diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh index 6ffb5105022..e1636db3198 100755 --- a/xds/third_party/envoy/import.sh +++ b/xds/third_party/envoy/import.sh @@ -18,7 +18,7 @@ set -e BRANCH=main # import VERSION from one of the google internal CLs -VERSION=ac9a2637336decdcc52c24add5e8fc39edebb962 +VERSION=8b9b87702885beb324dadb349cbcb06d037c956e GIT_REPO="https://github.com/envoyproxy/envoy.git" GIT_BASE_DIR=envoy SOURCE_PROTO_BASE_DIR=envoy/api @@ -84,6 +84,7 @@ envoy/config/core/v3/protocol.proto envoy/config/core/v3/proxy_protocol.proto envoy/config/core/v3/socket_option.proto envoy/config/core/v3/substitution_format_string.proto +envoy/config/core/v3/udp_socket_config.proto envoy/config/endpoint/v3/endpoint.proto envoy/config/endpoint/v3/endpoint_components.proto envoy/config/endpoint/v3/load_report.proto @@ -96,10 +97,12 @@ envoy/config/listener/v2/api_listener.proto envoy/config/listener/v3/api_listener.proto envoy/config/listener/v3/listener.proto envoy/config/listener/v3/listener_components.proto +envoy/config/listener/v3/quic_config.proto envoy/config/listener/v3/udp_listener_config.proto envoy/config/metrics/v3/stats.proto envoy/config/overload/v3/overload.proto envoy/config/rbac/v2/rbac.proto +envoy/config/rbac/v3/rbac.proto envoy/config/route/v3/route.proto envoy/config/route/v3/route_components.proto envoy/config/route/v3/scoped_route.proto @@ -136,6 +139,7 @@ envoy/service/load_stats/v2/lrs.proto envoy/service/load_stats/v3/lrs.proto envoy/service/status/v3/csds.proto envoy/type/http.proto +envoy/type/http/v3/path_transformation.proto envoy/type/matcher/metadata.proto envoy/type/matcher/number.proto envoy/type/matcher/path.proto @@ -144,6 +148,7 @@ envoy/type/matcher/string.proto envoy/type/matcher/v3/metadata.proto envoy/type/matcher/v3/node.proto envoy/type/matcher/v3/number.proto +envoy/type/matcher/v3/path.proto envoy/type/matcher/v3/regex.proto envoy/type/matcher/v3/string.proto envoy/type/matcher/v3/struct.proto diff --git a/xds/third_party/envoy/src/main/proto/envoy/annotations/deprecation.proto b/xds/third_party/envoy/src/main/proto/envoy/annotations/deprecation.proto index 7f9b64e32b0..ce02ab98a8d 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/annotations/deprecation.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/annotations/deprecation.proto @@ -5,18 +5,29 @@ package envoy.annotations; import "google/protobuf/descriptor.proto"; // [#protodoc-title: Deprecation] -// Allows tagging proto fields as fatal by default. One Envoy release after -// deprecation, deprecated fields will be disallowed by default, a state which -// is reversible with :ref:`runtime overrides `. +// Adds annotations for deprecated fields and enums to allow tagging proto +// fields as fatal by default and the minor version on which the field was +// deprecated. One Envoy release after deprecation, deprecated fields will be +// disallowed by default, a state which is reversible with +// :ref:`runtime overrides `. // Magic number in this file derived from top 28bit of SHA256 digest of -// "envoy.annotation.disallowed_by_default" +// "envoy.annotation.disallowed_by_default" and "envoy.annotation.deprecated_at_minor_version" extend google.protobuf.FieldOptions { bool disallowed_by_default = 189503207; + + // The API major and minor version on which the field was deprecated + // (e.g., "3.5" for major version 3 and minor version 5). + string deprecated_at_minor_version = 157299826; } // Magic number in this file derived from top 28bit of SHA256 digest of -// "envoy.annotation.disallowed_by_default_enum" +// "envoy.annotation.disallowed_by_default_enum" and +// "envoy.annotation.deprecated_at_minor_version_eum" extend google.protobuf.EnumValueOptions { bool disallowed_by_default_enum = 70100853; + + // The API major and minor version on which the enum value was deprecated + // (e.g., "3.5" for major version 3 and minor version 5). + string deprecated_at_minor_version_enum = 181198657; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/address.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/address.proto index 804da539583..fdcb4e7d94f 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/address.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/address.proto @@ -129,6 +129,6 @@ message CidrRange { // IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``. string address_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; - // Length of prefix, e.g. 0, 32. + // Length of prefix, e.g. 0, 32. Defaults to 0 when unset. google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}]; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto index 26544c6c4aa..1fdd202de42 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto @@ -195,6 +195,8 @@ message Listener { google.protobuf.UInt32Value tcp_fast_open_queue_length = 12; // Specifies the intended direction of the traffic relative to the local Envoy. + // This property is required on Windows for listeners using the original destination filter, + // see :ref:`Original Destination `. core.TrafficDirection traffic_direction = 16; // If the protocol in the listener socket address in :ref:`protocol diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto index b709e891994..883f1127468 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto @@ -29,26 +29,16 @@ message AccessLog { reserved "config"; - // The name of the access log implementation to instantiate. The name must - // match a statically registered access log. Current built-in loggers include: - // - // #. "envoy.access_loggers.file" - // #. "envoy.access_loggers.http_grpc" - // #. "envoy.access_loggers.tcp_grpc" + // The name of the access log extension to instantiate. + // The name must match one of the compiled in loggers. + // See the :ref:`extensions listed in typed_config below ` for the default list of available loggers. string name = 1; // Filter which is used to determine if the access log needs to be written. AccessLogFilter filter = 2; - // Custom configuration that depends on the access log being instantiated. - // Built-in configurations include: - // - // #. "envoy.access_loggers.file": :ref:`FileAccessLog - // ` - // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig - // ` - // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig - // ` + // Custom configuration that must be set according to the access logger extension being instantiated. + // [#extension-category: envoy.access_loggers] oneof config_type { google.protobuf.Any typed_config = 4; } @@ -254,6 +244,8 @@ message ResponseFlagFilter { in: "RFCF" in: "NFCF" in: "DT" + in: "UPE" + in: "NC" } } }]; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto index 476d841bf25..19784ab2a35 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto @@ -2,6 +2,7 @@ syntax = "proto3"; package envoy.config.bootstrap.v3; +import "envoy/config/accesslog/v3/accesslog.proto"; import "envoy/config/cluster/v3/cluster.proto"; import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; @@ -20,6 +21,7 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; @@ -186,10 +188,12 @@ message Bootstrap { // Optional watchdog configuration. // This is for a single watchdog configuration for the entire system. // Deprecated in favor of *watchdogs* which has finer granularity. - Watchdog watchdog = 8 [deprecated = true]; + Watchdog watchdog = 8 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Optional watchdogs configuration. // This is used for specifying different watchdogs for the different subsystems. + // [#extension-category: envoy.guarddog_actions] Watchdogs watchdogs = 27; // Configuration for an external tracing provider. @@ -197,7 +201,8 @@ message Bootstrap { // .. attention:: // This field has been deprecated in favor of :ref:`HttpConnectionManager.Tracing.provider // `. - trace.v3.Tracing tracing = 9 [deprecated = true]; + trace.v3.Tracing tracing = 9 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Configuration for the runtime configuration provider. If not // specified, a “null” provider will be used which will result in all defaults @@ -249,6 +254,7 @@ message Bootstrap { // Specifies optional bootstrap extensions to be instantiated at startup time. // Each item contains extension specific configuration. + // [#extension-category: envoy.bootstrap] repeated core.v3.TypedExtensionConfig bootstrap_extensions = 21; // Specifies optional extensions instantiated at startup time and @@ -293,13 +299,20 @@ message Bootstrap { // Administration interface :ref:`operations documentation // `. +// [#next-free-field: 6] message Admin { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Admin"; + // Configuration for :ref:`access logs ` + // emitted by the administration server. + repeated accesslog.v3.AccessLog access_log = 5; + // The path to write the access log for the administration server. If no // access log is desired specify ‘/dev/null’. This is only required if // :ref:`address ` is set. - string access_log_path = 1; + // Deprecated in favor of *access_log* which offers more options. + string access_log_path = 1 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // The cpu profiler output path for the administration server. If no profile // path is specified, the default is ‘/var/log/envoy/envoy.prof’. diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto index 145a8b69519..e72a0aa80e1 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto @@ -21,6 +21,8 @@ import "google/protobuf/wrappers.proto"; import "xds/core/v3/collection_entry.proto"; +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -158,6 +160,7 @@ message Cluster { google.protobuf.Struct match = 2; // The configuration of the transport socket. + // [#extension-category: envoy.transport_sockets.upstream] core.v3.TransportSocket transport_socket = 3; } @@ -171,6 +174,7 @@ message Cluster { // Cluster specific configuration which depends on the cluster being instantiated. // See the supported cluster for further documentation. + // [#extension-category: envoy.clusters] google.protobuf.Any typed_config = 2; } @@ -681,11 +685,16 @@ message Cluster { // Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics. string name = 1 [(validate.rules).string = {min_len: 1}]; - // An optional alternative to the cluster name to be used while emitting stats. - // Any ``:`` in the name will be converted to ``_`` when emitting statistics. This should not be - // confused with :ref:`Router Filter Header - // `. - string alt_stat_name = 28; + // An optional alternative to the cluster name to be used for observability. This name is used + // emitting stats for the cluster and access logging the cluster name. This will appear as + // additional information in configuration dumps of a cluster's current status as + // :ref:`observability_name ` + // and as an additional tag "upstream_cluster.name" while tracing. Note: access logging using + // this field is presently enabled with runtime feature + // `envoy.reloadable_features.use_observable_cluster_name`. Any ``:`` in the name will be + // converted to ``_`` when emitting statistics. This should not be confused with :ref:`Router + // Filter Header `. + string alt_stat_name = 28 [(udpa.annotations.field_migrate).rename = "observability_name"]; oneof cluster_discovery_type { // The :ref:`service discovery type ` @@ -747,10 +756,11 @@ message Cluster { // in the :ref:`http_protocol_options ` message. // upstream_http_protocol_options can be set via the cluster's // :ref:`extension_protocol_options`. - // See ref:`upstream_http_protocol_options + // See :ref:`upstream_http_protocol_options // ` // for example usage. - core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46 [deprecated = true]; + core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Additional options when handling HTTP requests upstream. These options will be applicable to // both HTTP1 and HTTP2 requests. @@ -759,20 +769,22 @@ message Cluster { // in the :ref:`http_protocol_options ` message. // common_http_protocol_options can be set via the cluster's // :ref:`extension_protocol_options`. - // See ref:`upstream_http_protocol_options + // See :ref:`upstream_http_protocol_options // ` // for example usage. - core.v3.HttpProtocolOptions common_http_protocol_options = 29 [deprecated = true]; + core.v3.HttpProtocolOptions common_http_protocol_options = 29 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Additional options when handling HTTP1 requests. // This has been deprecated in favor of http_protocol_options fields in the in the // :ref:`http_protocol_options ` message. // http_protocol_options can be set via the cluster's // :ref:`extension_protocol_options`. - // See ref:`upstream_http_protocol_options + // See :ref:`upstream_http_protocol_options // ` // for example usage. - core.v3.Http1ProtocolOptions http_protocol_options = 13 [deprecated = true]; + core.v3.Http1ProtocolOptions http_protocol_options = 13 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Even if default HTTP2 protocol options are desired, this field must be // set so that Envoy will assume that the upstream supports HTTP/2 when @@ -784,11 +796,14 @@ message Cluster { // :ref:`http_protocol_options ` // message. http2_protocol_options can be set via the cluster's // :ref:`extension_protocol_options`. - // See ref:`upstream_http_protocol_options + // See :ref:`upstream_http_protocol_options // ` // for example usage. - core.v3.Http2ProtocolOptions http2_protocol_options = 14 - [deprecated = true, (udpa.annotations.security).configure_for_untrusted_upstream = true]; + core.v3.Http2ProtocolOptions http2_protocol_options = 14 [ + deprecated = true, + (udpa.annotations.security).configure_for_untrusted_upstream = true, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; // The extension_protocol_options field is used to provide extension-specific protocol options // for upstream connections. The key should match the extension filter name, such as @@ -924,7 +939,8 @@ message Cluster { // ` message. // http_protocol_options can be set via the cluster's // :ref:`extension_protocol_options`. - ClusterProtocolSelection protocol_selection = 26 [deprecated = true]; + ClusterProtocolSelection protocol_selection = 26 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Optional options for upstream connections. UpstreamConnectionOptions upstream_connection_options = 30; @@ -985,7 +1001,8 @@ message Cluster { // // This field has been deprecated in favor of `timeout_budgets`, part of // :ref:`track_cluster_stats `. - bool track_timeout_budgets = 47 [deprecated = true]; + bool track_timeout_budgets = 47 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Optional customization and configuration of upstream connection pool, and upstream type. // @@ -1004,6 +1021,7 @@ message Cluster { // If users desire custom connection pool or upstream behavior, for example terminating // CONNECT only if a custom filter indicates it is appropriate, the custom factories // can be registered and configured here. + // [#extension-category: envoy.upstreams] core.v3.TypedExtensionConfig upstream_config = 48; // Configuration to track optional cluster stats. diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto index 9bb5633e626..e69b4469185 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto @@ -151,7 +151,7 @@ message OutlierDetection { google.protobuf.UInt32Value failure_percentage_request_volume = 20; // The maximum time that a host is ejected for. See :ref:`base_ejection_time` - // for more information. - // Defaults to 300000ms or 300s. + // for more information. If not specified, the default value (300000ms or 300s) or + // :ref:`base_ejection_time` value is applied, whatever is larger. google.protobuf.Duration max_ejection_time = 21 [(validate.rules).duration = {gt {}}]; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto index 8228450eb93..a6fc6690a35 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto @@ -155,6 +155,6 @@ message CidrRange { // IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``. string address_prefix = 1 [(validate.rules).string = {min_len: 1}]; - // Length of prefix, e.g. 0, 32. + // Length of prefix, e.g. 0, 32. Defaults to 0 when unset. google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}]; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto index c1f2a913aa5..f5e677caf95 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto @@ -12,6 +12,9 @@ import "google/protobuf/any.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; +import "xds/core/v3/context_params.proto"; + +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -131,7 +134,7 @@ message Extension { // Identifies a specific Envoy instance. The node identifier is presented to the // management server, which may use this identifier to distinguish per Envoy // configuration for serving. -// [#next-free-field: 12] +// [#next-free-field: 13] message Node { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Node"; @@ -165,6 +168,13 @@ message Node { // directly to the management server. google.protobuf.Struct metadata = 3; + // Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike + // other fields in this message). For example, the xDS client may have a shard identifier that + // changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the + // dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic + // parameter then appears in this field during future discovery requests. + map dynamic_parameters = 12; + // Locality specifying where the Envoy instance is running. Locality locality = 4; @@ -195,7 +205,8 @@ message Node { // for filtering :ref:`listeners ` to be returned. For example, // if there is a listener bound to port 80, the list can optionally contain the // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint. - repeated Address listening_addresses = 11 [deprecated = true]; + repeated Address listening_addresses = 11 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; } // Metadata provides additional inputs to filters based on matched listeners, diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto index 9de03625dce..c83e9125c70 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto @@ -27,10 +27,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0 [deprecated = true]; + AUTO = 0 [deprecated = true, (envoy.annotations.deprecated_at_minor_version_enum) = "3.0"]; // Use xDS v2 API. - V2 = 1 [deprecated = true]; + V2 = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version_enum) = "3.0"]; // Use xDS v3 API. V3 = 2; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto index e3730d01741..103c8b90f63 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto @@ -124,6 +124,7 @@ message GrpcService { string name = 1; + // [#extension-category: envoy.grpc_credentials] oneof config_type { google.protobuf.Any typed_config = 3; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto index e4ad7429e0d..27710830536 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto @@ -189,6 +189,7 @@ message HealthCheck { // A custom health checker specific configuration which depends on the custom health checker // being instantiated. See :api:`envoy/config/health_checker` for reference. + // [#extension-category: envoy.health_checkers] oneof config_type { google.protobuf.Any typed_config = 3; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto index 069028d25fd..4109b19a4ab 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto @@ -2,11 +2,13 @@ syntax = "proto3"; package envoy.config.core.v3; +import "envoy/config/core/v3/extension.proto"; import "envoy/type/v3/percent.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -24,6 +26,13 @@ message TcpProtocolOptions { "envoy.api.v2.core.TcpProtocolOptions"; } +// QUIC protocol options which apply to both downstream and upstream connections. +message QuicProtocolOptions { + // Maximum number of streams that the client can negotiate per connection. 100 + // if not specified. + google.protobuf.UInt32Value max_concurrent_streams = 1; +} + message UpstreamHttpProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.UpstreamHttpProtocolOptions"; @@ -111,6 +120,7 @@ message Http1ProtocolOptions { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Http1ProtocolOptions"; + // [#next-free-field: 9] message HeaderKeyFormat { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Http1ProtocolOptions.HeaderKeyFormat"; @@ -129,6 +139,11 @@ message Http1ProtocolOptions { // Note that while this results in most headers following conventional casing, certain headers // are not covered. For example, the "TE" header will be formatted as "Te". ProperCaseWords proper_case_words = 1; + + // Configuration for stateful formatter extensions that allow using received headers to + // affect the output of encoding headers. E.g., preserving case during proxying. + // [#extension-category: envoy.http.stateful_header_formatters] + TypedExtensionConfig stateful_formatter = 8; } } @@ -237,6 +252,10 @@ message Http2ProtocolOptions { // For upstream connections, this also limits how many streams Envoy will initiate concurrently // on a single connection. If the limit is reached, Envoy may queue requests or establish // additional connections (as allowed per circuit breaker limits). + // + // This acts as an upper bound: Envoy will lower the max concurrent streams allowed on a given + // connection based on upstream settings. Config dumps will reflect the configured upper bound, + // not the per-connection negotiated limits. google.protobuf.UInt32Value max_concurrent_streams = 2 [(validate.rules).uint32 = {lte: 2147483647 gte: 1}]; @@ -343,7 +362,8 @@ message Http2ProtocolOptions { // ` // // See `RFC7540, sec. 8.1 `_ for details. - bool stream_error_on_invalid_http_messaging = 12 [deprecated = true]; + bool stream_error_on_invalid_http_messaging = 12 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Allows invalid HTTP messaging and headers. When this option is disabled (default), then // the whole HTTP/2 connection is terminated upon receiving invalid HEADERS frame. However, @@ -398,8 +418,15 @@ message GrpcProtocolOptions { // [#not-implemented-hide:] // -// A message which allows using HTTP/3 as an upstream protocol. -// -// Eventually this will include configuration for tuning HTTP/3. +// A message which allows using HTTP/3. message Http3ProtocolOptions { + QuicProtocolOptions quic_protocol_options = 1; + + // Allows invalid HTTP messaging and headers. When this option is disabled (default), then + // the whole HTTP/3 connection is terminated upon receiving invalid HEADERS frame. However, + // when this option is enabled, only the offending stream is terminated. + // + // If set, this overrides any HCM :ref:`stream_error_on_invalid_http_messaging + // `. + google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 2; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto index 5d9c5b2ecd0..85eeabe6621 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto @@ -7,6 +7,7 @@ import "envoy/config/core/v3/extension.proto"; import "google/protobuf/struct.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -41,7 +42,8 @@ message SubstitutionFormatString { // upstream connect error:503:path=/foo // // Deprecated in favor of :ref:`text_format_source `. To migrate text format strings, use the :ref:`inline_string ` field. - string text_format = 1 [deprecated = true]; + string text_format = 1 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Specify a format with command operators to form a JSON string. // Its details is described in :ref:`format dictionary`. diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/udp_socket_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/udp_socket_config.proto new file mode 100644 index 00000000000..00033eabdb8 --- /dev/null +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/udp_socket_config.proto @@ -0,0 +1,31 @@ +syntax = "proto3"; + +package envoy.config.core.v3; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v3"; +option java_outer_classname = "UdpSocketConfigProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: UDP socket config] + +// Generic UDP socket configuration. +message UdpSocketConfig { + // The maximum size of received UDP datagrams. Using a larger size will cause Envoy to allocate + // more memory per socket. Received datagrams above this size will be dropped. If not set + // defaults to 1500 bytes. + google.protobuf.UInt64Value max_rx_datagram_size = 1 + [(validate.rules).uint64 = {lt: 65536 gt: 0}]; + + // Configures whether Generic Receive Offload (GRO) + // _ is preferred when reading from the + // UDP socket. The default is context dependent and is documented where UdpSocketConfig is used. + // This option affects performance but not functionality. If GRO is not supported by the operating + // system, non-GRO receive will be used. + google.protobuf.BoolValue prefer_gro = 2; +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto index c05032df21a..3e7a4dc1776 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto @@ -299,10 +299,8 @@ message HttpConnectionManager { // The maximum request headers size for incoming connections. // If unconfigured, the default max request headers allowed is 60 KiB. // Requests that exceed this limit will receive a 431 response. - // The max configurable limit is 96 KiB, based on current implementation - // constraints. google.protobuf.UInt32Value max_request_headers_kb = 29 - [(validate.rules).uint32 = {lte: 96 gt: 0}]; + [(validate.rules).uint32 = {lte: 8192 gt: 0}]; // The idle timeout for connections managed by the connection manager. The // idle timeout is defined as the period in which there are no active diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/api_listener.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/api_listener.proto index 4d3879a22b1..1dc94edc74b 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/api_listener.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/api_listener.proto @@ -22,7 +22,7 @@ message ApiListener { // The type in this field determines the type of API listener. At present, the following // types are supported: - // envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager (HTTP) + // envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager (HTTP) // [#next-major-version: In the v3 API, replace this Any field with a oneof containing the // specific config message for each type of API listener. We could not do this in v2 because // it would have caused circular dependencies for go protos: lds.proto depends on this file, diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto index 2b8a1d9298f..5461318ada0 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto @@ -5,7 +5,6 @@ package envoy.config.listener.v3; import "envoy/config/accesslog/v3/accesslog.proto"; import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; -import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/socket_option.proto"; import "envoy/config/listener/v3/api_listener.proto"; import "envoy/config/listener/v3/listener_components.proto"; @@ -16,6 +15,7 @@ import "google/protobuf/wrappers.proto"; import "xds/core/v3/collection_entry.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -35,7 +35,7 @@ message ListenerCollection { repeated xds.core.v3.CollectionEntry entries = 1; } -// [#next-free-field: 27] +// [#next-free-field: 29] message Listener { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener"; @@ -88,7 +88,12 @@ message Listener { } } - reserved 14; + // Configuration for envoy internal listener. All the future internal listener features should be added here. + // [#not-implemented-hide:] + message InternalListenerConfig { + } + + reserved 14, 23; // The unique name by which this listener is known. If no name is provided, // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically @@ -100,6 +105,11 @@ message Listener { // Linux as the actual port will be allocated by the OS. core.v3.Address address = 2 [(validate.rules).message = {required: true}]; + // Optional prefix to use on listener stats. If empty, the stats will be rooted at + // `listener.
.`. If non-empty, stats will be rooted at + // `listener..`. + string stat_prefix = 28; + // A list of filter chains to consider for this listener. The // :ref:`FilterChain ` with the most specific // :ref:`FilterChainMatch ` criteria is used on a @@ -129,7 +139,8 @@ message Listener { core.v3.Metadata metadata = 6; // [#not-implemented-hide:] - DeprecatedV1 deprecated_v1 = 7 [deprecated = true]; + DeprecatedV1 deprecated_v1 = 7 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // The type of draining to perform at a listener-wide level. DrainType drain_type = 8; @@ -205,14 +216,14 @@ message Listener { google.protobuf.UInt32Value tcp_fast_open_queue_length = 12; // Specifies the intended direction of the traffic relative to the local Envoy. + // This property is required on Windows for listeners using the original destination filter, + // see :ref:`Original Destination `. core.v3.TrafficDirection traffic_direction = 16; // If the protocol in the listener socket address in :ref:`protocol // ` is :ref:`UDP - // `, this field specifies the actual udp - // listener to create, i.e. :ref:`udp_listener_name - // ` = "raw_udp_listener" for - // creating a packet-oriented UDP listener. If not present, treat it as "raw_udp_listener". + // `, this field specifies UDP + // listener specific configuration. UdpListenerConfig udp_listener_config = 18; // Used to represent an API listener, which is used in non-proxy clients. The type of API @@ -236,6 +247,12 @@ message Listener { // The listener's connection balancer configuration, currently only applicable to TCP listeners. // If no configuration is specified, Envoy will not attempt to balance active connections between // worker threads. + // + // In the scenario that the listener X redirects all the connections to the listeners Y1 and Y2 + // by setting :ref:`use_original_dst ` in X + // and :ref:`bind_to_port ` to false in Y1 and Y2, + // it is recommended to disable the balance config in listener X to avoid the cost of balancing, and + // enable the balance config in Y1 and Y2 to balance the connections among the workers. ConnectionBalanceConfig connection_balance_config = 20; // When this flag is set to true, listeners set the *SO_REUSEPORT* socket option and @@ -254,16 +271,6 @@ message Listener { // emitted by this listener. repeated accesslog.v3.AccessLog access_log = 22; - // If the protocol in the listener socket address in :ref:`protocol - // ` is :ref:`UDP - // `, this field specifies the actual udp - // writer to create, i.e. :ref:`name ` - // = "udp_default_writer" for creating a udp writer with writing in passthrough mode, - // = "udp_gso_batch_writer" for creating a udp writer with writing in batch mode. - // If not present, treat it as "udp_default_writer". - // [#not-implemented-hide:] - core.v3.TypedExtensionConfig udp_writer_config = 23; - // The maximum length a tcp listener's pending connections queue can grow to. If no value is // provided net.core.somaxconn will be used on Linux and 128 otherwise. google.protobuf.UInt32Value tcp_backlog_size = 24; @@ -273,4 +280,26 @@ message Listener { // :ref:`use_original_dst ` // to true. Default is true. google.protobuf.BoolValue bind_to_port = 26; + + // The exclusive listener type and the corresponding config. + // TODO(lambdai): https://github.com/envoyproxy/envoy/issues/15372 + // Will create and add TcpListenerConfig. Will add UdpListenerConfig and ApiListener. + // [#not-implemented-hide:] + oneof listener_specifier { + // Used to represent an internal listener which does not listen on OSI L4 address but can be used by the + // :ref:`envoy cluster ` to create a user space connection to. + // The internal listener acts as a tcp listener. It supports listener filters and network filter chains. + // The internal listener require :ref:`address ` has + // field `envoy_internal_address`. + // + // There are some limitations are derived from the implementation. The known limitations include + // + // * :ref:`ConnectionBalanceConfig ` is not + // allowed because both cluster connection and listener connection must be owned by the same dispatcher. + // * :ref:`tcp_backlog_size ` + // * :ref:`freebind ` + // * :ref:`transparent ` + // [#not-implemented-hide:] + InternalListenerConfig internal_listener = 27; + } } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto index 4ee2f1b53fd..55ffcd6490e 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto @@ -11,6 +11,7 @@ import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -38,6 +39,7 @@ message Filter { oneof config_type { // Filter specific configuration which depends on the filter being // instantiated. See the supported filters for further documentation. + // [#extension-category: envoy.filters.network] google.protobuf.Any typed_config = 4; // Configuration source specifier for an extension configuration discovery @@ -229,7 +231,8 @@ message FilterChain { // This field is deprecated. Add a // :ref:`PROXY protocol listener filter ` // explicitly instead. - google.protobuf.BoolValue use_proxy_proto = 4 [deprecated = true]; + google.protobuf.BoolValue use_proxy_proto = 4 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // [#not-implemented-hide:] filter chain metadata. core.v3.Metadata metadata = 5; @@ -239,6 +242,7 @@ message FilterChain { // :ref:`DownstreamTlsContext ` in the `typed_config`. // If no transport socket configuration is specified, new connections // will be set up with plaintext. + // [#extension-category: envoy.transport_sockets.downstream] core.v3.TransportSocket transport_socket = 6; // If present and nonzero, the amount of time to allow incoming connections to complete any @@ -333,9 +337,10 @@ message ListenerFilter { // :ref:`supported filter `. string name = 1 [(validate.rules).string = {min_len: 1}]; - // Filter specific configuration which depends on the filter being instantiated. - // See the supported filters for further documentation. oneof config_type { + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. + // [#extension-category: envoy.filters.listener,envoy.filters.udp_listener] google.protobuf.Any typed_config = 3; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto new file mode 100644 index 00000000000..69df722c6fb --- /dev/null +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto @@ -0,0 +1,38 @@ +syntax = "proto3"; + +package envoy.config.listener.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/protocol.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.config.listener.v3"; +option java_outer_classname = "QuicConfigProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: QUIC listener config] + +// Configuration specific to the UDP QUIC listener. +message QuicProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.listener.QuicProtocolOptions"; + + core.v3.QuicProtocolOptions quic_protocol_options = 1; + + // Maximum number of milliseconds that connection will be alive when there is + // no network activity. 300000ms if not specified. + google.protobuf.Duration idle_timeout = 2; + + // Connection timeout in milliseconds before the crypto handshake is finished. + // 20000ms if not specified. + google.protobuf.Duration crypto_handshake_timeout = 3; + + // Runtime flag that controls whether the listener is enabled or not. If not specified, defaults + // to enabled. + core.v3.RuntimeFeatureFlag enabled = 4; +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto index fe39be9b352..614f7e9d323 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto @@ -2,7 +2,8 @@ syntax = "proto3"; package envoy.config.listener.v3; -import "google/protobuf/any.proto"; +import "envoy/config/core/v3/udp_socket_config.proto"; +import "envoy/config/listener/v3/quic_config.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -12,27 +13,29 @@ option java_outer_classname = "UdpListenerConfigProto"; option java_multiple_files = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; -// [#protodoc-title: UDP Listener Config] +// [#protodoc-title: UDP listener config] // Listener :ref:`configuration overview ` +// [#next-free-field: 8] message UdpListenerConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.UdpListenerConfig"; - reserved 2; + reserved 1, 2, 3, 4, 6; reserved "config"; - // Used to look up UDP listener factory, matches "raw_udp_listener" or - // "quic_listener" to create a specific udp listener. - // If not specified, treat as "raw_udp_listener". - string udp_listener_name = 1; - - // Used to create a specific listener factory. To some factory, e.g. - // "raw_udp_listener", config is not needed. - oneof config_type { - google.protobuf.Any typed_config = 3; - } + // UDP socket configuration for the listener. The default for + // :ref:`prefer_gro ` is false for + // listener sockets. If receiving a large amount of datagrams from a small number of sources, it + // may be worthwhile to enable this option after performance testing. + core.v3.UdpSocketConfig downstream_socket_config = 5; + + // Configuration for QUIC protocol. If empty, QUIC will not be enabled on this listener. Set + // to the default object to enable QUIC without modifying any additional options. + // [#not-implemented-hide:] + // [#comment:Unhide when QUIC alpha is announced with other docs.] + QuicProtocolOptions quic_options = 7; } message ActiveRawUdpListenerConfig { diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto index 16335b2a1c1..4893b5504ac 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto @@ -29,18 +29,14 @@ message StatsSink { reserved "config"; // The name of the stats sink to instantiate. The name must match a supported - // stats sink. The built-in stats sinks are: - // - // * :ref:`envoy.stat_sinks.statsd ` - // * :ref:`envoy.stat_sinks.dog_statsd ` - // * :ref:`envoy.stat_sinks.metrics_service ` - // * :ref:`envoy.stat_sinks.hystrix ` - // + // stats sink. + // See the :ref:`extensions listed in typed_config below ` for the default list of available stats sink. // Sinks optionally support tagged/multiple dimensional metrics. string name = 1; // Stats sink specific configuration which depends on the sink being instantiated. See // :ref:`StatsdSink ` for an example. + // [#extension-category: envoy.stats_sinks] oneof config_type { google.protobuf.Any typed_config = 3; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto b/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto index 7c51d493b49..4445af63211 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto @@ -32,15 +32,12 @@ message ResourceMonitor { reserved "config"; // The name of the resource monitor to instantiate. Must match a registered - // resource monitor type. The built-in resource monitors are: - // - // * :ref:`envoy.resource_monitors.fixed_heap - // ` - // * :ref:`envoy.resource_monitors.injected_resource - // ` + // resource monitor type. + // See the :ref:`extensions listed in typed_config below ` for the default list of available resource monitor. string name = 1 [(validate.rules).string = {min_len: 1}]; // Configuration for the resource monitor being instantiated. + // [#extension-category: envoy.resource_monitors] oneof config_type { google.protobuf.Any typed_config = 3; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto new file mode 100644 index 00000000000..11fc66ee0c1 --- /dev/null +++ b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto @@ -0,0 +1,298 @@ +syntax = "proto3"; + +package envoy.config.rbac.v3; + +import "envoy/config/core/v3/address.proto"; +import "envoy/config/route/v3/route_components.proto"; +import "envoy/type/matcher/v3/metadata.proto"; +import "envoy/type/matcher/v3/path.proto"; +import "envoy/type/matcher/v3/string.proto"; + +import "google/api/expr/v1alpha1/checked.proto"; +import "google/api/expr/v1alpha1/syntax.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.rbac.v3"; +option java_outer_classname = "RbacProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Role Based Access Control (RBAC)] + +// Role Based Access Control (RBAC) provides service-level and method-level access control for a +// service. RBAC policies are additive. The policies are examined in order. Requests are allowed +// or denied based on the `action` and whether a matching policy is found. For instance, if the +// action is ALLOW and a matching policy is found the request should be allowed. +// +// RBAC can also be used to make access logging decisions by communicating with access loggers +// through dynamic metadata. When the action is LOG and at least one policy matches, the +// `access_log_hint` value in the shared key namespace 'envoy.common' is set to `true` indicating +// the request should be logged. +// +// Here is an example of RBAC configuration. It has two policies: +// +// * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so +// does "cluster.local/ns/default/sa/superuser". +// +// * Any user can read ("GET") the service at paths with prefix "/products", so long as the +// destination port is either 80 or 443. +// +// .. code-block:: yaml +// +// action: ALLOW +// policies: +// "service-admin": +// permissions: +// - any: true +// principals: +// - authenticated: +// principal_name: +// exact: "cluster.local/ns/default/sa/admin" +// - authenticated: +// principal_name: +// exact: "cluster.local/ns/default/sa/superuser" +// "product-viewer": +// permissions: +// - and_rules: +// rules: +// - header: { name: ":method", exact_match: "GET" } +// - url_path: +// path: { prefix: "/products" } +// - or_rules: +// rules: +// - destination_port: 80 +// - destination_port: 443 +// principals: +// - any: true +// +message RBAC { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.RBAC"; + + // Should we do safe-list or block-list style access control? + enum Action { + // The policies grant access to principals. The rest are denied. This is safe-list style + // access control. This is the default type. + ALLOW = 0; + + // The policies deny access to principals. The rest are allowed. This is block-list style + // access control. + DENY = 1; + + // The policies set the `access_log_hint` dynamic metadata key based on if requests match. + // All requests are allowed. + LOG = 2; + } + + // The action to take if a policy matches. Every action either allows or denies a request, + // and can also carry out action-specific operations. + // + // Actions: + // + // * ALLOW: Allows the request if and only if there is a policy that matches + // the request. + // * DENY: Allows the request if and only if there are no policies that + // match the request. + // * LOG: Allows all requests. If at least one policy matches, the dynamic + // metadata key `access_log_hint` is set to the value `true` under the shared + // key namespace 'envoy.common'. If no policies match, it is set to `false`. + // Other actions do not modify this key. + // + Action action = 1 [(validate.rules).enum = {defined_only: true}]; + + // Maps from policy name to policy. A match occurs when at least one policy matches the request. + map policies = 2; +} + +// Policy specifies a role and the principals that are assigned/denied the role. +// A policy matches if and only if at least one of its permissions match the +// action taking place AND at least one of its principals match the downstream +// AND the condition is true if specified. +message Policy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Policy"; + + // Required. The set of permissions that define a role. Each permission is + // matched with OR semantics. To match all actions for this policy, a single + // Permission with the `any` field set to true should be used. + repeated Permission permissions = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Required. The set of principals that are assigned/denied the role based on + // “action”. Each principal is matched with OR semantics. To match all + // downstreams for this policy, a single Principal with the `any` field set to + // true should be used. + repeated Principal principals = 2 [(validate.rules).repeated = {min_items: 1}]; + + // An optional symbolic expression specifying an access control + // :ref:`condition `. The condition is combined + // with the permissions and the principals as a clause with AND semantics. + // Only be used when checked_condition is not used. + google.api.expr.v1alpha1.Expr condition = 3 + [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"]; + + // [#not-implemented-hide:] + // An optional symbolic expression that has been successfully type checked. + // Only be used when condition is not used. + google.api.expr.v1alpha1.CheckedExpr checked_condition = 4 + [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"]; +} + +// Permission defines an action (or actions) that a principal can take. +// [#next-free-field: 11] +message Permission { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Permission"; + + // Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context, + // each are applied with the associated behavior. + message Set { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.rbac.v2.Permission.Set"; + + repeated Permission rules = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + oneof rule { + option (validate.required) = true; + + // A set of rules that all must match in order to define the action. + Set and_rules = 1; + + // A set of rules where at least one must match in order to define the action. + Set or_rules = 2; + + // When any is set, it matches any action. + bool any = 3 [(validate.rules).bool = {const: true}]; + + // A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only + // available for HTTP request. + // Note: the pseudo-header :path includes the query and fragment string. Use the `url_path` + // field if you want to match the URL path without the query and fragment string. + route.v3.HeaderMatcher header = 4; + + // A URL path on the incoming HTTP request. Only available for HTTP. + type.matcher.v3.PathMatcher url_path = 10; + + // A CIDR block that describes the destination IP. + core.v3.CidrRange destination_ip = 5; + + // A port number that describes the destination port connecting to. + uint32 destination_port = 6 [(validate.rules).uint32 = {lte: 65535}]; + + // Metadata that describes additional information about the action. + type.matcher.v3.MetadataMatcher metadata = 7; + + // Negates matching the provided permission. For instance, if the value of + // `not_rule` would match, this permission would not match. Conversely, if + // the value of `not_rule` would not match, this permission would match. + Permission not_rule = 8; + + // The request server from the client's connection request. This is + // typically TLS SNI. + // + // .. attention:: + // + // The behavior of this field may be affected by how Envoy is configured + // as explained below. + // + // * If the :ref:`TLS Inspector ` + // filter is not added, and if a `FilterChainMatch` is not defined for + // the :ref:`server name + // `, + // a TLS connection's requested SNI server name will be treated as if it + // wasn't present. + // + // * A :ref:`listener filter ` may + // overwrite a connection's requested server name within Envoy. + // + // Please refer to :ref:`this FAQ entry ` to learn to + // setup SNI. + type.matcher.v3.StringMatcher requested_server_name = 9; + } +} + +// Principal defines an identity or a group of identities for a downstream +// subject. +// [#next-free-field: 12] +message Principal { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Principal"; + + // Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. + // Depending on the context, each are applied with the associated behavior. + message Set { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.rbac.v2.Principal.Set"; + + repeated Principal ids = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // Authentication attributes for a downstream. + message Authenticated { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.rbac.v2.Principal.Authenticated"; + + reserved 1; + + // The name of the principal. If set, The URI SAN or DNS SAN in that order + // is used from the certificate, otherwise the subject field is used. If + // unset, it applies to any user that is authenticated. + type.matcher.v3.StringMatcher principal_name = 2; + } + + oneof identifier { + option (validate.required) = true; + + // A set of identifiers that all must match in order to define the + // downstream. + Set and_ids = 1; + + // A set of identifiers at least one must match in order to define the + // downstream. + Set or_ids = 2; + + // When any is set, it matches any downstream. + bool any = 3 [(validate.rules).bool = {const: true}]; + + // Authenticated attributes that identify the downstream. + Authenticated authenticated = 4; + + // A CIDR block that describes the downstream IP. + // This address will honor proxy protocol, but will not honor XFF. + core.v3.CidrRange source_ip = 5 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // A CIDR block that describes the downstream remote/origin address. + // Note: This is always the physical peer even if the + // :ref:`remote_ip ` is + // inferred from for example the x-forwarder-for header, proxy protocol, + // etc. + core.v3.CidrRange direct_remote_ip = 10; + + // A CIDR block that describes the downstream remote/origin address. + // Note: This may not be the physical peer and could be different from the + // :ref:`direct_remote_ip + // `. E.g, if the + // remote ip is inferred from for example the x-forwarder-for header, proxy + // protocol, etc. + core.v3.CidrRange remote_ip = 11; + + // A header (or pseudo-header such as :path or :method) on the incoming HTTP + // request. Only available for HTTP request. Note: the pseudo-header :path + // includes the query and fragment string. Use the `url_path` field if you + // want to match the URL path without the query and fragment string. + route.v3.HeaderMatcher header = 6; + + // A URL path on the incoming HTTP request. Only available for HTTP. + type.matcher.v3.PathMatcher url_path = 9; + + // Metadata that describes additional information about the principal. + type.matcher.v3.MetadataMatcher metadata = 7; + + // Negates matching the provided principal. For instance, if the value of + // `not_id` would match, this principal would not match. Conversely, if the + // value of `not_id` would not match, this principal would match. + Principal not_id = 8; + } +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto index 8fe650ceb98..9532757cae4 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto @@ -202,7 +202,7 @@ message FilterAction { // // Envoy supports routing on HTTP method via :ref:`header matching // `. -// [#next-free-field: 18] +// [#next-free-field: 19] message Route { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Route"; @@ -229,11 +229,17 @@ message Route { DirectResponseAction direct_response = 7; // [#not-implemented-hide:] - // If true, a filter will define the action (e.g., it could dynamically generate the - // RouteAction). + // A filter-defined action (e.g., it could dynamically generate the RouteAction). // [#comment: TODO(samflattery): Remove cleanup in route_fuzz_test.cc when // implemented] FilterAction filter_action = 17; + + // [#not-implemented-hide:] + // An action used when the route will generate a response directly, + // without forwarding to an upstream host. This will be used in non-proxy + // xDS clients like the gRPC server. It could also be used in the future + // in Envoy for a filter that directly generates responses for requests. + NonForwardingAction non_forwarding_action = 18; } // The Metadata field can be used to provide additional information @@ -455,7 +461,7 @@ message RouteMatch { // where Extended CONNECT requests may have a path, the path matchers will work if // there is a path present. // Note that CONNECT support is currently considered alpha in Envoy. - // [#comment:TODO(htuch): Replace the above comment with an alpha tag. + // [#comment: TODO(htuch): Replace the above comment with an alpha tag.] ConnectMatcher connect_matcher = 12; } @@ -770,7 +776,7 @@ message RouteAction { // Configuration for sending data upstream as a raw data payload. This is used for // CONNECT requests, when forwarding CONNECT payload as raw TCP. // Note that CONNECT support is currently considered alpha in Envoy. - // [#comment:TODO(htuch): Replace the above comment with an alpha tag. + // [#comment: TODO(htuch): Replace the above comment with an alpha tag.] ConnectConfig connect_config = 3; } @@ -1022,7 +1028,8 @@ message RouteAction { // request. // // This field is deprecated. Please use :ref:`vh_rate_limits ` - google.protobuf.BoolValue include_vh_rate_limits = 14 [deprecated = true]; + google.protobuf.BoolValue include_vh_rate_limits = 14 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Specifies a list of hash policies to use for ring hash load balancing. Each // hash policy is evaluated individually and the combined result is used to @@ -1061,7 +1068,8 @@ message RouteAction { // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the // :ref:`retry overview `. - google.protobuf.Duration max_grpc_timeout = 23 [deprecated = true]; + google.protobuf.Duration max_grpc_timeout = 23 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Deprecated by :ref:`grpc_timeout_header_offset `. // If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting @@ -1071,7 +1079,8 @@ message RouteAction { // The offset will only be applied if the provided grpc_timeout is greater than the offset. This // ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning // infinity). - google.protobuf.Duration grpc_timeout_offset = 28 [deprecated = true]; + google.protobuf.Duration grpc_timeout_offset = 28 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; repeated UpgradeConfig upgrade_configs = 25; @@ -1081,7 +1090,8 @@ message RouteAction { // `. InternalRedirectPolicy internal_redirect_policy = 34; - InternalRedirectAction internal_redirect_action = 26 [deprecated = true]; + InternalRedirectAction internal_redirect_action = 26 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // An internal redirect is handled, iff the number of previous internal redirects that a // downstream request has encountered is lower than this value, and @@ -1097,7 +1107,8 @@ message RouteAction { // will pass the redirect back to downstream. // // If not specified, at most one redirect will be followed. - google.protobuf.UInt32Value max_internal_redirects = 31 [deprecated = true]; + google.protobuf.UInt32Value max_internal_redirects = 31 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Indicates that the route has a hedge policy. Note that if this is set, // it'll take precedence over the virtual host level hedge policy entirely @@ -1128,6 +1139,7 @@ message RetryPolicy { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.retry_priorities] oneof config_type { google.protobuf.Any typed_config = 3; } @@ -1143,6 +1155,7 @@ message RetryPolicy { string name = 1 [(validate.rules).string = {min_len: 1}]; + // [#extension-category: envoy.retry_host_predicates] oneof config_type { google.protobuf.Any typed_config = 3; } @@ -1462,6 +1475,10 @@ message DirectResponseAction { core.v3.DataSource body = 2; } +// [#not-implemented-hide:] +message NonForwardingAction { +} + message Decorator { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Decorator"; @@ -1749,13 +1766,17 @@ message RateLimit { // // .. attention:: // This field has been deprecated in favor of the :ref:`metadata ` field - DynamicMetaData dynamic_metadata = 7 - [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + DynamicMetaData dynamic_metadata = 7 [ + deprecated = true, + (envoy.annotations.deprecated_at_minor_version) = "3.0", + (envoy.annotations.disallowed_by_default) = true + ]; // Rate limit on metadata. MetaData metadata = 8; // Rate limit descriptor extension. See the rate limit descriptor extensions documentation. + // [#extension-category: envoy.rate_limit_descriptors] core.v3.TypedExtensionConfig extension = 9; } } @@ -1947,6 +1968,7 @@ message InternalRedirectPolicy { // Specifies a list of predicates that are queried when an upstream response is deemed // to trigger an internal redirect by all other criteria. Any predicate in the list can reject // the redirect, causing the response to be proxied to downstream. + // [#extension-category: envoy.internal_redirect_predicates] repeated core.v3.TypedExtensionConfig predicates = 3; // Allow internal redirect to follow a target URI with a different scheme than the value of diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto index 7146687b831..8a3e452db56 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto @@ -43,25 +43,12 @@ message Tracing { reserved "config"; // The name of the HTTP trace driver to instantiate. The name must match a - // supported HTTP trace driver. Built-in trace drivers: - // - // - *envoy.tracers.lightstep* - // - *envoy.tracers.zipkin* - // - *envoy.tracers.dynamic_ot* - // - *envoy.tracers.datadog* - // - *envoy.tracers.opencensus* - // - *envoy.tracers.xray* + // supported HTTP trace driver. + // See the :ref:`extensions listed in typed_config below ` for the default list of the HTTP trace driver. string name = 1 [(validate.rules).string = {min_len: 1}]; - // Trace driver specific configuration which depends on the driver being instantiated. - // See the trace drivers for examples: - // - // - :ref:`LightstepConfig ` - // - :ref:`ZipkinConfig ` - // - :ref:`DynamicOtConfig ` - // - :ref:`DatadogConfig ` - // - :ref:`OpenCensusConfig ` - // - :ref:`AWS X-Ray ` + // Trace driver specific configuration which must be set according to the driver being instantiated. + // [#extension-category: envoy.tracers] oneof config_type { google.protobuf.Any typed_config = 3; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto index 6ffce02392f..ee2241e729a 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto @@ -6,6 +6,7 @@ import "envoy/config/core/v3/grpc_service.proto"; import "opencensus/proto/trace/v1/trace_config.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -73,12 +74,14 @@ message OpenCensusConfig { // Enables the Zipkin exporter if set to true. The url and service name must // also be set. This is deprecated, prefer to use Envoy's :ref:`native Zipkin // tracer `. - bool zipkin_exporter_enabled = 5 [deprecated = true]; + bool zipkin_exporter_enabled = 5 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans". This is // deprecated, prefer to use Envoy's :ref:`native Zipkin tracer // `. - string zipkin_url = 6 [deprecated = true]; + string zipkin_url = 6 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Enables the OpenCensus Agent exporter if set to true. The ocagent_address or // ocagent_grpc_service must also be set. diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 877569ee470..87d826262b9 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -11,6 +11,7 @@ import "envoy/config/core/v3/substitution_format_string.proto"; import "envoy/config/route/v3/route.proto"; import "envoy/config/route/v3/scoped_route.proto"; import "envoy/config/trace/v3/http_tracer.proto"; +import "envoy/type/http/v3/path_transformation.proto"; import "envoy/type/tracing/v3/custom_tag.proto"; import "envoy/type/v3/percent.proto"; @@ -33,7 +34,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 43] +// [#next-free-field: 46] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"; @@ -238,7 +239,39 @@ message HttpConnectionManager { google.protobuf.BoolValue enabled = 3; } - reserved 27, 11; + // [#not-implemented-hide:] Transformations that apply to path headers. Transformations are applied + // before any processing of requests by HTTP filters, routing, and matching. Only the normalized + // path will be visible internally if a transformation is enabled. Any path rewrites that the + // router performs (e.g. :ref:`regex_rewrite + // ` or :ref:`prefix_rewrite + // `) will apply to the *:path* header + // destined for the upstream. + // + // Note: access logging and tracing will show the original *:path* header. + message PathNormalizationOptions { + // [#not-implemented-hide:] Normalization applies internally before any processing of requests by + // HTTP filters, routing, and matching *and* will affect the forwarded *:path* header. Defaults + // to :ref:`NormalizePathRFC3986 + // `. When not + // specified, this value may be overridden by the runtime variable + // :ref:`http_connection_manager.normalize_path`. + // Envoy will respond with 400 to paths that are malformed (e.g. for paths that fail RFC 3986 + // normalization due to disallowed characters.) + type.http.v3.PathTransformation forwarding_transformation = 1; + + // [#not-implemented-hide:] Normalization only applies internally before any processing of + // requests by HTTP filters, routing, and matching. These will be applied after full + // transformation is applied. The *:path* header before this transformation will be restored in + // the router filter and sent upstream unless it was mutated by a filter. Defaults to no + // transformations. + // Multiple actions can be applied in the same Transformation, forming a sequential + // pipeline. The transformations will be performed in the order that they appear. Envoy will + // respond with 400 to paths that are malformed (e.g. for paths that fail RFC 3986 + // normalization due to disallowed characters.) + type.http.v3.PathTransformation http_filter_transformation = 2; + } + + reserved 27, 11, 45; reserved "idle_timeout"; @@ -292,6 +325,10 @@ message HttpConnectionManager { config.core.v3.Http2ProtocolOptions http2_protocol_options = 9 [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + // Additional HTTP/3 settings that are passed directly to the HTTP/3 codec. + // [#not-implemented-hide:] + config.core.v3.Http3ProtocolOptions http3_protocol_options = 44; + // An optional override that the connection manager will write to the server // header in responses. If not set, the default is *envoy*. string server_name = 10 @@ -306,10 +343,8 @@ message HttpConnectionManager { // The maximum request headers size for incoming connections. // If unconfigured, the default max request headers allowed is 60 KiB. // Requests that exceed this limit will receive a 431 response. - // The max configurable limit is 96 KiB, based on current implementation - // constraints. google.protobuf.UInt32Value max_request_headers_kb = 29 - [(validate.rules).uint32 = {lte: 96 gt: 0}]; + [(validate.rules).uint32 = {lte: 8192 gt: 0}]; // The stream idle timeout for connections managed by the connection manager. // If not specified, this defaults to 5 minutes. The default value was selected @@ -450,7 +485,7 @@ message HttpConnectionManager { // Via header value to append to request and response headers. If this is // empty, no via header will be appended. - string via = 22; + string via = 22 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; // Whether the connection manager will generate the :ref:`x-request-id // ` header if it does not exist. This defaults to @@ -527,15 +562,21 @@ message HttpConnectionManager { bool merge_slashes = 33; // The configuration of the request ID extension. This includes operations such as - // generation, validation, and associated tracing operations. - // - // If not set, Envoy uses the default UUID-based behavior: + // generation, validation, and associated tracing operations. If empty, the + // :ref:`UuidRequestIdConfig ` + // default extension is used with default parameters. See the documentation for that extension + // for details on what it does. Customizing the configuration for the default extension can be + // achieved by configuring it explicitly here. For example, to disable trace reason packing, + // the following configuration can be used: // - // 1. Request ID is propagated using *x-request-id* header. + // .. validated-code-block:: yaml + // :type-name: envoy.extensions.filters.network.http_connection_manager.v3.RequestIDExtension // - // 2. Request ID is a universally unique identifier (UUID). + // typed_config: + // "@type": type.googleapis.com/envoy.extensions.request_id.uuid.v3.UuidRequestIdConfig + // pack_trace_reason: false // - // 3. Tracing decision (sampled, forced, etc) is set in 14th byte of the UUID. + // [#extension-category: envoy.request_id] RequestIDExtension request_id_extension = 36; // The configuration to customize local reply returned by Envoy. It can customize status code, @@ -545,7 +586,9 @@ message HttpConnectionManager { // Determines if the port part should be removed from host/authority header before any processing // of request by HTTP filters or routing. The port would be removed only if it is equal to the :ref:`listener's` - // local port and request method is not CONNECT. This affects the upstream host header as well. + // local port. This affects the upstream host header unless the method is + // CONNECT in which case if no filter adds a port the original port will be restored before headers are + // sent upstream. // Without setting this option, incoming requests with host `example:443` will not match against // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part // of `HTTP spec `_ and is provided for convenience. @@ -555,8 +598,9 @@ message HttpConnectionManager { oneof strip_port_mode { // Determines if the port part should be removed from host/authority header before any processing - // of request by HTTP filters or routing. The port would be removed only if request method is not CONNECT. - // This affects the upstream host header as well. + // of request by HTTP filters or routing. + // This affects the upstream host header unless the method is CONNECT in + // which case if no filter adds a port the original port will be restored before headers are sent upstream. // Without setting this option, incoming requests with host `example:443` will not match against // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part // of `HTTP spec `_ and is provided for convenience. @@ -581,6 +625,16 @@ message HttpConnectionManager { // *not* the deprecated but similarly named :ref:`stream_error_on_invalid_http_messaging // ` google.protobuf.BoolValue stream_error_on_invalid_http_message = 40; + + // [#not-implemented-hide:] Path normalization configuration. This includes + // configurations for transformations (e.g. RFC 3986 normalization or merge + // adjacent slashes) and the policy to apply them. The policy determines + // whether transformations affect the forwarded *:path* header. RFC 3986 path + // normalization is enabled by default and the default policy is that the + // normalized header will be forwarded. See :ref:`PathNormalizationOptions + // ` + // for details. + PathNormalizationOptions path_normalization_options = 43; } // The configuration to customize local reply returned by Envoy. @@ -814,6 +868,10 @@ message ScopedRds { // Configuration source specifier for scoped RDS. config.core.v3.ConfigSource scoped_rds_config_source = 1 [(validate.rules).message = {required: true}]; + + // xdstp:// resource locator for scoped RDS collection. + // [#not-implemented-hide:] + string srds_resources_locator = 2; } // [#next-free-field: 7] @@ -833,11 +891,21 @@ message HttpFilter { oneof config_type { // Filter specific configuration which depends on the filter being instantiated. See the supported // filters for further documentation. + // + // To support configuring a :ref:`match tree `, use an + // :ref:`ExtensionWithMatcher ` + // with the desired HTTP filter. + // [#extension-category: envoy.filters.http] google.protobuf.Any typed_config = 4; // Configuration source specifier for an extension configuration discovery service. // In case of a failure and without the default configuration, the HTTP listener responds with code 500. // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061). + // + // To support configuring a :ref:`match tree `, use an + // :ref:`ExtensionWithMatcher ` + // with the desired HTTP filter. This works for both the default filter configuration as well + // as for filters provided via the API. config.core.v3.ExtensionConfigSource config_discovery = 5; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto index 1def231a379..46b9ad5c433 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package envoy.extensions.transport_sockets.tls.v3; import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/type/matcher/v3/string.proto"; import "google/protobuf/any.proto"; @@ -211,7 +212,7 @@ message TlsSessionTicketKeys { [(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true]; } -// [#next-free-field: 12] +// [#next-free-field: 13] message CertificateValidationContext { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CertificateValidationContext"; @@ -371,4 +372,11 @@ message CertificateValidationContext { // Certificate trust chain verification mode. TrustChainVerification trust_chain_verification = 10 [(validate.rules).enum = {defined_only: true}]; + + // The configuration of an extension specific certificate validator. + // If specified, all validation is done by the specified validator, + // and the behavior of all other validation settings is defined by the specified validator (and may be entirely ignored, unused, and unvalidated). + // Refer to the documentation for the specified validator. If you do not want a custom validation algorithm, do not set this field. + // [#extension-category: envoy.tls.cert_validator] + config.core.v3.TypedExtensionConfig custom_validator_config = 12; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto b/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto index 7d2a59ae850..3a1c748fc81 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto @@ -8,7 +8,7 @@ import "envoy/type/matcher/v3/node.proto"; import "google/api/annotations.proto"; -import "udpa/annotations/migrate.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -103,7 +103,8 @@ message PerXdsConfig { // This field is deprecated. Use :ref:`ClientResourceStatus // ` for per-resource // config status instead. - ClientConfigStatus client_status = 7 [deprecated = true]; + ClientConfigStatus client_status = 7 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; oneof per_xds_config { admin.v3.ListenersConfigDump listener_config = 2; diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto b/xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto new file mode 100644 index 00000000000..8a3c9ef5aaf --- /dev/null +++ b/xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto @@ -0,0 +1,57 @@ +syntax = "proto3"; + +package envoy.type.http.v3; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.type.http.v3"; +option java_outer_classname = "PathTransformationProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Path Transformations API] + +// PathTransformation defines an API to apply a sequence of operations that can be used to alter +// text before it is used for matching or routing. Multiple actions can be applied in the same +// Transformation, forming a sequential pipeline. The transformations will be performed in the order +// that they appear. +// +// This API is a work in progress. + +message PathTransformation { + // A type of operation to alter text. + message Operation { + // Should text be normalized according to RFC 3986? This typically is used for path headers + // before any processing of requests by HTTP filters or routing. This applies percent-encoded + // normalization and path segment normalization. Fails on characters disallowed in URLs + // (e.g. NULLs). See `Normalization and Comparison + // `_ for details of normalization. Note that + // this options does not perform `case normalization + // `_ + message NormalizePathRFC3986 { + } + + // Determines if adjacent slashes are merged into one. A common use case is for a request path + // header. Using this option in `:ref: PathNormalizationOptions + // ` + // will allow incoming requests with path `//dir///file` to match against route with `prefix` + // match set to `/dir`. When using for header transformations, note that slash merging is not + // part of `HTTP spec `_ and is provided for convenience. + message MergeSlashes { + } + + oneof operation_specifier { + option (validate.required) = true; + + // Enable path normalization per RFC 3986. + NormalizePathRFC3986 normalize_path_rfc_3986 = 2; + + // Enable merging adjacent slashes. + MergeSlashes merge_slashes = 3; + } + } + + // A list of operations to apply. Transformations will be performed in the order that they appear. + repeated Operation operations = 1; +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/path.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/path.proto new file mode 100644 index 00000000000..0ce89871c9d --- /dev/null +++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/path.proto @@ -0,0 +1,30 @@ +syntax = "proto3"; + +package envoy.type.matcher.v3; + +import "envoy/type/matcher/v3/string.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.type.matcher.v3"; +option java_outer_classname = "PathProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Path matcher] + +// Specifies the way to match a path on HTTP request. +message PathMatcher { + option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.PathMatcher"; + + oneof rule { + option (validate.required) = true; + + // The `path` must match the URL path portion of the :path header. The query and fragment + // string (if present) are removed in the URL path portion. + // For example, the path */data* will match the *:path* header */data#fragment?param=value*. + StringMatcher path = 1 [(validate.rules).message = {required: true}]; + } +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/regex.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/regex.proto index f5913c460c4..3e7bb477ecb 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/regex.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/regex.proto @@ -4,6 +4,7 @@ package envoy.type.matcher.v3; import "google/protobuf/wrappers.proto"; +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -43,7 +44,8 @@ message RegexMatcher { // // This field is deprecated; regexp validation should be performed on the management server // instead of being done by each individual client. - google.protobuf.UInt32Value max_program_size = 1 [deprecated = true]; + google.protobuf.UInt32Value max_program_size = 1 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; } oneof engine_type {