From 834e5a7ab0c029df0951c07a6b817341f31a5899 Mon Sep 17 00:00:00 2001 From: Sergii Tkachenko Date: Mon, 26 Jul 2021 19:01:25 -0400 Subject: [PATCH 1/2] xds: sync envoy proto to commit 62ca8bd2b5960ed1c6ce2be97d3120cee719ecab --- xds/third_party/envoy/LICENSE | 2 +- xds/third_party/envoy/import.sh | 3 +- .../proto/envoy/admin/v3/config_dump.proto | 26 +-- .../envoy/config/accesslog/v3/accesslog.proto | 4 +- .../envoy/config/bootstrap/v3/bootstrap.proto | 58 ++++--- .../config/cluster/v3/circuit_breaker.proto | 10 +- .../envoy/config/cluster/v3/cluster.proto | 148 ++++++++++-------- .../envoy/config/cluster/v3/filter.proto | 3 +- .../config/cluster/v3/outlier_detection.proto | 18 +-- .../proto/envoy/config/core/v3/address.proto | 14 +- .../proto/envoy/config/core/v3/backoff.proto | 6 +- .../proto/envoy/config/core/v3/base.proto | 28 +++- .../envoy/config/core/v3/config_source.proto | 10 +- .../envoy/config/core/v3/grpc_service.proto | 8 +- .../envoy/config/core/v3/health_check.proto | 20 +-- .../proto/envoy/config/core/v3/protocol.proto | 66 ++++++-- .../proto/envoy/config/core/v3/resolver.proto | 41 +++++ .../core/v3/substitution_format_string.proto | 1 + .../envoy/config/endpoint/v3/endpoint.proto | 4 +- .../endpoint/v3/endpoint_components.proto | 10 +- .../config/endpoint/v3/load_report.proto | 6 +- .../envoy/config/listener/v3/listener.proto | 36 ++--- .../listener/v3/listener_components.proto | 4 +- .../config/listener/v3/quic_config.proto | 24 +++ .../listener/v3/udp_listener_config.proto | 6 +- .../proto/envoy/config/metrics/v3/stats.proto | 18 +-- .../proto/envoy/config/rbac/v3/rbac.proto | 13 +- .../proto/envoy/config/route/v3/route.proto | 20 +-- .../config/route/v3/route_components.proto | 148 +++++++++--------- .../envoy/config/route/v3/scoped_route.proto | 16 +- .../envoy/config/trace/v3/http_tracer.proto | 6 +- .../envoy/config/trace/v3/lightstep.proto | 9 +- .../filters/http/fault/v3/fault.proto | 10 +- .../filters/http/rbac/v3/rbac.proto | 1 + .../filters/http/router/v3/router.proto | 12 +- .../v3/http_connection_manager.proto | 135 ++++++++++++---- .../transport_sockets/tls/v3/common.proto | 60 ++++--- .../transport_sockets/tls/v3/tls.proto | 16 +- .../service/discovery/v3/discovery.proto | 4 +- .../envoy/service/load_stats/v3/lrs.proto | 8 +- .../proto/envoy/service/status/v3/csds.proto | 54 ++++++- .../type/http/v3/path_transformation.proto | 2 +- .../envoy/type/matcher/v3/metadata.proto | 6 +- .../envoy/type/metadata/v3/metadata.proto | 8 +- .../envoy/type/tracing/v3/custom_tag.proto | 4 +- 45 files changed, 719 insertions(+), 387 deletions(-) create mode 100644 xds/third_party/envoy/src/main/proto/envoy/config/core/v3/resolver.proto diff --git a/xds/third_party/envoy/LICENSE b/xds/third_party/envoy/LICENSE index 760a01df5b2..1e2bdc6ae7b 100644 --- a/xds/third_party/envoy/LICENSE +++ b/xds/third_party/envoy/LICENSE @@ -199,4 +199,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file + limitations under the License. diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh index 7569de35ee9..4c3fd1b3c70 100755 --- a/xds/third_party/envoy/import.sh +++ b/xds/third_party/envoy/import.sh @@ -18,7 +18,7 @@ set -e BRANCH=main # import VERSION from one of the google internal CLs -VERSION=8b9b87702885beb324dadb349cbcb06d037c956e +VERSION=62ca8bd2b5960ed1c6ce2be97d3120cee719ecab GIT_REPO="https://github.com/envoyproxy/envoy.git" GIT_BASE_DIR=envoy SOURCE_PROTO_BASE_DIR=envoy/api @@ -82,6 +82,7 @@ envoy/config/core/v3/health_check.proto envoy/config/core/v3/http_uri.proto envoy/config/core/v3/protocol.proto envoy/config/core/v3/proxy_protocol.proto +envoy/config/core/v3/resolver.proto envoy/config/core/v3/socket_option.proto envoy/config/core/v3/substitution_format_string.proto envoy/config/core/v3/udp_socket_config.proto diff --git a/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump.proto b/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump.proto index 49c208537cd..ddafb56b393 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump.proto @@ -53,11 +53,13 @@ message ConfigDump { // The following configurations are currently supported and will be dumped in the order given // below: // - // * *bootstrap*: :ref:`BootstrapConfigDump ` - // * *clusters*: :ref:`ClustersConfigDump ` - // * *endpoints*: :ref:`EndpointsConfigDump ` - // * *listeners*: :ref:`ListenersConfigDump ` - // * *routes*: :ref:`RoutesConfigDump ` + // * *bootstrap*: :ref:`BootstrapConfigDump ` + // * *clusters*: :ref:`ClustersConfigDump ` + // * *endpoints*: :ref:`EndpointsConfigDump ` + // * *listeners*: :ref:`ListenersConfigDump ` + // * *scoped_routes*: :ref:`ScopedRoutesConfigDump ` + // * *routes*: :ref:`RoutesConfigDump ` + // * *secrets*: :ref:`SecretsConfigDump ` // // EDS Configuration will only be dumped by using parameter `?include_eds` // @@ -126,7 +128,7 @@ message ListenersConfigDump { "envoy.admin.v2alpha.ListenersConfigDump.DynamicListenerState"; // This is the per-resource version information. This version is currently taken from the - // :ref:`version_info ` field at the time + // :ref:`version_info ` field at the time // that the listener was loaded. In the future, discrete per-listener versions may be supported // by the API. string version_info = 1; @@ -174,7 +176,7 @@ message ListenersConfigDump { ClientResourceStatus client_status = 6; } - // This is the :ref:`version_info ` in the + // This is the :ref:`version_info ` in the // last processed LDS discovery response. If there are only static bootstrap listeners, this field // will be "". string version_info = 1; @@ -212,7 +214,7 @@ message ClustersConfigDump { "envoy.admin.v2alpha.ClustersConfigDump.DynamicCluster"; // This is the per-resource version information. This version is currently taken from the - // :ref:`version_info ` field at the time + // :ref:`version_info ` field at the time // that the cluster was loaded. In the future, discrete per-cluster versions may be supported by // the API. string version_info = 1; @@ -235,7 +237,7 @@ message ClustersConfigDump { ClientResourceStatus client_status = 5; } - // This is the :ref:`version_info ` in the + // This is the :ref:`version_info ` in the // last processed CDS discovery response. If there are only static bootstrap clusters, this field // will be "". string version_info = 1; @@ -280,7 +282,7 @@ message RoutesConfigDump { "envoy.admin.v2alpha.RoutesConfigDump.DynamicRouteConfig"; // This is the per-resource version information. This version is currently taken from the - // :ref:`version_info ` field at the time that + // :ref:`version_info ` field at the time that // the route configuration was loaded. string version_info = 1; @@ -340,7 +342,7 @@ message ScopedRoutesConfigDump { string name = 1; // This is the per-resource version information. This version is currently taken from the - // :ref:`version_info ` field at the time that + // :ref:`version_info ` field at the time that // the scoped routes configuration was loaded. string version_info = 2; @@ -450,7 +452,7 @@ message EndpointsConfigDump { // [#next-free-field: 6] message DynamicEndpointConfig { // [#not-implemented-hide:] This is the per-resource version information. This version is currently taken from the - // :ref:`version_info ` field at the time that + // :ref:`version_info ` field at the time that // the endpoint configuration was loaded. string version_info = 1; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto index 883f1127468..ad129a3ed64 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto @@ -169,8 +169,8 @@ message RuntimeFilter { // randomly sample based on the runtime key value alone. // *use_independent_randomness* can be used for logging kill switches within // complex nested :ref:`AndFilter - // ` and :ref:`OrFilter - // ` blocks that are easier to + // ` and :ref:`OrFilter + // ` blocks that are easier to // reason about from a probability perspective (i.e., setting to true will // cause the filter to behave like an independent random variable when // composed within logical operator filters). diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto index 19784ab2a35..431b45b6617 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto @@ -9,6 +9,7 @@ import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/config_source.proto"; import "envoy/config/core/v3/event_service_config.proto"; import "envoy/config/core/v3/extension.proto"; +import "envoy/config/core/v3/resolver.proto"; import "envoy/config/core/v3/socket_option.proto"; import "envoy/config/listener/v3/listener.proto"; import "envoy/config/metrics/v3/stats.proto"; @@ -35,11 +36,11 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Bootstrap] // This proto is supplied via the :option:`-c` CLI flag and acts as the root -// of the Envoy v2 configuration. See the :ref:`v2 configuration overview +// of the Envoy v3 configuration. See the :ref:`v3 configuration overview // ` for more detail. // Bootstrap :ref:`configuration overview `. -// [#next-free-field: 30] +// [#next-free-field: 31] message Bootstrap { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Bootstrap"; @@ -48,12 +49,12 @@ message Bootstrap { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Bootstrap.StaticResources"; - // Static :ref:`Listeners `. These listeners are + // Static :ref:`Listeners `. These listeners are // available regardless of LDS configuration. repeated listener.v3.Listener listeners = 1; // If a network based configuration source is specified for :ref:`cds_config - // `, it's necessary + // `, it's necessary // to have some initial cluster definitions available to allow Envoy to know // how to speak to the management server. These cluster definitions may not // use :ref:`EDS ` (i.e. they should be static @@ -61,7 +62,7 @@ message Bootstrap { repeated cluster.v3.Cluster clusters = 2; // These static secrets can be used by :ref:`SdsSecretConfig - // ` + // ` repeated envoy.extensions.transport_sockets.tls.v3.Secret secrets = 3; } @@ -72,7 +73,7 @@ message Bootstrap { reserved 4; - // All :ref:`Listeners ` are provided by a single + // All :ref:`Listeners ` are provided by a single // :ref:`LDS ` configuration source. core.v3.ConfigSource lds_config = 1; @@ -80,7 +81,7 @@ message Bootstrap { // [#not-implemented-hide:] string lds_resources_locator = 5; - // All post-bootstrap :ref:`Cluster ` definitions are + // All post-bootstrap :ref:`Cluster ` definitions are // provided by a single :ref:`CDS ` // configuration source. core.v3.ConfigSource cds_config = 2; @@ -91,10 +92,10 @@ message Bootstrap { // A single :ref:`ADS ` source may be optionally // specified. This must have :ref:`api_type - // ` :ref:`GRPC - // `. Only - // :ref:`ConfigSources ` that have - // the :ref:`ads ` field set will be + // ` :ref:`GRPC + // `. Only + // :ref:`ConfigSources ` that have + // the :ref:`ads ` field set will be // streamed on the ADS channel. core.v3.ApiConfigSource ads_config = 3; } @@ -152,7 +153,7 @@ message Bootstrap { ClusterManager cluster_manager = 4; // Health discovery service config option. - // (:ref:`core.ApiConfigSource `) + // (:ref:`core.ApiConfigSource `) core.v3.ApiConfigSource hds_config = 14; // Optional file system path to search for startup flag files. @@ -200,7 +201,7 @@ message Bootstrap { // // .. attention:: // This field has been deprecated in favor of :ref:`HttpConnectionManager.Tracing.provider - // `. + // `. trace.v3.Tracing tracing = 9 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; @@ -221,7 +222,7 @@ message Bootstrap { // Enable :ref:`stats for event dispatcher `, defaults to false. // Note that this records a value for each iteration of the event loop on every thread. This // should normally be minimal overhead, but when using - // :ref:`statsd `, it will send each observed value + // :ref:`statsd `, it will send each observed value // over the wire individually because the statsd protocol doesn't have any way to represent a // histogram summary. Be aware that this can be a very large volume of data. bool enable_dispatcher_stats = 16; @@ -239,18 +240,27 @@ message Bootstrap { // Optional proxy version which will be used to set the value of :ref:`server.version statistic // ` if specified. Envoy will not process this value, it will be sent as is to - // :ref:`stats sinks `. + // :ref:`stats sinks `. google.protobuf.UInt64Value stats_server_version_override = 19; // Always use TCP queries instead of UDP queries for DNS lookups. // This may be overridden on a per-cluster basis in cds_config, - // when :ref:`dns_resolvers ` and - // :ref:`use_tcp_for_dns_lookups ` are + // when :ref:`dns_resolvers ` and + // :ref:`use_tcp_for_dns_lookups ` are // specified. // Setting this value causes failure if the // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during // server startup. Apple' API only uses UDP for DNS resolution. - bool use_tcp_for_dns_lookups = 20; + // This field is deprecated in favor of *dns_resolution_config* + // which aggregates all of the DNS resolver configuration in a single message. + bool use_tcp_for_dns_lookups = 20 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // DNS resolution configuration which includes the underlying dns resolver addresses and options. + // This may be overridden on a per-cluster basis in cds_config, when + // :ref:`dns_resolution_config ` + // is specified. + core.v3.DnsResolutionConfig dns_resolution_config = 30; // Specifies optional bootstrap extensions to be instantiated at startup time. // Each item contains extension specific configuration. @@ -291,7 +301,7 @@ message Bootstrap { // Global map of CertificateProvider instances. These instances are referred to by name in the // :ref:`CommonTlsContext.CertificateProviderInstance.instance_name - // ` + // ` // field. // [#not-implemented-hide:] map certificate_provider_instances = 25; @@ -309,7 +319,7 @@ message Admin { // The path to write the access log for the administration server. If no // access log is desired specify ‘/dev/null’. This is only required if - // :ref:`address ` is set. + // :ref:`address ` is set. // Deprecated in favor of *access_log* which offers more options. string access_log_path = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; @@ -349,9 +359,9 @@ message ClusterManager { // this configuration). In order to enable :ref:`zone aware routing // ` this option must be set. // If *local_cluster_name* is defined then :ref:`clusters - // ` must be defined in the :ref:`Bootstrap + // ` must be defined in the :ref:`Bootstrap // static cluster resources - // `. This is unrelated to + // `. This is unrelated to // the :option:`--service-cluster` option which does not `affect zone aware // routing `_. string local_cluster_name = 1; @@ -365,8 +375,8 @@ message ClusterManager { // A management server endpoint to stream load stats to via // *StreamLoadStats*. This must have :ref:`api_type - // ` :ref:`GRPC - // `. + // ` :ref:`GRPC + // `. core.v3.ApiConfigSource load_stats_config = 4; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/circuit_breaker.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/circuit_breaker.proto index 96e69701cda..82cd329b91a 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/circuit_breaker.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/circuit_breaker.proto @@ -25,7 +25,7 @@ message CircuitBreakers { "envoy.api.v2.cluster.CircuitBreakers"; // A Thresholds defines CircuitBreaker settings for a - // :ref:`RoutingPriority`. + // :ref:`RoutingPriority`. // [#next-free-field: 9] message Thresholds { option (udpa.annotations.versioning).previous_message_type = @@ -49,7 +49,7 @@ message CircuitBreakers { google.protobuf.UInt32Value min_retry_concurrency = 2; } - // The :ref:`RoutingPriority` + // The :ref:`RoutingPriority` // the specified CircuitBreaker settings apply to. core.v3.RoutingPriority priority = 1 [(validate.rules).enum = {defined_only: true}]; @@ -96,10 +96,10 @@ message CircuitBreakers { google.protobuf.UInt32Value max_connection_pools = 7; } - // If multiple :ref:`Thresholds` - // are defined with the same :ref:`RoutingPriority`, + // If multiple :ref:`Thresholds` + // are defined with the same :ref:`RoutingPriority`, // the first one in the list is used. If no Thresholds is defined for a given - // :ref:`RoutingPriority`, the default values + // :ref:`RoutingPriority`, the default values // are used. repeated Thresholds thresholds = 1; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto index e72a0aa80e1..5470b1807d4 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto @@ -11,6 +11,7 @@ import "envoy/config/core/v3/config_source.proto"; import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/health_check.proto"; import "envoy/config/core/v3/protocol.proto"; +import "envoy/config/core/v3/resolver.proto"; import "envoy/config/endpoint/v3/endpoint.proto"; import "envoy/type/v3/percent.proto"; @@ -42,7 +43,7 @@ message ClusterCollection { } // Configuration for a single upstream cluster. -// [#next-free-field: 53] +// [#next-free-field: 54] message Cluster { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster"; @@ -110,7 +111,7 @@ message Cluster { CLUSTER_PROVIDED = 6; // [#not-implemented-hide:] Use the new :ref:`load_balancing_policy - // ` field to determine the LB policy. + // ` field to determine the LB policy. // [#next-major-version: In the v3 API, we should consider deprecating the lb_policy field // and instead using the new load_balancing_policy field as the one and only mechanism for // configuring this.] @@ -123,8 +124,8 @@ message Cluster { // specified, the DNS resolver will first perform a lookup for addresses in // the IPv6 family and fallback to a lookup for addresses in the IPv4 family. // For cluster types other than - // :ref:`STRICT_DNS` and - // :ref:`LOGICAL_DNS`, + // :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS`, // this setting is // ignored. enum DnsLookupFamily { @@ -135,7 +136,7 @@ message Cluster { enum ClusterProtocolSelection { // Cluster can only operate on one of the possible upstream protocols (HTTP1.1, HTTP2). - // If :ref:`http2_protocol_options ` are + // If :ref:`http2_protocol_options ` are // present, HTTP2 will be used, otherwise HTTP1.1 will be used. USE_CONFIGURED_PROTOCOL = 0; @@ -233,7 +234,7 @@ message Cluster { // If KEYS_SUBSET is selected, subset selector matching is performed again with metadata // keys reduced to - // :ref:`fallback_keys_subset`. + // :ref:`fallback_keys_subset`. // It allows for a fallback to a different, less specific selector if some of the keys of // the selector are considered optional. KEYS_SUBSET = 4; @@ -262,30 +263,30 @@ message Cluster { [(validate.rules).enum = {defined_only: true}]; // Subset of - // :ref:`keys` used by - // :ref:`KEYS_SUBSET` + // :ref:`keys` used by + // :ref:`KEYS_SUBSET` // fallback policy. // It has to be a non empty list if KEYS_SUBSET fallback policy is selected. // For any other fallback policy the parameter is not used and should not be set. // Only values also present in - // :ref:`keys` are allowed, but + // :ref:`keys` are allowed, but // `fallback_keys_subset` cannot be equal to `keys`. repeated string fallback_keys_subset = 3; } // The behavior used when no endpoint subset matches the selected route's // metadata. The value defaults to - // :ref:`NO_FALLBACK`. + // :ref:`NO_FALLBACK`. LbSubsetFallbackPolicy fallback_policy = 1 [(validate.rules).enum = {defined_only: true}]; // Specifies the default subset of endpoints used during fallback if // fallback_policy is - // :ref:`DEFAULT_SUBSET`. + // :ref:`DEFAULT_SUBSET`. // Each field in default_subset is // compared to the matching LbEndpoint.Metadata under the *envoy.lb* // namespace. It is valid for no hosts to match, in which case the behavior // is the same as a fallback_policy of - // :ref:`NO_FALLBACK`. + // :ref:`NO_FALLBACK`. google.protobuf.Struct default_subset = 2; // For each entry, LbEndpoint.Metadata's @@ -393,16 +394,16 @@ message Cluster { // Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each // provided host) the better the request distribution will reflect the desired weights. Defaults // to 1024 entries, and limited to 8M entries. See also - // :ref:`maximum_ring_size`. + // :ref:`maximum_ring_size`. google.protobuf.UInt64Value minimum_ring_size = 1 [(validate.rules).uint64 = {lte: 8388608}]; // The hash function used to hash hosts onto the ketama ring. The value defaults to - // :ref:`XX_HASH`. + // :ref:`XX_HASH`. HashFunction hash_function = 3 [(validate.rules).enum = {defined_only: true}]; // Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered // to further constrain resource use. See also - // :ref:`minimum_ring_size`. + // :ref:`minimum_ring_size`. google.protobuf.UInt64Value maximum_ring_size = 4 [(validate.rules).uint64 = {lte: 8388608}]; } @@ -556,7 +557,7 @@ message Cluster { // Specifies the base interval between refreshes. This parameter is required and must be greater // than zero and less than - // :ref:`max_interval `. + // :ref:`max_interval `. google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { required: true gt {nanos: 1000000} @@ -564,8 +565,8 @@ message Cluster { // Specifies the maximum interval between refreshes. This parameter is optional, but must be // greater than or equal to the - // :ref:`base_interval ` if set. The default - // is 10 times the :ref:`base_interval `. + // :ref:`base_interval ` if set. The default + // is 10 times the :ref:`base_interval `. google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}]; } @@ -629,9 +630,9 @@ message Cluster { // Configuration to use different transport sockets for different endpoints. // The entry of *envoy.transport_socket_match* in the - // :ref:`LbEndpoint.Metadata ` + // :ref:`LbEndpoint.Metadata ` // is used to match against the transport sockets as they appear in the list. The first - // :ref:`match ` is used. + // :ref:`match ` is used. // For example, with the following match // // .. code-block:: yaml @@ -651,7 +652,7 @@ message Cluster { // Connections to the endpoints whose metadata value under *envoy.transport_socket_match* // having "acceptMTLS"/"true" key/value pair use the "enableMTLS" socket configuration. // - // If a :ref:`socket match ` with empty match + // If a :ref:`socket match ` with empty match // criteria is provided, that always match any endpoint. For example, the "defaultToPlaintext" // socket match in case above. // @@ -673,7 +674,7 @@ message Cluster { // // This field can be used to specify custom transport socket configurations for health // checks by adding matching key/value pairs in a health check's - // :ref:`transport socket match criteria ` field. + // :ref:`transport socket match criteria ` field. // // [#comment:TODO(incfly): add a detailed architecture doc on intended usage.] repeated TransportSocketMatch transport_socket_matches = 43; @@ -681,7 +682,7 @@ message Cluster { // Supplies the name of the cluster which must be unique across all clusters. // The cluster name is used when emitting // :ref:`statistics ` if :ref:`alt_stat_name - // ` is not provided. + // ` is not provided. // Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics. string name = 1 [(validate.rules).string = {min_len: 1}]; @@ -709,6 +710,7 @@ message Cluster { EdsClusterConfig eds_cluster_config = 3; // The timeout for new network connections to hosts in the cluster. + // If not set, a default value of 5s will be used. google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}]; // Soft limit on size of the cluster’s connections read and write buffers. If @@ -718,19 +720,19 @@ message Cluster { // The :ref:`load balancer type ` to use // when picking a host in the cluster. - // [#comment:TODO: Remove enum constraint :ref:`LOAD_BALANCING_POLICY_CONFIG` when implemented.] + // [#comment:TODO: Remove enum constraint :ref:`LOAD_BALANCING_POLICY_CONFIG` when implemented.] LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true not_in: 7}]; // Setting this is required for specifying members of - // :ref:`STATIC`, - // :ref:`STRICT_DNS` - // or :ref:`LOGICAL_DNS` clusters. + // :ref:`STATIC`, + // :ref:`STRICT_DNS` + // or :ref:`LOGICAL_DNS` clusters. // This field supersedes the *hosts* field in the v2 API. // // .. attention:: // // Setting this allows non-EDS cluster types to contain embedded EDS equivalent - // :ref:`endpoint assignments`. + // :ref:`endpoint assignments`. // endpoint.v3.ClusterLoadAssignment load_assignment = 33; @@ -752,12 +754,12 @@ message Cluster { // HTTP protocol options that are applied only to upstream HTTP connections. // These options apply to all HTTP versions. // This has been deprecated in favor of - // :ref:`upstream_http_protocol_options ` - // in the :ref:`http_protocol_options ` message. + // :ref:`upstream_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. // upstream_http_protocol_options can be set via the cluster's - // :ref:`extension_protocol_options`. + // :ref:`extension_protocol_options`. // See :ref:`upstream_http_protocol_options - // ` + // ` // for example usage. core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; @@ -765,23 +767,23 @@ message Cluster { // Additional options when handling HTTP requests upstream. These options will be applicable to // both HTTP1 and HTTP2 requests. // This has been deprecated in favor of - // :ref:`common_http_protocol_options ` - // in the :ref:`http_protocol_options ` message. + // :ref:`common_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. // common_http_protocol_options can be set via the cluster's - // :ref:`extension_protocol_options`. + // :ref:`extension_protocol_options`. // See :ref:`upstream_http_protocol_options - // ` + // ` // for example usage. core.v3.HttpProtocolOptions common_http_protocol_options = 29 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Additional options when handling HTTP1 requests. // This has been deprecated in favor of http_protocol_options fields in the in the - // :ref:`http_protocol_options ` message. + // :ref:`http_protocol_options ` message. // http_protocol_options can be set via the cluster's - // :ref:`extension_protocol_options`. + // :ref:`extension_protocol_options`. // See :ref:`upstream_http_protocol_options - // ` + // ` // for example usage. core.v3.Http1ProtocolOptions http_protocol_options = 13 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; @@ -793,11 +795,11 @@ message Cluster { // with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2 // connections to happen over plain text. // This has been deprecated in favor of http2_protocol_options fields in the in the - // :ref:`http_protocol_options ` + // :ref:`http_protocol_options ` // message. http2_protocol_options can be set via the cluster's - // :ref:`extension_protocol_options`. + // :ref:`extension_protocol_options`. // See :ref:`upstream_http_protocol_options - // ` + // ` // for example usage. core.v3.Http2ProtocolOptions http2_protocol_options = 14 [ deprecated = true, @@ -813,24 +815,24 @@ message Cluster { map typed_extension_protocol_options = 36; // If the DNS refresh rate is specified and the cluster type is either - // :ref:`STRICT_DNS`, - // or :ref:`LOGICAL_DNS`, + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, // this value is used as the cluster’s DNS refresh // rate. The value configured must be at least 1ms. If this setting is not specified, the // value defaults to 5000ms. For cluster types other than - // :ref:`STRICT_DNS` - // and :ref:`LOGICAL_DNS` + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` // this setting is ignored. google.protobuf.Duration dns_refresh_rate = 16 [(validate.rules).duration = {gt {nanos: 1000000}}]; // If the DNS failure refresh rate is specified and the cluster type is either - // :ref:`STRICT_DNS`, - // or :ref:`LOGICAL_DNS`, + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, // this is used as the cluster’s DNS refresh rate when requests are failing. If this setting is // not specified, the failure refresh rate defaults to the DNS refresh rate. For cluster types - // other than :ref:`STRICT_DNS` and - // :ref:`LOGICAL_DNS` this setting is + // other than :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS` this setting is // ignored. RefreshRate dns_failure_refresh_rate = 44; @@ -841,30 +843,38 @@ message Cluster { // The DNS IP address resolution policy. If this setting is not specified, the // value defaults to - // :ref:`AUTO`. + // :ref:`AUTO`. DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}]; // If DNS resolvers are specified and the cluster type is either - // :ref:`STRICT_DNS`, - // or :ref:`LOGICAL_DNS`, + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, // this value is used to specify the cluster’s dns resolvers. // If this setting is not specified, the value defaults to the default // resolver, which uses /etc/resolv.conf for configuration. For cluster types // other than - // :ref:`STRICT_DNS` - // and :ref:`LOGICAL_DNS` + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` // this setting is ignored. // Setting this value causes failure if the // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during // server startup. Apple's API only allows overriding DNS resolvers via system settings. - repeated core.v3.Address dns_resolvers = 18; + // This field is deprecated in favor of *dns_resolution_config* + // which aggregates all of the DNS resolver configuration in a single message. + repeated core.v3.Address dns_resolvers = 18 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; - // [#next-major-version: Reconcile DNS options in a single message.] // Always use TCP queries instead of UDP queries for DNS lookups. // Setting this value causes failure if the // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during // server startup. Apple' API only uses UDP for DNS resolution. - bool use_tcp_for_dns_lookups = 45; + // This field is deprecated in favor of *dns_resolution_config* + // which aggregates all of the DNS resolver configuration in a single message. + bool use_tcp_for_dns_lookups = 45 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // DNS resolution configuration which includes the underlying dns resolver addresses and options. + core.v3.DnsResolutionConfig dns_resolution_config = 53; // If specified, outlier detection will be enabled for this upstream cluster. // Each of the configuration values can be overridden via @@ -872,7 +882,7 @@ message Cluster { OutlierDetection outlier_detection = 19; // The interval for removing stale hosts from a cluster type - // :ref:`ORIGINAL_DST`. + // :ref:`ORIGINAL_DST`. // Hosts are considered stale if they have not been used // as upstream destinations during this interval. New hosts are added // to original destination clusters on demand as new connections are @@ -882,7 +892,7 @@ message Cluster { // them remain open, saving the latency that would otherwise be spent // on opening new connections. If this setting is not specified, the // value defaults to 5000ms. For cluster types other than - // :ref:`ORIGINAL_DST` + // :ref:`ORIGINAL_DST` // this setting is ignored. google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}]; @@ -896,9 +906,9 @@ message Cluster { // Optional configuration for the load balancing algorithm selected by // LbPolicy. Currently only - // :ref:`RING_HASH`, - // :ref:`MAGLEV` and - // :ref:`LEAST_REQUEST` + // :ref:`RING_HASH`, + // :ref:`MAGLEV` and + // :ref:`LEAST_REQUEST` // has additional configuration options. // Specifying ring_hash_lb_config or maglev_lb_config or least_request_lb_config without setting the corresponding // LbPolicy will generate an error at runtime. @@ -921,7 +931,7 @@ message Cluster { // Optional custom transport socket implementation to use for upstream connections. // To setup TLS, set a transport socket with name `tls` and - // :ref:`UpstreamTlsContexts ` in the `typed_config`. + // :ref:`UpstreamTlsContexts ` in the `typed_config`. // If no transport socket configuration is specified, new connections // will be set up with plaintext. core.v3.TransportSocket transport_socket = 24; @@ -936,9 +946,9 @@ message Cluster { // Determines how Envoy selects the protocol used to speak to upstream hosts. // This has been deprecated in favor of setting explicit protocol selection // in the :ref:`http_protocol_options - // ` message. + // ` message. // http_protocol_options can be set via the cluster's - // :ref:`extension_protocol_options`. + // :ref:`extension_protocol_options`. ClusterProtocolSelection protocol_selection = 26 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; @@ -971,8 +981,8 @@ message Cluster { repeated Filter filters = 40; // [#not-implemented-hide:] New mechanism for LB policy configuration. Used only if the - // :ref:`lb_policy` field has the value - // :ref:`LOAD_BALANCING_POLICY_CONFIG`. + // :ref:`lb_policy` field has the value + // :ref:`LOAD_BALANCING_POLICY_CONFIG`. LoadBalancingPolicy load_balancing_policy = 41; // [#not-implemented-hide:] @@ -1000,7 +1010,7 @@ message Cluster { // .. attention:: // // This field has been deprecated in favor of `timeout_budgets`, part of - // :ref:`track_cluster_stats `. + // :ref:`track_cluster_stats `. bool track_timeout_budgets = 47 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/filter.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/filter.proto index 74f4a1137da..7d11b87bcd5 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/filter.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/filter.proto @@ -20,7 +20,8 @@ message Filter { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.cluster.Filter"; // The name of the filter to instantiate. The name must match a - // :ref:`supported filter `. + // supported upstream filter. Note that Envoy's :ref:`downstream network + // filters ` are not valid upstream filters. string name = 1 [(validate.rules).string = {min_len: 1}]; // Filter specific configuration which depends on the filter being diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto index e69b4469185..b19e95db99b 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto @@ -35,7 +35,7 @@ message OutlierDetection { // The base time that a host is ejected for. The real time is equal to the // base time multiplied by the number of times the host has been ejected and is - // capped by :ref:`max_ejection_time`. + // capped by :ref:`max_ejection_time`. // Defaults to 30000ms or 30s. google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration = {gt {}}]; @@ -87,16 +87,16 @@ message OutlierDetection { // Determines whether to distinguish local origin failures from external errors. If set to true // the following configuration parameters are taken into account: - // :ref:`consecutive_local_origin_failure`, - // :ref:`enforcing_consecutive_local_origin_failure` + // :ref:`consecutive_local_origin_failure`, + // :ref:`enforcing_consecutive_local_origin_failure` // and - // :ref:`enforcing_local_origin_success_rate`. + // :ref:`enforcing_local_origin_success_rate`. // Defaults to false. bool split_external_local_origin_errors = 12; // The number of consecutive locally originated failures before ejection // occurs. Defaults to 5. Parameter takes effect only when - // :ref:`split_external_local_origin_errors` + // :ref:`split_external_local_origin_errors` // is set to true. google.protobuf.UInt32Value consecutive_local_origin_failure = 13; @@ -104,7 +104,7 @@ message OutlierDetection { // is detected through consecutive locally originated failures. This setting can be // used to disable ejection or to ramp it up slowly. Defaults to 100. // Parameter takes effect only when - // :ref:`split_external_local_origin_errors` + // :ref:`split_external_local_origin_errors` // is set to true. google.protobuf.UInt32Value enforcing_consecutive_local_origin_failure = 14 [(validate.rules).uint32 = {lte: 100}]; @@ -113,7 +113,7 @@ message OutlierDetection { // is detected through success rate statistics for locally originated errors. // This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. // Parameter takes effect only when - // :ref:`split_external_local_origin_errors` + // :ref:`split_external_local_origin_errors` // is set to true. google.protobuf.UInt32Value enforcing_local_origin_success_rate = 15 [(validate.rules).uint32 = {lte: 100}]; @@ -150,8 +150,8 @@ message OutlierDetection { // this host. Defaults to 50. google.protobuf.UInt32Value failure_percentage_request_volume = 20; - // The maximum time that a host is ejected for. See :ref:`base_ejection_time` + // The maximum time that a host is ejected for. See :ref:`base_ejection_time` // for more information. If not specified, the default value (300000ms or 300s) or - // :ref:`base_ejection_time` value is applied, whatever is larger. + // :ref:`base_ejection_time` value is applied, whatever is larger. google.protobuf.Duration max_ejection_time = 21 [(validate.rules).duration = {gt {}}]; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto index a6fc6690a35..06876d5f8e4 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto @@ -37,7 +37,7 @@ message EnvoyInternalAddress { oneof address_name_specifier { option (validate.required) = true; - // [#not-implemented-hide:] The :ref:`listener name ` of the destination internal listener. + // [#not-implemented-hide:] The :ref:`listener name ` of the destination internal listener. string server_listener_name = 1; } } @@ -57,13 +57,13 @@ message SocketAddress { // to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` // to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: // It is possible to distinguish a Listener address via the prefix/suffix matching - // in :ref:`FilterChainMatch `.] When used - // within an upstream :ref:`BindConfig `, the address + // in :ref:`FilterChainMatch `.] When used + // within an upstream :ref:`BindConfig `, the address // controls the source address of outbound connections. For :ref:`clusters - // `, the cluster type determines whether the + // `, the cluster type determines whether the // address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS // (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized - // via :ref:`resolver_name `. + // via :ref:`resolver_name `. string address = 2 [(validate.rules).string = {min_len: 1}]; oneof port_specifier { @@ -72,7 +72,7 @@ message SocketAddress { uint32 port_value = 3 [(validate.rules).uint32 = {lte: 65535}]; // This is only valid if :ref:`resolver_name - // ` is specified below and the + // ` is specified below and the // named resolver is capable of named port resolution. string named_port = 4; } @@ -117,7 +117,7 @@ message BindConfig { // Whether to set the *IP_FREEBIND* option when creating the socket. When this // flag is set to true, allows the :ref:`source_address - // ` to be an IP address + // ` to be an IP address // that is not configured on the system running Envoy. When this flag is set // to false, the option *IP_FREEBIND* is disabled on the socket. When this // flag is not set (default), the socket is not modified, i.e. the option is diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/backoff.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/backoff.proto index 55b504e7165..3ffa97bb029 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/backoff.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/backoff.proto @@ -21,7 +21,7 @@ message BackoffStrategy { // The base interval to be used for the next back off computation. It should // be greater than zero and less than or equal to :ref:`max_interval - // `. + // `. google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { required: true gte {nanos: 1000000} @@ -29,8 +29,8 @@ message BackoffStrategy { // Specifies the maximum interval between retries. This parameter is optional, // but must be greater than or equal to the :ref:`base_interval - // ` if set. The default + // ` if set. The default // is 10 times the :ref:`base_interval - // `. + // `. google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}]; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto index f5e677caf95..d6c507b8dec 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto @@ -69,12 +69,12 @@ enum TrafficDirection { message Locality { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Locality"; - // Region this :ref:`zone ` belongs to. + // Region this :ref:`zone ` belongs to. string region = 1; // Defines the local service zone where Envoy is running. Though optional, it // should be set if discovery service routing is used and the discovery - // service exposes :ref:`zone data `, + // service exposes :ref:`zone data `, // either in this message or via :option:`--service-zone`. The meaning of zone // is context dependent, e.g. `Availability Zone (AZ) // `_ @@ -154,10 +154,10 @@ message Node { // optional, it should be set if any of the following features are used: // :ref:`statsd `, :ref:`health check cluster // verification - // `, - // :ref:`runtime override directory `, + // `, + // :ref:`runtime override directory `, // :ref:`user agent addition - // `, + // `, // :ref:`HTTP global rate limiting `, // :ref:`CDS `, and :ref:`HTTP tracing // `, either in this message or via @@ -236,7 +236,19 @@ message Metadata { // Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.* // namespace is reserved for Envoy's built-in filters. + // If both *filter_metadata* and + // :ref:`typed_filter_metadata ` + // fields are present in the metadata with same keys, + // only *typed_filter_metadata* field will be parsed. map filter_metadata = 1; + + // Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.* + // namespace is reserved for Envoy's built-in filters. + // The value is encoded as google.protobuf.Any. + // If both :ref:`filter_metadata ` + // and *typed_filter_metadata* fields are present in the metadata with same keys, + // only *typed_filter_metadata* field will be parsed. + map typed_filter_metadata = 2; } // Runtime derived uint32 with a default when not specified. @@ -352,7 +364,7 @@ message DataSource { message RetryPolicy { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RetryPolicy"; - // Specifies parameters that control :ref:`retry backoff strategy `. + // Specifies parameters that control :ref:`retry backoff strategy `. // This parameter is optional, in which case the default base interval is 1000 milliseconds. The // default maximum interval is 10 times the base interval. BackoffStrategy retry_back_off = 1; @@ -393,7 +405,7 @@ message AsyncDataSource { } // Configuration for transport socket in :ref:`listeners ` and -// :ref:`clusters `. If the configuration is +// :ref:`clusters `. If the configuration is // empty, a default transport socket implementation and configuration will be // chosen based on the platform and existence of tls_context. message TransportSocket { @@ -420,7 +432,7 @@ message TransportSocket { // .. note:: // // Parsing of the runtime key's data is implemented such that it may be represented as a -// :ref:`FractionalPercent ` proto represented as JSON/YAML +// :ref:`FractionalPercent ` proto represented as JSON/YAML // and may also be represented as an integer with the assumption that the value is an integral // percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse // as a `FractionalPercent` whose numerator is 42 and denominator is HUNDRED. diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto index c83e9125c70..43519c010b7 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto @@ -109,7 +109,7 @@ message ApiConfigSource { } // Aggregated Discovery Service (ADS) options. This is currently empty, but when -// set in :ref:`ConfigSource ` can be used to +// set in :ref:`ConfigSource ` can be used to // specify that ADS is to be used. message AggregatedConfigSource { option (udpa.annotations.versioning).previous_message_type = @@ -118,7 +118,7 @@ message AggregatedConfigSource { // [#not-implemented-hide:] // Self-referencing config source options. This is currently empty, but when -// set in :ref:`ConfigSource ` can be used to +// set in :ref:`ConfigSource ` can be used to // specify that other data can be obtained from the same server. message SelfConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SelfConfigSource"; @@ -144,7 +144,7 @@ message RateLimitSettings { // Configuration for :ref:`listeners `, :ref:`clusters // `, :ref:`routes -// `, :ref:`endpoints +// `, :ref:`endpoints // ` etc. may either be sourced from the // filesystem or from an xDS API source. Filesystem configs are watched with // inotify for updates. @@ -162,7 +162,7 @@ message ConfigSource { option (validate.required) = true; // Path on the filesystem to source and watch for configuration updates. - // When sourcing configuration for :ref:`secret `, + // When sourcing configuration for :ref:`secret `, // the certificate and key files are also watched for updates. // // .. note:: @@ -186,7 +186,7 @@ message ConfigSource { // [#not-implemented-hide:] // When set, the client will access the resources from the same server it got the // ConfigSource from, although not necessarily from the same stream. This is similar to the - // :ref:`ads` field, except that the client may use a + // :ref:`ads` field, except that the client may use a // different stream to the same server. As a result, this field can be used for things // like LRS that cannot be sent on an ADS stream. It can also be used to link from (e.g.) // LDS to RDS on the same server without requiring the management server to know its name diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto index 103c8b90f63..a7f29c8f529 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto @@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: gRPC services] // gRPC service configuration. This is used by :ref:`ApiConfigSource -// ` and filter configurations. +// ` and filter configurations. // [#next-free-field: 6] message GrpcService { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.GrpcService"; @@ -33,8 +33,8 @@ message GrpcService { "envoy.api.v2.core.GrpcService.EnvoyGrpc"; // The name of the upstream gRPC cluster. SSL credentials will be supplied - // in the :ref:`Cluster ` :ref:`transport_socket - // `. + // in the :ref:`Cluster ` :ref:`transport_socket + // `. string cluster_name = 1 [(validate.rules).string = {min_len: 1}]; // The `:authority` header in the grpc request. If this field is not set, the authority header value will be `cluster_name`. @@ -230,7 +230,7 @@ message GrpcService { // The target URI when using the `Google C++ gRPC client // `_. SSL credentials will be supplied in - // :ref:`channel_credentials `. + // :ref:`channel_credentials `. string target_uri = 1 [(validate.rules).string = {min_len: 1}]; ChannelCredentials channel_credentials = 2; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto index 27710830536..304297e7c01 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto @@ -85,7 +85,7 @@ message HealthCheck { // The value of the host header in the HTTP health check request. If // left empty (default value), the name of the cluster this health check is associated // with will be used. The host header can be customized for a specific endpoint by setting the - // :ref:`hostname ` field. + // :ref:`hostname ` field. string host = 1 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; // Specifies the HTTP path that will be requested during health checking. For example @@ -114,7 +114,7 @@ message HealthCheck { // Specifies a list of HTTP response statuses considered healthy. If provided, replaces default // 200-only policy - 200 must be included explicitly as needed. Ranges follow half-open - // semantics of :ref:`Int64Range `. The start and end of each + // semantics of :ref:`Int64Range `. The start and end of each // range are required. Only statuses in the range [100, 600) are allowed. repeated type.v3.Int64Range expected_statuses = 9; @@ -123,7 +123,7 @@ message HealthCheck { // An optional service name parameter which is used to validate the identity of // the health checked cluster using a :ref:`StringMatcher - // `. See the :ref:`architecture overview + // `. See the :ref:`architecture overview // ` for more information. type.matcher.v3.StringMatcher service_name_matcher = 11; } @@ -170,7 +170,7 @@ message HealthCheck { // The value of the :authority header in the gRPC health check request. If // left empty (default value), the name of the cluster this health check is associated // with will be used. The authority header can be customized for a specific endpoint by setting - // the :ref:`hostname ` field. + // the :ref:`hostname ` field. string authority = 2 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; } @@ -205,7 +205,7 @@ message HealthCheck { // Specifies the ALPN protocols for health check connections. This is useful if the // corresponding upstream is using ALPN-based :ref:`FilterChainMatch - // ` along with different protocols for health checks + // ` along with different protocols for health checks // versus data connections. If empty, no ALPN protocols will be set on health check connections. repeated string alpn_protocols = 1; } @@ -339,7 +339,7 @@ message HealthCheck { TlsOptions tls_options = 21; // Optional key/value pairs that will be used to match a transport socket from those specified in the cluster's - // :ref:`tranport socket matches `. + // :ref:`tranport socket matches `. // For example, the following match criteria // // .. code-block:: yaml @@ -347,7 +347,7 @@ message HealthCheck { // transport_socket_match_criteria: // useMTLS: true // - // Will match the following :ref:`cluster socket match ` + // Will match the following :ref:`cluster socket match ` // // .. code-block:: yaml // @@ -360,13 +360,13 @@ message HealthCheck { // config: { ... } # tls socket configuration // // If this field is set, then for health checks it will supersede an entry of *envoy.transport_socket* in the - // :ref:`LbEndpoint.Metadata `. + // :ref:`LbEndpoint.Metadata `. // This allows using different transport socket capabilities for health checking versus proxying to the // endpoint. // // If the key/values pairs specified do not match any - // :ref:`transport socket matches `, - // the cluster's :ref:`transport socket ` + // :ref:`transport socket matches `, + // the cluster's :ref:`transport socket ` // will be used for health check socket configuration. google.protobuf.Struct transport_socket_match_criteria = 23; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto index 4109b19a4ab..cf98e537261 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto @@ -31,6 +31,28 @@ message QuicProtocolOptions { // Maximum number of streams that the client can negotiate per connection. 100 // if not specified. google.protobuf.UInt32Value max_concurrent_streams = 1; + + // `Initial stream-level flow-control receive window + // `_ size. Valid values range from + // 1 to 16777216 (2^24, maximum supported by QUICHE) and defaults to 65536 (2^16). + // + // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use 16384 instead. + // QUICHE IETF Quic implementation supports 1 bytes window. We only support increasing the default window size now, so it's also the minimum. + // + // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the + // QUIC stream send and receive buffers. Once the buffer reaches this pointer, watermark callbacks will fire to + // stop the flow of data to the stream buffers. + google.protobuf.UInt32Value initial_stream_window_size = 2 + [(validate.rules).uint32 = {lte: 16777216 gte: 1}]; + + // Similar to *initial_stream_window_size*, but for connection-level + // flow-control. Valid values rage from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults to 65536 (2^16). + // window. Currently, this has the same minimum/default as *initial_stream_window_size*. + // + // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default + // window size now, so it's also the minimum. + google.protobuf.UInt32Value initial_connection_window_size = 3 + [(validate.rules).uint32 = {lte: 25165824 gte: 1}]; } message UpstreamHttpProtocolOptions { @@ -49,6 +71,28 @@ message UpstreamHttpProtocolOptions { bool auto_san_validation = 2; } +// Configures the alternate protocols cache which tracks alternate protocols that can be used to +// make an HTTP connection to an origin server. See https://tools.ietf.org/html/rfc7838 for +// HTTP Alternate Services and https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-04 +// for the "HTTPS" DNS resource record. +message AlternateProtocolsCacheOptions { + // The name of the cache. Multiple named caches allow independent alternate protocols cache + // configurations to operate within a single Envoy process using different configurations. All + // alternate protocols cache options with the same name *must* be equal in all fields when + // referenced from different configuration components. Configuration will fail to load if this is + // not the case. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // The maximum number of entries that the cache will hold. If not specified defaults to 1024. + // + // .. note: + // + // The implementation is approximate and enforced independently on each worker thread, thus + // it is possible for the maximum entries in the cache to go slightly above the configured + // value depending on timing. This is similar to how other circuit breakers work. + google.protobuf.UInt32Value max_entries = 2 [(validate.rules).uint32 = {gt: 0}]; +} + // [#next-free-field: 6] message HttpProtocolOptions { option (udpa.annotations.versioning).previous_message_type = @@ -79,7 +123,7 @@ message HttpProtocolOptions { // idle timeout is reached the connection will be closed. If the connection is an HTTP/2 // downstream connection a drain sequence will occur prior to closing the connection, see // :ref:`drain_timeout - // `. + // `. // Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. // If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0. // @@ -89,14 +133,14 @@ message HttpProtocolOptions { // // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" // is configured, this timeout is scaled for downstream connections according to the value for - // :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE `. + // :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE `. google.protobuf.Duration idle_timeout = 1; // The maximum duration of a connection. The duration is defined as a period since a connection // was established. If not set, there is no max duration. When max_connection_duration is reached // the connection will be closed. Drain sequence will occur prior to closing the connection if // if's applicable. See :ref:`drain_timeout - // `. + // `. // Note: not implemented for upstream connections. google.protobuf.Duration max_connection_duration = 3; @@ -200,10 +244,8 @@ message Http1ProtocolOptions { message KeepaliveSettings { // Send HTTP/2 PING frames at this period, in order to test that the connection is still alive. - google.protobuf.Duration interval = 1 [(validate.rules).duration = { - required: true - gte {nanos: 1000000} - }]; + // If this is zero, interval PINGs will not be sent. + google.protobuf.Duration interval = 1 [(validate.rules).duration = {gte {nanos: 1000000}}]; // How long to wait for a response to a keepalive PING. If a response is not received within this // time period, the connection will be aborted. @@ -216,6 +258,14 @@ message KeepaliveSettings { // A value of zero means there will be no jitter. // The default value is 15%. type.v3.Percent interval_jitter = 3; + + // If the connection has been idle for this duration, send a HTTP/2 ping ahead + // of new stream creation, to quickly detect dead connections. + // If this is zero, this type of PING will not be sent. + // If an interval ping is outstanding, a second ping will not be sent as the + // interval ping will determine if the connection is dead. + google.protobuf.Duration connection_idle_interval = 4 + [(validate.rules).duration = {gte {nanos: 1000000}}]; } // [#next-free-field: 16] @@ -416,8 +466,6 @@ message GrpcProtocolOptions { Http2ProtocolOptions http2_protocol_options = 1; } -// [#not-implemented-hide:] -// // A message which allows using HTTP/3. message Http3ProtocolOptions { QuicProtocolOptions quic_protocol_options = 1; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/resolver.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/resolver.proto new file mode 100644 index 00000000000..21d40425f7a --- /dev/null +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/resolver.proto @@ -0,0 +1,41 @@ +syntax = "proto3"; + +package envoy.config.core.v3; + +import "envoy/config/core/v3/address.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v3"; +option java_outer_classname = "ResolverProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Resolver] + +// Configuration of DNS resolver option flags which control the behavior of the DNS resolver. +message DnsResolverOptions { + // Use TCP for all DNS queries instead of the default protocol UDP. + // Setting this value causes failure if the + // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during + // server startup. Apple's API only uses UDP for DNS resolution. + bool use_tcp_for_dns_lookups = 1; + + // Do not use the default search domains; only query hostnames as-is or as aliases. + bool no_default_search_domain = 2; +} + +// DNS resolution configuration which includes the underlying dns resolver addresses and options. +message DnsResolutionConfig { + // A list of dns resolver addresses. If specified, the DNS client library will perform resolution + // via the underlying DNS resolvers. Otherwise, the default system resolvers + // (e.g., /etc/resolv.conf) will be used. + // Setting this value causes failure if the + // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during + // server startup. Apple's API only allows overriding DNS resolvers via system settings. + repeated Address resolvers = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Configuration of DNS resolver option flags which control the behavior of the DNS resolver. + DnsResolverOptions dns_resolver_options = 2; +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto index 85eeabe6621..b2a1c5e13ee 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto @@ -109,5 +109,6 @@ message SubstitutionFormatString { // Specifies a collection of Formatter plugins that can be called from the access log configuration. // See the formatters extensions documentation for details. + // [#extension-category: envoy.formatter] repeated TypedExtensionConfig formatters = 6; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto index 2db0ebcd7cd..b22a644eeae 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto @@ -101,9 +101,9 @@ message ClusterLoadAssignment { } // Name of the cluster. This will be the :ref:`service_name - // ` value if specified + // ` value if specified // in the cluster :ref:`EdsClusterConfig - // `. + // `. string cluster_name = 1 [(validate.rules).string = {min_len: 1}]; // List of endpoints to load balance to. diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto index b880a38d1a3..0e10ac3b2fc 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto @@ -37,8 +37,8 @@ message Endpoint { uint32 port_value = 1 [(validate.rules).uint32 = {lte: 65535}]; // By default, the host header for L7 health checks is controlled by cluster level configuration - // (see: :ref:`host ` and - // :ref:`authority `). Setting this + // (see: :ref:`host ` and + // :ref:`authority `). Setting this // to a non-empty value allows overriding the cluster level configuration for a specific // endpoint. string hostname = 2; @@ -50,7 +50,7 @@ message Endpoint { // // The form of host address depends on the given cluster type. For STATIC or EDS, // it is expected to be a direct IP address (or something resolvable by the - // specified :ref:`resolver ` + // specified :ref:`resolver ` // in the Address). For LOGICAL or STRICT DNS, it is expected to be hostname, // and will be resolved via DNS. core.v3.Address address = 1; @@ -67,7 +67,7 @@ message Endpoint { // The hostname associated with this endpoint. This hostname is not used for routing or address // resolution. If provided, it will be associated with the endpoint, and can be used for features // that require a hostname, like - // :ref:`auto_host_rewrite `. + // :ref:`auto_host_rewrite `. string hostname = 3; } @@ -92,7 +92,7 @@ message LbEndpoint { // name should be specified as *envoy.lb*. An example boolean key-value pair // is *canary*, providing the optional canary status of the upstream host. // This may be matched against in a route's - // :ref:`RouteAction ` metadata_match field + // :ref:`RouteAction ` metadata_match field // to subset the endpoints considered in cluster load balancing. core.v3.Metadata metadata = 3; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto index 7140ca05afc..c114fa72662 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto @@ -20,7 +20,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Load Report] // These are stats Envoy reports to the management server at a frequency defined by -// :ref:`LoadStatsResponse.load_reporting_interval`. +// :ref:`LoadStatsResponse.load_reporting_interval`. // Stats per upstream region/zone and optionally per subzone. // [#next-free-field: 9] message UpstreamLocalityStats { @@ -52,7 +52,7 @@ message UpstreamLocalityStats { // Endpoint granularity stats information for this locality. This information // is populated if the Server requests it by setting - // :ref:`LoadStatsResponse.report_endpoint_granularity`. + // :ref:`LoadStatsResponse.report_endpoint_granularity`. repeated UpstreamEndpointStats upstream_endpoint_stats = 7; // [#not-implemented-hide:] The priority of the endpoint group these metrics @@ -118,7 +118,7 @@ message EndpointLoadMetricStats { } // Per cluster load stats. Envoy reports these stats a management server in a -// :ref:`LoadStatsRequest` +// :ref:`LoadStatsRequest` // Next ID: 7 // [#next-free-field: 7] message ClusterStats { diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto index 5461318ada0..b5bda9562ce 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto @@ -60,7 +60,7 @@ message Listener { // set use_original_dst parameter to true. Default is true. // // This is deprecated. Use :ref:`Listener.bind_to_port - // ` + // ` google.protobuf.BoolValue bind_to_port = 1; } @@ -111,8 +111,8 @@ message Listener { string stat_prefix = 28; // A list of filter chains to consider for this listener. The - // :ref:`FilterChain ` with the most specific - // :ref:`FilterChainMatch ` criteria is used on a + // :ref:`FilterChain ` with the most specific + // :ref:`FilterChainMatch ` criteria is used on a // connection. // // Example using SNI for filter chain selection can be found in the @@ -147,12 +147,12 @@ message Listener { // Listener filters have the opportunity to manipulate and augment the connection metadata that // is used in connection filter chain matching, for example. These filters are run before any in - // :ref:`filter_chains `. Order matters as the + // :ref:`filter_chains `. Order matters as the // filters are processed sequentially right after a socket has been accepted by the listener, and // before a connection is created. // UDP Listener filters can be specified when the protocol in the listener socket address in - // :ref:`protocol ` is :ref:`UDP - // `. + // :ref:`protocol ` is :ref:`UDP + // `. // UDP listeners currently support a single filter. repeated ListenerFilter listener_filters = 9; @@ -176,7 +176,7 @@ message Listener { // *iptables* *TPROXY* target, in which case the original source and destination addresses and // ports are preserved on accepted connections. This flag should be used in combination with // :ref:`an original_dst ` :ref:`listener filter - // ` to mark the connections' local addresses as + // ` to mark the connections' local addresses as // "restored." This can be used to hand off each redirected connection to another listener // associated with the connection's destination address. Direct connections to the socket without // using *TPROXY* cannot be distinguished from connections redirected using *TPROXY* and are @@ -221,14 +221,14 @@ message Listener { core.v3.TrafficDirection traffic_direction = 16; // If the protocol in the listener socket address in :ref:`protocol - // ` is :ref:`UDP - // `, this field specifies UDP + // ` is :ref:`UDP + // `, this field specifies UDP // listener specific configuration. UdpListenerConfig udp_listener_config = 18; // Used to represent an API listener, which is used in non-proxy clients. The type of API // exposed to the non-proxy application depends on the type of API listener. - // When this field is set, no other field except for :ref:`name` + // When this field is set, no other field except for :ref:`name` // should be set. // // .. note:: @@ -249,8 +249,8 @@ message Listener { // worker threads. // // In the scenario that the listener X redirects all the connections to the listeners Y1 and Y2 - // by setting :ref:`use_original_dst ` in X - // and :ref:`bind_to_port ` to false in Y1 and Y2, + // by setting :ref:`use_original_dst ` in X + // and :ref:`bind_to_port ` to false in Y1 and Y2, // it is recommended to disable the balance config in listener X to avoid the cost of balancing, and // enable the balance config in Y1 and Y2 to balance the connections among the workers. ConnectionBalanceConfig connection_balance_config = 20; @@ -277,7 +277,7 @@ message Listener { // Whether the listener should bind to the port. A listener that doesn't // bind can only receive connections redirected from other listeners that set - // :ref:`use_original_dst ` + // :ref:`use_original_dst ` // to true. Default is true. google.protobuf.BoolValue bind_to_port = 26; @@ -289,16 +289,16 @@ message Listener { // Used to represent an internal listener which does not listen on OSI L4 address but can be used by the // :ref:`envoy cluster ` to create a user space connection to. // The internal listener acts as a tcp listener. It supports listener filters and network filter chains. - // The internal listener require :ref:`address ` has + // The internal listener require :ref:`address ` has // field `envoy_internal_address`. // // There are some limitations are derived from the implementation. The known limitations include // - // * :ref:`ConnectionBalanceConfig ` is not + // * :ref:`ConnectionBalanceConfig ` is not // allowed because both cluster connection and listener connection must be owned by the same dispatcher. - // * :ref:`tcp_backlog_size ` - // * :ref:`freebind ` - // * :ref:`transparent ` + // * :ref:`tcp_backlog_size ` + // * :ref:`freebind ` + // * :ref:`transparent ` // [#not-implemented-hide:] InternalListenerConfig internal_listener = 27; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto index 55ffcd6490e..e6d73b791c2 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto @@ -239,7 +239,7 @@ message FilterChain { // Optional custom transport socket implementation to use for downstream connections. // To setup TLS, set a transport socket with name `tls` and - // :ref:`DownstreamTlsContext ` in the `typed_config`. + // :ref:`DownstreamTlsContext ` in the `typed_config`. // If no transport socket configuration is specified, new connections // will be set up with plaintext. // [#extension-category: envoy.transport_sockets.downstream] @@ -345,7 +345,7 @@ message ListenerFilter { } // Optional match predicate used to disable the filter. The filter is enabled when this field is empty. - // See :ref:`ListenerFilterChainMatchPredicate ` + // See :ref:`ListenerFilterChainMatchPredicate ` // for further examples. ListenerFilterChainMatchPredicate filter_disabled = 4; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto index 69df722c6fb..1432e1911b5 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto @@ -3,12 +3,15 @@ syntax = "proto3"; package envoy.config.listener.v3; import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/protocol.proto"; import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.listener.v3"; option java_outer_classname = "QuicConfigProto"; @@ -18,6 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: QUIC listener config] // Configuration specific to the UDP QUIC listener. +// [#next-free-field: 8] message QuicProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.QuicProtocolOptions"; @@ -35,4 +39,24 @@ message QuicProtocolOptions { // Runtime flag that controls whether the listener is enabled or not. If not specified, defaults // to enabled. core.v3.RuntimeFeatureFlag enabled = 4; + + // A multiplier to number of connections which is used to determine how many packets to read per + // event loop. A reasonable number should allow the listener to process enough payload but not + // starve TCP and other UDP sockets and also prevent long event loop duration. + // The default value is 32. This means if there are N QUIC connections, the total number of + // packets to read in each read event will be 32 * N. + // The actual number of packets to read in total by the UDP listener is also + // bound by 6000, regardless of this field or how many connections there are. + google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5 + [(validate.rules).uint32 = {gte: 1}]; + + // Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener. + // If not specified the :ref:`QUICHE default one configured by ` will be used. + // [#extension-category: envoy.quic.server.crypto_stream] + core.v3.TypedExtensionConfig crypto_stream_config = 6; + + // Configure which implementation of `quic::ProofSource` to be used for this listener. + // If not specified the :ref:`default one configured by ` will be used. + // [#extension-category: envoy.quic.proof_source] + core.v3.TypedExtensionConfig proof_source_config = 7; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto index 614f7e9d323..57088ac5fe1 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto @@ -33,8 +33,10 @@ message UdpListenerConfig { // Configuration for QUIC protocol. If empty, QUIC will not be enabled on this listener. Set // to the default object to enable QUIC without modifying any additional options. - // [#not-implemented-hide:] - // [#comment:Unhide when QUIC alpha is announced with other docs.] + // + // .. warning:: + // QUIC support is currently alpha and should be used with caution. Please + // see :ref:`here ` for details. QuicProtocolOptions quic_options = 7; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto index 4893b5504ac..d442cffe36a 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto @@ -35,7 +35,7 @@ message StatsSink { string name = 1; // Stats sink specific configuration which depends on the sink being instantiated. See - // :ref:`StatsdSink ` for an example. + // :ref:`StatsdSink ` for an example. // [#extension-category: envoy.stats_sinks] oneof config_type { google.protobuf.Any typed_config = 3; @@ -49,13 +49,13 @@ message StatsConfig { // Each stat name is iteratively processed through these tag specifiers. // When a tag is matched, the first capture group is removed from the name so - // later :ref:`TagSpecifiers ` cannot match that + // later :ref:`TagSpecifiers ` cannot match that // same portion of the match. repeated TagSpecifier stats_tags = 1; // Use all default tag regexes specified in Envoy. These can be combined with // custom tags specified in :ref:`stats_tags - // `. They will be processed before + // `. They will be processed before // the custom tags. // // .. note:: @@ -117,7 +117,7 @@ message StatsMatcher { // However, StatsMatcher can be used to limit the creation of families of stats in order to // conserve memory. Stats can either be disabled entirely, or they can be // limited by either an exclusion or an inclusion list of :ref:`StringMatcher - // ` protos: + // ` protos: // // * If `reject_all` is set to `true`, no stats will be instantiated. If `reject_all` is set to // `false`, all stats will be instantiated. @@ -211,9 +211,9 @@ message TagSpecifier { // sink. Envoy has a set of default names and regexes to extract dynamic // portions of existing stats, which can be found in :repo:`well_known_names.h // ` in the Envoy repository. If a :ref:`tag_name - // ` is provided in the config and - // neither :ref:`regex ` or - // :ref:`fixed_value ` were specified, + // ` is provided in the config and + // neither :ref:`regex ` or + // :ref:`fixed_value ` were specified, // Envoy will attempt to find that name in its set of defaults and use the accompanying regex. // // .. note:: @@ -350,7 +350,7 @@ message StatsdSink { // Stats configuration proto schema for built-in *envoy.stat_sinks.dog_statsd* sink. // The sink emits stats with `DogStatsD `_ // compatible tags. Tags are configurable via :ref:`StatsConfig -// `. +// `. // [#extension: envoy.stat_sinks.dog_statsd] message DogStatsdSink { option (udpa.annotations.versioning).previous_message_type = @@ -367,7 +367,7 @@ message DogStatsdSink { } // Optional custom metric name prefix. See :ref:`StatsdSink's prefix field - // ` for more details. + // ` for more details. string prefix = 3; // Optional max datagram size to use when sending UDP messages. By default Envoy diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto index 11fc66ee0c1..3b7f79d605d 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto @@ -25,9 +25,9 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Role Based Access Control (RBAC)] // Role Based Access Control (RBAC) provides service-level and method-level access control for a -// service. RBAC policies are additive. The policies are examined in order. Requests are allowed -// or denied based on the `action` and whether a matching policy is found. For instance, if the -// action is ALLOW and a matching policy is found the request should be allowed. +// service. Requests are allowed or denied based on the `action` and whether a matching policy is +// found. For instance, if the action is ALLOW and a matching policy is found the request should be +// allowed. // // RBAC can also be used to make access logging decisions by communicating with access loggers // through dynamic metadata. When the action is LOG and at least one policy matches, the @@ -105,6 +105,7 @@ message RBAC { Action action = 1 [(validate.rules).enum = {defined_only: true}]; // Maps from policy name to policy. A match occurs when at least one policy matches the request. + // The policies are evaluated in lexicographic order of the policy name. map policies = 2; } @@ -200,7 +201,7 @@ message Permission { // * If the :ref:`TLS Inspector ` // filter is not added, and if a `FilterChainMatch` is not defined for // the :ref:`server name - // `, + // `, // a TLS connection's requested SNI server name will be treated as if it // wasn't present. // @@ -265,7 +266,7 @@ message Principal { // A CIDR block that describes the downstream remote/origin address. // Note: This is always the physical peer even if the - // :ref:`remote_ip ` is + // :ref:`remote_ip ` is // inferred from for example the x-forwarder-for header, proxy protocol, // etc. core.v3.CidrRange direct_remote_ip = 10; @@ -273,7 +274,7 @@ message Principal { // A CIDR block that describes the downstream remote/origin address. // Note: This may not be the physical peer and could be different from the // :ref:`direct_remote_ip - // `. E.g, if the + // `. E.g, if the // remote ip is inferred from for example the x-forwarder-for header, proxy // protocol, etc. core.v3.CidrRange remote_ip = 11; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto index 4588af78cb4..80956fdeb4e 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto @@ -27,8 +27,8 @@ message RouteConfiguration { // The name of the route configuration. For example, it might match // :ref:`route_config_name - // ` in - // :ref:`envoy_api_msg_extensions.filters.network.http_connection_manager.v3.Rds`. + // ` in + // :ref:`envoy_v3_api_msg_extensions.filters.network.http_connection_manager.v3.Rds`. string name = 1; // An array of virtual hosts that make up the route table. @@ -52,8 +52,8 @@ message RouteConfiguration { // Specifies a list of HTTP headers that should be added to each response that // the connection manager encodes. Headers specified at this level are applied - // after headers from any enclosed :ref:`envoy_api_msg_config.route.v3.VirtualHost` or - // :ref:`envoy_api_msg_config.route.v3.RouteAction`. For more information, including details on + // after headers from any enclosed :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` or + // :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. repeated core.v3.HeaderValueOption response_headers_to_add = 4 @@ -67,8 +67,8 @@ message RouteConfiguration { // Specifies a list of HTTP headers that should be added to each request // routed by the HTTP connection manager. Headers specified at this level are - // applied after headers from any enclosed :ref:`envoy_api_msg_config.route.v3.VirtualHost` or - // :ref:`envoy_api_msg_config.route.v3.RouteAction`. For more information, including details on + // applied after headers from any enclosed :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` or + // :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. repeated core.v3.HeaderValueOption request_headers_to_add = 6 @@ -99,22 +99,22 @@ message RouteConfiguration { // route table will load and the router filter will return a 404 if the route // is selected at runtime. This setting defaults to true if the route table // is statically defined via the :ref:`route_config - // ` + // ` // option. This setting default to false if the route table is loaded dynamically via the // :ref:`rds - // ` + // ` // option. Users may wish to override the default behavior in certain cases (for example when // using CDS with a static route table). google.protobuf.BoolValue validate_clusters = 7; // The maximum bytes of the response :ref:`direct response body - // ` size. If not specified the default + // ` size. If not specified the default // is 4096. // // .. warning:: // // Envoy currently holds the content of :ref:`direct response body - // ` in memory. Be careful setting + // ` in memory. Be careful setting // this to be larger than the default 4KB, since the allocated memory for direct response body // is not subject to data plane buffering controls. // diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto index 9532757cae4..ee82e8f7322 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto @@ -102,8 +102,8 @@ message VirtualHost { // Specifies a list of HTTP headers that should be added to each request // handled by this virtual host. Headers specified at this level are applied - // after headers from enclosed :ref:`envoy_api_msg_config.route.v3.Route` and before headers from the - // enclosing :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including + // after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the + // enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on :ref:`custom request headers // `. repeated core.v3.HeaderValueOption request_headers_to_add = 7 @@ -117,8 +117,8 @@ message VirtualHost { // Specifies a list of HTTP headers that should be added to each response // handled by this virtual host. Headers specified at this level are applied - // after headers from enclosed :ref:`envoy_api_msg_config.route.v3.Route` and before headers from the - // enclosing :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including + // after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the + // enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on :ref:`custom request headers // `. repeated core.v3.HeaderValueOption response_headers_to_add = 10 @@ -139,7 +139,7 @@ message VirtualHost { // specific; see the :ref:`HTTP filter documentation ` // for if and how it is utilized. // [#comment: An entry's value may be wrapped in a - // :ref:`FilterConfig` + // :ref:`FilterConfig` // message to specify additional options.] map typed_per_filter_config = 15; @@ -150,7 +150,7 @@ message VirtualHost { // will see the attempt count as perceived by the second Envoy. Defaults to false. // This header is unaffected by the // :ref:`suppress_envoy_headers - // ` flag. + // ` flag. // // [#next-major-version: rename to include_attempt_count_in_request.] bool include_request_attempt_count = 14; @@ -162,7 +162,7 @@ message VirtualHost { // will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false. // This header is unaffected by the // :ref:`suppress_envoy_headers - // ` flag. + // ` flag. bool include_attempt_count_in_response = 19; // Indicates the retry policy for all routes in this virtual host. Note that setting a @@ -173,7 +173,7 @@ message VirtualHost { // [#not-implemented-hide:] // Specifies the configuration for retry policy extension. Note that setting a route level entry // will take precedence over this config and it'll be treated independently (e.g.: values are not - // inherited). :ref:`Retry policy ` should not be + // inherited). :ref:`Retry policy ` should not be // set if this field is used. google.protobuf.Any retry_policy_typed_config = 20; @@ -201,7 +201,7 @@ message FilterAction { // .. attention:: // // Envoy supports routing on HTTP method via :ref:`header matching -// `. +// `. // [#next-free-field: 19] message Route { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Route"; @@ -258,14 +258,14 @@ message Route { // specific; see the :ref:`HTTP filter documentation ` for // if and how it is utilized. // [#comment: An entry's value may be wrapped in a - // :ref:`FilterConfig` + // :ref:`FilterConfig` // message to specify additional options.] map typed_per_filter_config = 13; // Specifies a set of headers that will be added to requests matching this // route. Headers specified at this level are applied before headers from the - // enclosing :ref:`envoy_api_msg_config.route.v3.VirtualHost` and - // :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on + // enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. repeated core.v3.HeaderValueOption request_headers_to_add = 9 @@ -279,8 +279,8 @@ message Route { // Specifies a set of headers that will be added to responses to requests // matching this route. Headers specified at this level are applied before - // headers from the enclosing :ref:`envoy_api_msg_config.route.v3.VirtualHost` and - // :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including + // headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on // :ref:`custom request headers `. repeated core.v3.HeaderValueOption response_headers_to_add = 10 @@ -302,9 +302,9 @@ message Route { google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16; } -// Compared to the :ref:`cluster ` field that specifies a +// Compared to the :ref:`cluster ` field that specifies a // single upstream cluster as the target of a request, the :ref:`weighted_clusters -// ` option allows for specification of +// ` option allows for specification of // multiple upstream clusters along with weights that indicate the percentage of // traffic to be forwarded to each cluster. The router selects an upstream cluster based on the // weights. @@ -325,7 +325,7 @@ message WeightedCluster { string name = 1 [(validate.rules).string = {min_len: 1}]; // An integer between 0 and :ref:`total_weight - // `. When a request matches the route, + // `. When a request matches the route, // the choice of an upstream cluster is determined by its weight. The sum of weights across all // entries in the clusters array must add up to the total_weight, which defaults to 100. google.protobuf.UInt32Value weight = 2; @@ -333,38 +333,38 @@ message WeightedCluster { // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in // the upstream cluster with metadata matching what is set in this field will be considered for // load balancing. Note that this will be merged with what's provided in - // :ref:`RouteAction.metadata_match `, with + // :ref:`RouteAction.metadata_match `, with // values here taking precedence. The filter name should be specified as *envoy.lb*. core.v3.Metadata metadata_match = 3; // Specifies a list of headers to be added to requests when this cluster is selected - // through the enclosing :ref:`envoy_api_msg_config.route.v3.RouteAction`. + // through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. // Headers specified at this level are applied before headers from the enclosing - // :ref:`envoy_api_msg_config.route.v3.Route`, :ref:`envoy_api_msg_config.route.v3.VirtualHost`, and - // :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on + // :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. repeated core.v3.HeaderValueOption request_headers_to_add = 4 [(validate.rules).repeated = {max_items: 1000}]; // Specifies a list of HTTP headers that should be removed from each request when - // this cluster is selected through the enclosing :ref:`envoy_api_msg_config.route.v3.RouteAction`. + // this cluster is selected through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. repeated string request_headers_to_remove = 9 [(validate.rules).repeated = { items {string {well_known_regex: HTTP_HEADER_NAME strict: false}} }]; // Specifies a list of headers to be added to responses when this cluster is selected - // through the enclosing :ref:`envoy_api_msg_config.route.v3.RouteAction`. + // through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. // Headers specified at this level are applied before headers from the enclosing - // :ref:`envoy_api_msg_config.route.v3.Route`, :ref:`envoy_api_msg_config.route.v3.VirtualHost`, and - // :ref:`envoy_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on + // :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. repeated core.v3.HeaderValueOption response_headers_to_add = 5 [(validate.rules).repeated = {max_items: 1000}]; // Specifies a list of headers to be removed from responses when this cluster is selected - // through the enclosing :ref:`envoy_api_msg_config.route.v3.RouteAction`. + // through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. repeated string response_headers_to_remove = 6 [(validate.rules).repeated = { items {string {well_known_regex: HTTP_HEADER_NAME strict: false}} }]; @@ -375,7 +375,7 @@ message WeightedCluster { // specific; see the :ref:`HTTP filter documentation ` // for if and how it is utilized. // [#comment: An entry's value may be wrapped in a - // :ref:`FilterConfig` + // :ref:`FilterConfig` // message to specify additional options.] map typed_per_filter_config = 10; } @@ -546,7 +546,7 @@ message CorsPolicy { // If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS // filter will be enabled for 100% of the requests. // - // If :ref:`runtime_key ` is + // If :ref:`runtime_key ` is // specified, Envoy will lookup the runtime key to get the percentage of requests to filter. core.v3.RuntimeFractionalPercent filter_enabled = 9; } @@ -557,7 +557,7 @@ message CorsPolicy { // This field is intended to be used when ``filter_enabled`` and ``enabled`` are off. One of those // fields have to explicitly disable the filter in order for this setting to take effect. // - // If :ref:`runtime_key ` is specified, + // If :ref:`runtime_key ` is specified, // Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate // and track the request's *Origin* to determine if it's valid but will not enforce any policies. core.v3.RuntimeFractionalPercent shadow_enabled = 10; @@ -748,7 +748,7 @@ message RouteAction { // This overrides any enabled/disabled upgrade filter chain specified in the // HttpConnectionManager // :ref:`upgrade_configs - // ` + // ` // but does not affect any custom filter chain specified there. message UpgradeConfig { option (udpa.annotations.versioning).previous_message_type = @@ -783,9 +783,9 @@ message RouteAction { message MaxStreamDuration { // Specifies the maximum duration allowed for streams on the route. If not specified, the value // from the :ref:`max_stream_duration - // ` field in + // ` field in // :ref:`HttpConnectionManager.common_http_protocol_options - // ` + // ` // is used. If this field is set explicitly to zero, any // HttpConnectionManager max_stream_duration timeout will be disabled for // this route. @@ -849,7 +849,7 @@ message RouteAction { // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints // in the upstream cluster with metadata matching what's set in this field will be considered // for load balancing. If using :ref:`weighted_clusters - // `, metadata will be merged, with values + // `, metadata will be merged, with values // provided there taking precedence. The filter name should be specified as *envoy.lb*. core.v3.Metadata metadata_match = 4; @@ -860,16 +860,16 @@ message RouteAction { // ` header. // // Only one of *prefix_rewrite* or - // :ref:`regex_rewrite ` + // :ref:`regex_rewrite ` // may be specified. // // .. attention:: // // Pay careful attention to the use of trailing slashes in the - // :ref:`route's match ` prefix value. + // :ref:`route's match ` prefix value. // Stripping a prefix from a path requires multiple Routes to handle all cases. For example, // rewriting */prefix* to */* and */prefix/etc* to */etc* cannot be done in a single - // :ref:`Route `, as shown by the below config entries: + // :ref:`Route `, as shown by the below config entries: // // .. code-block:: yaml // @@ -896,7 +896,7 @@ message RouteAction { // before the rewrite into the :ref:`x-envoy-original-path // ` header. // - // Only one of :ref:`prefix_rewrite ` + // Only one of :ref:`prefix_rewrite ` // or *regex_rewrite* may be specified. // // Examples using Google's `RE2 `_ engine: @@ -978,14 +978,14 @@ message RouteAction { // Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, // although the connection manager wide :ref:`stream_idle_timeout - // ` + // ` // will still apply. A value of 0 will completely disable the route's idle timeout, even if a // connection manager stream idle timeout is configured. // // The idle timeout is distinct to :ref:`timeout - // `, which provides an upper bound + // `, which provides an upper bound // on the upstream response time; :ref:`idle_timeout - // ` instead bounds the amount + // ` instead bounds the amount // of time the request's stream may be idle. // // After header decoding, the idle timeout will apply on downstream and @@ -997,7 +997,7 @@ message RouteAction { // // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" // is configured, this timeout is scaled according to the value for - // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. google.protobuf.Duration idle_timeout = 24; // Indicates that the route has a retry policy. Note that if this is set, @@ -1008,7 +1008,7 @@ message RouteAction { // [#not-implemented-hide:] // Specifies the configuration for retry policy extension. Note that if this is set, it'll take // precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, - // most internal one becomes the enforced policy). :ref:`Retry policy ` + // most internal one becomes the enforced policy). :ref:`Retry policy ` // should not be set if this field is used. google.protobuf.Any retry_policy_typed_config = 33; @@ -1024,7 +1024,7 @@ message RouteAction { // Specifies if the rate limit filter should include the virtual host rate // limits. By default, if the route configured rate limits, the virtual host - // :ref:`rate_limits ` are not applied to the + // :ref:`rate_limits ` are not applied to the // request. // // This field is deprecated. Please use :ref:`vh_rate_limits ` @@ -1048,15 +1048,15 @@ message RouteAction { // Indicates that the route has a CORS policy. CorsPolicy cors = 17; - // Deprecated by :ref:`grpc_timeout_header_max ` + // Deprecated by :ref:`grpc_timeout_header_max ` // If present, and the request is a gRPC request, use the // `grpc-timeout header `_, // or its default value (infinity) instead of - // :ref:`timeout `, but limit the applied timeout + // :ref:`timeout `, but limit the applied timeout // to the maximum value specified here. If configured as 0, the maximum allowed timeout for // gRPC requests is infinity. If not configured at all, the `grpc-timeout` header is not used // and gRPC requests time out like any other requests using - // :ref:`timeout ` or its default. + // :ref:`timeout ` or its default. // This can be used to prevent unexpected upstream request timeouts due to potentially long // time gaps between gRPC request and response in gRPC streaming mode. // @@ -1071,7 +1071,7 @@ message RouteAction { google.protobuf.Duration max_grpc_timeout = 23 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; - // Deprecated by :ref:`grpc_timeout_header_offset `. + // Deprecated by :ref:`grpc_timeout_header_offset `. // If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting // the provided duration from the header. This is useful in allowing Envoy to set its global // timeout to be less than that of the deadline imposed by the calling client, which makes it more @@ -1087,7 +1087,7 @@ message RouteAction { // If present, Envoy will try to follow an upstream redirect response instead of proxying the // response back to the downstream. An upstream redirect response is defined // by :ref:`redirect_response_codes - // `. + // `. InternalRedirectPolicy internal_redirect_policy = 34; InternalRedirectAction internal_redirect_action = 26 @@ -1095,15 +1095,15 @@ message RouteAction { // An internal redirect is handled, iff the number of previous internal redirects that a // downstream request has encountered is lower than this value, and - // :ref:`internal_redirect_action ` + // :ref:`internal_redirect_action ` // is set to :ref:`HANDLE_INTERNAL_REDIRECT - // ` + // ` // In the case where a downstream request is bounced among multiple routes by internal redirect, // the first route that hits this threshold, or has - // :ref:`internal_redirect_action ` + // :ref:`internal_redirect_action ` // set to // :ref:`PASS_THROUGH_INTERNAL_REDIRECT - // ` + // ` // will pass the redirect back to downstream. // // If not specified, at most one redirect will be followed. @@ -1268,7 +1268,7 @@ message RetryPolicy { // .. note:: // // If left unspecified, Envoy will use the global - // :ref:`route timeout ` for the request. + // :ref:`route timeout ` for the request. // Consequently, when using a :ref:`5xx ` based // retry policy, a request that times out will not be retried as the total timeout budget // would have been exhausted. @@ -1343,7 +1343,7 @@ message HedgePolicy { // if there are no more retries left. // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. // - // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least + // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least // one error code and specifies a maximum number of retries. // // Defaults to false. @@ -1418,7 +1418,7 @@ message RedirectAction { // .. attention:: // // Pay attention to the use of trailing slashes as mentioned in - // :ref:`RouteAction's prefix_rewrite `. + // :ref:`RouteAction's prefix_rewrite `. string prefix_rewrite = 5 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; @@ -1470,8 +1470,8 @@ message DirectResponseAction { // .. note:: // // Headers can be specified using *response_headers_to_add* in the enclosing - // :ref:`envoy_api_msg_config.route.v3.Route`, :ref:`envoy_api_msg_config.route.v3.RouteConfiguration` or - // :ref:`envoy_api_msg_config.route.v3.VirtualHost`. + // :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` or + // :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`. core.v3.DataSource body = 2; } @@ -1526,7 +1526,7 @@ message Tracing { // A list of custom tags with unique tag name to create tags for the active span. // It will take effect after merging with the :ref:`corresponding configuration - // ` + // ` // configured in the HTTP connection manager. If two tags with the same name are configured // each in the HTTP connection manager and the route level, the one configured here takes // priority. @@ -1597,14 +1597,14 @@ message RateLimit { // ("destination_cluster", "") // // Once a request matches against a route table rule, a routed cluster is determined by one of - // the following :ref:`route table configuration ` + // the following :ref:`route table configuration ` // settings: // - // * :ref:`cluster ` indicates the upstream cluster + // * :ref:`cluster ` indicates the upstream cluster // to route to. - // * :ref:`weighted_clusters ` + // * :ref:`weighted_clusters ` // chooses a cluster randomly from a set of clusters with attributed weight. - // * :ref:`cluster_header ` indicates which + // * :ref:`cluster_header ` indicates which // header in the request contains the target cluster. message DestinationCluster { option (udpa.annotations.versioning).previous_message_type = @@ -1698,7 +1698,7 @@ message RateLimit { // ("", "") // // .. attention:: - // This action has been deprecated in favor of the :ref:`metadata ` action + // This action has been deprecated in favor of the :ref:`metadata ` action message DynamicMetaData { // The key to use in the descriptor entry. string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; @@ -1722,7 +1722,7 @@ message RateLimit { // Query :ref:`dynamic metadata ` DYNAMIC = 0; - // Query :ref:`route entry metadata ` + // Query :ref:`route entry metadata ` ROUTE_ENTRY = 1; } @@ -1765,7 +1765,7 @@ message RateLimit { // Rate limit on dynamic metadata. // // .. attention:: - // This field has been deprecated in favor of the :ref:`metadata ` field + // This field has been deprecated in favor of the :ref:`metadata ` field DynamicMetaData dynamic_metadata = 7 [ deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0", @@ -1787,7 +1787,7 @@ message RateLimit { // Metadata struct that defines the key and path to retrieve the struct value. // The value must be a struct containing an integer "requests_per_unit" property // and a "unit" property with a value parseable to :ref:`RateLimitUnit - // enum ` + // enum ` type.metadata.v3.MetadataKey metadata_key = 1 [(validate.rules).message = {required: true}]; } @@ -1845,8 +1845,8 @@ message RateLimit { // // .. attention:: // In the absence of any header match specifier, match will default to :ref:`present_match -// `. i.e, a request that has the :ref:`name -// ` header will match, regardless of the header's +// `. i.e, a request that has the :ref:`name +// ` header will match, regardless of the header's // value. // // [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.] @@ -1885,8 +1885,8 @@ message HeaderMatcher { // "-1somestring" type.v3.Int64Range range_match = 6; - // If specified, header match will be performed based on whether the header is in the - // request. + // If specified as true, header match will be performed based on whether the header is in the + // request. If specified as false, header match will be performed based on whether the header is absent. bool present_match = 7; // If specified, header match will be performed based on the prefix of the header value. @@ -1954,7 +1954,7 @@ message InternalRedirectPolicy { // downstream request has encountered is lower than this value. // In the case where a downstream request is bounced among multiple routes by internal redirect, // the first route that hits this threshold, or does not set :ref:`internal_redirect_policy - // ` + // ` // will pass the redirect back to downstream. // // If not specified, at most one redirect will be followed. @@ -1978,9 +1978,9 @@ message InternalRedirectPolicy { // A simple wrapper for an HTTP filter config. This is intended to be used as a wrapper for the // map value in -// :ref:`VirtualHost.typed_per_filter_config`, -// :ref:`Route.typed_per_filter_config`, -// or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config` +// :ref:`VirtualHost.typed_per_filter_config`, +// :ref:`Route.typed_per_filter_config`, +// or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config` // to add additional flags to the filter. // [#not-implemented-hide:] message FilterConfig { diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/scoped_route.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/scoped_route.proto index b7e3aa66e07..eb47d7e1089 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/scoped_route.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/scoped_route.proto @@ -15,13 +15,13 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // * Routing :ref:`architecture overview ` // Specifies a routing scope, which associates a -// :ref:`Key` to a -// :ref:`envoy_api_msg_config.route.v3.RouteConfiguration` (identified by its resource name). +// :ref:`Key` to a +// :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` (identified by its resource name). // // The HTTP connection manager builds up a table consisting of these Key to // RouteConfiguration mappings, and looks up the RouteConfiguration to use per // request according to the algorithm specified in the -// :ref:`scope_key_builder` +// :ref:`scope_key_builder` // assigned to the HttpConnectionManager. // // For example, with the following configurations (in YAML): @@ -43,7 +43,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // key: vip // // ScopedRouteConfiguration resources (specified statically via -// :ref:`scoped_route_configurations_list` +// :ref:`scoped_route_configurations_list` // or obtained dynamically via SRDS): // // .. code:: @@ -78,7 +78,7 @@ message ScopedRouteConfiguration { "envoy.api.v2.ScopedRouteConfiguration"; // Specifies a key which is matched against the output of the - // :ref:`scope_key_builder` + // :ref:`scope_key_builder` // specified in the HttpConnectionManager. The matching is done per HTTP // request and is dependent on the order of the fragments contained in the // Key. @@ -100,7 +100,7 @@ message ScopedRouteConfiguration { // The ordered set of fragments to match against. The order must match the // fragments in the corresponding - // :ref:`scope_key_builder`. + // :ref:`scope_key_builder`. repeated Fragment fragments = 1 [(validate.rules).repeated = {min_items: 1}]; } @@ -110,8 +110,8 @@ message ScopedRouteConfiguration { // The name assigned to the routing scope. string name = 1 [(validate.rules).string = {min_len: 1}]; - // The resource name to use for a :ref:`envoy_api_msg_service.discovery.v3.DiscoveryRequest` to an - // RDS server to fetch the :ref:`envoy_api_msg_config.route.v3.RouteConfiguration` associated + // The resource name to use for a :ref:`envoy_v3_api_msg_service.discovery.v3.DiscoveryRequest` to an + // RDS server to fetch the :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` associated // with this scope. string route_configuration_name = 2 [(validate.rules).string = {min_len: 1}]; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto index 8a3e452db56..d3c59a8cbb0 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto @@ -24,15 +24,15 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // .. attention:: // // Use of this message type has been deprecated in favor of direct use of -// :ref:`Tracing.Http `. +// :ref:`Tracing.Http `. message Tracing { option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v2.Tracing"; // Configuration for an HTTP tracer provider used by Envoy. // // The configuration is defined by the - // :ref:`HttpConnectionManager.Tracing ` - // :ref:`provider ` + // :ref:`HttpConnectionManager.Tracing ` + // :ref:`provider ` // field. message Http { option (udpa.annotations.versioning).previous_message_type = diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/lightstep.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/lightstep.proto index 0b7be7c4e60..b5cff53fea9 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/lightstep.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/lightstep.proto @@ -2,6 +2,9 @@ syntax = "proto3"; package envoy.config.trace.v3; +import "envoy/config/core/v3/base.proto"; + +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -42,7 +45,11 @@ message LightstepConfig { // File containing the access token to the `LightStep // `_ API. - string access_token_file = 2 [(validate.rules).string = {min_len: 1}]; + string access_token_file = 2 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Access token to the `LightStep `_ API. + core.v3.DataSource access_token = 4; // Propagation modes to use by LightStep's tracer. repeated PropagationMode propagation_modes = 3 diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/fault/v3/fault.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/fault/v3/fault.proto index d28ed28b111..0c7fbb4480c 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/fault/v3/fault.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/fault/v3/fault.proto @@ -54,7 +54,7 @@ message FaultAbort { type.v3.FractionalPercent percentage = 3; } -// [#next-free-field: 15] +// [#next-free-field: 16] message HTTPFault { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.fault.v2.HTTPFault"; @@ -76,7 +76,7 @@ message HTTPFault { // injection filter can be applied selectively to requests that match a set of // headers specified in the fault filter config. The chances of actual fault // injection further depend on the value of the :ref:`percentage - // ` field. + // ` field. // The filter will check the request's headers against all the specified // headers in the filter config. A match will happen if all the headers in the // config are present in the request with the same values (or based on @@ -141,4 +141,10 @@ message HTTPFault { // The runtime key to override the :ref:`default ` // runtime. The default is: fault.http.abort.grpc_status string abort_grpc_status_runtime = 14; + + // To control whether stats storage is allocated dynamically for each downstream server. + // If set to true, "x-envoy-downstream-service-cluster" field of header will be ignored by this filter. + // If set to false, dynamic stats storage will be allocated for the downstream cluster name. + // Default value is false. + bool disable_downstream_cluster_stats = 15; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto index 67cb338ef1f..7ad7ac5e6aa 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto @@ -23,6 +23,7 @@ message RBAC { // Specify the RBAC rules to be applied globally. // If absent, no enforcing RBAC policy will be applied. + // If present and empty, DENY. config.rbac.v3.RBAC rules = 1; // Shadow rules are not enforced by the filter (i.e., returning a 403) diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto index 6ab64f92f2b..ce595c057c0 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto @@ -19,7 +19,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Router :ref:`configuration overview `. // [#extension: envoy.filters.http.router] -// [#next-free-field: 7] +// [#next-free-field: 8] message Router { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.router.v2.Router"; @@ -78,4 +78,14 @@ message Router { // :ref:`config_http_filters_router_x-envoy-expected-rq-timeout-ms` header, populated by egress // Envoy, when deriving timeout for upstream cluster. bool respect_expected_rq_timeout = 6; + + // If set, Envoy will avoid incrementing HTTP failure code stats + // on gRPC requests. This includes the individual status code value + // (e.g. upstream_rq_504) and group stats (e.g. upstream_rq_5xx). + // This field is useful if interested in relying only on the gRPC + // stats filter to define success and failure metrics for gRPC requests + // as not all failed gRPC requests charge HTTP status code metrics. See + // :ref:`gRPC stats filter` documentation + // for more details. + bool suppress_grpc_request_failure_code_stats = 7; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 87d826262b9..856249c2a25 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -19,6 +19,7 @@ import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; @@ -34,7 +35,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 46] +// [#next-free-field: 48] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"; @@ -97,6 +98,36 @@ message HttpConnectionManager { ALWAYS_FORWARD_ONLY = 4; } + // Determines the action for request that contain %2F, %2f, %5C or %5c sequences in the URI path. + // This operation occurs before URL normalization and the merge slashes transformations if they were enabled. + enum PathWithEscapedSlashesAction { + // Default behavior specific to implementation (i.e. Envoy) of this configuration option. + // Envoy, by default, takes the KEEP_UNCHANGED action. + // NOTE: the implementation may change the default behavior at-will. + IMPLEMENTATION_SPECIFIC_DEFAULT = 0; + + // Keep escaped slashes. + KEEP_UNCHANGED = 1; + + // Reject client request with the 400 status. gRPC requests will be rejected with the INTERNAL (13) error code. + // The "httpN.downstream_rq_failed_path_normalization" counter is incremented for each rejected request. + REJECT_REQUEST = 2; + + // Unescape %2F and %5C sequences and redirect request to the new path if these sequences were present. + // Redirect occurs after path normalization and merge slashes transformations if they were configured. + // NOTE: gRPC requests will be rejected with the INTERNAL (13) error code. + // This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to + // traverse all parties: downstream client, intermediate proxies, Envoy and upstream server. + // The "httpN.downstream_rq_redirected_with_normalized_path" counter is incremented for each + // redirected request. + UNESCAPE_AND_REDIRECT = 3; + + // Unescape %2F and %5C sequences. + // Note: this option should not be enabled if intermediaries perform path based access control as + // it may lead to path confusion vulnerabilities. + UNESCAPE_AND_FORWARD = 4; + } + // [#next-free-field: 10] message Tracing { option (udpa.annotations.versioning).previous_message_type = @@ -234,7 +265,7 @@ message HttpConnectionManager { // Determines if upgrades are enabled or disabled by default. Defaults to true. // This can be overridden on a per-route basis with :ref:`cluster - // ` as documented in the + // ` as documented in the // :ref:`upgrade documentation `. google.protobuf.BoolValue enabled = 3; } @@ -243,8 +274,8 @@ message HttpConnectionManager { // before any processing of requests by HTTP filters, routing, and matching. Only the normalized // path will be visible internally if a transformation is enabled. Any path rewrites that the // router performs (e.g. :ref:`regex_rewrite - // ` or :ref:`prefix_rewrite - // `) will apply to the *:path* header + // ` or :ref:`prefix_rewrite + // `) will apply to the *:path* header // destined for the upstream. // // Note: access logging and tracing will show the original *:path* header. @@ -252,7 +283,7 @@ message HttpConnectionManager { // [#not-implemented-hide:] Normalization applies internally before any processing of requests by // HTTP filters, routing, and matching *and* will affect the forwarded *:path* header. Defaults // to :ref:`NormalizePathRFC3986 - // `. When not + // `. When not // specified, this value may be overridden by the runtime variable // :ref:`http_connection_manager.normalize_path`. // Envoy will respond with 400 to paths that are malformed (e.g. for paths that fail RFC 3986 @@ -271,7 +302,7 @@ message HttpConnectionManager { type.http.v3.PathTransformation http_filter_transformation = 2; } - reserved 27, 11, 45; + reserved 27, 11; reserved "idle_timeout"; @@ -310,7 +341,7 @@ message HttpConnectionManager { // Presence of the object defines whether the connection manager // emits :ref:`tracing ` data to the :ref:`configured tracing provider - // `. + // `. Tracing tracing = 7; // Additional settings for HTTP requests handled by the connection manager. These will be @@ -354,10 +385,10 @@ message HttpConnectionManager { // // This idle timeout applies to new streams and is overridable by the // :ref:`route-level idle_timeout - // `. Even on a stream in + // `. Even on a stream in // which the override applies, prior to receipt of the initial request // headers, the :ref:`stream_idle_timeout - // ` + // ` // applies. Each time an encode/decode event for headers or data is processed // for the stream, the timer will be reset. If the timeout fires, the stream // is terminated with a 408 Request Timeout error code if no upstream response @@ -370,12 +401,12 @@ message HttpConnectionManager { // data has been proxied within available flow control windows. If the timeout is hit in this // case, the :ref:`tx_flush_timeout ` counter will be // incremented. Note that :ref:`max_stream_duration - // ` does not apply to + // ` does not apply to // this corner case. // // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" // is configured, this timeout is scaled according to the value for - // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. // // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due // to the granularity of events presented to the connection manager. For example, while receiving @@ -465,7 +496,36 @@ message HttpConnectionManager { // determining the origin client's IP address. The default is zero if this option // is not specified. See the documentation for // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. - uint32 xff_num_trusted_hops = 19; + // + // .. note:: + // This field is deprecated and instead :ref:`original_ip_detection_extensions + // ` + // should be used to configure the :ref:`xff extension ` + // to configure IP detection using the :ref:`config_http_conn_man_headers_x-forwarded-for` header. To replace + // this field use a config like the following: + // + // .. code-block:: yaml + // + // original_ip_detection_extensions: + // typed_config: + // "@type": type.googleapis.com/envoy.extensions.http.original_ip_detection.xff.v3.XffConfig + // xff_num_trusted_hops: 1 + // + uint32 xff_num_trusted_hops = 19 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // The configuration for the original IP detection extensions. + // + // When configured the extensions will be called along with the request headers + // and information about the downstream connection, such as the directly connected address. + // Each extension will then use these parameters to decide the request's effective remote address. + // If an extension fails to detect the original IP address and isn't configured to reject + // the request, the HCM will try the remaining extensions until one succeeds or rejects + // the request. If the request isn't rejected nor any extension succeeds, the HCM will + // fallback to using the remote address. + // + // [#extension-category: envoy.http.original_ip_detection] + repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46; // Configures what network addresses are considered internal for stats and header sanitation // purposes. If unspecified, only RFC1918 IP addresses will be considered internal. @@ -477,7 +537,7 @@ message HttpConnectionManager { // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. This may be used in // conjunction with HTTP filters that explicitly manipulate XFF after the HTTP connection manager // has mutated the request headers. While :ref:`use_remote_address - // ` + // ` // will also suppress XFF addition, it has consequences for logging and other // Envoy uses of the remote address, so *skip_xff_append* should be used // when only an elision of XFF addition is intended. @@ -510,7 +570,7 @@ message HttpConnectionManager { [(validate.rules).enum = {defined_only: true}]; // This field is valid only when :ref:`forward_client_cert_details - // ` + // ` // is APPEND_FORWARD or SANITIZE_SET and the client connection is mTLS. It specifies the fields in // the client certificate to be forwarded. Note that in the // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, *Hash* is always set, and @@ -526,7 +586,7 @@ message HttpConnectionManager { // If // :ref:`use_remote_address - // ` + // ` // is true and represent_ipv4_remote_address_as_ipv4_mapped_ipv6 is true and the remote address is // an IPv4 address, the address will be mapped to IPv6 before it is appended to *x-forwarded-for*. // This is useful for testing compatibility of upstream services that parse the header value. For @@ -561,6 +621,13 @@ message HttpConnectionManager { // `HTTP spec `_ and is provided for convenience. bool merge_slashes = 33; + // Action to take when request URL path contains escaped slash sequences (%2F, %2f, %5C and %5c). + // The default value can be overridden by the :ref:`http_connection_manager.path_with_escaped_slashes_action` + // runtime variable. + // The :ref:`http_connection_manager.path_with_escaped_slashes_action_sampling` runtime + // variable can be used to apply the action to a portion of all requests. + PathWithEscapedSlashesAction path_with_escaped_slashes_action = 45; + // The configuration of the request ID extension. This includes operations such as // generation, validation, and associated tracing operations. If empty, the // :ref:`UuidRequestIdConfig ` @@ -585,12 +652,12 @@ message HttpConnectionManager { LocalReplyConfig local_reply_config = 38; // Determines if the port part should be removed from host/authority header before any processing - // of request by HTTP filters or routing. The port would be removed only if it is equal to the :ref:`listener's` + // of request by HTTP filters or routing. The port would be removed only if it is equal to the :ref:`listener's` // local port. This affects the upstream host header unless the method is // CONNECT in which case if no filter adds a port the original port will be restored before headers are // sent upstream. // Without setting this option, incoming requests with host `example:443` will not match against - // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part + // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part // of `HTTP spec `_ and is provided for convenience. // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. bool strip_matching_host_port = 39 @@ -602,7 +669,7 @@ message HttpConnectionManager { // This affects the upstream host header unless the method is CONNECT in // which case if no filter adds a port the original port will be restored before headers are sent upstream. // Without setting this option, incoming requests with host `example:443` will not match against - // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part + // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part // of `HTTP spec `_ and is provided for convenience. // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. bool strip_any_host_port = 42; @@ -632,9 +699,19 @@ message HttpConnectionManager { // whether transformations affect the forwarded *:path* header. RFC 3986 path // normalization is enabled by default and the default policy is that the // normalized header will be forwarded. See :ref:`PathNormalizationOptions - // ` + // ` // for details. PathNormalizationOptions path_normalization_options = 43; + + // Determines if trailing dot of the host should be removed from host/authority header before any + // processing of request by HTTP filters or routing. + // This affects the upstream host header. + // Without setting this option, incoming requests with host `example.com.` will not match against + // route with :ref:`domains` match set to `example.com`. Defaults to `false`. + // When the incoming request contains a host/authority header that includes a port number, + // setting this option will strip a trailing dot, if present, from the host section, + // leaving the port as is (e.g. host value `example.com.:443` will be updated to `example.com:443`). + bool strip_trailing_host_dot = 47; } // The configuration to customize local reply returned by Envoy. @@ -736,14 +813,14 @@ message ScopedRoutes { "envoy.config.filter.network.http_connection_manager.v2.ScopedRoutes"; // Specifies the mechanism for constructing "scope keys" based on HTTP request attributes. These - // keys are matched against a set of :ref:`Key` - // objects assembled from :ref:`ScopedRouteConfiguration` + // keys are matched against a set of :ref:`Key` + // objects assembled from :ref:`ScopedRouteConfiguration` // messages distributed via SRDS (the Scoped Route Discovery Service) or assigned statically via - // :ref:`scoped_route_configurations_list`. + // :ref:`scoped_route_configurations_list`. // // Upon receiving a request's headers, the Router will build a key using the algorithm specified // by this message. This key will be used to look up the routing table (i.e., the - // :ref:`RouteConfiguration`) to use for the request. + // :ref:`RouteConfiguration`) to use for the request. message ScopeKeyBuilder { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.ScopedRoutes.ScopeKeyBuilder"; @@ -826,7 +903,7 @@ message ScopedRoutes { } // The final(built) scope key consists of the ordered union of these fragments, which are compared in order with the - // fragments of a :ref:`ScopedRouteConfiguration`. + // fragments of a :ref:`ScopedRouteConfiguration`. // A missing fragment during comparison will make the key invalid, i.e., the computed key doesn't match any key. repeated FragmentBuilder fragments = 1 [(validate.rules).repeated = {min_items: 1}]; } @@ -848,14 +925,14 @@ message ScopedRoutes { // The set of routing scopes corresponding to the HCM. A scope is assigned to a request by // matching a key constructed from the request's attributes according to the algorithm specified // by the - // :ref:`ScopeKeyBuilder` + // :ref:`ScopeKeyBuilder` // in this message. ScopedRouteConfigurationsList scoped_route_configurations_list = 4; // The set of routing scopes associated with the HCM will be dynamically loaded via the SRDS // API. A scope is assigned to a request by matching a key constructed from the request's // attributes according to the algorithm specified by the - // :ref:`ScopeKeyBuilder` + // :ref:`ScopeKeyBuilder` // in this message. ScopedRds scoped_rds = 5; } @@ -893,7 +970,7 @@ message HttpFilter { // filters for further documentation. // // To support configuring a :ref:`match tree `, use an - // :ref:`ExtensionWithMatcher ` + // :ref:`ExtensionWithMatcher ` // with the desired HTTP filter. // [#extension-category: envoy.filters.http] google.protobuf.Any typed_config = 4; @@ -903,7 +980,7 @@ message HttpFilter { // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061). // // To support configuring a :ref:`match tree `, use an - // :ref:`ExtensionWithMatcher ` + // :ref:`ExtensionWithMatcher ` // with the desired HTTP filter. This works for both the default filter configuration as well // as for filters provided via the API. config.core.v3.ExtensionConfigSource config_discovery = 5; @@ -912,7 +989,7 @@ message HttpFilter { // If true, clients that do not support this filter may ignore the // filter but otherwise accept the config. // Otherwise, clients that do not support this filter must reject the config. - // [#not-implemented-hide:] + // This is also same with typed per filter config. bool is_optional = 6; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto index 46b9ad5c433..aa05a31f23d 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto @@ -51,10 +51,12 @@ message TlsParameters { // If specified, the TLS listener will only support the specified `cipher list // `_ - // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not - // specified, the default list will be used. + // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). // - // In non-FIPS builds, the default cipher list is: + // If not specified, a default list will be used. Defaults are different for server (downstream) and + // client (upstream) TLS configurations. + // + // In non-FIPS builds, the default server cipher list is: // // .. code-block:: none // @@ -71,7 +73,7 @@ message TlsParameters { // AES256-GCM-SHA384 // AES256-SHA // - // In builds using :ref:`BoringSSL FIPS `, the default cipher list is: + // In builds using :ref:`BoringSSL FIPS `, the default server cipher list is: // // .. code-block:: none // @@ -87,6 +89,24 @@ message TlsParameters { // ECDHE-RSA-AES256-SHA // AES256-GCM-SHA384 // AES256-SHA + // + // In non-FIPS builds, the default client cipher list is: + // + // .. code-block:: none + // + // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] + // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // + // In builds using :ref:`BoringSSL FIPS `, the default client cipher list is: + // + // .. code-block:: none + // + // ECDHE-ECDSA-AES128-GCM-SHA256 + // ECDHE-RSA-AES128-GCM-SHA256 + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 repeated string cipher_suites = 3; // If specified, the TLS connection will only support the specified ECDH @@ -160,11 +180,11 @@ message TlsCertificate { config.core.v3.WatchedDirectory watched_directory = 7; // BoringSSL private key method provider. This is an alternative to :ref:`private_key - // ` field. This can't be + // ` field. This can't be // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key - // ` and + // ` and // :ref:`private_key_provider - // ` fields will result in an + // ` fields will result in an // error. PrivateKeyProvider private_key_provider = 6; @@ -190,7 +210,7 @@ message TlsSessionTicketKeys { // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys // by, for example, putting the new key first, and the previous key second. // - // If :ref:`session_ticket_keys ` + // If :ref:`session_ticket_keys ` // is not specified, the TLS library will still support resuming sessions via tickets, but it will // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts // or on different hosts. @@ -224,7 +244,7 @@ message CertificateValidationContext { // Connections where the certificate fails verification will be permitted. // For HTTP connections, the result of certificate verification can be used in route matching. ( - // see :ref:`validated ` ). + // see :ref:`validated ` ). ACCEPT_UNTRUSTED = 1; } @@ -237,13 +257,13 @@ message CertificateValidationContext { // for listeners). If not specified and a peer certificate is presented it will not be // verified. By default, a client certificate is optional, unless one of the additional // options (:ref:`require_client_certificate - // `, + // `, // :ref:`verify_certificate_spki - // `, + // `, // :ref:`verify_certificate_hash - // `, or + // `, or // :ref:`match_subject_alt_names - // `) is also + // `) is also // specified. // // It can optionally contain certificate revocation lists, in which case Envoy will verify @@ -289,15 +309,15 @@ message CertificateValidationContext { // // When both: // :ref:`verify_certificate_hash - // ` and + // ` and // :ref:`verify_certificate_spki - // ` are specified, + // ` are specified, // a hash matching value from either of the lists will result in the certificate being accepted. // // .. attention:: // // This option is preferred over :ref:`verify_certificate_hash - // `, + // `, // because SPKI is tied to a private key, so it doesn't change when the certificate // is renewed using the same private key. repeated string verify_certificate_spki = 3 @@ -325,9 +345,9 @@ message CertificateValidationContext { // // When both: // :ref:`verify_certificate_hash - // ` and + // ` and // :ref:`verify_certificate_spki - // ` are specified, + // ` are specified, // a hash matching value from either of the lists will result in the certificate being accepted. repeated string verify_certificate_hash = 2 [(validate.rules).repeated = {items {string {min_len: 64 max_bytes: 95}}}]; @@ -336,7 +356,7 @@ message CertificateValidationContext { // Subject Alternative Name of the presented certificate matches one of the specified matchers. // // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be - // configured with exact match type in the :ref:`string matcher `. + // configured with exact match type in the :ref:`string matcher `. // For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com", // it should be configured as shown below. // @@ -349,7 +369,7 @@ message CertificateValidationContext { // // Subject Alternative Names are easily spoofable and verifying only them is insecure, // therefore this option must be used together with :ref:`trusted_ca - // `. + // `. repeated type.matcher.v3.StringMatcher match_subject_alt_names = 9; // [#not-implemented-hide:] Must present signed certificate time-stamp. diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto index 2c5a8bf21d3..02287de5875 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto @@ -32,7 +32,7 @@ message UpstreamTlsContext { // .. attention:: // // Server certificate verification is not enabled by default. Configure - // :ref:`trusted_ca` to enable + // :ref:`trusted_ca` to enable // verification. CommonTlsContext common_tls_context = 1; @@ -101,8 +101,8 @@ message DownstreamTlsContext { // Config for controlling stateless TLS session resumption: setting this to true will cause the TLS // server to not issue TLS session tickets for the purposes of stateless TLS session resumption. // If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using - // the keys specified through either :ref:`session_ticket_keys ` - // or :ref:`session_ticket_keys_sds_secret_config `. + // the keys specified through either :ref:`session_ticket_keys ` + // or :ref:`session_ticket_keys_sds_secret_config `. // If this config is set to false and no keys are explicitly configured, the TLS server will issue // TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the // implication that sessions cannot be resumed across hot restarts or on different hosts. @@ -216,8 +216,14 @@ message CommonTlsContext { // Configs for fetching TLS certificates via SDS API. Note SDS API allows certificates to be // fetched/refreshed over the network asynchronously with respect to the TLS handshake. + // + // The same number and types of certificates as :ref:`tls_certificates ` + // are valid in the the certificates fetched through this setting. + // + // If :ref:`tls_certificates ` + // is non-empty, this field is ignored. repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6 - [(validate.rules).repeated = {max_items: 1}]; + [(validate.rules).repeated = {max_items: 2}]; // Certificate provider for fetching TLS certificates. // [#not-implemented-hide:] @@ -256,7 +262,7 @@ message CommonTlsContext { // Supplies the list of ALPN protocols that the listener should expose. In // practice this is likely to be set to one of two values (see the // :ref:`codec_type - // ` + // ` // parameter in the HTTP connection manager for more information): // // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1. diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto b/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto index 4a2547df39f..4a474d0fe26 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto @@ -57,7 +57,7 @@ message DiscoveryRequest { // delta, where it is populated only for new explicit ACKs). string response_nonce = 5; - // This is populated when the previous :ref:`DiscoveryResponse ` + // This is populated when the previous :ref:`DiscoveryResponse ` // failed to update configuration. The *message* field in *error_details* provides the Envoy // internal exception related to the failure. It is only intended for consumption during manual // debugging, the string provided is not guaranteed to be stable across Envoy versions. @@ -195,7 +195,7 @@ message DeltaDiscoveryRequest { // Otherwise (unlike in DiscoveryRequest) response_nonce must be omitted. string response_nonce = 6; - // This is populated when the previous :ref:`DiscoveryResponse ` + // This is populated when the previous :ref:`DiscoveryResponse ` // failed to update configuration. The *message* field in *error_details* // provides the Envoy internal exception related to the failure. google.rpc.Status error_detail = 7; diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto b/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto index ca8377e1ca6..0b565ebe723 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto @@ -20,10 +20,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Load Reporting Service is an Envoy API to emit load reports. Envoy will initiate a bi-directional // stream with a management server. Upon connecting, the management server can send a -// :ref:`LoadStatsResponse ` to a node it is +// :ref:`LoadStatsResponse ` to a node it is // interested in getting the load reports for. Envoy in this node will start sending -// :ref:`LoadStatsRequest `. This is done periodically -// based on the :ref:`load reporting interval ` +// :ref:`LoadStatsRequest `. This is done periodically +// based on the :ref:`load reporting interval ` // For details, take a look at the :ref:`Load Reporting Service sandbox example `. service LoadReportingService { @@ -83,7 +83,7 @@ message LoadStatsResponse { // If true, the client should send all clusters it knows about. // Only clients that advertise the "envoy.lrs.supports_send_all_clusters" capability in their - // :ref:`client_features` field will honor this field. + // :ref:`client_features` field will honor this field. bool send_all_clusters = 4; // The minimum interval of time to collect stats over. This is only a minimum for two reasons: diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto b/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto index 3a1c748fc81..1d940d6a2df 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto @@ -7,6 +7,8 @@ import "envoy/config/core/v3/base.proto"; import "envoy/type/matcher/v3/node.proto"; import "google/api/annotations.proto"; +import "google/protobuf/any.proto"; +import "google/protobuf/timestamp.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; @@ -124,10 +126,60 @@ message ClientConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.service.status.v2.ClientConfig"; + // GenericXdsConfig is used to specify the config status and the dump + // of any xDS resource identified by their type URL. It is the generalized + // version of the now deprecated ListenersConfigDump, ClustersConfigDump etc + // [#next-free-field: 10] + message GenericXdsConfig { + // Type_url represents the fully qualified name of xDS resource type + // like envoy.v3.Cluster, envoy.v3.ClusterLoadAssignment etc. + string type_url = 1; + + // Name of the xDS resource + string name = 2; + + // This is the :ref:`version_info ` + // in the last processed xDS discovery response. If there are only + // static bootstrap listeners, this field will be "" + string version_info = 3; + + // The xDS resource config. Actual content depends on the type + google.protobuf.Any xds_config = 4; + + // Timestamp when the xDS resource was last updated + google.protobuf.Timestamp last_updated = 5; + + // Per xDS resource config status. It is generated by management servers. + // It will not be present if the CSDS server is an xDS client. + ConfigStatus config_status = 6; + + // Per xDS resource status from the view of a xDS client + admin.v3.ClientResourceStatus client_status = 7; + + // Set if the last update failed, cleared after the next successful + // update. The *error_state* field contains the rejected version of + // this particular resource along with the reason and timestamp. For + // successfully updated or acknowledged resource, this field should + // be empty. + // [#not-implemented-hide:] + admin.v3.UpdateFailureState error_state = 8; + + // Is static resource is true if it is specified in the config supplied + // through the file at the startup. + bool is_static_resource = 9; + } + // Node for a particular client. config.core.v3.Node node = 1; - repeated PerXdsConfig xds_config = 2; + // This field is deprecated in favor of generic_xds_configs which is + // much simpler and uniform in structure. + repeated PerXdsConfig xds_config = 2 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Represents generic xDS config and the exact config structure depends on + // the type URL (like Cluster if it is CDS) + repeated GenericXdsConfig generic_xds_configs = 3; } message ClientStatusResponse { diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto b/xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto index 8a3c9ef5aaf..0b3d72009f5 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto @@ -34,7 +34,7 @@ message PathTransformation { // Determines if adjacent slashes are merged into one. A common use case is for a request path // header. Using this option in `:ref: PathNormalizationOptions - // ` + // ` // will allow incoming requests with path `//dir///file` to match against route with `prefix` // match set to `/dir`. When using for header transformations, note that slash merging is not // part of `HTTP spec `_ and is provided for convenience. diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto index a7184ee9805..68710dc7185 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto @@ -16,7 +16,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata matcher] // MetadataMatcher provides a general interface to check if a given value is matched in -// :ref:`Metadata `. It uses `filter` and `path` to retrieve the value +// :ref:`Metadata `. It uses `filter` and `path` to retrieve the value // from the Metadata and then check if it's matched to the specified value. // // For example, for the following Metadata: @@ -71,8 +71,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // // An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to // enforce access control based on dynamic metadata in a request. See :ref:`Permission -// ` and :ref:`Principal -// `. +// ` and :ref:`Principal +// `. // [#next-major-version: MetadataMatcher should use StructMatcher] message MetadataMatcher { diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto b/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto index b971d8debbe..5dd58b23c62 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto @@ -14,7 +14,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata] // MetadataKey provides a general interface using `key` and `path` to retrieve value from -// :ref:`Metadata `. +// :ref:`Metadata `. // // For example, for the following Metadata: // @@ -77,20 +77,20 @@ message MetadataKind { "envoy.type.metadata.v2.MetadataKind.Request"; } - // Represents metadata from :ref:`the route`. + // Represents metadata from :ref:`the route`. message Route { option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKind.Route"; } - // Represents metadata from :ref:`the upstream cluster`. + // Represents metadata from :ref:`the upstream cluster`. message Cluster { option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKind.Cluster"; } // Represents metadata from :ref:`the upstream - // host`. + // host`. message Host { option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKind.Host"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto b/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto index bcebe5779ba..ad99cafb22b 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto @@ -59,8 +59,8 @@ message CustomTag { } // Metadata type custom tag using - // :ref:`MetadataKey ` to retrieve the protobuf value - // from :ref:`Metadata `, and populate the tag value with + // :ref:`MetadataKey ` to retrieve the protobuf value + // from :ref:`Metadata `, and populate the tag value with // `the canonical JSON `_ // representation of it. message Metadata { From e328430ec67e54dd749e4926b01f15ab62cf0dde Mon Sep 17 00:00:00 2001 From: Sergii Tkachenko Date: Mon, 26 Jul 2021 19:17:27 -0400 Subject: [PATCH 2/2] Suppress warnings for newly deprecated xDS proto fields --- .../java/io/grpc/xds/ClientXdsClientDataTest.java | 6 ++---- xds/src/test/java/io/grpc/xds/CsdsServiceTest.java | 12 +++++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/xds/src/test/java/io/grpc/xds/ClientXdsClientDataTest.java b/xds/src/test/java/io/grpc/xds/ClientXdsClientDataTest.java index 47ec59fe356..e13359577fd 100644 --- a/xds/src/test/java/io/grpc/xds/ClientXdsClientDataTest.java +++ b/xds/src/test/java/io/grpc/xds/ClientXdsClientDataTest.java @@ -1071,10 +1071,8 @@ public void parseOverrideFilterConfigs_unsupportedAndRequired() { @Test public void parseHttpConnectionManager_xffNumTrustedHopsUnsupported() throws ResourceInvalidException { - HttpConnectionManager hcm = - HttpConnectionManager.newBuilder() - .setXffNumTrustedHops(2) - .build(); + @SuppressWarnings("deprecation") + HttpConnectionManager hcm = HttpConnectionManager.newBuilder().setXffNumTrustedHops(2).build(); thrown.expect(ResourceInvalidException.class); thrown.expectMessage("HttpConnectionManager with xff_num_trusted_hops unsupported"); ClientXdsClient.parseHttpConnectionManager( diff --git a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java index 58700195d85..8a6e36d635c 100644 --- a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java +++ b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java @@ -728,7 +728,9 @@ Map getSubscribedResourcesMetadata(ResourceType type) // Minimal verification to confirm that the data/metadata XdsClient provides, // is propagated to the correct resource types. - assertThat(clientConfig.getXdsConfigCount()).isEqualTo(4); + @SuppressWarnings("deprecation") + int xdsConfigCount = clientConfig.getXdsConfigCount(); + assertThat(xdsConfigCount).isEqualTo(4); EnumMap configDumps = mapConfigDumps(clientConfig); assertThat(configDumps.keySet()).containsExactly(LDS, RDS, CDS, EDS); @@ -803,7 +805,9 @@ private void verifyErrorState(UpdateFailureState errorState) { */ private static void verifyClientConfigNoResources(ClientConfig clientConfig) { // Expect PerXdsConfig for all resource types to be present, but empty. - assertThat(clientConfig.getXdsConfigCount()).isEqualTo(4); + @SuppressWarnings("deprecation") + int xdsConfigCount = clientConfig.getXdsConfigCount(); + assertThat(xdsConfigCount).isEqualTo(4); EnumMap configDumps = mapConfigDumps(clientConfig); assertThat(configDumps.keySet()).containsExactly(LDS, RDS, CDS, EDS); @@ -842,7 +846,9 @@ private static void verifyPerXdsConfigEmptyFields(PerXdsConfig perXdsConfig) { private static EnumMap mapConfigDumps(ClientConfig config) { EnumMap xdsConfigMap = new EnumMap<>(ResourceType.class); - for (PerXdsConfig perXdsConfig : config.getXdsConfigList()) { + @SuppressWarnings("deprecation") + List xdsConfigList = config.getXdsConfigList(); + for (PerXdsConfig perXdsConfig : xdsConfigList) { ResourceType type = perXdsConfigToResourceType(perXdsConfig); assertThat(type).isNotEqualTo(ResourceType.UNKNOWN); assertThat(xdsConfigMap).doesNotContainKey(type);