diff --git a/api/src/main/proto/cel/expr/conformance/proto3/test_all_types.proto b/api/src/main/proto/cel/expr/conformance/proto3/test_all_types.proto index 8ddc472b2..c4b59fee7 100644 --- a/api/src/main/proto/cel/expr/conformance/proto3/test_all_types.proto +++ b/api/src/main/proto/cel/expr/conformance/proto3/test_all_types.proto @@ -63,7 +63,7 @@ message TestAllTypes { string single_string = 14; bytes single_bytes = 15; optional bool optional_bool = 16; - optional bool optional_string = 17; + optional string optional_string = 17; // Collides with 'in' operator. bool in = 18; diff --git a/api/src/main/proto/cel/expr/conformance/test/suite.proto b/api/src/main/proto/cel/expr/conformance/test/suite.proto index d6789bd9e..f9feab4a8 100644 --- a/api/src/main/proto/cel/expr/conformance/test/suite.proto +++ b/api/src/main/proto/cel/expr/conformance/test/suite.proto @@ -79,49 +79,44 @@ message TestCase { // environments. cel.expr.conformance.Environment env = 4; - // Input for the test case - TestInput input = 5; + // A map representing a variable binding where the key is the name of the + // input variable. + map input = 5; + + // Input in the form of a context proto for the test case. + // Note: Only one of `input_bindings` and `input_context` can be provided. Providing + // both should result in an error. + InputContext input_context = 6; // Expected result of the test case. - TestOutput output = 6; + TestOutput output = 7; // If specified validates that the deduced type at check time matches // If the result kind is not set and this field is set, the test is considered // "check-only". - cel.expr.Type deduced_type = 7; + cel.expr.Type deduced_type = 8; // Bypass the type-checking and only attempt to evaluate the parsed // expression. - bool disable_check = 8; + bool disable_check = 9; } -// Input for the test case -message TestInput { - // The type of input for the test case - oneof input_kind { - // A set of variable bindings to be used for evaluating a checked - // expression. - Bindings bindings = 1; - +// Input context proto for the test case +message InputContext { + // The type of input context for the test case + oneof input_context_kind { // A context message represents an input kind in the form of a proto // message whose type is defined at runtime. - google.protobuf.Any context_message = 2; + google.protobuf.Any context_message = 1; // A context expression representing a context proto variable. The // fields of the input proto.Messages are used as top-level variables within // an Activation. The expression is evaluated using the cel environment // configured for the test suite. - string context_expr = 3; + string context_expr = 2; } } -// The bindings of input variables for the test case. -message Bindings { - // A map representing a variable binding where the key is the name of the - // input variable. - map values = 1; -} - // The input value for a variable binding message InputValue { // The type of input value that can be used for a variable binding diff --git a/api/src/main/proto/cel/expr/eval.proto b/api/src/main/proto/cel/expr/eval.proto index 3f76f5761..8ad86988a 100644 --- a/api/src/main/proto/cel/expr/eval.proto +++ b/api/src/main/proto/cel/expr/eval.proto @@ -16,8 +16,8 @@ syntax = "proto3"; package cel.expr; +import "google/protobuf/any.proto"; import "cel/expr/value.proto"; -import "google/rpc/status.proto"; option cc_enable_arenas = true; option go_package = "cel.dev/expr"; @@ -104,9 +104,31 @@ message ExprValue { // // The errors included depend on the context. See `ExprValue.error`. message ErrorSet { - repeated google.rpc.Status errors = 1; + // Errors that could come up during evaluation phase. + repeated Status errors = 1; } + // Each `Status` message contains three pieces of data: error code, error message, + // and error details. + // + // You can find out more about this error model and how to work with it in the + // [API Design Guide](https://cloud.google.com/apis/design/errors). + // + // Status value is intended to be wire and field compatible with `google.rpc.Status`. + message Status { + // The status code, which should be an enum value of [google.rpc.Code][]. + int32 code = 1; + + // A developer-facing error message, which should be in English. Any + // user-facing error message should be localized and sent in the + // [Status.details][] field, or localized by the client. + string message = 2; + + // A list of messages that carry the error details. There is a common set of + // message types for APIs to use. + repeated google.protobuf.Any details = 3; + } + // A set of expressions for which the value is unknown. // // The unknowns included depend on the context. See `ExprValue.unknown`. diff --git a/api/src/main/proto/envoy/admin/v3/clusters.proto b/api/src/main/proto/envoy/admin/v3/clusters.proto index 9fab60d9a..4efc4c0ac 100644 --- a/api/src/main/proto/envoy/admin/v3/clusters.proto +++ b/api/src/main/proto/envoy/admin/v3/clusters.proto @@ -143,8 +143,8 @@ message HostStatus { // // .. note:: // - // The message will be missing if the host didn’t receive enough traffic to compute a success rate, or if the - // cluster didn’t have enough hosts to perform outlier ejection based on success rate. + // The message will be missing if the host didn't receive enough traffic to compute a success rate, or if the + // cluster didn't have enough hosts to perform outlier ejection based on success rate. // type.v3.Percent local_origin_success_rate = 8; @@ -171,18 +171,22 @@ message HostHealthStatus { // health checking. bool pending_dynamic_removal = 5; - // The host has not yet been health checked. + // The host is awaiting first health check. bool pending_active_hc = 6; // The host should be excluded from panic, spillover, etc. calculations because it was explicitly // taken out of rotation via protocol signal and is not meant to be routed to. bool excluded_via_immediate_hc_fail = 7; - // The host failed active HC due to timeout. + // The host failed active health check due to timeout. bool active_hc_timeout = 8; - // Health status as reported by EDS. Note: only HEALTHY and UNHEALTHY are currently supported - // here. + // Health status as reported by EDS. + // + // .. note:: + // + // Currently, only ``HEALTHY`` and ``UNHEALTHY`` are supported. + // // [#comment:TODO(mrice32): pipe through remaining EDS health status possibilities.] config.core.v3.HealthStatus eds_health_status = 3; } diff --git a/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto b/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto index 94868f134..bf65f3df4 100644 --- a/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto +++ b/api/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto @@ -57,9 +57,7 @@ message Bootstrap { // If a network based configuration source is specified for :ref:`cds_config // `, it's necessary // to have some initial cluster definitions available to allow Envoy to know - // how to speak to the management server. These cluster definitions may not - // use :ref:`EDS ` (i.e. they should be static - // IP or DNS-based). + // how to speak to the management server. repeated cluster.v3.Cluster clusters = 2; // These static secrets can be used by :ref:`SdsSecretConfig diff --git a/api/src/main/proto/envoy/config/cluster/v3/cluster.proto b/api/src/main/proto/envoy/config/cluster/v3/cluster.proto index 51180b1e8..c5112458a 100644 --- a/api/src/main/proto/envoy/config/cluster/v3/cluster.proto +++ b/api/src/main/proto/envoy/config/cluster/v3/cluster.proto @@ -652,9 +652,10 @@ message Cluster { // If this is not set, we default to a merge window of 1000ms. To disable it, set the merge // window to 0. // - // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is - // because merging those updates isn't currently safe. See - // https://github.com/envoyproxy/envoy/pull/3941. + // .. note:: + // Merging does not apply to cluster membership changes (e.g.: adds/removes); this is + // because merging those updates isn't currently safe. See + // https://github.com/envoyproxy/envoy/pull/3941. google.protobuf.Duration update_merge_window = 4; // If set to true, Envoy will :ref:`exclude ` new hosts @@ -816,12 +817,14 @@ message Cluster { string name = 1 [(validate.rules).string = {min_len: 1}]; // An optional alternative to the cluster name to be used for observability. This name is used - // emitting stats for the cluster and access logging the cluster name. This will appear as + // for emitting stats for the cluster and access logging the cluster name. This will appear as // additional information in configuration dumps of a cluster's current status as // :ref:`observability_name ` - // and as an additional tag "upstream_cluster.name" while tracing. Note: Any ``:`` in the name - // will be converted to ``_`` when emitting statistics. This should not be confused with - // :ref:`Router Filter Header `. + // and as an additional tag "upstream_cluster.name" while tracing. + // + // .. note:: + // Any ``:`` in the name will be converted to ``_`` when emitting statistics. This should not be confused with + // :ref:`Router Filter Header `. string alt_stat_name = 28 [(udpa.annotations.field_migrate).rename = "observability_name"]; oneof cluster_discovery_type { diff --git a/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto b/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto index 49a146d73..9b189d1aa 100644 --- a/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto +++ b/api/src/main/proto/envoy/config/common/matcher/v3/matcher.proto @@ -41,6 +41,17 @@ message Matcher { // Protocol-specific action to take. core.v3.TypedExtensionConfig action = 2; } + + // If true, the action will be taken but the caller will behave as if no + // match was found. This applies both to actions directly encoded in the + // action field and to actions returned from a nested matcher tree in the + // matcher field. A subsequent matcher on_no_match action will be used + // instead. + // + // This field is not supported in all contexts in which the matcher API is + // used. If this field is set in a context in which it's not supported, + // the resource will be rejected. + bool keep_matching = 3; } // A linear list of field matchers. @@ -84,7 +95,7 @@ message Matcher { // A list of predicates to be AND-ed together. PredicateList and_matcher = 3; - // The invert of a predicate + // The inverse of a predicate Predicate not_matcher = 4; } } @@ -137,8 +148,8 @@ message Matcher { MatcherTree matcher_tree = 2; } - // Optional OnMatch to use if the matcher failed. - // If specified, the OnMatch is used, and the matcher is considered + // Optional ``OnMatch`` to use if the matcher failed. + // If specified, the ``OnMatch`` is used, and the matcher is considered // to have matched. // If not specified, the matcher is considered not to have matched. OnMatch on_no_match = 3; @@ -204,9 +215,9 @@ message HttpHeadersMatch { // // .. attention:: // -// Searching for patterns in HTTP body is potentially cpu intensive. For each specified pattern, http body is scanned byte by byte to find a match. +// Searching for patterns in HTTP body is potentially CPU-intensive. For each specified pattern, HTTP body is scanned byte by byte to find a match. // If multiple patterns are specified, the process is repeated for each pattern. If location of a pattern is known, ``bytes_limit`` should be specified -// to scan only part of the http body. +// to scan only part of the HTTP body. message HttpGenericBodyMatch { message GenericTextMatch { oneof rule { diff --git a/api/src/main/proto/envoy/config/core/v3/address.proto b/api/src/main/proto/envoy/config/core/v3/address.proto index 38d74ef28..56796fc72 100644 --- a/api/src/main/proto/envoy/config/core/v3/address.proto +++ b/api/src/main/proto/envoy/config/core/v3/address.proto @@ -98,9 +98,18 @@ message SocketAddress { // IPv6 space as ``::FFFF:``. bool ipv4_compat = 6; - // The Linux network namespace to bind the socket to. If this is set, Envoy will - // create the socket in the specified network namespace. Only supported on Linux. - // [#not-implemented-hide:] + // Filepath that specifies the Linux network namespace this socket will be created in (see ``man 7 + // network_namespaces``). If this field is set, Envoy will create the socket in the specified + // network namespace. + // + // .. note:: + // Setting this parameter requires Envoy to run with the ``CAP_NET_ADMIN`` capability. + // + // .. note:: + // Currently only used for Listener sockets. + // + // .. attention:: + // Network namespaces are only configurable on Linux. Otherwise, this field has no effect. string network_namespace_filepath = 7; } diff --git a/api/src/main/proto/envoy/config/core/v3/base.proto b/api/src/main/proto/envoy/config/core/v3/base.proto index 48ff5e7ee..978f365d5 100644 --- a/api/src/main/proto/envoy/config/core/v3/base.proto +++ b/api/src/main/proto/envoy/config/core/v3/base.proto @@ -266,7 +266,7 @@ message RuntimeUInt32 { uint32 default_value = 2; // Runtime key to get value for comparison. This value is used if defined. - string runtime_key = 3 [(validate.rules).string = {min_len: 1}]; + string runtime_key = 3; } // Runtime derived percentage with a default when not specified. @@ -275,7 +275,7 @@ message RuntimePercent { type.v3.Percent default_value = 1; // Runtime key to get value for comparison. This value is used if defined. - string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; + string runtime_key = 2; } // Runtime derived double with a default when not specified. @@ -286,7 +286,7 @@ message RuntimeDouble { double default_value = 1; // Runtime key to get value for comparison. This value is used if defined. - string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; + string runtime_key = 2; } // Runtime derived bool with a default when not specified. @@ -300,7 +300,7 @@ message RuntimeFeatureFlag { // Runtime key to get value for comparison. This value is used if defined. The boolean value must // be represented via its // `canonical JSON encoding `_. - string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; + string runtime_key = 2; } // Please use :ref:`KeyValuePair ` instead. diff --git a/api/src/main/proto/envoy/config/core/v3/protocol.proto b/api/src/main/proto/envoy/config/core/v3/protocol.proto index a90c07421..147caa216 100644 --- a/api/src/main/proto/envoy/config/core/v3/protocol.proto +++ b/api/src/main/proto/envoy/config/core/v3/protocol.proto @@ -64,8 +64,11 @@ message QuicProtocolOptions { // `_ size. Valid values range from // 1 to 16777216 (2^24, maximum supported by QUICHE) and defaults to 16777216 (16 * 1024 * 1024). // - // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use 16384 instead. - // QUICHE IETF Quic implementation supports 1 bytes window. We only support increasing the default window size now, so it's also the minimum. + // .. note:: + // + // 16384 (2^14) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use + // 16384 instead. QUICHE IETF Quic implementation supports 1 bytes window. We only support increasing the default + // window size now, so it's also the minimum. // // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the // QUIC stream send and receive buffers. Once the buffer reaches this pointer, watermark callbacks will fire to @@ -77,8 +80,11 @@ message QuicProtocolOptions { // flow-control. Valid values rage from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults // to 25165824 (24 * 1024 * 1024). // - // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default - // window size now, so it's also the minimum. + // .. note:: + // + // 16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default + // window size now, so it's also the minimum. + // google.protobuf.UInt32Value initial_connection_window_size = 3 [(validate.rules).uint32 = {lte: 25165824 gte: 1}]; @@ -270,7 +276,7 @@ message HttpProtocolOptions { // The default value for responses can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_count``. // Downstream requests that exceed this limit will receive a 431 response for HTTP/1.x and cause a stream // reset for HTTP/2. - // Upstream responses that exceed this limit will result in a 503 response. + // Upstream responses that exceed this limit will result in a 502 response. google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}]; // The maximum size of response headers. @@ -282,9 +288,13 @@ message HttpProtocolOptions { // :ref:`HTTP Connection Manager // `. // - // Note: currently some protocol codecs impose limits on the maximum size of a single header: - // HTTP/2 (when using nghttp2) limits a single header to around 100kb. - // HTTP/3 limits a single header to around 1024kb. + // .. note:: + // + // Currently some protocol codecs impose limits on the maximum size of a single header. + // + // * HTTP/2 (when using nghttp2) limits a single header to around 100kb. + // * HTTP/3 limits a single header to around 1024kb. + // google.protobuf.UInt32Value max_response_headers_kb = 7 [(validate.rules).uint32 = {lte: 8192 gt: 0}]; @@ -294,9 +304,15 @@ message HttpProtocolOptions { // Action to take when a client request with a header name containing underscore characters is received. // If this setting is not specified, the value defaults to ALLOW. - // Note: upstream responses are not affected by this setting. - // Note: this only affects client headers. It does not affect headers added - // by Envoy filters and does not have any impact if added to cluster config. + // + // .. note:: + // + // Upstream responses are not affected by this setting. + // + // .. note:: + // + // This only affects client headers. It does not affect headers added by Envoy filters and does not have any + // impact if added to cluster config. HeadersWithUnderscoresAction headers_with_underscores_action = 5; // Optional maximum requests for both upstream and downstream connections. @@ -404,7 +420,7 @@ message Http1ProtocolOptions { // envoy.reloadable_features.http1_use_balsa_parser. // See issue #21245. google.protobuf.BoolValue use_balsa_parser = 9 - [(xds.annotations.v3.field_status).work_in_progress = true]; + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // [#not-implemented-hide:] Hiding so that field can be removed. // If true, and BalsaParser is used (either `use_balsa_parser` above is true, @@ -504,8 +520,10 @@ message Http2ProtocolOptions { // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456 // (256 * 1024 * 1024). // - // NOTE: 65535 is the initial window size from HTTP/2 spec. We only support increasing the default - // window size now, so it's also the minimum. + // .. note:: + // + // 65535 is the initial window size from HTTP/2 spec. We only support increasing the default window size now, + // so it's also the minimum. // // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the // HTTP/2 codec buffers. Once the buffer reaches this pointer, watermark callbacks will fire to @@ -656,7 +674,7 @@ message GrpcProtocolOptions { } // A message which allows using HTTP/3. -// [#next-free-field: 8] +// [#next-free-field: 9] message Http3ProtocolOptions { QuicProtocolOptions quic_protocol_options = 1; @@ -691,6 +709,10 @@ message Http3ProtocolOptions { // No huffman encoding, zero dynamic table capacity and no cookie crumbing. // This can be useful for trading off CPU vs bandwidth when an upstream HTTP/3 connection multiplexes multiple downstream connections. bool disable_qpack = 7; + + // Disables connection level flow control for HTTP/3 streams. This is useful in situations where the streams share the same connection + // but originate from different end-clients, so that each stream can make progress independently at non-front-line proxies. + bool disable_connection_flow_control_for_streams = 8; } // A message to control transformations to the :scheme header diff --git a/api/src/main/proto/envoy/config/endpoint/v3/endpoint.proto b/api/src/main/proto/envoy/config/endpoint/v3/endpoint.proto index 894f68310..a149f6095 100644 --- a/api/src/main/proto/envoy/config/endpoint/v3/endpoint.proto +++ b/api/src/main/proto/envoy/config/endpoint/v3/endpoint.proto @@ -113,8 +113,9 @@ message ClusterLoadAssignment { // to determine the health of the priority level, or in other words assume each host has a weight of 1 for // this calculation. // - // Note: this is not currently implemented for - // :ref:`locality weighted load balancing `. + // .. note:: + // This is not currently implemented for + // :ref:`locality weighted load balancing `. bool weighted_priority_health = 6; } diff --git a/api/src/main/proto/envoy/config/grpc_credential/v3/aws_iam.proto b/api/src/main/proto/envoy/config/grpc_credential/v3/aws_iam.proto deleted file mode 100644 index 5137602d9..000000000 --- a/api/src/main/proto/envoy/config/grpc_credential/v3/aws_iam.proto +++ /dev/null @@ -1,46 +0,0 @@ -syntax = "proto3"; - -package envoy.config.grpc_credential.v3; - -import "envoy/annotations/deprecation.proto"; -import "udpa/annotations/status.proto"; -import "udpa/annotations/versioning.proto"; -import "validate/validate.proto"; - -option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3"; -option java_outer_classname = "AwsIamProto"; -option java_multiple_files = true; -option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/grpc_credential/v3;grpc_credentialv3"; -option (udpa.annotations.file_status).package_version_status = ACTIVE; - -// [#protodoc-title: Grpc Credentials AWS IAM] -// Configuration for AWS IAM Grpc Credentials Plugin -// .. warning:: -// -// This extension is deprecated and will be deleted in a future Envoy release, no -// later than Envoy 1.35, but possibly sooner. -// -// [#extension: envoy.grpc_credentials.aws_iam] - -message AwsIamConfig { - option (udpa.annotations.versioning).previous_message_type = - "envoy.config.grpc_credential.v2alpha.AwsIamConfig"; - - // The `service namespace - // `_ - // of the Grpc endpoint. - // - // Example: appmesh - string service_name = 1 [ - deprecated = true, - (validate.rules).string = {min_len: 1}, - (envoy.annotations.deprecated_at_minor_version) = "3.0" - ]; - - // The `region `_ hosting the Grpc - // endpoint. If unspecified, the extension will use the value in the ``AWS_REGION`` environment - // variable. - // - // Example: us-west-2 - string region = 2 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; -} diff --git a/api/src/main/proto/envoy/config/listener/v3/listener.proto b/api/src/main/proto/envoy/config/listener/v3/listener.proto index 4bcd3882c..ff2f79d11 100644 --- a/api/src/main/proto/envoy/config/listener/v3/listener.proto +++ b/api/src/main/proto/envoy/config/listener/v3/listener.proto @@ -5,6 +5,7 @@ package envoy.config.listener.v3; import "envoy/config/accesslog/v3/accesslog.proto"; import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/config_source.proto"; import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/socket_option.proto"; import "envoy/config/listener/v3/api_listener.proto"; @@ -53,7 +54,7 @@ message ListenerCollection { repeated xds.core.v3.CollectionEntry entries = 1; } -// [#next-free-field: 36] +// [#next-free-field: 37] message Listener { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener"; @@ -115,6 +116,20 @@ message Listener { message InternalListenerConfig { } + // Configuration for filter chains discovery. + // [#not-implemented-hide:] + message FcdsConfig { + // Optional name to present to the filter chain discovery service. This may be an arbitrary name with arbitrary + // length. If a name is not provided, the listener's name is used. Refer to :ref:`filter_chains `. + // for details on how listener name is determined if unspecified. In addition, this may be a xdstp:// URL. + string name = 1; + + // Configuration for the source of FCDS updates for this listener. + // .. note:: + // This discovery service only supports ``AGGREGATED_GRPC`` API type. + core.v3.ConfigSource config_source = 2; + } + reserved 14, 23; // The unique name by which this listener is known. If no name is provided, @@ -147,6 +162,12 @@ message Listener { // :ref:`FAQ entry `. repeated FilterChain filter_chains = 3; + // Discover filter chains configurations by external service. Dynamic discovery of filter chains is allowed + // while having statically configured filter chains, however, a filter chain name must be unique within a + // listener. If a discovered filter chain matches a name of an existing filter chain, it is discarded. + // [#not-implemented-hide:] + FcdsConfig fcds_config = 36; + // :ref:`Matcher API ` resolving the filter chain name from the // network properties. This matcher is used as a replacement for the filter chain match condition // :ref:`filter_chain_match @@ -352,6 +373,11 @@ message Listener { // accepted in later event loop iterations. // If no value is provided Envoy will accept all connections pending accept // from the kernel. + // + // .. note:: + // + // It is recommended to lower this value for better overload management and reduced per-event cost. + // Setting it to 1 is a viable option with no noticeable impact on performance. google.protobuf.UInt32Value max_connections_to_accept_per_socket_event = 34 [(validate.rules).uint32 = {gt: 0}]; diff --git a/api/src/main/proto/envoy/config/rbac/v3/rbac.proto b/api/src/main/proto/envoy/config/rbac/v3/rbac.proto index 0f17788ea..cdb1267a2 100644 --- a/api/src/main/proto/envoy/config/rbac/v3/rbac.proto +++ b/api/src/main/proto/envoy/config/rbac/v3/rbac.proto @@ -248,10 +248,14 @@ message Permission { // When any is set, it matches any action. bool any = 3 [(validate.rules).bool = {const: true}]; - // A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only - // available for HTTP request. - // Note: the pseudo-header :path includes the query and fragment string. Use the ``url_path`` - // field if you want to match the URL path without the query and fragment string. + // A header (or pseudo-header such as ``:path`` or ``:method``) on the incoming HTTP request. Only available + // for HTTP request. + // + // .. note:: + // + // The pseudo-header ``:path`` includes the query and fragment string. Use the ``url_path`` field if you + // want to match the URL path without the query and fragment string. + // route.v3.HeaderMatcher header = 4; // A URL path on the incoming HTTP request. Only available for HTTP. @@ -276,8 +280,7 @@ message Permission { // the value of ``not_rule`` would not match, this permission would match. Permission not_rule = 8; - // The request server from the client's connection request. This is - // typically TLS SNI. + // The request server from the client's connection request. This is typically TLS SNI. // // .. attention:: // @@ -294,8 +297,7 @@ message Permission { // * A :ref:`listener filter ` may // overwrite a connection's requested server name within Envoy. // - // Please refer to :ref:`this FAQ entry ` to learn to - // setup SNI. + // Please refer to :ref:`this FAQ entry ` to learn how to setup SNI. type.matcher.v3.StringMatcher requested_server_name = 9; // Extension for configuring custom matchers for RBAC. @@ -351,12 +353,10 @@ message Principal { oneof identifier { option (validate.required) = true; - // A set of identifiers that all must match in order to define the - // downstream. + // A set of identifiers that all must match in order to define the downstream. Set and_ids = 1; - // A set of identifiers at least one must match in order to define the - // downstream. + // A set of identifiers at least one must match in order to define the downstream. Set or_ids = 2; // When any is set, it matches any downstream. @@ -380,24 +380,33 @@ message Principal { [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // A CIDR block that describes the downstream remote/origin address. - // Note: This is always the physical peer even if the - // :ref:`remote_ip ` is - // inferred from for example the x-forwarder-for header, proxy protocol, - // etc. + // + // .. note:: + // + // This is always the physical peer even if the + // :ref:`remote_ip ` is inferred from the + // x-forwarder-for header, the proxy protocol, etc. + // core.v3.CidrRange direct_remote_ip = 10; // A CIDR block that describes the downstream remote/origin address. - // Note: This may not be the physical peer and could be different from the - // :ref:`direct_remote_ip - // `. E.g, if the - // remote ip is inferred from for example the x-forwarder-for header, proxy - // protocol, etc. + // + // .. note:: + // + // This may not be the physical peer and could be different from the :ref:`direct_remote_ip + // `. E.g, if the remote ip is inferred from + // the x-forwarder-for header, the proxy protocol, etc. + // core.v3.CidrRange remote_ip = 11; - // A header (or pseudo-header such as :path or :method) on the incoming HTTP - // request. Only available for HTTP request. Note: the pseudo-header :path - // includes the query and fragment string. Use the ``url_path`` field if you - // want to match the URL path without the query and fragment string. + // A header (or pseudo-header such as ``:path`` or ``:method``) on the incoming HTTP request. Only available + // for HTTP request. + // + // .. note:: + // + // The pseudo-header ``:path`` includes the query and fragment string. Use the ``url_path`` field if you + // want to match the URL path without the query and fragment string. + // route.v3.HeaderMatcher header = 6; // A URL path on the incoming HTTP request. Only available for HTTP. @@ -434,7 +443,7 @@ message Action { // The action to take if the matcher matches. Every action either allows or denies a request, // and can also carry out action-specific operations. // - // Actions: + // **Actions:** // // * ``ALLOW``: If the request gets matched on ALLOW, it is permitted. // * ``DENY``: If the request gets matched on DENY, it is not permitted. @@ -443,7 +452,7 @@ message Action { // ``envoy.common`` will be set to the value ``true``. // * If the request cannot get matched, it will fallback to ``DENY``. // - // Log behavior: + // **Log behavior:** // // If the RBAC matcher contains at least one LOG action, the dynamic // metadata key ``access_log_hint`` will be set based on if the request diff --git a/api/src/main/proto/envoy/config/route/v3/route_components.proto b/api/src/main/proto/envoy/config/route/v3/route_components.proto index b12d51034..292e5b935 100644 --- a/api/src/main/proto/envoy/config/route/v3/route_components.proto +++ b/api/src/main/proto/envoy/config/route/v3/route_components.proto @@ -501,6 +501,8 @@ message WeightedCluster { // Configuration for a cluster specifier plugin. message ClusterSpecifierPlugin { // The name of the plugin and its opaque configuration. + // + // [#extension-category: envoy.router.cluster_specifier_plugin] core.v3.TypedExtensionConfig extension = 1 [(validate.rules).message = {required: true}]; // If is_optional is not set or is set to false and the plugin defined by this message is not a @@ -1159,12 +1161,21 @@ message RouteAction { // [#extension-category: envoy.path.rewrite] core.v3.TypedExtensionConfig path_rewrite_policy = 41; + // If one of the host rewrite specifiers is set and the + // :ref:`suppress_envoy_headers + // ` flag is not + // set to true, the router filter will place the original host header value before + // rewriting into the :ref:`x-envoy-original-host + // ` header. + // + // And if the + // :ref:`append_x_forwarded_host ` + // is set to true, the original host value will also be appended to the + // :ref:`config_http_conn_man_headers_x-forwarded-host` header. + // oneof host_rewrite_specifier { // Indicates that during forwarding, the host header will be swapped with - // this value. Using this option will append the - // :ref:`config_http_conn_man_headers_x-forwarded-host` header if - // :ref:`append_x_forwarded_host ` - // is set. + // this value. string host_rewrite_literal = 6 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; @@ -1174,18 +1185,12 @@ message RouteAction { // type ``strict_dns`` or ``logical_dns``, // or when :ref:`hostname ` // field is not empty. Setting this to true with other cluster types - // has no effect. Using this option will append the - // :ref:`config_http_conn_man_headers_x-forwarded-host` header if - // :ref:`append_x_forwarded_host ` - // is set. + // has no effect. google.protobuf.BoolValue auto_host_rewrite = 7; // Indicates that during forwarding, the host header will be swapped with the content of given // downstream or :ref:`custom ` header. - // If header value is empty, host header is left intact. Using this option will append the - // :ref:`config_http_conn_man_headers_x-forwarded-host` header if - // :ref:`append_x_forwarded_host ` - // is set. + // If header value is empty, host header is left intact. // // .. attention:: // @@ -1201,10 +1206,6 @@ message RouteAction { // Indicates that during forwarding, the host header will be swapped with // the result of the regex substitution executed on path value with query and fragment removed. // This is useful for transitioning variable content between path segment and subdomain. - // Using this option will append the - // :ref:`config_http_conn_man_headers_x-forwarded-host` header if - // :ref:`append_x_forwarded_host ` - // is set. // // For example with the following config: // diff --git a/api/src/main/proto/envoy/config/tap/v3/common.proto b/api/src/main/proto/envoy/config/tap/v3/common.proto index 126993d0f..ecdb5faaa 100644 --- a/api/src/main/proto/envoy/config/tap/v3/common.proto +++ b/api/src/main/proto/envoy/config/tap/v3/common.proto @@ -154,6 +154,7 @@ message HttpGenericBodyMatch { } // Tap output configuration. +// [#next-free-field: 6] message OutputConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.service.tap.v2alpha.OutputConfig"; @@ -181,6 +182,12 @@ message OutputConfig { // match can be determined. See the HTTP tap filter :ref:`streaming // ` documentation for more information. bool streaming = 4; + + // Tapped messages will be sent on each read/write event for streamed tapping by default. + // But this behavior could be controlled by setting this field. + // If set then the tapped messages will be send once the threshold is reached. + // This could be used to avoid high frequent sending. + google.protobuf.UInt32Value min_streamed_sent_bytes = 5; } // Tap output sink configuration. diff --git a/api/src/main/proto/envoy/config/trace/v3/opentelemetry.proto b/api/src/main/proto/envoy/config/trace/v3/opentelemetry.proto index 59028326f..5260d9bd6 100644 --- a/api/src/main/proto/envoy/config/trace/v3/opentelemetry.proto +++ b/api/src/main/proto/envoy/config/trace/v3/opentelemetry.proto @@ -6,6 +6,8 @@ import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/grpc_service.proto"; import "envoy/config/core/v3/http_service.proto"; +import "google/protobuf/wrappers.proto"; + import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; @@ -19,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration for the OpenTelemetry tracer. // [#extension: envoy.tracers.opentelemetry] -// [#next-free-field: 6] +// [#next-free-field: 7] message OpenTelemetryConfig { // The upstream gRPC cluster that will receive OTLP traces. // Note that the tracer drops traces if the server does not read data fast enough. @@ -57,4 +59,9 @@ message OpenTelemetryConfig { // See: `OpenTelemetry sampler specification `_ // [#extension-category: envoy.tracers.opentelemetry.samplers] core.v3.TypedExtensionConfig sampler = 5; + + // Envoy caches the span in memory when the OpenTelemetry backend service is temporarily unavailable. + // This field specifies the maximum number of spans that can be cached. If not specified, the + // default is 1024. + google.protobuf.UInt32Value max_cache_size = 6; } diff --git a/api/src/main/proto/envoy/data/tap/v3/transport.proto b/api/src/main/proto/envoy/data/tap/v3/transport.proto index a89e15dab..8aef68978 100644 --- a/api/src/main/proto/envoy/data/tap/v3/transport.proto +++ b/api/src/main/proto/envoy/data/tap/v3/transport.proto @@ -96,6 +96,11 @@ message SocketBufferedTrace { bool write_truncated = 5; } +// A message for the sequence of observed events +message SocketEvents { + repeated SocketEvent events = 1; +} + // A streamed socket trace segment. Multiple segments make up a full trace. message SocketStreamedTraceSegment { option (udpa.annotations.versioning).previous_message_type = @@ -111,5 +116,8 @@ message SocketStreamedTraceSegment { // Socket event. SocketEvent event = 3; + + // Sequence of observed events. + SocketEvents events = 4; } } diff --git a/api/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto b/api/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto index 4f44ac9cd..d23d767f7 100644 --- a/api/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto +++ b/api/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.extensions.clusters.aggregate.v3; +import "envoy/config/core/v3/config_source.proto"; + import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -25,3 +27,18 @@ message ClusterConfig { // appear in this list. repeated string clusters = 1 [(validate.rules).repeated = {min_items: 1}]; } + +// Configures an aggregate cluster whose +// :ref:`ClusterConfig ` +// is to be fetched from a separate xDS resource. +// [#extension: envoy.clusters.aggregate_resource] +// [#not-implemented-hide:] +message AggregateClusterResource { + // Configuration source specifier for the ClusterConfig resource. + // Only the aggregated protocol variants are supported; if configured + // otherwise, the cluster resource will be NACKed. + config.core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; + + // The name of the ClusterConfig resource to subscribe to. + string resource_name = 2 [(validate.rules).string = {min_len: 1}]; +} diff --git a/api/src/main/proto/envoy/extensions/common/aws/v3/credential_provider.proto b/api/src/main/proto/envoy/extensions/common/aws/v3/credential_provider.proto index 722e9b328..395a2e9a9 100644 --- a/api/src/main/proto/envoy/extensions/common/aws/v3/credential_provider.proto +++ b/api/src/main/proto/envoy/extensions/common/aws/v3/credential_provider.proto @@ -4,6 +4,8 @@ package envoy.extensions.common.aws.v3; import "envoy/config/core/v3/base.proto"; +import "google/protobuf/duration.proto"; + import "udpa/annotations/sensitive.proto"; import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -19,6 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration for AWS credential provider. This is optional and the credentials are normally // retrieved from the environment or AWS configuration files by following the default credential // provider chain. However, this configuration can be used to override the default behavior. +// [#next-free-field: 11] message AwsCredentialProvider { // The option to use `AssumeRoleWithWebIdentity `_. AssumeRoleWithWebIdentityCredentialProvider assume_role_with_web_identity_provider = 1; @@ -36,6 +39,24 @@ message AwsCredentialProvider { // // This has no effect if inline_credential is provided. bool custom_credential_provider_chain = 4; + + // The option to use `IAM Roles Anywhere `_. + IAMRolesAnywhereCredentialProvider iam_roles_anywhere_credential_provider = 5; + + // The option to use credentials sourced from standard `AWS configuration files `_. + ConfigCredentialProvider config_credential_provider = 6; + + // The option to use credentials sourced from `container environment variables `_. + ContainerCredentialProvider container_credential_provider = 7; + + // The option to use credentials sourced from `environment variables `_. + EnvironmentCredentialProvider environment_credential_provider = 8; + + // The option to use credentials sourced from an EC2 `Instance Profile `_. + InstanceProfileCredentialProvider instance_profile_credential_provider = 9; + + // The option to use `STS:AssumeRole aka Role Chaining `_. + AssumeRoleCredentialProvider assume_role_credential_provider = 10; } // Configuration to use an inline AWS credential. This is an equivalent to setting the well-known @@ -77,3 +98,87 @@ message CredentialsFileCredentialProvider { // The profile within the credentials_file data source. If not provided, the default profile will be used. string profile = 2; } + +// Configuration to use `IAM Roles Anywhere `_ +// to retrieve AWS credentials. +// [#next-free-field: 9] +message IAMRolesAnywhereCredentialProvider { + // The ARN of the role to assume via the IAM Roles Anywhere sessions API. See `Configure Roles `_ for more details. + string role_arn = 1 [(validate.rules).string = {min_len: 1}]; + + // The certificate used for authenticating to the IAM Roles Anywhere service. + // This certificate must match one configured in the IAM Roles Anywhere profile. See `Configure Roles `_ for more details. + config.core.v3.DataSource certificate = 2 [(validate.rules).message = {required: true}]; + + // The optional certificate chain, required when you are using a subordinate certificate authority for certificate issuance. + // A certificate chain can contain a maximum of 5 elements, see `The IAM Roles Anywhere authentication process `_ for more details. + config.core.v3.DataSource certificate_chain = 3; + + // The TLS private key matching the certificate provided. + config.core.v3.DataSource private_key = 4 + [(validate.rules).message = {required: true}, (udpa.annotations.sensitive) = true]; + + // The arn of the IAM Roles Anywhere trust anchor configured in your AWS account. A trust anchor in IAM Roles anywhere establishes + // trust between your certificate authority (CA) and AWS. See `Establish trust `_ for more details. + string trust_anchor_arn = 5 [(validate.rules).string = {min_len: 1}]; + + // The IAM Roles Anywhere profile ARN configured in your AWS account. + string profile_arn = 6 [(validate.rules).string = {min_len: 1}]; + + // An optional role session name, used when identifying the role in subsequent AWS API calls. + string role_session_name = 7; + + // An optional session duration, used when calculating the maximum time before vended credentials expire. This value cannot exceed the value configured + // in the IAM Roles Anywhere profile and the resultant session duration is calculate by the formula `here `_. + // If no session duration is provided here, the session duration is sourced from the IAM Roles Anywhere profile. + google.protobuf.Duration session_duration = 8 [(validate.rules).duration = { + lte {seconds: 43200} + gte {seconds: 900} + }]; +} + +// The Config Credential Provider has no configurable parameters, but listing it in a custom credential provider chain will enable this +// credential provider. +message ConfigCredentialProvider { +} + +// The Container Credential Provider has no configurable parameters, but listing it in a custom credential provider chain will enable this +// credential provider. +message ContainerCredentialProvider { +} + +// The Environment Credential Provider has no configurable parameters, but listing it in a custom credential provider chain will enable this +// credential provider. +message EnvironmentCredentialProvider { +} + +// The Instance Profile Credential Provider has no configurable parameters, but listing it in a custom credential provider chain will enable this +// credential provider. +message InstanceProfileCredentialProvider { +} + +// Configuration to use `AssumeRole `_ for retrieving new credentials, via role chaining. +// [#next-free-field: 6] +message AssumeRoleCredentialProvider { + // The ARN of the role to assume. + string role_arn = 1 [(validate.rules).string = {min_len: 1}]; + + // Optional string value to use as the role session name + string role_session_name = 2; + + // Optional string value to use as the externalId + string external_id = 3; + + // An optional duration, in seconds, of the role session. Minimum role duration is 900s (5 minutes) and maximum is 43200s (12 hours). + // If the session duration is not provided, the default will be determined using the `table described here `_. + google.protobuf.Duration session_duration = 4 [(validate.rules).duration = { + lte {seconds: 43200} + gte {seconds: 900} + }]; + + // The credential provider for signing the AssumeRole request. This is optional and if not set, + // it will be retrieved from the procedure described in :ref:`config_http_filters_aws_request_signing`. + // This list of credential providers cannot include an AssumeRole credential provider and if one is provided + // it will be ignored. + AwsCredentialProvider credential_provider = 5; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto b/api/src/main/proto/envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto index a75b803cf..87e05cb2e 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto @@ -23,7 +23,8 @@ option (xds.annotations.v3.file_status).work_in_progress = true; // // For example, the following configuration configures the filter to authenticate the clients using // the API key from the header ``X-API-KEY``. And only the clients with the key ``real-key`` are -// considered as authenticated. +// considered as authenticated. The client information is configured to be forwarded +// in the header ``x-client-id``. // // .. code-block:: yaml // @@ -32,6 +33,9 @@ option (xds.annotations.v3.file_status).work_in_progress = true; // client: user // key_sources: // - header: "X-API-KEY" +// forwarding: +// header: "x-client-id" +// hide_credentials: false // message ApiKeyAuth { // The credentials that are used to authenticate the clients. @@ -39,6 +43,9 @@ message ApiKeyAuth { // The key sources to fetch the key from the coming request. repeated KeySource key_sources = 2; + + // Optional configuration to control what information should be propagated to upstream services. + Forwarding forwarding = 3; } // API key auth configuration of per route or per virtual host or per route configuration. @@ -67,6 +74,11 @@ message ApiKeyAuthPerRoute { // route. // repeated string allowed_clients = 3; + + // Optional configuration to control what information should be propagated to upstream services. + // If this field is non-empty, then the forwarding information in the filter level configuration + // will be ignored and the forwarding in this configuration will be used. + Forwarding forwarding = 4; } // Single credential entry that contains the API key and the related client id. @@ -101,3 +113,16 @@ message KeySource { [(validate.rules).string = {max_len: 1024 well_known_regex: HTTP_HEADER_NAME strict: false ignore_empty: true}]; } + +message Forwarding { + // The header name in which to store the client information. If this field is non-empty, + // the client string associated with the matched credential will be injected into + // the request before forwarding upstream. + string header = 1 + [(validate.rules).string = {max_len: 1024 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // If true, remove the API key from the request before forwarding upstream. + // + // This applies to all configured key sources: ``header``, ``query``, and ``cookie``. + bool hide_credentials = 2; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto b/api/src/main/proto/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto index 254352e77..610c8c7c6 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto @@ -110,7 +110,7 @@ message AwsRequestSigning { QueryString query_string = 7; // The credential provider for signing the request. This is optional and if not set, - // it will be retrieved from the procedure described in :ref:`config_http_filters_aws_request_signing`. + // it will be retrieved using the procedure described in :ref:`config_http_filters_aws_request_signing`. common.aws.v3.AwsCredentialProvider credential_provider = 8; } diff --git a/api/src/main/proto/envoy/extensions/filters/http/credential_injector/v3/credential_injector.proto b/api/src/main/proto/envoy/extensions/filters/http/credential_injector/v3/credential_injector.proto index 5dc8e82b5..452a3f71d 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/credential_injector/v3/credential_injector.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/credential_injector/v3/credential_injector.proto @@ -4,8 +4,6 @@ package envoy.extensions.filters.http.credential_injector.v3; import "envoy/config/core/v3/extension.proto"; -import "xds/annotations/v3/status.proto"; - import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -14,7 +12,6 @@ option java_outer_classname = "CredentialInjectorProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/credential_injector/v3;credential_injectorv3"; option (udpa.annotations.file_status).package_version_status = ACTIVE; -option (xds.annotations.v3.file_status).work_in_progress = true; // [#protodoc-title: Credential Injector] // Credential Injector :ref:`configuration overview `. diff --git a/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto b/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto index 1ef5e0242..76dc47bd0 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto @@ -41,6 +41,17 @@ message FilterConfig { // ``envoy.stream.upstream_address`` (See // :repo:`upstream_address.h`). bool save_upstream_address = 2; + + // When this flag is set, the filter will check for the ``envoy.upstream.dynamic_host`` + // and/or ``envoy.upstream.dynamic_port`` filter state values before using the HTTP + // Host header for DNS resolution. This provides consistency with the + // :ref:`SNI dynamic forward proxy ` and + // :ref:`UDP dynamic forward proxy ` + // filters behavior when enabled. + // + // If the flag is not set (default), the filter will use the HTTP Host header + // for DNS resolution, maintaining backward compatibility. + bool allow_dynamic_host_from_filter_state = 4; } // Per route Configuration for the dynamic forward proxy HTTP filter. @@ -53,22 +64,25 @@ message PerRouteConfig { // this value. If not set or empty, the original host header value // will be used and no rewrite will happen. // - // Note: this rewrite affects both DNS lookup and host header forwarding. However, this - // option shouldn't be used with - // :ref:`HCM host rewrite ` given that the - // value set here would be used for DNS lookups whereas the value set in the HCM would be used - // for host header forwarding which is not the desired outcome. + // .. note:: + // + // This rewrite affects both DNS lookup and host header forwarding. However, this option shouldn't be used with + // :ref:`HCM host rewrite header ` given that + // the value set here would be used for DNS lookups whereas the value set in the HCM would be used for host + // header forwarding which might not be the desired outcome. + // string host_rewrite_literal = 1; // Indicates that before DNS lookup, the host header will be swapped with // the value of this header. If not set or empty, the original host header // value will be used and no rewrite will happen. // - // Note: this rewrite affects both DNS lookup and host header forwarding. However, this - // option shouldn't be used with - // :ref:`HCM host rewrite header ` - // given that the value set here would be used for DNS lookups whereas the value set in the HCM - // would be used for host header forwarding which is not the desired outcome. + // .. note:: + // + // This rewrite affects both DNS lookup and host header forwarding. However, this option shouldn't be used with + // :ref:`HCM host rewrite header ` given that + // the value set here would be used for DNS lookups whereas the value set in the HCM would be used for host + // header forwarding which might not be the desired outcome. // // .. note:: // @@ -78,6 +92,6 @@ message PerRouteConfig { } message SubClusterConfig { - // The timeout used for sub cluster initialization. Defaults to 5s if not set. + // The timeout used for sub cluster initialization. Defaults to **5s** if not set. google.protobuf.Duration cluster_init_timeout = 3 [(validate.rules).duration = {gt {}}]; } diff --git a/api/src/main/proto/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto b/api/src/main/proto/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto index d713bf810..6e74df4d0 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto @@ -59,3 +59,43 @@ message DynamicModuleFilter { // google.protobuf.Any filter_config = 3; } + +// Configuration of the HTTP per-route filter for dynamic modules. This filter allows loading shared object files +// that can be loaded via dlopen by the HTTP filter. +message DynamicModuleFilterPerRoute { + // Specifies the shared-object level configuration. + envoy.extensions.dynamic_modules.v3.DynamicModuleConfig dynamic_module_config = 1; + + // The name for this filter configuration. This can be used to distinguish between different filter implementations + // inside a dynamic module. For example, a module can have completely different filter implementations. + // When Envoy receives this configuration, it passes the filter_name to the dynamic module's HTTP per-route filter config init function + // together with the filter_config. + // That way a module can decide which in-module filter implementation to use based on the name at load time. + string per_route_config_name = 2; + + // The configuration for the filter chosen by filter_name. This is passed to the module's HTTP per-route filter initialization function. + // Together with the filter_name, the module can decide which in-module filter implementation to use and + // fine-tune the behavior of the filter on a specific route. + // + // For example, if a module has two filter implementations, one for logging and one for header manipulation, + // filter_name is used to choose either logging or header manipulation. The filter_config can be used to + // configure the logging level or the header manipulation behavior. + // + // ``google.protobuf.Struct`` is serialized as JSON before + // passing it to the plugin. ``google.protobuf.BytesValue`` and + // ``google.protobuf.StringValue`` are passed directly without the wrapper. + // + // .. code-block:: yaml + // + // # Passing in a string + // filter_config: + // "@type": "type.googleapis.com/google.protobuf.StringValue" + // value: hello + // + // # Passing in raw bytes + // filter_config: + // "@type": "type.googleapis.com/google.protobuf.BytesValue" + // value: aGVsbG8= # echo -n "hello" | base64 + // + google.protobuf.Any filter_config = 3; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto b/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto index f7c1d8405..54676a15b 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto @@ -12,6 +12,7 @@ import "envoy/type/matcher/v3/string.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; import "xds/annotations/v3/status.proto"; @@ -34,10 +35,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // The filter communicates with an external gRPC service called an "external processor" // that can do a variety of things with the request and response: // -// * Access and modify the HTTP headers on the request, response, or both -// * Access and modify the HTTP request and response bodies -// * Access and modify the dynamic stream metadata -// * Immediately send an HTTP response downstream and terminate other processing +// * Access and modify the HTTP headers on the request, response, or both. +// * Access and modify the HTTP request and response bodies. +// * Access and modify the dynamic stream metadata. +// * Immediately send an HTTP response downstream and terminate other processing. // // The filter communicates with the server using a gRPC bidirectional stream. After the initial // request, the external server is in control over what additional data is sent to it @@ -45,11 +46,11 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // // By implementing the protocol specified by the stream, the external server can choose: // -// * Whether it receives the response message at all -// * Whether it receives the message body at all, in separate chunks, or as a single buffer +// * Whether it receives the response message at all. +// * Whether it receives the message body at all, in separate chunks, or as a single buffer. // * Whether subsequent HTTP requests are transmitted synchronously or whether they are // sent asynchronously. -// * To modify request or response trailers if they already exist +// * To modify request or response trailers if they already exist. // // The filter supports up to six different processing steps. Each is represented by // a gRPC stream message that is sent to the external processor. For each message, the @@ -57,10 +58,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // // * Request headers: Contains the headers from the original HTTP request. // * Request body: Delivered if they are present and sent in a single message if -// the BUFFERED or BUFFERED_PARTIAL mode is chosen, in multiple messages if the -// STREAMED mode is chosen, and not at all otherwise. +// the ``BUFFERED`` or ``BUFFERED_PARTIAL`` mode is chosen, in multiple messages if the +// ``STREAMED`` mode is chosen, and not at all otherwise. // * Request trailers: Delivered if they are present and if the trailer mode is set -// to SEND. +// to ``SEND``. // * Response headers: Contains the headers from the HTTP response. Keep in mind // that if the upstream system sends them before processing the request body that // this message may arrive before the complete body. @@ -69,9 +70,9 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // request trailers. // // By default, the processor sends only the request and response headers messages. -// This may be changed to include any of the six steps by changing the processing_mode -// setting of the filter configuration, or by setting the mode_override of any response -// from the external processor. The latter is only enabled if allow_mode_override is +// This may be changed to include any of the six steps by changing the ``processing_mode`` +// setting of the filter configuration, or by setting the ``mode_override`` of any response +// from the external processor. The latter is only enabled if ``allow_mode_override`` is // set to true. This way, a processor may, for example, use information // in the request header to determine whether the message body must be examined, or whether // the proxy should simply stream it straight through. @@ -107,12 +108,12 @@ message ExternalProcessor { // field is set in an external processor response. DEFAULT = 0; - // Always clear the route cache irrespective of the clear_route_cache bit in + // Always clear the route cache irrespective of the ``clear_route_cache`` bit in // the external processor response. CLEAR = 1; - // Do not clear the route cache irrespective of the clear_route_cache bit in - // the external processor response. Setting to RETAIN is equivalent to set the + // Do not clear the route cache irrespective of the ``clear_route_cache`` bit in + // the external processor response. Setting to ``RETAIN`` is equivalent to setting the // :ref:`disable_clear_route_cache ` // to true. RETAIN = 2; @@ -131,12 +132,12 @@ message ExternalProcessor { // Configuration for the HTTP service that the filter will communicate with. // Only one of ``http_service`` or - // :ref:`grpc_service `. + // :ref:`grpc_service ` // can be set. It is required that one of them must be set. // // If ``http_service`` is set, the // :ref:`processing_mode ` - // can not be configured to send any body or trailers. i.e, http_service only supports + // cannot be configured to send any body or trailers. i.e., ``http_service`` only supports // sending request or response headers to the side stream server. // // With this configuration, Envoy behavior: @@ -146,7 +147,7 @@ message ExternalProcessor { // // 2. This proto message is then transcoded into a JSON text. // - // 3. Envoy then sends a HTTP POST message with content-type as "application/json", + // 3. Envoy then sends an HTTP POST message with content-type as "application/json", // and this JSON text as body to the side stream server. // // After the side-stream receives this HTTP request message, it is expected to do as follows: @@ -157,39 +158,52 @@ message ExternalProcessor { // 2. It then sets the mutated headers into a new proto message // :ref:`ProcessingResponse `. // - // 3. It converts ``ProcessingResponse`` proto message into a JSON text. + // 3. It converts the ``ProcessingResponse`` proto message into a JSON text. // - // 4. It then sends a HTTP response back to Envoy with status code as "200", - // content-type as "application/json" and sets the JSON text as the body. + // 4. It then sends an HTTP response back to Envoy with status code as ``"200"``, + // ``content-type`` as ``"application/json"`` and sets the JSON text as the body. // ExtProcHttpService http_service = 20 [ (udpa.annotations.field_migrate).oneof_promotion = "ext_proc_service_type", (xds.annotations.v3.field_status).work_in_progress = true ]; - // By default, if the gRPC stream cannot be established, or if it is closed - // prematurely with an error, the filter will fail. Specifically, if the - // response headers have not yet been delivered, then it will return a 500 - // error downstream. If they have been delivered, then instead the HTTP stream to the - // downstream client will be reset. - // With this parameter set to true, however, then if the gRPC stream is prematurely closed - // or could not be opened, processing continues without error. + // If the ``BodySendMode`` in the + // :ref:`processing_mode ` + // is set to ``FULL_DUPLEX_STREAMED``, ``failure_mode_allow`` can not be set to true. + // + // Otherwise, by default, if in the following cases: + // + // 1. The gRPC stream cannot be established. + // + // 2. The gRPC stream is closed prematurely with an error. + // + // 3. The external processing timeouts. + // + // 4. The ext_proc server sends back spurious response messages. + // + // The filter will fail and a local reply with error code + // 504(for timeout case) or 500(for all other cases), will be sent to the downstream. + // + // However, with this parameter set to true and if the above cases happen, the processing + // continues without error. + // bool failure_mode_allow = 2; // Specifies default options for how HTTP headers, trailers, and bodies are - // sent. See ProcessingMode for details. + // sent. See ``ProcessingMode`` for details. ProcessingMode processing_mode = 3; // Envoy provides a number of :ref:`attributes ` // for expressive policies. Each attribute name provided in this field will be - // matched against that list and populated in the request_headers message. + // matched against that list and populated in the ``request_headers`` message. // See the :ref:`attribute documentation ` // for the list of supported attributes and their types. repeated string request_attributes = 5; // Envoy provides a number of :ref:`attributes ` // for expressive policies. Each attribute name provided in this field will be - // matched against that list and populated in the response_headers message. + // matched against that list and populated in the ``response_headers`` message. // See the :ref:`attribute documentation ` // for the list of supported attributes and their types. repeated string response_attributes = 6; @@ -208,7 +222,7 @@ message ExternalProcessor { }]; // Optional additional prefix to use when emitting statistics. This allows to distinguish - // emitted statistics between configured *ext_proc* filters in an HTTP filter chain. + // emitted statistics between configured ``ext_proc`` filters in an HTTP filter chain. string stat_prefix = 8; // Rules that determine what modifications an external processing server may @@ -258,12 +272,12 @@ message ExternalProcessor { // Options related to the sending and receiving of dynamic metadata. MetadataOptions metadata_options = 16; - // If true, send each part of the HTTP request or response specified by ProcessingMode + // If true, send each part of the HTTP request or response specified by ``ProcessingMode`` // without pausing on filter chain iteration. It is "Send and Go" mode that can be used // by external processor to observe Envoy data and status. In this mode: // - // 1. Only STREAMED body processing mode is supported and any other body processing modes will be - // ignored. NONE mode(i.e., skip body processing) will still work as expected. + // 1. Only ``STREAMED`` body processing mode is supported and any other body processing modes will be + // ignored. ``NONE`` mode (i.e., skip body processing) will still work as expected. // // 2. External processor should not send back processing response, as any responses will be ignored. // This also means that @@ -274,7 +288,7 @@ message ExternalProcessor { // // .. warning:: // - // Flow control is necessary mechanism to prevent the fast sender (either downstream client or upstream server) + // Flow control is a necessary mechanism to prevent the fast sender (either downstream client or upstream server) // from overwhelming the external processor when its processing speed is slower. // This protective measure is being explored and developed but has not been ready yet, so please use your own // discretion when enabling this feature. @@ -291,7 +305,7 @@ message ExternalProcessor { [(udpa.annotations.field_migrate).oneof_promotion = "clear_route_cache_type"]; // Specifies the action to be taken when an external processor response is - // received in response to request headers. It is recommended to set this field than set + // received in response to request headers. It is recommended to set this field rather than set // :ref:`disable_clear_route_cache `. // Only one of ``disable_clear_route_cache`` or ``route_cache_action`` can be set. RouteCacheAction route_cache_action = 18 @@ -305,7 +319,7 @@ message ExternalProcessor { google.protobuf.Duration deferred_close_timeout = 19; // Send body to the side stream server once it arrives without waiting for the header response from that server. - // It only works for STREAMED body processing mode. For any other body processing modes, it is ignored. + // It only works for ``STREAMED`` body processing mode. For any other body processing modes, it is ignored. // The server has two options upon receiving a header request: // // 1. Instant Response: send the header response as soon as the header request is received. @@ -327,7 +341,7 @@ message ExternalProcessor { // can only be overridden by the response message from the external processing server iff the // :ref:`mode_override ` is allowed by // the ``allowed_override_modes`` allow-list below. - // Since request_header_mode is not applicable in any way, it's ignored in comparison. + // Since ``request_header_mode`` is not applicable in any way, it's ignored in comparison. repeated ProcessingMode allowed_override_modes = 22; // Decorator to introduce custom logic that runs after a message received from @@ -353,11 +367,11 @@ message ExtProcHttpService { message MetadataOptions { message MetadataNamespaces { // Specifies a list of metadata namespaces whose values, if present, - // will be passed to the ext_proc service as an opaque *protobuf::Struct*. + // will be passed to the ``ext_proc`` service as an opaque ``protobuf::Struct``. repeated string untyped = 1; // Specifies a list of metadata namespaces whose values, if present, - // will be passed to the ext_proc service as a *protobuf::Any*. This allows + // will be passed to the ``ext_proc`` service as a ``protobuf::Any``. This allows // envoy and the external processing server to share the protobuf message // definition for safe parsing. repeated string typed = 2; @@ -413,7 +427,7 @@ message ExtProcPerRoute { } // Overrides that may be set on a per-route basis -// [#next-free-field: 8] +// [#next-free-field: 9] message ExtProcOverrides { // Set a different processing mode for this route than the default. ProcessingMode processing_mode = 1; @@ -442,9 +456,14 @@ message ExtProcOverrides { // most-specific config contains the correct final overrides. MetadataOptions metadata_options = 6; - // Additional metadata to include into streams initiated to the ext_proc gRPC + // Additional metadata to include into streams initiated to the ``ext_proc`` gRPC // service. This can be used for scenarios in which additional ad hoc // authorization headers (e.g. ``x-foo-bar: baz-key``) are to be injected or // when a route needs to partially override inherited metadata. repeated config.core.v3.HeaderValue grpc_initial_metadata = 7; + + // If true, the filter will not fail closed if the gRPC stream is prematurely closed + // or could not be opened. This field is the per-route override of + // :ref:`failure_mode_allow `. + google.protobuf.BoolValue failure_mode_allow = 8; } diff --git a/api/src/main/proto/envoy/extensions/filters/http/grpc_json_reverse_transcoder/v3/transcoder.proto b/api/src/main/proto/envoy/extensions/filters/http/grpc_json_reverse_transcoder/v3/transcoder.proto index ddcae1ad8..f8dc4636a 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/grpc_json_reverse_transcoder/v3/transcoder.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/grpc_json_reverse_transcoder/v3/transcoder.proto @@ -17,7 +17,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // gRPC-JSON reverse transcoder :ref:`configuration overview `. // [#extension: envoy.filters.http.grpc_json_reverse_transcoder] -// [#next-free-field: 6] +// [#next-free-field: 7] // ``GrpcJsonReverseTranscoder`` is the filter configuration for the gRPC JSON // reverse transcoder. The reverse transcoder acts as a bridge between a gRPC // client and an HTTP/JSON server, converting the gRPC request into HTTP/JSON @@ -26,6 +26,68 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // :ref:`grpc_json_transcoder filter `, // allowing a gRPC client to communicate with an HTTP/JSON server. message GrpcJsonReverseTranscoder { + message PrintOptions { + // Whether to always print primitive fields. By default primitive + // fields with default values will be omitted in JSON output. For + // example, an int32 field set to 0 will be omitted. Setting this flag to + // true will override the default behavior and print primitive fields + // regardless of their values. Defaults to false. + bool always_print_primitive_fields = 1; + + // Whether to always print enums as ints. By default they are rendered + // as strings. Defaults to false. + bool always_print_enums_as_ints = 2; + + // Whether to convert the proto field names to ``json_name`` annotation value, or lower camel case, + // in absence of ``json_name``. By default the field names will be preserved after conversion. + // Setting this flag will convert the field names to their canonical form. Defaults to false. + // + // Example: + // + // .. code-block:: proto + // + // message Author { + // int64 id = 1; + // enum Gender { + // UNKNOWN = 0; + // MALE = 1; + // FEMALE = 2; + // }; + // Gender gender = 2; + // string first_name = 3; + // string last_name = 4 [json_name = "lname"]; + // } + // + // The above proto message after being transcoded to JSON with + // ``use_canonical_field_names`` set to ``false`` will have the + // field names same as in the proto message, as follows: + // + // .. code-block:: json + // + // { + // "id": "12345", + // "gender": "MALE", + // "first_name": "John", + // "last_name": "Doe" + // } + // + // and with the ``use_canonical_field_names`` set to ``true``, the + // transcoded JSON will have ``first_name`` converted to camelCase + // and ``last_name`` converted to its ``json_name`` annotation value, + // as follows: + // + // .. code-block:: json + // + // { + // "id": "12345", + // "gender": "MALE", + // "firstName": "John", + // "lname": "Doe" + // } + // + bool use_canonical_field_names = 3; + } + // Supplies the filename of // :ref:`the proto descriptor set // ` for the gRPC services. @@ -58,4 +120,9 @@ message GrpcJsonReverseTranscoder { // The name of the header field that has the API version of the request. string api_version_header = 5; + + // Control options for upstream request JSON. These options are passed directly to + // `JsonPrintOptions `_. + PrintOptions request_json_print_options = 6; } diff --git a/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto b/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto index 4fcf1b98e..8562c9df1 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto @@ -47,7 +47,7 @@ message GrpcJsonTranscoder { ALL_CHARACTERS = 2; } - // [#next-free-field: 6] + // [#next-free-field: 7] message PrintOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.transcoder.v2.GrpcJsonTranscoder.PrintOptions"; @@ -74,6 +74,11 @@ message GrpcJsonTranscoder { // If true, return all streams as newline-delimited JSON messages instead of as a comma-separated array bool stream_newline_delimited = 5; + + // If true, enforces Server-Sent Events (SSE) message framing (``data: + // \n\n``) and, ``stream_newline_delimited`` is ignored. If false, + // message framing is determined by ``stream_newline_delimited``. + bool stream_sse_style_delimited = 6; } message RequestValidationOptions { diff --git a/api/src/main/proto/envoy/extensions/filters/http/header_mutation/v3/header_mutation.proto b/api/src/main/proto/envoy/extensions/filters/http/header_mutation/v3/header_mutation.proto index ca951db82..6215eab83 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/header_mutation/v3/header_mutation.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/header_mutation/v3/header_mutation.proto @@ -14,8 +14,10 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/fil option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Header mutation filter configuration] +// Mutate HTTP headers and trailers in requests and responses. // [#extension: envoy.filters.http.header_mutation] +// [#next-free-field: 6] message Mutations { // The request mutations are applied before the request is forwarded to the upstream cluster. repeated config.common.mutation_rules.v3.HeaderMutation request_mutations = 1; @@ -26,6 +28,12 @@ message Mutations { // The response mutations are applied before the response is sent to the downstream client. repeated config.common.mutation_rules.v3.HeaderMutation response_mutations = 2; + + // The response trailer mutations are applied before the response is sent to the downstream client. + repeated config.common.mutation_rules.v3.HeaderMutation response_trailers_mutations = 4; + + // The request trailer mutations are applied before the request is sent to the upstream cluster. + repeated config.common.mutation_rules.v3.HeaderMutation request_trailers_mutations = 5; } // Per route configuration for the header mutation filter. diff --git a/api/src/main/proto/envoy/extensions/filters/http/local_ratelimit/v3/local_rate_limit.proto b/api/src/main/proto/envoy/extensions/filters/http/local_ratelimit/v3/local_rate_limit.proto index b0199c04b..8306adda2 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/local_ratelimit/v3/local_rate_limit.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/local_ratelimit/v3/local_rate_limit.proto @@ -130,6 +130,20 @@ message LocalRateLimit { // Defines the standard version to use for X-RateLimit headers emitted by the filter. // + // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the + // client in the current time-window followed by the description of the + // quota policy. + // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the + // current time-window. + // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of + // the current time-window. + // + // In case rate limiting policy specifies more then one time window, the values + // above represent the window that is closest to reaching its limit. + // + // For more information about the headers specification see selected version of + // the `draft RFC `_. + // // Disabled by default. common.ratelimit.v3.XRateLimitHeadersRFCVersion enable_x_ratelimit_headers = 12 [(validate.rules).enum = {defined_only: true}]; diff --git a/api/src/main/proto/envoy/extensions/filters/http/lua/v3/lua.proto b/api/src/main/proto/envoy/extensions/filters/http/lua/v3/lua.proto index c8b914999..115749e72 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/lua/v3/lua.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/lua/v3/lua.proto @@ -4,6 +4,7 @@ package envoy.extensions.filters.http.lua.v3; import "envoy/config/core/v3/base.proto"; +import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "envoy/annotations/deprecation.proto"; @@ -91,8 +92,6 @@ message Lua { message LuaPerRoute { oneof override { - option (validate.required) = true; - // Disable the Lua filter for this particular vhost or route. If disabled is specified in // multiple per-filter-configs, the most specific one will be used. bool disabled = 1 [(validate.rules).bool = {const: true}]; @@ -104,4 +103,18 @@ message LuaPerRoute { // A configured per-route Lua source code that can be served by RDS or provided inline. config.core.v3.DataSource source_code = 3; } + + // Optional filter context for Lua script. This could be used to pass configuration + // to Lua script. The Lua script can access the filter context using ``handle:filterContext()``. + // For example: + // + // .. code-block:: lua + // + // function envoy_on_request(request_handle) + // local filter_context = request_handle:filterContext() + // local filter_context_value = filter_context["key"] + // -- Do something with filter_context_value. + // end + // + google.protobuf.Struct filter_context = 4; } diff --git a/api/src/main/proto/envoy/extensions/filters/http/oauth2/v3/oauth.proto b/api/src/main/proto/envoy/extensions/filters/http/oauth2/v3/oauth.proto index 90f4401e8..1cb1fc7ac 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/oauth2/v3/oauth.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/oauth2/v3/oauth.proto @@ -126,7 +126,7 @@ message OAuth2Credentials { // OAuth config // -// [#next-free-field: 23] +// [#next-free-field: 26] message OAuth2Config { enum AuthType { // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body. @@ -146,6 +146,14 @@ message OAuth2Config { // The endpoint redirect to for authorization in response to unauthorized requests. string authorization_endpoint = 2 [(validate.rules).string = {min_len: 1}]; + // The endpoint at the authorization server to request the user be logged out of the Authorization server. + // This field is optional and should be set only if openid is in the auth_scopes and the authorization server + // supports the OpenID Connect RP-Initiated Logout specification. + // For more information, see https://openid.net/specs/openid-connect-rpinitiated-1_0.html + // + // If configured, the OAuth2 filter will redirect users to this endpoint when they access the signout_path. + string end_session_endpoint = 23; + // Credentials used for OAuth. OAuth2Credentials credentials = 3 [(validate.rules).message = {required: true}]; @@ -234,6 +242,18 @@ message OAuth2Config { // Optional additional prefix to use when emitting statistics. string stat_prefix = 22; + + // Optional expiration time for the CSRF protection token cookie. + // The CSRF token prevents cross-site request forgery attacks during the OAuth2 flow. + // If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time + // for users to complete the OAuth2 authorization flow. + google.protobuf.Duration csrf_token_expires_in = 24; + + // Optional expiration time for the code verifier cookie. + // The code verifier is stored in a secure, HTTP-only cookie during the OAuth2 authorization process. + // If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time + // for users to complete the OAuth2 authorization flow. + google.protobuf.Duration code_verifier_token_expires_in = 25; } // Filter config. diff --git a/api/src/main/proto/envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto b/api/src/main/proto/envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto new file mode 100644 index 000000000..b41e0a416 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto @@ -0,0 +1,89 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.proto_api_scrubber.v3; + +import "envoy/config/core/v3/base.proto"; + +import "xds/annotations/v3/status.proto"; +import "xds/type/matcher/v3/matcher.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.proto_api_scrubber.v3"; +option java_outer_classname = "ConfigProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/proto_api_scrubber/v3;proto_api_scrubberv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (xds.annotations.v3.file_status).work_in_progress = true; + +// [#protodoc-title: Proto API Scrubber] +// [#not-implemented-hide:] Implementation in progress. +// [#extension: envoy.filters.http.proto_api_scrubber] + +// ProtoApiScrubber filter supports filtering of the request and +// response payloads based on the configured field restrictions and actions. +// The field restrictions and actions can be defined using unified matcher API. +// The filter evaluates the configured restriction for each field +// to produce the filtered output using the configured actions. +// This filter currently supports only field level restrictions. +// Restriction support for other proto elements (eg, message +// level restriction, method level restriction, etc.) are planned to be +// implemented in future. The design doc for this filter is available +// `here `_ + +message ProtoApiScrubberConfig { + // An enum enlisting all the filtering modes supported by this filter. + enum FilteringMode { + // Override the original request/response body with the filtered + // request/response body. + OVERRIDE = 0; + } + + // The proto descriptor set for the proto services. + DescriptorSet descriptor_set = 1; + + // Contains the restrictions for the supported proto elements. + Restrictions restrictions = 2; + + // Specifies the filtering mode of this filter. + FilteringMode filtering_mode = 3; +} + +// Specifies the descriptor set for proto services. +message DescriptorSet { + // It could be passed by a local file through ``Datasource.filename`` or + // embedded in the ``Datasource.inline_bytes``. + config.core.v3.DataSource data_source = 1; +} + +// Contains the restrictions for the methods. +message Restrictions { + // Specifies the method restrictions. + // Key - Fully qualified method name e.g., ``endpoints.examples.bookstore.BookStore/GetShelf``. + // Value - Method restrictions. + map method_restrictions = 1; +} + +// Contains the method restrictions which include the field level restrictions +// for the request and response fields. +message MethodRestrictions { + // Restrictions that apply to request fields of the method. + // Key - field mask like path of the field eg, foo.bar.baz + // Value - Restrictions map containing the mapping from restriction name to + // the restriction values. + map request_field_restrictions = 1; + + // Restrictions that apply to response fields of the method. + // Key - field mask like path of the field eg, foo.bar.baz + // Value - Restrictions map containing the mapping from restriction name to + // the restriction values. + map response_field_restrictions = 2; +} + +// The restriction configuration. +message RestrictionConfig { + // Matcher tree for matching requests and responses with the configured restrictions. + // NOTE: Currently, only CEL expressions are supported for matching. Support for more + // matchers will be added incrementally overtime. + xds.type.matcher.v3.Matcher matcher = 1; +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/proto_api_scrubber/v3/matcher_actions.proto b/api/src/main/proto/envoy/extensions/filters/http/proto_api_scrubber/v3/matcher_actions.proto new file mode 100644 index 000000000..a6f3c7eff --- /dev/null +++ b/api/src/main/proto/envoy/extensions/filters/http/proto_api_scrubber/v3/matcher_actions.proto @@ -0,0 +1,21 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.proto_api_scrubber.v3; + +import "xds/annotations/v3/status.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.proto_api_scrubber.v3"; +option java_outer_classname = "MatcherActionsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/proto_api_scrubber/v3;proto_api_scrubberv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (xds.annotations.v3.file_status).work_in_progress = true; + +// [#protodoc-title: Proto API Scrubber Matcher Actions] + +// Specifies an :ref:`Unified Matcher API ` action to remove a field. +// This actual action needs to be implemented by the filter using it. +message RemoveFieldAction { +} diff --git a/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto b/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto index f135424cb..e59217b9f 100644 --- a/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto +++ b/api/src/main/proto/envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto @@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Rate limit :ref:`configuration overview `. // [#extension: envoy.filters.http.ratelimit] -// [#next-free-field: 16] +// [#next-free-field: 17] message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.rate_limit.v2.RateLimit"; @@ -95,7 +95,7 @@ message RateLimit { // in :ref:`duration_until_reset` // field. // - // In case rate limiting policy specifies more then one time window, the values + // In case rate limiting policy specifies more than one time window, the values // above represent the window that is closest to reaching its limit. // // For more information about the headers specification see selected version of @@ -149,6 +149,24 @@ message RateLimit { // the fraction of requests to enforce rate limits on. And the default percentage of the // runtime key is 100% for backwards compatibility. config.core.v3.RuntimeFractionalPercent filter_enforced = 15; + + // If set, this will override the failure_mode_deny parameter with a runtime fraction. + // If the runtime key is not specified, the value of failure_mode_deny will be used. + // + // Example: + // + // .. code-block:: yaml + // + // failure_mode_deny: true + // failure_mode_deny_percent: + // default_value: + // numerator: 50 + // denominator: HUNDRED + // runtime_key: ratelimit.failure_mode_deny_percent + // + // This means that when the rate limit service is unavailable, 50% of requests will be denied + // (fail closed) and 50% will be allowed (fail open). + config.core.v3.RuntimeFractionalPercent failure_mode_deny_percent = 16; } message RateLimitPerRoute { diff --git a/api/src/main/proto/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto b/api/src/main/proto/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto index db2d07c8d..f7e474d20 100644 --- a/api/src/main/proto/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto +++ b/api/src/main/proto/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto @@ -25,6 +25,11 @@ message TlsInspector { // Populate ``JA3`` fingerprint hash using data from the TLS Client Hello packet. Default is false. google.protobuf.BoolValue enable_ja3_fingerprinting = 1; + // Populate ``JA4`` fingerprint hash using data from the TLS Client Hello packet. + // ``JA4`` is an improved version of ``JA3`` that includes TLS version, ciphers, extensions, + // and ALPN information in a hex format. Default is false. + google.protobuf.BoolValue enable_ja4_fingerprinting = 3; + // The size in bytes of the initial buffer requested by the tls_inspector. // If the filter needs to read additional bytes from the socket, the // filter will double the buffer up to it's default maximum of 64KiB. diff --git a/api/src/main/proto/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto b/api/src/main/proto/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto index d79f80c49..744c6f7bd 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto @@ -27,12 +27,14 @@ option (xds.annotations.v3.file_status).work_in_progress = true; // this filter operates at the L4 (transport) layer, giving access to raw network traffic. // // The filter communicates with an external gRPC service that can: -// * Inspect traffic in both directions -// * Modify the network traffic -// * Control connection lifecycle (continue, close, or reset) +// +// 1. Inspect traffic in both directions +// 2. Modify the network traffic +// 3. Control connection lifecycle (continue, close, or reset) // // By using the filter's processing mode, you can selectively choose which data // directions to process (read, write or both), allowing for efficient processing. +// [#next-free-field: 7] message NetworkExternalProcessor { // The gRPC service that will process network traffic. // This service must implement the NetworkExternalProcessor service @@ -60,6 +62,11 @@ message NetworkExternalProcessor { lte {seconds: 3600} gte {} }]; + + string stat_prefix = 5 [(validate.rules).string = {min_len: 1}]; + + // Options related to the sending and receiving of dynamic metadata. + MetadataOptions metadata_options = 6; } // Options for controlling processing behavior. @@ -82,3 +89,23 @@ message ProcessingMode { // Default: STREAMED DataSendMode process_write = 2; } + +// The MetadataOptions structure defines options for sending dynamic metadata. Specifically, +// which namespaces to send to the server. +message MetadataOptions { + message MetadataNamespaces { + // Specifies a list of metadata namespaces whose values, if present, + // will be passed to the ext_proc service as an opaque *protobuf::Struct*. + repeated string untyped = 1; + + // Specifies a list of metadata namespaces whose values, if present, + // will be passed to the ext_proc service as a *protobuf::Any*. This allows + // envoy and the external processing server to share the protobuf message + // definition for safe parsing. + repeated string typed = 2; + } + + // Describes which typed or untyped dynamic metadata namespaces to forward to + // the external processing server. + MetadataNamespaces forwarding_namespaces = 1; +} diff --git a/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index ce549d6a9..e0282af86 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -99,33 +99,43 @@ message HttpConnectionManager { ALWAYS_FORWARD_ONLY = 4; } - // Determines the action for request that contain %2F, %2f, %5C or %5c sequences in the URI path. + // Determines the action for request that contain ``%2F``, ``%2f``, ``%5C`` or ``%5c`` sequences in the URI path. // This operation occurs before URL normalization and the merge slashes transformations if they were enabled. enum PathWithEscapedSlashesAction { // Default behavior specific to implementation (i.e. Envoy) of this configuration option. // Envoy, by default, takes the KEEP_UNCHANGED action. - // NOTE: the implementation may change the default behavior at-will. + // + // .. note:: + // + // The implementation may change the default behavior at-will. IMPLEMENTATION_SPECIFIC_DEFAULT = 0; // Keep escaped slashes. KEEP_UNCHANGED = 1; // Reject client request with the 400 status. gRPC requests will be rejected with the INTERNAL (13) error code. - // The "httpN.downstream_rq_failed_path_normalization" counter is incremented for each rejected request. + // The ``httpN.downstream_rq_failed_path_normalization`` counter is incremented for each rejected request. REJECT_REQUEST = 2; - // Unescape %2F and %5C sequences and redirect request to the new path if these sequences were present. + // Unescape ``%2F`` and ``%5C`` sequences and redirect request to the new path if these sequences were present. // Redirect occurs after path normalization and merge slashes transformations if they were configured. - // NOTE: gRPC requests will be rejected with the INTERNAL (13) error code. - // This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to - // traverse all parties: downstream client, intermediate proxies, Envoy and upstream server. - // The "httpN.downstream_rq_redirected_with_normalized_path" counter is incremented for each - // redirected request. + // + // .. note:: + // + // gRPC requests will be rejected with the INTERNAL (13) error code. This option minimizes possibility of path + // confusion exploits by forcing request with unescaped slashes to traverse all parties: downstream client, + // intermediate proxies, Envoy and upstream server. The ``httpN.downstream_rq_redirected_with_normalized_path`` + // counter is incremented for each redirected request. + // UNESCAPE_AND_REDIRECT = 3; - // Unescape %2F and %5C sequences. - // Note: this option should not be enabled if intermediaries perform path based access control as - // it may lead to path confusion vulnerabilities. + // Unescape ``%2F`` and ``%5C`` sequences. + // + // .. note:: + // + // This option should not be enabled if intermediaries perform path based access control as it may lead to path + // confusion vulnerabilities. + // UNESCAPE_AND_FORWARD = 4; } @@ -258,13 +268,12 @@ message HttpConnectionManager { // // .. warning:: // - // The current implementation of upgrade headers does not handle - // multi-valued upgrade headers. Support for multi-valued headers may be - // added in the future if needed. + // The current implementation of upgrade headers does not handle multi-valued upgrade headers. Support for + // multi-valued headers may be added in the future if needed. // // .. warning:: - // The current implementation of upgrade headers does not work with HTTP/2 - // upstreams. + // The current implementation of upgrade headers does not work with HTTP/2 upstreams. + // message UpgradeConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager." @@ -296,7 +305,10 @@ message HttpConnectionManager { // `) will apply to the ``:path`` header // destined for the upstream. // - // Note: access logging and tracing will show the original ``:path`` header. + // .. note:: + // + // Access logging and tracing will show the original ``:path`` header. + // message PathNormalizationOptions { // [#not-implemented-hide:] Normalization applies internally before any processing of requests by // HTTP filters, routing, and matching *and* will affect the forwarded ``:path`` header. Defaults @@ -434,23 +446,23 @@ message HttpConnectionManager { Tracing tracing = 7; // Additional settings for HTTP requests handled by the connection manager. These will be - // applicable to both HTTP1 and HTTP2 requests. + // applicable to both HTTP/1.1 and HTTP/2 requests. config.core.v3.HttpProtocolOptions common_http_protocol_options = 35 [(udpa.annotations.security).configure_for_untrusted_downstream = true]; - // If set to true, Envoy will not start a drain timer for downstream HTTP1 connections after - // :ref:`common_http_protocol_options.max_connection_duration - // ` passes. - // Instead, Envoy will wait for the next downstream request, add connection:close to the response - // headers, then close the connection after the stream ends. + // If set to ``true``, Envoy will not initiate an immediate drain timer for downstream HTTP/1 connections + // once :ref:`common_http_protocol_options.max_connection_duration + // ` is exceeded. + // Instead, Envoy will wait until the next downstream request arrives, add a ``connection: close`` header + // to the response, and then gracefully close the connection once the stream has completed. // - // This behavior is compliant with `RFC 9112 section 9.6 `_ + // This behavior adheres to `RFC 9112, Section 9.6 `_. // - // If set to false, ``max_connection_duration`` will cause Envoy to enter the normal drain - // sequence for HTTP1 with Envoy eventually closing the connection (once there are no active - // streams). + // If set to ``false``, exceeding ``max_connection_duration`` triggers Envoy's default drain behavior for HTTP/1, + // where the connection is eventually closed after all active streams finish. // - // Has no effect if ``max_connection_duration`` is unset. Defaults to false. + // This option has no effect if ``max_connection_duration`` is not configured. + // Defaults to ``false``. bool http1_safe_max_connection_duration = 58; // Additional HTTP/1 settings that are passed to the HTTP/1 codec. @@ -488,9 +500,13 @@ message HttpConnectionManager { // The default value can be overridden by setting runtime key ``envoy.reloadable_features.max_request_headers_size_kb``. // Requests that exceed this limit will receive a 431 response. // - // Note: currently some protocol codecs impose limits on the maximum size of a single header: - // HTTP/2 (when using nghttp2) limits a single header to around 100kb. - // HTTP/3 limits a single header to around 1024kb. + // .. note:: + // + // Currently some protocol codecs impose limits on the maximum size of a single header. + // + // * HTTP/2 (when using nghttp2) limits a single header to around 100kb. + // * HTTP/3 limits a single header to around 1024kb. + // google.protobuf.UInt32Value max_request_headers_kb = 29 [(validate.rules).uint32 = {lte: 8192 gt: 0}]; @@ -568,31 +584,34 @@ message HttpConnectionManager { // during which Envoy will wait for the peer to close (i.e., a TCP FIN/RST is received by Envoy // from the downstream connection) prior to Envoy closing the socket associated with that // connection. - // NOTE: This timeout is enforced even when the socket associated with the downstream connection - // is pending a flush of the write buffer. However, any progress made writing data to the socket - // will restart the timer associated with this timeout. This means that the total grace period for - // a socket in this state will be - // +. + // + // .. note:: + // + // This timeout is enforced even when the socket associated with the downstream connection is pending a flush of + // the write buffer. However, any progress made writing data to the socket will restart the timer associated with + // this timeout. This means that the total grace period for a socket in this state will be + // +. // // Delaying Envoy's connection close and giving the peer the opportunity to initiate the close // sequence mitigates a race condition that exists when downstream clients do not drain/process // data in a connection's receive buffer after a remote close has been detected via a socket - // write(). This race leads to such clients failing to process the response code sent by Envoy, + // ``write()``. This race leads to such clients failing to process the response code sent by Envoy, // which could result in erroneous downstream processing. // // If the timeout triggers, Envoy will close the connection's socket. // // The default timeout is 1000 ms if this option is not specified. // - // .. NOTE:: + // .. note:: // To be useful in avoiding the race condition described above, this timeout must be set // to *at least* +<100ms to account for // a reasonable "worst" case processing time for a full iteration of Envoy's event loop>. // - // .. WARNING:: - // A value of 0 will completely disable delayed close processing. When disabled, the downstream + // .. warning:: + // A value of ``0`` will completely disable delayed close processing. When disabled, the downstream // connection's socket will be closed immediately after the write flush is completed or will // never close if the write flush does not complete. + // google.protobuf.Duration delayed_close_timeout = 26; // Configuration for :ref:`HTTP access logs ` @@ -649,20 +668,19 @@ message HttpConnectionManager { // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. uint32 xff_num_trusted_hops = 19; - // The configuration for the original IP detection extensions. + // Configuration for original IP detection extensions. // - // When configured the extensions will be called along with the request headers - // and information about the downstream connection, such as the directly connected address. - // Each extension will then use these parameters to decide the request's effective remote address. - // If an extension fails to detect the original IP address and isn't configured to reject - // the request, the HCM will try the remaining extensions until one succeeds or rejects - // the request. If the request isn't rejected nor any extension succeeds, the HCM will - // fallback to using the remote address. + // When these extensions are configured, Envoy will invoke them with the incoming request headers and + // details about the downstream connection, including the directly connected address. Each extension uses + // this information to determine the effective remote IP address for the request. If an extension cannot + // identify the original IP address and isn't set to reject the request, Envoy will sequentially attempt + // the remaining extensions until one successfully determines the IP or explicitly rejects the request. + // If all extensions fail without rejection, Envoy defaults to using the directly connected remote address. // - // .. WARNING:: - // Extensions cannot be used in conjunction with :ref:`use_remote_address + // .. warning:: + // These extensions cannot be configured simultaneously with :ref:`use_remote_address // ` - // nor :ref:`xff_num_trusted_hops + // or :ref:`xff_num_trusted_hops // `. // // [#extension-category: envoy.http.original_ip_detection] diff --git a/api/src/main/proto/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto b/api/src/main/proto/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto index 21c87a12e..40cc2858d 100644 --- a/api/src/main/proto/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto +++ b/api/src/main/proto/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto @@ -4,6 +4,7 @@ package envoy.extensions.filters.network.redis_proxy.v3; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/grpc_service.proto"; +import "envoy/extensions/common/aws/v3/credential_provider.proto"; import "envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto"; import "google/protobuf/duration.proto"; @@ -381,11 +382,42 @@ message RedisProtocolOptions { // Upstream server password as defined by the ``requirepass`` directive // ``_ in the server's configuration file. + // If ``aws_iam`` is set, this field is ignored. config.core.v3.DataSource auth_password = 1 [(udpa.annotations.sensitive) = true]; // Upstream server username as defined by the ``user`` directive // ``_ in the server's configuration file. + // If ``aws_iam``` is set, this field will be used as the authenticating user for redis IAM authentication. + // See ``Create a new IAM-enabled user`` under `Setup `_ for more details. config.core.v3.DataSource auth_username = 2 [(udpa.annotations.sensitive) = true]; + + // The cluster level configuration for AWS IAM authentication + AwsIam aws_iam = 3; +} + +// [#next-free-field: 6] +message AwsIam { + // An AwsCredentialProvider, allowing the use of a specific credential provider chain or specific provider settings + common.aws.v3.AwsCredentialProvider credential_provider = 1; + + // The name of the cache, used when generating the authentication token. + string cache_name = 2 [(validate.rules).string = {min_len: 1}]; + + // The optional service name to be used in AWS IAM authentication. If not provided, the service name will be set to ``elasticache``. For Amazon MemoryDB + // the service name should be set to ``memorydb``. + string service_name = 3; + + // The optional AWS region that your cache is located in. If not provided, the region will be deduced using the region provider chain + // as described in :ref:`config_http_filters_aws_request_signing_region`. + string region = 4; + + // Number of seconds before the IAM authentication token will expire. If not set, defaults to 60s (1 minute). Maximum of 900s (15 minutes) + // Expiration of the current authentication token will automatically trigger generation of a new token. + // As envoy will automatically continue to generate new tokens as required, there is no substantial benefit to using a long expiration value here. + google.protobuf.Duration expiration_time = 5 [(validate.rules).duration = { + lte {seconds: 900} + gte {} + }]; } // RedisExternalAuthProvider specifies a gRPC service that can be used to authenticate Redis clients. diff --git a/api/src/main/proto/envoy/extensions/geoip_providers/maxmind/v3/maxmind.proto b/api/src/main/proto/envoy/extensions/geoip_providers/maxmind/v3/maxmind.proto index c83f9b56e..fb665ac27 100644 --- a/api/src/main/proto/envoy/extensions/geoip_providers/maxmind/v3/maxmind.proto +++ b/api/src/main/proto/envoy/extensions/geoip_providers/maxmind/v3/maxmind.proto @@ -32,6 +32,7 @@ message MaxMindConfig { // Full file path to the Maxmind ASN database, e.g. /etc/GeoLite2-ASN.mmdb. // Database file is expected to have .mmdb extension. + // When is defined the ASN information will always be fetched from the ``asn_db``. string asn_db_path = 2 [(validate.rules).string = {pattern: "^$|^.*\\.mmdb$"}]; // Full file path to the Maxmind anonymous IP database, e.g. /etc/GeoIP2-Anonymous-IP.mmdb. @@ -40,6 +41,8 @@ message MaxMindConfig { // Full file path to the Maxmind ISP database, e.g. /etc/GeoLite2-ISP.mmdb. // Database file is expected to have .mmdb extension. + // If ``asn_db_path`` is not defined, ASN information will be fetched from + // ``isp_db`` instead. string isp_db_path = 5 [(validate.rules).string = {pattern: "^$|^.*\\.mmdb$"}]; // Common provider configuration that specifies which geolocation headers will be populated with geolocation data. diff --git a/api/src/main/proto/envoy/extensions/health_checkers/redis/v3/redis.proto b/api/src/main/proto/envoy/extensions/health_checkers/redis/v3/redis.proto index caa385996..1277c05e0 100644 --- a/api/src/main/proto/envoy/extensions/health_checkers/redis/v3/redis.proto +++ b/api/src/main/proto/envoy/extensions/health_checkers/redis/v3/redis.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.extensions.health_checkers.redis.v3; +import "envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto"; + import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -24,4 +26,7 @@ message Redis { // than 0 is considered a failure. This allows the user to mark a Redis instance for maintenance // by setting the specified key to any value and waiting for traffic to drain. string key = 1; + + // Use AWS IAM for health checker authentication + filters.network.redis_proxy.v3.AwsIam aws_iam = 2; } diff --git a/api/src/main/proto/envoy/extensions/http/header_validators/envoy_default/v3/header_validator.proto b/api/src/main/proto/envoy/extensions/http/header_validators/envoy_default/v3/header_validator.proto index b0dc6ce84..0a1e88fb5 100644 --- a/api/src/main/proto/envoy/extensions/http/header_validators/envoy_default/v3/header_validator.proto +++ b/api/src/main/proto/envoy/extensions/http/header_validators/envoy_default/v3/header_validator.proto @@ -15,25 +15,33 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // This extension validates that HTTP request and response headers are well formed according to respective RFCs. // -// #. HTTP/1 header map validity according to `RFC 7230 section 3.2 `_ -// #. Syntax of HTTP/1 request target URI and response status -// #. HTTP/2 header map validity according to `RFC 7540 section 8.1.2 `_ -// #. Syntax of HTTP/2 pseudo headers -// #. HTTP/3 header map validity according to `RFC 9114 section 4.3 `_ -// #. Syntax of HTTP/3 pseudo headers -// #. Syntax of Content-Length and Transfer-Encoding -// #. Validation of HTTP/1 requests with both ``Content-Length`` and ``Transfer-Encoding`` headers +// The validator performs comprehensive HTTP header validation including: +// +// #. HTTP/1 header map validity according to `RFC 7230 section 3.2 `_. +// #. Syntax of HTTP/1 request target URI and response status. +// #. HTTP/2 header map validity according to `RFC 7540 section 8.1.2 `_. +// #. Syntax of HTTP/2 pseudo headers. +// #. HTTP/3 header map validity according to `RFC 9114 section 4.3 `_. +// #. Syntax of HTTP/3 pseudo headers. +// #. Syntax of Content-Length and Transfer-Encoding. +// #. Validation of HTTP/1 requests with both ``Content-Length`` and ``Transfer-Encoding`` headers. // #. Normalization of the URI path according to `Normalization and Comparison `_ -// without `case normalization `_ +// without `case normalization `_. +// +// This validator ensures that HTTP traffic processed by Envoy conforms to established +// standards and helps prevent issues caused by malformed headers or invalid HTTP syntax. // // [#comment:TODO(yanavlasov): Put #extension: envoy.http.header_validators.envoy_default after it is not hidden any more] // [#next-free-field: 6] message HeaderValidatorConfig { // Action to take when Envoy receives client request with header names containing underscore // characters. - // Underscore character is allowed in header names by the RFC-7230 and this behavior is implemented - // as a security measure due to systems that treat '_' and '-' as interchangeable. Envoy by default allows client request headers with underscore - // characters. + // + // Underscore character is allowed in header names by RFC-7230, and this behavior is implemented + // as a security measure due to systems that treat ``_`` and ``-`` as interchangeable. Envoy by + // default allows client request headers with underscore characters. + // + // This setting provides control over how to handle such headers for security and compatibility reasons. enum HeadersWithUnderscoresAction { // Allow headers with underscores. This is the default behavior. ALLOW = 0; @@ -51,102 +59,170 @@ message HeaderValidatorConfig { DROP_HEADER = 2; } + // Configuration options for URI path normalization and transformation. + // + // These options control how Envoy processes and normalizes incoming request URI paths + // to ensure consistent behavior and security. Path normalization helps prevent + // path traversal attacks and ensures that equivalent paths are handled consistently. message UriPathNormalizationOptions { // Determines the action for requests that contain ``%2F``, ``%2f``, ``%5C`` or ``%5c`` sequences in the URI path. // This operation occurs before URL normalization and the merge slashes transformations if they were enabled. + // + // Escaped slash sequences in URLs can be used for path confusion attacks, so proper handling + // is important for security. enum PathWithEscapedSlashesAction { // Default behavior specific to implementation (i.e. Envoy) of this configuration option. // Envoy, by default, takes the ``KEEP_UNCHANGED`` action. - // NOTE: the implementation may change the default behavior at-will. + // + // .. note:: + // + // The implementation may change the default behavior at-will. + // IMPLEMENTATION_SPECIFIC_DEFAULT = 0; - // Keep escaped slashes. + // Keep escaped slashes unchanged in the URI path. + // This preserves the original request path without any modifications to escaped sequences. KEEP_UNCHANGED = 1; // Reject client request with the 400 status. gRPC requests will be rejected with the ``INTERNAL`` (13) error code. - // The ``http#.downstream_rq_failed_path_normalization`` counter is incremented for each rejected request. + // The :ref:`httpN.downstream_rq_failed_path_normalization ` counter is incremented for each rejected request. + // + // This is the safest option when security is a primary concern, as it prevents any potential + // path confusion attacks by rejecting requests with escaped slashes entirely. REJECT_REQUEST = 2; // Unescape ``%2F`` and ``%5C`` sequences and redirect the request to the new path if these sequences were present. // The redirect occurs after path normalization and merge slashes transformations if they were configured. - // NOTE: gRPC requests will be rejected with the ``INTERNAL`` (13) error code. - // This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to - // traverse all parties: downstream client, intermediate proxies, Envoy and upstream server. - // The ``http#.downstream_rq_redirected_with_normalized_path`` counter is incremented for each + // + // .. note:: + // + // gRPC requests will be rejected with the ``INTERNAL`` (13) error code. + // This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to + // traverse all parties: downstream client, intermediate proxies, Envoy and upstream server. + // + // The :ref:`httpN.downstream_rq_redirected_with_normalized_path ` counter is incremented for each // redirected request. UNESCAPE_AND_REDIRECT = 3; // Unescape ``%2F`` and ``%5C`` sequences. - // Note: this option should not be enabled if intermediaries perform path based access control as - // it may lead to path confusion vulnerabilities. + // + // .. attention:: + // + // This option should not be enabled if intermediaries perform path based access control as + // it may lead to path confusion vulnerabilities. + // UNESCAPE_AND_FORWARD = 4; } // Should paths be normalized according to RFC 3986? + // // This operation overwrites the original request URI path and the new path is used for processing of // the request by HTTP filters and proxied to the upstream service. // Envoy will respond with 400 to requests with malformed paths that fail path normalization. // The default behavior is to normalize the path. + // // This value may be overridden by the runtime variable // :ref:`http_connection_manager.normalize_path`. // See `Normalization and Comparison `_ // for details of normalization. - // Note that Envoy does not perform - // `case normalization `_ - // URI path normalization can be applied to a portion of requests by setting the - // ``envoy_default_header_validator.path_normalization`` runtime value. + // + // .. note:: + // + // Envoy does not perform + // `case normalization `_. + // URI path normalization can be applied to a portion of requests by setting the + // ``envoy_default_header_validator.path_normalization`` runtime value. + // bool skip_path_normalization = 1; // Determines if adjacent slashes in the path are merged into one. + // // This operation overwrites the original request URI path and the new path is used for processing of // the request by HTTP filters and proxied to the upstream service. - // Setting this option to true will cause incoming requests with path ``//dir///file`` to not match against - // route with ``prefix`` match set to ``/dir``. Defaults to ``false``. Note that slash merging is not part of - // `HTTP spec `_ and is provided for convenience. - // Merging of slashes in URI path can be applied to a portion of requests by setting the - // ``envoy_default_header_validator.merge_slashes`` runtime value. + // Setting this option to ``true`` will cause incoming requests with path ``//dir///file`` to not match against + // route with ``prefix`` match set to ``/dir``. Defaults to ``false``. + // + // .. note:: + // + // Slash merging is not part of the + // `HTTP spec `_ and is provided for convenience. + // Merging of slashes in URI path can be applied to a portion of requests by setting the + // ``envoy_default_header_validator.merge_slashes`` runtime value. + // bool skip_merging_slashes = 2; // The action to take when request URL path contains escaped slash sequences (``%2F``, ``%2f``, ``%5C`` and ``%5c``). + // // This operation may overwrite the original request URI path and the new path is used for processing of // the request by HTTP filters and proxied to the upstream service. + // + // The handling of escaped slashes is important for security as these sequences can be used + // in path confusion attacks to bypass access controls. PathWithEscapedSlashesAction path_with_escaped_slashes_action = 3 [(validate.rules).enum = {defined_only: true}]; } + // HTTP/1 protocol specific options for header validation. + // + // These options control how Envoy handles HTTP/1 specific behaviors and edge cases + // that may not apply to HTTP/2 or HTTP/3 protocols. message Http1ProtocolOptions { // Allows Envoy to process HTTP/1 requests/responses with both ``Content-Length`` and ``Transfer-Encoding`` // headers set. By default such messages are rejected, but if option is enabled - Envoy will // remove the ``Content-Length`` header and process the message. + // // See `RFC7230, sec. 3.3.3 `_ for details. // // .. attention:: + // // Enabling this option might lead to request smuggling vulnerabilities, especially if traffic // is proxied via multiple layers of proxies. + // bool allow_chunked_length = 1; } + // HTTP/1 protocol specific options. + // These settings control HTTP/1 specific validation behaviors. Http1ProtocolOptions http1_protocol_options = 1; // The URI path normalization options. + // // By default Envoy normalizes URI path using the default values of the :ref:`UriPathNormalizationOptions // `. // URI path transformations specified by the ``uri_path_normalization_options`` configuration can be applied to a portion // of requests by setting the ``envoy_default_header_validator.uri_path_transformations`` runtime value. - // Caution: disabling path normalization may lead to path confusion vulnerabilities in access control or incorrect service - // selection. + // + // .. attention:: + // + // Disabling path normalization may lead to path confusion vulnerabilities in access control or incorrect service + // selection. + // UriPathNormalizationOptions uri_path_normalization_options = 2; - // Restrict HTTP methods to these defined in the `RFC 7231 section 4.1 `_ + // Restrict HTTP methods to these defined in the `RFC 7231 section 4.1 `_. + // // Envoy will respond with 400 to requests with disallowed methods. // By default methods with arbitrary names are accepted. + // + // This setting helps enforce HTTP compliance and can prevent attacks that rely on + // non-standard HTTP methods. bool restrict_http_methods = 3; // Action to take when a client request with a header name containing underscore characters is received. - // If this setting is not specified, the value defaults to ALLOW. + // + // If this setting is not specified, the value defaults to ``ALLOW``. + // + // This setting provides security control over headers with underscores, which can be a source + // of security issues when different systems interpret underscores and hyphens differently. HeadersWithUnderscoresAction headers_with_underscores_action = 4; // Allow requests with fragment in URL path and strip the fragment before request processing. - // By default Envoy rejects requests with fragment in URL path. + // + // By default Envoy rejects requests with fragment in URL path. When this option is enabled, + // the fragment portion (everything after ``#``) will be removed from the path before + // further processing. + // + // Fragments are typically used by client-side applications and should not normally + // be sent to the server, so stripping them can help normalize requests. bool strip_fragment_from_path = 5; } diff --git a/api/src/main/proto/envoy/extensions/http/injected_credentials/generic/v3/generic.proto b/api/src/main/proto/envoy/extensions/http/injected_credentials/generic/v3/generic.proto index f81a146f6..7b8a17816 100644 --- a/api/src/main/proto/envoy/extensions/http/injected_credentials/generic/v3/generic.proto +++ b/api/src/main/proto/envoy/extensions/http/injected_credentials/generic/v3/generic.proto @@ -4,8 +4,6 @@ package envoy.extensions.http.injected_credentials.generic.v3; import "envoy/extensions/transport_sockets/tls/v3/secret.proto"; -import "xds/annotations/v3/status.proto"; - import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -14,7 +12,6 @@ option java_outer_classname = "GenericProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/http/injected_credentials/generic/v3;genericv3"; option (udpa.annotations.file_status).package_version_status = ACTIVE; -option (xds.annotations.v3.file_status).work_in_progress = true; // [#protodoc-title: Generic Credential] // [#extension: envoy.http.injected_credentials.generic] diff --git a/api/src/main/proto/envoy/extensions/http/stateful_session/envelope/v3/envelope.proto b/api/src/main/proto/envoy/extensions/http/stateful_session/envelope/v3/envelope.proto new file mode 100644 index 000000000..79d089e1a --- /dev/null +++ b/api/src/main/proto/envoy/extensions/http/stateful_session/envelope/v3/envelope.proto @@ -0,0 +1,52 @@ +syntax = "proto3"; + +package envoy.extensions.http.stateful_session.envelope.v3; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.http.stateful_session.envelope.v3"; +option java_outer_classname = "EnvelopeProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/http/stateful_session/envelope/v3;envelopev3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Envelope stateful session extension] + +// The extension allows the session state is tracked via existing session context that initialized +// by the upstream server. It assumes that the upstream server will generate the session context +// (like session id header or cookie) in the initial response of the session and the client will use +// the same session context in the subsequent requests without any modification. +// +// When processing the response from the upstream, Envoy will check if the response contains the +// session context. If the response contains the session context, no matter if it's a new session +// context or an existing one, Envoy will join it and the upstream host as new session context. +// +// When processing the request from the downstream, Envoy will check if the request contains the +// session context. If the request contains the session context, Envoy will strip the +// upstream host from the session context. +// +// [#extension: envoy.http.stateful_session.envelope] +message EnvelopeSessionState { + message Header { + // Iff the header specified by the ``name`` field is present in the response (assume the ``name`` + // is set to ``session-header`` and original header value is ``xxxxxx``), then the upstream host + // address and value of ``name`` field specified header will be encoded in following format and + // the output will be used to update the ``name`` field specified header in the response: + // + // .. code-block:: none + // + // session-header: "MS4yLjMuNDo4MAo=;UV:eHh4eHh4Cg==" # base64(1.2.3.4:80);UV:base64(xxxxxx) + // + // The ``UV`` (upstream value) part is used to store the original upstream header value of + // ``name`` field specified header. + // + // If this mode is used then Envoy will assume that the header in the request will also be in the + // same format and will contain the ``UV`` part. This extension will parse the upstream host + // address and update the ``name`` field specified header in the request to the ``UV`` part. + string name = 1 [(validate.rules).string = {min_len: 1}]; + } + + // Set the header config to track the session state. + Header header = 1 [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto b/api/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto index 9520f6dbd..f913cb6a2 100644 --- a/api/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto +++ b/api/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto @@ -32,6 +32,13 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // weights using eps and qps. The weight of a given endpoint is computed as: // ``qps / (utilization + eps/qps * error_utilization_penalty)``. // +// Note that Envoy will forward the ORCA response headers/trailers from the upstream +// cluster to the downstream client. This means that if the downstream client is also +// configured to use ``client_side_weighted_round_robin`` it will load balance against +// Envoy based on upstream weights. This can happen when Envoy is used as a reverse proxy. +// To avoid this issue you can configure the :ref:`header_mutation filter ` to remove +// the ORCA payload from the response headers/trailers. +// // See the :ref:`load balancing architecture // overview` for more information. // diff --git a/api/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto b/api/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto index 7addeb707..3efea2477 100644 --- a/api/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto +++ b/api/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto @@ -3,11 +3,13 @@ syntax = "proto3"; package envoy.extensions.load_balancing_policies.common.v3; import "envoy/config/core/v3/base.proto"; +import "envoy/config/route/v3/route_components.proto"; import "envoy/type/v3/percent.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -22,7 +24,25 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; message LocalityLbConfig { // Configuration for :ref:`zone aware routing // `. + // [#next-free-field: 6] message ZoneAwareLbConfig { + // Configures Envoy to always route requests to the local zone regardless of the + // upstream zone structure. In Envoy's default configuration, traffic is distributed proportionally + // across all upstream hosts while trying to maximize local routing when possible. The approach + // with force_local_zone aims to be more predictable and if there are upstream hosts in the local + // zone, they will receive all traffic. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + message ForceLocalZone { + // Configures the minimum number of upstream hosts in the local zone required when force_local_zone + // is enabled. If the number of upstream hosts in the local zone is less than the specified value, + // Envoy will fall back to the default proportional-based distribution across localities. + // If not specified, the default is 1. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + google.protobuf.UInt32Value min_size = 1; + } + // Configures percentage of requests that will be considered for zone aware routing // if zone aware routing is configured. If not specified, the default is 100%. // * :ref:`runtime values `. @@ -43,7 +63,10 @@ message LocalityLbConfig { bool fail_traffic_on_panic = 3; // If set to true, Envoy will force LocalityDirect routing if a local locality exists. - bool force_locality_direct_routing = 4; + bool force_locality_direct_routing = 4 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + ForceLocalZone force_local_zone = 5; } // Configuration for :ref:`locality weighted load balancing @@ -114,4 +137,10 @@ message ConsistentHashingLbConfig { // This is an O(N) algorithm, unlike other load balancers. Using a lower ``hash_balance_factor`` results in more hosts // being probed, so use a higher value if you require better performance. google.protobuf.UInt32Value hash_balance_factor = 2 [(validate.rules).uint32 = {gte: 100}]; + + // Specifies a list of hash policies to use for ring hash load balancing. If ``hash_policy`` is + // set, then + // :ref:`route level hash policy ` + // will be ignored. + repeated config.route.v3.RouteAction.HashPolicy hash_policy = 3; } diff --git a/api/src/main/proto/envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto b/api/src/main/proto/envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto new file mode 100644 index 000000000..14f541e74 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto @@ -0,0 +1,79 @@ +syntax = "proto3"; + +package envoy.extensions.load_balancing_policies.override_host.v3; + +import "envoy/config/cluster/v3/cluster.proto"; +import "envoy/type/metadata/v3/metadata.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.load_balancing_policies.override_host.v3"; +option java_outer_classname = "OverrideHostProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/override_host/v3;override_hostv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Override Host Load Balancing Policy] +// [#extension: envoy.load_balancing_policies.override_host] + +// Configuration for the Override Host Load Balancing policy. +// +// This policy allows endpoint picking to be implemented in downstream HTTP filters. For example an ext_proc RPC to a service +// that implements k8s proposal for AI gateway inferences extensions +// https://github.com/kubernetes-sigs/gateway-api-inference-extension/tree/main/docs/proposals/004-endpoint-picker-protocol +// can provide hosts for serving a request using Override Host load balancing policy. +// +// This policy extracts selected override hosts from a list of ``OverrideHostSource`` (request headers, metadata, etc.). +// +// The override host source must specify at least one host in ``IP:Port`` format or multiple hosts in ``IP:Port,IP:Port,...`` +// format. For example ``10.0.0.5:8080`` or ``[2600:4040:5204::1574:24ae]:80``. The IPv6 address is enclosed in square brackets. +// +// For specific example, to support k8s gateway inference extensions, which uses the ``x-gateway-destination-endpoint`` +// header or metadata value under the "envoy.lb" key for selected hosts, the Override Host load balancing policy should be +// configured in the following way: +// +// .. code-block:: yaml +// +// override_host_sources: +// - header: "x-gateway-destination-endpoint" +// - metadata: +// key: "envoy.lb" +// path: +// - key: "x-gateway-destination-endpoint" +// +// If no valid host in the override host list, then the specified fallback load balancing policy is used. This allows load +// balancing to degrade to a a built in policy (i.e. Round Robin) in case external endpoint picker fails. +// +// See the :ref:`load balancing architecture +// overview` for more information. +// +message OverrideHost { + message OverrideHostSource { + // The header to get the override host addresses. + // + // Only one of the header or metadata field could be set. + string header = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // The metadata key to get the override host addresses from the request dynamic metadata. If + // set this field then it will take precedence over the header field. + // + // Only one of the header or metadata field could be set. + type.metadata.v3.MetadataKey metadata = 2; + } + + // A list of sources to get host addresses from. The host sources are searched in the order + // specified. The request is forwarded to the first address and subsequent addresses are used + // for request retries or hedging. + // Note that if an overridden host address is not present in the current endpoint set, it is + // skipped and the next found address is used. If there are not enough overridden addresses to + // satisfy all retry attempts the fallback load balancing policy is used to pick a host. + repeated OverrideHostSource override_host_sources = 1 + [(validate.rules).repeated = {min_items: 1}]; + + // The child LB policy to use in case neither header nor metadata with selected + // hosts is present. + config.cluster.v3.LoadBalancingPolicy fallback_policy = 3 + [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/network/dns_resolver/cares/v3/cares_dns_resolver.proto b/api/src/main/proto/envoy/extensions/network/dns_resolver/cares/v3/cares_dns_resolver.proto index 2bc000e8d..b36a3a0d0 100644 --- a/api/src/main/proto/envoy/extensions/network/dns_resolver/cares/v3/cares_dns_resolver.proto +++ b/api/src/main/proto/envoy/extensions/network/dns_resolver/cares/v3/cares_dns_resolver.proto @@ -22,16 +22,16 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration for c-ares DNS resolver. // [#next-free-field: 9] message CaresDnsResolverConfig { - // A list of dns resolver addresses. - // :ref:`use_resolvers_as_fallback` + // A list of DNS resolver addresses. + // :ref:`use_resolvers_as_fallback ` // below dictates if the DNS client should override system defaults or only use the provided // resolvers if the system defaults are not available, i.e., as a fallback. repeated config.core.v3.Address resolvers = 1; // If true use the resolvers listed in the - // :ref:`resolvers` + // :ref:`resolvers ` // field only if c-ares is unable to obtain a - // nameserver from the system (e.g., /etc/resolv.conf). + // nameserver from the system (e.g., ``/etc/resolv.conf``). // Otherwise, the resolvers listed in the resolvers list will override the default system // resolvers. Defaults to false. bool use_resolvers_as_fallback = 3; @@ -45,27 +45,36 @@ message CaresDnsResolverConfig { // Configuration of DNS resolver option flags which control the behavior of the DNS resolver. config.core.v3.DnsResolverOptions dns_resolver_options = 2; - // This option allows for number of UDP based DNS queries to be capped. Note, this - // is only applicable to c-ares DNS resolver currently. + // This option allows the number of UDP based DNS queries to be capped. + // + // .. note:: + // This is only applicable to c-ares DNS resolver currently. + // google.protobuf.UInt32Value udp_max_queries = 5; // The number of seconds each name server is given to respond to a query on the first try of any given server. // - // Note: While the c-ares library defaults to 2 seconds, Envoy's default (if this field is unset) is 5 seconds. - // This adjustment was made to maintain the previous behavior after users reported an increase in DNS resolution times. + // .. note:: + // While the c-ares library defaults to 2 seconds, Envoy's default (if this field is unset) is 5 seconds. + // This adjustment was made to maintain the previous behavior after users reported an increase in DNS resolution times. + // google.protobuf.UInt64Value query_timeout_seconds = 6 [(validate.rules).uint64 = {gte: 1}]; // The maximum number of query attempts the resolver will make before giving up. // Each attempt may use a different name server. // - // Note: While the c-ares library defaults to 3 attempts, Envoy's default (if this field is unset) is 4 attempts. - // This adjustment was made to maintain the previous behavior after users reported an increase in DNS resolution times. + // .. note:: + // While the c-ares library defaults to 3 attempts, Envoy's default (if this field is unset) is 4 attempts. + // This adjustment was made to maintain the previous behavior after users reported an increase in DNS resolution times. + // google.protobuf.UInt32Value query_tries = 7 [(validate.rules).uint32 = {gte: 1}]; // Enable round-robin selection of name servers for DNS resolution. When enabled, the resolver will cycle through the // list of name servers for each resolution request. This can help distribute the query load across multiple name // servers. If disabled (default), the resolver will try name servers in the order they are configured. // - // Note: This setting overrides any system configuration for name server rotation. + // .. note:: + // This setting overrides any system configuration for name server rotation. + // bool rotate_nameservers = 8; } diff --git a/api/src/main/proto/envoy/extensions/network/dns_resolver/getaddrinfo/v3/getaddrinfo_dns_resolver.proto b/api/src/main/proto/envoy/extensions/network/dns_resolver/getaddrinfo/v3/getaddrinfo_dns_resolver.proto index 522888a4c..15d0c6d50 100644 --- a/api/src/main/proto/envoy/extensions/network/dns_resolver/getaddrinfo/v3/getaddrinfo_dns_resolver.proto +++ b/api/src/main/proto/envoy/extensions/network/dns_resolver/getaddrinfo/v3/getaddrinfo_dns_resolver.proto @@ -20,16 +20,13 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // // .. attention:: // -// This resolver uses a single background thread to do resolutions. As such, it is not currently -// advised for use in situations requiring a high resolution rate. A thread pool can be added -// in the future if needed. -// -// .. attention:: -// // Resolutions currently use a hard coded TTL of 60s because the getaddrinfo() API does not // provide the actual TTL. Configuration for this can be added in the future if needed. message GetAddrInfoDnsResolverConfig { // Specifies the number of retries before the resolver gives up. If not specified, the resolver will // retry indefinitely until it succeeds or the DNS query times out. google.protobuf.UInt32Value num_retries = 1; + + // Specifies the number of threads used to resolve pending DNS queries. If not specified, one thread is used. + google.protobuf.UInt32Value num_resolver_threads = 2; } diff --git a/api/src/main/proto/envoy/extensions/quic/server_preferred_address/v3/fixed_server_preferred_address_config.proto b/api/src/main/proto/envoy/extensions/quic/server_preferred_address/v3/fixed_server_preferred_address_config.proto index 43072fd50..35326c1dc 100644 --- a/api/src/main/proto/envoy/extensions/quic/server_preferred_address/v3/fixed_server_preferred_address_config.proto +++ b/api/src/main/proto/envoy/extensions/quic/server_preferred_address/v3/fixed_server_preferred_address_config.proto @@ -21,19 +21,24 @@ message FixedServerPreferredAddressConfig { message AddressFamilyConfig { // The server preferred address sent to clients. // - // Note: Envoy currently must receive all packets for a QUIC connection on the same port, so unless - // :ref:`dnat_address ` - // is configured, the port for this address must be zero, and the listener's - // port will be used instead. + // .. note:: + // + // Envoy currently requires all packets for a QUIC connection to arrive on the same port. Therefore, unless a + // :ref:`dnat_address ` + // is explicitly configured, the port specified here must be set to zero. In such cases, Envoy will automatically + // use the listener's port. + // config.core.v3.SocketAddress address = 1; - // If there is a DNAT between the client and Envoy, the address that Envoy will observe - // server preferred address packets being sent to. If this is not specified, it is assumed - // there is no DNAT and the server preferred address packets will be sent to the address advertised - // to clients for server preferred address. + // If a DNAT exists between the client and Envoy, this is the address where Envoy will observe incoming server + // preferred address packets. If unspecified, Envoy assumes there is no DNAT, and packets will be sent directly + // to the address advertised to clients as the server preferred address. + // + // .. note:: + // + // Envoy currently requires all packets for a QUIC connection to arrive on the same port. Consequently, the + // port for this address must be set to zero, with Envoy defaulting to the listener's port instead. // - // Note: Envoy currently must receive all packets for a QUIC connection on the same port, so the - // port for this address must be zero, and the listener's port will be used instead. config.core.v3.SocketAddress dnat_address = 2; } diff --git a/api/src/main/proto/envoy/extensions/resource_monitors/cgroup_memory/v3/cgroup_memory.proto b/api/src/main/proto/envoy/extensions/resource_monitors/cgroup_memory/v3/cgroup_memory.proto new file mode 100644 index 000000000..45751be1d --- /dev/null +++ b/api/src/main/proto/envoy/extensions/resource_monitors/cgroup_memory/v3/cgroup_memory.proto @@ -0,0 +1,22 @@ +syntax = "proto3"; + +package envoy.extensions.resource_monitors.cgroup_memory.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.resource_monitors.cgroup_memory.v3"; +option java_outer_classname = "CgroupMemoryProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/cgroup_memory/v3;cgroup_memoryv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Cgroup Memory] +// [#extension: envoy.resource_monitors.cgroup_memory] + +message CgroupMemoryConfig { + // Optional max memory limit in bytes used for memory pressure calculations. + // If set, this value is used as an upper bound on the memory limit, taking the minimum + // between this value and the system's cgroup memory limit. If not set, the system's + // cgroup memory limit is always used. + uint64 max_memory_bytes = 1; +} diff --git a/api/src/main/proto/envoy/extensions/router/cluster_specifiers/matcher/v3/matcher.proto b/api/src/main/proto/envoy/extensions/router/cluster_specifiers/matcher/v3/matcher.proto new file mode 100644 index 000000000..87851b1d1 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/router/cluster_specifiers/matcher/v3/matcher.proto @@ -0,0 +1,75 @@ +syntax = "proto3"; + +package envoy.extensions.router.cluster_specifiers.matcher.v3; + +import "xds/type/matcher/v3/matcher.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.router.cluster_specifiers.matcher.v3"; +option java_outer_classname = "MatcherProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/router/cluster_specifiers/matcher/v3;matcherv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Matcher Based Cluster Specifier] +// [#extension: envoy.router.cluster_specifier_plugin.matcher] + +message ClusterAction { + // Indicates the upstream cluster to which the request should be routed + // to. + string cluster = 1 [(validate.rules).string = {min_len: 1}]; +} + +message MatcherClusterSpecifier { + // The matcher for cluster selection after the route has been selected. This is used when the + // route has multiple clusters (like multiple clusters for different users) and the matcher + // is used to select the cluster to use for the request. + // + // The match tree to use for grouping incoming requests into buckets. + // + // Example: + // + // .. validated-code-block:: yaml + // :type-name: xds.type.matcher.v3.Matcher + // + // matcher_list: + // matchers: + // - predicate: + // single_predicate: + // input: + // typed_config: + // '@type': type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput + // header_name: env + // value_match: + // exact: staging + // on_match: + // action: + // typed_config: + // '@type': type.googleapis.com/envoy.extensions.router.cluster_specifiers.matcher.v3.ClusterAction + // cluster: "staging-cluster" + // + // - predicate: + // single_predicate: + // input: + // typed_config: + // '@type': type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput + // header_name: env + // value_match: + // exact: prod + // on_match: + // action: + // typed_config: + // '@type': type.googleapis.com/envoy.extensions.router.cluster_specifiers.matcher.v3.ClusterAction + // cluster: "prod-cluster" + // + // # Catch-all with a default cluster. + // on_no_match: + // action: + // typed_config: + // '@type': type.googleapis.com/envoy.extensions.router.cluster_specifiers.matcher.v3.ClusterAction + // cluster: "default-cluster" + // + xds.type.matcher.v3.Matcher cluster_matcher = 1 [(validate.rules).message = {required: true}]; +} diff --git a/api/src/main/proto/envoy/extensions/tracers/opentelemetry/samplers/v3/parent_based_sampler.proto b/api/src/main/proto/envoy/extensions/tracers/opentelemetry/samplers/v3/parent_based_sampler.proto new file mode 100644 index 000000000..d5b5d1a12 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/tracers/opentelemetry/samplers/v3/parent_based_sampler.proto @@ -0,0 +1,31 @@ +syntax = "proto3"; + +package envoy.extensions.tracers.opentelemetry.samplers.v3; + +import "envoy/config/core/v3/extension.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.tracers.opentelemetry.samplers.v3"; +option java_outer_classname = "ParentBasedSamplerProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/opentelemetry/samplers/v3;samplersv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Parent Based Sampler config] +// Configuration for the "ParentBased" Sampler extension. +// The sampler follows the "ParentBased" implementation from the OpenTelemetry +// SDK specification. +// +// See: +// `ParentBased sampler specification `_ +// [#extension: envoy.tracers.opentelemetry.samplers.parent_based] + +message ParentBasedSamplerConfig { + // Specifies the sampler to be used by this sampler. + // The configured sampler will be used if the parent trace ID is not passed to Envoy + // + // required + // [#extension-category: envoy.tracers.opentelemetry.samplers] + config.core.v3.TypedExtensionConfig wrapped_sampler = 1; +} diff --git a/api/src/main/proto/envoy/extensions/tracers/opentelemetry/samplers/v3/trace_id_ratio_based_sampler.proto b/api/src/main/proto/envoy/extensions/tracers/opentelemetry/samplers/v3/trace_id_ratio_based_sampler.proto new file mode 100644 index 000000000..0a97da627 --- /dev/null +++ b/api/src/main/proto/envoy/extensions/tracers/opentelemetry/samplers/v3/trace_id_ratio_based_sampler.proto @@ -0,0 +1,30 @@ +syntax = "proto3"; + +package envoy.extensions.tracers.opentelemetry.samplers.v3; + +import "envoy/type/v3/percent.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.tracers.opentelemetry.samplers.v3"; +option java_outer_classname = "TraceIdRatioBasedSamplerProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/opentelemetry/samplers/v3;samplersv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Trace Id Ratio Based Sampler config] +// Configuration for the "TraceIdRatioBased" Sampler extension. +// The sampler follows the "TraceIdRatioBased" implementation from the OpenTelemetry +// SDK specification. +// +// See: +// `TraceIdRatioBased sampler specification `_ +// [#extension: envoy.tracers.opentelemetry.samplers.trace_id_ratio_based] + +message TraceIdRatioBasedSamplerConfig { + // If the given trace_id falls into a given percentage of all possible + // trace_id values, ShouldSample will return RECORD_AND_SAMPLE. + // required + // [#extension-category: envoy.tracers.opentelemetry.samplers] + type.v3.FractionalPercent sampling_percentage = 1; +} diff --git a/api/src/main/proto/envoy/extensions/transport_sockets/tap/v3/tap.proto b/api/src/main/proto/envoy/extensions/transport_sockets/tap/v3/tap.proto index aaede4a2a..972bd4457 100644 --- a/api/src/main/proto/envoy/extensions/transport_sockets/tap/v3/tap.proto +++ b/api/src/main/proto/envoy/extensions/transport_sockets/tap/v3/tap.proto @@ -40,4 +40,7 @@ message SocketTapConfig { // Indicates to whether output the connection information per event // This is only applicable if the streamed trace is enabled bool set_connection_per_event = 1; + + // The contents of the transport tap's statistics prefix. + string stats_prefix = 2; } diff --git a/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto b/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto index 6ad19ee03..e8fea6725 100644 --- a/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto +++ b/api/src/main/proto/envoy/extensions/wasm/v3/wasm.proto @@ -6,6 +6,7 @@ import "envoy/config/core/v3/backoff.proto"; import "envoy/config/core/v3/base.proto"; import "google/protobuf/any.proto"; +import "google/protobuf/wrappers.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; @@ -19,12 +20,12 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Wasm] // [#extension: envoy.bootstrap.wasm] -// If there is a fatal error on the VM (e.g. exception, abort()), then the policy will be applied. +// If there is a fatal error on the VM (e.g. exception, ``abort()``), then the policy will be applied. enum FailurePolicy { // No policy is specified. The default policy will be used. The default policy is ``FAIL_CLOSED``. UNSPECIFIED = 0; - // New plugin instance will be created for the new request if the VM is failed. Note this only + // New plugin instance will be created for the new request if the VM is failed. Note this will only // be applied to the following failures: // // * ``proxy_wasm::FailState::RuntimeError`` @@ -64,7 +65,8 @@ message CapabilityRestrictionConfig { // Configuration for sanitization of inputs to an allowed capability. // -// NOTE: This is currently unimplemented. +// .. note:: +// This is currently unimplemented. message SanitizationConfig { } @@ -109,14 +111,16 @@ message VmConfig { config.core.v3.AsyncDataSource code = 3; // The Wasm configuration used in initialization of a new VM - // (proxy_on_start). ``google.protobuf.Struct`` is serialized as JSON before + // (``proxy_on_start``). ``google.protobuf.Struct`` is serialized as JSON before // passing it to the plugin. ``google.protobuf.BytesValue`` and // ``google.protobuf.StringValue`` are passed directly without the wrapper. google.protobuf.Any configuration = 4; // Allow the wasm file to include pre-compiled code on VMs which support it. - // Warning: this should only be enable for trusted sources as the precompiled code is not - // verified. + // + // .. warning:: + // This should only be enabled for trusted sources as the precompiled code is not + // verified. bool allow_precompiled = 5; // If true and the code needs to be remotely fetched and it is not in the cache then NACK the configuration @@ -129,7 +133,9 @@ message VmConfig { // are generally called implicitly by your language's standard library. Therefore, you do not // need to call them directly. You can access environment variables in the same way you would // on native platforms. - // Warning: Envoy rejects the configuration if there's conflict of key space. + // + // .. warning:: + // Envoy rejects the configuration if there's conflict of key space. EnvironmentVariables environment_variables = 7; } @@ -143,7 +149,7 @@ message EnvironmentVariables { } // Base Configuration for Wasm Plugins e.g. filters and services. -// [#next-free-field: 9] +// [#next-free-field: 10] message PluginConfig { // A unique name for a filters/services in a VM for use in identifying the filter/service if // multiple filters/services are handled by the same ``vm_id`` and ``root_id`` and for @@ -168,11 +174,14 @@ message PluginConfig { // ``google.protobuf.StringValue`` are passed directly without the wrapper. google.protobuf.Any configuration = 4; - // If there is a fatal error on the VM (e.g. exception, abort(), on_start or on_configure return false), + // If there is a fatal error on the VM (e.g. exception, ``abort()``, ``on_start`` or ``on_configure`` return false), // then all plugins associated with the VM will either fail closed (by default), e.g. by returning an HTTP 503 error, - // or fail open (if 'fail_open' is set to true) by bypassing the filter. Note: when on_start or on_configure return false - // during xDS updates the xDS configuration will be rejected and when on_start or on_configuration return false on initial - // startup the proxy will not start. + // or fail open (if 'fail_open' is set to true) by bypassing the filter. + // + // .. note:: + // When ``on_start`` or ``on_configure`` return ``false`` during xDS updates the xDS configuration will be rejected and when ``on_start`` or ``on_configure`` return ``false`` on + // initial startup the proxy will not start. + // // This field is deprecated in favor of the ``failure_policy`` field. bool fail_open = 5 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; @@ -184,6 +193,10 @@ message PluginConfig { // Configuration for restricting Proxy-Wasm capabilities available to modules. CapabilityRestrictionConfig capability_restriction_config = 6; + + // Whether or not to allow plugin onRequestHeaders and onResponseHeaders callbacks to return + // FilterHeadersStatus::StopIteration. + google.protobuf.BoolValue allow_on_headers_stop_iteration = 9; } // WasmService is configured as a built-in ``envoy.wasm_service`` :ref:`WasmService diff --git a/api/src/main/proto/envoy/service/discovery/v3/discovery.proto b/api/src/main/proto/envoy/service/discovery/v3/discovery.proto index 6f3b12356..e1ce827a4 100644 --- a/api/src/main/proto/envoy/service/discovery/v3/discovery.proto +++ b/api/src/main/proto/envoy/service/discovery/v3/discovery.proto @@ -58,12 +58,12 @@ message ResourceError { message DiscoveryRequest { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DiscoveryRequest"; - // The version_info provided in the request messages will be the version_info + // The ``version_info`` provided in the request messages will be the ``version_info`` // received with the most recent successfully processed response or empty on // the first request. It is expected that no new request is sent after a // response is received until the Envoy instance is ready to ACK/NACK the new // configuration. ACK/NACK takes place by returning the new API config version - // as applied or the previous API config version respectively. Each type_url + // as applied or the previous API config version respectively. Each ``type_url`` // (see below) has an independent version associated with it. string version_info = 1; @@ -72,10 +72,10 @@ message DiscoveryRequest { // List of resources to subscribe to, e.g. list of cluster names or a route // configuration name. If this is empty, all resources for the API are - // returned. LDS/CDS may have empty resource_names, which will cause all + // returned. LDS/CDS may have empty ``resource_names``, which will cause all // resources for the Envoy instance to be returned. The LDS and CDS responses // will then imply a number of resources that need to be fetched via EDS/RDS, - // which will be explicitly enumerated in resource_names. + // which will be explicitly enumerated in ``resource_names``. repeated string resource_names = 3; // [#not-implemented-hide:] @@ -83,21 +83,27 @@ message DiscoveryRequest { // parameters along with each resource name. Clients that populate this // field must be able to handle responses from the server where resources // are wrapped in a Resource message. - // Note that it is legal for a request to have some resources listed - // in ``resource_names`` and others in ``resource_locators``. + // + // .. note:: + // It is legal for a request to have some resources listed + // in ``resource_names`` and others in ``resource_locators``. + // repeated ResourceLocator resource_locators = 7; // Type of the resource that is being requested, e.g. - // "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment". This is implicit + // ``type.googleapis.com/envoy.api.v2.ClusterLoadAssignment``. This is implicit // in requests made via singleton xDS APIs such as CDS, LDS, etc. but is // required for ADS. string type_url = 4; - // nonce corresponding to DiscoveryResponse being ACK/NACKed. See above - // discussion on version_info and the DiscoveryResponse nonce comment. This - // may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, - // or 2) the client has not yet accepted an update in this xDS stream (unlike - // delta, where it is populated only for new explicit ACKs). + // nonce corresponding to ``DiscoveryResponse`` being ACK/NACKed. See above + // discussion on ``version_info`` and the ``DiscoveryResponse`` nonce comment. This + // may be empty only if: + // + // * This is a non-persistent-stream xDS such as HTTP, or + // * The client has not yet accepted an update in this xDS stream (unlike + // delta, where it is populated only for new explicit ACKs). + // string response_nonce = 5; // This is populated when the previous :ref:`DiscoveryResponse ` @@ -120,30 +126,34 @@ message DiscoveryResponse { // [#not-implemented-hide:] // Canary is used to support two Envoy command line flags: // - // * --terminate-on-canary-transition-failure. When set, Envoy is able to + // * ``--terminate-on-canary-transition-failure``. When set, Envoy is able to // terminate if it detects that configuration is stuck at canary. Consider // this example sequence of updates: - // - Management server applies a canary config successfully. - // - Management server rolls back to a production config. - // - Envoy rejects the new production config. + // + // * Management server applies a canary config successfully. + // * Management server rolls back to a production config. + // * Envoy rejects the new production config. + // // Since there is no sensible way to continue receiving configuration // updates, Envoy will then terminate and apply production config from a // clean slate. - // * --dry-run-canary. When set, a canary response will never be applied, only + // + // * ``--dry-run-canary``. When set, a canary response will never be applied, only // validated via a dry run. + // bool canary = 3; // Type URL for resources. Identifies the xDS API when muxing over ADS. - // Must be consistent with the type_url in the 'resources' repeated Any (if non-empty). + // Must be consistent with the ``type_url`` in the 'resources' repeated Any (if non-empty). string type_url = 4; // For gRPC based subscriptions, the nonce provides a way to explicitly ack a - // specific DiscoveryResponse in a following DiscoveryRequest. Additional + // specific ``DiscoveryResponse`` in a following ``DiscoveryRequest``. Additional // messages may have been sent by Envoy to the management server for the - // previous version on the stream prior to this DiscoveryResponse, that were + // previous version on the stream prior to this ``DiscoveryResponse``, that were // unprocessed at response send time. The nonce allows the management server - // to ignore any further DiscoveryRequests for the previous version until a - // DiscoveryRequest bearing the nonce. The nonce is optional and is not + // to ignore any further ``DiscoveryRequests`` for the previous version until a + // ``DiscoveryRequest`` bearing the nonce. The nonce is optional and is not // required for non-stream based xDS implementations. string nonce = 5; @@ -171,25 +181,28 @@ message DiscoveryResponse { // connected to it. // // In Delta xDS the nonce field is required and used to pair -// DeltaDiscoveryResponse to a DeltaDiscoveryRequest ACK or NACK. -// Optionally, a response message level system_version_info is present for +// ``DeltaDiscoveryResponse`` to a ``DeltaDiscoveryRequest`` ACK or NACK. +// Optionally, a response message level ``system_version_info`` is present for // debugging purposes only. // -// DeltaDiscoveryRequest plays two independent roles. Any DeltaDiscoveryRequest -// can be either or both of: [1] informing the server of what resources the -// client has gained/lost interest in (using resource_names_subscribe and -// resource_names_unsubscribe), or [2] (N)ACKing an earlier resource update from -// the server (using response_nonce, with presence of error_detail making it a NACK). -// Additionally, the first message (for a given type_url) of a reconnected gRPC stream +// ``DeltaDiscoveryRequest`` plays two independent roles. Any ``DeltaDiscoveryRequest`` +// can be either or both of: +// +// * Informing the server of what resources the client has gained/lost interest in +// (using ``resource_names_subscribe`` and ``resource_names_unsubscribe``), or +// * (N)ACKing an earlier resource update from the server (using ``response_nonce``, +// with presence of ``error_detail`` making it a NACK). +// +// Additionally, the first message (for a given ``type_url``) of a reconnected gRPC stream // has a third role: informing the server of the resources (and their versions) -// that the client already possesses, using the initial_resource_versions field. +// that the client already possesses, using the ``initial_resource_versions`` field. // // As with state-of-the-world, when multiple resource types are multiplexed (ADS), -// all requests/acknowledgments/updates are logically walled off by type_url: +// all requests/acknowledgments/updates are logically walled off by ``type_url``: // a Cluster ACK exists in a completely separate world from a prior Route NACK. -// In particular, initial_resource_versions being sent at the "start" of every -// gRPC stream actually entails a message for each type_url, each with its own -// initial_resource_versions. +// In particular, ``initial_resource_versions`` being sent at the "start" of every +// gRPC stream actually entails a message for each ``type_url``, each with its own +// ``initial_resource_versions``. // [#next-free-field: 10] message DeltaDiscoveryRequest { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DeltaDiscoveryRequest"; @@ -205,23 +218,24 @@ message DeltaDiscoveryRequest { // DeltaDiscoveryRequests allow the client to add or remove individual // resources to the set of tracked resources in the context of a stream. - // All resource names in the resource_names_subscribe list are added to the - // set of tracked resources and all resource names in the resource_names_unsubscribe + // All resource names in the ``resource_names_subscribe`` list are added to the + // set of tracked resources and all resource names in the ``resource_names_unsubscribe`` // list are removed from the set of tracked resources. // - // *Unlike* state-of-the-world xDS, an empty resource_names_subscribe or - // resource_names_unsubscribe list simply means that no resources are to be + // *Unlike* state-of-the-world xDS, an empty ``resource_names_subscribe`` or + // ``resource_names_unsubscribe`` list simply means that no resources are to be // added or removed to the resource list. // *Like* state-of-the-world xDS, the server must send updates for all tracked // resources, but can also send updates for resources the client has not subscribed to. // - // NOTE: the server must respond with all resources listed in resource_names_subscribe, - // even if it believes the client has the most recent version of them. The reason: - // the client may have dropped them, but then regained interest before it had a chance - // to send the unsubscribe message. See DeltaSubscriptionStateTest.RemoveThenAdd. + // .. note:: + // The server must respond with all resources listed in ``resource_names_subscribe``, + // even if it believes the client has the most recent version of them. The reason: + // the client may have dropped them, but then regained interest before it had a chance + // to send the unsubscribe message. See DeltaSubscriptionStateTest.RemoveThenAdd. // - // These two fields can be set in any DeltaDiscoveryRequest, including ACKs - // and initial_resource_versions. + // These two fields can be set in any ``DeltaDiscoveryRequest``, including ACKs + // and ``initial_resource_versions``. // // A list of Resource names to add to the list of tracked resources. repeated string resource_names_subscribe = 3; @@ -232,31 +246,40 @@ message DeltaDiscoveryRequest { // [#not-implemented-hide:] // Alternative to ``resource_names_subscribe`` field that allows specifying dynamic parameters // along with each resource name. - // Note that it is legal for a request to have some resources listed - // in ``resource_names_subscribe`` and others in ``resource_locators_subscribe``. + // + // .. note:: + // It is legal for a request to have some resources listed + // in ``resource_names_subscribe`` and others in ``resource_locators_subscribe``. + // repeated ResourceLocator resource_locators_subscribe = 8; // [#not-implemented-hide:] // Alternative to ``resource_names_unsubscribe`` field that allows specifying dynamic parameters // along with each resource name. - // Note that it is legal for a request to have some resources listed - // in ``resource_names_unsubscribe`` and others in ``resource_locators_unsubscribe``. + // + // .. note:: + // It is legal for a request to have some resources listed + // in ``resource_names_unsubscribe`` and others in ``resource_locators_unsubscribe``. + // repeated ResourceLocator resource_locators_unsubscribe = 9; // Informs the server of the versions of the resources the xDS client knows of, to enable the // client to continue the same logical xDS session even in the face of gRPC stream reconnection. - // It will not be populated: [1] in the very first stream of a session, since the client will - // not yet have any resources, [2] in any message after the first in a stream (for a given - // type_url), since the server will already be correctly tracking the client's state. - // (In ADS, the first message *of each type_url* of a reconnected stream populates this map.) + // It will not be populated: + // + // * In the very first stream of a session, since the client will not yet have any resources. + // * In any message after the first in a stream (for a given ``type_url``), since the server will + // already be correctly tracking the client's state. + // + // (In ADS, the first message ``of each type_url`` of a reconnected stream populates this map.) // The map's keys are names of xDS resources known to the xDS client. // The map's values are opaque resource versions. map initial_resource_versions = 5; - // When the DeltaDiscoveryRequest is a ACK or NACK message in response - // to a previous DeltaDiscoveryResponse, the response_nonce must be the - // nonce in the DeltaDiscoveryResponse. - // Otherwise (unlike in DiscoveryRequest) response_nonce must be omitted. + // When the ``DeltaDiscoveryRequest`` is a ACK or NACK message in response + // to a previous ``DeltaDiscoveryResponse``, the ``response_nonce`` must be the + // nonce in the ``DeltaDiscoveryResponse``. + // Otherwise (unlike in ``DiscoveryRequest``) ``response_nonce`` must be omitted. string response_nonce = 6; // This is populated when the previous :ref:`DiscoveryResponse ` @@ -274,26 +297,26 @@ message DeltaDiscoveryResponse { string system_version_info = 1; // The response resources. These are typed resources, whose types must match - // the type_url field. + // the ``type_url`` field. repeated Resource resources = 2; // field id 3 IS available! // Type URL for resources. Identifies the xDS API when muxing over ADS. - // Must be consistent with the type_url in the Any within 'resources' if 'resources' is non-empty. + // Must be consistent with the ``type_url`` in the Any within 'resources' if 'resources' is non-empty. string type_url = 4; - // Resources names of resources that have be deleted and to be removed from the xDS Client. + // Resource names of resources that have been deleted and to be removed from the xDS Client. // Removed resources for missing resources can be ignored. repeated string removed_resources = 6; - // Alternative to removed_resources that allows specifying which variant of + // Alternative to ``removed_resources`` that allows specifying which variant of // a resource is being removed. This variant must be used for any resource // for which dynamic parameter constraints were sent to the client. repeated ResourceName removed_resource_names = 8; - // The nonce provides a way for DeltaDiscoveryRequests to uniquely - // reference a DeltaDiscoveryResponse when (N)ACKing. The nonce is required. + // The nonce provides a way for ``DeltaDiscoveryRequests`` to uniquely + // reference a ``DeltaDiscoveryResponse`` when (N)ACKing. The nonce is required. string nonce = 5; // [#not-implemented-hide:] @@ -301,17 +324,19 @@ message DeltaDiscoveryResponse { config.core.v3.ControlPlane control_plane = 7; // [#not-implemented-hide:] - // Errors associated with specific resources. Note that a resource in - // this field with a status of NOT_FOUND should be treated the same as - // a resource listed in the 'removed_resources' or 'removed_resource_names' - // fields. + // Errors associated with specific resources. + // + // .. note:: + // A resource in this field with a status of NOT_FOUND should be treated the same as + // a resource listed in the ``removed_resources`` or ``removed_resource_names`` fields. + // repeated ResourceError resource_errors = 9; } // A set of dynamic parameter constraints associated with a variant of an individual xDS resource. // These constraints determine whether the resource matches a subscription based on the set of // dynamic parameters in the subscription, as specified in the -// :ref:`ResourceLocator.dynamic_parameters` +// :ref:`ResourceLocator.dynamic_parameters ` // field. This allows xDS implementations (clients, servers, and caching proxies) to determine // which variant of a resource is appropriate for a given client. message DynamicParameterConstraints { @@ -365,8 +390,11 @@ message Resource { // [#not-implemented-hide:] message CacheControl { // If true, xDS proxies may not cache this resource. - // Note that this does not apply to clients other than xDS proxies, which must cache resources - // for their own use, regardless of the value of this field. + // + // .. note:: + // This does not apply to clients other than xDS proxies, which must cache resources + // for their own use, regardless of the value of this field. + // bool do_not_cache = 1; } @@ -396,7 +424,7 @@ message Resource { // configuration for the resource will be removed. // // The TTL can be refreshed or changed by sending a response that doesn't change the resource - // version. In this case the resource field does not need to be populated, which allows for + // version. In this case the ``resource`` field does not need to be populated, which allows for // light-weight "heartbeat" updates to keep a resource with a TTL alive. // // The TTL feature is meant to support configurations that should be removed in the event of diff --git a/api/src/main/proto/envoy/service/extension/v3/config_discovery.proto b/api/src/main/proto/envoy/service/extension/v3/config_discovery.proto index 8948555c7..0100bcffb 100644 --- a/api/src/main/proto/envoy/service/extension/v3/config_discovery.proto +++ b/api/src/main/proto/envoy/service/extension/v3/config_discovery.proto @@ -18,27 +18,29 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Extension config discovery service (ECDS)] // A service that supports dynamic configuration updates for a specific filter. -// Currently, ECDS is supported for network filters, HTTP filters, UDP session filters and Listener filters. +// Currently, ECDS is supported for network filters, HTTP filters, UDP session filters, and listener filters. // Please check :ref:`Extension Config Discovery Service (ECDS) API `. +// // The overall extension config discovery service works as follows: // -// 1. A filter (:ref:`Downstream Network `, +// #. A filter (:ref:`Downstream Network `, // :ref:`Upstream Network `, // :ref:`Listener `, // :ref:`UDP Session `, // or :ref:`HTTP `) -// contains a :ref:`config_discovery ` configuration. This configuration +// contains a (:ref:`ExtensionConfigSource config discovery `) configuration. This configuration // includes a :ref:`config_source `, // from which the filter configuration will be fetched. -// 2. The client then registers for a resource using the filter name as the resource_name. -// 3. The xDS server sends back the filter's configuration. -// 4. The client stores the configuration that will be used in the next instantiation of the filter chain, +// #. The client then registers for a resource using the filter name as the ``resource_name``. +// #. The xDS server sends back the filter's configuration. +// #. The client stores the configuration that will be used in the next instantiation of the filter chain, // i.e., for the next requests. Whenever an updated filter configuration arrives, it will be taken into // account in the following instantiation of the filter chain. // -// Note: Filters that are configured using ECDS are warmed. For more details see -// :ref:`ExtensionConfigSource `. - +// .. note:: +// Filters that are configured using ECDS are warmed. For more details see +// :ref:`ExtensionConfigSource `. +// // Return extension configurations. service ExtensionConfigDiscoveryService { option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig"; diff --git a/api/src/main/proto/envoy/service/network_ext_proc/v3/network_external_processor.proto b/api/src/main/proto/envoy/service/network_ext_proc/v3/network_external_processor.proto index 2cba2bea7..c148baf31 100644 --- a/api/src/main/proto/envoy/service/network_ext_proc/v3/network_external_processor.proto +++ b/api/src/main/proto/envoy/service/network_ext_proc/v3/network_external_processor.proto @@ -25,15 +25,17 @@ option (xds.annotations.v3.file_status).work_in_progress = true; // providing access to raw network data. // // The filter communicates with an external gRPC service that can: -// * Inspect network traffic in both directions (client->server and server->client) -// * Modify the payload data -// * Control connection lifecycle (continue, close gracefully, or reset) +// +// 1. Inspect network traffic in both directions (client->server and server->client) +// 2. Modify the payload data +// 3. Control connection lifecycle (continue, close gracefully, or reset) // // Use cases include: -// * Custom protocol inspection and modification -// * Advanced traffic manipulation -// * Security scanning and filtering -// * Dynamic connection management +// +// 1. Custom protocol inspection and modification +// 2. Advanced traffic manipulation +// 3. Security scanning and filtering +// 4. Dynamic connection management // // The service uses a bidirectional gRPC stream, maintaining state throughout // the connection lifetime while allowing asynchronous processing. diff --git a/api/src/main/proto/envoy/type/http/v3/cookie.proto b/api/src/main/proto/envoy/type/http/v3/cookie.proto index 0ceda999d..a7e7e9c4d 100644 --- a/api/src/main/proto/envoy/type/http/v3/cookie.proto +++ b/api/src/main/proto/envoy/type/http/v3/cookie.proto @@ -28,4 +28,20 @@ message Cookie { // Path of cookie. This will be used to set the path of a new cookie when it is generated. // If no path is specified here, no path will be set for the cookie. string path = 3; + + // Additional attributes for the cookie. They will be used when generating a new cookie. + repeated CookieAttribute attributes = 4; +} + +// CookieAttribute defines an API for adding additional attributes for a HTTP cookie. +message CookieAttribute { + // The name of the cookie attribute. + string name = 1 + [(validate.rules).string = + {min_len: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // The optional value of the cookie attribute. + string value = 2 [ + (validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false} + ]; } diff --git a/api/src/main/proto/envoy/type/matcher/v3/metadata.proto b/api/src/main/proto/envoy/type/matcher/v3/metadata.proto index d3316e88a..30abde97c 100644 --- a/api/src/main/proto/envoy/type/matcher/v3/metadata.proto +++ b/api/src/main/proto/envoy/type/matcher/v3/metadata.proto @@ -16,11 +16,11 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata matcher] -// MetadataMatcher provides a general interface to check if a given value is matched in -// :ref:`Metadata `. It uses `filter` and `path` to retrieve the value -// from the Metadata and then check if it's matched to the specified value. +// ``MetadataMatcher`` provides a general interface to check if a given value is matched in +// :ref:`Metadata `. It uses ``filter`` and ``path`` to retrieve the value +// from the ``Metadata`` and then check if it's matched to the specified value. // -// For example, for the following Metadata: +// For example, for the following ``Metadata``: // // .. code-block:: yaml // @@ -41,8 +41,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // - string_value: m // - string_value: n // -// The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro" -// from the Metadata which is matched to the specified prefix match. +// The following ``MetadataMatcher`` is matched as the path ``[a, b, c]`` will retrieve a string value ``pro`` +// from the ``Metadata`` which is matched to the specified prefix match. // // .. code-block:: yaml // @@ -55,7 +55,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // string_match: // prefix: pr // -// The following MetadataMatcher is matched as the code will match one of the string values in the +// The following ``MetadataMatcher`` is matched as the code will match one of the string values in the // list at the path [a, t]. // // .. code-block:: yaml @@ -70,7 +70,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // string_match: // exact: m // -// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to +// An example use of ``MetadataMatcher`` is specifying additional metadata in ``envoy.filters.http.rbac`` to // enforce access control based on dynamic metadata in a request. See :ref:`Permission // ` and :ref:`Principal // `. @@ -79,9 +79,11 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; message MetadataMatcher { option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.MetadataMatcher"; - // Specifies the segment in a path to retrieve value from Metadata. - // Note: Currently it's not supported to retrieve a value from a list in Metadata. This means that - // if the segment key refers to a list, it has to be the last segment in a path. + // Specifies the segment in a path to retrieve value from ``Metadata``. + // + // .. note:: + // Currently it's not supported to retrieve a value from a list in ``Metadata``. This means that + // if the segment key refers to a list, it has to be the last segment in a path. message PathSegment { option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.MetadataMatcher.PathSegment"; @@ -89,18 +91,18 @@ message MetadataMatcher { oneof segment { option (validate.required) = true; - // If specified, use the key to retrieve the value in a Struct. + // If specified, use the key to retrieve the value in a ``Struct``. string key = 1 [(validate.rules).string = {min_len: 1}]; } } - // The filter name to retrieve the Struct from the Metadata. + // The filter name to retrieve the ``Struct`` from the ``Metadata``. string filter = 1 [(validate.rules).string = {min_len: 1}]; - // The path to retrieve the Value from the Struct. + // The path to retrieve the ``Value`` from the ``Struct``. repeated PathSegment path = 2 [(validate.rules).repeated = {min_items: 1}]; - // The MetadataMatcher is matched if the value retrieved by path is matched to this value. + // The ``MetadataMatcher`` is matched if the value retrieved by path is matched to this value. ValueMatcher value = 3 [(validate.rules).message = {required: true}]; // If true, the match result will be inverted. diff --git a/api/src/main/proto/envoy/type/matcher/v3/string.proto b/api/src/main/proto/envoy/type/matcher/v3/string.proto index 10033749a..56d39565c 100644 --- a/api/src/main/proto/envoy/type/matcher/v3/string.proto +++ b/api/src/main/proto/envoy/type/matcher/v3/string.proto @@ -38,7 +38,10 @@ message StringMatcher { string exact = 1; // The input string must have the prefix specified here. - // Note: empty prefix is not allowed, please use regex instead. + // + // .. note:: + // + // Empty prefix match is not allowed, please use ``safe_regex`` instead. // // Examples: // @@ -46,7 +49,10 @@ message StringMatcher { string prefix = 2 [(validate.rules).string = {min_len: 1}]; // The input string must have the suffix specified here. - // Note: empty prefix is not allowed, please use regex instead. + // + // .. note:: + // + // Empty suffix match is not allowed, please use ``safe_regex`` instead. // // Examples: // @@ -57,7 +63,10 @@ message StringMatcher { RegexMatcher safe_regex = 5 [(validate.rules).message = {required: true}]; // The input string must have the substring specified here. - // Note: empty contains match is not allowed, please use regex instead. + // + // .. note:: + // + // Empty contains match is not allowed, please use ``safe_regex`` instead. // // Examples: // @@ -69,9 +78,10 @@ message StringMatcher { xds.core.v3.TypedExtensionConfig custom = 8; } - // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. This - // has no effect for the safe_regex match. - // For example, the matcher ``data`` will match both input string ``Data`` and ``data`` if set to true. + // If ``true``, indicates the exact/prefix/suffix/contains matching should be case insensitive. This + // has no effect for the ``safe_regex`` match. + // For example, the matcher ``data`` will match both input string ``Data`` and ``data`` if this option + // is set to ``true``. bool ignore_case = 6; } diff --git a/api/src/main/proto/envoy/type/metadata/v3/metadata.proto b/api/src/main/proto/envoy/type/metadata/v3/metadata.proto index 207585775..d131635bf 100644 --- a/api/src/main/proto/envoy/type/metadata/v3/metadata.proto +++ b/api/src/main/proto/envoy/type/metadata/v3/metadata.proto @@ -14,10 +14,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Metadata] -// MetadataKey provides a general interface using ``key`` and ``path`` to retrieve value from -// :ref:`Metadata `. +// MetadataKey provides a way to retrieve values from +// :ref:`Metadata ` using a ``key`` and a ``path``. // -// For example, for the following Metadata: +// For example, consider the following Metadata: // // .. code-block:: yaml // @@ -28,7 +28,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // xyz: // hello: envoy // -// The following MetadataKey will retrieve a string value "bar" from the Metadata. +// The following MetadataKey would retrieve the string value "bar" from the Metadata: // // .. code-block:: yaml // @@ -40,8 +40,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; message MetadataKey { option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKey"; - // Specifies the segment in a path to retrieve value from Metadata. - // Currently it is only supported to specify the key, i.e. field name, as one segment of a path. + // Specifies a segment in a path for retrieving values from Metadata. + // Currently, only key-based segments (field names) are supported. message PathSegment { option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKey.PathSegment"; @@ -49,25 +49,27 @@ message MetadataKey { oneof segment { option (validate.required) = true; - // If specified, use the key to retrieve the value in a Struct. + // If specified, use this key to retrieve the value in a Struct. string key = 1 [(validate.rules).string = {min_len: 1}]; } } - // The key name of Metadata to retrieve the Struct from the metadata. - // Typically, it represents a builtin subsystem or custom extension. + // The key name of the Metadata from which to retrieve the Struct. + // This typically represents a builtin subsystem or custom extension. string key = 1 [(validate.rules).string = {min_len: 1}]; - // The path to retrieve the Value from the Struct. It can be a prefix or a full path, - // e.g. ``[prop, xyz]`` for a struct or ``[prop, foo]`` for a string in the example, - // which depends on the particular scenario. + // The path used to retrieve a specific Value from the Struct. + // This can be either a prefix or a full path, depending on the use case. + // For example, ``[prop, xyz]`` would retrieve a struct or ``[prop, foo]`` would retrieve a string + // in the example above. // - // Note: Due to that only the key type segment is supported, the path can not specify a list - // unless the list is the last segment. + // .. note:: + // Since only key-type segments are supported, a path cannot specify a list + // unless the list is the last segment. repeated PathSegment path = 2 [(validate.rules).repeated = {min_items: 1}]; } -// Describes what kind of metadata. +// Describes different types of metadata sources. message MetadataKind { option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKind"; diff --git a/api/src/main/proto/opentelemetry/proto/collector/logs/v1/logs_service.proto b/api/src/main/proto/opentelemetry/proto/collector/logs/v1/logs_service.proto index 8260d8aae..8be5cf75e 100644 --- a/api/src/main/proto/opentelemetry/proto/collector/logs/v1/logs_service.proto +++ b/api/src/main/proto/opentelemetry/proto/collector/logs/v1/logs_service.proto @@ -28,8 +28,6 @@ option go_package = "go.opentelemetry.io/proto/otlp/collector/logs/v1"; // OpenTelemetry and an collector, or between an collector and a central collector (in this // case logs are sent/received to/from multiple Applications). service LogsService { - // For performance reasons, it is recommended to keep this RPC - // alive for the entire life of the application. rpc Export(ExportLogsServiceRequest) returns (ExportLogsServiceResponse) {} } diff --git a/api/src/main/proto/opentelemetry/proto/collector/metrics/v1/metrics_service.proto b/api/src/main/proto/opentelemetry/proto/collector/metrics/v1/metrics_service.proto index dd48f1ad3..bc0242844 100644 --- a/api/src/main/proto/opentelemetry/proto/collector/metrics/v1/metrics_service.proto +++ b/api/src/main/proto/opentelemetry/proto/collector/metrics/v1/metrics_service.proto @@ -28,8 +28,6 @@ option go_package = "go.opentelemetry.io/proto/otlp/collector/metrics/v1"; // instrumented with OpenTelemetry and a collector, or between a collector and a // central collector. service MetricsService { - // For performance reasons, it is recommended to keep this RPC - // alive for the entire life of the application. rpc Export(ExportMetricsServiceRequest) returns (ExportMetricsServiceResponse) {} } diff --git a/api/src/main/proto/opentelemetry/proto/collector/profiles/v1development/profiles_service.proto b/api/src/main/proto/opentelemetry/proto/collector/profiles/v1development/profiles_service.proto index ab2433ed2..81bb21064 100644 --- a/api/src/main/proto/opentelemetry/proto/collector/profiles/v1development/profiles_service.proto +++ b/api/src/main/proto/opentelemetry/proto/collector/profiles/v1development/profiles_service.proto @@ -27,8 +27,6 @@ option go_package = "go.opentelemetry.io/proto/otlp/collector/profiles/v1develop // Service that can be used to push profiles between one Application instrumented with // OpenTelemetry and a collector, or between a collector and a central collector. service ProfilesService { - // For performance reasons, it is recommended to keep this RPC - // alive for the entire life of the application. rpc Export(ExportProfilesServiceRequest) returns (ExportProfilesServiceResponse) {} } @@ -39,6 +37,9 @@ message ExportProfilesServiceRequest { // data from multiple origins typically batch the data before forwarding further and // in that case this array will contain multiple elements. repeated opentelemetry.proto.profiles.v1development.ResourceProfiles resource_profiles = 1; + + // The reference table containing all data shared by profiles across the message being sent. + opentelemetry.proto.profiles.v1development.ProfilesDictionary dictionary = 2; } message ExportProfilesServiceResponse { diff --git a/api/src/main/proto/opentelemetry/proto/collector/trace/v1/trace_service.proto b/api/src/main/proto/opentelemetry/proto/collector/trace/v1/trace_service.proto index d6fe67f9e..efbbedbe4 100644 --- a/api/src/main/proto/opentelemetry/proto/collector/trace/v1/trace_service.proto +++ b/api/src/main/proto/opentelemetry/proto/collector/trace/v1/trace_service.proto @@ -28,8 +28,6 @@ option go_package = "go.opentelemetry.io/proto/otlp/collector/trace/v1"; // OpenTelemetry and a collector, or between a collector and a central collector (in this // case spans are sent/received to/from multiple Applications). service TraceService { - // For performance reasons, it is recommended to keep this RPC - // alive for the entire life of the application. rpc Export(ExportTraceServiceRequest) returns (ExportTraceServiceResponse) {} } diff --git a/api/src/main/proto/opentelemetry/proto/common/v1/common.proto b/api/src/main/proto/opentelemetry/proto/common/v1/common.proto index ff8a21a1f..57c9f86e0 100644 --- a/api/src/main/proto/opentelemetry/proto/common/v1/common.proto +++ b/api/src/main/proto/opentelemetry/proto/common/v1/common.proto @@ -79,3 +79,37 @@ message InstrumentationScope { repeated KeyValue attributes = 3; uint32 dropped_attributes_count = 4; } + +// A reference to an Entity. +// Entity represents an object of interest associated with produced telemetry: e.g spans, metrics, profiles, or logs. +// +// Status: [Development] +message EntityRef { + // The Schema URL, if known. This is the identifier of the Schema that the entity data + // is recorded in. To learn more about Schema URL see + // https://opentelemetry.io/docs/specs/otel/schemas/#schema-url + // + // This schema_url applies to the data in this message and to the Resource attributes + // referenced by id_keys and description_keys. + // TODO: discuss if we are happy with this somewhat complicated definition of what + // the schema_url applies to. + // + // This field obsoletes the schema_url field in ResourceMetrics/ResourceSpans/ResourceLogs. + string schema_url = 1; + + // Defines the type of the entity. MUST not change during the lifetime of the entity. + // For example: "service" or "host". This field is required and MUST not be empty + // for valid entities. + string type = 2; + + // Attribute Keys that identify the entity. + // MUST not change during the lifetime of the entity. The Id must contain at least one attribute. + // These keys MUST exist in the containing {message}.attributes. + repeated string id_keys = 3; + + // Descriptive (non-identifying) attribute keys of the entity. + // MAY change over the lifetime of the entity. MAY be empty. + // These attribute keys are not part of entity's identity. + // These keys MUST exist in the containing {message}.attributes. + repeated string description_keys = 4; +} \ No newline at end of file diff --git a/api/src/main/proto/opentelemetry/proto/logs/v1/logs.proto b/api/src/main/proto/opentelemetry/proto/logs/v1/logs.proto index 261d22916..4fe113086 100644 --- a/api/src/main/proto/opentelemetry/proto/logs/v1/logs.proto +++ b/api/src/main/proto/opentelemetry/proto/logs/v1/logs.proto @@ -221,7 +221,5 @@ message LogRecord { // as an event. // // [Optional]. - // - // Status: [Development] string event_name = 12; } diff --git a/api/src/main/proto/opentelemetry/proto/metrics/v1/metrics.proto b/api/src/main/proto/opentelemetry/proto/metrics/v1/metrics.proto index 00c5112ce..a42e51a60 100644 --- a/api/src/main/proto/opentelemetry/proto/metrics/v1/metrics.proto +++ b/api/src/main/proto/opentelemetry/proto/metrics/v1/metrics.proto @@ -194,7 +194,7 @@ message Metric { string description = 2; // unit in which the metric value is reported. Follows the format - // described by http://unitsofmeasure.org/ucum.html. + // described by https://unitsofmeasure.org/ucum.html. string unit = 3; // Data determines the aggregation type (if any) of the metric, what is the @@ -266,7 +266,7 @@ message ExponentialHistogram { // Summary metric data are used to convey quantile summaries, // a Prometheus (see: https://prometheus.io/docs/concepts/metric_types/#summary) -// and OpenMetrics (see: https://github.com/OpenObservability/OpenMetrics/blob/4dbf6075567ab43296eed941037c12951faafb92/protos/prometheus.proto#L45) +// and OpenMetrics (see: https://github.com/prometheus/OpenMetrics/blob/4dbf6075567ab43296eed941037c12951faafb92/protos/prometheus.proto#L45) // data type. These data points cannot always be merged in a meaningful way. // While they can be useful in some applications, histogram data points are // recommended for new applications. @@ -461,7 +461,9 @@ message HistogramDataPoint { // The sum of the bucket_counts must equal the value in the count field. // // The number of elements in bucket_counts array must be by one greater than - // the number of elements in explicit_bounds array. + // the number of elements in explicit_bounds array. The exception to this rule + // is when the length of bucket_counts is 0, then the length of explicit_bounds + // must also be 0. repeated fixed64 bucket_counts = 6; // explicit_bounds specifies buckets with explicitly defined bounds for values. @@ -477,6 +479,9 @@ message HistogramDataPoint { // Histogram buckets are inclusive of their upper boundary, except the last // bucket where the boundary is at infinity. This format is intentionally // compatible with the OpenMetrics histogram definition. + // + // If bucket_counts length is 0 then explicit_bounds length must also be 0, + // otherwise the data point is invalid. repeated double explicit_bounds = 7; // (Optional) List of exemplars collected from @@ -533,7 +538,7 @@ message ExponentialHistogramDataPoint { // doing so. This is specifically to enforce compatibility w/ OpenMetrics, // see: https://github.com/prometheus/OpenMetrics/blob/v1.0.0/specification/OpenMetrics.md#histogram optional double sum = 5; - + // scale describes the resolution of the histogram. Boundaries are // located at powers of the base, where: // @@ -571,7 +576,7 @@ message ExponentialHistogramDataPoint { // of counts. message Buckets { // Offset is the bucket index of the first entry in the bucket_counts array. - // + // // Note: This uses a varint encoding as a simple form of compression. sint32 offset = 1; @@ -585,7 +590,7 @@ message ExponentialHistogramDataPoint { // especially zeros, so uint64 has been selected to ensure // varint encoding. repeated uint64 bucket_counts = 2; - } + } // Flags that apply to this specific data point. See DataPointFlags // for the available flags and their meaning. diff --git a/api/src/main/proto/opentelemetry/proto/profiles/v1development/profiles.proto b/api/src/main/proto/opentelemetry/proto/profiles/v1development/profiles.proto index 1cb20b05c..ff03815f6 100644 --- a/api/src/main/proto/opentelemetry/proto/profiles/v1development/profiles.proto +++ b/api/src/main/proto/opentelemetry/proto/profiles/v1development/profiles.proto @@ -43,15 +43,15 @@ option go_package = "go.opentelemetry.io/proto/otlp/profiles/v1development"; // Relationships Diagram // -// ┌──────────────────┐ LEGEND -// │ ProfilesData │ -// └──────────────────┘ ─────▶ embedded -// │ -// │ 1-n ─────▷ referenced by index -// ▼ -// ┌──────────────────┐ -// │ ResourceProfiles │ -// └──────────────────┘ +// ┌──────────────────┐ LEGEND +// │ ProfilesData │ ─────┐ +// └──────────────────┘ │ ─────▶ embedded +// │ │ +// │ 1-n │ ─────▷ referenced by index +// ▼ ▼ +// ┌──────────────────┐ ┌────────────────────┐ +// │ ResourceProfiles │ │ ProfilesDictionary │ +// └──────────────────┘ └────────────────────┘ // │ // │ 1-n // ▼ @@ -90,6 +90,33 @@ option go_package = "go.opentelemetry.io/proto/otlp/profiles/v1development"; // └──────────────────┘ // +// ProfilesDictionary represents the profiles data shared across the +// entire message being sent. +message ProfilesDictionary { + // Mappings from address ranges to the image/binary/library mapped + // into that address range referenced by locations via Location.mapping_index. + repeated Mapping mapping_table = 1; + + // Locations referenced by samples via Profile.location_indices. + repeated Location location_table = 2; + + // Functions referenced by locations via Line.function_index. + repeated Function function_table = 3; + + // Links referenced by samples via Sample.link_index. + repeated Link link_table = 4; + + // A common table for strings referenced by various messages. + // string_table[0] must always be "". + repeated string string_table = 5; + + // A common table for attributes referenced by various messages. + repeated opentelemetry.proto.common.v1.KeyValue attribute_table = 6; + + // Represents a mapping between Attribute Keys and Units. + repeated AttributeUnit attribute_units = 7; +} + // ProfilesData represents the profiles data that can be stored in persistent storage, // OR can be embedded by other protocols that transfer OTLP profiles data but do not // implement the OTLP protocol. @@ -102,11 +129,16 @@ option go_package = "go.opentelemetry.io/proto/otlp/profiles/v1development"; // as well. message ProfilesData { // An array of ResourceProfiles. - // For data coming from a single resource this array will typically contain - // one element. Intermediary nodes that receive data from multiple origins - // typically batch the data before forwarding further and in that case this - // array will contain multiple elements. + // For data coming from an SDK profiler, this array will typically contain one + // element. Host-level profilers will usually create one ResourceProfile per + // container, as well as one additional ResourceProfile grouping all samples + // from non-containerized processes. + // Other resource groupings are possible as well and clarified via + // Resource.attributes and semantic conventions. repeated ResourceProfiles resource_profiles = 1; + + // One instance of ProfilesDictionary + ProfilesDictionary dictionary = 2; } @@ -180,7 +212,6 @@ message ScopeProfiles { // for ease of understanding data migration, it is not intended that pprof:Profile and // OpenTelemetry:Profile encoding be wire compatible. message Profile { - // A description of the samples associated with each Sample.value. // For a cpu profile this might be: // [["cpu","nanoseconds"]] or [["wall","seconds"]] or [["syscall","count"]] @@ -192,63 +223,44 @@ message Profile { repeated ValueType sample_type = 1; // The set of samples recorded in this profile. repeated Sample sample = 2; - // Mapping from address ranges to the image/binary/library mapped - // into that address range. mapping[0] will be the main binary. - // If multiple binaries contribute to the Profile and no main - // binary can be identified, mapping[0] has no special meaning. - repeated Mapping mapping_table = 3; - // Locations referenced by samples via location_indices. - repeated Location location_table = 4; - // Array of locations referenced by samples. - repeated int32 location_indices = 5; - // Functions referenced by locations. - repeated Function function_table = 6; - // Lookup table for attributes. - repeated opentelemetry.proto.common.v1.KeyValue attribute_table = 7; - // Represents a mapping between Attribute Keys and Units. - repeated AttributeUnit attribute_units = 8; - // Lookup table for links. - repeated Link link_table = 9; - // A common table for strings referenced by various messages. - // string_table[0] must always be "". - repeated string string_table = 10; - // The following fields 9-14 are informational, do not affect + // References to locations in ProfilesDictionary.location_table. + repeated int32 location_indices = 3; + + // The following fields 4-14 are informational, do not affect // interpretation of results. // Time of collection (UTC) represented as nanoseconds past the epoch. - int64 time_nanos = 11; + int64 time_nanos = 4; // Duration of the profile, if a duration makes sense. - int64 duration_nanos = 12; + int64 duration_nanos = 5; // The kind of events between sampled occurrences. // e.g [ "cpu","cycles" ] or [ "heap","bytes" ] - ValueType period_type = 13; + ValueType period_type = 6; // The number of events between sampled occurrences. - int64 period = 14; + int64 period = 7; // Free-form text associated with the profile. The text is displayed as is // to the user by the tools that read profiles (e.g. by pprof). This field // should not be used to store any machine-readable information, it is only // for human-friendly content. The profile must stay functional if this field // is cleaned. - repeated int32 comment_strindices = 15; // Indices into string table. - // Index into the string table of the type of the preferred sample - // value. If unset, clients should default to the last sample value. - int32 default_sample_type_strindex = 16; - + repeated int32 comment_strindices = 8; // Indices into ProfilesDictionary.string_table. + // Index into the sample_type array to the default sample type. + int32 default_sample_type_index = 9; // A globally unique identifier for a profile. The ID is a 16-byte array. An ID with // all zeroes is considered invalid. // // This field is required. - bytes profile_id = 17; + bytes profile_id = 10; // dropped_attributes_count is the number of attributes that were discarded. Attributes // can be discarded because their keys are too long or because there are too many // attributes. If this value is 0, then no attributes were dropped. - uint32 dropped_attributes_count = 19; + uint32 dropped_attributes_count = 11; // Specifies format of the original payload. Common values are defined in semantic conventions. [required if original_payload is present] - string original_payload_format = 20; + string original_payload_format = 12; // Original payload can be stored in this field. This can be useful for users who want to get the original payload. // Formats such as JFR are highly extensible and can contain more information than what is defined in this spec. @@ -256,7 +268,7 @@ message Profile { // If the original payload is in pprof format, it SHOULD not be included in this field. // The field is optional, however if it is present then equivalent converted data should be populated in other fields // of this message as far as is practicable. - bytes original_payload = 21; + bytes original_payload = 13; // References to attributes in attribute_table. [optional] // It is a collection of key/value pairs. Note, global attributes @@ -271,7 +283,7 @@ message Profile { // https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/common/README.md#attribute // Attribute keys MUST be unique (it is not allowed to have more than one // attribute with the same key). - repeated int32 attribute_indices = 22; + repeated int32 attribute_indices = 14; } // Represents a mapping between Attribute Keys and Units. @@ -363,8 +375,8 @@ enum AggregationTemporality { // ValueType describes the type and units of a value, with an optional aggregation temporality. message ValueType { - int32 type_strindex = 1; // Index into string table. - int32 unit_strindex = 2; // Index into string table. + int32 type_strindex = 1; // Index into ProfilesDictionary.string_table. + int32 unit_strindex = 2; // Index into ProfilesDictionary.string_table. AggregationTemporality aggregation_temporality = 3; } @@ -386,10 +398,10 @@ message Sample { // result has a list of values that is the element-wise sum of the // lists of the originals. repeated int64 value = 3; - // References to attributes in Profile.attribute_table. [optional] + // References to attributes in ProfilesDictionary.attribute_table. [optional] repeated int32 attribute_indices = 4; - // Reference to link in Profile.link_table. [optional] + // Reference to link in ProfilesDictionary.link_table. [optional] optional int32 link_index = 5; // Timestamps associated with Sample represented in nanoseconds. These timestamps are expected @@ -409,8 +421,8 @@ message Mapping { // The object this entry is loaded from. This can be a filename on // disk for the main binary and shared libraries, or virtual // abstractions like "[vdso]". - int32 filename_strindex = 4; // Index into string table - // References to attributes in Profile.attribute_table. [optional] + int32 filename_strindex = 4; // Index into ProfilesDictionary.string_table. + // References to attributes in ProfilesDictionary.attribute_table. [optional] repeated int32 attribute_indices = 5; // The following fields indicate the resolution of symbolic info. bool has_functions = 6; @@ -421,7 +433,7 @@ message Mapping { // Describes function and line table debug information. message Location { - // Reference to mapping in Profile.mapping_table. + // Reference to mapping in ProfilesDictionary.mapping_table. // It can be unset if the mapping is unknown or not applicable for // this profile type. optional int32 mapping_index = 1; @@ -446,30 +458,30 @@ message Location { // profile changes. bool is_folded = 4; - // References to attributes in Profile.attribute_table. [optional] + // References to attributes in ProfilesDictionary.attribute_table. [optional] repeated int32 attribute_indices = 5; } // Details a specific line in a source code, linked to a function. message Line { - // Reference to function in Profile.function_table. + // Reference to function in ProfilesDictionary.function_table. int32 function_index = 1; - // Line number in source code. + // Line number in source code. 0 means unset. int64 line = 2; - // Column number in source code. + // Column number in source code. 0 means unset. int64 column = 3; } // Describes a function, including its human-readable name, system name, // source file, and starting line number in the source. message Function { - // Name of the function, in human-readable form if available. - int32 name_strindex = 1; // Index into string table - // Name of the function, as identified by the system. - // For instance, it can be a C++ mangled name. - int32 system_name_strindex = 2; // Index into string table - // Source file containing the function. - int32 filename_strindex = 3; // Index into string table - // Line number in source file. + // Function name. Empty string if not available. + int32 name_strindex = 1; + // Function name, as identified by the system. For instance, + // it can be a C++ mangled name. Empty string if not available. + int32 system_name_strindex = 2; + // Source file containing the function. Empty string if not available. + int32 filename_strindex = 3; + // Line number in source file. 0 means unset. int64 start_line = 4; } diff --git a/api/src/main/proto/opentelemetry/proto/resource/v1/resource.proto b/api/src/main/proto/opentelemetry/proto/resource/v1/resource.proto index 6637560bc..05d445684 100644 --- a/api/src/main/proto/opentelemetry/proto/resource/v1/resource.proto +++ b/api/src/main/proto/opentelemetry/proto/resource/v1/resource.proto @@ -34,4 +34,11 @@ message Resource { // dropped_attributes_count is the number of dropped attributes. If the value is 0, then // no attributes were dropped. uint32 dropped_attributes_count = 2; + + // Set of entities that participate in this Resource. + // + // Note: keys in the references MUST exist in attributes of this message. + // + // Status: [Development] + repeated opentelemetry.proto.common.v1.EntityRef entity_refs = 3; } diff --git a/api/src/main/proto/xds/type/matcher/v3/cel.proto b/api/src/main/proto/xds/type/matcher/v3/cel.proto index a9a4e01ab..a45af9534 100644 --- a/api/src/main/proto/xds/type/matcher/v3/cel.proto +++ b/api/src/main/proto/xds/type/matcher/v3/cel.proto @@ -20,7 +20,7 @@ option go_package = "github.com/cncf/xds/go/xds/type/matcher/v3"; // // The match is ``true``, iff the result of the evaluation is a bool AND true. // In all other cases, the match is ``false``, including but not limited to: non-bool types, -// ``false``, ``null``,`` int(1)``, etc. +// ``false``, ``null``, ``int(1)``, etc. // In case CEL expression raises an error, the result of the evaluation is interpreted "no match". // // Refer to :ref:`Unified Matcher API ` documentation diff --git a/api/src/main/proto/xds/type/matcher/v3/matcher.proto b/api/src/main/proto/xds/type/matcher/v3/matcher.proto index da7c1f91d..cc03ff6e9 100644 --- a/api/src/main/proto/xds/type/matcher/v3/matcher.proto +++ b/api/src/main/proto/xds/type/matcher/v3/matcher.proto @@ -35,6 +35,14 @@ message Matcher { // Protocol-specific action to take. core.v3.TypedExtensionConfig action = 2; } + + // If true and the Matcher matches, the action will be taken but the caller + // will behave as if the Matcher did not match. A subsequent matcher or + // on_no_match action will be used instead. + // This field is not supported in all contexts in which the matcher API is + // used. If this field is set in a context in which it's not supported, + // the resource will be rejected. + bool keep_matching = 3; } // A linear list of field matchers. diff --git a/api/src/main/proto/xds/type/v3/cel.proto b/api/src/main/proto/xds/type/v3/cel.proto index df4f81d90..043990401 100644 --- a/api/src/main/proto/xds/type/v3/cel.proto +++ b/api/src/main/proto/xds/type/v3/cel.proto @@ -47,6 +47,13 @@ message CelExpression { // // If set, takes precedence over ``cel_expr_parsed``. cel.expr.CheckedExpr cel_expr_checked = 4; + + // Unparsed expression in string form. For example, ``request.headers['x-env'] == 'prod'`` will + // get ``x-env`` header value and compare it with ``prod``. + // Check the `Common Expression Language `_ for more details. + // + // If set, takes precedence over ``cel_expr_parsed`` and ``cel_expr_checked``. + string cel_expr_string = 5; } // Extracts a string by evaluating a `Common Expression Language diff --git a/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java b/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java index e4ce480cc..f41c0948f 100644 --- a/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java +++ b/server/src/test/java/io/envoyproxy/controlplane/server/EnvoyContainer.java @@ -24,7 +24,7 @@ class EnvoyContainer extends GenericContainer { EnvoyContainer(String config, Supplier controlPlanePortSupplier) { // this version is changed automatically by /tools/update-sha.sh:57 // if you change it make sure to reflect changes there - super("envoyproxy/envoy:v1.34.0"); + super("envoyproxy/envoy:v1.35.0"); this.config = config; this.controlPlanePortSupplier = controlPlanePortSupplier; } diff --git a/tools/API_SHAS b/tools/API_SHAS index 68e448f87..901328f7d 100644 --- a/tools/API_SHAS +++ b/tools/API_SHAS @@ -1,12 +1,12 @@ # Update the versions here and run update-api.sh # envoy (source: SHA from https://github.com/envoyproxy/envoy) -ENVOY_SHA="d7809ba2b07fd869d49bfb122b27f6a7977b4d94" +ENVOY_SHA="84305a6cb64bd55aaf606bdd53de7cd6080427a1" -# dependencies (source: https://github.com/envoyproxy/envoy/blob/d7809ba2b07fd869d49bfb122b27f6a7977b4d94/api/bazel/repository_locations.bzl) +# dependencies (source: https://github.com/envoyproxy/envoy/blob/84305a6cb64bd55aaf606bdd53de7cd6080427a1/api/bazel/repository_locations.bzl) GOOGLEAPIS_SHA="fd52b5754b2b268bc3a22a10f29844f206abb327" # 2024-09-16 PGV_VERSION="1.0.4" # 2024-01-17 -PROMETHEUS_SHA="0.6.1" # 2024-04-03 -OPENTELEMETRY_VERSION="1.5.0" # 2024-12-17 -CEL_VERSION="0.22.1" # 2025-03-24 -XDS_SHA="b4127c9b8d78b77423fd25169f05b7476b6ea932" # 2024-09-05 +PROMETHEUS_SHA="0.6.2" # 2025-04-11 +OPENTELEMETRY_VERSION="1.7.0" # 2025-05-21 +CEL_VERSION="0.24.0" # 2025-05-09 +XDS_SHA="2ac532fd44436293585084f8d94c6bdb17835af0" # 2025-05-01 diff --git a/tools/envoy_release b/tools/envoy_release index 995ab8e3f..099485f45 100644 --- a/tools/envoy_release +++ b/tools/envoy_release @@ -1 +1 @@ -v1.34.0 +v1.35.0