diff --git a/api/docs/BUILD b/api/docs/BUILD index 5784ecc2d2af..31ed1ee5bae6 100644 --- a/api/docs/BUILD +++ b/api/docs/BUILD @@ -11,23 +11,13 @@ package_group( proto_library( name = "protos", deps = [ - "//envoy/admin/v2alpha:certs", - "//envoy/admin/v2alpha:clusters", - "//envoy/admin/v2alpha:config_dump", - "//envoy/admin/v2alpha:listeners", - "//envoy/admin/v2alpha:memory", - "//envoy/admin/v2alpha:mutex_stats", - "//envoy/admin/v2alpha:server_info", - "//envoy/admin/v2alpha:tap", - "//envoy/api/v2:cds", - "//envoy/api/v2:discovery", - "//envoy/api/v2:eds", - "//envoy/api/v2:lds", - "//envoy/api/v2:rds", - "//envoy/api/v2/cluster:circuit_breaker", - "//envoy/api/v2/cluster:outlier_detection", - "//envoy/api/v2/core:protocol", - "//envoy/api/v2/listener", + "//envoy/admin/v2alpha:pkg", + "//envoy/api/v2", + "//envoy/api/v2/auth", + "//envoy/api/v2/cluster", + "//envoy/api/v2/core", + "//envoy/api/v2/endpoint", + "//envoy/api/v2/listener:pkg", "//envoy/api/v2/ratelimit", "//envoy/api/v2/route", "//envoy/config/accesslog/v2:als", @@ -39,6 +29,7 @@ proto_library( "//envoy/config/common/tap/v2alpha:common", "//envoy/config/filter/accesslog/v2:accesslog", "//envoy/config/filter/dubbo/router/v2alpha1:router", + "//envoy/config/filter/fault/v2:fault", "//envoy/config/filter/http/buffer/v2:buffer", "//envoy/config/filter/http/csrf/v2:csrf", "//envoy/config/filter/http/dynamic_forward_proxy/v2alpha:dynamic_forward_proxy", @@ -75,6 +66,7 @@ proto_library( "//envoy/config/health_checker/redis/v2:redis", "//envoy/config/metrics/v2:metrics_service", "//envoy/config/metrics/v2:stats", + "//envoy/config/overload/v2alpha:overload", "//envoy/config/ratelimit/v2:rls", "//envoy/config/rbac/v2:rbac", "//envoy/config/resource_monitor/fixed_heap/v2alpha:fixed_heap", @@ -95,11 +87,7 @@ proto_library( "//envoy/service/discovery/v2:rtds", "//envoy/service/ratelimit/v2:rls", "//envoy/service/tap/v2alpha:common", - "//envoy/type:percent", - "//envoy/type:range", - "//envoy/type/matcher:metadata", - "//envoy/type/matcher:number", - "//envoy/type/matcher:regex", - "//envoy/type/matcher:string", + "//envoy/type", + "//envoy/type/matcher", ], ) diff --git a/api/envoy/api/v3alpha/cds.proto b/api/envoy/api/v3alpha/cds.proto index 50b7adaf996e..2197ff3efe46 100644 --- a/api/envoy/api/v3alpha/cds.proto +++ b/api/envoy/api/v3alpha/cds.proto @@ -43,7 +43,7 @@ service ClusterDiscoveryService { rpc FetchClusters(DiscoveryRequest) returns (DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:clusters" + post: "/v3alpha/discovery:clusters" body: "*" }; } diff --git a/api/envoy/api/v3alpha/eds.proto b/api/envoy/api/v3alpha/eds.proto index 7ba8592eb793..6d1cf12f3de5 100644 --- a/api/envoy/api/v3alpha/eds.proto +++ b/api/envoy/api/v3alpha/eds.proto @@ -36,7 +36,7 @@ service EndpointDiscoveryService { rpc FetchEndpoints(DiscoveryRequest) returns (DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:endpoints" + post: "/v3alpha/discovery:endpoints" body: "*" }; } diff --git a/api/envoy/api/v3alpha/lds.proto b/api/envoy/api/v3alpha/lds.proto index d9976d6c0e3c..7268d2b15e4b 100644 --- a/api/envoy/api/v3alpha/lds.proto +++ b/api/envoy/api/v3alpha/lds.proto @@ -39,7 +39,7 @@ service ListenerDiscoveryService { rpc FetchListeners(DiscoveryRequest) returns (DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:listeners" + post: "/v3alpha/discovery:listeners" body: "*" }; } diff --git a/api/envoy/api/v3alpha/rds.proto b/api/envoy/api/v3alpha/rds.proto index ed20b34e7cca..b26956dcf712 100644 --- a/api/envoy/api/v3alpha/rds.proto +++ b/api/envoy/api/v3alpha/rds.proto @@ -39,7 +39,7 @@ service RouteDiscoveryService { rpc FetchRoutes(DiscoveryRequest) returns (DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:routes" + post: "/v3alpha/discovery:routes" body: "*" }; } diff --git a/api/envoy/api/v3alpha/srds.proto b/api/envoy/api/v3alpha/srds.proto index 22ad6e675683..62a767ca4440 100644 --- a/api/envoy/api/v3alpha/srds.proto +++ b/api/envoy/api/v3alpha/srds.proto @@ -33,7 +33,7 @@ service ScopedRoutesDiscoveryService { rpc FetchScopedRoutes(DiscoveryRequest) returns (DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:scoped-routes" + post: "/v3alpha/discovery:scoped-routes" body: "*" }; } diff --git a/api/envoy/config/filter/dubbo/router/v3alpha/BUILD b/api/envoy/config/filter/dubbo/router/v3alpha/BUILD new file mode 100644 index 000000000000..68bd8c126b80 --- /dev/null +++ b/api/envoy/config/filter/dubbo/router/v3alpha/BUILD @@ -0,0 +1,10 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package() + +api_proto_library_internal( + name = "router", + srcs = ["router.proto"], +) diff --git a/api/envoy/config/filter/dubbo/router/v3alpha/router.proto b/api/envoy/config/filter/dubbo/router/v3alpha/router.proto new file mode 100644 index 000000000000..46b6609d1c45 --- /dev/null +++ b/api/envoy/config/filter/dubbo/router/v3alpha/router.proto @@ -0,0 +1,13 @@ +syntax = "proto3"; + +package envoy.config.filter.dubbo.router.v3alpha; + +option java_outer_classname = "RouterProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.dubbo.router.v3alpha"; + +// [#protodoc-title: Router] +// Dubbo router :ref:`configuration overview `. + +message Router { +} diff --git a/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v3alpha/BUILD b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v3alpha/BUILD new file mode 100644 index 000000000000..a88ba2443cad --- /dev/null +++ b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v3alpha/BUILD @@ -0,0 +1,10 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package() + +api_proto_library( + name = "config", + srcs = ["config.proto"], +) diff --git a/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v3alpha/config.proto b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v3alpha/config.proto new file mode 100644 index 000000000000..2883701d33d6 --- /dev/null +++ b/api/envoy/config/filter/http/grpc_http1_reverse_bridge/v3alpha/config.proto @@ -0,0 +1,26 @@ +syntax = "proto3"; + +package envoy.config.filter.http.grpc_http1_reverse_bridge.v3alpha; + +option java_outer_classname = "ConfigProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.http.grpc_http1_reverse_bridge.v3alpha"; + +import "validate/validate.proto"; + +// [#protodoc-title: gRPC HTTP/1.1 Reverse Bridge] +// gRPC HTTP/1.1 Reverse Bridge :ref:`configuration overview +// `. + +// gRPC reverse bridge filter configuration +message FilterConfig { + // The content-type to pass to the upstream when the gRPC bridge filter is applied. + // The filter will also validate that the upstream responds with the same content type. + string content_type = 1 [(validate.rules).string.min_bytes = 1]; + + // If true, Envoy will assume that the upstream doesn't understand gRPC frames and + // strip the gRPC frame from the request, and add it back in to the response. This will + // hide the gRPC semantics from the upstream, allowing it to receive and respond with a + // simple binary encoded protobuf. + bool withhold_grpc_frames = 2; +} diff --git a/api/envoy/config/filter/http/original_src/v3alpha/BUILD b/api/envoy/config/filter/http/original_src/v3alpha/BUILD new file mode 100644 index 000000000000..a7435bb55cfc --- /dev/null +++ b/api/envoy/config/filter/http/original_src/v3alpha/BUILD @@ -0,0 +1,10 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package() + +api_proto_library_internal( + name = "original_src", + srcs = ["original_src.proto"], +) diff --git a/api/envoy/config/filter/http/original_src/v3alpha/original_src.proto b/api/envoy/config/filter/http/original_src/v3alpha/original_src.proto new file mode 100644 index 000000000000..20bd0e920e26 --- /dev/null +++ b/api/envoy/config/filter/http/original_src/v3alpha/original_src.proto @@ -0,0 +1,24 @@ +syntax = "proto3"; + +package envoy.config.filter.http.original_src.v3alpha; + +option java_outer_classname = "OriginalSrcProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.http.original_src.v3alpha"; + +import "validate/validate.proto"; + +// [#protodoc-title: Original Src Filter] +// Use the Original source address on upstream connections. + +// The Original Src filter binds upstream connections to the original source address determined +// for the request. This address could come from something like the Proxy Protocol filter, or it +// could come from trusted http headers. +message OriginalSrc { + + // Sets the SO_MARK option on the upstream connection's socket to the provided value. Used to + // ensure that non-local addresses may be routed back through envoy when binding to the original + // source address. The option will not be applied if the mark is 0. + // [#proto-status: experimental] + uint32 mark = 1; +} diff --git a/api/envoy/config/filter/listener/original_src/v3alpha/BUILD b/api/envoy/config/filter/listener/original_src/v3alpha/BUILD new file mode 100644 index 000000000000..a7435bb55cfc --- /dev/null +++ b/api/envoy/config/filter/listener/original_src/v3alpha/BUILD @@ -0,0 +1,10 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package() + +api_proto_library_internal( + name = "original_src", + srcs = ["original_src.proto"], +) diff --git a/api/envoy/config/filter/listener/original_src/v3alpha/original_src.proto b/api/envoy/config/filter/listener/original_src/v3alpha/original_src.proto new file mode 100644 index 000000000000..3c5fee9505a2 --- /dev/null +++ b/api/envoy/config/filter/listener/original_src/v3alpha/original_src.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.config.filter.listener.original_src.v3alpha; + +option java_outer_classname = "OriginalSrcProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.listener.original_src.v3alpha"; + +import "validate/validate.proto"; + +// [#protodoc-title: Original Src Filter] +// Use the Original source address on upstream connections. + +// The Original Src filter binds upstream connections to the original source address determined +// for the connection. This address could come from something like the Proxy Protocol filter, or it +// could come from trusted http headers. +message OriginalSrc { + + // Whether to bind the port to the one used in the original downstream connection. + // [#not-implemented-warn:] + bool bind_port = 1; + + // Sets the SO_MARK option on the upstream connection's socket to the provided value. Used to + // ensure that non-local addresses may be routed back through envoy when binding to the original + // source address. The option will not be applied if the mark is 0. + // [#proto-status: experimental] + uint32 mark = 2; +} diff --git a/api/envoy/config/filter/network/dubbo_proxy/v3alpha/BUILD b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/BUILD new file mode 100644 index 000000000000..db73dfbd0848 --- /dev/null +++ b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/BUILD @@ -0,0 +1,26 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/api/v3alpha/core", + "//envoy/api/v3alpha/route:pkg", + "//envoy/type", + "//envoy/type/matcher", + ], +) + +api_proto_library_internal( + name = "dubbo_proxy", + srcs = [ + "dubbo_proxy.proto", + "route.proto", + ], + deps = [ + "//envoy/api/v3alpha/core:base", + "//envoy/api/v3alpha/route", + "//envoy/type:range", + "//envoy/type/matcher:string", + ], +) diff --git a/api/envoy/config/filter/network/dubbo_proxy/v3alpha/README.md b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/README.md new file mode 100644 index 000000000000..c83caca1f8f4 --- /dev/null +++ b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/README.md @@ -0,0 +1 @@ +Protocol buffer definitions for the Dubbo proxy. diff --git a/api/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto new file mode 100644 index 000000000000..f314e393a85d --- /dev/null +++ b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/dubbo_proxy.proto @@ -0,0 +1,60 @@ +syntax = "proto3"; + +package envoy.config.filter.network.dubbo_proxy.v3alpha; + +option java_outer_classname = "DubboProxyProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.network.dubbo_proxy.v3alpha"; + +import "envoy/config/filter/network/dubbo_proxy/v3alpha/route.proto"; + +import "google/protobuf/any.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +// [#protodoc-title: Dubbo Proxy] +// Dubbo Proxy :ref:`configuration overview `. + +// [#comment:next free field: 6] +message DubboProxy { + // The human readable prefix to use when emitting statistics. + string stat_prefix = 1 [(validate.rules).string.min_bytes = 1]; + + // Configure the protocol used. + ProtocolType protocol_type = 2 [(validate.rules).enum.defined_only = true]; + + // Configure the serialization protocol used. + SerializationType serialization_type = 3 [(validate.rules).enum.defined_only = true]; + + // The route table for the connection manager is static and is specified in this property. + repeated RouteConfiguration route_config = 4; + + // A list of individual Dubbo filters that make up the filter chain for requests made to the + // Dubbo proxy. Order matters as the filters are processed sequentially. For backwards + // compatibility, if no dubbo_filters are specified, a default Dubbo router filter + // (`envoy.filters.dubbo.router`) is used. + repeated DubboFilter dubbo_filters = 5; +} + +// Dubbo Protocol types supported by Envoy. +enum ProtocolType { + Dubbo = 0; // the default protocol. +} + +// Dubbo Serialization types supported by Envoy. +enum SerializationType { + Hessian2 = 0; // the default serialization protocol. +} + +// DubboFilter configures a Dubbo filter. +// [#comment:next free field: 3] +message DubboFilter { + // The name of the filter to instantiate. The name must match a supported + // filter. + string name = 1 [(validate.rules).string.min_bytes = 1]; + + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. + google.protobuf.Any config = 2; +} diff --git a/api/envoy/config/filter/network/dubbo_proxy/v3alpha/route.proto b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/route.proto new file mode 100644 index 000000000000..180428f8644a --- /dev/null +++ b/api/envoy/config/filter/network/dubbo_proxy/v3alpha/route.proto @@ -0,0 +1,109 @@ +syntax = "proto3"; + +package envoy.config.filter.network.dubbo_proxy.v3alpha; + +option java_outer_classname = "RouteProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.network.dubbo_proxy.v3alpha"; + +import "envoy/api/v3alpha/route/route.proto"; +import "envoy/type/matcher/string.proto"; +import "envoy/type/range.proto"; + +import "google/protobuf/wrappers.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +option (gogoproto.stable_marshaler_all) = true; + +// [#protodoc-title: Dubbo Proxy Route Configuration] +// Dubbo Proxy :ref:`configuration overview `. + +// [#comment:next free field: 6] +message RouteConfiguration { + // The name of the route configuration. Reserved for future use in asynchronous route discovery. + string name = 1; + + // The interface name of the service. + string interface = 2; + + // Which group does the interface belong to. + string group = 3; + + // The version number of the interface. + string version = 4; + + // The list of routes that will be matched, in order, against incoming requests. The first route + // that matches will be used. + repeated Route routes = 5; +} + +// [#comment:next free field: 3] +message Route { + // Route matching parameters. + RouteMatch match = 1 [(validate.rules).message.required = true]; + + // Route request to some upstream cluster. + RouteAction route = 2 [(validate.rules).message.required = true]; +} + +// [#comment:next free field: 3] +message RouteMatch { + // Method level routing matching. + MethodMatch method = 1; + + // Specifies a set of headers that the route should match on. The router will check the request’s + // headers against all the specified headers in the route config. A match will happen if all the + // headers in the route are present in the request with the same values (or based on presence if + // the value field is not in the config). + repeated envoy.api.v3alpha.route.HeaderMatcher headers = 2; +} + +// [#comment:next free field: 3] +message RouteAction { + oneof cluster_specifier { + option (validate.required) = true; + + // Indicates the upstream cluster to which the request should be routed. + string cluster = 1; + + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. + // Currently ClusterWeight only supports the name and weight fields. + envoy.api.v3alpha.route.WeightedCluster weighted_clusters = 2; + } +} + +// [#comment:next free field: 5] +message MethodMatch { + // The name of the method. + envoy.type.matcher.StringMatcher name = 1; + + // The parameter matching type. + message ParameterMatchSpecifier { + oneof parameter_match_specifier { + // If specified, header match will be performed based on the value of the header. + string exact_match = 3; + + // If specified, header match will be performed based on range. + // The rule will match if the request header value is within this range. + // The entire request header value must represent an integer in base 10 notation: consisting + // of an optional plus or minus sign followed by a sequence of digits. The rule will not match + // if the header value does not represent an integer. Match will fail for empty values, + // floating point numbers or if only a subsequence of the header value is an integer. + // + // Examples: + // + // * For range [-10,0), route will match for header value -1, but not for 0, + // "somestring", 10.9, "-1somestring" + envoy.type.Int64Range range_match = 4; + } + } + + // Method parameter definition. + // The key is the parameter index, starting from 0. + // The value is the parameter matching type. + map params_match = 2; +} diff --git a/api/envoy/config/filter/network/thrift_proxy/v3alpha/BUILD b/api/envoy/config/filter/network/thrift_proxy/v3alpha/BUILD new file mode 100644 index 000000000000..34a2c397ccb8 --- /dev/null +++ b/api/envoy/config/filter/network/thrift_proxy/v3alpha/BUILD @@ -0,0 +1,22 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/api/v3alpha/core", + "//envoy/api/v3alpha/route:pkg", + ], +) + +api_proto_library_internal( + name = "thrift_proxy", + srcs = [ + "route.proto", + "thrift_proxy.proto", + ], + deps = [ + "//envoy/api/v3alpha/core:base", + "//envoy/api/v3alpha/route", + ], +) diff --git a/api/envoy/config/filter/network/thrift_proxy/v3alpha/README.md b/api/envoy/config/filter/network/thrift_proxy/v3alpha/README.md new file mode 100644 index 000000000000..a7d95c0d4764 --- /dev/null +++ b/api/envoy/config/filter/network/thrift_proxy/v3alpha/README.md @@ -0,0 +1 @@ +Protocol buffer definitions for the Thrift proxy. diff --git a/api/envoy/config/filter/network/thrift_proxy/v3alpha/route.proto b/api/envoy/config/filter/network/thrift_proxy/v3alpha/route.proto new file mode 100644 index 000000000000..1e6777eedef1 --- /dev/null +++ b/api/envoy/config/filter/network/thrift_proxy/v3alpha/route.proto @@ -0,0 +1,129 @@ +syntax = "proto3"; + +package envoy.config.filter.network.thrift_proxy.v3alpha; + +option java_outer_classname = "RouteProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.network.thrift_proxy.v3alpha"; + +import "envoy/api/v3alpha/core/base.proto"; +import "envoy/api/v3alpha/route/route.proto"; + +import "google/protobuf/wrappers.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +// [#protodoc-title: Thrift Proxy Route Configuration] +// Thrift Proxy :ref:`configuration overview `. + +// [#comment:next free field: 3] +message RouteConfiguration { + // The name of the route configuration. Reserved for future use in asynchronous route discovery. + string name = 1; + + // The list of routes that will be matched, in order, against incoming requests. The first route + // that matches will be used. + repeated Route routes = 2; +} + +// [#comment:next free field: 3] +message Route { + // Route matching parameters. + RouteMatch match = 1 [(validate.rules).message.required = true]; + + // Route request to some upstream cluster. + RouteAction route = 2 [(validate.rules).message.required = true]; +} + +// [#comment:next free field: 5] +message RouteMatch { + oneof match_specifier { + option (validate.required) = true; + + // If specified, the route must exactly match the request method name. As a special case, an + // empty string matches any request method name. + string method_name = 1; + + // If specified, the route must have the service name as the request method name prefix. As a + // special case, an empty string matches any service name. Only relevant when service + // multiplexing. + string service_name = 2; + } + + // Inverts whatever matching is done in the :ref:`method_name + // ` or + // :ref:`service_name + // ` fields. + // Cannot be combined with wildcard matching as that would result in routes never being matched. + // + // .. note:: + // + // This does not invert matching done as part of the :ref:`headers field + // ` field. To + // invert header matching, see :ref:`invert_match + // `. + bool invert = 3; + + // Specifies a set of headers that the route should match on. The router will check the request’s + // headers against all the specified headers in the route config. A match will happen if all the + // headers in the route are present in the request with the same values (or based on presence if + // the value field is not in the config). Note that this only applies for Thrift transports and/or + // protocols that support headers. + repeated envoy.api.v3alpha.route.HeaderMatcher headers = 4; +} + +// [#comment:next free field: 5] +message RouteAction { + oneof cluster_specifier { + option (validate.required) = true; + + // Indicates a single upstream cluster to which the request should be routed + // to. + string cluster = 1 [(validate.rules).string.min_bytes = 1]; + + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. + WeightedCluster weighted_clusters = 2; + } + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in + // the upstream cluster with metadata matching what is set in this field will be considered. + // Note that this will be merged with what's provided in :ref: `WeightedCluster.MetadataMatch + // `, + // with values there taking precedence. Keys and values should be provided under the "envoy.lb" + // metadata key. + envoy.api.v3alpha.core.Metadata metadata_match = 3; + + // Specifies a set of rate limit configurations that could be applied to the route. + // N.B. Thrift service or method name matching can be achieved by specifying a RequestHeaders + // action with the header name ":method-name". + repeated envoy.api.v3alpha.route.RateLimit rate_limits = 4; +} + +// Allows for specification of multiple upstream clusters along with weights that indicate the +// percentage of traffic to be forwarded to each cluster. The router selects an upstream cluster +// based on these weights. +message WeightedCluster { + message ClusterWeight { + // Name of the upstream cluster. + string name = 1 [(validate.rules).string.min_bytes = 1]; + + // When a request matches the route, the choice of an upstream cluster is determined by its + // weight. The sum of weights across all entries in the clusters array determines the total + // weight. + google.protobuf.UInt32Value weight = 2 [(validate.rules).uint32.gte = 1]; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in + // the upstream cluster with metadata matching what is set in this field, combined with what's + // provided in :ref: `RouteAction's metadata_match + // `, + // will be considered. Values here will take precedence. Keys and values should be provided + // under the "envoy.lb" metadata key. + envoy.api.v3alpha.core.Metadata metadata_match = 3; + } + + // Specifies one or more upstream clusters associated with the route. + repeated ClusterWeight clusters = 1 [(validate.rules).repeated .min_items = 1]; +} diff --git a/api/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto b/api/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto new file mode 100644 index 000000000000..3c3c200b2ea3 --- /dev/null +++ b/api/envoy/config/filter/network/thrift_proxy/v3alpha/thrift_proxy.proto @@ -0,0 +1,121 @@ +syntax = "proto3"; + +package envoy.config.filter.network.thrift_proxy.v3alpha; + +option java_outer_classname = "ThriftProxyProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.network.thrift_proxy.v3alpha"; + +import "envoy/config/filter/network/thrift_proxy/v3alpha/route.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/struct.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +// [#protodoc-title: Thrift Proxy] +// Thrift Proxy :ref:`configuration overview `. + +// [#comment:next free field: 6] +message ThriftProxy { + // Supplies the type of transport that the Thrift proxy should use. Defaults to + // :ref:`AUTO_TRANSPORT`. + TransportType transport = 2 [(validate.rules).enum.defined_only = true]; + + // Supplies the type of protocol that the Thrift proxy should use. Defaults to + // :ref:`AUTO_PROTOCOL`. + ProtocolType protocol = 3 [(validate.rules).enum.defined_only = true]; + + // The human readable prefix to use when emitting statistics. + string stat_prefix = 1 [(validate.rules).string.min_bytes = 1]; + + // The route table for the connection manager is static and is specified in this property. + RouteConfiguration route_config = 4; + + // A list of individual Thrift filters that make up the filter chain for requests made to the + // Thrift proxy. Order matters as the filters are processed sequentially. For backwards + // compatibility, if no thrift_filters are specified, a default Thrift router filter + // (`envoy.filters.thrift.router`) is used. + repeated ThriftFilter thrift_filters = 5; +} + +// Thrift transport types supported by Envoy. +enum TransportType { + option (gogoproto.goproto_enum_prefix) = false; + + // For downstream connections, the Thrift proxy will attempt to determine which transport to use. + // For upstream connections, the Thrift proxy will use same transport as the downstream + // connection. + AUTO_TRANSPORT = 0; + + // The Thrift proxy will use the Thrift framed transport. + FRAMED = 1; + + // The Thrift proxy will use the Thrift unframed transport. + UNFRAMED = 2; + + // The Thrift proxy will assume the client is using the Thrift header transport. + HEADER = 3; +} + +// Thrift Protocol types supported by Envoy. +enum ProtocolType { + option (gogoproto.goproto_enum_prefix) = false; + + // For downstream connections, the Thrift proxy will attempt to determine which protocol to use. + // Note that the older, non-strict (or lax) binary protocol is not included in automatic protocol + // detection. For upstream connections, the Thrift proxy will use the same protocol as the + // downstream connection. + AUTO_PROTOCOL = 0; + + // The Thrift proxy will use the Thrift binary protocol. + BINARY = 1; + + // The Thrift proxy will use Thrift non-strict binary protocol. + LAX_BINARY = 2; + + // The Thrift proxy will use the Thrift compact protocol. + COMPACT = 3; + + // The Thrift proxy will use the Thrift "Twitter" protocol implemented by the finagle library. + TWITTER = 4; +} + +// ThriftFilter configures a Thrift filter. +// [#comment:next free field: 3] +message ThriftFilter { + // The name of the filter to instantiate. The name must match a supported + // filter. The built-in filters are: + // + // [#comment:TODO(zuercher): Auto generate the following list] + // * :ref:`envoy.filters.thrift.router ` + // * :ref:`envoy.filters.thrift.rate_limit ` + string name = 1 [(validate.rules).string.min_bytes = 1]; + + // Filter specific configuration which depends on the filter being instantiated. See the supported + // filters for further documentation. + oneof config_type { + google.protobuf.Struct config = 2; + + google.protobuf.Any typed_config = 3; + } +} + +// ThriftProtocolOptions specifies Thrift upstream protocol options. This object is used in +// in :ref:`extension_protocol_options`, keyed +// by the name `envoy.filters.network.thrift_proxy`. +// [#comment:next free field: 3] +message ThriftProtocolOptions { + // Supplies the type of transport that the Thrift proxy should use for upstream connections. + // Selecting + // :ref:`AUTO_TRANSPORT`, + // which is the default, causes the proxy to use the same transport as the downstream connection. + TransportType transport = 1 [(validate.rules).enum.defined_only = true]; + + // Supplies the type of protocol that the Thrift proxy should use for upstream connections. + // Selecting + // :ref:`AUTO_PROTOCOL`, + // which is the default, causes the proxy to use the same protocol as the downstream connection. + ProtocolType protocol = 2 [(validate.rules).enum.defined_only = true]; +} diff --git a/api/envoy/config/filter/thrift/rate_limit/v3alpha/BUILD b/api/envoy/config/filter/thrift/rate_limit/v3alpha/BUILD new file mode 100644 index 000000000000..a13183b9eb75 --- /dev/null +++ b/api/envoy/config/filter/thrift/rate_limit/v3alpha/BUILD @@ -0,0 +1,19 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/api/v3alpha/ratelimit:pkg", + "//envoy/config/ratelimit/v3alpha:pkg", + ], +) + +api_proto_library_internal( + name = "rate_limit", + srcs = ["rate_limit.proto"], + deps = [ + "//envoy/api/v3alpha/ratelimit", + "//envoy/config/ratelimit/v3alpha:rls", + ], +) diff --git a/api/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto b/api/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto new file mode 100644 index 000000000000..e10197b7103e --- /dev/null +++ b/api/envoy/config/filter/thrift/rate_limit/v3alpha/rate_limit.proto @@ -0,0 +1,50 @@ +syntax = "proto3"; + +package envoy.config.filter.thrift.rate_limit.v3alpha; + +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.thrift.rate_limit.v3alpha"; + +import "envoy/config/ratelimit/v3alpha/rls.proto"; + +import "google/protobuf/duration.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. + +// [#comment:next free field: 5] +message RateLimit { + // The rate limit domain to use in the rate limit service request. + string domain = 1 [(validate.rules).string.min_bytes = 1]; + + // Specifies the rate limit configuration stage. Each configured rate limit filter performs a + // rate limit check using descriptors configured in the + // :ref:`envoy_api_msg_config.filter.network.thrift_proxy.v3alpha.RouteAction` for the request. + // Only those entries with a matching stage number are used for a given filter. If not set, the + // default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32.lte = 10]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 3 [(gogoproto.stdduration) = true]; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + // Defaults to false. + bool failure_mode_deny = 4; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + envoy.config.ratelimit.v3alpha.RateLimitServiceConfig rate_limit_service = 5 + [(validate.rules).message.required = true]; +} diff --git a/api/envoy/config/filter/thrift/router/v3alpha/BUILD b/api/envoy/config/filter/thrift/router/v3alpha/BUILD new file mode 100644 index 000000000000..68bd8c126b80 --- /dev/null +++ b/api/envoy/config/filter/thrift/router/v3alpha/BUILD @@ -0,0 +1,10 @@ +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_library_internal", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package() + +api_proto_library_internal( + name = "router", + srcs = ["router.proto"], +) diff --git a/api/envoy/config/filter/thrift/router/v3alpha/router.proto b/api/envoy/config/filter/thrift/router/v3alpha/router.proto new file mode 100644 index 000000000000..9fe86566a488 --- /dev/null +++ b/api/envoy/config/filter/thrift/router/v3alpha/router.proto @@ -0,0 +1,13 @@ +syntax = "proto3"; + +package envoy.config.filter.thrift.router.v3alpha; + +option java_outer_classname = "RouterProto"; +option java_multiple_files = true; +option java_package = "io.envoyproxy.envoy.config.filter.thrift.router.v3alpha"; + +// [#protodoc-title: Router] +// Thrift router :ref:`configuration overview `. + +message Router { +} diff --git a/api/envoy/service/discovery/v3alpha/hds.proto b/api/envoy/service/discovery/v3alpha/hds.proto index 5ec7f491c8f2..14955b15dbe8 100644 --- a/api/envoy/service/discovery/v3alpha/hds.proto +++ b/api/envoy/service/discovery/v3alpha/hds.proto @@ -65,7 +65,7 @@ service HealthDiscoveryService { // to bind with the response? rpc FetchHealthCheck(HealthCheckRequestOrEndpointHealthResponse) returns (HealthCheckSpecifier) { option (google.api.http) = { - post: "/v2/discovery:health_check" + post: "/v3alpha/discovery:health_check" body: "*" }; } diff --git a/api/envoy/service/discovery/v3alpha/rtds.proto b/api/envoy/service/discovery/v3alpha/rtds.proto index 5a59cf13f814..d4184ab6e197 100644 --- a/api/envoy/service/discovery/v3alpha/rtds.proto +++ b/api/envoy/service/discovery/v3alpha/rtds.proto @@ -35,7 +35,7 @@ service RuntimeDiscoveryService { rpc FetchRuntime(envoy.api.v3alpha.DiscoveryRequest) returns (envoy.api.v3alpha.DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:runtime" + post: "/v3alpha/discovery:runtime" body: "*" }; } diff --git a/api/envoy/service/discovery/v3alpha/sds.proto b/api/envoy/service/discovery/v3alpha/sds.proto index 9f8aa92befa2..814edd07196d 100644 --- a/api/envoy/service/discovery/v3alpha/sds.proto +++ b/api/envoy/service/discovery/v3alpha/sds.proto @@ -27,7 +27,7 @@ service SecretDiscoveryService { rpc FetchSecrets(envoy.api.v3alpha.DiscoveryRequest) returns (envoy.api.v3alpha.DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:secrets" + post: "/v3alpha/discovery:secrets" body: "*" }; } diff --git a/api/envoy/service/tap/v3alpha/tapds.proto b/api/envoy/service/tap/v3alpha/tapds.proto index 542d88ed2285..11eea61a1dc8 100644 --- a/api/envoy/service/tap/v3alpha/tapds.proto +++ b/api/envoy/service/tap/v3alpha/tapds.proto @@ -27,7 +27,7 @@ service TapDiscoveryService { rpc FetchTapConfigs(envoy.api.v3alpha.DiscoveryRequest) returns (envoy.api.v3alpha.DiscoveryResponse) { option (google.api.http) = { - post: "/v2/discovery:tap_configs" + post: "/v3alpha/discovery:tap_configs" body: "*" }; } diff --git a/docs/build.sh b/docs/build.sh index b75ebac03e65..add8b95f3037 100755 --- a/docs/build.sh +++ b/docs/build.sh @@ -50,20 +50,22 @@ bazel build ${BAZEL_BUILD_OPTIONS} @envoy_api//docs:protos --aspects \ tools/protodoc/protodoc.bzl%proto_doc_aspect --output_groups=rst --action_env=CPROFILE_ENABLED=1 \ --action_env=ENVOY_BLOB_SHA --spawn_strategy=standalone --host_force_python=PY3 -declare -r DOC_PROTOS=$(bazel query "deps(@envoy_api//docs:protos)" | grep "^@envoy_api.*proto$") +declare -r DOCS_DEPS=$(bazel query "labels(deps, @envoy_api//docs:protos)") # Only copy in the protos we care about and know how to deal with in protodoc. -for p in ${DOC_PROTOS} +for PROTO_TARGET in ${DOCS_DEPS} do - declare PROTO_TARGET=$(bazel query "kind(proto_library, same_pkg_direct_rdeps($p))") - declare PROTO_TARGET_WITHOUT_PREFIX="${PROTO_TARGET#@envoy_api//}" - declare PROTO_TARGET_CANONICAL="${PROTO_TARGET_WITHOUT_PREFIX/:/\/}" - declare PROTO_FILE_WITHOUT_PREFIX="${p#@envoy_api//}" - declare PROTO_FILE_CANONICAL="${PROTO_FILE_WITHOUT_PREFIX/:/\/}" - declare DEST="${GENERATED_RST_DIR}/api-v2/${PROTO_FILE_CANONICAL#envoy/}".rst - mkdir -p "$(dirname "${DEST}")" - cp -f bazel-bin/external/envoy_api/"${PROTO_TARGET_CANONICAL}/${PROTO_FILE_CANONICAL}.rst" "$(dirname "${DEST}")" - [ -n "${CPROFILE_ENABLED}" ] && cp -f bazel-bin/"${p}".profile "$(dirname "${DEST}")" + for p in $(bazel query "labels(srcs, ${PROTO_TARGET})" ) + do + declare PROTO_TARGET_WITHOUT_PREFIX="${PROTO_TARGET#@envoy_api//}" + declare PROTO_TARGET_CANONICAL="${PROTO_TARGET_WITHOUT_PREFIX/:/\/}" + declare PROTO_FILE_WITHOUT_PREFIX="${p#@envoy_api//}" + declare PROTO_FILE_CANONICAL="${PROTO_FILE_WITHOUT_PREFIX/:/\/}" + declare DEST="${GENERATED_RST_DIR}/api-v2/${PROTO_FILE_CANONICAL#envoy/}".rst + mkdir -p "$(dirname "${DEST}")" + cp -f bazel-bin/external/envoy_api/"${PROTO_TARGET_CANONICAL}/${PROTO_FILE_CANONICAL}.rst" "$(dirname "${DEST}")" + [ -n "${CPROFILE_ENABLED}" ] && cp -f bazel-bin/"${p}".profile "$(dirname "${DEST}")" + done done mkdir -p ${GENERATED_RST_DIR}/api-docs diff --git a/tools/api/clone.sh b/tools/api/clone.sh index a9cdb63ffd91..a3199793434c 100755 --- a/tools/api/clone.sh +++ b/tools/api/clone.sh @@ -12,23 +12,23 @@ set -e declare -r OLD_VERSION="$1" declare -r NEW_VERSION="$2" -# For vM -> vN, replace //$1*/vMalpha with //$1*/vN in BUILD file $2 +# For vM -> vN, replace //$1*/vMalpha\d* with //$1*/vN in BUILD file $2 # For vM -> vN, replace //$1*/vM with //$1*/vN in BUILD file $2 function replace_build() { - sed -i -e "s#\(//$1[^\S]*\)/${OLD_VERSION}alpha#\1/${NEW_VERSION}#g" "$2" + sed -i -e "s#\(//$1[^\S]*\)/${OLD_VERSION}alpha[[:digit:]]*#\1/${NEW_VERSION}#g" "$2" sed -i -e "s#\(//$1[^\S]*\)/${OLD_VERSION}#\1/${NEW_VERSION}#g" "$2" } # For vM -> vN, replace $1*[./]vMalpha with $1*[./]vN in .proto file $2 # For vM -> vN, replace $1*[./]vM with $1*[./]vN in .proto file $2 function replace_proto() { - sed -i -e "s#\($1\S*[\./]\)${OLD_VERSION}alpha#\1${NEW_VERSION}#g" "$2" + sed -i -e "s#\($1\S*[\./]\)${OLD_VERSION}alpha[[:digit:]]*#\1${NEW_VERSION}#g" "$2" sed -i -e "s#\($1\S*[\./]\)${OLD_VERSION}#\1${NEW_VERSION}#g" "$2" } # We consider both {vM, vMalpha} to deal with the multiple possible combinations # of {vM, vMalpha} existence for a given package. -for p in $(find api/ -name "${OLD_VERSION}" -o -name "${OLD_VERSION}alpha") +for p in $(find api/ -name "${OLD_VERSION}*") do declare PACKAGE_ROOT="$(dirname "$p")" declare OLD_VERSION_ROOT="${PACKAGE_ROOT}/${OLD_VERSION}" @@ -47,6 +47,8 @@ do for b in $(find "${NEW_VERSION_ROOT}" -name BUILD) do replace_build envoy "$b" + # Misc. cleanup for go BUILD rules + sed -i -e "s#\"${OLD_VERSION}\"#\"${NEW_VERSION}\"#g" "$b" done # Update .proto files with vM -> vN @@ -58,5 +60,6 @@ do replace_proto common "$f" replace_proto config "$f" replace_proto filter "$f" + replace_proto "" "$f" done done