completely load and initialize the config, and then exit without running the listener loop. + InitOnly = 2; + } + + // See :option:`--mode` for details. + Mode mode = 19; + + // See :option:`--max-stats` for details. + uint64 max_stats = 20; + + // See :option:`--max-obj-name-len` for details. + uint64 max_obj_name_len = 21; + + // See :option:`--disable-hot-restart` for details. + bool disable_hot_restart = 22; + + // See :option:`--enable-mutex-tracing` for details. + bool enable_mutex_tracing = 23; + + // See :option:`--restart-epoch` for details. + uint32 restart_epoch = 24; +} diff --git a/api/src/main/proto/envoy/api/v2/auth/cert.proto b/api/src/main/proto/envoy/api/v2/auth/cert.proto index 297d3bbe7..1393924e2 100644 --- a/api/src/main/proto/envoy/api/v2/auth/cert.proto +++ b/api/src/main/proto/envoy/api/v2/auth/cert.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.auth; +option java_package = "io.envoyproxy.envoy.api.v2.auth"; +option java_multiple_files = true; option go_package = "auth"; import "envoy/api/v2/core/base.proto"; @@ -33,15 +35,17 @@ message TlsParameters { TLSv1_3 = 4; } - // Minimum TLS protocol version. + // Minimum TLS protocol version. By default, it's ``TLSv1_0``. TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum.defined_only = true]; - // Maximum TLS protocol version. + // Maximum TLS protocol version. By default, it's ``TLSv1_2``. TlsProtocol tls_maximum_protocol_version = 2 [(validate.rules).enum.defined_only = true]; // If specified, the TLS listener will only support the specified `cipher list // `_. - // If not specified, the default list: + // If not specified, the default list will be used. + // + // In non-FIPS builds, the default cipher list is: // // .. code-block:: none // @@ -58,11 +62,39 @@ message TlsParameters { // AES256-GCM-SHA384 // AES256-SHA // - // will be used. + // In builds using :ref:`BoringSSL FIPS `, the default cipher list is: + // + // .. code-block:: none + // + // ECDHE-ECDSA-AES128-GCM-SHA256 + // ECDHE-RSA-AES128-GCM-SHA256 + // ECDHE-ECDSA-AES128-SHA + // ECDHE-RSA-AES128-SHA + // AES128-GCM-SHA256 + // AES128-SHA + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // ECDHE-ECDSA-AES256-SHA + // ECDHE-RSA-AES256-SHA + // AES256-GCM-SHA384 + // AES256-SHA repeated string cipher_suites = 3; // If specified, the TLS connection will only support the specified ECDH - // curves. If not specified, the default curves (X25519, P-256) will be used. + // curves. If not specified, the default curves will be used. + // + // In non-FIPS builds, the default curves are: + // + // .. code-block:: none + // + // X25519 + // P-256 + // + // In builds using :ref:`BoringSSL FIPS `, the default curve is: + // + // .. code-block:: none + // + // P-256 repeated string ecdh_curves = 4; } @@ -73,7 +105,8 @@ message TlsCertificate { // The TLS private key. core.DataSource private_key = 2; - // [#not-implemented-hide:] + // The password to decrypt the TLS private key. If this field is not set, it is assumed that the + // TLS private key is not password encrypted. core.DataSource password = 3; // [#not-implemented-hide:] @@ -125,6 +158,9 @@ message CertificateValidationContext { // `) is also // specified. // + // It can optionally contain certificate revocation lists, in which case Envoy will verify + // that the presented peer certificate has not been revoked by one of the included CRLs. + // // See :ref:`the TLS overview ` for a list of common // system CA locations. core.DataSource trusted_ca = 1; @@ -223,17 +259,27 @@ message CommonTlsContext { // TLS protocol versions, cipher suites etc. TlsParameters tls_params = 1; - // Multiple TLS certificates can be associated with the same context. - // E.g. to allow both RSA and ECDSA certificates, two TLS certificates can be configured. - // - // .. attention:: + // :ref:`Multiple TLS certificates ` can be associated with the + // same context to allow both RSA and ECDSA certificates. // - // Although this is a list, currently only a single certificate is supported. This will be - // relaxed in the future. - repeated TlsCertificate tls_certificates = 2 [(validate.rules).repeated .max_items = 1]; + // Only a single TLS certificate is supported in client contexts. In server contexts, the first + // RSA certificate is used for clients that only support RSA and the first ECDSA certificate is + // used for clients that support ECDSA. + repeated TlsCertificate tls_certificates = 2; // Configs for fetching TLS certificates via SDS API. - repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6; + repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6 + [(validate.rules).repeated .max_items = 1]; + + message CombinedCertificateValidationContext { + // How to validate peer certificates. + CertificateValidationContext default_validation_context = 1 + [(validate.rules).message.required = true]; + + // Config for fetching validation context via SDS API. + SdsSecretConfig validation_context_sds_secret_config = 2 + [(validate.rules).message.required = true]; + }; oneof validation_context_type { // How to validate peer certificates. @@ -241,6 +287,15 @@ message CommonTlsContext { // Config for fetching validation context via SDS API. SdsSecretConfig validation_context_sds_secret_config = 7; + + // Combined certificate validation context holds a default CertificateValidationContext + // and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic + // and default CertificateValidationContext are merged into a new CertificateValidationContext + // for validation. This merge is done by Message::MergeFrom(), so dynamic + // CertificateValidationContext overwrites singular fields in default + // CertificateValidationContext, and concatenates repeated fields to default + // CertificateValidationContext, and logical OR is applied to boolean fields. + CombinedCertificateValidationContext combined_validation_context = 8; } // Supplies the list of ALPN protocols that the listener should expose. In @@ -255,15 +310,7 @@ message CommonTlsContext { // There is no default for this parameter. If empty, Envoy will not expose ALPN. repeated string alpn_protocols = 4; - // These fields are deprecated and only are used during the interim v1 -> v2 - // transition period for internal purposes. They should not be used outside of - // the Envoy binary. [#not-implemented-hide:] - message DeprecatedV1 { - string alt_alpn_protocols = 1; - } - - // [#not-implemented-hide:] - DeprecatedV1 deprecated_v1 = 5 [deprecated = true]; + reserved 5; } message UpstreamTlsContext { @@ -279,6 +326,12 @@ message UpstreamTlsContext { // // TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary. bool allow_renegotiation = 3; + + // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets + // for TLSv1.2 and older) to store for the purpose of session resumption. + // + // Defaults to 1, setting this to 0 disables session resumption. + google.protobuf.UInt32Value max_session_keys = 4; } message DownstreamTlsContext { diff --git a/api/src/main/proto/envoy/api/v2/cds.proto b/api/src/main/proto/envoy/api/v2/cds.proto index 74ae3d0ae..e8f86e9bf 100644 --- a/api/src/main/proto/envoy/api/v2/cds.proto +++ b/api/src/main/proto/envoy/api/v2/cds.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2; +option java_package = "io.envoyproxy.envoy.api.v2"; +option java_multiple_files = true; option java_generic_services = true; @@ -17,6 +19,7 @@ import "envoy/api/v2/eds.proto"; import "envoy/type/percent.proto"; import "google/api/annotations.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -46,7 +49,7 @@ service ClusterDiscoveryService { // [#protodoc-title: Clusters] // Configuration for a single upstream cluster. -// [#comment:next free field: 36] +// [#comment:next free field: 38] message Cluster { // Supplies the name of the cluster which must be unique across all clusters. // The cluster name is used when emitting @@ -81,7 +84,7 @@ message Cluster { // for an explanation. LOGICAL_DNS = 2; - // Refer to the :ref:`service discovery type` + // Refer to the :ref:`service discovery type` // for an explanation. EDS = 3; @@ -232,13 +235,20 @@ message Cluster { // specific options. map extension_protocol_options = 35; + // [#not-implemented-hide:] + // The extension_protocol_options field is used to provide extension-specific protocol options + // for upstream connections. The key should match the extension filter name, such as + // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on + // specific options. + map typed_extension_protocol_options = 36; + reserved 15; // If the DNS refresh rate is specified and the cluster type is either // :ref:`STRICT_DNS`, // or :ref:`LOGICAL_DNS`, // this value is used as the cluster’s DNS refresh - // rate. If this setting is not specified, the value defaults to 5000. For + // rate. If this setting is not specified, the value defaults to 5000ms. For // cluster types other than // :ref:`STRICT_DNS` // and :ref:`LOGICAL_DNS` @@ -368,11 +378,24 @@ message Cluster { // host selected but Y having 100, then a lot more load is being dumped on the single host in X // than originally anticipated in the load balancing assignment delivered via EDS. bool locality_weight_aware = 4; + + // When used with locality_weight_aware, scales the weight of each locality by the ratio + // of hosts in the subset vs hosts in the original subset. This aims to even out the load + // going to an individual locality if said locality is disproportionally affected by the + // subset predicate. + bool scale_locality_weight = 5; } // Configuration for load balancing subsetting. LbSubsetConfig lb_subset_config = 22; + // Specific configuration for the LeastRequest load balancing policy. + message LeastRequestLbConfig { + // The number of random healthy hosts from which the host with the fewest active requests will + // be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set. + google.protobuf.UInt32Value choice_count = 1 [(validate.rules).uint32.gte = 2]; + } + // Specific configuration for the :ref:`RingHash` // load balancing policy. message RingHashLbConfig { @@ -386,12 +409,8 @@ message Cluster { // [#not-implemented-hide:] Hide from docs. message DeprecatedV1 { - // Defaults to true, meaning that std::hash is used to hash hosts onto - // the ketama ring. std::hash can vary by platform. For this reason, - // Envoy will eventually use `xxHash `_ - // by default. This field exists for - // migration purposes and will eventually be deprecated. Set it to false - // to use `xxHash `_ now. + // Defaults to false, meaning that `xxHash `_ + // is to hash hosts onto the ketama ring. google.protobuf.BoolValue use_std_hash = 1; } @@ -418,16 +437,18 @@ message Cluster { // Optional configuration for the load balancing algorithm selected by // LbPolicy. Currently only - // :ref:`RING_HASH` + // :ref:`RING_HASH` and + // :ref:`LEAST_REQUEST` // has additional configuration options. - // Specifying ring_hash_lb_config without setting the LbPolicy to - // :ref:`RING_HASH` - // will generate an error at runtime. + // Specifying ring_hash_lb_config or least_request_lb_config without setting the corresponding + // LbPolicy will generate an error at runtime. oneof lb_config { // Optional configuration for the Ring Hash load balancing policy. RingHashLbConfig ring_hash_lb_config = 23; // Optional configuration for the Original Destination load balancing policy. OriginalDstLbConfig original_dst_lb_config = 34; + // Optional configuration for the LeastRequest load balancing policy. + LeastRequestLbConfig least_request_lb_config = 37; } // Common configuration for all load balancer implementations. @@ -465,8 +486,11 @@ message Cluster { // merged and delivered in one shot when the duration expires. The start of the duration is when // the first update happens. This is useful for big clusters, with potentially noisy deploys // that might trigger excessive CPU usage due to a constant stream of healthcheck state changes - // or metadata updates. By default, this is not configured and updates apply immediately. Also, - // the first set of updates to be seen apply immediately as well (e.g.: a new cluster). + // or metadata updates. The first set of updates to be seen apply immediately (e.g.: a new + // cluster). + // + // If this is not set, we default to a merge window of 1000ms. To disable it, set the merge + // window to 0. // // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is // because merging those updates isn't currently safe. See diff --git a/api/src/main/proto/envoy/api/v2/cluster/circuit_breaker.proto b/api/src/main/proto/envoy/api/v2/cluster/circuit_breaker.proto index 1d574311d..0571f90ee 100644 --- a/api/src/main/proto/envoy/api/v2/cluster/circuit_breaker.proto +++ b/api/src/main/proto/envoy/api/v2/cluster/circuit_breaker.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.cluster; +option java_package = "io.envoyproxy.envoy.api.v2.cluster"; +option java_multiple_files = true; option go_package = "cluster"; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; diff --git a/api/src/main/proto/envoy/api/v2/cluster/outlier_detection.proto b/api/src/main/proto/envoy/api/v2/cluster/outlier_detection.proto index 3ef961928..c4fb9e815 100644 --- a/api/src/main/proto/envoy/api/v2/cluster/outlier_detection.proto +++ b/api/src/main/proto/envoy/api/v2/cluster/outlier_detection.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.cluster; +option java_package = "io.envoyproxy.envoy.api.v2.cluster"; +option java_multiple_files = true; option csharp_namespace = "Envoy.Api.V2.ClusterNS"; import "google/protobuf/duration.proto"; diff --git a/api/src/main/proto/envoy/api/v2/core/address.proto b/api/src/main/proto/envoy/api/v2/core/address.proto index 081e313cd..009def943 100644 --- a/api/src/main/proto/envoy/api/v2/core/address.proto +++ b/api/src/main/proto/envoy/api/v2/core/address.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.core; +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_multiple_files = true; import "envoy/api/v2/core/base.proto"; diff --git a/api/src/main/proto/envoy/api/v2/core/base.proto b/api/src/main/proto/envoy/api/v2/core/base.proto index 40204e38d..824820995 100644 --- a/api/src/main/proto/envoy/api/v2/core/base.proto +++ b/api/src/main/proto/envoy/api/v2/core/base.proto @@ -1,14 +1,19 @@ syntax = "proto3"; package envoy.api.v2.core; +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_multiple_files = true; option go_package = "core"; +import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; import "gogoproto/gogo.proto"; +import "envoy/type/percent.proto"; + option (gogoproto.equal_all) = true; // [#protodoc-title: Common types] @@ -73,8 +78,8 @@ message Node { } // Metadata provides additional inputs to filters based on matched listeners, -// filter chains, routes and endpoints. It is structured as a map from filter -// name (in reverse DNS format) to metadata specific to the filter. Metadata +// filter chains, routes and endpoints. It is structured as a map, usually from +// filter name (in reverse DNS format) to metadata specific to the filter. Metadata // key-values for a filter are merged as connection and request handling occurs, // with later values for the same key overriding earlier values. // @@ -82,6 +87,9 @@ message Node { // http_connection_manager in the envoy.http_connection_manager.access_log // namespace. // +// Another example use of metadata is to per service config info in cluster metadata, which may get +// consumed by multiple filters. +// // For load balancing, Metadata provides a means to subset cluster endpoints. // Endpoints have a Metadata object associated and routes contain a Metadata // object to match against. There are some well defined metadata used today for @@ -134,14 +142,14 @@ enum RequestMethod { // Header name/value pair. message HeaderValue { // Header name. - string key = 1 [(validate.rules).string.min_bytes = 1]; + string key = 1 [(validate.rules).string = {min_bytes: 1, max_bytes: 16384}]; // Header value. // // The same :ref:`format specifier ` as used for // :ref:`HTTP access logging ` applies here, however // unknown header values are replaced with the empty string instead of `-`. - string value = 2; + string value = 2 [(validate.rules).string.max_bytes = 16384]; } // Header name/value pair plus option to control append behavior. @@ -181,7 +189,12 @@ message TransportSocket { // Implementation specific configuration which depends on the implementation being instantiated. // See the supported transport socket implementations for further documentation. - google.protobuf.Struct config = 2; + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } // Generic socket option message. This would be used to set socket options that @@ -216,3 +229,13 @@ message SocketOption { SocketState state = 6 [(validate.rules).message.required = true, (validate.rules).enum.defined_only = true]; } + +// Runtime derived FractionalPercent with defaults for when the numerator or denominator is not +// specified via a runtime key. +message RuntimeFractionalPercent { + // Default value if the runtime value's for the numerator/denominator keys are not available. + envoy.type.FractionalPercent default_value = 1 [(validate.rules).message.required = true]; + + // Runtime key for a YAML representation of a FractionalPercent. + string runtime_key = 2; +} diff --git a/api/src/main/proto/envoy/api/v2/core/config_source.proto b/api/src/main/proto/envoy/api/v2/core/config_source.proto index ab267ed26..56eb23796 100644 --- a/api/src/main/proto/envoy/api/v2/core/config_source.proto +++ b/api/src/main/proto/envoy/api/v2/core/config_source.proto @@ -1,10 +1,13 @@ syntax = "proto3"; package envoy.api.v2.core; +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_multiple_files = true; import "envoy/api/v2/core/grpc_service.proto"; import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; import "gogoproto/gogo.proto"; @@ -19,7 +22,7 @@ message ApiConfigSource { // APIs may be fetched via either REST or gRPC. enum ApiType { // REST-JSON legacy corresponds to the v1 API. - REST_LEGACY = 0; + REST_LEGACY = 0 [deprecated = true]; // REST-JSON v2 API. The `canonical JSON encoding // `_ for // the v2 protos is used. @@ -48,6 +51,10 @@ message ApiConfigSource { // For REST APIs, the request timeout. If not set, a default value of 1s will be used. google.protobuf.Duration request_timeout = 5 [(validate.rules).duration.gt.seconds = 0, (gogoproto.stdduration) = true]; + + // For GRPC APIs, the rate limit settings. If present, discovery requests made by Envoy will be + // rate limited. + RateLimitSettings rate_limit_settings = 6; } // Aggregated Discovery Service (ADS) options. This is currently empty, but when @@ -56,6 +63,17 @@ message ApiConfigSource { message AggregatedConfigSource { } +// Rate Limit settings to be applied for discovery requests made by Envoy. +message RateLimitSettings { + // Maximum number of tokens to be used for rate limting discovery request calls. If not set, a + // default value of 100 will be used. + google.protobuf.UInt32Value max_tokens = 1; + + // Rate at which tokens will be filled per second. If not set, a default fill rate of 10 tokens + // per second will be used. + google.protobuf.DoubleValue fill_rate = 2 [(validate.rules).double.gt = 0.0]; +} + // Configuration for :ref:`listeners `, :ref:`clusters // `, :ref:`routes // `, :ref:`endpoints diff --git a/api/src/main/proto/envoy/api/v2/core/grpc_service.proto b/api/src/main/proto/envoy/api/v2/core/grpc_service.proto index 6497543b6..7a009d813 100644 --- a/api/src/main/proto/envoy/api/v2/core/grpc_service.proto +++ b/api/src/main/proto/envoy/api/v2/core/grpc_service.proto @@ -1,9 +1,12 @@ syntax = "proto3"; package envoy.api.v2.core; +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_multiple_files = true; import "envoy/api/v2/core/base.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/empty.proto"; @@ -78,7 +81,12 @@ message GrpcService { message MetadataCredentialsFromPlugin { string name = 1; - google.protobuf.Struct config = 2; + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } oneof credential_specifier { diff --git a/api/src/main/proto/envoy/api/v2/core/health_check.proto b/api/src/main/proto/envoy/api/v2/core/health_check.proto index 6eddc9396..ea2e245a7 100644 --- a/api/src/main/proto/envoy/api/v2/core/health_check.proto +++ b/api/src/main/proto/envoy/api/v2/core/health_check.proto @@ -1,9 +1,12 @@ syntax = "proto3"; package envoy.api.v2.core; +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_multiple_files = true; import "envoy/api/v2/core/base.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -39,11 +42,11 @@ message HealthCheck { ]; // An optional jitter amount in millseconds. If specified, during every - // interval Envoy will add 0 to interval_jitter to the wait time. + // interval Envoy will add interval_jitter to the wait time. google.protobuf.Duration interval_jitter = 3; // An optional jitter amount as a percentage of interval_ms. If specified, - // during every interval Envoy will add 0 to interval_ms * + // during every interval Envoy will add interval_ms * // interval_jitter_percent / 100 to the wait time. // // If interval_jitter_ms and interval_jitter_percent are both set, both of @@ -105,7 +108,8 @@ message HealthCheck { // health checked cluster. For more information, including details on header value syntax, see // the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption request_headers_to_add = 6; + repeated core.HeaderValueOption request_headers_to_add = 6 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each request that is sent to the // health checked cluster. @@ -144,6 +148,11 @@ message HealthCheck { // message. See `gRPC health-checking overview // `_ for more information. string service_name = 1; + + // The value of the :authority header in the gRPC health check request. If + // left empty (default value), the name of the cluster this health check is associated + // with will be used. + string authority = 2; } // Custom health check. @@ -153,7 +162,12 @@ message HealthCheck { // A custom health checker specific configuration which depends on the custom health checker // being instantiated. See :api:`envoy/config/health_checker` for reference. - google.protobuf.Struct config = 2; + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } oneof health_checker { @@ -184,14 +198,14 @@ message HealthCheck { // any other. // // The default value for "no traffic interval" is 60 seconds. - google.protobuf.Duration no_traffic_interval = 12; + google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration.gt = {}]; // The "unhealthy interval" is a health check interval that is used for hosts that are marked as // unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the // standard health check interval that is defined. // // The default value for "unhealthy interval" is the same as "interval". - google.protobuf.Duration unhealthy_interval = 14; + google.protobuf.Duration unhealthy_interval = 14 [(validate.rules).duration.gt = {}]; // The "unhealthy edge interval" is a special health check interval that is used for the first // health check right after a host is marked as unhealthy. For subsequent health checks @@ -199,18 +213,23 @@ message HealthCheck { // check interval that is defined. // // The default value for "unhealthy edge interval" is the same as "unhealthy interval". - google.protobuf.Duration unhealthy_edge_interval = 15; + google.protobuf.Duration unhealthy_edge_interval = 15 [(validate.rules).duration.gt = {}]; // The "healthy edge interval" is a special health check interval that is used for the first // health check right after a host is marked as healthy. For subsequent health checks // Envoy will shift back to using the standard health check interval that is defined. // // The default value for "healthy edge interval" is the same as the default interval. - google.protobuf.Duration healthy_edge_interval = 16; + google.protobuf.Duration healthy_edge_interval = 16 [(validate.rules).duration.gt = {}]; // Specifies the path to the :ref:`health check event log `. // If empty, no event log will be written. string event_log_path = 17; + + // If set to true, health check failure events will always be logged. If set to false, only the + // initial health check failure event will be logged. + // The default value is false. + bool always_log_health_check_failures = 19; } // Endpoint health status. diff --git a/api/src/main/proto/envoy/api/v2/core/http_uri.proto b/api/src/main/proto/envoy/api/v2/core/http_uri.proto index 0c0ab766a..5b48bdd5e 100644 --- a/api/src/main/proto/envoy/api/v2/core/http_uri.proto +++ b/api/src/main/proto/envoy/api/v2/core/http_uri.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.core; +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_multiple_files = true; import "google/protobuf/duration.proto"; import "gogoproto/gogo.proto"; diff --git a/api/src/main/proto/envoy/api/v2/core/protocol.proto b/api/src/main/proto/envoy/api/v2/core/protocol.proto index 44d684841..e8ddf0e7f 100644 --- a/api/src/main/proto/envoy/api/v2/core/protocol.proto +++ b/api/src/main/proto/envoy/api/v2/core/protocol.proto @@ -3,6 +3,8 @@ syntax = "proto3"; package envoy.api.v2.core; +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_multiple_files = true; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; @@ -77,19 +79,16 @@ message Http2ProtocolOptions { google.protobuf.UInt32Value initial_connection_window_size = 4 [(validate.rules).uint32 = {gte: 65535, lte: 2147483647}]; - // [#not-implemented-hide:] Hiding until nghttp2 has native support. - // // Allows proxying Websocket and other upgrades over H2 connect. - // - // THIS IS NOT SAFE TO USE IN PRODUCTION - // - // This currently works via disabling all HTTP sanity checks for H2 traffic - // which is a much larger hammer than we'd like to use. Eventually when - // https://github.com/nghttp2/nghttp2/issues/1181 is resolved, this will work - // with simply enabling CONNECT for H2. This may require some tweaks to the - // headers making pre-CONNECT-support proxying not backwards compatible with - // post-CONNECT-support proxying. bool allow_connect = 5; + + // [#not-implemented-hide:] Hiding until envoy has full metadata support. + // Still under implementation. DO NOT USE. + // + // Allows metadata. See [metadata + // docs](https://github.com/envoyproxy/envoy/blob/master/source/docs/h2_metadata.md) for more + // information. + bool allow_metadata = 6; } // [#not-implemented-hide:] diff --git a/api/src/main/proto/envoy/api/v2/discovery.proto b/api/src/main/proto/envoy/api/v2/discovery.proto index f3ab1913d..85fa34b90 100644 --- a/api/src/main/proto/envoy/api/v2/discovery.proto +++ b/api/src/main/proto/envoy/api/v2/discovery.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2; +option java_package = "io.envoyproxy.envoy.api.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/base.proto"; diff --git a/api/src/main/proto/envoy/api/v2/eds.proto b/api/src/main/proto/envoy/api/v2/eds.proto index 505199958..d4cdd6722 100644 --- a/api/src/main/proto/envoy/api/v2/eds.proto +++ b/api/src/main/proto/envoy/api/v2/eds.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2; +option java_package = "io.envoyproxy.envoy.api.v2"; +option java_multiple_files = true; option java_generic_services = true; @@ -89,7 +91,12 @@ message ClusterLoadAssignment { // multiplied by the overprovisioning factor drops below 100. // With the default value 140(1.4), Envoy doesn't consider a priority level // or a locality unhealthy until their percentage of healthy hosts drops - // below 72%. + // below 72%. For example: + // + // .. code-block:: json + // + // { "overprovisioning_factor": 100 } + // // Read more at :ref:`priority levels ` and // :ref:`localities `. google.protobuf.UInt32Value overprovisioning_factor = 3 [(validate.rules).uint32.gt = 0]; diff --git a/api/src/main/proto/envoy/api/v2/endpoint/endpoint.proto b/api/src/main/proto/envoy/api/v2/endpoint/endpoint.proto index cba452ab3..bdb677b80 100644 --- a/api/src/main/proto/envoy/api/v2/endpoint/endpoint.proto +++ b/api/src/main/proto/envoy/api/v2/endpoint/endpoint.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.endpoint; +option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; +option java_multiple_files = true; option go_package = "endpoint"; import "envoy/api/v2/core/address.proto"; diff --git a/api/src/main/proto/envoy/api/v2/endpoint/load_report.proto b/api/src/main/proto/envoy/api/v2/endpoint/load_report.proto index 3a78bc05d..832e8504d 100644 --- a/api/src/main/proto/envoy/api/v2/endpoint/load_report.proto +++ b/api/src/main/proto/envoy/api/v2/endpoint/load_report.proto @@ -1,11 +1,14 @@ syntax = "proto3"; package envoy.api.v2.endpoint; +option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; +option java_multiple_files = true; import "envoy/api/v2/core/address.proto"; import "envoy/api/v2/core/base.proto"; import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; import "validate/validate.proto"; import "gogoproto/gogo.proto"; @@ -57,6 +60,10 @@ message UpstreamEndpointStats { // Upstream host address. core.Address address = 1; + // Opaque and implementation dependent metadata of the + // endpoint. Envoy will pass this directly to the management server. + google.protobuf.Struct metadata = 6; + // The total number of requests successfully completed by the endpoint. A // single HTTP or gRPC request or stream is counted as one request. A TCP // connection is also treated as one request. There is no explicit diff --git a/api/src/main/proto/envoy/api/v2/lds.proto b/api/src/main/proto/envoy/api/v2/lds.proto index 0099eeaba..d05e37e5b 100644 --- a/api/src/main/proto/envoy/api/v2/lds.proto +++ b/api/src/main/proto/envoy/api/v2/lds.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2; +option java_package = "io.envoyproxy.envoy.api.v2"; +option java_multiple_files = true; option java_generic_services = true; @@ -10,6 +12,7 @@ import "envoy/api/v2/discovery.proto"; import "envoy/api/v2/listener/listener.proto"; import "google/api/annotations.proto"; +import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; @@ -36,6 +39,7 @@ service ListenerDiscoveryService { } } +// [#comment:next free field: 16] message Listener { // The unique name by which this listener is known. If no name is provided, // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically @@ -94,6 +98,8 @@ message Listener { // port. An additional filter chain must be created for every original // destination port this listener may redirect to in v2, with the original // port specified in the FilterChainMatch destination_port field. + // + // [#comment:TODO(PiotrSikora): Remove this once verified that we no longer need it.] google.protobuf.BoolValue bind_to_port = 1; } @@ -120,6 +126,11 @@ message Listener { // before a connection is created. repeated listener.ListenerFilter listener_filters = 9 [(gogoproto.nullable) = false]; + // The timeout to wait for all listener filters to complete operation. If the timeout is reached, + // the accepted socket is closed without a connection being created. Specify 0 to disable the + // timeout. If not specified, a default timeout of 15s is used. + google.protobuf.Duration listener_filters_timeout = 15 [(gogoproto.stdduration) = true]; + // Whether the listener should be set as a transparent socket. // When this flag is set to true, connections can be redirected to the listener using an // *iptables* *TPROXY* target, in which case the original source and destination addresses and @@ -163,4 +174,12 @@ message Listener { // On macOS, only values of 0, 1, and unset are valid; other values may result in an error. // To set the queue length on macOS, set the net.inet.tcp.fastopen_backlog kernel parameter. google.protobuf.UInt32Value tcp_fast_open_queue_length = 12; + + // If true, the order of write filters will be reversed to that of filters + // configured in the filter chain. Otherwise, it will keep the existing + // order. Note: this is a bug fix for Envoy, which is designed to have the + // reversed order of write filters to that of read ones, (see + // https://github.com/envoyproxy/envoy/issues/4599 for details). When we + // remove this field, Envoy will have the same behavior when it sets true. + google.protobuf.BoolValue bugfix_reverse_write_filter_order = 14 [deprecated = true]; } diff --git a/api/src/main/proto/envoy/api/v2/listener/listener.proto b/api/src/main/proto/envoy/api/v2/listener/listener.proto index d72de02c4..0d617ceac 100644 --- a/api/src/main/proto/envoy/api/v2/listener/listener.proto +++ b/api/src/main/proto/envoy/api/v2/listener/listener.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.listener; +option java_package = "io.envoyproxy.envoy.api.v2.listener"; +option java_multiple_files = true; option go_package = "listener"; option csharp_namespace = "Envoy.Api.V2.ListenerNS"; @@ -8,6 +10,7 @@ import "envoy/api/v2/core/address.proto"; import "envoy/api/v2/auth/cert.proto"; import "envoy/api/v2/core/base.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -35,15 +38,14 @@ message Filter { // Filter specific configuration which depends on the filter being // instantiated. See the supported filters for further documentation. - google.protobuf.Struct config = 2; + oneof config_type { + google.protobuf.Struct config = 2; - // [#not-implemented-hide:] - message DeprecatedV1 { - string type = 1; + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 4; } - // [#not-implemented-hide:] - DeprecatedV1 deprecated_v1 = 3 [deprecated = true]; + reserved 3; } // Specifies the match criteria for selecting a specific filter chain for a @@ -60,6 +62,7 @@ message Filter { // 3. Server name (e.g. SNI for TLS protocol), // 4. Transport protocol. // 5. Application protocols (e.g. ALPN for TLS protocol). +// 6. Source type (e.g. any, local or external network). // // For criteria that allow ranges or wildcards, the most specific value in any // of the configured filter chains that matches the incoming connection is going @@ -88,6 +91,18 @@ message FilterChainMatch { // [#not-implemented-hide:] google.protobuf.UInt32Value suffix_len = 5; + enum ConnectionSourceType { + // Any connection source matches. + ANY = 0; + // Match a connection originating from the same host. + LOCAL = 1; + // Match a connection originating from a different host. + EXTERNAL = 2; + } + + // Specifies the connection source IP match type. Can be any, local or external network. + ConnectionSourceType source_type = 12 [(validate.rules).enum.defined_only = true]; + // The criteria is satisfied if the source IP address of the downstream // connection is contained in at least one of the specified subnets. If the // parameter is not specified or the list is empty, the source IP address is @@ -191,7 +206,12 @@ message ListenerFilter { // * :ref:`envoy.listener.tls_inspector ` string name = 1 [(validate.rules).string.min_bytes = 1]; - // Filter specific configuration which depends on the filter being - // instantiated. See the supported filters for further documentation. - google.protobuf.Struct config = 2; + // Filter specific configuration which depends on the filter being instantiated. + // See the supported filters for further documentation. + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } diff --git a/api/src/main/proto/envoy/api/v2/ratelimit/ratelimit.proto b/api/src/main/proto/envoy/api/v2/ratelimit/ratelimit.proto index 47818cdc3..e60172d23 100644 --- a/api/src/main/proto/envoy/api/v2/ratelimit/ratelimit.proto +++ b/api/src/main/proto/envoy/api/v2/ratelimit/ratelimit.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2.ratelimit; +option java_package = "io.envoyproxy.envoy.api.v2.ratelimit"; +option java_multiple_files = true; option go_package = "ratelimit"; import "validate/validate.proto"; diff --git a/api/src/main/proto/envoy/api/v2/rds.proto b/api/src/main/proto/envoy/api/v2/rds.proto index f02735e22..3671f359b 100644 --- a/api/src/main/proto/envoy/api/v2/rds.proto +++ b/api/src/main/proto/envoy/api/v2/rds.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.api.v2; +option java_package = "io.envoyproxy.envoy.api.v2"; +option java_multiple_files = true; option java_generic_services = true; @@ -11,6 +13,7 @@ import "envoy/api/v2/route/route.proto"; import "google/api/annotations.proto"; import "google/protobuf/wrappers.proto"; +import "validate/validate.proto"; import "gogoproto/gogo.proto"; option (gogoproto.equal_all) = true; @@ -63,7 +66,8 @@ message RouteConfiguration { // :ref:`envoy_api_msg_route.RouteAction`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption response_headers_to_add = 4; + repeated core.HeaderValueOption response_headers_to_add = 4 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each response // that the connection manager encodes. @@ -75,7 +79,8 @@ message RouteConfiguration { // :ref:`envoy_api_msg_route.RouteAction`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption request_headers_to_add = 6; + repeated core.HeaderValueOption request_headers_to_add = 6 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each request // routed by the HTTP connection manager. diff --git a/api/src/main/proto/envoy/api/v2/route/route.proto b/api/src/main/proto/envoy/api/v2/route/route.proto index 51fb5ce5f..7fbe350b5 100644 --- a/api/src/main/proto/envoy/api/v2/route/route.proto +++ b/api/src/main/proto/envoy/api/v2/route/route.proto @@ -1,12 +1,15 @@ syntax = "proto3"; package envoy.api.v2.route; +option java_package = "io.envoyproxy.envoy.api.v2.route"; +option java_multiple_files = true; option go_package = "route"; option java_generic_services = true; import "envoy/api/v2/core/base.proto"; import "envoy/type/range.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -25,7 +28,7 @@ option (gogoproto.equal_all) = true; // host header. This allows a single listener to service multiple top level domain path trees. Once // a virtual host is selected based on the domain, the routes are processed in order to see which // upstream cluster to route to or whether to perform a redirect. -// [#comment:next free field: 14] +// [#comment:next free field: 16] message VirtualHost { // The logical name of the virtual host. This is used when emitting certain // statistics but is not relevant for routing. @@ -80,7 +83,8 @@ message VirtualHost { // enclosing :ref:`envoy_api_msg_RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption request_headers_to_add = 7; + repeated core.HeaderValueOption request_headers_to_add = 7 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each request // handled by this virtual host. @@ -92,7 +96,8 @@ message VirtualHost { // enclosing :ref:`envoy_api_msg_RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption response_headers_to_add = 10; + repeated core.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each response // handled by this virtual host. @@ -109,6 +114,24 @@ message VirtualHost { // specific; see the :ref:`HTTP filter documentation ` // for if and how it is utilized. map per_filter_config = 12; + + // [#not-implemented-hide:] + // The per_filter_config field can be used to provide virtual host-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` + // for if and how it is utilized. + map typed_per_filter_config = 15; + + // Decides whether the :ref:`x-envoy-attempt-count + // ` header should be included + // in the upstream request. Setting this option will cause it to override any existing header + // value, so in the case of two Envoys on the request path with this option enabled, the upstream + // will see the attempt count as perceived by the second Envoy. Defaults to false. + // This header is unaffected by the + // :ref:`suppress_envoy_headers + // ` flag. + bool include_request_attempt_count = 14; } // A route is both a specification of how to match a request as well as an indication of what to do @@ -118,7 +141,7 @@ message VirtualHost { // // Envoy supports routing on HTTP method via :ref:`header matching // `. -// [#comment:next free field: 13] +// [#comment:next free field: 14] message Route { // Route matching parameters. RouteMatch match = 1 [(validate.rules).message.required = true, (gogoproto.nullable) = false]; @@ -155,13 +178,22 @@ message Route { // if and how it is utilized. map per_filter_config = 8; + // [#not-implemented-hide:] + // The per_filter_config field can be used to provide route-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` for + // if and how it is utilized. + map typed_per_filter_config = 13; + // Specifies a set of headers that will be added to requests matching this // route. Headers specified at this level are applied before headers from the // enclosing :ref:`envoy_api_msg_route.VirtualHost` and // :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption request_headers_to_add = 9; + repeated core.HeaderValueOption request_headers_to_add = 9 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each request // matching this route. @@ -173,7 +205,8 @@ message Route { // :ref:`envoy_api_msg_RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on // :ref:`custom request headers `. - repeated core.HeaderValueOption response_headers_to_add = 10; + repeated core.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each response // to requests matching this route. @@ -186,7 +219,7 @@ message Route { // multiple upstream clusters along with weights that indicate the percentage of // traffic to be forwarded to each cluster. The router selects an upstream cluster based on the // weights. -// [#comment:next free field: 10] +// [#comment:next free field: 11] message WeightedCluster { message ClusterWeight { // Name of the upstream cluster. The cluster must exist in the @@ -213,7 +246,8 @@ message WeightedCluster { // :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption request_headers_to_add = 4; + repeated core.HeaderValueOption request_headers_to_add = 4 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of HTTP headers that should be removed from each request when // this cluster is selected through the enclosing :ref:`envoy_api_msg_route.RouteAction`. @@ -226,7 +260,8 @@ message WeightedCluster { // :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. - repeated core.HeaderValueOption response_headers_to_add = 5; + repeated core.HeaderValueOption response_headers_to_add = 5 + [(validate.rules).repeated .max_items = 1000]; // Specifies a list of headers to be removed from responses when this cluster is selected // through the enclosing :ref:`envoy_api_msg_route.RouteAction`. @@ -240,6 +275,14 @@ message WeightedCluster { // specific; see the :ref:`HTTP filter documentation ` // for if and how it is utilized. map per_filter_config = 8; + + // [#not-implemented-hide:] + // The per_filter_config field can be used to provide weighted cluster-specific + // configurations for filters. The key should match the filter name, such as + // *envoy.buffer* for the HTTP buffer filter. Use of this field is filter + // specific; see the :ref:`HTTP filter documentation ` + // for if and how it is utilized. + map typed_per_filter_config = 10; } // Specifies one or more upstream clusters associated with the route. @@ -291,16 +334,25 @@ message RouteMatch { // is true. google.protobuf.BoolValue case_sensitive = 4; - // Indicates that the route should additionally match on a runtime key. An - // integer between 0-100. Every time the route is considered for a match, a - // random number between 0-99 is selected. If the number is <= the value found - // in the key (checked first) or, if the key is not present, the default - // value, the route is a match (assuming everything also about the route - // matches). A runtime route configuration can be used to roll out route changes in a - // gradual manner without full code/config deploys. Refer to the - // :ref:`traffic shifting ` docs - // for additional documentation. - core.RuntimeUInt32 runtime = 5; + reserved 5; + + // Indicates that the route should additionally match on a runtime key. Every time the route + // is considered for a match, it must also fall under the percentage of matches indicated by + // this field. For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numberator N, or if the key is not present, the default + // value, the router continues to evaluate the remaining match criteria. A runtime_fraction + // route configuration can be used to roll out route changes in a gradual manner without full + // code/config deploys. Refer to the :ref:`traffic shifting + // ` docs for additional documentation. + // + // .. note:: + // + // Parsing this field is implemented such that the runtime key's data may be represented + // as a FractionalPercent proto represented as JSON/YAML and may also be represented as an + // integer with the assumption that the value is an integral percentage out of 100. For + // instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent + // whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics. + core.RuntimeFractionalPercent runtime_fraction = 9; // Specifies a set of headers that the route should match on. The router will // check the request’s headers against all the specified headers in the route @@ -356,7 +408,7 @@ message CorsPolicy { google.protobuf.BoolValue enabled = 7; } -// [#comment:next free field: 25] +// [#comment:next free field: 26] message RouteAction { oneof cluster_specifier { option (validate.required) = true; @@ -485,29 +537,42 @@ message RouteAction { message RetryPriority { string name = 1 [(validate.rules).string.min_bytes = 1]; - google.protobuf.Struct config = 2; + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } - // [#not-implemented-hide:] // Specifies an implementation of a RetryPriority which is used to determine the - // distribution of load across priorities used for retries. + // distribution of load across priorities used for retries. Refer to + // :ref:`retry plugin configuration ` for more details. RetryPriority retry_priority = 4; message RetryHostPredicate { string name = 1 [(validate.rules).string.min_bytes = 1]; - google.protobuf.Struct config = 2; + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } - // [#not-implemented-hide:] // Specifies a collection of RetryHostPredicates that will be consulted when selecting a host // for retries. If any of the predicates reject the host, host selection will be reattempted. + // Refer to :ref:`retry plugin configuration ` for more + // details. repeated RetryHostPredicate retry_host_predicate = 5; - // [#not-implemented-hide:] // The maximum number of times host selection will be reattempted before giving up, at which // point the host that was last selected will be routed to. If unspecified, this will default to // retrying once. int64 host_selection_retry_max_attempts = 6; + + // HTTP status codes that should trigger a retry in addition to those specified by retry_on. + repeated uint32 retriable_status_codes = 7; } // Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, @@ -552,7 +617,35 @@ message RouteAction { // 0.01% of requests to be mirrored. If the runtime key is specified in the // configuration but not present in runtime, 0 is the default and thus 0% of // requests will be mirrored. - string runtime_key = 2; + // + // .. attention:: + // + // **This field is deprecated**. Set the + // :ref:`runtime_fraction + // ` field instead. + string runtime_key = 2 [deprecated = true]; + + // If both :ref:`runtime_key + // ` and this field are not + // specified, all requests to the target cluster will be mirrored. + // + // If specified, this field takes precedence over the `runtime_key` field and requests must also + // fall under the percentage of matches indicated by this field. + // + // For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numberator N, or if the key is not present, the default + // value, the request will be mirrored. + // + // .. note:: + // + // Parsing this field is implemented such that the runtime key's data may be represented + // as a :ref:`FractionalPercent ` proto represented + // as JSON/YAML and may also be represented as an integer with the assumption that the value + // is an integral percentage out of 100. For instance, a runtime key lookup returning the + // value "42" would parse as a `FractionalPercent` whose numerator is 42 and denominator is + // HUNDRED. This is behaviour is different to that of the deprecated `runtime_key` field, + // where the implicit denominator is 10000. + core.RuntimeFractionalPercent runtime_fraction = 3; } // Indicates that the route has a request mirroring policy. @@ -675,49 +768,8 @@ message RouteAction { // ignoring the rest of the hash policy list. repeated HashPolicy hash_policy = 15; - // Indicates that a HTTP/1.1 client connection to this particular route is allowed to - // upgrade to a WebSocket connection. The default is false. - // - // .. attention:: - // - // If a connection is upgraded to a WebSocket connection, Envoy will set up plain TCP - // proxying between the client and the upstream server. Hence, an upstream - // server that rejects the WebSocket upgrade request is also responsible for - // closing the associated connection. Until then, Envoy will continue to - // proxy data from the client to the upstream server. - // - // Redirects are not supported on routes where WebSocket upgrades are allowed. - google.protobuf.BoolValue use_websocket = 16 [deprecated = true]; - - message WebSocketProxyConfig { - // See :ref:`stat_prefix - // `. If the parameter - // is not specified, the default value of "websocket" is used. - // - // WebSocket connections support the :ref:`downstream statistics - // ` for TCP proxy, except for the following, which are - // reported in the :ref:`HTTP Connection Manager statistics `: - // - downstream_cx_tx_bytes_total - // - downstream_cx_tx_bytes_buffered - // - downstream_cx_rx_bytes_total - // - downstream_cx_rx_bytes_buffered - string stat_prefix = 1; - - // See :ref:`idle_timeout - // `. This timeout is - // only in effect after the WebSocket upgrade request is received by Envoy. It does not cover - // the initial part of the HTTP request. - google.protobuf.Duration idle_timeout = 2 - [(validate.rules).duration.gt = {}, (gogoproto.stdduration) = true]; - - // See :ref:`max_connect_attempts - // `. - google.protobuf.UInt32Value max_connect_attempts = 3 [(validate.rules).uint32.gte = 1]; - } - - // Proxy configuration used for WebSocket connections. If unset, the default values as specified - // in :ref:`TcpProxy ` are used. - WebSocketProxyConfig websocket_config = 22 [deprecated = true]; + reserved 16; + reserved 22; // Indicates that the route has a CORS policy. CorsPolicy cors = 17; @@ -735,11 +787,40 @@ message RouteAction { // This can be used to prevent unexpected upstream request timeouts due to potentially long // time gaps between gRPC request and response in gRPC streaming mode. google.protobuf.Duration max_grpc_timeout = 23 [(gogoproto.stdduration) = true]; + + // Allows enabling and disabling upgrades on a per-route basis. + // This overrides any enabled/disabled upgrade filter chain specified in the + // HttpConnectionManager + // :ref:upgrade_configs` + // ` + // but does not affect any custom filter chain specified there. + message UpgradeConfig { + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] will be proxied upstream. + string upgrade_type = 1; + // Determines if upgrades are available on this route. Defaults to true. + google.protobuf.BoolValue enabled = 2; + }; + repeated UpgradeConfig upgrade_configs = 25; } message RedirectAction { + // When the scheme redirection take place, the following rules apply: + // 1. If the source URI scheme is `http` and the port is explicitly + // set to `:80`, the port will be removed after the redirection + // 2. If the source URI scheme is `https` and the port is explicitly + // set to `:443`, the port will be removed after the redirection + oneof scheme_rewrite_specifier { + // The scheme portion of the URL will be swapped with "https". + bool https_redirect = 4; + // The scheme portion of the URL will be swapped with this value. + string scheme_redirect = 7; + } // The host portion of the URL will be swapped with this value. string host_redirect = 1; + // The port value of the URL will be swapped with this value. + uint32 port_redirect = 8; oneof path_rewrite_specifier { // The path portion of the URL will be swapped with this value. @@ -777,9 +858,6 @@ message RedirectAction { // code is MOVED_PERMANENTLY (301). RedirectResponseCode response_code = 3 [(validate.rules).enum.defined_only = true]; - // The scheme portion of the URL will be swapped with "https". - bool https_redirect = 4; - // Indicates that during redirection, the query portion of the URL will // be removed. Default value is false. bool strip_query = 6; diff --git a/api/src/main/proto/envoy/config/accesslog/v2/als.proto b/api/src/main/proto/envoy/config/accesslog/v2/als.proto index 5dd965a6c..0c51d123c 100644 --- a/api/src/main/proto/envoy/config/accesslog/v2/als.proto +++ b/api/src/main/proto/envoy/config/accesslog/v2/als.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.accesslog.v2; +option java_package = "io.envoyproxy.envoy.config.accesslog.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/grpc_service.proto"; diff --git a/api/src/main/proto/envoy/config/accesslog/v2/file.proto b/api/src/main/proto/envoy/config/accesslog/v2/file.proto index d1ca2d1e4..bd22ef2e9 100644 --- a/api/src/main/proto/envoy/config/accesslog/v2/file.proto +++ b/api/src/main/proto/envoy/config/accesslog/v2/file.proto @@ -1,9 +1,12 @@ syntax = "proto3"; package envoy.config.accesslog.v2; +option java_package = "io.envoyproxy.envoy.config.accesslog.v2"; +option java_multiple_files = true; option go_package = "v2"; import "validate/validate.proto"; +import "google/protobuf/struct.proto"; // [#protodoc-title: File access log] @@ -17,5 +20,11 @@ message FileAccessLog { // Access log format. Envoy supports :ref:`custom access log formats // ` as well as a :ref:`default format // `. - string format = 2; + oneof access_log_format { + // Access log :ref:`format string` + string format = 2; + + // Access log :ref:`format dictionary` + google.protobuf.Struct json_format = 3; + } } diff --git a/api/src/main/proto/envoy/config/bootstrap/v2/bootstrap.proto b/api/src/main/proto/envoy/config/bootstrap/v2/bootstrap.proto index 19ac3223d..13a88b95a 100644 --- a/api/src/main/proto/envoy/config/bootstrap/v2/bootstrap.proto +++ b/api/src/main/proto/envoy/config/bootstrap/v2/bootstrap.proto @@ -6,6 +6,8 @@ syntax = "proto3"; package envoy.config.bootstrap.v2; +option java_package = "io.envoyproxy.envoy.config.bootstrap.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/address.proto"; @@ -39,7 +41,7 @@ message Bootstrap { // `, it's necessary // to have some initial cluster definitions available to allow Envoy to know // how to speak to the management server. These cluster definitions may not - // use :ref:`EDS ` (i.e. they should be static + // use :ref:`EDS ` (i.e. they should be static // IP or DNS-based). repeated envoy.api.v2.Cluster clusters = 2 [(gogoproto.nullable) = false]; @@ -69,17 +71,7 @@ message Bootstrap { // streamed on the ADS channel. envoy.api.v2.core.ApiConfigSource ads_config = 3; - // [#not-implemented-hide:] Hide from docs. - message DeprecatedV1 { - // This is the global :ref:`SDS ` config - // when using v1 REST for :ref:`CDS - // `/:ref:`EDS - // `. - envoy.api.v2.core.ConfigSource sds_config = 1; - } - - // [#not-implemented-hide:] Hide from docs. - DeprecatedV1 deprecated_v1 = 4 [deprecated = true]; + reserved 4; } // xDS configuration sources. DynamicResources dynamic_resources = 3; @@ -117,14 +109,14 @@ message Bootstrap { // Configuration for an external rate limit service provider. If not // specified, any calls to the rate limit service will immediately return // success. - envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 10; + envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 10 [deprecated = true]; // Configuration for the runtime configuration provider. If not specified, a // “null” provider will be used which will result in all defaults being used. Runtime runtime = 11; // Configuration for the local administration HTTP server. - Admin admin = 12 [(validate.rules).message.required = true, (gogoproto.nullable) = false]; + Admin admin = 12; // Optional overload manager configuration. envoy.config.overload.v2alpha.OverloadManager overload_manager = 15; @@ -134,8 +126,9 @@ message Bootstrap { // `. message Admin { // The path to write the access log for the administration server. If no - // access log is desired specify ‘/dev/null’. - string access_log_path = 1 [(validate.rules).string.min_bytes = 1]; + // access log is desired specify ‘/dev/null’. This is only required if + // :ref:`address ` is set. + string access_log_path = 1; // The cpu profiler output path for the administration server. If no profile // path is specified, the default is ‘/var/log/envoy/envoy.prof’. diff --git a/api/src/main/proto/envoy/config/filter/accesslog/v2/accesslog.proto b/api/src/main/proto/envoy/config/filter/accesslog/v2/accesslog.proto index fb1ec8e71..76f5994af 100644 --- a/api/src/main/proto/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/api/src/main/proto/envoy/config/filter/accesslog/v2/accesslog.proto @@ -1,12 +1,15 @@ syntax = "proto3"; package envoy.config.filter.accesslog.v2; +option java_package = "io.envoyproxy.envoy.config.filter.accesslog.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/base.proto"; import "envoy/api/v2/route/route.proto"; import "envoy/type/percent.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; import "validate/validate.proto"; @@ -24,14 +27,19 @@ message AccessLog { // Filter which is used to determine if the access log needs to be written. AccessLogFilter filter = 2; - // Custom configuration that depends on the access log being instantiated. Built-in configurations - // include: + // Custom configuration that depends on the access log being instantiated. Built-in + // configurations include: // // #. "envoy.file_access_log": :ref:`FileAccessLog // ` // #. "envoy.http_grpc_access_log": :ref:`HttpGrpcAccessLogConfig // ` - google.protobuf.Struct config = 3; + oneof config_type { + google.protobuf.Struct config = 3; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 4; + } } message AccessLogFilter { @@ -162,6 +170,23 @@ message ResponseFlagFilter { // This field is optional. If it is not specified, then any response flag will pass // the filter check. repeated string flags = 1 [(validate.rules).repeated .items.string = { - in: ["LH", "UH", "UT", "LR", "UR", "UF", "UC", "UO", "NR", "DI", "FI", "RL", "UAEX", "RLSE"] + in: [ + "LH", + "UH", + "UT", + "LR", + "UR", + "UF", + "UC", + "UO", + "NR", + "DI", + "FI", + "RL", + "UAEX", + "RLSE", + "DC", + "URX" + ] }]; } diff --git a/api/src/main/proto/envoy/config/filter/fault/v2/fault.proto b/api/src/main/proto/envoy/config/filter/fault/v2/fault.proto index 8cfd17ed4..15eefbed7 100644 --- a/api/src/main/proto/envoy/config/filter/fault/v2/fault.proto +++ b/api/src/main/proto/envoy/config/filter/fault/v2/fault.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.fault.v2; +option java_package = "io.envoyproxy.envoy.config.filter.fault.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/type/percent.proto"; @@ -24,13 +26,7 @@ message FaultDelay { // supported. FaultDelayType type = 1 [(validate.rules).enum.defined_only = true]; - // An integer between 0-100 indicating the percentage of operations/connection requests - // on which the delay will be injected. - // - // .. attention:: - // - // Use of integer `percent` value is deprecated. Use fractional `percentage` field instead. - uint32 percent = 2 [(validate.rules).uint32.lte = 100, deprecated = true]; + reserved 2; oneof fault_delay_secifier { option (validate.required) = true; diff --git a/api/src/main/proto/envoy/config/filter/http/buffer/v2/buffer.proto b/api/src/main/proto/envoy/config/filter/http/buffer/v2/buffer.proto index 63484d2c2..b476800b3 100644 --- a/api/src/main/proto/envoy/config/filter/http/buffer/v2/buffer.proto +++ b/api/src/main/proto/envoy/config/filter/http/buffer/v2/buffer.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.buffer.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.buffer.v2"; +option java_multiple_files = true; option go_package = "v2"; import "google/protobuf/duration.proto"; @@ -19,13 +21,10 @@ message Buffer { // The maximum number of seconds that the filter will wait for a complete // request before returning a 408 response. - google.protobuf.Duration max_request_time = 2 [ - (validate.rules).duration = { - required: true, - gt: {} - }, - (gogoproto.stdduration) = true - ]; + // deprecated in favor of http connection manager of :ref:request timeouts + // + google.protobuf.Duration max_request_time = 2 + [deprecated = true, (validate.rules).duration = {gt: {}}, (gogoproto.stdduration) = true]; } message BufferPerRoute { diff --git a/api/src/main/proto/envoy/config/filter/http/ext_authz/v2alpha/ext_authz.proto b/api/src/main/proto/envoy/config/filter/http/ext_authz/v2alpha/ext_authz.proto index cce5d1663..6d8566ad4 100644 --- a/api/src/main/proto/envoy/config/filter/http/ext_authz/v2alpha/ext_authz.proto +++ b/api/src/main/proto/envoy/config/filter/http/ext_authz/v2alpha/ext_authz.proto @@ -1,12 +1,16 @@ syntax = "proto3"; package envoy.config.filter.http.ext_authz.v2alpha; +option java_package = "io.envoyproxy.envoy.config.filter.http.ext_authz.v2alpha"; +option java_multiple_files = true; option go_package = "v2alpha"; import "envoy/api/v2/core/base.proto"; import "envoy/api/v2/core/grpc_service.proto"; import "envoy/api/v2/core/http_uri.proto"; +import "validate/validate.proto"; + // [#protodoc-title: External Authorization ] // The external authorization service configuration // :ref:`configuration overview `. @@ -32,7 +36,7 @@ message ExtAuthz { } // The filter's behaviour in case the external authorization service does - // not respond back. When it is set to true, Envoy will also allow traffic in case of + // not respond back. When set to true, Envoy will also allow traffic in cases when // an error occurs during the authorization process. // Defaults to false. bool failure_mode_allow = 2; @@ -45,7 +49,7 @@ message ExtAuthz { // A successful check allows the authorization service adding or overriding headers from the // original request before dispatching it to the upstream. This is done by configuring which headers // in the authorization response should be sent to the upstream. See *allowed_authorization_headers* -// bellow. +// below. // // A failed check will cause this filter to close the HTTP request with 403 (Forbidden), // unless a different status code has been indicated by the authorization server via response @@ -88,3 +92,36 @@ message HttpService { // authorization server. Note that these will override the headers coming from the downstream. repeated envoy.api.v2.core.HeaderValue authorization_headers_to_add = 6; } + +// Extra settings on a per virtualhost/route/weighter-cluster level. +message ExtAuthzPerRoute { + oneof override { + option (validate.required) = true; + + // Disable the ext auth filter for this particular vhost or route. + // If disabled is specified in multiple per-filter-configs, the most specific one will be used. + bool disabled = 1 [(validate.rules).bool.const = true]; + + // Check request settings for this route. + CheckSettings check_settings = 2 [(validate.rules).message.required = true]; + } +} + +// Extra settings for the check request. You can use this to provide extra context for the +// ext-authz server on specific virtual hosts \ routes. For example, adding a context extension on +// the virtual host level can give the ext-authz server information on what virtual host is used +// without needing to parse the host header. +// If CheckSettings is specified in multiple per-filter-configs, they will be merged in order, +// and the result will be be used. +message CheckSettings { + // Context extensions to set on the CheckRequest's + // :ref:`AttributeContext.context_extensions` + // + // Merge semantics for this field are such that keys from more specific configs override. + // + // .. note:: + // + // These settings are only applied to a filter configured with a + // :ref:`grpc_service`. + map context_extensions = 1; +} diff --git a/api/src/main/proto/envoy/config/filter/http/fault/v2/fault.proto b/api/src/main/proto/envoy/config/filter/http/fault/v2/fault.proto index 36e1d01a6..e1e24e6f9 100644 --- a/api/src/main/proto/envoy/config/filter/http/fault/v2/fault.proto +++ b/api/src/main/proto/envoy/config/filter/http/fault/v2/fault.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.fault.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.fault.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/route/route.proto"; @@ -13,13 +15,7 @@ import "validate/validate.proto"; // Fault Injection :ref:`configuration overview `. message FaultAbort { - // An integer between 0-100 indicating the percentage of requests/operations/connections - // that will be aborted with the error code provided. - // - // .. attention:: - // - // Use of integer `percent` value is deprecated. Use fractional `percentage` field instead. - uint32 percent = 1 [(validate.rules).uint32.lte = 100, deprecated = true]; + reserved 1; oneof error_type { option (validate.required) = true; @@ -50,12 +46,12 @@ message HTTPFault { // Specifies a set of headers that the filter should match on. The fault // injection filter can be applied selectively to requests that match a set of // headers specified in the fault filter config. The chances of actual fault - // injection further depend on the value of the :ref:`percent - // ` field. The filter will - // check the request's headers against all the specified headers in the filter - // config. A match will happen if all the headers in the config are present in - // the request with the same values (or based on presence if the *value* field - // is not in the config). + // injection further depend on the value of the :ref:`percentage + // ` field. + // The filter will check the request's headers against all the specified + // headers in the filter config. A match will happen if all the headers in the + // config are present in the request with the same values (or based on + // presence if the *value* field is not in the config). repeated envoy.api.v2.route.HeaderMatcher headers = 4; // Faults are injected for the specified list of downstream hosts. If this diff --git a/api/src/main/proto/envoy/config/filter/http/gzip/v2/gzip.proto b/api/src/main/proto/envoy/config/filter/http/gzip/v2/gzip.proto index d98972e93..63216c54d 100644 --- a/api/src/main/proto/envoy/config/filter/http/gzip/v2/gzip.proto +++ b/api/src/main/proto/envoy/config/filter/http/gzip/v2/gzip.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.gzip.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.gzip.v2"; +option java_multiple_files = true; option go_package = "v2"; import "google/protobuf/wrappers.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto b/api/src/main/proto/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto index 813dacfd9..2adaa8dc7 100644 --- a/api/src/main/proto/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto +++ b/api/src/main/proto/envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.header_to_metadata.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.header_to_metadata.v2"; +option java_multiple_files = true; option go_package = "v2"; import "validate/validate.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/health_check/v2/health_check.proto b/api/src/main/proto/envoy/config/filter/http/health_check/v2/health_check.proto index 0f584b451..c3c8290d9 100644 --- a/api/src/main/proto/envoy/config/filter/http/health_check/v2/health_check.proto +++ b/api/src/main/proto/envoy/config/filter/http/health_check/v2/health_check.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.health_check.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.health_check.v2"; +option java_multiple_files = true; option go_package = "v2"; import "google/protobuf/duration.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto b/api/src/main/proto/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto index 902e90a2b..a8d86d71d 100644 --- a/api/src/main/proto/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto +++ b/api/src/main/proto/envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.ip_tagging.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.ip_tagging.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/address.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/jwt_authn/v2alpha/config.proto b/api/src/main/proto/envoy/config/filter/http/jwt_authn/v2alpha/config.proto index 85e134bcc..1a52ae1cc 100644 --- a/api/src/main/proto/envoy/config/filter/http/jwt_authn/v2alpha/config.proto +++ b/api/src/main/proto/envoy/config/filter/http/jwt_authn/v2alpha/config.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.config.filter.http.jwt_authn.v2alpha; +option java_package = "io.envoyproxy.envoy.config.filter.http.jwt_authn.v2alpha"; +option java_multiple_files = true; import "envoy/api/v2/core/base.proto"; import "envoy/api/v2/core/http_uri.proto"; @@ -11,10 +13,19 @@ import "google/protobuf/empty.proto"; import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; -// This message specifies how a JSON Web Token (JWT) can be verified. JWT format is defined -// `here `_. Please see `OAuth2.0 -// `_ and `OIDC1.0 `_ for -// the authentication flow. +// Please see following for JWT authentication flow: +// +// * `JSON Web Token (JWT) `_ +// * `The OAuth 2.0 Authorization Framework `_ +// * `OpenID Connect `_ +// +// A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies: +// +// * issuer: the principal that issues the JWT. It has to match the one from the token. +// * allowed audiences: the ones in the token have to be listed here. +// * how to fetch public key JWKS to verify the token signature. +// * how to extract JWT token in the request. +// * how to pass successfully verified token payload. // // Example: // @@ -32,15 +43,15 @@ import "validate/validate.proto"; // seconds: 300 // message JwtProvider { - // Identifies the principal that issued the JWT. See `here - // `_. Usually a URL or an email address. + // Specify the `principal `_ that issued + // the JWT, usually a URL or an email address. // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com // string issuer = 1 [(validate.rules).string.min_bytes = 1]; - // The list of JWT `audiences `_. that are + // The list of JWT `audiences `_ are // allowed to access. A JWT containing any of these audiences will be accepted. If not specified, // will not check audiences in the token. // @@ -54,8 +65,8 @@ message JwtProvider { // repeated string audiences = 2; - // `JSON Web Key Set `_ is needed. to validate - // signature of the JWT. This field specifies where to fetch JWKS. + // `JSON Web Key Set (JWKS) `_ is needed to + // validate signature of a JWT. This field specifies where to fetch JWKS. oneof jwks_source_specifier { option (validate.required) = true; @@ -90,7 +101,7 @@ message JwtProvider { // .. code-block:: yaml // // local_jwks: - // inline_string: "ACADADADADA" + // inline_string: ACADADADADA // envoy.api.v2.core.DataSource local_jwks = 4; } @@ -103,18 +114,16 @@ message JwtProvider { // // If no explicit location is specified, the following default locations are tried in order: // - // 1. The Authorization header using the Bearer schema. See `here - // `_. Example: + // 1. The Authorization header using the `Bearer schema + // `_. Example:: // - // Authorization: Bearer . + // Authorization: Bearer . // - // 2. `access_token` query parameter. See `this - // `_ + // 2. `access_token `_ query parameter. // - // Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations - // its issuer specified or from the default locations. - + // its provider specified or from the default locations. + // // Specify the HTTP headers to extract JWT token. For examples, following config: // // .. code-block:: yaml @@ -149,11 +158,25 @@ message JwtProvider { // base64_encoded(jwt_payload_in_JSON) // // If it is not specified, the payload will not be forwarded. - // Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the - // same issuer will not be supported. Each issuer can config this `forward_payload_header`. If - // multiple JWTs from different issuers want to forward their payloads, their - // `forward_payload_header` should be different. string forward_payload_header = 8; + + // If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata + // in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** + // The value is the *protobuf::Struct*. The value of this field will be the key for its *fields* + // and the value is the *protobuf::Struct* converted from JWT JSON payload. + // + // For example, if payload_in_metadata is *my_payload*: + // + // .. code-block:: yaml + // + // envoy.filters.http.jwt_authn: + // my_payload: + // iss: https://example.com + // sub: test@example.com + // aud: https://example.com + // exp: 1501281058 + // + string payload_in_metadata = 9; } // This message specifies how to fetch JWKS from remote and how to cache it. @@ -201,37 +224,37 @@ message ProviderWithAudiences { // # Example 1: not required with an empty message // // # Example 2: require A -// provider_name: "provider-A" +// provider_name: provider-A // // # Example 3: require A or B // requires_any: // requirements: -// - provider_name: "provider-A" -// - provider_name: "provider-B" +// - provider_name: provider-A +// - provider_name: provider-B // // # Example 4: require A and B // requires_all: // requirements: -// - provider_name: "provider-A" -// - provider_name: "provider-B" +// - provider_name: provider-A +// - provider_name: provider-B // // # Example 5: require A and (B or C) // requires_all: // requirements: -// - provider_name: "provider-A" +// - provider_name: provider-A // - requires_any: // requirements: -// - provider_name: "provider-B" -// - provider_name: "provider-C" +// - provider_name: provider-B +// - provider_name: provider-C // // # Example 6: require A or (B and C) // requires_any: // requirements: -// - provider_name: "provider-A" +// - provider_name: provider-A // - requires_all: // requirements: -// - provider_name: "provider-B" -// - provider_name: "provider-C" +// - provider_name: provider-B +// - provider_name: provider-C // message JwtRequirement { oneof requires_type { @@ -277,7 +300,7 @@ message JwtRequirementAndList { // .. code-block:: yaml // // - match: -// prefix: "/healthz" +// prefix: /healthz // // In above example, "requires" field is empty for /healthz prefix match, // it means that requests matching the path prefix don't require JWT authentication. @@ -287,8 +310,8 @@ message JwtRequirementAndList { // .. code-block:: yaml // // - match: -// prefix: "/" -// requires: { provider_name: "provider-A" } +// prefix: / +// requires: { provider_name: provider-A } // // In above example, all requests matched the path prefix require jwt authentication // from "provider-A". @@ -301,7 +324,7 @@ message RequirementRule { // .. code-block:: yaml // // match: - // prefix: "/" + // prefix: / // envoy.api.v2.route.RouteMatch match = 1 [(validate.rules).message.required = true]; @@ -333,22 +356,22 @@ message RequirementRule { // rules: // # Not jwt verification is required for /health path // - match: -// prefix: "/health" +// prefix: /health // // # Jwt verification for provider1 is required for path prefixed with "prefix" // - match: -// prefix: "/prefix" +// prefix: /prefix // requires: -// provider_name: "provider1" +// provider_name: provider1 // // # Jwt verification for either provider1 or provider2 is required for all other requests. // - match: -// prefix: "/" +// prefix: / // requires: // requires_any: // requirements: -// - provider_name: "provider1" -// - provider_name: "provider2" +// - provider_name: provider1 +// - provider_name: provider2 // message JwtAuthentication { // Map of provider names to JwtProviders. @@ -380,22 +403,26 @@ message JwtAuthentication { // .. code-block:: yaml // // rules: - // - match: { prefix: "/healthz" } - // - match: { prefix: "/baz" } + // - match: + // prefix: /healthz + // - match: + // prefix: /baz // requires: - // provider_name: "provider1" - // - match: { prefix: "/foo" } + // provider_name: provider1 + // - match: + // prefix: /foo // requires: // requires_any: // requirements: - // - provider_name: "provider1" - // - provider_name: "provider2" - // - match: { prefix: "/bar" } + // - provider_name: provider1 + // - provider_name: provider2 + // - match: + // prefix: /bar // requires: // requires_all: // requirements: - // - provider_name: "provider1" - // - provider_name: "provider2" + // - provider_name: provider1 + // - provider_name: provider2 // repeated RequirementRule rules = 2; } diff --git a/api/src/main/proto/envoy/config/filter/http/lua/v2/lua.proto b/api/src/main/proto/envoy/config/filter/http/lua/v2/lua.proto index f42f1b6ef..3c0887b3d 100644 --- a/api/src/main/proto/envoy/config/filter/http/lua/v2/lua.proto +++ b/api/src/main/proto/envoy/config/filter/http/lua/v2/lua.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.lua.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.lua.v2"; +option java_multiple_files = true; option go_package = "v2"; import "validate/validate.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/rate_limit/v2/rate_limit.proto b/api/src/main/proto/envoy/config/filter/http/rate_limit/v2/rate_limit.proto index d79764745..a1cfabbfa 100644 --- a/api/src/main/proto/envoy/config/filter/http/rate_limit/v2/rate_limit.proto +++ b/api/src/main/proto/envoy/config/filter/http/rate_limit/v2/rate_limit.proto @@ -1,8 +1,12 @@ syntax = "proto3"; package envoy.config.filter.http.rate_limit.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.rate_limit.v2"; +option java_multiple_files = true; option go_package = "v2"; +import "envoy/config/ratelimit/v2/rls.proto"; + import "google/protobuf/duration.proto"; import "validate/validate.proto"; @@ -40,4 +44,16 @@ message RateLimit { // communication failure between rate limiting service and the proxy. // Defaults to false. bool failure_mode_deny = 5; + + // Specifies whether a `RESOURCE_EXHAUSTED` gRPC code must be returned instead + // of the default `UNAVAILABLE` gRPC code for a rate limited gRPC call. The + // HTTP code will be 200 for a gRPC response. + bool rate_limited_as_resource_exhausted = 6; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + // [#comment:TODO(ramaraochavali): Make this required as part of cleanup of deprecated ratelimit + // service config in bootstrap.] + envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 7; } diff --git a/api/src/main/proto/envoy/config/filter/http/rbac/v2/rbac.proto b/api/src/main/proto/envoy/config/filter/http/rbac/v2/rbac.proto index 2947c8b69..847372edf 100644 --- a/api/src/main/proto/envoy/config/filter/http/rbac/v2/rbac.proto +++ b/api/src/main/proto/envoy/config/filter/http/rbac/v2/rbac.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.rbac.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.rbac.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/config/rbac/v2alpha/rbac.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/router/v2/router.proto b/api/src/main/proto/envoy/config/filter/http/router/v2/router.proto index 5ecf88c5d..b8a394c4a 100644 --- a/api/src/main/proto/envoy/config/filter/http/router/v2/router.proto +++ b/api/src/main/proto/envoy/config/filter/http/router/v2/router.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.router.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.router.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/config/filter/accesslog/v2/accesslog.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/squash/v2/squash.proto b/api/src/main/proto/envoy/config/filter/http/squash/v2/squash.proto index a1455417b..472cc9331 100644 --- a/api/src/main/proto/envoy/config/filter/http/squash/v2/squash.proto +++ b/api/src/main/proto/envoy/config/filter/http/squash/v2/squash.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.squash.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.squash.v2"; +option java_multiple_files = true; option go_package = "v2"; import "google/protobuf/duration.proto"; diff --git a/api/src/main/proto/envoy/config/filter/http/transcoder/v2/transcoder.proto b/api/src/main/proto/envoy/config/filter/http/transcoder/v2/transcoder.proto index 67d14ac84..342a8b5c1 100644 --- a/api/src/main/proto/envoy/config/filter/http/transcoder/v2/transcoder.proto +++ b/api/src/main/proto/envoy/config/filter/http/transcoder/v2/transcoder.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.http.transcoder.v2; +option java_package = "io.envoyproxy.envoy.config.filter.http.transcoder.v2"; +option java_multiple_files = true; option go_package = "v2"; import "validate/validate.proto"; @@ -61,4 +63,31 @@ message GrpcJsonTranscoder { // the match the upstream gRPC service. Note: This means that routes for gRPC services that are // not transcoded cannot be used in combination with *match_incoming_request_route*. bool match_incoming_request_route = 5; + + // A list of query parameters to be ignored for transcoding method mapping. + // By default, the transcoder filter will not transcode a request if there are any + // unknown/invalid query parameters. + // + // Example : + // + // .. code-block:: proto + // + // service Bookstore { + // rpc GetShelf(GetShelfRequest) returns (Shelf) { + // option (google.api.http) = { + // get: "/shelves/{shelf}" + // }; + // } + // } + // + // message GetShelfRequest { + // int64 shelf = 1; + // } + // + // message Shelf {} + // + // The request ``/shelves/100?foo=bar`` will not be mapped to ``GetShelf``` because variable + // binding for ``foo`` is not defined. Adding ``foo`` to ``ignored_query_parameters`` will allow + // the same request to be mapped to ``GetShelf``. + repeated string ignored_query_parameters = 6; } diff --git a/api/src/main/proto/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto b/api/src/main/proto/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto index 7d0321cf8..7a3a5487d 100644 --- a/api/src/main/proto/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto +++ b/api/src/main/proto/envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.client_ssl_auth.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.client_ssl_auth.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/address.proto"; diff --git a/api/src/main/proto/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto b/api/src/main/proto/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto new file mode 100644 index 000000000..ea98392af --- /dev/null +++ b/api/src/main/proto/envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.dubbo_proxy.v2alpha1; +option java_package = "io.envoyproxy.envoy.extensions.filters.network.dubbo_proxy.v2alpha1"; +option java_multiple_files = true; +option go_package = "v2"; + +import "validate/validate.proto"; + +// [#protodoc-title: Dubbo Proxy] +// Dubbo Proxy filter configuration. + +message DubboProxy { + // The human readable prefix to use when emitting statistics. + string stat_prefix = 1 [(validate.rules).string.min_bytes = 1]; + + // Configure the protocol used. + enum ProtocolType { + Dubbo = 0; // the default protocol. + } + ProtocolType protocol_type = 2 [(validate.rules).enum.defined_only = true]; + + // Configure the serialization protocol used. + enum SerializationType { + Hessian2 = 0; // the default serialization protocol. + } + SerializationType serialization_type = 3 [(validate.rules).enum.defined_only = true]; +} diff --git a/api/src/main/proto/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/api/src/main/proto/envoy/config/filter/network/ext_authz/v2/ext_authz.proto index 020fb8e51..8bfd00df2 100644 --- a/api/src/main/proto/envoy/config/filter/network/ext_authz/v2/ext_authz.proto +++ b/api/src/main/proto/envoy/config/filter/network/ext_authz/v2/ext_authz.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.ext_authz.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.ext_authz.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/grpc_service.proto"; diff --git a/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index 4c8c93acc..440188ef9 100644 --- a/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/api/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.http_connection_manager.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/config_source.proto"; @@ -9,6 +11,7 @@ import "envoy/api/v2/rds.proto"; import "envoy/config/filter/accesslog/v2/accesslog.proto"; import "envoy/type/percent.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -19,7 +22,7 @@ import "gogoproto/gogo.proto"; // [#protodoc-title: HTTP connection manager] // HTTP connection manager :ref:`configuration overview `. -// [#comment:next free field: 27] +// [#comment:next free field: 29] message HttpConnectionManager { enum CodecType { option (gogoproto.goproto_enum_prefix) = false; @@ -164,6 +167,12 @@ message HttpConnectionManager { // timeout, although per-route idle timeout overrides will continue to apply. google.protobuf.Duration stream_idle_timeout = 24 [(gogoproto.stdduration) = true]; + // A timeout for idle requests managed by the connection manager. + // The timer is activated when the request is initiated, and is disarmed when the last byte of the + // request is sent upstream (i.e. all decoding filters have processed the request), OR when the + // response is initiated. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_timeout = 28 [(gogoproto.stdduration) = true]; + // The time that Envoy will wait between sending an HTTP/2 “shutdown // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. // This is used so that Envoy provides a grace period for new streams that @@ -346,8 +355,22 @@ message HttpConnectionManager { // this type of upgrade. If no filters are present, the filter chain for // HTTP connections will be used for this upgrade type. repeated HttpFilter filters = 2; + // Determines if upgrades are enabled or disabled by default. Defaults to true. + // This can be overriden on a per-route basis with :ref:`cluster + // ` as documented in the + // :ref:`upgrade documentation `. + google.protobuf.BoolValue enabled = 3; }; repeated UpgradeConfig upgrade_configs = 23; + + // If true, the order of encoder filters will be reversed to that of filters + // configured in the HTTP filter chain. Otherwise, it will keep the existing + // order. + // Note: this is a bug fix for Envoy, which is designed to have the reversed + // order of encode filters to that of decode ones, (see + // https://github.com/envoyproxy/envoy/issues/4599 for details). When we remove this field, envoy + // will have the same behavior when it sets true. + google.protobuf.BoolValue bugfix_reverse_encode_order = 27 [deprecated = true]; } message Rds { @@ -384,17 +407,14 @@ message HttpFilter { // * :ref:`envoy.squash ` string name = 1 [(validate.rules).string.min_bytes = 1]; - // Filter specific configuration which depends on the filter being - // instantiated. See the supported filters for further documentation. - google.protobuf.Struct config = 2; + // Filter specific configuration which depends on the filter being instantiated. See the supported + // filters for further documentation. + oneof config_type { + google.protobuf.Struct config = 2; - // [#not-implemented-hide:] - // This is hidden as type has been deprecated and is no longer required. - message DeprecatedV1 { - string type = 1; + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 4; } - // [#not-implemented-hide:] - // This is hidden as type has been deprecated and is no longer required. - DeprecatedV1 deprecated_v1 = 3 [deprecated = true]; + reserved 3; } diff --git a/api/src/main/proto/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto b/api/src/main/proto/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto index 0d7297333..c7756e47f 100644 --- a/api/src/main/proto/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto +++ b/api/src/main/proto/envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.mongo_proxy.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.mongo_proxy.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/config/filter/fault/v2/fault.proto"; @@ -25,4 +27,8 @@ message MongoProxy { // and KillCursors. Once an active delay is in progress, all incoming // data up until the timer event fires will be a part of the delay. envoy.config.filter.fault.v2.FaultDelay delay = 3; + + // Flag to specify whether :ref:`dynamic metadata + // ` should be emitted. Defaults to false. + bool emit_dynamic_metadata = 4; } diff --git a/api/src/main/proto/envoy/config/filter/network/rate_limit/v2/rate_limit.proto b/api/src/main/proto/envoy/config/filter/network/rate_limit/v2/rate_limit.proto index fe579f01e..cb390c164 100644 --- a/api/src/main/proto/envoy/config/filter/network/rate_limit/v2/rate_limit.proto +++ b/api/src/main/proto/envoy/config/filter/network/rate_limit/v2/rate_limit.proto @@ -1,9 +1,13 @@ syntax = "proto3"; package envoy.config.filter.network.rate_limit.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.rate_limit.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/ratelimit/ratelimit.proto"; +import "envoy/config/ratelimit/v2/rls.proto"; + import "google/protobuf/duration.proto"; import "validate/validate.proto"; @@ -32,4 +36,11 @@ message RateLimit { // communication failure between rate limiting service and the proxy. // Defaults to false. bool failure_mode_deny = 5; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + // [#comment:TODO(ramaraochavali): Make this required as part of cleanup of deprecated ratelimit + // service config in bootstrap.] + envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 6; } diff --git a/api/src/main/proto/envoy/config/filter/network/rbac/v2/rbac.proto b/api/src/main/proto/envoy/config/filter/network/rbac/v2/rbac.proto index c16ac6838..171c17bcf 100644 --- a/api/src/main/proto/envoy/config/filter/network/rbac/v2/rbac.proto +++ b/api/src/main/proto/envoy/config/filter/network/rbac/v2/rbac.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.rbac.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.rbac.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/config/rbac/v2alpha/rbac.proto"; @@ -13,7 +15,7 @@ import "gogoproto/gogo.proto"; // RBAC network filter config. // -// Header and Metadata should not be used in rules/shadow_rules in RBAC network filter as +// Header should not be used in rules/shadow_rules in RBAC network filter as // this information is only available in :ref:`RBAC http filter `. message RBAC { // Specify the RBAC rules to be applied globally. @@ -27,4 +29,22 @@ message RBAC { // The prefix to use when emitting statistics. string stat_prefix = 3 [(validate.rules).string.min_bytes = 1]; + + enum EnforcementType { + // Apply RBAC policies when the first byte of data arrives on the connection. + ONE_TIME_ON_FIRST_BYTE = 0; + + // Continuously apply RBAC policies as data arrives. Use this mode when + // using RBAC with message oriented protocols such as Mongo, MySQL, Kafka, + // etc. when the protocol decoders emit dynamic metadata such as the + // resources being accessed and the operations on the resources. + CONTINUOUS = 1; + }; + + // RBAC enforcement strategy. By default RBAC will be enforced only once + // when the first byte of data arrives from the downstream. When used in + // conjunction with filters that emit dynamic metadata after decoding + // every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to + // CONTINUOUS to enforce RBAC policies on every message boundary. + EnforcementType enforcement_type = 4; } diff --git a/api/src/main/proto/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto b/api/src/main/proto/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto index 4d5220136..367999b33 100644 --- a/api/src/main/proto/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto +++ b/api/src/main/proto/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.redis_proxy.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.redis_proxy.v2"; +option java_multiple_files = true; option go_package = "v2"; import "google/protobuf/duration.proto"; diff --git a/api/src/main/proto/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto b/api/src/main/proto/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto index c0cced1f1..0cb8c179d 100644 --- a/api/src/main/proto/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto +++ b/api/src/main/proto/envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.tcp_proxy.v2; +option java_package = "io.envoyproxy.envoy.config.filter.network.tcp_proxy.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/config/filter/accesslog/v2/accesslog.proto"; diff --git a/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto b/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto index baf0acf8a..2936f1999 100644 --- a/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto +++ b/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.network.thrift_proxy.v2alpha1; +option java_package = "io.envoyproxy.envoy.config.filter.network.thrift_proxy.v2alpha1"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/base.proto"; @@ -70,7 +72,7 @@ message RouteMatch { repeated envoy.api.v2.route.HeaderMatcher headers = 4; } -// [#comment:next free field: 3] +// [#comment:next free field: 5] message RouteAction { oneof cluster_specifier { option (validate.required) = true; @@ -92,6 +94,11 @@ message RouteAction { // with values there taking precedence. Keys and values should be provided under the "envoy.lb" // metadata key. envoy.api.v2.core.Metadata metadata_match = 3; + + // Specifies a set of rate limit configurations that could be applied to the route. + // N.B. Thrift service or method name matching can be achieved by specifying a RequestHeaders + // action with the header name ":method-name". + repeated envoy.api.v2.route.RateLimit rate_limits = 4; } // Allows for specification of multiple upstream clusters along with weights that indicate the diff --git a/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto b/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto index debf75ef0..7d17a6aab 100644 --- a/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto +++ b/api/src/main/proto/envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto @@ -1,10 +1,13 @@ syntax = "proto3"; package envoy.config.filter.network.thrift_proxy.v2alpha1; +option java_package = "io.envoyproxy.envoy.config.filter.network.thrift_proxy.v2alpha1"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; import "validate/validate.proto"; @@ -86,11 +89,17 @@ message ThriftFilter { // // [#comment:TODO(zuercher): Auto generate the following list] // * :ref:`envoy.filters.thrift.router ` + // * :ref:`envoy.filters.thrift.rate_limit ` string name = 1 [(validate.rules).string.min_bytes = 1]; - // Filter specific configuration which depends on the filter being - // instantiated. See the supported filters for further documentation. - google.protobuf.Struct config = 2; + // Filter specific configuration which depends on the filter being instantiated. See the supported + // filters for further documentation. + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } // ThriftProtocolOptions specifies Thrift upstream protocol options. This object is used in diff --git a/api/src/main/proto/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto b/api/src/main/proto/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto new file mode 100644 index 000000000..dedad6453 --- /dev/null +++ b/api/src/main/proto/envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto @@ -0,0 +1,50 @@ +syntax = "proto3"; + +package envoy.config.filter.thrift.rate_limit.v2alpha1; +option java_package = "io.envoyproxy.envoy.config.filter.thrift.rate_limit.v2alpha1"; +option java_multiple_files = true; +option go_package = "v2alpha1"; + +import "envoy/config/ratelimit/v2/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. + +// [#comment:next free field: 5] +message RateLimit { + // The rate limit domain to use in the rate limit service request. + string domain = 1 [(validate.rules).string.min_bytes = 1]; + + // Specifies the rate limit configuration stage. Each configured rate limit filter performs a + // rate limit check using descriptors configured in the + // :ref:`envoy_api_msg_config.filter.network.thrift_proxy.v2alpha1.RouteAction` for the request. + // Only those entries with a matching stage number are used for a given filter. If not set, the + // default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32.lte = 10]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 3 [(gogoproto.stdduration) = true]; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 4; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + // [#comment:TODO(ramaraochavali): Make this required as part of cleanup of deprecated ratelimit + // service config in bootstrap.] + envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 5; +} diff --git a/api/src/main/proto/envoy/config/filter/thrift/router/v2alpha1/router.proto b/api/src/main/proto/envoy/config/filter/thrift/router/v2alpha1/router.proto index 6731e2739..5c0b60238 100644 --- a/api/src/main/proto/envoy/config/filter/thrift/router/v2alpha1/router.proto +++ b/api/src/main/proto/envoy/config/filter/thrift/router/v2alpha1/router.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.filter.thrift.router.v2alpha1; +option java_package = "io.envoyproxy.envoy.config.filter.thrift.router.v2alpha1"; +option java_multiple_files = true; option go_package = "v2alpha1"; // [#protodoc-title: Router] diff --git a/api/src/main/proto/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto b/api/src/main/proto/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto index f2e00b8ef..9f1848a20 100644 --- a/api/src/main/proto/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto +++ b/api/src/main/proto/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto @@ -4,6 +4,8 @@ syntax = "proto3"; // Configuration for File Based Metadata Grpc Credentials Plugin package envoy.config.grpc_credential.v2alpha; +option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha"; +option java_multiple_files = true; option go_package = "v2alpha"; import "envoy/api/v2/core/base.proto"; diff --git a/api/src/main/proto/envoy/config/health_checker/redis/v2/redis.proto b/api/src/main/proto/envoy/config/health_checker/redis/v2/redis.proto index 3204d05e8..9438ff668 100644 --- a/api/src/main/proto/envoy/config/health_checker/redis/v2/redis.proto +++ b/api/src/main/proto/envoy/config/health_checker/redis/v2/redis.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.health_checker.redis.v2; +option java_package = "io.envoyproxy.envoy.config.health_checker.redis.v2"; +option java_multiple_files = true; option go_package = "v2"; // [#protodoc-title: Redis] diff --git a/api/src/main/proto/envoy/config/metrics/v2/metrics_service.proto b/api/src/main/proto/envoy/config/metrics/v2/metrics_service.proto index 39e0f9724..fb3e88d34 100644 --- a/api/src/main/proto/envoy/config/metrics/v2/metrics_service.proto +++ b/api/src/main/proto/envoy/config/metrics/v2/metrics_service.proto @@ -3,6 +3,8 @@ syntax = "proto3"; // [#protodoc-title: Metrics service] package envoy.config.metrics.v2; +option java_package = "io.envoyproxy.envoy.config.metrics.v2"; +option java_multiple_files = true; import "envoy/api/v2/core/grpc_service.proto"; diff --git a/api/src/main/proto/envoy/config/metrics/v2/stats.proto b/api/src/main/proto/envoy/config/metrics/v2/stats.proto index f3471643c..1cd4b146f 100644 --- a/api/src/main/proto/envoy/config/metrics/v2/stats.proto +++ b/api/src/main/proto/envoy/config/metrics/v2/stats.proto @@ -4,10 +4,14 @@ syntax = "proto3"; package envoy.config.metrics.v2; +option java_package = "io.envoyproxy.envoy.config.metrics.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/address.proto"; +import "envoy/type/matcher/string.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -26,10 +30,14 @@ message StatsSink { // Sinks optionally support tagged/multiple dimensional metrics. string name = 1; - // Stats sink specific configuration which depends on the sink being - // instantiated. See :ref:`StatsdSink ` for an - // example. - google.protobuf.Struct config = 2; + // Stats sink specific configuration which depends on the sink being instantiated. See + // :ref:`StatsdSink ` for an example. + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } // Statistics configuration such as tagging. @@ -56,6 +64,98 @@ message StatsConfig { // // If not provided, the value is assumed to be true. google.protobuf.BoolValue use_all_default_tags = 2; + + // Inclusion/exclusion matcher for stat name creation. If not provided, all stats are instantiated + // as normal. Preventing the instantiation of certain families of stats can improve memory + // performance for Envoys running especially large configs. + StatsMatcher stats_matcher = 3; +} + +// Configuration for disabling stat instantiation. +message StatsMatcher { + // The instantiation of stats is unrestricted by default. If the goal is to configure Envoy to + // instantiate all stats, there is no need to construct a StatsMatcher. + // + // However, StatsMatcher can be used to limit the creation of families of stats in order to + // conserve memory. Stats can either be disabled entirely, or they can be + // limited by either an exclusion or an inclusion list of :ref:`StringMatcher + // ` protos: + // + // * If `reject_all` is set to `true`, no stats will be instantiated. If `reject_all` is set to + // `false`, all stats will be instantiated. + // + // * If an exclusion list is supplied, any stat name matching *any* of the StringMatchers in the + // list will not instantiate. + // + // * If an inclusion list is supplied, no stats will instantiate, except those matching *any* of + // the StringMatchers in the list. + // + // + // A StringMatcher can be used to match against an exact string, a suffix / prefix, or a regex. + // **NB:** For performance reasons, it is highly recommended to use a prefix- or suffix-based + // matcher rather than a regex-based matcher. + // + // Example 1. Excluding all stats. + // + // .. code-block:: json + // + // { + // "statsMatcher": { + // "rejectAll": "true" + // } + // } + // + // Example 2. Excluding all cluster-specific stats, but not cluster-manager stats: + // + // .. code-block:: json + // + // { + // "statsMatcher": { + // "exclusionList": { + // "patterns": [ + // { + // "prefix": "cluster." + // } + // ] + // } + // } + // } + // + // Example 3. Including only manager-related stats: + // + // .. code-block:: json + // + // { + // "statsMatcher": { + // "inclusionList": { + // "patterns": [ + // { + // "prefix": "cluster_manager." + // }, + // { + // "prefix": "listener_manager." + // } + // ] + // } + // } + // } + // + + oneof stats_matcher { + option (validate.required) = true; + + // If `reject_all` is true, then all stats are disabled. If `reject_all` is false, then all + // stats are enabled. + bool reject_all = 1; + + // Exclusive match. All stats are enabled except for those matching one of the supplied + // StringMatcher protos. + envoy.type.matcher.ListStringMatcher exclusion_list = 2; + + // Inclusive match. No stats are enabled except for those matching one of the supplied + // StringMatcher protos. + envoy.type.matcher.ListStringMatcher inclusion_list = 3; + }; } // Designates a tag name and value pair. The value may be either a fixed value @@ -200,6 +300,10 @@ message DogStatsdSink { } reserved 2; + + // Optional custom metric name prefix. See :ref:`StatsdSink's prefix field + // ` for more details. + string prefix = 3; } // Stats configuration proto schema for built-in *envoy.stat_sinks.hystrix* sink. diff --git a/api/src/main/proto/envoy/config/overload/v2alpha/overload.proto b/api/src/main/proto/envoy/config/overload/v2alpha/overload.proto index 4559d0e9e..cbb34e17b 100644 --- a/api/src/main/proto/envoy/config/overload/v2alpha/overload.proto +++ b/api/src/main/proto/envoy/config/overload/v2alpha/overload.proto @@ -1,8 +1,11 @@ syntax = "proto3"; package envoy.config.overload.v2alpha; +option java_package = "io.envoyproxy.envoy.config.overload.v2alpha"; +option java_multiple_files = true; option go_package = "v2alpha"; +import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; @@ -26,7 +29,12 @@ message ResourceMonitor { string name = 1 [(validate.rules).string.min_bytes = 1]; // Configuration for the resource monitor being instantiated. - google.protobuf.Struct config = 2; + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } message ThresholdTrigger { diff --git a/api/src/main/proto/envoy/config/ratelimit/v2/rls.proto b/api/src/main/proto/envoy/config/ratelimit/v2/rls.proto index 3a0f5dbed..7deeac906 100644 --- a/api/src/main/proto/envoy/config/ratelimit/v2/rls.proto +++ b/api/src/main/proto/envoy/config/ratelimit/v2/rls.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.ratelimit.v2; +option java_package = "io.envoyproxy.envoy.config.ratelimit.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/grpc_service.proto"; @@ -11,36 +13,12 @@ import "validate/validate.proto"; // Rate limit :ref:`configuration overview `. message RateLimitServiceConfig { - oneof service_specifier { - option (validate.required) = true; + reserved 1; - // Specifies the cluster manager cluster name that hosts the rate limit - // service. The client will connect to this cluster when it needs to make - // rate limit service requests. This field is deprecated and `grpc_service` - // should be used instead. The :ref:`Envoy gRPC client - // ` will be used when this field is - // specified. - string cluster_name = 1 [(validate.rules).string.min_bytes = 1, deprecated = true]; + // Specifies the gRPC service that hosts the rate limit service. The client + // will connect to this cluster when it needs to make rate limit service + // requests. + envoy.api.v2.core.GrpcService grpc_service = 2 [(validate.rules).message.required = true]; - // Specifies the gRPC service that hosts the rate limit service. The client - // will connect to this cluster when it needs to make rate limit service - // requests. - envoy.api.v2.core.GrpcService grpc_service = 2; - } - - // Specifies if Envoy should use the data-plane-api client - // :repo:`api/envoy/service/ratelimit/v2/rls.proto` or the legacy - // client :repo:`source/common/ratelimit/ratelimit.proto` when - // making requests to the rate limit service. - // - // .. note:: - // - // The legacy client will be used by - // default until the start of the 1.9.0 release cycle. At the start of the - // 1.9.0 release cycle this field will be removed and only the data-plane-api - // proto will be supported. This means that your rate limit service needs to - // have support for the data-plane-api proto by the start of the 1.9.0 release cycle. - // Lyft's `reference implementation `_ - // supports the data-plane-api version as of v1.1.0. - bool use_data_plane_proto = 3 [deprecated = true]; + reserved 3; } diff --git a/api/src/main/proto/envoy/config/rbac/v2alpha/rbac.proto b/api/src/main/proto/envoy/config/rbac/v2alpha/rbac.proto index d7431eb0e..35aea0f04 100644 --- a/api/src/main/proto/envoy/config/rbac/v2alpha/rbac.proto +++ b/api/src/main/proto/envoy/config/rbac/v2alpha/rbac.proto @@ -7,6 +7,8 @@ import "envoy/type/matcher/metadata.proto"; import "envoy/type/matcher/string.proto"; package envoy.config.rbac.v2alpha; +option java_package = "io.envoyproxy.envoy.config.rbac.v2alpha"; +option java_multiple_files = true; option go_package = "v2alpha"; // [#protodoc-title: Role Based Access Control (RBAC)] @@ -118,14 +120,34 @@ message Permission { // A port number that describes the destination port connecting to. uint32 destination_port = 6 [(validate.rules).uint32.lte = 65535]; - // Metadata that describes additional information about the action. Only available for HTTP - // request. + // Metadata that describes additional information about the action. envoy.type.matcher.MetadataMatcher metadata = 7; // Negates matching the provided permission. For instance, if the value of `not_rule` would // match, this permission would not match. Conversely, if the value of `not_rule` would not // match, this permission would match. Permission not_rule = 8; + + // The request server from the client's connection request. This is + // typically TLS SNI. + // + // .. attention:: + // + // The behavior of this field may be affected by how Envoy is configured + // as explained below. + // + // * If the :ref:`TLS Inspector ` + // filter is not added, and if a `FilterChainMatch` is not defined for + // the :ref:`server name `, + // a TLS connection's requested SNI server name will be treated as if it + // wasn't present. + // + // * A :ref:`listener filter ` may + // overwrite a connection's requested server name within Envoy. + // + // Please refer to :ref:`this FAQ entry ` to learn to + // setup SNI. + envoy.type.matcher.StringMatcher requested_server_name = 9; } } @@ -170,8 +192,7 @@ message Principal { // available for HTTP request. envoy.api.v2.route.HeaderMatcher header = 6; - // Metadata that describes additional information about the principal. Only available for HTTP - // request. + // Metadata that describes additional information about the principal. envoy.type.matcher.MetadataMatcher metadata = 7; // Negates matching the provided principal. For instance, if the value of `not_id` would match, diff --git a/api/src/main/proto/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto b/api/src/main/proto/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto index 6e0127a5c..348322440 100644 --- a/api/src/main/proto/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto +++ b/api/src/main/proto/envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.resource_monitor.fixed_heap.v2alpha; +option java_package = "io.envoyproxy.envoy.config.resource_monitor.fixed_heap.v2alpha"; +option java_multiple_files = true; option go_package = "v2alpha"; // [#protodoc-title: Fixed heap] diff --git a/api/src/main/proto/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto b/api/src/main/proto/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto index 58bd782a4..beb8f4674 100644 --- a/api/src/main/proto/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto +++ b/api/src/main/proto/envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.resource_monitor.injected_resource.v2alpha; +option java_package = "io.envoyproxy.envoy.config.resource_monitor.injected_resource.v2alpha"; +option java_multiple_files = true; option go_package = "v2alpha"; import "validate/validate.proto"; diff --git a/api/src/main/proto/envoy/config/retry/previous_priorities/previous_priorities_config.proto b/api/src/main/proto/envoy/config/retry/previous_priorities/previous_priorities_config.proto new file mode 100644 index 000000000..ae3c3ea0b --- /dev/null +++ b/api/src/main/proto/envoy/config/retry/previous_priorities/previous_priorities_config.proto @@ -0,0 +1,42 @@ +syntax = "proto3"; + +package envoy.config.retry.previous_priorities; +option java_package = "io.envoyproxy.envoy.config.retry.previous_priorities"; +option java_multiple_files = true; + +// A retry host selector that attempts to spread retries between priorities, even if certain +// priorities would not normally be attempted due to higher priorities being available. +// +// As priorities get excluded, load will be distributed amongst the remaining healthy priorities +// based on the relative health of the priorities, matching how load is distributed during regular +// host selection. For example, given priority healths of {100, 50, 50}, the original load will be +// {100, 0, 0} (since P0 has capacity to handle 100% of the traffic). If P0 is excluded, the load +// changes to {0, 50, 50}, because P1 is only able to handle 50% of the traffic, causing the +// remaining to spill over to P2. +// +// Each priority attempted will be excluded until there are no healthy priorities left, at which +// point the list of attempted priorities will be reset, essentially starting from the beginning. +// For example, given three priorities P0, P1, P2 with healthy % of 100, 0 and 50 respectively, the +// following sequence of priorities would be selected (assuming update_frequency = 1): +// Attempt 1: P0 (P0 is 100% healthy) +// Attempt 2: P2 (P0 already attempted, P2 only healthy priority) +// Attempt 3: P0 (no healthy priorities, reset) +// Attempt 4: P2 +// +// In the case of all upstream hosts being unhealthy, no adjustments will be made to the original +// priority load, so behavior should be identical to not using this plugin. +// +// Using this PriorityFilter requires rebuilding the priority load, which runs in O(# of +// priorities), which might incur significant overhead for clusters with many priorities. +message PreviousPrioritiesConfig { + // How often the priority load should be updated based on previously attempted priorities. Useful + // to allow each priorities to receive more than one request before being excluded or to reduce + // the number of times that the priority load has to be recomputed. + // + // For example, by setting this to 2, then the first two attempts (initial attempt and first + // retry) will use the unmodified priority load. The third and fourth attempt will use priority + // load which excludes the priorities routed to with the first two attempts, and the fifth and + // sixth attempt will use the priority load excluding the priorities used for the first four + // attempts. + int32 update_frequency = 1; +} diff --git a/api/src/main/proto/envoy/config/trace/v2/trace.proto b/api/src/main/proto/envoy/config/trace/v2/trace.proto index 376948bb3..058bc99bf 100644 --- a/api/src/main/proto/envoy/config/trace/v2/trace.proto +++ b/api/src/main/proto/envoy/config/trace/v2/trace.proto @@ -4,10 +4,13 @@ syntax = "proto3"; package envoy.config.trace.v2; +option java_package = "io.envoyproxy.envoy.config.trace.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/grpc_service.proto"; +import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -22,16 +25,27 @@ import "validate/validate.proto"; message Tracing { message Http { // The name of the HTTP trace driver to instantiate. The name must match a - // supported HTTP trace driver. *envoy.lightstep*, *envoy.zipkin*, and - // *envoy.dynamic.ot* are built-in trace drivers. + // supported HTTP trace driver. Built-in trace drivers: + // + // - *envoy.lightstep* + // - *envoy.zipkin* + // - *envoy.dynamic.ot* + // - *envoy.tracers.datadog* string name = 1 [(validate.rules).string.min_bytes = 1]; - // Trace driver specific configuration which depends on the driver being - // instantiated. See the :ref:`LightstepConfig - // `, :ref:`ZipkinConfig - // `, and :ref:`DynamicOtConfig - // ` trace drivers for examples. - google.protobuf.Struct config = 2; + // Trace driver specific configuration which depends on the driver being instantiated. + // See the trace drivers for examples: + // + // - :ref:`LightstepConfig ` + // - :ref:`ZipkinConfig ` + // - :ref:`DynamicOtConfig ` + // - :ref:`DatadogConfig ` + oneof config_type { + google.protobuf.Struct config = 2; + + // [#not-implemented-hide:] + google.protobuf.Any typed_config = 3; + } } // Provides configuration for the HTTP tracer. Http http = 1; @@ -80,6 +94,14 @@ message DynamicOtConfig { google.protobuf.Struct config = 2; } +// Configuration for the Datadog tracer. +message DatadogConfig { + // The cluster to use for submitting traces to the Datadog agent. + string collector_cluster = 1 [(validate.rules).string.min_bytes = 1]; + // The name used for the service when traces are generated by envoy. + string service_name = 2 [(validate.rules).string.min_bytes = 1]; +} + // Configuration structure. message TraceServiceConfig { // The upstream gRPC cluster that hosts the metrics service. diff --git a/api/src/main/proto/envoy/config/transport_socket/alts/v2alpha/alts.proto b/api/src/main/proto/envoy/config/transport_socket/alts/v2alpha/alts.proto new file mode 100644 index 000000000..5286d94ad --- /dev/null +++ b/api/src/main/proto/envoy/config/transport_socket/alts/v2alpha/alts.proto @@ -0,0 +1,22 @@ +syntax = "proto3"; + +package envoy.config.transport_socket.alts.v2alpha; +option java_package = "io.envoyproxy.envoy.config.transport_socket.alts.v2alpha"; +option java_multiple_files = true; +option go_package = "v2"; + +// [#protodoc-title: ALTS] + +import "validate/validate.proto"; + +// Configuration for ALTS transport socket. This provides Google's ALTS protocol to Envoy. +// https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/ +message Alts { + // The location of a handshaker service, this is usually 169.254.169.254:8080 + // on GCE. + string handshaker_service = 1 [(validate.rules).string.min_bytes = 1]; + + // The acceptable service accounts from peer, peers not in the list will be rejected in the + // handshake validation step. If empty, no validation will be performed. + repeated string peer_service_accounts = 2; +} diff --git a/api/src/main/proto/envoy/config/transport_socket/capture/v2alpha/capture.proto b/api/src/main/proto/envoy/config/transport_socket/capture/v2alpha/capture.proto index 6d2f9a0e4..dda6602a8 100644 --- a/api/src/main/proto/envoy/config/transport_socket/capture/v2alpha/capture.proto +++ b/api/src/main/proto/envoy/config/transport_socket/capture/v2alpha/capture.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.config.transport_socket.capture.v2alpha; +option java_package = "io.envoyproxy.envoy.config.transport_socket.capture.v2alpha"; +option java_multiple_files = true; option go_package = "v2"; // [#protodoc-title: Capture] diff --git a/api/src/main/proto/envoy/data/accesslog/v2/accesslog.proto b/api/src/main/proto/envoy/data/accesslog/v2/accesslog.proto index a2207844a..621cf49eb 100644 --- a/api/src/main/proto/envoy/data/accesslog/v2/accesslog.proto +++ b/api/src/main/proto/envoy/data/accesslog/v2/accesslog.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.data.accesslog.v2; +option java_package = "io.envoyproxy.envoy.data.accesslog.v2"; +option java_multiple_files = true; import "envoy/api/v2/core/address.proto"; import "envoy/api/v2/core/base.proto"; @@ -153,7 +155,7 @@ message ResponseFlags { // Indicates there was a local reset by a connection pool due to an initial connection failure. bool upstream_connection_failure = 6; - // Indicates the stream was reset locally due to connection termination. + // Indicates the stream was reset due to an upstream connection termination. bool upstream_connection_termination = 7; // Indicates the stream was reset because of a resource overflow. @@ -185,9 +187,14 @@ message ResponseFlags { // Indicates if the request was deemed unauthorized and the reason for it. Unauthorized unauthorized_details = 13; - // [#not-implemented-hide:] Hide from docs. // Indicates that the request was rejected because there was an error in rate limit service. bool rate_limit_service_error = 14; + + // Indicates the stream was reset due to a downstream connection termination. + bool downstream_connection_termination = 15; + + // Indicates that the upstream retry limit was exceeded, resulting in a downstream error. + bool upstream_retry_limit_exceeded = 16; } // [#not-implemented-hide:] diff --git a/api/src/main/proto/envoy/data/core/v2alpha/health_check_event.proto b/api/src/main/proto/envoy/data/core/v2alpha/health_check_event.proto index 392dbcdc5..51efb1197 100644 --- a/api/src/main/proto/envoy/data/core/v2alpha/health_check_event.proto +++ b/api/src/main/proto/envoy/data/core/v2alpha/health_check_event.proto @@ -1,13 +1,12 @@ syntax = "proto3"; package envoy.data.core.v2alpha; +option java_package = "io.envoyproxy.envoy.data.core.v2alpha"; +option java_multiple_files = true; import "envoy/api/v2/core/address.proto"; -import "envoy/api/v2/core/base.proto"; -import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; -import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; import "gogoproto/gogo.proto"; @@ -30,6 +29,9 @@ message HealthCheckEvent { // Host addition. HealthCheckAddHealthy add_healthy_event = 5; + + // Host failure. + HealthCheckFailure health_check_failure_event = 7; } // Timestamp for event. @@ -60,3 +62,10 @@ message HealthCheckAddHealthy { // is bypassed and the host is immediately added. bool first_check = 1; } + +message HealthCheckFailure { + // The type of failure that caused this event. + HealthCheckFailureType failure_type = 1 [(validate.rules).enum.defined_only = true]; + // Whether this event is the result of the first ever health check on a host. + bool first_check = 2; +} diff --git a/api/src/main/proto/envoy/data/tap/v2alpha/capture.proto b/api/src/main/proto/envoy/data/tap/v2alpha/capture.proto index 57c682771..aea51a19a 100644 --- a/api/src/main/proto/envoy/data/tap/v2alpha/capture.proto +++ b/api/src/main/proto/envoy/data/tap/v2alpha/capture.proto @@ -5,6 +5,8 @@ syntax = "proto3"; // sequences on a socket. package envoy.data.tap.v2alpha; +option java_package = "io.envoyproxy.envoy.data.tap.v2alpha"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/address.proto"; diff --git a/api/src/main/proto/envoy/service/accesslog/v2/als.proto b/api/src/main/proto/envoy/service/accesslog/v2/als.proto index 168293e08..aca6c9382 100644 --- a/api/src/main/proto/envoy/service/accesslog/v2/als.proto +++ b/api/src/main/proto/envoy/service/accesslog/v2/als.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.accesslog.v2; +option java_package = "io.envoyproxy.envoy.service.accesslog.v2"; +option java_multiple_files = true; option go_package = "v2"; option java_generic_services = true; diff --git a/api/src/main/proto/envoy/service/auth/v2alpha/attribute_context.proto b/api/src/main/proto/envoy/service/auth/v2alpha/attribute_context.proto index 3ef8fe390..8f2e2243a 100644 --- a/api/src/main/proto/envoy/service/auth/v2alpha/attribute_context.proto +++ b/api/src/main/proto/envoy/service/auth/v2alpha/attribute_context.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.auth.v2alpha; +option java_package = "io.envoyproxy.envoy.service.auth.v2alpha"; +option java_multiple_files = true; import "envoy/api/v2/core/address.proto"; diff --git a/api/src/main/proto/envoy/service/auth/v2alpha/external_auth.proto b/api/src/main/proto/envoy/service/auth/v2alpha/external_auth.proto index caa5e3089..deca67ef0 100644 --- a/api/src/main/proto/envoy/service/auth/v2alpha/external_auth.proto +++ b/api/src/main/proto/envoy/service/auth/v2alpha/external_auth.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.auth.v2alpha; +option java_package = "io.envoyproxy.envoy.service.auth.v2alpha"; +option java_multiple_files = true; option go_package = "v2alpha"; option java_generic_services = true; diff --git a/api/src/main/proto/envoy/service/discovery/v2/ads.proto b/api/src/main/proto/envoy/service/discovery/v2/ads.proto index 16953ee7b..108fb1da6 100644 --- a/api/src/main/proto/envoy/service/discovery/v2/ads.proto +++ b/api/src/main/proto/envoy/service/discovery/v2/ads.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.discovery.v2; +option java_package = "io.envoyproxy.envoy.service.discovery.v2"; +option java_multiple_files = true; option go_package = "v2"; option java_generic_services = true; diff --git a/api/src/main/proto/envoy/service/discovery/v2/hds.proto b/api/src/main/proto/envoy/service/discovery/v2/hds.proto index a02cfa5cb..d19e3cb69 100644 --- a/api/src/main/proto/envoy/service/discovery/v2/hds.proto +++ b/api/src/main/proto/envoy/service/discovery/v2/hds.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.discovery.v2; +option java_package = "io.envoyproxy.envoy.service.discovery.v2"; +option java_multiple_files = true; option java_generic_services = true; diff --git a/api/src/main/proto/envoy/service/discovery/v2/sds.proto b/api/src/main/proto/envoy/service/discovery/v2/sds.proto index 4bea525fa..51b699d65 100644 --- a/api/src/main/proto/envoy/service/discovery/v2/sds.proto +++ b/api/src/main/proto/envoy/service/discovery/v2/sds.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.discovery.v2; +option java_package = "io.envoyproxy.envoy.service.discovery.v2"; +option java_multiple_files = true; import "envoy/api/v2/discovery.proto"; diff --git a/api/src/main/proto/envoy/service/load_stats/v2/lrs.proto b/api/src/main/proto/envoy/service/load_stats/v2/lrs.proto index 6dee77db8..849f69a77 100644 --- a/api/src/main/proto/envoy/service/load_stats/v2/lrs.proto +++ b/api/src/main/proto/envoy/service/load_stats/v2/lrs.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.load_stats.v2; +option java_package = "io.envoyproxy.envoy.service.load_stats.v2"; +option java_multiple_files = true; option go_package = "v2"; option java_generic_services = true; diff --git a/api/src/main/proto/envoy/service/metrics/v2/metrics_service.proto b/api/src/main/proto/envoy/service/metrics/v2/metrics_service.proto index 15419b4d8..8f9e08c62 100644 --- a/api/src/main/proto/envoy/service/metrics/v2/metrics_service.proto +++ b/api/src/main/proto/envoy/service/metrics/v2/metrics_service.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.metrics.v2; +option java_package = "io.envoyproxy.envoy.service.metrics.v2"; +option java_multiple_files = true; option go_package = "v2"; option java_generic_services = true; diff --git a/api/src/main/proto/envoy/service/ratelimit/v2/rls.proto b/api/src/main/proto/envoy/service/ratelimit/v2/rls.proto index ebaf54358..4d4f768a5 100644 --- a/api/src/main/proto/envoy/service/ratelimit/v2/rls.proto +++ b/api/src/main/proto/envoy/service/ratelimit/v2/rls.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.service.ratelimit.v2; +option java_package = "io.envoyproxy.envoy.service.ratelimit.v2"; +option java_multiple_files = true; option go_package = "v2"; import "envoy/api/v2/core/base.proto"; @@ -8,6 +10,8 @@ import "envoy/api/v2/ratelimit/ratelimit.proto"; import "validate/validate.proto"; +// [#protodoc-title: Rate Limit Service (RLS)] + service RateLimitService { // Determine whether rate limiting should take place. rpc ShouldRateLimit(RateLimitRequest) returns (RateLimitResponse) { @@ -21,7 +25,6 @@ service RateLimitService { // are provided, the server will limit on *ALL* of them and return an OVER_LIMIT response if any // of them are over limit. This enables more complex application level rate limiting scenarios // if desired. -// [#not-implemented-hide:] Hiding API for now. message RateLimitRequest { // All rate limit requests must specify a domain. This enables the configuration to be per // application without fear of overlap. E.g., "envoy". @@ -38,25 +41,34 @@ message RateLimitRequest { } // A response from a ShouldRateLimit call. -// [#not-implemented-hide:] Hiding API for now. message RateLimitResponse { enum Code { + // The response code is not known. UNKNOWN = 0; + // The response code to notify that the number of requests are under limit. OK = 1; + // The response code to notify that the number of requests are over limit. OVER_LIMIT = 2; } // Defines an actual rate limit in terms of requests per unit of time and the unit itself. message RateLimit { enum Unit { + // The time unit is not known. UNKNOWN = 0; + // The time unit representing a second. SECOND = 1; + // The time unit representing a minute. MINUTE = 2; + // The time unit representing an hour. HOUR = 3; + // The time unit representing a day. DAY = 4; } + // The number of requests per unit of time. uint32 requests_per_unit = 1; + // The unit of time. Unit unit = 2; } diff --git a/api/src/main/proto/envoy/service/trace/v2/trace_service.proto b/api/src/main/proto/envoy/service/trace/v2/trace_service.proto index 795f61f91..89ff50e1d 100644 --- a/api/src/main/proto/envoy/service/trace/v2/trace_service.proto +++ b/api/src/main/proto/envoy/service/trace/v2/trace_service.proto @@ -3,6 +3,8 @@ syntax = "proto3"; // [#proto-status: draft] package envoy.service.trace.v2; +option java_package = "io.envoyproxy.envoy.service.trace.v2"; +option java_multiple_files = true; option go_package = "v2"; option java_generic_services = true; @@ -38,5 +40,5 @@ message StreamTracesMessage { Identifier identifier = 1; // A list of Span entries - repeated opencensus.proto.trace.Span spans = 2; + repeated opencensus.proto.trace.v1.Span spans = 2; } diff --git a/api/src/main/proto/envoy/type/http_status.proto b/api/src/main/proto/envoy/type/http_status.proto index 35655613c..b682ea05a 100644 --- a/api/src/main/proto/envoy/type/http_status.proto +++ b/api/src/main/proto/envoy/type/http_status.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.type; +option java_package = "io.envoyproxy.envoy.type"; +option java_multiple_files = true; import "validate/validate.proto"; diff --git a/api/src/main/proto/envoy/type/matcher/metadata.proto b/api/src/main/proto/envoy/type/matcher/metadata.proto index 9faa53b13..d59f08cee 100644 --- a/api/src/main/proto/envoy/type/matcher/metadata.proto +++ b/api/src/main/proto/envoy/type/matcher/metadata.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.type.matcher; +option java_package = "io.envoyproxy.envoy.type.matcher"; +option java_multiple_files = true; option go_package = "matcher"; import "envoy/type/matcher/value.proto"; diff --git a/api/src/main/proto/envoy/type/matcher/number.proto b/api/src/main/proto/envoy/type/matcher/number.proto index 9cf4ff1f1..78d4beb36 100644 --- a/api/src/main/proto/envoy/type/matcher/number.proto +++ b/api/src/main/proto/envoy/type/matcher/number.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.type.matcher; +option java_package = "io.envoyproxy.envoy.type.matcher"; +option java_multiple_files = true; option go_package = "matcher"; import "envoy/type/range.proto"; diff --git a/api/src/main/proto/envoy/type/matcher/string.proto b/api/src/main/proto/envoy/type/matcher/string.proto index 4fdea1f58..e22e6c7d2 100644 --- a/api/src/main/proto/envoy/type/matcher/string.proto +++ b/api/src/main/proto/envoy/type/matcher/string.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.type.matcher; +option java_package = "io.envoyproxy.envoy.type.matcher"; +option java_multiple_files = true; option go_package = "matcher"; import "validate/validate.proto"; @@ -47,3 +49,8 @@ message StringMatcher { string regex = 4 [(validate.rules).string.max_bytes = 1024]; } } + +// Specifies a list of ways to match a string. +message ListStringMatcher { + repeated StringMatcher patterns = 1 [(validate.rules).repeated .min_items = 1]; +} diff --git a/api/src/main/proto/envoy/type/matcher/value.proto b/api/src/main/proto/envoy/type/matcher/value.proto index d5a664a86..dcd8db017 100644 --- a/api/src/main/proto/envoy/type/matcher/value.proto +++ b/api/src/main/proto/envoy/type/matcher/value.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.type.matcher; +option java_package = "io.envoyproxy.envoy.type.matcher"; +option java_multiple_files = true; option go_package = "matcher"; import "envoy/type/matcher/number.proto"; diff --git a/api/src/main/proto/envoy/type/percent.proto b/api/src/main/proto/envoy/type/percent.proto index 3641d823e..fc12de753 100644 --- a/api/src/main/proto/envoy/type/percent.proto +++ b/api/src/main/proto/envoy/type/percent.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.type; +option java_package = "io.envoyproxy.envoy.type"; +option java_multiple_files = true; import "validate/validate.proto"; import "gogoproto/gogo.proto"; diff --git a/api/src/main/proto/envoy/type/range.proto b/api/src/main/proto/envoy/type/range.proto index 115091ddf..bb0fd19df 100644 --- a/api/src/main/proto/envoy/type/range.proto +++ b/api/src/main/proto/envoy/type/range.proto @@ -1,6 +1,8 @@ syntax = "proto3"; package envoy.type; +option java_package = "io.envoyproxy.envoy.type"; +option java_multiple_files = true; option go_package = "envoy_type"; import "gogoproto/gogo.proto"; diff --git a/api/src/main/proto/gogoproto/gogo.proto b/api/src/main/proto/gogoproto/gogo.proto index 7f0997935..b80c85653 100644 --- a/api/src/main/proto/gogoproto/gogo.proto +++ b/api/src/main/proto/gogoproto/gogo.proto @@ -83,6 +83,10 @@ extend google.protobuf.FileOptions { optional bool enumdecl_all = 63031; optional bool goproto_registration = 63032; + optional bool messagename_all = 63033; + + optional bool goproto_sizecache_all = 63034; + optional bool goproto_unkeyed_all = 63035; } extend google.protobuf.MessageOptions { @@ -115,6 +119,11 @@ extend google.protobuf.MessageOptions { optional bool compare = 64029; optional bool typedecl = 64030; + + optional bool messagename = 64033; + + optional bool goproto_sizecache = 64034; + optional bool goproto_unkeyed = 64035; } extend google.protobuf.FieldOptions { @@ -130,4 +139,6 @@ extend google.protobuf.FieldOptions { optional bool stdtime = 65010; optional bool stdduration = 65011; + optional bool wktpointer = 65012; + } diff --git a/api/src/main/proto/trace.proto b/api/src/main/proto/trace.proto index 810a91395..35cc5c667 100644 --- a/api/src/main/proto/trace.proto +++ b/api/src/main/proto/trace.proto @@ -14,16 +14,16 @@ syntax = "proto3"; -package opencensus.proto.trace; +package opencensus.proto.trace.v1; import "google/protobuf/timestamp.proto"; import "google/protobuf/wrappers.proto"; option java_multiple_files = true; -option java_package = "io.opencensus.proto.trace"; +option java_package = "io.opencensus.proto.trace.v1"; option java_outer_classname = "TraceProto"; -option go_package = "traceproto"; +option go_package = "github.com/census-instrumentation/opencensus-proto/gen-go/trace/v1"; // A span represents a single operation within a trace. Spans can be // nested to form a trace tree. Often, a trace contains a root span @@ -32,7 +32,7 @@ option go_package = "traceproto"; // or none at all. Spans do not need to be contiguous - there may be // gaps or overlaps between spans in a trace. // -// The next id is 15. +// The next id is 16. // TODO(bdrutu): Add an example. message Span { // A unique identifier for a trace. All spans from the same trace share @@ -47,6 +47,30 @@ message Span { // This field is required. bytes span_id = 2; + // This field conveys information about request position in multiple distributed tracing graphs. + // It is a list of Tracestate.Entry with a maximum of 32 members in the list. + // + // See the https://github.com/w3c/distributed-tracing for more details about this field. + message Tracestate { + message Entry { + // The key must begin with a lowercase letter, and can only contain + // lowercase letters 'a'-'z', digits '0'-'9', underscores '_', dashes + // '-', asterisks '*', and forward slashes '/'. + string key = 1; + + // The value is opaque string up to 256 characters printable ASCII + // RFC0020 characters (i.e., the range 0x20 to 0x7E) except ',' and '='. + // Note that this also excludes tabs, newlines, carriage returns, etc. + string value = 2; + } + + // A list of entries that represent the Tracestate. + repeated Entry entries = 1; + } + + // The Tracestate on the span. + Tracestate tracestate = 15; + // The `span_id` of this span's parent span. If this is a root span, then this // field must be empty. The ID is an 8-byte array. bytes parent_span_id = 3; @@ -231,7 +255,7 @@ message Span { int32 dropped_links_count = 2; } - // The inclued links. + // The included links. Links links = 10; // An optional final status for this span. @@ -270,6 +294,8 @@ message AttributeValue { int64 int_value = 2; // A Boolean value represented by `true` or `false`. bool bool_value = 3; + // A double value. + double double_value = 4; } } @@ -350,4 +376,4 @@ message TruncatableString { // The number of bytes removed from the original string. If this // value is 0, then the string was not shortened. int32 truncated_byte_count = 2; -} \ No newline at end of file +} diff --git a/tools/API_SHAS b/tools/API_SHAS index 607fe9c13..65bb6f178 100644 --- a/tools/API_SHAS +++ b/tools/API_SHAS @@ -1,11 +1,11 @@ # Update the versions here and run update-api.sh # envoy (source: SHA from https://github.com/envoyproxy/envoy) -ENVOY_SHA="0c4c00e16a2905c34f94dbd81b3c5978aa4d7e01" +ENVOY_SHA="02659d411332e9f20d229f482931c15304ea17fd" # Jan 02, 2019 # dependencies (source: https://github.com/envoyproxy/envoy/blob//api/bazel/repositories.bzl) -GOGOPROTO_SHA="1adfc126b41513cc696b209667c8656ea7aac67c" # v1.0.0 +GOGOPROTO_SHA="4cbf7e384e768b4e01799441fdf2a706a5635ae7" # v1.2.0 GOOGLEAPIS_SHA="d642131a6e6582fc226caf9893cb7fe7885b3411" # May 23, 2018 -OPENCENSUS_SHA="ab82e5fdec8267dc2a726544b10af97675970847" # May 23, 2018 +OPENCENSUS_SHA="7f2434bc10da710debe5c4315ed6d4df454b4024" # Nov 3, 2018 (tag v0.1.0) PGV_GIT_SHA="9f600c2cd2d7031fdc8e25e1c9f5ad81c8cab4fe" # Apr 24, 2018 PROMETHEUS_SHA="99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c" # Nov 17, 2017 diff --git a/tools/update-api.sh b/tools/update-api.sh index 82cd60505..6cd1645e6 100755 --- a/tools/update-api.sh +++ b/tools/update-api.sh @@ -48,7 +48,7 @@ mkdir -p "${protodir}/validate" cp -r protoc-gen-validate-*/validate/* "${protodir}/validate" curl -sL https://github.com/census-instrumentation/opencensus-proto/archive/${OPENCENSUS_SHA}.tar.gz | tar xz --include="*.proto" -cp opencensus-proto-*/opencensus/proto/trace/trace.proto "${protodir}" +cp opencensus-proto-*/src/opencensus/proto/trace/v1/trace.proto "${protodir}" curl -sL https://github.com/prometheus/client_model/archive/${PROMETHEUS_SHA}.tar.gz | tar xz --include="*.proto" cp client_model-*/metrics.proto "${protodir}" From 40d8d5eb057ef217be616aed233fad40c2242412 Mon Sep 17 00:00:00 2001 From: "Penn (Dapeng) Zhang" Date: Thu, 3 Jan 2019 15:18:48 -0800 Subject: [PATCH 2/2] refactor java source code Signed-off-by: Penn (Dapeng) Zhang --- .../envoyproxy/controlplane/cache/Cache.java | 2 +- .../controlplane/cache/ConfigWatcher.java | 2 +- .../controlplane/cache/NodeGroup.java | 2 +- .../controlplane/cache/Resources.java | 20 +++--- .../controlplane/cache/Response.java | 2 +- .../controlplane/cache/SimpleCache.java | 2 +- .../controlplane/cache/Snapshot.java | 10 +-- .../controlplane/cache/StatusInfo.java | 2 +- .../controlplane/cache/TestResources.java | 66 +++++++++---------- .../envoyproxy/controlplane/cache/Watch.java | 2 +- .../cache/CacheStatusInfoTest.java | 4 +- .../controlplane/cache/ResourcesTest.java | 12 ++-- .../controlplane/cache/SimpleCacheTest.java | 14 ++-- .../cache/SnapshotResourcesTest.java | 2 +- .../controlplane/cache/SnapshotTest.java | 10 +-- .../controlplane/cache/WatchTest.java | 2 +- .../controlplane/server/DiscoveryServer.java | 16 ++--- .../server/DiscoveryServerCallbacks.java | 4 +- .../callback/SnapshotCollectingCallback.java | 4 +- .../server/DiscoveryServerAdsIT.java | 4 +- .../server/DiscoveryServerTest.java | 41 ++++++------ .../server/DiscoveryServerXdsIT.java | 4 +- .../controlplane/server/TestMain.java | 8 +-- .../controlplane/server/TestSnapshots.java | 6 +- .../SnapshotCollectingCallbackTest.java | 8 +-- 25 files changed, 124 insertions(+), 125 deletions(-) diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/Cache.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/Cache.java index 951a274ba..39a1196dc 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/Cache.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/Cache.java @@ -1,6 +1,6 @@ package io.envoyproxy.controlplane.cache; -import envoy.api.v2.core.Base.Node; +import io.envoyproxy.envoy.api.v2.core.Node; import java.util.Collection; import javax.annotation.concurrent.ThreadSafe; diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/ConfigWatcher.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/ConfigWatcher.java index 22c1678c4..1e557945a 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/ConfigWatcher.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/ConfigWatcher.java @@ -1,6 +1,6 @@ package io.envoyproxy.controlplane.cache; -import envoy.api.v2.Discovery.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import java.util.Set; import java.util.function.Consumer; import javax.annotation.concurrent.ThreadSafe; diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/NodeGroup.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/NodeGroup.java index 40a58652c..45c9b462f 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/NodeGroup.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/NodeGroup.java @@ -1,6 +1,6 @@ package io.envoyproxy.controlplane.cache; -import envoy.api.v2.core.Base.Node; +import io.envoyproxy.envoy.api.v2.core.Node; import javax.annotation.concurrent.ThreadSafe; /** diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/Resources.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/Resources.java index d6f50be2b..cbcb92f1c 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/Resources.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/Resources.java @@ -1,7 +1,7 @@ package io.envoyproxy.controlplane.cache; import static com.google.common.base.Strings.isNullOrEmpty; -import static envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManagerOuterClass.HttpConnectionManager.RouteSpecifierCase.RDS; +import static io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager.RouteSpecifierCase.RDS; import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableList; @@ -12,15 +12,15 @@ import com.google.protobuf.Message; import com.google.protobuf.Struct; import com.google.protobuf.util.JsonFormat; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Cds.Cluster.DiscoveryType; -import envoy.api.v2.Eds.ClusterLoadAssignment; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.Rds.RouteConfiguration; -import envoy.api.v2.auth.Cert.Secret; -import envoy.api.v2.listener.Listener.Filter; -import envoy.api.v2.listener.Listener.FilterChain; -import envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManagerOuterClass.HttpConnectionManager; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.Cluster.DiscoveryType; +import io.envoyproxy.envoy.api.v2.ClusterLoadAssignment; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; +import io.envoyproxy.envoy.api.v2.auth.Secret; +import io.envoyproxy.envoy.api.v2.listener.Filter; +import io.envoyproxy.envoy.api.v2.listener.FilterChain; +import io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager; import java.util.Collection; import java.util.List; import java.util.Map; diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/Response.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/Response.java index 492d4f8b9..537485b11 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/Response.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/Response.java @@ -2,7 +2,7 @@ import com.google.auto.value.AutoValue; import com.google.protobuf.Message; -import envoy.api.v2.Discovery.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import java.util.Collection; /** diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/SimpleCache.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/SimpleCache.java index 9b8bb6a09..5d14f4081 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/SimpleCache.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/SimpleCache.java @@ -3,7 +3,7 @@ import com.google.common.collect.ImmutableSet; import com.google.common.collect.Sets; import com.google.protobuf.Message; -import envoy.api.v2.Discovery.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/Snapshot.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/Snapshot.java index 12422eb62..30467cc87 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/Snapshot.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/Snapshot.java @@ -10,11 +10,11 @@ import com.google.common.base.Strings; import com.google.common.collect.ImmutableMap; import com.google.protobuf.Message; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Eds.ClusterLoadAssignment; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.Rds.RouteConfiguration; -import envoy.api.v2.auth.Cert.Secret; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.ClusterLoadAssignment; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; +import io.envoyproxy.envoy.api.v2.auth.Secret; import java.util.Collections; import java.util.Map; import java.util.Set; diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/StatusInfo.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/StatusInfo.java index 06cfbff0d..eee2a8724 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/StatusInfo.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/StatusInfo.java @@ -1,6 +1,6 @@ package io.envoyproxy.controlplane.cache; -import envoy.api.v2.core.Base.Node; +import io.envoyproxy.envoy.api.v2.core.Node; /** * {@code StatusInfo} tracks the state for remote envoy nodes. diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java index 70475a175..99fe65729 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/TestResources.java @@ -6,37 +6,37 @@ import com.google.protobuf.Struct; import com.google.protobuf.util.Durations; import com.google.protobuf.util.JsonFormat; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Cds.Cluster.DiscoveryType; -import envoy.api.v2.Cds.Cluster.EdsClusterConfig; -import envoy.api.v2.Eds.ClusterLoadAssignment; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.Rds.RouteConfiguration; -import envoy.api.v2.auth.Cert; -import envoy.api.v2.auth.Cert.TlsCertificate; -import envoy.api.v2.core.AddressOuterClass.Address; -import envoy.api.v2.core.AddressOuterClass.SocketAddress; -import envoy.api.v2.core.AddressOuterClass.SocketAddress.Protocol; -import envoy.api.v2.core.Base.DataSource; -import envoy.api.v2.core.ConfigSourceOuterClass.AggregatedConfigSource; -import envoy.api.v2.core.ConfigSourceOuterClass.ApiConfigSource; -import envoy.api.v2.core.ConfigSourceOuterClass.ApiConfigSource.ApiType; -import envoy.api.v2.core.ConfigSourceOuterClass.ConfigSource; -import envoy.api.v2.core.GrpcServiceOuterClass.GrpcService; -import envoy.api.v2.core.GrpcServiceOuterClass.GrpcService.EnvoyGrpc; -import envoy.api.v2.endpoint.EndpointOuterClass.Endpoint; -import envoy.api.v2.endpoint.EndpointOuterClass.LbEndpoint; -import envoy.api.v2.endpoint.EndpointOuterClass.LocalityLbEndpoints; -import envoy.api.v2.listener.Listener.Filter; -import envoy.api.v2.listener.Listener.FilterChain; -import envoy.api.v2.route.RouteOuterClass.Route; -import envoy.api.v2.route.RouteOuterClass.RouteAction; -import envoy.api.v2.route.RouteOuterClass.RouteMatch; -import envoy.api.v2.route.RouteOuterClass.VirtualHost; -import envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManagerOuterClass.HttpConnectionManager; -import envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManagerOuterClass.HttpConnectionManager.CodecType; -import envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManagerOuterClass.HttpFilter; -import envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManagerOuterClass.Rds; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.Cluster.DiscoveryType; +import io.envoyproxy.envoy.api.v2.Cluster.EdsClusterConfig; +import io.envoyproxy.envoy.api.v2.ClusterLoadAssignment; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; +import io.envoyproxy.envoy.api.v2.auth.Secret; +import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; +import io.envoyproxy.envoy.api.v2.core.Address; +import io.envoyproxy.envoy.api.v2.core.AggregatedConfigSource; +import io.envoyproxy.envoy.api.v2.core.ApiConfigSource; +import io.envoyproxy.envoy.api.v2.core.ApiConfigSource.ApiType; +import io.envoyproxy.envoy.api.v2.core.ConfigSource; +import io.envoyproxy.envoy.api.v2.core.DataSource; +import io.envoyproxy.envoy.api.v2.core.GrpcService; +import io.envoyproxy.envoy.api.v2.core.GrpcService.EnvoyGrpc; +import io.envoyproxy.envoy.api.v2.core.SocketAddress; +import io.envoyproxy.envoy.api.v2.core.SocketAddress.Protocol; +import io.envoyproxy.envoy.api.v2.endpoint.Endpoint; +import io.envoyproxy.envoy.api.v2.endpoint.LbEndpoint; +import io.envoyproxy.envoy.api.v2.endpoint.LocalityLbEndpoints; +import io.envoyproxy.envoy.api.v2.listener.Filter; +import io.envoyproxy.envoy.api.v2.listener.FilterChain; +import io.envoyproxy.envoy.api.v2.route.Route; +import io.envoyproxy.envoy.api.v2.route.RouteAction; +import io.envoyproxy.envoy.api.v2.route.RouteMatch; +import io.envoyproxy.envoy.api.v2.route.VirtualHost; +import io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager; +import io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager.CodecType; +import io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2.HttpFilter; +import io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2.Rds; /** * {@code TestResources} provides helper methods for generating resource messages for testing. It is not intended to be @@ -179,8 +179,8 @@ public static RouteConfiguration createRoute(String routeName, String clusterNam * * @param secretName name of the new secret */ - public static Cert.Secret createSecret(String secretName) { - return Cert.Secret.newBuilder() + public static Secret createSecret(String secretName) { + return Secret.newBuilder() .setName(secretName) .setTlsCertificate(TlsCertificate.newBuilder() .setPrivateKey(DataSource.newBuilder() diff --git a/cache/src/main/java/io/envoyproxy/controlplane/cache/Watch.java b/cache/src/main/java/io/envoyproxy/controlplane/cache/Watch.java index 80bba570c..5db48a401 100644 --- a/cache/src/main/java/io/envoyproxy/controlplane/cache/Watch.java +++ b/cache/src/main/java/io/envoyproxy/controlplane/cache/Watch.java @@ -1,6 +1,6 @@ package io.envoyproxy.controlplane.cache; -import envoy.api.v2.Discovery.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import java.util.concurrent.atomic.AtomicBoolean; import java.util.function.Consumer; diff --git a/cache/src/test/java/io/envoyproxy/controlplane/cache/CacheStatusInfoTest.java b/cache/src/test/java/io/envoyproxy/controlplane/cache/CacheStatusInfoTest.java index cc647493e..55b9641a2 100644 --- a/cache/src/test/java/io/envoyproxy/controlplane/cache/CacheStatusInfoTest.java +++ b/cache/src/test/java/io/envoyproxy/controlplane/cache/CacheStatusInfoTest.java @@ -2,8 +2,8 @@ import static org.assertj.core.api.Assertions.assertThat; -import envoy.api.v2.Discovery.DiscoveryRequest; -import envoy.api.v2.core.Base.Node; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.core.Node; import java.util.Collection; import java.util.UUID; import java.util.concurrent.ThreadLocalRandom; diff --git a/cache/src/test/java/io/envoyproxy/controlplane/cache/ResourcesTest.java b/cache/src/test/java/io/envoyproxy/controlplane/cache/ResourcesTest.java index f1dc84713..d80d25e7d 100644 --- a/cache/src/test/java/io/envoyproxy/controlplane/cache/ResourcesTest.java +++ b/cache/src/test/java/io/envoyproxy/controlplane/cache/ResourcesTest.java @@ -9,12 +9,12 @@ import com.google.protobuf.Any; import com.google.protobuf.Message; import com.google.type.Color; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Cds.Cluster.DiscoveryType; -import envoy.api.v2.Cds.Cluster.EdsClusterConfig; -import envoy.api.v2.Eds.ClusterLoadAssignment; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.Rds.RouteConfiguration; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.Cluster.DiscoveryType; +import io.envoyproxy.envoy.api.v2.Cluster.EdsClusterConfig; +import io.envoyproxy.envoy.api.v2.ClusterLoadAssignment; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; import java.util.Collection; import java.util.Map; import java.util.Set; diff --git a/cache/src/test/java/io/envoyproxy/controlplane/cache/SimpleCacheTest.java b/cache/src/test/java/io/envoyproxy/controlplane/cache/SimpleCacheTest.java index 1c9ec9ada..0bee27e75 100644 --- a/cache/src/test/java/io/envoyproxy/controlplane/cache/SimpleCacheTest.java +++ b/cache/src/test/java/io/envoyproxy/controlplane/cache/SimpleCacheTest.java @@ -4,13 +4,13 @@ import com.google.common.collect.ImmutableList; import com.google.protobuf.Message; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Discovery.DiscoveryRequest; -import envoy.api.v2.Eds.ClusterLoadAssignment; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.Rds.RouteConfiguration; -import envoy.api.v2.auth.Cert.Secret; -import envoy.api.v2.core.Base.Node; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.ClusterLoadAssignment; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; +import io.envoyproxy.envoy.api.v2.auth.Secret; +import io.envoyproxy.envoy.api.v2.core.Node; import java.util.Collections; import java.util.LinkedList; import java.util.Map; diff --git a/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotResourcesTest.java b/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotResourcesTest.java index d1561853b..5339b0e8b 100644 --- a/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotResourcesTest.java +++ b/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotResourcesTest.java @@ -3,7 +3,7 @@ import static org.assertj.core.api.Assertions.assertThat; import com.google.common.collect.ImmutableList; -import envoy.api.v2.Cds.Cluster; +import io.envoyproxy.envoy.api.v2.Cluster; import java.util.UUID; import org.junit.Test; diff --git a/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotTest.java b/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotTest.java index 3938075b8..99c5d51d3 100644 --- a/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotTest.java +++ b/cache/src/test/java/io/envoyproxy/controlplane/cache/SnapshotTest.java @@ -10,11 +10,11 @@ import com.google.common.collect.ImmutableList; import com.google.protobuf.Message; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Eds.ClusterLoadAssignment; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.Rds.RouteConfiguration; -import envoy.api.v2.auth.Cert.Secret; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.ClusterLoadAssignment; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; +import io.envoyproxy.envoy.api.v2.auth.Secret; import java.util.Map; import java.util.UUID; import java.util.concurrent.ThreadLocalRandom; diff --git a/cache/src/test/java/io/envoyproxy/controlplane/cache/WatchTest.java b/cache/src/test/java/io/envoyproxy/controlplane/cache/WatchTest.java index 2e950b9fb..e1d9a8a4b 100644 --- a/cache/src/test/java/io/envoyproxy/controlplane/cache/WatchTest.java +++ b/cache/src/test/java/io/envoyproxy/controlplane/cache/WatchTest.java @@ -5,7 +5,7 @@ import static org.assertj.core.api.Assertions.fail; import com.google.common.collect.ImmutableList; -import envoy.api.v2.Discovery.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import java.util.LinkedList; import java.util.List; import java.util.UUID; diff --git a/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServer.java b/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServer.java index f02f9ed71..2c261f31a 100644 --- a/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServer.java +++ b/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServer.java @@ -4,18 +4,18 @@ import com.google.common.base.Preconditions; import com.google.protobuf.Any; -import envoy.api.v2.ClusterDiscoveryServiceGrpc.ClusterDiscoveryServiceImplBase; -import envoy.api.v2.Discovery.DiscoveryRequest; -import envoy.api.v2.Discovery.DiscoveryResponse; -import envoy.api.v2.EndpointDiscoveryServiceGrpc.EndpointDiscoveryServiceImplBase; -import envoy.api.v2.ListenerDiscoveryServiceGrpc.ListenerDiscoveryServiceImplBase; -import envoy.api.v2.RouteDiscoveryServiceGrpc.RouteDiscoveryServiceImplBase; -import envoy.service.discovery.v2.AggregatedDiscoveryServiceGrpc.AggregatedDiscoveryServiceImplBase; -import envoy.service.discovery.v2.SecretDiscoveryServiceGrpc; import io.envoyproxy.controlplane.cache.ConfigWatcher; import io.envoyproxy.controlplane.cache.Resources; import io.envoyproxy.controlplane.cache.Response; import io.envoyproxy.controlplane.cache.Watch; +import io.envoyproxy.envoy.api.v2.ClusterDiscoveryServiceGrpc.ClusterDiscoveryServiceImplBase; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryResponse; +import io.envoyproxy.envoy.api.v2.EndpointDiscoveryServiceGrpc.EndpointDiscoveryServiceImplBase; +import io.envoyproxy.envoy.api.v2.ListenerDiscoveryServiceGrpc.ListenerDiscoveryServiceImplBase; +import io.envoyproxy.envoy.api.v2.RouteDiscoveryServiceGrpc.RouteDiscoveryServiceImplBase; +import io.envoyproxy.envoy.service.discovery.v2.AggregatedDiscoveryServiceGrpc.AggregatedDiscoveryServiceImplBase; +import io.envoyproxy.envoy.service.discovery.v2.SecretDiscoveryServiceGrpc; import io.grpc.Status; import io.grpc.StatusRuntimeException; import io.grpc.stub.ServerCallStreamObserver; diff --git a/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServerCallbacks.java b/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServerCallbacks.java index 994c2d169..dfebf28ca 100644 --- a/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServerCallbacks.java +++ b/server/src/main/java/io/envoyproxy/controlplane/server/DiscoveryServerCallbacks.java @@ -1,7 +1,7 @@ package io.envoyproxy.controlplane.server; -import envoy.api.v2.Discovery.DiscoveryRequest; -import envoy.api.v2.Discovery.DiscoveryResponse; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryResponse; /** * {@code DiscoveryServerCallbacks} defines the callbacks that are exposed by the {@link DiscoveryServer}. The callbacks diff --git a/server/src/main/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallback.java b/server/src/main/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallback.java index 1aa1633ea..1b8cecd14 100644 --- a/server/src/main/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallback.java +++ b/server/src/main/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallback.java @@ -2,11 +2,11 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.util.concurrent.ThreadFactoryBuilder; -import envoy.api.v2.Discovery; import io.envoyproxy.controlplane.cache.NodeGroup; import io.envoyproxy.controlplane.cache.Snapshot; import io.envoyproxy.controlplane.cache.SnapshotCache; import io.envoyproxy.controlplane.server.DiscoveryServerCallbacks; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import java.time.Clock; import java.time.Instant; import java.time.temporal.ChronoUnit; @@ -79,7 +79,7 @@ public SnapshotCollectingCallback(SnapshotCache snapshotCache, } @Override - public synchronized void onStreamRequest(long streamId, Discovery.DiscoveryRequest request) { + public synchronized void onStreamRequest(long streamId, DiscoveryRequest request) { T groupIdentifier = nodeGroup.hash(request.getNode()); SnapshotState snapshotState = diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerAdsIT.java b/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerAdsIT.java index 2cc37fdc4..07e13a0fe 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerAdsIT.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerAdsIT.java @@ -6,9 +6,9 @@ import static org.awaitility.Awaitility.await; import static org.hamcrest.Matchers.containsString; -import envoy.api.v2.Discovery.DiscoveryRequest; -import envoy.api.v2.Discovery.DiscoveryResponse; import io.envoyproxy.controlplane.cache.SimpleCache; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryResponse; import io.grpc.netty.NettyServerBuilder; import io.restassured.http.ContentType; import java.util.concurrent.CountDownLatch; diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerTest.java b/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerTest.java index 53ce160f3..29adfab63 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerTest.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerTest.java @@ -10,37 +10,36 @@ import com.google.common.collect.ImmutableTable; import com.google.common.collect.Table; import com.google.protobuf.Message; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.ClusterDiscoveryServiceGrpc; -import envoy.api.v2.ClusterDiscoveryServiceGrpc.ClusterDiscoveryServiceStub; -import envoy.api.v2.Discovery.DiscoveryRequest; -import envoy.api.v2.Discovery.DiscoveryResponse; -import envoy.api.v2.Eds.ClusterLoadAssignment; -import envoy.api.v2.EndpointDiscoveryServiceGrpc; -import envoy.api.v2.EndpointDiscoveryServiceGrpc.EndpointDiscoveryServiceStub; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.ListenerDiscoveryServiceGrpc; -import envoy.api.v2.ListenerDiscoveryServiceGrpc.ListenerDiscoveryServiceStub; -import envoy.api.v2.Rds.RouteConfiguration; -import envoy.api.v2.RouteDiscoveryServiceGrpc; -import envoy.api.v2.RouteDiscoveryServiceGrpc.RouteDiscoveryServiceStub; -import envoy.api.v2.auth.Cert.Secret; -import envoy.api.v2.core.Base.Node; -import envoy.service.discovery.v2.AggregatedDiscoveryServiceGrpc; -import envoy.service.discovery.v2.AggregatedDiscoveryServiceGrpc.AggregatedDiscoveryServiceStub; -import envoy.service.discovery.v2.SecretDiscoveryServiceGrpc; -import envoy.service.discovery.v2.SecretDiscoveryServiceGrpc.SecretDiscoveryServiceStub; import io.envoyproxy.controlplane.cache.ConfigWatcher; import io.envoyproxy.controlplane.cache.Resources; import io.envoyproxy.controlplane.cache.Response; import io.envoyproxy.controlplane.cache.TestResources; import io.envoyproxy.controlplane.cache.Watch; import io.envoyproxy.controlplane.cache.WatchCancelledException; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.ClusterDiscoveryServiceGrpc; +import io.envoyproxy.envoy.api.v2.ClusterDiscoveryServiceGrpc.ClusterDiscoveryServiceStub; +import io.envoyproxy.envoy.api.v2.ClusterLoadAssignment; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryResponse; +import io.envoyproxy.envoy.api.v2.EndpointDiscoveryServiceGrpc; +import io.envoyproxy.envoy.api.v2.EndpointDiscoveryServiceGrpc.EndpointDiscoveryServiceStub; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.ListenerDiscoveryServiceGrpc; +import io.envoyproxy.envoy.api.v2.ListenerDiscoveryServiceGrpc.ListenerDiscoveryServiceStub; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; +import io.envoyproxy.envoy.api.v2.RouteDiscoveryServiceGrpc; +import io.envoyproxy.envoy.api.v2.RouteDiscoveryServiceGrpc.RouteDiscoveryServiceStub; +import io.envoyproxy.envoy.api.v2.auth.Secret; +import io.envoyproxy.envoy.api.v2.core.Node; +import io.envoyproxy.envoy.service.discovery.v2.AggregatedDiscoveryServiceGrpc; +import io.envoyproxy.envoy.service.discovery.v2.AggregatedDiscoveryServiceGrpc.AggregatedDiscoveryServiceStub; +import io.envoyproxy.envoy.service.discovery.v2.SecretDiscoveryServiceGrpc; +import io.envoyproxy.envoy.service.discovery.v2.SecretDiscoveryServiceGrpc.SecretDiscoveryServiceStub; import io.grpc.Status; import io.grpc.StatusRuntimeException; import io.grpc.stub.StreamObserver; import io.grpc.testing.GrpcServerRule; - import java.io.ByteArrayOutputStream; import java.io.PrintStream; import java.util.Collection; diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerXdsIT.java b/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerXdsIT.java index 0478de422..844d7fe6b 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerXdsIT.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/DiscoveryServerXdsIT.java @@ -6,9 +6,9 @@ import static org.awaitility.Awaitility.await; import static org.hamcrest.Matchers.containsString; -import envoy.api.v2.Discovery.DiscoveryRequest; -import envoy.api.v2.Discovery.DiscoveryResponse; import io.envoyproxy.controlplane.cache.SimpleCache; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; +import io.envoyproxy.envoy.api.v2.DiscoveryResponse; import io.grpc.netty.NettyServerBuilder; import io.restassured.http.ContentType; import java.util.concurrent.CountDownLatch; diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/TestMain.java b/server/src/test/java/io/envoyproxy/controlplane/server/TestMain.java index d62e666de..8576aad71 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/TestMain.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/TestMain.java @@ -2,12 +2,12 @@ import com.google.common.collect.ImmutableList; import com.google.protobuf.Duration; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Cds.Cluster.DiscoveryType; -import envoy.api.v2.core.AddressOuterClass.Address; -import envoy.api.v2.core.AddressOuterClass.SocketAddress; import io.envoyproxy.controlplane.cache.SimpleCache; import io.envoyproxy.controlplane.cache.Snapshot; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.Cluster.DiscoveryType; +import io.envoyproxy.envoy.api.v2.core.Address; +import io.envoyproxy.envoy.api.v2.core.SocketAddress; import io.grpc.Server; import io.grpc.ServerBuilder; import io.grpc.netty.NettyServerBuilder; diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/TestSnapshots.java b/server/src/test/java/io/envoyproxy/controlplane/server/TestSnapshots.java index 3218e8c43..aed5aeca2 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/TestSnapshots.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/TestSnapshots.java @@ -1,10 +1,10 @@ package io.envoyproxy.controlplane.server; -import envoy.api.v2.Cds.Cluster; -import envoy.api.v2.Lds.Listener; -import envoy.api.v2.Rds.RouteConfiguration; import io.envoyproxy.controlplane.cache.Snapshot; import io.envoyproxy.controlplane.cache.TestResources; +import io.envoyproxy.envoy.api.v2.Cluster; +import io.envoyproxy.envoy.api.v2.Listener; +import io.envoyproxy.envoy.api.v2.RouteConfiguration; import org.testcontainers.shaded.com.google.common.collect.ImmutableList; class TestSnapshots { diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallbackTest.java b/server/src/test/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallbackTest.java index 91371ac56..8810daee4 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallbackTest.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/callback/SnapshotCollectingCallbackTest.java @@ -3,10 +3,10 @@ import static org.assertj.core.api.Assertions.assertThat; import com.google.common.collect.ImmutableSet; -import envoy.api.v2.Discovery; import io.envoyproxy.controlplane.cache.NodeGroup; import io.envoyproxy.controlplane.cache.SimpleCache; import io.envoyproxy.controlplane.cache.Snapshot; +import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import java.time.Clock; import java.time.Duration; import java.time.Instant; @@ -37,8 +37,8 @@ public void setUp() { @Test public void testSingleSnapshot() { - callback.onStreamRequest(0, Discovery.DiscoveryRequest.getDefaultInstance()); - callback.onStreamRequest(1, Discovery.DiscoveryRequest.getDefaultInstance()); + callback.onStreamRequest(0, DiscoveryRequest.getDefaultInstance()); + callback.onStreamRequest(1, DiscoveryRequest.getDefaultInstance()); // We have 2 references to the snapshot, this should do nothing. callback.deleteUnreferenced(Clock.offset(CLOCK, Duration.ofMillis(5))); @@ -75,7 +75,7 @@ public void testAsyncCollection() throws InterruptedException { } }; - callback.onStreamRequest(0, Discovery.DiscoveryRequest.getDefaultInstance()); + callback.onStreamRequest(0, DiscoveryRequest.getDefaultInstance()); assertThat(deleteUnreferencedLatch.await(100, TimeUnit.MILLISECONDS)).isTrue(); assertThat(collectedGroups).isEmpty();