grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds: import latest envoy and udpa protos to get new fields (#7747)

This commit is contained in:
sanjaypujare 2020-12-22 12:22:40 -08:00 committed by GitHub
parent 5212e3c6df
commit e530e10648
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
46 changed files with 482 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
xds/third_party/envoy/import.sh vendored
View File

@ -18,7 +18,7 @@
set -e
BRANCH=master
# import VERSION from one of the google internal CLs
VERSION=1c27396b1f7e756ba79eed72b47f485d44da1d41
VERSION=af17f954653afcab6a189673e3500b2e988f1aef
GIT_REPO="https://github.com/envoyproxy/envoy.git"
GIT_BASE_DIR=envoy
SOURCE_PROTO_BASE_DIR=envoy/api

10
xds/third_party/envoy/src/main/proto/envoy/api/v2/cluster.proto vendored
View File

@ -352,6 +352,10 @@ message Cluster {
// This header isn't sanitized by default, so enabling this feature allows HTTP clients to
// route traffic to arbitrary hosts and/or ports, which may have serious security
// consequences.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
bool use_http_header = 1;
}
@ -677,10 +681,16 @@ message Cluster {
// :ref:`STRICT_DNS<envoy_api_enum_value_Cluster.DiscoveryType.STRICT_DNS>`
// and :ref:`LOGICAL_DNS<envoy_api_enum_value_Cluster.DiscoveryType.LOGICAL_DNS>`
// this setting is ignored.
// Setting this value causes failure if the
// ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
// server startup. Apple's API only allows overriding DNS resolvers via system settings.
repeated core.Address dns_resolvers = 18;
// [#next-major-version: Reconcile DNS options in a single message.]
// Always use TCP queries instead of UDP queries for DNS lookups.
// Setting this value causes failure if the
// ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
// server startup. Apple' API only uses UDP for DNS resolution.
bool use_tcp_for_dns_lookups = 45;
// If specified, outlier detection will be enabled for this upstream cluster.

8
xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route_components.proto vendored
View File

@ -756,6 +756,10 @@ message RouteAction {
//
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1
// *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
string cluster_header = 2
[(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
@ -866,6 +870,10 @@ message RouteAction {
//
// Pay attention to the potential security implications of using this option. Provided header
// must come from trusted source.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
string auto_host_rewrite_header = 29 [
(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false},
(udpa.annotations.field_migrate).rename = "host_rewrite_header"

2
xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto vendored
View File

@ -164,7 +164,7 @@ message RuntimeFilter {
// Runtime key to get an optional overridden numerator for use in the
// *percent_sampled* field. If found in runtime, this value will replace the
// default numerator.
string runtime_key = 1 [(validate.rules).string = {min_bytes: 1}];
string runtime_key = 1 [(validate.rules).string = {min_len: 1}];
// The default sampling percentage. If not specified, defaults to 0% with
// denominator of 100.

22
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto vendored
View File

@ -19,8 +19,8 @@ import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
import "udpa/core/v1/collection_entry.proto";
import "udpa/core/v1/resource_locator.proto";
import "xds/core/v3/collection_entry.proto";
import "xds/core/v3/resource_locator.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/migrate.proto";
@ -39,7 +39,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// Cluster list collections. Entries are *Cluster* resources or references.
// [#not-implemented-hide:]
message ClusterCollection {
udpa.core.v1.CollectionEntry entries = 1;
xds.core.v3.CollectionEntry entries = 1;
}
// Configuration for a single upstream cluster.
@ -170,7 +170,7 @@ message Cluster {
"envoy.api.v2.Cluster.CustomClusterType";
// The type of the cluster to instantiate. The name must match a supported cluster type.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// Cluster specific configuration which depends on the cluster being instantiated.
// See the supported cluster for further documentation.
@ -192,7 +192,7 @@ message Cluster {
// Resource locator for EDS. This is mutually exclusive to *service_name*.
// [#not-implemented-hide:]
udpa.core.v1.ResourceLocator eds_resource_locator = 3
xds.core.v3.ResourceLocator eds_resource_locator = 3
[(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
}
@ -436,6 +436,10 @@ message Cluster {
// This header isn't sanitized by default, so enabling this feature allows HTTP clients to
// route traffic to arbitrary hosts and/or ports, which may have serious security
// consequences.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
bool use_http_header = 1;
}
@ -700,7 +704,7 @@ message Cluster {
// :ref:`statistics <config_cluster_manager_cluster_stats>` if :ref:`alt_stat_name
// <envoy_api_field_config.cluster.v3.Cluster.alt_stat_name>` is not provided.
// Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// An optional alternative to the cluster name to be used while emitting stats.
// Any ``:`` in the name will be converted to ``_`` when emitting statistics. This should not be
@ -829,10 +833,16 @@ message Cluster {
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// and :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
// this setting is ignored.
// Setting this value causes failure if the
// ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
// server startup. Apple's API only allows overriding DNS resolvers via system settings.
repeated core.v3.Address dns_resolvers = 18;
// [#next-major-version: Reconcile DNS options in a single message.]
// Always use TCP queries instead of UDP queries for DNS lookups.
// Setting this value causes failure if the
// ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
// server startup. Apple' API only uses UDP for DNS resolution.
bool use_tcp_for_dns_lookups = 45;
// If specified, outlier detection will be enabled for this upstream cluster.

2
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/filter.proto vendored
View File

@ -21,7 +21,7 @@ message Filter {
// The name of the filter to instantiate. The name must match a
// :ref:`supported filter <config_network_filters>`.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// Filter specific configuration which depends on the filter being
// instantiated. See the supported filters for further documentation.

7
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto vendored
View File

@ -24,7 +24,7 @@ message Pipe {
// abstract namespace. The starting '@' is replaced by a null byte by Envoy.
// Paths starting with '@' will result in an error in environments other than
// Linux.
string path = 1 [(validate.rules).string = {min_bytes: 1}];
string path = 1 [(validate.rules).string = {min_len: 1}];
// The mode for the Pipe. Not applicable for abstract sockets.
uint32 mode = 2 [(validate.rules).uint32 = {lte: 511}];
@ -32,6 +32,7 @@ message Pipe {
// [#not-implemented-hide:] The address represents an envoy internal listener.
// TODO(lambdai): Make this address available for listener and endpoint.
// TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.
message EnvoyInternalAddress {
oneof address_name_specifier {
option (validate.required) = true;
@ -63,7 +64,7 @@ message SocketAddress {
// address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS
// (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized
// via :ref:`resolver_name <envoy_api_field_config.core.v3.SocketAddress.resolver_name>`.
string address = 2 [(validate.rules).string = {min_bytes: 1}];
string address = 2 [(validate.rules).string = {min_len: 1}];
oneof port_specifier {
option (validate.required) = true;
@ -152,7 +153,7 @@ message CidrRange {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.CidrRange";
// IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``.
string address_prefix = 1 [(validate.rules).string = {min_bytes: 1}];
string address_prefix = 1 [(validate.rules).string = {min_len: 1}];
// Length of prefix, e.g. 0, 32.
google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}];

32
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto vendored
View File

@ -237,7 +237,16 @@ message RuntimeUInt32 {
uint32 default_value = 2;
// Runtime key to get value for comparison. This value is used if defined.
string runtime_key = 3 [(validate.rules).string = {min_bytes: 1}];
string runtime_key = 3 [(validate.rules).string = {min_len: 1}];
}
// Runtime derived percentage with a default when not specified.
message RuntimePercent {
// Default value if runtime value is not available.
type.v3.Percent default_value = 1;
// Runtime key to get value for comparison. This value is used if defined.
string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
}
// Runtime derived double with a default when not specified.
@ -248,7 +257,7 @@ message RuntimeDouble {
double default_value = 1;
// Runtime key to get value for comparison. This value is used if defined.
string runtime_key = 2 [(validate.rules).string = {min_bytes: 1}];
string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
}
// Runtime derived bool with a default when not specified.
@ -262,7 +271,7 @@ message RuntimeFeatureFlag {
// Runtime key to get value for comparison. This value is used if defined. The boolean value must
// be represented via its
// `canonical JSON encoding <https://developers.google.com/protocol-buffers/docs/proto3#json>`_.
string runtime_key = 2 [(validate.rules).string = {min_bytes: 1}];
string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
}
// Header name/value pair.
@ -272,7 +281,7 @@ message HeaderValue {
// Header name.
string key = 1
[(validate.rules).string =
{min_bytes: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}];
{min_len: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}];
// Header value.
//
@ -304,6 +313,13 @@ message HeaderMap {
repeated HeaderValue headers = 1;
}
// A directory that is watched for changes, e.g. by inotify on Linux. Move/rename
// events inside this directory trigger the watch.
message WatchedDirectory {
// Directory path to watch.
string path = 1 [(validate.rules).string = {min_len: 1}];
}
// Data source consisting of either a file or an inline value.
message DataSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.DataSource";
@ -312,13 +328,13 @@ message DataSource {
option (validate.required) = true;
// Local filesystem data source.
string filename = 1 [(validate.rules).string = {min_bytes: 1}];
string filename = 1 [(validate.rules).string = {min_len: 1}];
// Bytes inlined in the configuration.
bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}];
// String inlined in the configuration.
string inline_string = 3 [(validate.rules).string = {min_bytes: 1}];
string inline_string = 3 [(validate.rules).string = {min_len: 1}];
}
}
@ -345,7 +361,7 @@ message RemoteDataSource {
HttpUri http_uri = 1 [(validate.rules).message = {required: true}];
// SHA256 string for verifying data.
string sha256 = 2 [(validate.rules).string = {min_bytes: 1}];
string sha256 = 2 [(validate.rules).string = {min_len: 1}];
// Retry policy for fetching remote data.
RetryPolicy retry_policy = 3;
@ -379,7 +395,7 @@ message TransportSocket {
// The name of the transport socket to instantiate. The name must match a supported transport
// socket implementation.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// Implementation specific configuration which depends on the implementation being instantiated.
// See the supported transport socket implementations for further documentation.

6
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto vendored
View File

@ -7,7 +7,7 @@ import "envoy/config/core/v3/grpc_service.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/core/v1/authority.proto";
import "xds/core/v3/authority.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
@ -153,11 +153,11 @@ message ConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource";
// Authorities that this config source may be used for. An authority specified
// in a *udpa.core.v1.ResourceLocator* is resolved to a *ConfigSource* prior
// in a *xds.core.v3.ResourceLocator* is resolved to a *ConfigSource* prior
// to configuration fetch. This field provides the association between
// authority name and configuration source.
// [#not-implemented-hide:]
repeated udpa.core.v1.Authority authorities = 7;
repeated xds.core.v3.Authority authorities = 7;
oneof config_source_specifier {
option (validate.required) = true;

20
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto vendored
View File

@ -35,13 +35,13 @@ message GrpcService {
// The name of the upstream gRPC cluster. SSL credentials will be supplied
// in the :ref:`Cluster <envoy_api_msg_config.cluster.v3.Cluster>` :ref:`transport_socket
// <envoy_api_field_config.cluster.v3.Cluster.transport_socket>`.
string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
string cluster_name = 1 [(validate.rules).string = {min_len: 1}];
// The `:authority` header in the grpc request. If this field is not set, the authority header value will be `cluster_name`.
// Note that this authority does not override the SNI. The SNI is provided by the transport socket of the cluster.
string authority = 2
[(validate.rules).string =
{min_bytes: 0 max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}];
{min_len: 0 max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}];
}
// [#next-free-field: 9]
@ -160,10 +160,10 @@ message GrpcService {
// The path of subject token, a security token that represents the
// identity of the party on behalf of whom the request is being made.
string subject_token_path = 6 [(validate.rules).string = {min_bytes: 1}];
string subject_token_path = 6 [(validate.rules).string = {min_len: 1}];
// Type of the subject token.
string subject_token_type = 7 [(validate.rules).string = {min_bytes: 1}];
string subject_token_type = 7 [(validate.rules).string = {min_len: 1}];
// The path of actor token, a security token that represents the identity
// of the acting party. The acting party is authorized to use the
@ -230,7 +230,7 @@ message GrpcService {
// The target URI when using the `Google C++ gRPC client
// <https://github.com/grpc/grpc>`_. SSL credentials will be supplied in
// :ref:`channel_credentials <envoy_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials>`.
string target_uri = 1 [(validate.rules).string = {min_bytes: 1}];
string target_uri = 1 [(validate.rules).string = {min_len: 1}];
ChannelCredentials channel_credentials = 2;
@ -247,7 +247,7 @@ message GrpcService {
//
// streams_total, Counter, Total number of streams opened
// streams_closed_<gRPC status code>, Counter, Total streams closed with <gRPC status code>
string stat_prefix = 4 [(validate.rules).string = {min_bytes: 1}];
string stat_prefix = 4 [(validate.rules).string = {min_len: 1}];
// The name of the Google gRPC credentials factory to use. This must have been registered with
// Envoy. If this is empty, a default credentials factory will be used that sets up channel
@ -286,8 +286,10 @@ message GrpcService {
// request.
google.protobuf.Duration timeout = 3;
// Additional metadata to include in streams initiated to the GrpcService.
// This can be used for scenarios in which additional ad hoc authorization
// headers (e.g. ``x-foo-bar: baz-key``) are to be injected.
// Additional metadata to include in streams initiated to the GrpcService. This can be used for
// scenarios in which additional ad hoc authorization headers (e.g. ``x-foo-bar: baz-key``) are to
// be injected. For more information, including details on header value syntax, see the
// documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated HeaderValue initial_metadata = 5;
}

26
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto vendored
View File

@ -54,7 +54,7 @@ enum HealthStatus {
DEGRADED = 5;
}
// [#next-free-field: 24]
// [#next-free-field: 25]
message HealthCheck {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HealthCheck";
@ -67,7 +67,7 @@ message HealthCheck {
option (validate.required) = true;
// Hex encoded payload. E.g., "000000FF".
string text = 1 [(validate.rules).string = {min_bytes: 1}];
string text = 1 [(validate.rules).string = {min_len: 1}];
// [#not-implemented-hide:] Binary payload.
bytes binary = 2;
@ -91,9 +91,8 @@ message HealthCheck {
// Specifies the HTTP path that will be requested during health checking. For example
// */healthcheck*.
string path = 2 [
(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}
];
string path = 2
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}];
// [#not-implemented-hide:] HTTP specific payload.
Payload send = 3;
@ -187,7 +186,7 @@ message HealthCheck {
reserved "config";
// The registered name of the custom health checker.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// A custom health checker specific configuration which depends on the custom health checker
// being instantiated. See :api:`envoy/config/health_checker` for reference.
@ -285,6 +284,21 @@ message HealthCheck {
// The default value for "no traffic interval" is 60 seconds.
google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}];
// The "no traffic healthy interval" is a special health check interval that
// is used for hosts that are currently passing active health checking
// (including new hosts) when the cluster has received no traffic.
//
// This is useful for when we want to send frequent health checks with
// `no_traffic_interval` but then revert to lower frequency `no_traffic_healthy_interval` once
// a host in the cluster is marked as healthy.
//
// Once a cluster has been used for traffic routing, Envoy will shift back to using the
// standard health check interval that is defined.
//
// If no_traffic_healthy_interval is not set, it will default to the
// no traffic interval and send that interval regardless of health state.
google.protobuf.Duration no_traffic_healthy_interval = 24 [(validate.rules).duration = {gt {}}];
// The "unhealthy interval" is a health check interval that is used for hosts that are marked as
// unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the
// standard health check interval that is defined.

4
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/http_uri.proto vendored
View File

@ -27,7 +27,7 @@ message HttpUri {
//
// uri: https://www.googleapis.com/oauth2/v1/certs
//
string uri = 1 [(validate.rules).string = {min_bytes: 1}];
string uri = 1 [(validate.rules).string = {min_len: 1}];
// Specify how `uri` is to be fetched. Today, this requires an explicit
// cluster, but in the future we may support dynamic cluster creation or
@ -45,7 +45,7 @@ message HttpUri {
//
// cluster: jwks_cluster
//
string cluster = 2 [(validate.rules).string = {min_bytes: 1}];
string cluster = 2 [(validate.rules).string = {min_len: 1}];
}
// Sets the maximum duration in milliseconds that a response can take to arrive upon request.

43
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto vendored
View File

@ -2,6 +2,8 @@ syntax = "proto3";
package envoy.config.core.v3;
import "envoy/type/v3/percent.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
@ -177,7 +179,27 @@ message Http1ProtocolOptions {
google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 7;
}
// [#next-free-field: 15]
message KeepaliveSettings {
// Send HTTP/2 PING frames at this period, in order to test that the connection is still alive.
google.protobuf.Duration interval = 1 [(validate.rules).duration = {
required: true
gte {nanos: 1000000}
}];
// How long to wait for a response to a keepalive PING. If a response is not received within this
// time period, the connection will be aborted.
google.protobuf.Duration timeout = 2 [(validate.rules).duration = {
required: true
gte {nanos: 1000000}
}];
// A random jitter amount as a percentage of interval that will be added to each interval.
// A value of zero means there will be no jitter.
// The default value is 15%.
type.v3.Percent interval_jitter = 3;
}
// [#next-free-field: 16]
message Http2ProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http2ProtocolOptions";
@ -248,7 +270,8 @@ message Http2ProtocolOptions {
// be written into the socket). Exceeding this limit triggers flood mitigation and connection is
// terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due
// to flood mitigation. The default limit is 10000.
// [#comment:TODO: implement same limits for upstream outbound frames as well.]
// NOTE: flood and abuse mitigation for upstream connections is presently enabled by the
// `envoy.reloadable_features.upstream_http2_flood_checks` flag.
google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}];
// Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM,
@ -256,7 +279,8 @@ message Http2ProtocolOptions {
// this limit triggers flood mitigation and connection is terminated. The
// ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood
// mitigation. The default limit is 1000.
// [#comment:TODO: implement same limits for upstream outbound frames as well.]
// NOTE: flood and abuse mitigation for upstream connections is presently enabled by the
// `envoy.reloadable_features.upstream_http2_flood_checks` flag.
google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}];
// Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an
@ -265,7 +289,8 @@ message Http2ProtocolOptions {
// stat tracks the number of connections terminated due to flood mitigation.
// Setting this to 0 will terminate connection upon receiving first frame with an empty payload
// and no end stream flag. The default limit is 1.
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
// NOTE: flood and abuse mitigation for upstream connections is presently enabled by the
// `envoy.reloadable_features.upstream_http2_flood_checks` flag.
google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9;
// Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number
@ -276,7 +301,8 @@ message Http2ProtocolOptions {
//
// the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks
// the number of connections terminated due to flood mitigation. The default limit is 100.
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
// NOTE: flood and abuse mitigation for upstream connections is presently enabled by the
// `envoy.reloadable_features.upstream_http2_flood_checks` flag.
google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10;
// Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number
@ -290,7 +316,8 @@ message Http2ProtocolOptions {
// the number of connections terminated due to flood mitigation. The default limit is 10.
// Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control,
// but more complex implementations that try to estimate available bandwidth require at least 2.
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
// NOTE: flood and abuse mitigation for upstream connections is presently enabled by the
// `envoy.reloadable_features.upstream_http2_flood_checks` flag.
google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11
[(validate.rules).uint32 = {gte: 1}];
@ -345,6 +372,10 @@ message Http2ProtocolOptions {
// <https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#settings>`_ for
// standardized identifiers.
repeated SettingsParameter custom_settings_parameters = 13;
// Send HTTP/2 PING frames to verify that the connection is still healthy. If the remote peer
// does not respond within the configured timeout, the connection will be aborted.
KeepaliveSettings connection_keepalive = 15;
}
// [#not-implemented-hide:]

2
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto vendored
View File

@ -36,7 +36,7 @@ message SubstitutionFormatString {
//
// upstream connect error:503:path=/foo
//
string text_format = 1 [(validate.rules).string = {min_bytes: 1}];
string text_format = 1 [(validate.rules).string = {min_len: 1}];
// Specify a format with command operators to form a JSON string.
// Its details is described in :ref:`format dictionary<config_access_log_format_dictionaries>`.

4
xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto vendored
View File

@ -46,7 +46,7 @@ message ClusterLoadAssignment {
"envoy.api.v2.ClusterLoadAssignment.Policy.DropOverload";
// Identifier for the policy specifying the drop.
string category = 1 [(validate.rules).string = {min_bytes: 1}];
string category = 1 [(validate.rules).string = {min_len: 1}];
// Percentage of traffic that should be dropped for the category.
type.v3.FractionalPercent drop_percentage = 2;
@ -105,7 +105,7 @@ message ClusterLoadAssignment {
// <envoy_api_field_config.cluster.v3.Cluster.EdsClusterConfig.service_name>` value if specified
// in the cluster :ref:`EdsClusterConfig
// <envoy_api_msg_config.cluster.v3.Cluster.EdsClusterConfig>`.
string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
string cluster_name = 1 [(validate.rules).string = {min_len: 1}];
// List of endpoints to load balance to.
repeated LocalityLbEndpoints endpoints = 2;

4
xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto vendored
View File

@ -129,14 +129,14 @@ message ClusterStats {
"envoy.api.v2.endpoint.ClusterStats.DroppedRequests";
// Identifier for the policy specifying the drop.
string category = 1 [(validate.rules).string = {min_bytes: 1}];
string category = 1 [(validate.rules).string = {min_len: 1}];
// Total number of deliberately dropped requests for the category.
uint64 dropped_count = 2;
}
// The name of the cluster.
string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
string cluster_name = 1 [(validate.rules).string = {min_len: 1}];
// The eds_cluster_config service_name of the cluster.
// It's possible that two clusters send the same service_name to EDS,

4
xds/third_party/envoy/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto vendored
View File

@ -586,6 +586,10 @@ message ScopedRoutes {
}
// The name of the header field to extract the value from.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// The element separator (e.g., ';' separates 'a;b;c;d').

10
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto vendored
View File

@ -15,7 +15,7 @@ import "google/api/annotations.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/core/v1/collection_entry.proto";
import "xds/core/v3/collection_entry.proto";
import "udpa/annotations/security.proto";
import "udpa/annotations/status.proto";
@ -33,10 +33,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// Listener list collections. Entries are *Listener* resources or references.
// [#not-implemented-hide:]
message ListenerCollection {
repeated udpa.core.v1.CollectionEntry entries = 1;
repeated xds.core.v3.CollectionEntry entries = 1;
}
// [#next-free-field: 25]
// [#next-free-field: 26]
message Listener {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener";
@ -116,6 +116,10 @@ message Listener {
// :ref:`FAQ entry <faq_how_to_setup_sni>`.
repeated FilterChain filter_chains = 3;
// The default filter chain if none of the filter chain matches. If no default filter chain is supplied,
// the connection will be closed. The filter chain match is ignored in this field.
FilterChain default_filter_chain = 25;
// Soft limit on size of the listeners new connection read and write buffers.
// If unspecified, an implementation defined default is applied (1MiB).
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5

23
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto vendored
View File

@ -32,7 +32,7 @@ message Filter {
// The name of the filter to instantiate. The name must match a
// :ref:`supported filter <config_network_filters>`.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// Filter specific configuration which depends on the filter being
// instantiated. See the supported filters for further documentation.
@ -65,6 +65,18 @@ message Filter {
// ``www.example.com``, then ``*.example.com``, then ``*.com``, then any filter
// chain without ``server_names`` requirements).
//
// A different way to reason about the filter chain matches:
// Suppose there exists N filter chains. Prune the filter chain set using the above 8 steps.
// In each step, filter chains which most specifically matches the attributes continue to the next step.
// The listener guarantees at most 1 filter chain is left after all of the steps.
//
// Example:
//
// For destination port, filter chains specifying the destination port of incoming traffic are the
// most specific match. If none of the filter chains specifies the exact destination port, the filter
// chains which do not specify ports are the most specific match. Filter chains specifying the
// wrong port can never be the most specific match.
//
// [#comment: Implemented rules are kept in the preference order, with deprecated fields
// listed at the end, because that's how we want to list them in the docs.
//
@ -168,7 +180,7 @@ message FilterChainMatch {
// A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and
// various other parameters.
// [#next-free-field: 9]
// [#next-free-field: 10]
message FilterChain {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.FilterChain";
@ -218,6 +230,11 @@ message FilterChain {
// will be set up with plaintext.
core.v3.TransportSocket transport_socket = 6;
// If present and nonzero, the amount of time to allow incoming connections to complete any
// transport socket negotiations. If this expires before the transport reports connection
// establishment, the connection is summarily closed.
google.protobuf.Duration transport_socket_connect_timeout = 9;
// [#not-implemented-hide:] The unique name (or empty) by which this filter chain is known. If no
// name is provided, Envoy will allocate an internal UUID for the filter chain. If the filter
// chain is to be dynamically updated or removed via FCDS a unique name must be provided.
@ -303,7 +320,7 @@ message ListenerFilter {
// The name of the filter to instantiate. The name must match a
// :ref:`supported filter <config_listener_filters>`.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// Filter specific configuration which depends on the filter being instantiated.
// See the supported filters for further documentation.

142
xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto vendored
View File

@ -60,7 +60,7 @@ message VirtualHost {
// The logical name of the virtual host. This is used when emitting certain
// statistics but is not relevant for routing.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// A list of domains (host/authority header) that will be matched to this
// virtual host. Wildcard hosts are supported in the suffix or prefix form.
@ -113,7 +113,7 @@ message VirtualHost {
// Specifies a list of HTTP headers that should be removed from each request
// handled by this virtual host.
repeated string request_headers_to_remove = 13 [(validate.rules).repeated = {
items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
}];
// Specifies a list of HTTP headers that should be added to each response
@ -128,7 +128,7 @@ message VirtualHost {
// Specifies a list of HTTP headers that should be removed from each response
// handled by this virtual host.
repeated string response_headers_to_remove = 11 [(validate.rules).repeated = {
items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
}];
// Indicates that the virtual host has a CORS policy.
@ -263,7 +263,7 @@ message Route {
// Specifies a list of HTTP headers that should be removed from each request
// matching this route.
repeated string request_headers_to_remove = 12 [(validate.rules).repeated = {
items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
}];
// Specifies a set of headers that will be added to responses to requests
@ -278,7 +278,7 @@ message Route {
// Specifies a list of HTTP headers that should be removed from each response
// to requests matching this route.
repeated string response_headers_to_remove = 11 [(validate.rules).repeated = {
items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
}];
// Presence of the object defines whether the connection manager's tracing configuration
@ -311,7 +311,7 @@ message WeightedCluster {
// Name of the upstream cluster. The cluster must exist in the
// :ref:`cluster manager configuration <config_cluster_manager>`.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// An integer between 0 and :ref:`total_weight
// <envoy_api_field_config.route.v3.WeightedCluster.total_weight>`. When a request matches the route,
@ -591,7 +591,7 @@ message RouteAction {
// Specifies the cluster that requests will be mirrored to. The cluster must
// exist in the cluster manager configuration.
string cluster = 1 [(validate.rules).string = {min_bytes: 1}];
string cluster = 1 [(validate.rules).string = {min_len: 1}];
// If not specified, all requests to the target cluster will be mirrored.
//
@ -620,9 +620,8 @@ message RouteAction {
// The name of the request header that will be used to obtain the hash
// key. If the request header is not present, no hash will be produced.
string header_name = 1 [
(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}
];
string header_name = 1
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// If specified, the request header value will be rewritten and used
// to produce the hash key.
@ -650,7 +649,7 @@ message RouteAction {
// The name of the cookie that will be used to obtain the hash key. If the
// cookie is not present and ttl below is not set, no hash will be
// produced.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// If specified, a cookie with the TTL will be generated if the cookie is
// not present. If the TTL is present and zero, the generated cookie will
@ -677,7 +676,7 @@ message RouteAction {
// The name of the URL query parameter that will be used to obtain the hash
// key. If the parameter is not present, no hash will be produced. Query
// parameter names are case-sensitive.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
}
message FilterState {
@ -687,7 +686,7 @@ message RouteAction {
// The name of the Object in the per-request filterState, which is an
// Envoy::Http::Hashable object. If there is no data associated with the key,
// or the stored object is not Envoy::Http::Hashable, no hash will be produced.
string key = 1 [(validate.rules).string = {min_bytes: 1}];
string key = 1 [(validate.rules).string = {min_len: 1}];
}
oneof policy_specifier {
@ -752,7 +751,7 @@ message RouteAction {
// For each upgrade type present in upgrade_configs, requests with
// Upgrade: [upgrade_type] will be proxied upstream.
string upgrade_type = 1
[(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}];
// Determines if upgrades are available on this route. Defaults to true.
google.protobuf.BoolValue enabled = 2;
@ -764,14 +763,15 @@ message RouteAction {
ConnectConfig connect_config = 3;
}
// [#not-implemented-hide:]
message MaxStreamDuration {
// Specifies the maximum duration allowed for streams on the route. If not specified, the value
// from the :ref:`max_stream_duration
// <envoy_api_field_config.core.v3.HttpProtocolOptions.max_stream_duration>` field in
// :ref:`HttpConnectionManager.common_http_protocol_options
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options>`
// is used.
// is used. If this field is set explicitly to zero, any
// HttpConnectionManager max_stream_duration timeout will be disabled for
// this route.
google.protobuf.Duration max_stream_duration = 1;
// If present, and the request contains a `grpc-timeout header
@ -798,7 +798,7 @@ message RouteAction {
// Indicates the upstream cluster to which the request should be routed
// to.
string cluster = 1 [(validate.rules).string = {min_bytes: 1}];
string cluster = 1 [(validate.rules).string = {min_len: 1}];
// Envoy will determine the cluster to route to by reading the value of the
// HTTP header named by cluster_header from the request headers. If the
@ -809,8 +809,12 @@ message RouteAction {
//
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1
// *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
string cluster_header = 2
[(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// Multiple upstream clusters can be specified for a given route. The
// request is routed to one of the upstream clusters based on weights
@ -917,6 +921,10 @@ message RouteAction {
//
// Pay attention to the potential security implications of using this option. Provided header
// must come from trusted source.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
string host_rewrite_header = 29
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}];
@ -969,6 +977,10 @@ message RouteAction {
// fires, the stream is terminated with a 408 Request Timeout error code if no
// upstream response header has been received, otherwise a stream reset
// occurs.
//
// If the :ref:`overload action <config_overload_manager_overload_actions>` "envoy.overload_actions.reduce_timeouts"
// is configured, this timeout is scaled according to the value for
// :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE <envoy_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_CONNECTION_IDLE>`.
google.protobuf.Duration idle_timeout = 24;
// Indicates that the route has a retry policy. Note that if this is set,
@ -1018,6 +1030,7 @@ message RouteAction {
// Indicates that the route has a CORS policy.
CorsPolicy cors = 17;
// Deprecated by :ref:`grpc_timeout_header_max <envoy_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_max>`
// If present, and the request is a gRPC request, use the
// `grpc-timeout header <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_,
// or its default value (infinity) instead of
@ -1037,8 +1050,9 @@ message RouteAction {
// :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`,
// :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the
// :ref:`retry overview <arch_overview_http_routing_retry>`.
google.protobuf.Duration max_grpc_timeout = 23;
google.protobuf.Duration max_grpc_timeout = 23 [deprecated = true];
// Deprecated by :ref:`grpc_timeout_header_offset <envoy_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_offset>`.
// If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting
// the provided duration from the header. This is useful in allowing Envoy to set its global
// timeout to be less than that of the deadline imposed by the calling client, which makes it more
@ -1046,7 +1060,7 @@ message RouteAction {
// The offset will only be applied if the provided grpc_timeout is greater than the offset. This
// ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning
// infinity).
google.protobuf.Duration grpc_timeout_offset = 28;
google.protobuf.Duration grpc_timeout_offset = 28 [deprecated = true];
repeated UpgradeConfig upgrade_configs = 25;
@ -1080,7 +1094,6 @@ message RouteAction {
HedgePolicy hedge_policy = 27;
// Specifies the maximum stream duration for this route.
// [#not-implemented-hide:]
MaxStreamDuration max_stream_duration = 36;
}
@ -1102,7 +1115,7 @@ message RetryPolicy {
reserved "config";
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
oneof config_type {
google.protobuf.Any typed_config = 3;
@ -1117,7 +1130,7 @@ message RetryPolicy {
reserved "config";
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
oneof config_type {
google.protobuf.Any typed_config = 3;
@ -1145,9 +1158,15 @@ message RetryPolicy {
}
message ResetHeader {
// The name of the reset header.
//
// .. note::
//
// If the header appears multiple times only the first value is used.
string name = 1
[(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// The format of the reset header.
ResetHeaderFormat format = 2 [(validate.rules).enum = {defined_only: true}];
}
@ -1413,7 +1432,7 @@ message Decorator {
// For ingress (inbound) requests, or egress (outbound) responses, this value may be overridden
// by the :ref:`x-envoy-decorator-operation
// <config_http_filters_router_x-envoy-decorator-operation>` header.
string operation = 1 [(validate.rules).string = {min_bytes: 1}];
string operation = 1 [(validate.rules).string = {min_len: 1}];
// Whether the decorated details should be propagated to the other party. The default is true.
google.protobuf.BoolValue propagate = 2;
@ -1488,14 +1507,14 @@ message VirtualCluster {
// Specifies the name of the virtual cluster. The virtual cluster name as well
// as the virtual host name are used when emitting statistics. The statistics are emitted by the
// router filter and are documented :ref:`here <config_http_filters_router_stats>`.
string name = 2 [(validate.rules).string = {min_bytes: 1}];
string name = 2 [(validate.rules).string = {min_len: 1}];
}
// Global rate limiting :ref:`architecture overview <arch_overview_global_rate_limit>`.
message RateLimit {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit";
// [#next-free-field: 8]
// [#next-free-field: 9]
message Action {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.route.RateLimit.Action";
@ -1546,12 +1565,11 @@ message RateLimit {
// The header name to be queried from the request headers. The headers
// value is used to populate the value of the descriptor entry for the
// descriptor_key.
string header_name = 1 [
(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}
];
string header_name = 1
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// The key to use in the descriptor entry.
string descriptor_key = 2 [(validate.rules).string = {min_bytes: 1}];
string descriptor_key = 2 [(validate.rules).string = {min_len: 1}];
// If set to true, Envoy skips the descriptor while calling rate limiting service
// when header is not present in the request. By default it skips calling the
@ -1580,7 +1598,7 @@ message RateLimit {
"envoy.api.v2.route.RateLimit.Action.GenericKey";
// The value to use in the descriptor entry.
string descriptor_value = 1 [(validate.rules).string = {min_bytes: 1}];
string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
// An optional key to use in the descriptor entry. If not set it defaults
// to 'generic_key' as the descriptor key.
@ -1597,7 +1615,7 @@ message RateLimit {
"envoy.api.v2.route.RateLimit.Action.HeaderValueMatch";
// The value to use in the descriptor entry.
string descriptor_value = 1 [(validate.rules).string = {min_bytes: 1}];
string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
// If set to true, the action will append a descriptor entry when the
// request matches the headers. If set to false, the action will append a
@ -1613,14 +1631,18 @@ message RateLimit {
repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}];
}
// The following descriptor entry is appended when the dynamic metadata contains a key value:
// The following descriptor entry is appended when the
// :ref:`dynamic metadata <well_known_dynamic_metadata>` contains a key value:
//
// .. code-block:: cpp
//
// ("<descriptor_key>", "<value_queried_from_metadata>")
// ("<descriptor_key>", "<value_queried_from_dynamic_metadata>")
//
// .. attention::
// This action has been deprecated in favor of the :ref:`metadata <envoy_api_msg_config.route.v3.RateLimit.Action.MetaData>` action
message DynamicMetaData {
// The key to use in the descriptor entry.
string descriptor_key = 1 [(validate.rules).string = {min_bytes: 1}];
string descriptor_key = 1 [(validate.rules).string = {min_len: 1}];
// Metadata struct that defines the key and path to retrieve the string value. A match will
// only happen if the value in the dynamic metadata is of type string.
@ -1631,6 +1653,35 @@ message RateLimit {
string default_value = 3;
}
// The following descriptor entry is appended when the metadata contains a key value:
//
// .. code-block:: cpp
//
// ("<descriptor_key>", "<value_queried_from_metadata>")
message MetaData {
enum Source {
// Query :ref:`dynamic metadata <well_known_dynamic_metadata>`
DYNAMIC = 0;
// Query :ref:`route entry metadata <envoy_api_field_config.route.v3.Route.metadata>`
ROUTE_ENTRY = 1;
}
// The key to use in the descriptor entry.
string descriptor_key = 1 [(validate.rules).string = {min_len: 1}];
// Metadata struct that defines the key and path to retrieve the string value. A match will
// only happen if the value in the metadata is of type string.
type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}];
// An optional value to use if *metadata_key* is empty. If not set and
// no value is present under the metadata_key then no descriptor is generated.
string default_value = 3;
// Source of metadata
Source source = 4 [(validate.rules).enum = {defined_only: true}];
}
oneof action_specifier {
option (validate.required) = true;
@ -1653,7 +1704,14 @@ message RateLimit {
HeaderValueMatch header_value_match = 6;
// Rate limit on dynamic metadata.
DynamicMetaData dynamic_metadata = 7;
//
// .. attention::
// This field has been deprecated in favor of the :ref:`metadata <envoy_api_field_config.route.v3.RateLimit.Action.metadata>` field
DynamicMetaData dynamic_metadata = 7
[deprecated = true, (envoy.annotations.disallowed_by_default) = true];
// Rate limit on metadata.
MetaData metadata = 8;
}
}
@ -1736,7 +1794,7 @@ message HeaderMatcher {
// Specifies the name of the header in the request.
string name = 1
[(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// Specifies how the header match will be performed to route the request.
oneof header_match_specifier {
@ -1771,7 +1829,7 @@ message HeaderMatcher {
// Examples:
//
// * The prefix *abcd* matches the value *abcdxyz*, but not for *abcxyz*.
string prefix_match = 9 [(validate.rules).string = {min_bytes: 1}];
string prefix_match = 9 [(validate.rules).string = {min_len: 1}];
// If specified, header match will be performed based on the suffix of the header value.
// Note: empty suffix is not allowed, please use present_match instead.
@ -1779,7 +1837,7 @@ message HeaderMatcher {
// Examples:
//
// * The suffix *abcd* matches the value *xyzabcd*, but not for *xyzbcd*.
string suffix_match = 10 [(validate.rules).string = {min_bytes: 1}];
string suffix_match = 10 [(validate.rules).string = {min_len: 1}];
// If specified, header match will be performed based on whether the header value contains
// the given value or not.
@ -1788,7 +1846,7 @@ message HeaderMatcher {
// Examples:
//
// * The value *abcd* matches the value *xyzabcdpqr*, but not for *xyzbcdpqr*.
string contains_match = 12 [(validate.rules).string = {min_bytes: 1}];
string contains_match = 12 [(validate.rules).string = {min_len: 1}];
}
// If specified, the match result will be inverted before checking. Defaults to false.
@ -1813,7 +1871,7 @@ message QueryParameterMatcher {
// Specifies the name of a key that must be present in the requested
// *path*'s query string.
string name = 1 [(validate.rules).string = {min_bytes: 1 max_bytes: 1024}];
string name = 1 [(validate.rules).string = {min_len: 1 max_bytes: 1024}];
oneof query_parameter_match_specifier {
// Specifies whether a query parameter value should match against a string.

4
xds/third_party/envoy/src/main/proto/envoy/config/route/v3/scoped_route.proto vendored
View File

@ -108,12 +108,12 @@ message ScopedRouteConfiguration {
bool on_demand = 4;
// The name assigned to the routing scope.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// The resource name to use for a :ref:`envoy_api_msg_service.discovery.v3.DiscoveryRequest` to an
// RDS server to fetch the :ref:`envoy_api_msg_config.route.v3.RouteConfiguration` associated
// with this scope.
string route_configuration_name = 2 [(validate.rules).string = {min_bytes: 1}];
string route_configuration_name = 2 [(validate.rules).string = {min_len: 1}];
// The key to match against.
Key key = 3 [(validate.rules).message = {required: true}];

4
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/datadog.proto vendored
View File

@ -22,8 +22,8 @@ message DatadogConfig {
"envoy.config.trace.v2.DatadogConfig";
// The cluster to use for submitting traces to the Datadog agent.
string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}];
string collector_cluster = 1 [(validate.rules).string = {min_len: 1}];
// The name used for the service when traces are generated by envoy.
string service_name = 2 [(validate.rules).string = {min_bytes: 1}];
string service_name = 2 [(validate.rules).string = {min_len: 1}];
}

2
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/dynamic_ot.proto vendored
View File

@ -28,7 +28,7 @@ message DynamicOtConfig {
// Dynamic library implementing the `OpenTracing API
// <https://github.com/opentracing/opentracing-cpp>`_.
string library = 1 [(validate.rules).string = {min_bytes: 1}];
string library = 1 [(validate.rules).string = {min_len: 1}];
// The configuration to use when creating a tracer from the given dynamic
// library.

2
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto vendored
View File

@ -52,7 +52,7 @@ message Tracing {
// - *envoy.tracers.datadog*
// - *envoy.tracers.opencensus*
// - *envoy.tracers.xray*
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// Trace driver specific configuration which depends on the driver being instantiated.
// See the trace drivers for examples:

4
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/lightstep.proto vendored
View File

@ -38,11 +38,11 @@ message LightstepConfig {
}
// The cluster manager cluster that hosts the LightStep collectors.
string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}];
string collector_cluster = 1 [(validate.rules).string = {min_len: 1}];
// File containing the access token to the `LightStep
// <https://lightstep.com/>`_ API.
string access_token_file = 2 [(validate.rules).string = {min_bytes: 1}];
string access_token_file = 2 [(validate.rules).string = {min_len: 1}];
// Propagation modes to use by LightStep's tracer.
repeated PropagationMode propagation_modes = 3

8
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto vendored
View File

@ -46,15 +46,13 @@ message ZipkinConfig {
GRPC = 3;
}
// The cluster manager cluster that hosts the Zipkin collectors. Note that the
// Zipkin cluster must be defined in the :ref:`Bootstrap static cluster
// resources <envoy_api_field_config.bootstrap.v3.Bootstrap.StaticResources.clusters>`.
string collector_cluster = 1 [(validate.rules).string = {min_bytes: 1}];
// The cluster manager cluster that hosts the Zipkin collectors.
string collector_cluster = 1 [(validate.rules).string = {min_len: 1}];
// The API endpoint of the Zipkin service where the spans will be sent. When
// using a standard Zipkin installation, the API endpoint is typically
// /api/v1/spans, which is the default value.
string collector_endpoint = 2 [(validate.rules).string = {min_bytes: 1}];
string collector_endpoint = 2 [(validate.rules).string = {min_len: 1}];
// Determines whether a 128bit trace id will be used when creating a new
// trace instance. The default value is false, which will result in a 64 bit trace id being used.

30
xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto vendored
View File

@ -19,7 +19,7 @@ import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
import "udpa/core/v1/resource_locator.proto";
import "xds/core/v3/resource_locator.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/migrate.proto";
@ -37,7 +37,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
// [#extension: envoy.filters.network.http_connection_manager]
// [#next-free-field: 41]
// [#next-free-field: 42]
message HttpConnectionManager {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@ -252,7 +252,7 @@ message HttpConnectionManager {
// The human readable prefix to use when emitting statistics for the
// connection manager. See the :ref:`statistics documentation <config_http_conn_man_stats>` for
// more information.
string stat_prefix = 2 [(validate.rules).string = {min_bytes: 1}];
string stat_prefix = 2 [(validate.rules).string = {min_len: 1}];
oneof route_specifier {
option (validate.required) = true;
@ -360,6 +360,14 @@ message HttpConnectionManager {
google.protobuf.Duration request_timeout = 28
[(udpa.annotations.security).configure_for_untrusted_downstream = true];
// The amount of time that Envoy will wait for the request headers to be received. The timer is
// activated when the first byte of the headers is received, and is disarmed when the last byte of
// the headers has been received. If not specified or set to 0, this timeout is disabled.
google.protobuf.Duration request_headers_timeout = 41 [
(validate.rules).duration = {gte {}},
(udpa.annotations.security).configure_for_untrusted_downstream = true
];
// The time that Envoy will wait between sending an HTTP/2 shutdown
// notification (GOAWAY frame with max stream ID) and a final GOAWAY frame.
// This is used so that Envoy provides a grace period for new streams that
@ -648,7 +656,7 @@ message Rds {
// Resource locator for RDS. This is mutually exclusive to *route_config_name*.
// [#not-implemented-hide:]
udpa.core.v1.ResourceLocator rds_resource_locator = 3
xds.core.v3.ResourceLocator rds_resource_locator = 3
[(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
}
@ -718,14 +726,18 @@ message ScopedRoutes {
// If an element contains no separator, the whole element is parsed as key and the
// fragment value is an empty string.
// If there are multiple values for a matched key, the first value is returned.
string separator = 1 [(validate.rules).string = {min_bytes: 1}];
string separator = 1 [(validate.rules).string = {min_len: 1}];
// The key to match on.
string key = 2 [(validate.rules).string = {min_bytes: 1}];
string key = 2 [(validate.rules).string = {min_len: 1}];
}
// The name of the header field to extract the value from.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
//
// .. note::
//
// If the header appears multiple times only the first value is used.
string name = 1 [(validate.rules).string = {min_len: 1}];
// The element separator (e.g., ';' separates 'a;b;c;d').
// Default: empty string. This causes the entirety of the header field to be extracted.
@ -759,7 +771,7 @@ message ScopedRoutes {
}
// The name assigned to the scoped routing configuration.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// The algorithm to use for constructing a scope key for each request.
ScopeKeyBuilder scope_key_builder = 2 [(validate.rules).message = {required: true}];
@ -809,7 +821,7 @@ message HttpFilter {
// The name of the filter configuration. The name is used as a fallback to
// select an extension if the type of the configuration proto is not
// sufficient. It also serves as a resource name in ExtensionConfigDS.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
oneof config_type {
// Filter specific configuration which depends on the filter being instantiated. See the supported

49
xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto vendored
View File

@ -120,7 +120,7 @@ message PrivateKeyProvider {
// Private key method provider name. The name must match a
// supported private key method provider type.
string provider_name = 1 [(validate.rules).string = {min_bytes: 1}];
string provider_name = 1 [(validate.rules).string = {min_len: 1}];
// Private key method provider specific configuration.
oneof config_type {
@ -128,16 +128,37 @@ message PrivateKeyProvider {
}
}
// [#next-free-field: 7]
// [#next-free-field: 8]
message TlsCertificate {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsCertificate";
// The TLS certificate chain.
//
// If *certificate_chain* is a filesystem path, a watch will be added to the
// parent directory for any file moves to support rotation. This currently
// only applies to dynamic secrets, when the *TlsCertificate* is delivered via
// SDS.
config.core.v3.DataSource certificate_chain = 1;
// The TLS private key.
//
// If *private_key* is a filesystem path, a watch will be added to the parent
// directory for any file moves to support rotation. This currently only
// applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
config.core.v3.DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
// If specified, updates of file-based *certificate_chain* and *private_key*
// sources will be triggered by this watch. The certificate/key pair will be
// read together and validated for atomic read consistency (i.e. no
// intervening modification occurred between cert/key read, verified by file
// hash comparisons). This allows explicit control over the path watched, by
// default the parent directories of the filesystem paths in
// *certificate_chain* and *private_key* are watched if this field is not
// specified. This only applies when a *TlsCertificate* is delivered by SDS
// with references to filesystem paths. See the :ref:`SDS key rotation
// <sds_key_rotation>` documentation for further details.
config.core.v3.WatchedDirectory watched_directory = 7;
// BoringSSL private key method provider. This is an alternative to :ref:`private_key
// <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
// marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
@ -191,7 +212,7 @@ message TlsSessionTicketKeys {
[(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true];
}
// [#next-free-field: 11]
// [#next-free-field: 12]
message CertificateValidationContext {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.CertificateValidationContext";
@ -233,8 +254,22 @@ message CertificateValidationContext {
//
// See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common
// system CA locations.
//
// If *trusted_ca* is a filesystem path, a watch will be added to the parent
// directory for any file moves to support rotation. This currently only
// applies to dynamic secrets, when the *CertificateValidationContext* is
// delivered via SDS.
config.core.v3.DataSource trusted_ca = 1;
// If specified, updates of a file-based *trusted_ca* source will be triggered
// by this watch. This allows explicit control over the path watched, by
// default the parent directory of the filesystem path in *trusted_ca* is
// watched if this field is not specified. This only applies when a
// *CertificateValidationContext* is delivered by SDS with references to
// filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>`
// documentation for further details.
config.core.v3.WatchedDirectory watched_directory = 11;
// An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the
// SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate
// matches one of the specified values.
@ -266,7 +301,7 @@ message CertificateValidationContext {
// because SPKI is tied to a private key, so it doesn't change when the certificate
// is renewed using the same private key.
repeated string verify_certificate_spki = 3
[(validate.rules).repeated = {items {string {min_bytes: 44 max_bytes: 44}}}];
[(validate.rules).repeated = {items {string {min_len: 44 max_bytes: 44}}}];
// An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that
// the SHA-256 of the DER-encoded presented certificate matches one of the specified values.
@ -295,10 +330,10 @@ message CertificateValidationContext {
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified,
// a hash matching value from either of the lists will result in the certificate being accepted.
repeated string verify_certificate_hash = 2
[(validate.rules).repeated = {items {string {min_bytes: 64 max_bytes: 95}}}];
[(validate.rules).repeated = {items {string {min_len: 64 max_bytes: 95}}}];
// An optional list of Subject Alternative name matchers. Envoy will verify that the
// Subject Alternative Name of the presented certificate matches one of the specified matches.
// An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the
// Subject Alternative Name of the presented certificate matches one of the specified matchers.
//
// When a certificate has wildcard DNS SAN entries, to match a specific client, it should be
// configured with exact match type in the :ref:`string matcher <envoy_api_msg_type.matcher.v3.StringMatcher>`.

10
xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto vendored
View File

@ -6,12 +6,13 @@ import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/config_source.proto";
import "envoy/extensions/transport_sockets/tls/v3/common.proto";
import "udpa/core/v1/resource_locator.proto";
import "xds/core/v3/resource_locator.proto";
import "udpa/annotations/migrate.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3";
option java_outer_classname = "SecretProto";
@ -33,11 +34,14 @@ message SdsSecretConfig {
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
// When both name and config are specified, then secret can be fetched and/or reloaded via
// SDS. When only name is specified, then secret will be loaded from static resources.
string name = 1 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
string name = 1 [
(validate.rules).string = {min_len: 1},
(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"
];
// Resource locator for SDS. This is mutually exclusive to *name*.
// [#not-implemented-hide:]
udpa.core.v1.ResourceLocator sds_resource_locator = 3
xds.core.v3.ResourceLocator sds_resource_locator = 3
[(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
config.core.v3.ConfigSource sds_config = 2;

2
xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto vendored
View File

@ -135,7 +135,7 @@ message CommonTlsContext {
message CertificateProvider {
// opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify
// a root-certificate (validation context) or "TLS" to specify a new tls-certificate.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// Provider specific config.
// Note: an implementation is expected to dedup multiple instances of the same config

57
xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto vendored
View File

@ -5,10 +5,11 @@ package envoy.service.discovery.v3;
import "envoy/config/core/v3/base.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/rpc/status.proto";
import "udpa/core/v1/resource_locator.proto";
import "udpa/core/v1/resource_name.proto";
import "xds/core/v3/resource_locator.proto";
import "xds/core/v3/resource_name.proto";
import "udpa/annotations/migrate.proto";
import "udpa/annotations/status.proto";
@ -153,8 +154,8 @@ message DeltaDiscoveryRequest {
// Type of the resource that is being requested, e.g.
// "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment". This does not need to be set if
// resources are only referenced via *udpa_resource_subscribe* and
// *udpa_resources_unsubscribe*.
// resources are only referenced via *xds_resource_subscribe* and
// *xds_resources_unsubscribe*.
string type_url = 2;
// DeltaDiscoveryRequests allow the client to add or remove individual
@ -181,20 +182,20 @@ message DeltaDiscoveryRequest {
repeated string resource_names_subscribe = 3;
// As with *resource_names_subscribe* but used when subscribing to resources indicated
// by a *udpa.core.v1.ResourceLocator*. The directives in the resource locator
// by a *xds.core.v3.ResourceLocator*. The directives in the resource locator
// are ignored and the context parameters are matched with
// *context_param_specifier* specific semantics.
// [#not-implemented-hide:]
repeated udpa.core.v1.ResourceLocator udpa_resources_subscribe = 8;
repeated xds.core.v3.ResourceLocator xds_resources_subscribe = 8;
// A list of Resource names to remove from the list of tracked resources.
repeated string resource_names_unsubscribe = 4;
// As with *resource_names_unsubscribe* but used when unsubscribing to resources indicated by a
// *udpa.core.v1.ResourceLocator*. This must match a previously subscribed
// resource locator provided in *udpa_resources_subscribe*.
// *xds.core.v3.ResourceLocator*. This must match a previously subscribed
// resource locator provided in *xds_resources_subscribe*.
// [#not-implemented-hide:]
repeated udpa.core.v1.ResourceLocator udpa_resources_unsubscribe = 9;
repeated xds.core.v3.ResourceLocator xds_resources_unsubscribe = 9;
// Informs the server of the versions of the resources the xDS client knows of, to enable the
// client to continue the same logical xDS session even in the face of gRPC stream reconnection.
@ -243,24 +244,33 @@ message DeltaDiscoveryResponse {
repeated string removed_resources = 6;
// As with *removed_resources* but used when a removed resource was named in
// its *Resource*s with a *udpa.core.v1.ResourceName*.
// its *Resource*s with a *xds.core.v3.ResourceName*.
// [#not-implemented-hide:]
repeated udpa.core.v1.ResourceName udpa_removed_resources = 7;
repeated xds.core.v3.ResourceName udpa_removed_resources = 7;
// The nonce provides a way for DeltaDiscoveryRequests to uniquely
// reference a DeltaDiscoveryResponse when (N)ACKing. The nonce is required.
string nonce = 5;
}
// [#next-free-field: 6]
// [#next-free-field: 8]
message Resource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Resource";
// Cache control properties for the resource.
// [#not-implemented-hide:]
message CacheControl {
// If true, xDS proxies may not cache this resource.
// Note that this does not apply to clients other than xDS proxies, which must cache resources
// for their own use, regardless of the value of this field.
bool do_not_cache = 1;
}
// The resource's name, to distinguish it from others of the same type of resource.
string name = 3 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
// Used instead of *name* when a resource with a *udpa.core.v1.ResourceName* is delivered.
udpa.core.v1.ResourceName udpa_resource_name = 5
// Used instead of *name* when a resource with a *xds.core.v3.ResourceName* is delivered.
xds.core.v3.ResourceName xds_resource_name = 5
[(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"];
// The aliases are a list of other names that this resource can go by.
@ -272,4 +282,23 @@ message Resource {
// The resource being tracked.
google.protobuf.Any resource = 2;
// Time-to-live value for the resource. For each resource, a timer is started. The timer is
// reset each time the resource is received with a new TTL. If the resource is received with
// no TTL set, the timer is removed for the resource. Upon expiration of the timer, the
// configuration for the resource will be removed.
//
// The TTL can be refreshed or changed by sending a response that doesn't change the resource
// version. In this case the resource field does not need to be populated, which allows for
// light-weight "heartbeat" updates to keep a resource with a TTL alive.
//
// The TTL feature is meant to support configurations that should be removed in the event of
// a management server failure. For example, the feature may be used for fault injection
// testing where the fault injection should be terminated in the event that Envoy loses contact
// with the management server.
google.protobuf.Duration ttl = 6;
// Cache control properties for the resource.
// [#not-implemented-hide:]
CacheControl cache_control = 7;
}

4
xds/third_party/envoy/src/main/proto/envoy/type/matcher/metadata.proto vendored
View File

@ -83,12 +83,12 @@ message MetadataMatcher {
option (validate.required) = true;
// If specified, use the key to retrieve the value in a Struct.
string key = 1 [(validate.rules).string = {min_bytes: 1}];
string key = 1 [(validate.rules).string = {min_len: 1}];
}
}
// The filter name to retrieve the Struct from the Metadata.
string filter = 1 [(validate.rules).string = {min_bytes: 1}];
string filter = 1 [(validate.rules).string = {min_len: 1}];
// The path to retrieve the Value from the Struct.
repeated PathSegment path = 2 [(validate.rules).repeated = {min_items: 1}];

2
xds/third_party/envoy/src/main/proto/envoy/type/matcher/regex.proto vendored
View File

@ -48,7 +48,7 @@ message RegexMatcher {
}
// The regex match string. The string must be supported by the configured engine.
string regex = 2 [(validate.rules).string = {min_bytes: 1}];
string regex = 2 [(validate.rules).string = {min_len: 1}];
}
// Describes how to match a string and then produce a new string using a regular

4
xds/third_party/envoy/src/main/proto/envoy/type/matcher/string.proto vendored
View File

@ -34,7 +34,7 @@ message StringMatcher {
// Examples:
//
// * *abc* matches the value *abc.xyz*
string prefix = 2 [(validate.rules).string = {min_bytes: 1}];
string prefix = 2 [(validate.rules).string = {min_len: 1}];
// The input string must have the suffix specified here.
// Note: empty prefix is not allowed, please use regex instead.
@ -42,7 +42,7 @@ message StringMatcher {
// Examples:
//
// * *abc* matches the value *xyz.abc*
string suffix = 3 [(validate.rules).string = {min_bytes: 1}];
string suffix = 3 [(validate.rules).string = {min_len: 1}];
// The input string must match the regular expression specified here.
// The regex grammar is defined `here

4
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto vendored
View File

@ -89,12 +89,12 @@ message MetadataMatcher {
option (validate.required) = true;
// If specified, use the key to retrieve the value in a Struct.
string key = 1 [(validate.rules).string = {min_bytes: 1}];
string key = 1 [(validate.rules).string = {min_len: 1}];
}
}
// The filter name to retrieve the Struct from the Metadata.
string filter = 1 [(validate.rules).string = {min_bytes: 1}];
string filter = 1 [(validate.rules).string = {min_len: 1}];
// The path to retrieve the Value from the Struct.
repeated PathSegment path = 2 [(validate.rules).repeated = {min_items: 1}];

2
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/regex.proto vendored
View File

@ -54,7 +54,7 @@ message RegexMatcher {
}
// The regex match string. The string must be supported by the configured engine.
string regex = 2 [(validate.rules).string = {min_bytes: 1}];
string regex = 2 [(validate.rules).string = {min_len: 1}];
}
// Describes how to match a string and then produce a new string using a regular

6
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto vendored
View File

@ -41,7 +41,7 @@ message StringMatcher {
// Examples:
//
// * *abc* matches the value *abc.xyz*
string prefix = 2 [(validate.rules).string = {min_bytes: 1}];
string prefix = 2 [(validate.rules).string = {min_len: 1}];
// The input string must have the suffix specified here.
// Note: empty prefix is not allowed, please use regex instead.
@ -49,7 +49,7 @@ message StringMatcher {
// Examples:
//
// * *abc* matches the value *xyz.abc*
string suffix = 3 [(validate.rules).string = {min_bytes: 1}];
string suffix = 3 [(validate.rules).string = {min_len: 1}];
// The input string must match the regular expression specified here.
RegexMatcher safe_regex = 5 [(validate.rules).message = {required: true}];
@ -60,7 +60,7 @@ message StringMatcher {
// Examples:
//
// * *abc* matches the value *xyz.abc.def*
string contains = 7 [(validate.rules).string = {min_bytes: 1}];
string contains = 7 [(validate.rules).string = {min_len: 1}];
}
// If true, indicates the exact/prefix/suffix matching should be case insensitive. This has no

4
xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto vendored
View File

@ -49,13 +49,13 @@ message MetadataKey {
option (validate.required) = true;
// If specified, use the key to retrieve the value in a Struct.
string key = 1 [(validate.rules).string = {min_bytes: 1}];
string key = 1 [(validate.rules).string = {min_len: 1}];
}
}
// The key name of Metadata to retrieve the Struct from the metadata.
// Typically, it represents a builtin subsystem or custom extension.
string key = 1 [(validate.rules).string = {min_bytes: 1}];
string key = 1 [(validate.rules).string = {min_len: 1}];
// The path to retrieve the Value from the Struct. It can be a prefix or a full path,
// e.g. ``[prop, xyz]`` for a struct or ``[prop, foo]`` for a string in the example,

8
xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto vendored
View File

@ -26,7 +26,7 @@ message CustomTag {
"envoy.type.tracing.v2.CustomTag.Literal";
// Static literal value to populate the tag value.
string value = 1 [(validate.rules).string = {min_bytes: 1}];
string value = 1 [(validate.rules).string = {min_len: 1}];
}
// Environment type custom tag with environment name and default value.
@ -35,7 +35,7 @@ message CustomTag {
"envoy.type.tracing.v2.CustomTag.Environment";
// Environment variable name to obtain the value to populate the tag value.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
string name = 1 [(validate.rules).string = {min_len: 1}];
// When the environment variable is not found,
// the tag value will be populated with this default value if specified,
@ -50,7 +50,7 @@ message CustomTag {
// Header name to obtain the value to populate the tag value.
string name = 1
[(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// When the header does not exist,
// the tag value will be populated with this default value if specified,
@ -80,7 +80,7 @@ message CustomTag {
}
// Used to populate the tag name.
string tag = 1 [(validate.rules).string = {min_bytes: 1}];
string tag = 1 [(validate.rules).string = {min_len: 1}];
// Used to specify what kind of custom tag.
oneof type {

12
xds/third_party/udpa/import.sh vendored
View File

@ -18,7 +18,7 @@
set -e
BRANCH=master
# import VERSION from one of the google internal CLs
VERSION=efcf912fb35470672231c7b7bef620f3d17f655a
VERSION=5459f2c994033b0afed7e4a70ac7e90c90c1ffee
GIT_REPO="https://github.com/cncf/udpa.git"
GIT_BASE_DIR=udpa
SOURCE_PROTO_BASE_DIR=udpa
@ -29,13 +29,13 @@ udpa/annotations/security.proto
udpa/annotations/sensitive.proto
udpa/annotations/status.proto
udpa/annotations/versioning.proto
udpa/core/v1/authority.proto
udpa/core/v1/collection_entry.proto
udpa/core/v1/context_params.proto
udpa/core/v1/resource_locator.proto
udpa/core/v1/resource_name.proto
udpa/data/orca/v1/orca_load_report.proto
udpa/service/orca/v1/orca.proto
xds/core/v3/authority.proto
xds/core/v3/collection_entry.proto
xds/core/v3/context_params.proto
xds/core/v3/resource_locator.proto
xds/core/v3/resource_name.proto
)
pushd `git rev-parse --show-toplevel`/xds/third_party/udpa

16
xds/third_party/udpa/src/main/proto/udpa/core/v1/context_params.proto vendored
View File

@ -1,16 +0,0 @@
syntax = "proto3";
package udpa.core.v1;
import "udpa/annotations/status.proto";
option java_outer_classname = "ContextParamsProto";
option java_multiple_files = true;
option java_package = "com.github.udpa.udpa.core.v1";
option (udpa.annotations.file_status).work_in_progress = true;
// Additional parameters that can be used to select resource variants.
message ContextParams {
map<string, string> params = 1;
}

6
xds/third_party/udpa/src/main/proto/udpa/core/v1/authority.proto → xds/third_party/udpa/src/main/proto/xds/core/v3/authority.proto vendored
View File

@ -1,6 +1,6 @@
syntax = "proto3";
package udpa.core.v1;
package xds.core.v3;
import "udpa/annotations/status.proto";
@ -8,11 +8,11 @@ import "validate/validate.proto";
option java_outer_classname = "AuthorityProto";
option java_multiple_files = true;
option java_package = "com.github.udpa.udpa.core.v1";
option java_package = "com.github.udpa.xds.core.v3";
option (udpa.annotations.file_status).work_in_progress = true;
// UDPA authority information.
// xDS authority information.
message Authority {
string name = 1 [(validate.rules).string = {min_len: 1}];

10
xds/third_party/udpa/src/main/proto/udpa/core/v1/collection_entry.proto → xds/third_party/udpa/src/main/proto/xds/core/v3/collection_entry.proto vendored
View File

@ -1,21 +1,21 @@
syntax = "proto3";
package udpa.core.v1;
package xds.core.v3;
import "google/protobuf/any.proto";
import "udpa/annotations/status.proto";
import "udpa/core/v1/resource_locator.proto";
import "xds/core/v3/resource_locator.proto";
import "validate/validate.proto";
option java_outer_classname = "CollectionEntryProto";
option java_multiple_files = true;
option java_package = "com.github.udpa.udpa.core.v1";
option java_package = "com.github.udpa.xds.core.v3";
option (udpa.annotations.file_status).work_in_progress = true;
// UDPA collection resource wrapper. This encapsulates a UDPA resource when
// xDS collection resource wrapper. This encapsulates a xDS resource when
// appearing inside a list collection resource. List collection resources are
// regular Resource messages of type:
//
@ -32,7 +32,7 @@ message CollectionEntry {
// reference via the #entry directive in ResourceLocator.
string name = 1 [(validate.rules).string.pattern = "^[0-9a-zA-Z_\\-\\.~:]+$"];
// The resource's logical version. It is illegal to have the same named UDPA
// The resource's logical version. It is illegal to have the same named xDS
// resource name at a given version with different resource payloads.
string version = 2;

21
xds/third_party/udpa/src/main/proto/xds/core/v3/context_params.proto vendored Normal file
View File

@ -0,0 +1,21 @@
syntax = "proto3";
package xds.core.v3;
import "udpa/annotations/status.proto";
option java_outer_classname = "ContextParamsProto";
option java_multiple_files = true;
option java_package = "com.github.udpa.xds.core.v3";
option (udpa.annotations.file_status).work_in_progress = true;
// Additional parameters that can be used to select resource variants. These include any
// global context parameters, per-resource type client feature capabilities and per-resource
// type functional attributes. All per-resource type attributes will be `xds.resource.`
// prefixed and some of these are documented below:
// `xds.resource.listening_address`: The value is "IP:port" (e.g. "10.1.1.3:8080") which is
// the listening address of a Listener. Used in a Listener resource query.
message ContextParams {
map<string, string> params = 1;
}

40
xds/third_party/udpa/src/main/proto/udpa/core/v1/resource_locator.proto → xds/third_party/udpa/src/main/proto/xds/core/v3/resource_locator.proto vendored
View File

@ -1,38 +1,38 @@
syntax = "proto3";
package udpa.core.v1;
package xds.core.v3;
import "udpa/annotations/status.proto";
import "udpa/core/v1/context_params.proto";
import "xds/core/v3/context_params.proto";
import "validate/validate.proto";
option java_outer_classname = "ResourceLocatorProto";
option java_multiple_files = true;
option java_package = "com.github.udpa.udpa.core.v1";
option java_package = "com.github.udpa.xds.core.v3";
option (udpa.annotations.file_status).work_in_progress = true;
// UDPA resource locators identify a UDPA resource name and instruct the
// xDS resource locators identify a xDS resource name and instruct the
// data-plane load balancer on how the resource may be located.
//
// Resource locators have a canonical udpa:// URI representation:
// Resource locators have a canonical xdstp:// URI representation:
//
// udpa://{authority}/{type_url}/{id/*}?{context_params}{#directive,*}
// xdstp://{authority}/{type_url}/{id}?{context_params}{#directive,*}
//
// where context_params take the form of URI query parameters.
//
// Resource locators have a similar canonical http:// URI representation:
//
// http://{authority}/{type_url}/{id/*}?{context_params}{#directive,*}
// http://{authority}/{type_url}/{id}?{context_params}{#directive,*}
//
// Resource locators also have a simplified file:// URI representation:
//
// file:///{id/*}{#directive,*}
// file:///{id}{#directive,*}
//
message ResourceLocator {
enum Scheme {
UDPA = 0;
XDSTP = 0;
HTTP = 1;
FILE = 2;
}
@ -40,13 +40,13 @@ message ResourceLocator {
// URI scheme.
Scheme scheme = 1 [(validate.rules).enum = {defined_only: true}];
// Opaque identifiers for the resource. These are effectively concatenated
// with / to form the non-query param path as resource ID. This may end
// Opaque identifier for the resource. Any '/' will not be escaped during URI
// encoding and will form part of the URI path. This may end
// with * for glob collection references.
repeated string id = 2 [(validate.rules).repeated = {min_items: 1}];
string id = 2;
// Logical authority for resource (not necessarily transport network address).
// Authorities are opaque in the UDPA API, data-plane load balancers will map
// Authorities are opaque in the xDS API, data-plane load balancers will map
// them to concrete network transports such as an xDS management server, e.g.
// via envoy.config.core.v3.ConfigSource.
string authority = 3;
@ -65,7 +65,7 @@ message ResourceLocator {
// .. space reserved for future potential matchers, e.g. CEL expressions.
}
// Directives provide information to data-plane load balancers on how UDPA
// Directives provide information to data-plane load balancers on how xDS
// resource names are to be interpreted and potentially further resolved. For
// example, they may provide alternative resource locators for when primary
// resolution fails. Directives are not part of resource names and do not
@ -75,7 +75,7 @@ message ResourceLocator {
//
// <directive name>=<string representation of directive value>
//
// For example, we can have alt=udpa://foo/bar or entry=some%20thing. Each
// For example, we can have alt=xdstp://foo/bar or entry=some%20thing. Each
// directive value type may have its own string encoding, in the case of
// ResourceLocator there is a recursive URI encoding.
//
@ -83,7 +83,7 @@ message ResourceLocator {
// Multiple directives are comma-separated, so the reserved characters that
// require percent encoding in a directive value are [',', '#', '[', ']',
// '%']. These are the RFC3986 fragment reserved characters with the addition
// of the UDPA scheme specific ','. See
// of the xDS scheme specific ','. See
// https://tools.ietf.org/html/rfc3986#page-49 for further details on URI ABNF
// and reserved characters.
message Directive {
@ -93,7 +93,7 @@ message ResourceLocator {
// An alternative resource locator for fallback if the resource is
// unavailable. For example, take the resource locator:
//
// udpa://foo/some-type/some-route-table#alt=udpa://bar/some-type/another-route-table
// xdstp://foo/some-type/some-route-table#alt=xdstp://bar/some-type/another-route-table
//
// If the data-plane load balancer is unable to reach `foo` to fetch the
// resource, it will fallback to `bar`. Alternative resources do not need
@ -103,13 +103,13 @@ message ResourceLocator {
// List collections support inlining of resources via the entry field in
// Resource. These inlined Resource objects may have an optional name
// field specified. When specified, the entry directive allows
// UdpaResourceLocator to directly reference these inlined resources, e.g.
// udpa://.../foo#entry=bar.
// ResourceLocator to directly reference these inlined resources, e.g.
// xdstp://.../foo#entry=bar.
string entry = 2 [(validate.rules).string = {min_len: 1, pattern: "^[0-9a-zA-Z_\\-\\./~:]+$"}];
}
}
// A list of directives that appear in the UDPA resource locator #fragment.
// A list of directives that appear in the xDS resource locator #fragment.
//
// When encoding to URI form, directives are percent encoded with comma
// separation.

22
xds/third_party/udpa/src/main/proto/udpa/core/v1/resource_name.proto → xds/third_party/udpa/src/main/proto/xds/core/v3/resource_name.proto vendored
View File

@ -1,34 +1,34 @@
syntax = "proto3";
package udpa.core.v1;
package xds.core.v3;
import "udpa/annotations/status.proto";
import "udpa/core/v1/context_params.proto";
import "xds/core/v3/context_params.proto";
import "validate/validate.proto";
option java_outer_classname = "ResourceNameProto";
option java_multiple_files = true;
option java_package = "com.github.udpa.udpa.core.v1";
option java_package = "com.github.udpa.xds.core.v3";
option (udpa.annotations.file_status).work_in_progress = true;
// UDPA resource name. This has a canonical udpa:// URI representation:
// xDS resource name. This has a canonical xdstp:// URI representation:
//
// udpa://{authority}/{type_url}/{id/*}?{context_params}
// xdstp://{authority}/{type_url}/{id}?{context_params}
//
// where context_params take the form of URI query parameters.
//
// A UDPA resource name fully identifies a network resource for transport
// purposes. UDPA resource names in this form appear only in discovery
// A xDS resource name fully identifies a network resource for transport
// purposes. xDS resource names in this form appear only in discovery
// request/response messages used with the xDS transport.
message ResourceName {
// Opaque identifiers for the resource. These are effectively concatenated
// with / to form the non-query param path as resource ID.
repeated string id = 1 [(validate.rules).repeated = {min_items: 1}];
// Opaque identifier for the resource. Any '/' will not be escaped during URI
// encoding and will form part of the URI path.
string id = 1;
// Logical authority for resource (not necessarily transport network address).
// Authorities are opaque in the UDPA API, data-plane load balancers will map
// Authorities are opaque in the xDS API, data-plane load balancers will map
// them to concrete network transports such as an xDS management server.
string authority = 2;