From 79f1617a9387e5c9b010f71198da30a59e5c103f Mon Sep 17 00:00:00 2001 From: "app-token-modules[bot]" <125905105+app-token-modules[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 12:56:51 -0500 Subject: [PATCH] Found new managed modules references (#832) New managed modules references found. Please review. Co-authored-by: unmultimedio <4431392+unmultimedio@users.noreply.github.com> --- ...898b9c1db5ae88c05ae4b0cd139821dd502e6f68f2 | 365 +++ ...5c08b73d4610bd00d049e6fa2ed176191570b209f1 | 588 ++++ ...be66b6d20a82f9e9deb5f79be528c4c08cb6835674 | 195 ++ ...02f55e78feeca582d86a5257ee7c36c350f937f4b8 | 256 ++ ...8509131a6d1e0944c3802b62306a320ae73a49a4a0 | 124 + ...a03761a7f2926b41cd7b58edfdb6ed1054777c5325 | 415 +++ ...da6c465951f454b9d5d0efbf4154b454d527d39d20 | 415 +++ ...f03ceb3915e9ad71e3e6b2d0010e93e3081fa87a0e | 438 +++ ...cc1de304ce6de23935424d7246b15449a70c8a1f55 | 33 + ...4a4cc02b5bbaf899fec9d102e681b241c95fe14c41 | 103 + ...872ded2dc4efa515b62995683d4dc6d19c2da07e69 | 79 + ...0d76d081a5a12b88d096cba8766cb478144a9ba400 | 195 ++ ...948515acb3732d7be761bf2e9af2d1739dde866b91 | 36 + ...22616784038e940d2f40c43c0fbb3b85bc9f53bf36 | 64 + ...5f07bac3d93ee567493207ac3c736ec52cbcde847b | 71 + ...360fa0d889df05ff944a21894a27d3cd2d7e38218b | 86 + ...c1b5eef2de801256ff1185a6fd4e7b7f9f53ac43cd | 46 + ...72d37cfac32cbf729633e4454d6a5c2dd28c2c7d81 | 198 ++ ...b25107dddda66115c1ff1faa7691e85d97e79db831 | 689 +++++ ...dceeaee8733c6db03b11af64e4487d1a0f4dd1e476 | 61 + ...a6e09c9cd558136dc75a9cf507c7e1d341c497a293 | 351 +++ ...d37a311f5ec3e05cf1849f7c794fea38899ea406ea | 122 + ...40352069bbabe91c5efeb9d8643c457a64737ac00c | 271 ++ ...4d05ff1ebd27e820622355d2de4f5d09b7d71983ef | 229 ++ ...6c8d90d7c6fd485b60367217391e39ec5aab637b2b | 672 +++++ ...7feebe16457071b0eb1bfa401314d07008da49478e | 98 + ...fced4f1caa1490773c8584aac1251b274429a8335b | 206 ++ ...52b851fbd244dae48296a34873dcaeef73fa9ca421 | 157 + ...16aee8468122e34febd659868cf0e4cd077049470f | 662 +++++ ...6772428ea368d36791ded9328940fe980b70e42f8f | 213 ++ ...6809510a88722c4ee872548eb5d01f0e9bd832e3c5 | 437 +++ ...a92cd343d877f95344756ba946b6b05630261df3ce | 205 ++ ...82cc4cedc05abe0a337497ff6dc211e65c16dcf02a | 92 + ...0e973fdd447875a154228148abb5f00e94f4c47281 | 22 + ...d3f7fb89ca60d13a90ae0e1595189e5f2ef03febb1 | 72 + ...9bf41f183abe458845d060c5b154c34265cf5368bf | 45 + ...093e15f0d2c733bebfb34308dc41c37d81368c828a | 351 +++ ...f349f8e34d468241d5f321d5a8b1358f755ab3f749 | 568 ++++ ...7f9d5c1d12d1a0eb3563bcdd5202b17d56555d8359 | 49 + ...feb37a216a2d4a9d1a289bde799d58600fafb88815 | 1247 ++++++++ ...a852072f21ad08a501d1c105103dec24e7f43a8fad | 514 ++++ ...c27ff9e55f424535eb83b118a5bfc4b96654d41f17 | 16 + ...bd2eff59d52dddc8797e085ee99ca6a8d6db475de8 | 199 ++ ...658299d2e503c1ac580f161d867231052bba4d9744 | 2563 +++++++++++++++++ ...517cb9bbf730003164fe278bdb8777765738320a14 | 15 + ...0e9b711063a01a70abcced4d271558e455f397df98 | 73 + ...150b78411dd840a35bb2865cceeb2c2840913e3f59 | 100 + ...5edeb0fae6a15a7874043b40b4f45e566c639bb19b | 42 + ...0b7c537e3789fe9a671b2e217880442891c899d9a3 | 22 + ...1b0404b7c865e1281b175c19434c5b84f3d4225d03 | 420 +++ ...b53629f52f4908d58a5e4d733b506977b98628c1a7 | 1364 +++++++++ ...c22c2d7f30d4ab965aecb8472508901d4f277f717b | 46 + ...419ee2ca6c6a8815223b9ce27f28c49a72ea39828e | 48 + ...d7b1067f32b720b754a90f86de61696b264851498e | 24 + ...9a8e4c1d00ee24eacc7bc51c778296d6c5fff1fc8a | 82 + modules/sync/envoyproxy/envoy/state.json | 4 + modules/sync/envoyproxy/ratelimit/state.json | 4 + modules/sync/googleapis/googleapis/state.json | 12 + modules/sync/state.json | 6 +- 59 files changed, 16077 insertions(+), 3 deletions(-) create mode 100644 modules/sync/envoyproxy/envoy/cas/0711d88a9129014e77db8a918e6b1ff5fd7dd6f1e2e19cce9573ea29c253d700594809a424beebdb28ce10898b9c1db5ae88c05ae4b0cd139821dd502e6f68f2 create mode 100644 modules/sync/envoyproxy/envoy/cas/0f6f4339ea181ae26dd8156629ac3d40d49740ff4ba2cea29a7c393755902df2a8a5ab4140e97f28c86ca25c08b73d4610bd00d049e6fa2ed176191570b209f1 create mode 100644 modules/sync/envoyproxy/envoy/cas/11f45c677f93182f5a7f82fb48ca417bbf204674684d823868a85fc0d1199404604c5b9753b20abed6e87ebe66b6d20a82f9e9deb5f79be528c4c08cb6835674 create mode 100644 modules/sync/envoyproxy/envoy/cas/13d28573480c0a3b4318af035def7a2044fd80b1e2976cc9d869d3d91e23eba5a81d0f7aaf7392fd2988a302f55e78feeca582d86a5257ee7c36c350f937f4b8 create mode 100644 modules/sync/envoyproxy/envoy/cas/16743e9abc094d74cb488491197a0532e12c366aa9ca08f626567d642746c77f51d41fb061812c2e00ece48509131a6d1e0944c3802b62306a320ae73a49a4a0 create mode 100644 modules/sync/envoyproxy/envoy/cas/1dc0ed3175669fbe7e372cb788cf08b7bd223d1c41f84006c55252f24c7d97717692fcd2bba39c6073db9ea03761a7f2926b41cd7b58edfdb6ed1054777c5325 create mode 100644 modules/sync/envoyproxy/envoy/cas/273468a90f7dcbc52642fbfc349d82c95b632f8e2a826803410ab1339941c30db7cbbbeead904fc6023365da6c465951f454b9d5d0efbf4154b454d527d39d20 create mode 100644 modules/sync/envoyproxy/envoy/cas/351c700fdc79f734495275aa260893d6c24fb092e46a262587b4bdc2ac6ff3ca72882169529598449f54aff03ceb3915e9ad71e3e6b2d0010e93e3081fa87a0e create mode 100644 modules/sync/envoyproxy/envoy/cas/368384c1f18c40e250a3c223bad867c16c2171e4f3e81dc0e64f95ab0ac8ffa138e3615f975ff473c19ac9cc1de304ce6de23935424d7246b15449a70c8a1f55 create mode 100644 modules/sync/envoyproxy/envoy/cas/3a1640f66dbc67a20600d062e3b0bdeb164df21765beb797dde519f0fa918cbfdb91a93956172fdd866a964a4cc02b5bbaf899fec9d102e681b241c95fe14c41 create mode 100644 modules/sync/envoyproxy/envoy/cas/3c8077c937c86ff48ab61d081a0dd12a4f34778e79d77bc2bdeeecafcfc6e4bbd032fc63aecfb89e7a7828872ded2dc4efa515b62995683d4dc6d19c2da07e69 create mode 100644 modules/sync/envoyproxy/envoy/cas/3e1e879b6ddede1c4891287c1d075cc4f34f19e1ea15deee2125a63c00d86985d2857b186c8885dd09b51f0d76d081a5a12b88d096cba8766cb478144a9ba400 create mode 100644 modules/sync/envoyproxy/envoy/cas/432449b6de25f852f1c6d8ebb4df1376dfa0042cfa816a7906cafa4739032b3f66f887a2d85fbc00c2e6fd948515acb3732d7be761bf2e9af2d1739dde866b91 create mode 100644 modules/sync/envoyproxy/envoy/cas/4637407c3a7a724268ec49ee0bee774f940f60c54d7e13838a12ea9c6115fb34ed56fa20c31ab972a2c9d022616784038e940d2f40c43c0fbb3b85bc9f53bf36 create mode 100644 modules/sync/envoyproxy/envoy/cas/51c726cd9b4aa56a62db2e6abd3546cc72958033365ca62c6c69b134d91d658ec04b82d64910f062d70c085f07bac3d93ee567493207ac3c736ec52cbcde847b create mode 100644 modules/sync/envoyproxy/envoy/cas/5f8a02cf67b5c30f47a9459137ed47a77744906a5bb75baafbce675671109b7038b8464dc2b5e186728bd6360fa0d889df05ff944a21894a27d3cd2d7e38218b create mode 100644 modules/sync/envoyproxy/envoy/cas/62e9cbba4ef90857312393ba23c0c2e68c7ddf909fb944dbb82991c11ea9e2156e58cc0597c12e2057b122c1b5eef2de801256ff1185a6fd4e7b7f9f53ac43cd create mode 100644 modules/sync/envoyproxy/envoy/cas/6f596e69c9a1af917e12680f6e43c941f9e4a254ee86d30da4127b4aa01d9bb1f08d270c0ff8ddb63099c972d37cfac32cbf729633e4454d6a5c2dd28c2c7d81 create mode 100644 modules/sync/envoyproxy/envoy/cas/795dd3264f9e074b9862a701299bd1a7a02feb95a27bbe36cf2dbb7b868690a14b411b38762ef399487148b25107dddda66115c1ff1faa7691e85d97e79db831 create mode 100644 modules/sync/envoyproxy/envoy/cas/8695627774888384867f60a36b2bdd64d260d7dbeb4bde5a9fcaf617c436af794050181efee94998f5966bdceeaee8733c6db03b11af64e4487d1a0f4dd1e476 create mode 100644 modules/sync/envoyproxy/envoy/cas/898dcb73232fc67a2cdd1d61309a81f12c1da724cc3e5c9877e2a1c8f8c4b9f6d170383f7dff706ffc19dca6e09c9cd558136dc75a9cf507c7e1d341c497a293 create mode 100644 modules/sync/envoyproxy/envoy/cas/8c4419111eb187a571b0ee7b60f1cc436450e5d263ccc007c90e58fdd029c2a5c7db789944e0a9963b1c53d37a311f5ec3e05cf1849f7c794fea38899ea406ea create mode 100644 modules/sync/envoyproxy/envoy/cas/90c9a5e1b2bfe3cf7dccc8cb444c46a99c9214ab0a7b0c78c19f9f9cdb9787c35a1a85547849ae858e97f440352069bbabe91c5efeb9d8643c457a64737ac00c create mode 100644 modules/sync/envoyproxy/envoy/cas/9641a91435e6e6b8c64e8e68adb42c0ce592170cc68972d4724169361766892b4d2a00b16e4dc9a2863d7b4d05ff1ebd27e820622355d2de4f5d09b7d71983ef create mode 100644 modules/sync/envoyproxy/envoy/cas/a7f813dbdfaadb034a6a7332b0255a0e3b22c62a143f04961312762d3abbf1f55bead00e1df978bdd79ea16c8d90d7c6fd485b60367217391e39ec5aab637b2b create mode 100644 modules/sync/envoyproxy/envoy/cas/aa88a5a272e85552ea9c02d9411ff0a545d9c0a4a0345db2c7c9ffa173ccb554d5c904b8fb177c2fd608c47feebe16457071b0eb1bfa401314d07008da49478e create mode 100644 modules/sync/envoyproxy/envoy/cas/ac4a57cb2f25fbfce2a8daef2546317e33d09d8162447b82d56491df84b4847880ea6fa7048a0d82380191fced4f1caa1490773c8584aac1251b274429a8335b create mode 100644 modules/sync/envoyproxy/envoy/cas/acf97d4c6b5404951c13b3929354bb0613f3cc5cb4852a71f6d79b0fc37a40cd8e0b756a90fc1bbc2a11fd52b851fbd244dae48296a34873dcaeef73fa9ca421 create mode 100644 modules/sync/envoyproxy/envoy/cas/ae28b55a1d43e246e656acdd267aee16e19b6ab15c507b928417b17ce81741a6cbb4cb72da3cfd5980142e16aee8468122e34febd659868cf0e4cd077049470f create mode 100644 modules/sync/envoyproxy/envoy/cas/b1b80519ed10cd644f155c72798d6d0f8a55d4657fb61d2de8aab8c821865aa7b60be401f52e6b04157c806772428ea368d36791ded9328940fe980b70e42f8f create mode 100644 modules/sync/envoyproxy/envoy/cas/b1cef5fdc3d1350e3f96bc2cf2d14909e19dc8686fb620a42bec19fab962d6e83a1a532b62d30e8ab5256d6809510a88722c4ee872548eb5d01f0e9bd832e3c5 create mode 100644 modules/sync/envoyproxy/envoy/cas/b5082be33b95bbc2c8a1bae0d4ab9585ce842da65878270cf233bf066be2276fd9282b37d7b809cb974812a92cd343d877f95344756ba946b6b05630261df3ce create mode 100644 modules/sync/envoyproxy/envoy/cas/b8474a002d72c2f26c487b3f7ff34c9d28dede1ae5deebca5bca92acdc82e3eb084a31405538e2210f87d882cc4cedc05abe0a337497ff6dc211e65c16dcf02a create mode 100644 modules/sync/envoyproxy/envoy/cas/b8aeb0435ab80c4f331ede8ee6367cf5eb25df2219c291e177b1be3dae38269671d7d2c2855e045c88058f0e973fdd447875a154228148abb5f00e94f4c47281 create mode 100644 modules/sync/envoyproxy/envoy/cas/c287f1093bd60b0ed243f40f69dc868a8856f31b36cc3f44790c0ed62e24c23fee9046ff0c55512f5fdbabd3f7fb89ca60d13a90ae0e1595189e5f2ef03febb1 create mode 100644 modules/sync/envoyproxy/envoy/cas/c29c6d22b41d00bd1a0c1ef267637fc69e8e43dcbe035dca36946ca152031f28cc5fb3773ece8c10b5051c9bf41f183abe458845d060c5b154c34265cf5368bf create mode 100644 modules/sync/envoyproxy/envoy/cas/c3a06caefa9e50db33112179456b945e2afe0288391af79cfc591a19ddcfc303a5ab49b43da11a334a728c093e15f0d2c733bebfb34308dc41c37d81368c828a create mode 100644 modules/sync/envoyproxy/envoy/cas/c532345a4b2414764b040b34e5a2e9d71f496fdd34ca36725f4cae2d461cebe13c64c22c958f310b678440f349f8e34d468241d5f321d5a8b1358f755ab3f749 create mode 100644 modules/sync/envoyproxy/envoy/cas/c6d8f7809023346a853aedc7b74dd1f18dbb8be1dfe43cefecbc74b24ef29ee107f4f115a0481b954e41517f9d5c1d12d1a0eb3563bcdd5202b17d56555d8359 create mode 100644 modules/sync/envoyproxy/envoy/cas/c8daed978d22da1c6d9cfa605dabc020dece377ceda612fc6b219731e3eab82fea4a6d97ab9c7d875eec2ffeb37a216a2d4a9d1a289bde799d58600fafb88815 create mode 100644 modules/sync/envoyproxy/envoy/cas/cb69962e85abacb9240973a33cfde3c0751df04be12d99b5c8736416893a6d084fecfe9e9bdc6e6e29831ca852072f21ad08a501d1c105103dec24e7f43a8fad create mode 100644 modules/sync/envoyproxy/envoy/cas/d0205fe3c89d1f582db76034f79b0ffc035a8bd2c0d6c1b2fa0a080c9836e3fc69ec5c01d2ff82fdb53d52c27ff9e55f424535eb83b118a5bfc4b96654d41f17 create mode 100644 modules/sync/envoyproxy/envoy/cas/d202ec6e99b45a8e9a5671718b070c368e6a5067194ab1c73da32705d28d45802db75994b6e5fb938b9bf4bd2eff59d52dddc8797e085ee99ca6a8d6db475de8 create mode 100644 modules/sync/envoyproxy/envoy/cas/d2a94d5b779e9b75c6304545c0f1b7fbd6880270024fddd44bb7490334749e60d7d97fda0288bd27f0ea52658299d2e503c1ac580f161d867231052bba4d9744 create mode 100644 modules/sync/envoyproxy/envoy/cas/db7a4656ca79bb7a54e54e6c6d0c7fe39871f6333f32084aceb29823252bc2bca6090d1f79bebf9c0d2cc9517cb9bbf730003164fe278bdb8777765738320a14 create mode 100644 modules/sync/envoyproxy/envoy/cas/e1d0772c1e79f87f10446e70e445510cee7549c348789cbaa4b6e17ab6931aea85a6051f3d3c056472e6900e9b711063a01a70abcced4d271558e455f397df98 create mode 100644 modules/sync/envoyproxy/envoy/cas/e21dabe4f701068b930a6c2586ed13869ab20e7756b0ab88bf4730ac17d0eca7b68083f2fb86a8a15acf96150b78411dd840a35bb2865cceeb2c2840913e3f59 create mode 100644 modules/sync/envoyproxy/envoy/cas/e3ea7ba1c2fcc332e031713bde4b92e894ad6d650df9355b1d6cfd29439fe33578be62cba39f88f3c8a8845edeb0fae6a15a7874043b40b4f45e566c639bb19b create mode 100644 modules/sync/envoyproxy/envoy/cas/e3fbc3da2acacca933166dc9dabde689f5f20e29f2b7ab43f839c0b29c8bb5bea668ff8536544d06a5a0020b7c537e3789fe9a671b2e217880442891c899d9a3 create mode 100644 modules/sync/envoyproxy/envoy/cas/e5c3e7849f8aab45cf872016d0b6f6288e7d1694fe103e3b0f64e74a7444dec99b7f296e59cbfe28373c351b0404b7c865e1281b175c19434c5b84f3d4225d03 create mode 100644 modules/sync/envoyproxy/envoy/cas/ebf748fd4dcfff091c2dd3e683ab0cbfbea458b8fc74989b53812d68e37aa595dbfaa781e456f98ca651ddb53629f52f4908d58a5e4d733b506977b98628c1a7 create mode 100644 modules/sync/envoyproxy/envoy/cas/f0425c1657f5d21bc766ab56612144f466c193c9557a7ef43170b054b8f5f5f04b14d5fae4ec23a2503b68c22c2d7f30d4ab965aecb8472508901d4f277f717b create mode 100644 modules/sync/envoyproxy/envoy/cas/f1334a390dbbb3b9711cb629b4e99b90ee363a428192cfb2de8206c7cf0d69e852796baa9e3fa00fb9f40e419ee2ca6c6a8815223b9ce27f28c49a72ea39828e create mode 100644 modules/sync/envoyproxy/envoy/cas/f7680ea8269c00d0a1c18ee2f3af1e75f8dd2c000c5e8b943910b9d94929ab55ee5d987f52e72a9de04314d7b1067f32b720b754a90f86de61696b264851498e create mode 100644 modules/sync/envoyproxy/envoy/cas/f88d1d71037a70c72f39863a5a9ec8d65ded375d725b7e416d36ec233adcd670e010a8b024c755835c16899a8e4c1d00ee24eacc7bc51c778296d6c5fff1fc8a diff --git a/modules/sync/envoyproxy/envoy/cas/0711d88a9129014e77db8a918e6b1ff5fd7dd6f1e2e19cce9573ea29c253d700594809a424beebdb28ce10898b9c1db5ae88c05ae4b0cd139821dd502e6f68f2 b/modules/sync/envoyproxy/envoy/cas/0711d88a9129014e77db8a918e6b1ff5fd7dd6f1e2e19cce9573ea29c253d700594809a424beebdb28ce10898b9c1db5ae88c05ae4b0cd139821dd502e6f68f2 new file mode 100644 index 00000000..b292b18c --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/0711d88a9129014e77db8a918e6b1ff5fd7dd6f1e2e19cce9573ea29c253d700594809a424beebdb28ce10898b9c1db5ae88c05ae4b0cd139821dd502e6f68f2 @@ -0,0 +1,365 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v3; + +import "envoy/config/core/v3/address.proto"; +import "envoy/config/core/v3/extension.proto"; +import "envoy/extensions/transport_sockets/tls/v3/common.proto"; +import "envoy/extensions/transport_sockets/tls/v3/secret.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3"; +option java_outer_classname = "TlsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3;tlsv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: TLS transport socket] +// [#extension: envoy.transport_sockets.tls] +// The TLS contexts below provide the transport socket configuration for upstream/downstream TLS. + +// [#next-free-field: 8] +message UpstreamTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.auth.UpstreamTlsContext"; + + // Common TLS context settings. + // + // .. attention:: + // + // Server certificate verification is not enabled by default. To enable verification, configure + // :ref:`trusted_ca`. + CommonTlsContext common_tls_context = 1; + + // SNI string to use when creating TLS backend connections. + string sni = 2 [(validate.rules).string = {max_bytes: 255}]; + + // If true, replaces the SNI for the connection with the hostname of the upstream host, if + // the hostname is known due to either a DNS cluster type or the + // :ref:`hostname ` is set on + // the host. + // + // See :ref:`SNI configuration ` for details on how this + // interacts with other validation options. + bool auto_host_sni = 6; + + // If true, replaces any Subject Alternative Name (SAN) validations with a validation for a DNS SAN matching + // the SNI value sent. The validation uses the actual requested SNI, regardless of how the SNI is configured. + // + // For common cases where an SNI value is present and the server certificate should include a corresponding SAN, + // this option ensures the SAN is properly validated. + // + // See the :ref:`validation configuration ` for how this interacts with + // other validation options. + bool auto_sni_san_validation = 7; + + // If true, server-initiated TLS renegotiation will be allowed. + // + // .. attention:: + // + // TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary. + bool allow_renegotiation = 3; + + // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets + // for TLSv1.2 and older) to be stored for session resumption. + // + // Defaults to 1, setting this to 0 disables session resumption. + google.protobuf.UInt32Value max_session_keys = 4; + + // Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if + // the ``keyUsage`` is incompatible with TLS usage. + // + // .. note:: + // The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release. + // + // The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics ` metric will be incremented + // for configurations that would fail if this option were enabled. + google.protobuf.BoolValue enforce_rsa_key_usage = 5; +} + +// [#next-free-field: 12] +message DownstreamTlsContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.auth.DownstreamTlsContext"; + + enum OcspStaplePolicy { + // OCSP responses are optional. If absent or expired, the certificate is used without stapling. + LENIENT_STAPLING = 0; + + // OCSP responses are optional. If absent, the certificate is used without stapling. If present but expired, + // the certificate is not used for subsequent connections. Connections are rejected if no suitable certificate + // is found. + STRICT_STAPLING = 1; + + // OCSP responses are required. Connections fail if a certificate lacks a valid OCSP response. Expired responses + // prevent certificate use in new connections, and connections are rejected if no suitable certificate is available. + MUST_STAPLE = 2; + } + + // Common TLS context settings. + CommonTlsContext common_tls_context = 1; + + // If specified, Envoy will reject connections without a valid client + // certificate. + google.protobuf.BoolValue require_client_certificate = 2; + + // If specified, Envoy will reject connections without a valid and matching SNI. + // [#not-implemented-hide:] + google.protobuf.BoolValue require_sni = 3; + + oneof session_ticket_keys_type { + // TLS session ticket key settings. + TlsSessionTicketKeys session_ticket_keys = 4; + + // Config for fetching TLS session ticket keys via SDS API. + SdsSecretConfig session_ticket_keys_sds_secret_config = 5; + + // Config for controlling stateless TLS session resumption: setting this to true will cause the TLS + // server to not issue TLS session tickets for the purposes of stateless TLS session resumption. + // If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using + // the keys specified through either :ref:`session_ticket_keys ` + // or :ref:`session_ticket_keys_sds_secret_config `. + // If this config is set to false and no keys are explicitly configured, the TLS server will issue + // TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the + // implication that sessions cannot be resumed across hot restarts or on different hosts. + bool disable_stateless_session_resumption = 7; + } + + // If ``true``, the TLS server will not maintain a session cache of TLS sessions. + // + // .. note:: + // This applies only to TLSv1.2 and earlier. + // + bool disable_stateful_session_resumption = 10; + + // Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime + // of the TLS session. + // + // This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) `_. + // Only whole seconds are considered; fractional seconds are ignored. + google.protobuf.Duration session_timeout = 6 [(validate.rules).duration = { + lt {seconds: 4294967296} + gte {} + }]; + + // Configuration for handling certificates without an OCSP response or with expired responses. + // + // Defaults to ``LENIENT_STAPLING`` + OcspStaplePolicy ocsp_staple_policy = 8 [(validate.rules).enum = {defined_only: true}]; + + // Multiple certificates are allowed in Downstream transport socket to serve different SNI. + // This option controls the behavior when no matching certificate is found for the received SNI value, + // or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria + // such as key type and OCSP settings. If disabled, the first provided certificate will be used. + // Defaults to ``false``. See more details in :ref:`Multiple TLS certificates `. + google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9; + + // If ``true``, the downstream client's preferred cipher is used during the handshake. If ``false``, Envoy + // uses its preferred cipher. + // + // .. note:: + // This has no effect when using TLSv1_3. + // + bool prefer_client_ciphers = 11; +} + +// TLS key log configuration. +// The key log file format is "format used by NSS for its SSLKEYLOGFILE debugging output" (text taken from openssl man page) +message TlsKeyLog { + // Path to save the TLS key log. + string path = 1 [(validate.rules).string = {min_len: 1}]; + + // Local IP address ranges to filter connections for TLS key logging. If not set, matches any local IP address. + repeated config.core.v3.CidrRange local_address_range = 2; + + // Remote IP address ranges to filter connections for TLS key logging. If not set, matches any remote IP address. + repeated config.core.v3.CidrRange remote_address_range = 3; +} + +// TLS context shared by both client and server TLS contexts. +// [#next-free-field: 17] +message CommonTlsContext { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CommonTlsContext"; + + // Config for the Certificate Provider to fetch certificates. Certificates are fetched/refreshed asynchronously over + // the network relative to the TLS handshake. + // + // DEPRECATED: This message is not currently used, but if we ever do need it, we will want to + // move it out of CommonTlsContext and into common.proto, similar to the existing + // CertificateProviderPluginInstance message. + // + // [#not-implemented-hide:] + message CertificateProvider { + // opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify + // a root-certificate (validation context) or "TLS" to specify a new tls-certificate. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Provider specific config. + // Note: an implementation is expected to dedup multiple instances of the same config + // to maintain a single certificate-provider instance. The sharing can happen, for + // example, among multiple clusters or between the tls_certificate and validation_context + // certificate providers of a cluster. + // This config could be supplied inline or (in future) a named xDS resource. + oneof config { + option (validate.required) = true; + + config.core.v3.TypedExtensionConfig typed_config = 2; + } + } + + // Similar to CertificateProvider above, but allows the provider instances to be configured on + // the client side instead of being sent from the control plane. + // + // DEPRECATED: This message was moved outside of CommonTlsContext + // and now lives in common.proto. + // + // [#not-implemented-hide:] + message CertificateProviderInstance { + // Provider instance name. This name must be defined in the client's configuration (e.g., a + // bootstrap file) to correspond to a provider instance (i.e., the same data in the typed_config + // field that would be sent in the CertificateProvider message if the config was sent by the + // control plane). If not present, defaults to "default". + // + // Instance names should generally be defined not in terms of the underlying provider + // implementation (e.g., "file_watcher") but rather in terms of the function of the + // certificates (e.g., "foo_deployment_identity"). + string instance_name = 1; + + // Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify + // a root-certificate (validation context) or "example.com" to specify a certificate for a + // particular domain. Not all provider instances will actually use this field, so the value + // defaults to the empty string. + string certificate_name = 2; + } + + message CombinedCertificateValidationContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext"; + + // How to validate peer certificates. + CertificateValidationContext default_validation_context = 1 + [(validate.rules).message = {required: true}]; + + // Config for fetching validation context via SDS API. Note SDS API allows certificates to be + // fetched/refreshed over the network asynchronously with respect to the TLS handshake. + SdsSecretConfig validation_context_sds_secret_config = 2 + [(validate.rules).message = {required: true}]; + + // Certificate provider for fetching CA certs. This will populate the + // ``default_validation_context.trusted_ca`` field. + // [#not-implemented-hide:] + CertificateProvider validation_context_certificate_provider = 3 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Certificate provider instance for fetching CA certs. This will populate the + // ``default_validation_context.trusted_ca`` field. + // [#not-implemented-hide:] + CertificateProviderInstance validation_context_certificate_provider_instance = 4 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + } + + reserved 5; + + // TLS protocol versions, cipher suites etc. + TlsParameters tls_params = 1; + + // Only a single TLS certificate is supported in client contexts. In server contexts, + // :ref:`Multiple TLS certificates ` can be associated with the + // same context to allow both RSA and ECDSA certificates and support SNI-based selection. + // + // If ``tls_certificate_provider_instance`` is set, this field is ignored. + // If this field is set, ``tls_certificate_sds_secret_configs`` is ignored. + repeated TlsCertificate tls_certificates = 2; + + // Configs for fetching TLS certificates via SDS API. Note SDS API allows certificates to be + // fetched/refreshed over the network asynchronously with respect to the TLS handshake. + // + // The same number and types of certificates as :ref:`tls_certificates ` + // are valid in the certificates fetched through this setting. + // + // If ``tls_certificates`` or ``tls_certificate_provider_instance`` are set, this field + // is ignored. + repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6; + + // Certificate provider instance for fetching TLS certs. + // + // If this field is set, ``tls_certificates`` and ``tls_certificate_provider_instance`` + // are ignored. + // [#not-implemented-hide:] + CertificateProviderPluginInstance tls_certificate_provider_instance = 14; + + // Custom TLS certificate selector. + // + // Select TLS certificate based on TLS client hello. + // If empty, defaults to native TLS certificate selection behavior: + // DNS SANs or Subject Common Name in TLS certificates is extracted as server name pattern to match SNI. + config.core.v3.TypedExtensionConfig custom_tls_certificate_selector = 16; + + // Certificate provider for fetching TLS certificates. + // [#not-implemented-hide:] + CertificateProvider tls_certificate_certificate_provider = 9 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Certificate provider instance for fetching TLS certificates. + // [#not-implemented-hide:] + CertificateProviderInstance tls_certificate_certificate_provider_instance = 11 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + oneof validation_context_type { + // How to validate peer certificates. + CertificateValidationContext validation_context = 3; + + // Config for fetching validation context via SDS API. Note SDS API allows certificates to be + // fetched/refreshed over the network asynchronously with respect to the TLS handshake. + SdsSecretConfig validation_context_sds_secret_config = 7; + + // Combines the default ``CertificateValidationContext`` with the SDS-provided dynamic context for certificate + // validation. + // + // When the SDS server returns a dynamic ``CertificateValidationContext``, it is merged + // with the default context using ``Message::MergeFrom()``. The merging rules are as follows: + // + // * **Singular Fields:** Dynamic fields override the default singular fields. + // * **Repeated Fields:** Dynamic repeated fields are concatenated with the default repeated fields. + // * **Boolean Fields:** Boolean fields are combined using a logical OR operation. + // + // The resulting ``CertificateValidationContext`` is used to perform certificate validation. + CombinedCertificateValidationContext combined_validation_context = 8; + + // Certificate provider for fetching validation context. + // [#not-implemented-hide:] + CertificateProvider validation_context_certificate_provider = 10 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Certificate provider instance for fetching validation context. + // [#not-implemented-hide:] + CertificateProviderInstance validation_context_certificate_provider_instance = 12 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + } + + // Supplies the list of ALPN protocols that the listener should expose. In + // practice this is likely to be set to one of two values (see the + // :ref:`codec_type + // ` + // parameter in the HTTP connection manager for more information): + // + // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1. + // * "http/1.1" If the listener is only going to support HTTP/1.1. + // + // There is no default for this parameter. If empty, Envoy will not expose ALPN. + repeated string alpn_protocols = 4; + + // Custom TLS handshaker. If empty, defaults to native TLS handshaking + // behavior. + config.core.v3.TypedExtensionConfig custom_handshaker = 13; + + // TLS key log configuration + TlsKeyLog key_log = 15; +} diff --git a/modules/sync/envoyproxy/envoy/cas/0f6f4339ea181ae26dd8156629ac3d40d49740ff4ba2cea29a7c393755902df2a8a5ab4140e97f28c86ca25c08b73d4610bd00d049e6fa2ed176191570b209f1 b/modules/sync/envoyproxy/envoy/cas/0f6f4339ea181ae26dd8156629ac3d40d49740ff4ba2cea29a7c393755902df2a8a5ab4140e97f28c86ca25c08b73d4610bd00d049e6fa2ed176191570b209f1 new file mode 100644 index 00000000..19ae8074 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/0f6f4339ea181ae26dd8156629ac3d40d49740ff4ba2cea29a7c393755902df2a8a5ab4140e97f28c86ca25c08b73d4610bd00d049e6fa2ed176191570b209f1 @@ -0,0 +1,588 @@ +shake256:a9c4ad5b20a2946a25d5efb7f096b32ffaa567e3e9a7d89984870104aab45f08d7f6f10c7c72affdc4aabab0471066958ae97c3bb5925b7cb268f8afde27ebbf LICENSE +shake256:7a9a5a3a62ffe3acb50d67d1b0806566f798ac145649c493bf156a2e5d927e264464f5d3add734c687acde39586cc032795e8ea07f51f5bb2493fd0423db10c3 bazel/cc_proto_descriptor_library/testdata/test-extension.proto +shake256:9e8bd1676e9fcea1d02e7cd0ce63f87e6c76b4b31467ec3df1f4a580da427488a764f9e48617a5be98d85057c648f46ec1925b05cae4346b207210327283dd11 bazel/cc_proto_descriptor_library/testdata/test.proto +shake256:76295fd73d7f33a987c1243e8821818b80bd8b04634fc9ccd10879ab3c1ade926e3ef847f11d8e07ccf8fcf011561d151a5d4926505d6494a23119614e049aa6 bazel/cc_proto_descriptor_library/testdata/test1.proto +shake256:036e58836a23359ebf2324efe94106d38521bef2ad6dab6b46b0379dc66192e8f29097c96a9f1c3b299274ec10b47204d63d9e23a010eb5e1c5d4ed52f15c3f7 buf.md +shake256:f9abf7473dc3f95cc9ce2dabfabeedbf0f5fd808e1eb09ab07776ca3991ec073784ef8cb2f6df49a8293f1033141e29d687de39f506046b663b258728864f6b4 buf.yaml +shake256:7144b74045a5813f5f81b71eb11ca0ddac4105e3d20b51a146b634f7dc8c529de6fc84d2c4d3fb635eec48616f787eca10287f14ea10ec3d218e9562508be0ba contrib/envoy/extensions/compression/qatzip/compressor/v3alpha/qatzip.proto +shake256:ae38a03abf75ec63838de20438d1fdaf6ca49f6fcc9d701c4f918411027fcabfe08355fb24d7767074d9c440842bc86fd8788ad25e8c47e98782d6b5379f8b42 contrib/envoy/extensions/compression/qatzstd/compressor/v3alpha/qatzstd.proto +shake256:b7a48d5f96609de62c69948d9050b6fe41d81f476f7779a8d46c8d1d8595dbcead84d193fce745eb375f2fb5ba034633c76a4d1c4987627205f9b8b49bcd6104 contrib/envoy/extensions/config/v3alpha/kv_store_xds_delegate_config.proto +shake256:fa51c63f2698c8856558be8080bc5340c7d1d9fecfcec48a16e154c6fd7886703897da973a1d4e321bc8748043ec6a7fce2069fe45530f104b73f07b3325296c contrib/envoy/extensions/filters/http/checksum/v3alpha/checksum.proto +shake256:ce179ee97700792b3af9c1cb5081b3e62de6f98743f93e6166f73db8e4eb06c9bfd95fc8eec110af02ce1650d12d3dcf8eb74fd0fa21d5653dcaa2c0b84f7fab contrib/envoy/extensions/filters/http/dynamo/v3/dynamo.proto +shake256:a0429e81fab02fca21df816adda562cd39a4392950238042e197a6436941fb98bb621b1bbe1d5107457031186f0c2336872076b2a61e418f62b08180376943a8 contrib/envoy/extensions/filters/http/golang/v3alpha/golang.proto +shake256:c91ad7320770b1bbacf2ac9cfcb3b9ad4814290098d6b54131979be9acb38393595d69a2c89854e6248984cd3c12df7a9e69eeee4ef8cc1fcb814a91e770fa46 contrib/envoy/extensions/filters/http/language/v3alpha/language.proto +shake256:c980b240b716a1edcc45b69748189e1c050b4807602c1ab86279e8943eb7993d9810a6344c3956d55438f713ec97e5aa9d9d359eab3cd8a189b2c1c63a9c5e2b contrib/envoy/extensions/filters/http/squash/v3/squash.proto +shake256:75bebf5cdb07a03584c0367cb291bf599154285a0c28bc56d4190b90fd0ff0734d57a3ef0a8bf88005abd9202cceb47df0c13a0dcbc9af3665513e4e4c96aada contrib/envoy/extensions/filters/http/sxg/v3alpha/sxg.proto +shake256:8cf720d1ee2c70bc75784a9e3d1af11106d1a52418ec13671346d4fde5bd552882b95adae8f35e774d5d34d70f5d6150a36d635e0df072de98eec0208bbf0ee8 contrib/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto +shake256:cb2005d9e1d460d9fb5b6e1d18c3fb0e6b08db1d9e3f20a2287ac91aabe486826b9d8fa0b674b0a075eeb660da61158d86ce0dce9952ea20c1d73e27b47452e6 contrib/envoy/extensions/filters/network/generic_proxy/codecs/kafka/v3/kafka.proto +shake256:b6678557d0f621ab70455895ce208de8c41b4f51ea1c4cd2a661bc4d72a241a39b39a0bdad5521130f1645c78b37cf68ef3f9b2339a66111b27fc3d89adade00 contrib/envoy/extensions/filters/network/golang/v3alpha/golang.proto +shake256:e1d0772c1e79f87f10446e70e445510cee7549c348789cbaa4b6e17ab6931aea85a6051f3d3c056472e6900e9b711063a01a70abcced4d271558e455f397df98 contrib/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto +shake256:3b5eaa38005e7284020fa83bf98b27dc6022bd88b014a2e03ceb284b5145bd3bbb455204f4b844c2d889a290e0e85c4f58b5c91f728fdff07826ecb4e90d1437 contrib/envoy/extensions/filters/network/kafka_mesh/v3alpha/kafka_mesh.proto +shake256:b358663115fc5d273c2fdeae4177ec77e455e830cc5ed529863f229faa531b643ffac3547d974b0675c3da6ab78f71615926c4ec4b2f065bda15fb84fe456ff7 contrib/envoy/extensions/filters/network/mysql_proxy/v3/mysql_proxy.proto +shake256:38524ec7003ec3fc61f7d2a532f32cd009291fbcc9283f74e15c84780b1a73ee03b767ca4c0fe008b2f756eb9e74f7ef872071614485ec6ca7c2ef10c4293469 contrib/envoy/extensions/filters/network/postgres_proxy/v3alpha/postgres_proxy.proto +shake256:3f3e2331e55ceb14cd6f56a5add4364b134e731f7f925306998d8d8838f717ebb3f6efdf7c8905be7a7251e6c4038b90e1396bfd84db2d1dce2b22630321aae0 contrib/envoy/extensions/filters/network/rocketmq_proxy/v3/rocketmq_proxy.proto +shake256:f788b766d979ecdf38a9a23d447ec167d9c461bd4776e261a15a5062ebba61c31135066937d088999278481ed593bc7d662ac7ce64885b29e0e670211b938fad contrib/envoy/extensions/filters/network/rocketmq_proxy/v3/route.proto +shake256:726bb7baad0914a388e5094f559c289ffe68b86216453e24a0d477535f4b5248925c1706983b3867fac7fd9ae0eee2a8c2913c5252726812e4bd6fbc4b931c14 contrib/envoy/extensions/filters/network/sip_proxy/router/v3alpha/router.proto +shake256:814c9c9f84d6c9518d7b396be3c45c734f94be7f972e591e3b9ba081a63b9abee6569e32e183e5d03453f462551b69af7dc20461dc31e3e2bcc411be5d8fd8a8 contrib/envoy/extensions/filters/network/sip_proxy/tra/v3alpha/tra.proto +shake256:672f7c0aa8932a96a3a45f20e4f58bfa7aa418771393a8b844facae585b8b4d5d184c304fae94762a8acf54d6e724e20064e535b0ac0e8889e2a0c6d4cfe1660 contrib/envoy/extensions/filters/network/sip_proxy/v3alpha/route.proto +shake256:8ffcc12678ded759d7f71dbc576f4a865c9dfdf5cbde41d77e43694ff4158bd76cbdc04258284f289ca61d2a47941ed53ac8ae0bb71956c1d8098813bfb974a4 contrib/envoy/extensions/filters/network/sip_proxy/v3alpha/sip_proxy.proto +shake256:bdd1669fcd617d3bda7dc5641875d063e878e343a1535c177f17290637ae649d69960feed3b81bbb378ec04797be4bff4bb13265fd69681cac4b58c86bc88b61 contrib/envoy/extensions/matching/input_matchers/hyperscan/v3alpha/hyperscan.proto +shake256:e1cf9ee5689bd0c31288f67dc28ff17351fdd16d3fa7f111483c34536b861e76d2c407d00bc0d2661aa1f53a32cbf72afba072443a4b49da7b5318576e0bb4f0 contrib/envoy/extensions/network/connection_balance/dlb/v3alpha/dlb.proto +shake256:75de73d5c5355f082e4d607078c0891ac2e1899e281718301e1a6d5a89bd2816304e1473d702c4634bb440d388b990d60cc48d21e8ce698e7de59c096463a201 contrib/envoy/extensions/private_key_providers/cryptomb/v3alpha/cryptomb.proto +shake256:444c37b67f885a3f631bb0dcb8140a07cc0f56503a8b4296bdc89638d06591aad6732f2c3bdae8c4891e44bb4c7cabb592821d95fc6c1477eea81e3b237e7ecd contrib/envoy/extensions/private_key_providers/qat/v3alpha/qat.proto +shake256:33e1082c3889f2641394dc2e7074c5ba5ce3126bdc9ba1060ed407ce7e1ae7d41fa5b3a75575286e681ec3851e0c368bde67cea84c0d6bb065b69722cba624b8 contrib/envoy/extensions/regex_engines/hyperscan/v3alpha/hyperscan.proto +shake256:9825c2f88055cd25c52078a6c508fe77bad594cabb2da12253b4c71057ba330f441300dc8db264a18ab8abd2d324e2fce1089918903ecefacc1bf49c4219c74a contrib/envoy/extensions/router/cluster_specifier/golang/v3alpha/golang.proto +shake256:80887a746d8294ce4f4dcd0467ee6fe7b157da9555360459146587cf1f3166560d586c1650e274ce9449d5fceeeee3df9a6a096e100b04cd45394841dba6cc26 contrib/envoy/extensions/vcl/v3alpha/vcl_socket_interface.proto +shake256:4d73b76b955d3478a5f466d844271d6c7b4b453b62f013c24eb7881b03f547d063158a3cf522c37d480ab561ce43060115c75ebe5ff70b193c2d4dd1d3bff60f envoy/admin/v2alpha/certs.proto +shake256:392009644dca0f075cd5dc284bacc4d5a6dc0e9254998b32cb58f6773316f608696de51c8c825c8a5f1f4c42b2cececab719f23d8e33fcf20702d652e4db68fc envoy/admin/v2alpha/clusters.proto +shake256:e4db3591f411e0073c4d281b2573e88576c5f9de4b544efb50bb342b54e7e1acc4fa6585401f2629fbf6def9d6d1d92d499994ff1e2f5dd217ecb0a227c292fc envoy/admin/v2alpha/config_dump.proto +shake256:4f2bce6af0bbc8be1cdece55535545e089ead78542386e3c8296cb92280f7609f52854a8271121b19d5b42e39c51c84d2a77f63e27e9bc5f16733e2328cb53d2 envoy/admin/v2alpha/listeners.proto +shake256:babcaf94ee63ef61c6e8a78b5cec1478bef04363192b5279554ca60f4de7850f43864bfd2131e25b133d6f4e39d1223307126baf092edae54524cf64eec4c139 envoy/admin/v2alpha/memory.proto +shake256:a34da07ab2e4a8bd9209a1399e188eac2be481978cc552ced7c6c5bd2de0ca3ca3dd8f324af7b69888381f0522fa4ea23caf5b997dc6afef44e88687472a88a4 envoy/admin/v2alpha/metrics.proto +shake256:572464b7bb7321d388f6e6bbecd73ec0fdee640812cd58a975615ccb561fb63e384945ee6bcfec2c5428bd98e08562f9cfd48f3fafcc362c8c1ffef50e54dfd7 envoy/admin/v2alpha/mutex_stats.proto +shake256:47d3268ce2101d2c203883255d72b5bc2fda272a1fb0e99dbd44ce214d8ea2f771ccb29809e617dd8fcabe3fe0e5f78c1d8780462ffb8f022f7bce3a37a6be7d envoy/admin/v2alpha/server_info.proto +shake256:7b13e01379b3accf542fc1b635e9773f704929127eca82c3d631bd91d71cb4dc6970a66e9777f93f694ef52f46121c78c40f701e25659f56eed0ea13b8a98ef8 envoy/admin/v2alpha/tap.proto +shake256:b0fc6c0c38c61ab85eddc6842483bafaf3442db13de31ab87de2d8287e8737f3cb2c7c7a24d07bc44d5cbfb9094b7140ef69c83a0285ba6dbed3f5c301e6b082 envoy/admin/v3/certs.proto +shake256:3058df122031a52af15b9cca7c920c30f992c74a952a983c473ad297ad86bed5e752151f6064edcb14530c54d19ff31579c76cb95ac9659e86286b212896136c envoy/admin/v3/clusters.proto +shake256:b74573ab490303f5a6d136e1c0c1b8ac1f9a617bebc73db2d44750f0ca4fd4389c58d1fded5624b38a021fb65c48192326a71209468c1cba243ec4b52d2a176d envoy/admin/v3/config_dump.proto +shake256:e5c3e7849f8aab45cf872016d0b6f6288e7d1694fe103e3b0f64e74a7444dec99b7f296e59cbfe28373c351b0404b7c865e1281b175c19434c5b84f3d4225d03 envoy/admin/v3/config_dump_shared.proto +shake256:e72b3a5de25f5c898cbfe5fc83fef8dd66c03bcb396c52fd2edab6870a3b6cf3b696f66591fd3cbd6f7d28cd23e71d49786756a8ddcb6ae42144fb36077132af envoy/admin/v3/init_dump.proto +shake256:6570272d2d533e5eb9d66f2f9cda21c84aae72a753b497192014ceb2cc77f7a3698e9b52488303c04b0ed6e6c653c49912a55781d873b4113f8a66eadd87655c envoy/admin/v3/listeners.proto +shake256:4cea80b96515e73ed166ffb074490e388706151c316a6281d580cad1b94c25c2f2fad927bd57061193640a791bfdb17936a60bca6e44a7332685a143f7eb2f12 envoy/admin/v3/memory.proto +shake256:1fbd58b26fc343916e3a95e7c8bbcd18be83aa4100f0cbb1171556685079dd0c7d6d705bba862d77dbdcf960e9be17cad3e5cb0a5994e9ba9b88b541a9d66411 envoy/admin/v3/metrics.proto +shake256:7d878df1ba81097b3bd150127d366a41db794cd7243a03e0b233c563044e15b5d0f74565d5f9408efff46de7dfb7c3b0a5842cb02882758acbc15323fcb46ceb envoy/admin/v3/mutex_stats.proto +shake256:b5082be33b95bbc2c8a1bae0d4ab9585ce842da65878270cf233bf066be2276fd9282b37d7b809cb974812a92cd343d877f95344756ba946b6b05630261df3ce envoy/admin/v3/server_info.proto +shake256:6a478eb836b32fa6eb4912a3cc311d3e54b267e7a628426efc49cb81959b0b5215ed46deacd0233d4aeaab32a303ca5309fcd030012bfedde2de782fc0787310 envoy/admin/v3/tap.proto +shake256:3adb067791805262a0ab31825adf5239b87c95c057cf3b4dffa4a7a8debf5ed4a53e239ed3108da8981c69fe795b1cde14a02c133f410dd0f886e71f6479319a envoy/annotations/deprecation.proto +shake256:f2de7186256f2d6d35bc5e77e5a2060e3be9256970d9415cfa01bd9d0a063f98e2a7bb47bf7b03706d9d466062aa2faca4ea91f45fc93f995340d497bc9d7186 envoy/annotations/resource.proto +shake256:6bcd4872bc82d5ea2fbb17106cdba7772b0b241931a935266ce04e980804700b5b0ea06ac0156f60645830a6ab234bdfc46a37f51bb49a18afdc6bdc984563c5 envoy/api/v2/auth/cert.proto +shake256:4ee13ab3002ccc1c7a6143d26373585edcef9829006e3f6daf46f4e1aacffce7eb83d4c61f5464a62f021eb73126e855650aac16b222b0e0ea8f3d7700ce07b7 envoy/api/v2/auth/common.proto +shake256:fc23072cb4fe3305d96f0d2906e00ef441ca4168ebdb5e03ae90ff55de2c7f8e597049853e149378f283b87d20270e29b91205729bc4400ac8981fd9a00be0d4 envoy/api/v2/auth/secret.proto +shake256:be1ae530ce5457cf99390111b1c49a4eb22ec4c88a926c88aba17f798283648c5b8c0c19b50e82fc38ab4b86b68b2c7880ceddf200218e8e37e27f66a7825742 envoy/api/v2/auth/tls.proto +shake256:15394420cc45218d6f94c6d4d374afbfaee234bb34f5347c9e24f53351ae1d9702b2e6ee54e212c690065f5ba41e7bec67c797f9f67f66bd73a52646761ac7e4 envoy/api/v2/cds.proto +shake256:8ef3d1a78d916b9aa11b7d1ebd91dc3b8ae11e1c8e0394ace665b30f5af424efa0857fc017ffbfab8180aeda10f374129e77c0649d13897bb3550d803b904a3a envoy/api/v2/cluster.proto +shake256:dcf8ada507f8f3d3bc8e2d27b16ccce79ee4cea169bc664b7a16412816429e4833dc7cfc0c1f9cb93da2857135d9ae785ae595ec16eb2656670d3023e1976962 envoy/api/v2/cluster/circuit_breaker.proto +shake256:c42724147597e47e16d67d23c262164c30794cfb11008029b88608165ef6c28f193f3be64b16024ea38e55b684bf67fb7d1d48b57399669b85cb3be0f4c8dcaf envoy/api/v2/cluster/filter.proto +shake256:641cf1b144e9467ff3a518dcff9303974f5ffd7320833992eb1040b670492055bf51d07c3f94ad4108419964b19a320d4d17f498094df3476f0556026e729933 envoy/api/v2/cluster/outlier_detection.proto +shake256:94d83f6ef94961e92bb3c07c3cf513e755e03408f15ee290af3047f7fcd79a7a3eab72cf2cbab525312a4d58efa3d6e6510014f2df2b79762767b45a491c373c envoy/api/v2/core/address.proto +shake256:23237102de7fddb83c181d3b7bfa7d34e693bb9b414f2ac87bdde48a4ad1bd6d8fda9c26cab0e13869d1f0285f725b1d1f978ad63e310f1bd81bb110315b9e24 envoy/api/v2/core/backoff.proto +shake256:13cf2aac8defd6070f70fcd106137a8fb8cb8bf27ac53fc76c876b0dfc098faeaaa90c87fc31aa9c22ca16e576764f7bc4f6e6bb15264310ea266b3fc577d7f3 envoy/api/v2/core/base.proto +shake256:58c4a77b91b41262c7c5db6d9883ba32b83955cc7490c326a7393bc2716646af68282476e0ff4605541d9cf6049a6a9ed4bd124c45e3dc12089c4346d86b3be0 envoy/api/v2/core/config_source.proto +shake256:6a143f29c2c8a492b4d04bc5ab6258c80c2aef067cd0382050a6813c950ddc47c5ec763f6b797398c6a2c03be3bfba65b127be9ffcf5f07d3b6e9631c74fc2b8 envoy/api/v2/core/event_service_config.proto +shake256:488b4d588a48823ff76c9be096afec4ca1573a0fae135436a7b691494d6153759f08ba1abf8b108949b1d1b9225cf6ed4fc934bc3ee03ea0546f0e97d3732b9e envoy/api/v2/core/grpc_method_list.proto +shake256:7b95620b8d3fb3c0b67d8bc400d7d1c61492f2ce4807f75ab5f77086925eeae9b3bc1275c8568b2bef90cfb386466168be40f3f67e613cd307007a372e8fce3f envoy/api/v2/core/grpc_service.proto +shake256:8f651da5a7966d944fb75b1d3a2c245101cb3cdc4883d2d5ba9a54440a6daf5986f92460c5e8f3f439198131246891093ad1aac6f9d70a32d8ffec3834fc030e envoy/api/v2/core/health_check.proto +shake256:662c11e025424aa76f09f82c7f4f374398d62c59b823f2ef865492b54e0560edfc04b989c8e050f0b2e62d7bd764aea4374859a4fbf97f20d6adb50563c4dcf0 envoy/api/v2/core/http_uri.proto +shake256:9c4b1b16e8883e5a4ab925b8da52d27e5ae1891b5391c9416c01e8ea172a34a9786000c15d3728f031f548101d9f2c4cce42fccbfe603c7189a9504de48e0ae0 envoy/api/v2/core/protocol.proto +shake256:4183d9068d64aacc842a36e6ea35f750e7f08118e1b9a8bb9da1aeade8d4a462dc024b226489f5918511261d4e023a5e7676c05a4b91624dab490df30cb6b1c3 envoy/api/v2/core/socket_option.proto +shake256:87a9f435ecb6daab09bdd9d1615fc8883c3b1951b9dc35e5ac2421e68c749893cd1bdd266bcfb21b816e6518c09e623bd08c3a0d519129c85686fb3e7de92928 envoy/api/v2/discovery.proto +shake256:119c145cf6a5e4e18331364889c9ce3ad897293b9b5a79a0480d566f44338a6781ae5801df1f9e9675c78d6ff4ed1eb91e7f61e7dc3e075855a2ec1b6c6bc024 envoy/api/v2/eds.proto +shake256:09e85cf3be7bb8b48dedcc2f0be2729ffa3e4f8bf3a62477adaa8bbfb096b6bc54ceb3a214f0367bd1e629d27db07b389fc2051b3bc106438f1ac37f5ad8b824 envoy/api/v2/endpoint.proto +shake256:d34472c35bbf374d27edc187d7a9748623b9f315d98ceda6c98a3efd883e8d643711dba2e7def8159a04ea8d32a70a84caa1bc4701a19ac7ef412ff6c74ed474 envoy/api/v2/endpoint/endpoint.proto +shake256:41d9f97e89161ba8aa2a398c753b6692bed579d1abec9df50782c120410a8ccb1d382e70729486028036d5fb81aecf784a5f87a03335790b9a6843f2ea8b3fc8 envoy/api/v2/endpoint/endpoint_components.proto +shake256:b47b6d2db7d09e3059247b3620abd6dfa60be9ed18f53336f5cd0f692a8d5dc98393b20f64461bf440bd3d6dbc92794104e6c56c6021599e31b91b60ef6a66c6 envoy/api/v2/endpoint/load_report.proto +shake256:639c987ea02b03f1c4329299df8fcace9c807fcff8e1fe2c651f1f8110bb39d401c9fae511abc9e8b0c08c2c00eaf7ac6116d64fc428cb72fd116064a012b01b envoy/api/v2/lds.proto +shake256:20dcee2d61c25ab8f6ca81f5dcc45c32bfe28821c419f91a1a013a9afd0a5d2a665afadac356922af4f6fc1807ca89f75ec84703ff04ccb30c5a7479f57debd6 envoy/api/v2/listener.proto +shake256:3660a7db469f0a78a086f2c9a3ea6417ee67fad8d8f66f6df255c096780b2f9fac4058f69fafb7b31bb41371be08d49df8e4dd7cbaab57dc81faa072a0b2d961 envoy/api/v2/listener/listener.proto +shake256:01ed343576226520f26c740fd0ff17db2c90a3b40ceb767b5dac115a5ddc45da4fe8bbba5bc07cb5a5b1b1c2c4ad1b9e8bc9f9d789faa245c4b689b4ad31efa1 envoy/api/v2/listener/listener_components.proto +shake256:9eba07e2c57d6721e5c21bd25db39e433e6beb2690f19cc35e491b6ee398a21c602cc66f5c4998bc671c6c60935def6e9fdb78263ebf619a5ad9c5cd0040bf08 envoy/api/v2/listener/quic_config.proto +shake256:bce97795ccfd54cb5517de97a66f625d6358e490738a83016ad6fc352258bd265962bb5cf02c9c53e40130ef02aa0271c766682588b3bbc53c518da9ccac6d88 envoy/api/v2/listener/udp_listener_config.proto +shake256:c4f13154764837590c09419febc8778291e5de10cdca3b4acc72cda616a6e1f542e0ac7183aac0f37348c9761ac3a506fbe657432daba38469e9c6d7d9237b37 envoy/api/v2/ratelimit/ratelimit.proto +shake256:5109fdb17b9347ab1483afac5e638422b3164935fe79f691a8f371adc240c60430a85caf88385588957e3c07d1855bdc0ebb391940b6d5201e1bd3a0c9f28434 envoy/api/v2/rds.proto +shake256:0eefdba40313bb46ee9d204281aa7bebbd8e21329ebb752dbf82d29e0213e8d76d0139a50221d34977d8fcd3bda842cdbb160b55f33969256e5ecb5c59232c09 envoy/api/v2/route.proto +shake256:6b3fe64c7dce23224bed799cdb5162b71f9152b4020e9a002decddc9f8c366c58e21b3c03d681c643c79e78e8945fab211564ffeea0a16e5d8509b7d3d66a8bc envoy/api/v2/route/route.proto +shake256:f236b4f96272bdd8ba4cf24cf02938cb51d915589dea4bcc7a03923361f616bfc4c5ed05d63e5437f8da95a8d423c391d61907e862f445b3f23b7bec07d8ad9b envoy/api/v2/route/route_components.proto +shake256:bc9898fe8b4765b8bfc498d32721a1ed0209a5420d351825522e73c0dcdc915768c5d88eb3b25dfadb6168bbf9d2cf233620950c32f38bddc382527cefa5c259 envoy/api/v2/scoped_route.proto +shake256:6f247444f93f26c93eacb2890b7b831944c5187ebae43414dbe1455abc2b49a7f0f2d965d787b5db9a6ba585d1865add9c35b4ece5fdeeaf08bab78752d17b6e envoy/api/v2/srds.proto +shake256:11e4ff5a2c6dcb48b7d58a3d37bf0ee7cf0c9725684d856f0a0a56c7d6ad07d67478f8f8b3afce1f5634c3f18ba5497f44d902cf931e1a5d01dd78b639336889 envoy/config/accesslog/v2/als.proto +shake256:f00cdaf3138ffede9241f899df44d894016dc547bba274e945eca8d923f158d848ef208fe3271b639ef4858f8e7141ec86461af7a35259fe265fd76d9aad29bb envoy/config/accesslog/v2/file.proto +shake256:c3a06caefa9e50db33112179456b945e2afe0288391af79cfc591a19ddcfc303a5ab49b43da11a334a728c093e15f0d2c733bebfb34308dc41c37d81368c828a envoy/config/accesslog/v3/accesslog.proto +shake256:f17fed4317d85246c5b637ab098c1ec900898a4f1a6de66bf20cc4916d91b19fbfe94b3b8008aff5898f561affb1bf7bfb244a1cc8984928c2f246ffd7b91f63 envoy/config/bootstrap/v2/bootstrap.proto +shake256:049d53fcd91c08eb6e624d16ede0869b16c1dc95b200c6c9238827cf01317d0e7f2a6d5a40e8c380d58e449ad8804458708c5b63186cee722868902f01d96667 envoy/config/bootstrap/v3/bootstrap.proto +shake256:ef15d2b7031d8edb952315f6f4dd986f1ca0137662cbf58466fc1ae58d9daaa396a6f79be8da1c5de511dc7620c29dec56ec4a1ca9ef29c1dc24de71da2e40e0 envoy/config/cluster/aggregate/v2alpha/cluster.proto +shake256:e96c45cc69cf74ea9fa9ce48596722f01c84f8164b2c8b213a1c901973d70cd9f88a797b22b83423bd548efa3452793495f5f730f2d6c79a3cc4de88f1e23013 envoy/config/cluster/dynamic_forward_proxy/v2alpha/cluster.proto +shake256:f88d1d71037a70c72f39863a5a9ec8d65ded375d725b7e416d36ec233adcd670e010a8b024c755835c16899a8e4c1d00ee24eacc7bc51c778296d6c5fff1fc8a envoy/config/cluster/redis/redis_cluster.proto +shake256:10a21c816540ed52d9dd7002be5d269527d7927a5b55acff457c434c996df2ad57355f996157d4e4fdab2d6db7f1a80c5f1ce94115c3b31cdef782b5c7d26b7b envoy/config/cluster/v3/circuit_breaker.proto +shake256:ebf748fd4dcfff091c2dd3e683ab0cbfbea458b8fc74989b53812d68e37aa595dbfaa781e456f98ca651ddb53629f52f4908d58a5e4d733b506977b98628c1a7 envoy/config/cluster/v3/cluster.proto +shake256:b3be2cbe299480ca14f70ab1684fec6d05045dcea3359785a5c9651036aa8c216b927a23d6107b5c1fd86b6e5bcbb204366562bc7356bb634584ddead1bc2ec0 envoy/config/cluster/v3/filter.proto +shake256:98b1c26901946bf3ffca0a0528724578ea47c176c8de0354aad5c4d2daa7a8436b3b7444741d8645c9ce01f679b1ff83a22daebb1060af8bad082193088b4242 envoy/config/cluster/v3/outlier_detection.proto +shake256:238687121388f8ec3ca6be644812aa45483557f65c5a22f97868ac71fafb3b6770a8256bc28b1f56286d959e8316227035b2606e58aa4b0fae141181f665d4f6 envoy/config/common/dynamic_forward_proxy/v2alpha/dns_cache.proto +shake256:14212536f4874aa3d72398818186611af78b88cd84497439e90174013822a27b0cbd476f0dba6d18be520d6e0969e8a2649530dc89313fdcce7272cb7317a51d envoy/config/common/key_value/v3/config.proto +shake256:28c06b8f90cea66a7771273d37ef26ff3efad808ae1f0e21942e0ebb3d8363216529bbf074e9abc89873512f7a82abd697c401f3df12302fc7dc1ae00b169697 envoy/config/common/matcher/v3/matcher.proto +shake256:bb688fa3d164e48efde9a75f15dd7b27477008fecdf1de1507fd0b230418349e51045dbb409c39c07bab2ecd1be4f85c044dcaad213c998b59e0c3a22b04d3b0 envoy/config/common/mutation_rules/v3/mutation_rules.proto +shake256:cbad07f379e55edc8e8cbefff8799dee2698ef277b0f8d68d8e4a040cccfc877d2bcd19ca008021ebbc796148d0e7bc01a5f8b6fd1a5dede10e1b1b2672f202c envoy/config/common/tap/v2alpha/common.proto +shake256:73444cf2252aa017397aad84c2d17a10d810ceef573f69a1b8977b0b5f54f83849229f5eed46952373b6fb900cc3c03c38c0c645fc23241e2bdc8e63caf0e08a envoy/config/core/v3/address.proto +shake256:fdb34f03c4ddb608eaddf33afadc37719a5844bc0f2b0a3d46acdd3a47e03766e7b0021067c67f2f0f1f55e651e0c7000b9e4d2c44aacef35c0f71b016416750 envoy/config/core/v3/backoff.proto +shake256:ae28b55a1d43e246e656acdd267aee16e19b6ab15c507b928417b17ce81741a6cbb4cb72da3cfd5980142e16aee8468122e34febd659868cf0e4cd077049470f envoy/config/core/v3/base.proto +shake256:8226bbfb813cffa2b928184a6eeb04043ff9e554c0b097c2b1fb3c607f3c5b873d628dc9a171f594af63315d155845e947db3a4790c636975e51ed0b8a629579 envoy/config/core/v3/config_source.proto +shake256:58094a58339d6781d0d06e48e32ce262aaf8f79448b624a9ac2792248efbd1217c6606c493ec80226069b95efd89e9fa25357a8e76afe0775ddecd40f0ad7d78 envoy/config/core/v3/event_service_config.proto +shake256:fe914c4817a48cf5e7ca7d9cabd28f99eee574396cc29419ca282b75a126126fc4a9c417fe5f702082500b0d9032586a4c7b50f4810ce34c2c1dacef2ab48663 envoy/config/core/v3/extension.proto +shake256:b8c9d6866b3e14f1e41ea50d6977325cf48575bd3a815cc36077ec0f631a69882b3d168c7ae39717b93102a3f3285dadee6d1e0c4aeb461399ea649abf8384b9 envoy/config/core/v3/grpc_method_list.proto +shake256:d2f80ca130b2ec005d4200041e4df633e76c95e48f55a7c431ebdcc68fac696c44c030d03b7e46852bf16e474662ecf75a3889c66769ccbb8cec0676a54c27ba envoy/config/core/v3/grpc_service.proto +shake256:5349873fa626d6b23c9a2516e423a13270eb21d684ed4ce3c55bcaec190ff659d0dc9ffdd76292a86db5a7f03f66824497dbb95a0d087f98cb1fc102c8456329 envoy/config/core/v3/health_check.proto +shake256:e72a9109cba19d603c43c8a5e7505dc1d710e9a8f79b135190c7e50e570b728df279d903f13f5c6aa5149f562f613fdad442aa327466650443ad43baf747fb2e envoy/config/core/v3/http_service.proto +shake256:ee0b0b1aeb239c4327f288f4b00507172a97cfcf5449c12d9abe4ee71a07534c6f80578568b0a445a6818604a3cb44e3cf640f66dee9fb212dff8e31de9f3309 envoy/config/core/v3/http_uri.proto +shake256:795dd3264f9e074b9862a701299bd1a7a02feb95a27bbe36cf2dbb7b868690a14b411b38762ef399487148b25107dddda66115c1ff1faa7691e85d97e79db831 envoy/config/core/v3/protocol.proto +shake256:61f1b85edb51bb32d23e837e7e7e0afbf932404b95d1c16af96453cefdfe028687637d5a5c76e143977462984430cbfd57c1678f0ce8f7269f3244d6c67cf382 envoy/config/core/v3/proxy_protocol.proto +shake256:8dc2e42d6be6f5e608487cc7a5cfd89670edc9a21be4ece3bbff666939f36a2ec7d18283cfa43007557e10e59a603e9844d8e76ce528e51e5d7b79fbfdd041b5 envoy/config/core/v3/resolver.proto +shake256:600c407b3baecc7213d993c5b2c76748c396b7c197de79b94e12427201633d5c5e900dcf1fb3de264dd4ae90c615c8c01194f43d690381f2c79d7604acefc098 envoy/config/core/v3/socket_cmsg_headers.proto +shake256:54fb8bdc367e04a2b306de2e85bcca91f79ee21802d963ea46a5761a344e3db3666600f3c860fe7c18052aae3141b4dcb14e9449e83adb08036e8b2e5848658b envoy/config/core/v3/socket_option.proto +shake256:32a721faf6deb51379e2b04b25b5d7d268ef4eeea27e3aa04bd5c107e7bd4dfc5754a69c396071be04704e522ae1c8824974fe37088bda9f44e8b13e71addc61 envoy/config/core/v3/substitution_format_string.proto +shake256:ca4da0953d0209d8c791e9d9eb1910c2d2e577a467348e4986a8c3c341db38e52516a7bf6dc4815ea0e8d1ba7566e314e50c89f3d33ee217b19335939b1142d1 envoy/config/core/v3/udp_socket_config.proto +shake256:1a0ca5a66407e1b47e10ff2cf985c06bee26dd94d7b523c013d51607b3759a7dac919d25b919d2d31a14f60577afea22b547199dbb37da79e2d905bc0ed64914 envoy/config/endpoint/v3/endpoint.proto +shake256:bc7230279430827c44178328ac2f86730e8ae6e9030f4bfe6e5cbdfb3207fad0a0b18608caf5d432dd4a7ffadde46a1025791ae3995d3a57178293d023d2d574 envoy/config/endpoint/v3/endpoint_components.proto +shake256:ab22092143f11a2bb940fd0a240fc9730e3441ce6c9fa0b9655877da59372d2fc1c3fa36aa9f9b68f7659b27ac66d617255d3810f869b5bba5ab41ab4107792b envoy/config/endpoint/v3/load_report.proto +shake256:2d64307e37f83d7f3d7d7702252ae62811016f56644599787a12e0d59c2a414e6454f8518fad20079a195415d543f1c8532615056f5d1aa58f39d38d0713c509 envoy/config/filter/accesslog/v2/accesslog.proto +shake256:2e04814e594b2f7b966528e191ec9c9d7eee8b81ee070f8f1ce057829aca88bb877666a67534989dd0fc653c86109caf2113d38b5276a9a4ec710e30b303c37e envoy/config/filter/dubbo/router/v2alpha1/router.proto +shake256:cb4a510b6cc2d26c941134827154e1d4f9142add0d92470d7de710bbbf26dfe696eba02d256d97e93c874a4eb3f8ea4215cc1f99a4b478085d044dc27f8f6faa envoy/config/filter/fault/v2/fault.proto +shake256:870cdd98267a9028f41edcbaf811fa8ffa62cf8a09f06386769c7dd46b9e43c7496184fc551ee23dd43e3c37bb87405d599634a0096053d90a5eadbab9c0ef15 envoy/config/filter/http/adaptive_concurrency/v2alpha/adaptive_concurrency.proto +shake256:307f7ba037584aa60c116ab81bdebfc57f955fe2aeab90f71ad08afda92d14cc5ec93bc180e5e026ffb1372f42c9ab610d1238dbd0aba4e0a7fa13b588834a61 envoy/config/filter/http/aws_lambda/v2alpha/aws_lambda.proto +shake256:7837e63e24ef6969166ad19d00d825827ab4f33cd2cdc1d314cdf307130aa4f99642be1490b27f395aa030de57e0620e50436fb4b2915238a943134fdf1e0a03 envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto +shake256:993900853d6c5b14b2778802dab83b56056d0a8862cc00fb7ae981f249f037aaae42ec53eeb447275152a83a9825a562c2dacc8391b9550e260f651155e0c700 envoy/config/filter/http/buffer/v2/buffer.proto +shake256:e17bffb8959f0ebd69a5f76aa1fecc5c149a52c8883315499788cd3832aad4a9ab4028aab401d10cd12a54c618ee48e1865a8b7dadf9b174545bda38ade11fd8 envoy/config/filter/http/cache/v2alpha/cache.proto +shake256:366ce40fc1609240c011e89743df49698f53243e673279cfe6df1a3fb5011ec1681a7153670b5a03b401718f26686bf96000094f7c0360e3284754440749c517 envoy/config/filter/http/compressor/v2/compressor.proto +shake256:7edf20c50b174033cef65e0b7546ea572a3f5306bd0106fd30eacc18a82efce49ad9d30f6c39577f36b97b373b281c4048cef86d5ea4bba5075fd2b29c8e1cb0 envoy/config/filter/http/cors/v2/cors.proto +shake256:bb31e2ef037ee26af526662fce06b264b2e166f742ec9f32bf113dba81df5e2a76f033db03d23df77f4417593994502508fcd2512f1dd95928b84969a3ce802d envoy/config/filter/http/csrf/v2/csrf.proto +shake256:1d9282eae617b10bf59dcb7633be402cb61cbbac9285c9e5677218f48bba048a73f459d28ec8b2b7384de99a8281f61fb58c4227dc250b97363860cdd168044e envoy/config/filter/http/dynamic_forward_proxy/v2alpha/dynamic_forward_proxy.proto +shake256:76db280e6229da9e4ae842fc296ba18cd72a9e803c045380a7353ee6f765cb69f4c129b559c22ffe920c7f2437f0404a61ec0108681051b0321fba07f894dbe1 envoy/config/filter/http/dynamo/v2/dynamo.proto +shake256:597e702de8f7a40d1fd9744bacce3076dec835378127af4c19e336e480332c0f27da7e4d5b76ae77f160bc3b5088d54e71e5e65016c97735b1c2eecb511d62df envoy/config/filter/http/ext_authz/v2/ext_authz.proto +shake256:d1b6d7c97efce1de7fccb2ba0472bdf62a20f4d0a716450549b03a3dbf405c4a1592385d7195b629ba43336a6649161e832933f3df2fc193aca16cb06d6b60e2 envoy/config/filter/http/fault/v2/fault.proto +shake256:050055233ed4396d983d99b84e8f6a5c3b0d77c80f7607ab28848156b18e268b57419282cb21d44a877ee43ebb3ba95ccdab886fa861a581e51daa3582ac815c envoy/config/filter/http/grpc_http1_bridge/v2/config.proto +shake256:28e5bedd6b62b170f46454d53864405335b83e56699060794d6b2fd6c41215ec056e13dc69726bf576eb2cc4e5e0ab3ea97b29d31b82bd343bc3715ff3093482 envoy/config/filter/http/grpc_http1_reverse_bridge/v2alpha1/config.proto +shake256:3d7cf31ebca862e3f338116034e2e553a3bb02d824e5c60d36dc16329c8c89d4f983388a6701ff5f28f2836c7504ae8dc4a547c750e61fa2b2ec804d7afdd172 envoy/config/filter/http/grpc_stats/v2alpha/config.proto +shake256:4451c917e256788daea0ace8618859b6d92078cb0f4a521c5f37aff6c1f65c643570375af579af06088bdf134b5d478df3300d0ec1c8499f4675ebe3701c22a8 envoy/config/filter/http/grpc_web/v2/grpc_web.proto +shake256:955bd5acf952e1c646307d585ebff1ddb4b9e12a7c211cdbd18683f9c5ec86bef360d6d501c919cf23307575a4e52bb7e1d8269a6bc13a0895d465067ebc542f envoy/config/filter/http/gzip/v2/gzip.proto +shake256:59e8e289a11351075573f2ddd7a37db76634c8948ed3e6ce6700086fb333c2c5fbb699c32a2a8a953fff83e601c78cd07e1c190b1656fc54c96e580f4a07d2f3 envoy/config/filter/http/header_to_metadata/v2/header_to_metadata.proto +shake256:42d4431a3ab45ef6f56608563c40c650ee96b48e840109bc81b72ace5ee088e1730cc8311942f17c3c7f840401ac795527f37011fa0f8baaa71862f1df4ea3f6 envoy/config/filter/http/health_check/v2/health_check.proto +shake256:7d100ed17b8aa3d24e851dd599ee8265010a64ead4583270004dd1e4119a3347a12ebf54b3bb1d46e82a082739adae9563d6d4a95fae0d72082c49aaecd651e1 envoy/config/filter/http/ip_tagging/v2/ip_tagging.proto +shake256:c4f71b7ae62f049a5bc935a1ae6e6e837d600b120f1a227f48c26977aa727b2431f87b500ed12a9d8f57e4de0ae17a6e89b7d3fa56a92ce70a0cf8dffdb29119 envoy/config/filter/http/jwt_authn/v2alpha/config.proto +shake256:c0905fa961a0b2650e460950ea69a761bbaecb36f3275501e2af3eab849a118859552ffc25fed71acee9467d821644cf8bc0f63b4b03898cbd409bcf542a0438 envoy/config/filter/http/lua/v2/lua.proto +shake256:ade55f48104a52c6a1a07a69eac9362734ca4d1b2b5b388a723770ac870d9f41aa87a698fddeec5fa5b807e6f3af6cb27bc1306d0c037f2ec16a6316ad9c46e0 envoy/config/filter/http/on_demand/v2/on_demand.proto +shake256:c2ad802957739a45a3aa91759fd5d695873aee61068f8a038f052062057a991d5df8c42940a6f18c158e605702188ce8ecbe8c8fabd108597fb4d153a361b516 envoy/config/filter/http/original_src/v2alpha1/original_src.proto +shake256:7a9da6e3d21b951381677149a4ab86cf91c36da9941460b9f0a5779756a8e8420771414f1a7f8ecdd9d11711e96641c5a513783fd73ec32ebcb78e39a20f6bca envoy/config/filter/http/rate_limit/v2/rate_limit.proto +shake256:f3a1c6647ae372e0b96759e4a81c6a0d3b200e3065f30bd68f53afc8196dcc5e5506bc3e1b87b7fa9f55c6300c2f74202ac6c693558d5b9e129ec356dea99418 envoy/config/filter/http/rbac/v2/rbac.proto +shake256:413fe9d15a14a89a22ce071bc25638552237e23446df0a201ecc174cdbc01b002d0f1214f9229a7189b649d26bd1a074b2ec14a59ba5c883654be8028f79bb03 envoy/config/filter/http/router/v2/router.proto +shake256:b6c5109ebaba66d44558c5b42cbdf0b7a2415bcd33350fa1b3bd87bfb79a57a1cbc1c53b745b3f15d2ae8296185973aef15bc6c35651f054f8f14270c6836fc2 envoy/config/filter/http/squash/v2/squash.proto +shake256:396fb5d3083f51ee0c11021b3c8f12795daa40f767de6ca35259c02710fda3e074777e53b4aeb6d1c0f2df8d12d82e54b211a2bb68260914de7e99176a941cda envoy/config/filter/http/tap/v2alpha/tap.proto +shake256:5b8b39f989d4085aec086bad0adde86332f122d5a7039bd417971ebad896c6b0d3f954ef2cf20f2db3e144fad5faa647fcc4f780855c73610a476ec2ff8479a2 envoy/config/filter/http/transcoder/v2/transcoder.proto +shake256:0d6c3b6012f347a164577edd8719c672791fcf42bfaae8801ea78358f1810948ce8e96f160bb7c0cae6d31e599072b15b7765efbea24b4b66171f654132dea3f envoy/config/filter/listener/http_inspector/v2/http_inspector.proto +shake256:ad9a5ebe5ad5dfbcd7cb9ca60512f309b7977f3e799916f203d16a0e5ffcea17ad6f6754e1dc0b1790b4b310c620f7f7b299a666165b6226d8b11e0411b26db8 envoy/config/filter/listener/original_dst/v2/original_dst.proto +shake256:f0f087b21bf93903c09469582f75f567815ea9e61a60fc696a800d3dc9a715a2f1c6bdc46d254add4deae2b7e099458754cb6e00b2875068d967cc884bfe4177 envoy/config/filter/listener/original_src/v2alpha1/original_src.proto +shake256:e87549581f5c86532b2bb5f98f7b36174de46c3f06eccd5450f7de62d009ed796d271943f8dd097ee97470a9a21f56737ba0619f4abf6ec72e314a4a6ae45c8a envoy/config/filter/listener/proxy_protocol/v2/proxy_protocol.proto +shake256:22f6d98be5ea471289b31b871ecef036632bb6db471a2cab6b7e5ccc11567a3722f8c1bbdb79e3aa74b23bc5d96330b097749d9010e73b180e9d491fb3075c6a envoy/config/filter/listener/tls_inspector/v2/tls_inspector.proto +shake256:1456550bea1922225a08a3b31c07d216ace78840dcd333d7c0fe202643b55c8e743b644b97f817c70558dccd760ff621289bc20582d521c090b5107d1f7f9465 envoy/config/filter/network/client_ssl_auth/v2/client_ssl_auth.proto +shake256:0df0940ecb3b653bbafe1ecba3506cce4b15d0da8ffa99591acc62b6ccab803fcb096cb468891b5b60c8f02ebec00737a2585e8bceb1103ca27dcc2f0466d298 envoy/config/filter/network/direct_response/v2/config.proto +shake256:dbdd276342dcc3634ad05a1a440099992ab5f3d122e4a02a51e5103115f672650aeec58af6f49fe03891c63199c1bd778621adbaced888d4199bd89a81536efa envoy/config/filter/network/dubbo_proxy/v2alpha1/dubbo_proxy.proto +shake256:1d6d4703df00e15becb0f3482904cb9d9e2b3275958478c0e947f213e3169da8c5cb19f71177337529ca7090f67e44ba8f7db0fcc81c71d2e23bb608f381ad5c envoy/config/filter/network/dubbo_proxy/v2alpha1/route.proto +shake256:02b5ec1c189f640a9f3544ae58b6f6eaf99c995f91290b44d4ec279f7faae01cc6672478f67603eff54dba99efba1ae5b6850f76428a08d2247c4c777b4f0f67 envoy/config/filter/network/echo/v2/echo.proto +shake256:f620691491093a0c4deeaa76d679ab9e08733bcfd5782d01e22d3f013326b9af64dc0dc85abe8968d7da59730c5f6f597ea9c7c0153724077af9c22762e553b2 envoy/config/filter/network/ext_authz/v2/ext_authz.proto +shake256:a7f813dbdfaadb034a6a7332b0255a0e3b22c62a143f04961312762d3abbf1f55bead00e1df978bdd79ea16c8d90d7c6fd485b60367217391e39ec5aab637b2b envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto +shake256:c287f1093bd60b0ed243f40f69dc868a8856f31b36cc3f44790c0ed62e24c23fee9046ff0c55512f5fdbabd3f7fb89ca60d13a90ae0e1595189e5f2ef03febb1 envoy/config/filter/network/kafka_broker/v2alpha1/kafka_broker.proto +shake256:35476c557e6f472b50de17f81ba0acb566e934ae8a1f6b074e5516c797bd9737ae81a44a553af1702b2a29b7a60d41a815abff0fbc960ec4032dcbe7dd0dafa7 envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto +shake256:ff5bdb82fe17ffc5e034384ede8f7be5ba4dda6b7aedcf79e3e2a6ceb15253b2e7468944000118b6a8825aeeac97437f5850ac702a6bd2fd4f8e007050588c87 envoy/config/filter/network/mongo_proxy/v2/mongo_proxy.proto +shake256:6358160a2bb957573173e82b28b78768815df7674e3b755e2d73b28926aae148219181fc7a728fab85a0bf9046ff8a3148fe266630fbd6213583b61f093fc1a1 envoy/config/filter/network/mysql_proxy/v1alpha1/mysql_proxy.proto +shake256:f7871c4be8c05a913f14222ad951bcae6adbcbb8c06e1054d04fa726ceaddd4b9662bbabca46863b0662a800f07ac5e0d7cd8259e427f179e43410e12261344d envoy/config/filter/network/rate_limit/v2/rate_limit.proto +shake256:28d44c0675c62529d36fe6cdca9b6195cfbd79c0a28c5214e7b1a8dcea07098639385ffb8707a569ae7c073d72731511c48aac49d157181cddabe721617eba51 envoy/config/filter/network/rbac/v2/rbac.proto +shake256:20013e3fa4f7dcbfac0a112706f65603465c3a2690347a5d73a5c51186306f65fa335620753d5df37e40867dba5262c848e91983488a492d4df6cdc5834665ef envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto +shake256:8b1bc807c6c7bcc0ce1eabeb73492054766baa72cc282d9586fe31dbcfd605a585eb4663bbaac2569d92883ca51fc185951739cd61c41cbec0e419a00b966fc6 envoy/config/filter/network/sni_cluster/v2/sni_cluster.proto +shake256:dc8c92bc94f230e7fea77366937e8f7434fe3e1eceaf1fa39efceafbf3abc462d24bb1b9e666e0871d03737ed493c13e617c3d155ab739b072f3de16dc953559 envoy/config/filter/network/tcp_proxy/v2/tcp_proxy.proto +shake256:82e6c06843d291a8b5709eb695063c78c7ae1d2c1a2b8b2292223305dda4428b1e7eaafb5f306c7eb15dfad1235e60003c253f7a6a5d2e60beec891f23e97338 envoy/config/filter/network/thrift_proxy/v2alpha1/route.proto +shake256:114b21fa77aecb64aca3aab1c3b7d53bc1e7066340c773705815ab4fde30388db17f015ce9522572c3dff389942faa04205440f7969a11cdeea4a23af2f1aee2 envoy/config/filter/network/thrift_proxy/v2alpha1/thrift_proxy.proto +shake256:6cbf64dd0d1c15d6e2c93f4e4afde9f5d7f451654331fae4b02c921606f00f23cfb0caa36f2f06fb9f2ccb0d9f234fa0cbf03ca0a874b0a3bba922b4505e2312 envoy/config/filter/network/zookeeper_proxy/v1alpha1/zookeeper_proxy.proto +shake256:da300993632e7361d6ee03a7662b0e6acc5892e7e07fa8520bc17cf2522385532cc563b364cbc8273fb73bc03531b346ac43f230b753ac137f2dc7fc42168a84 envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto +shake256:1d3dcf44a5b9aa1d72644ce5fd320c750dd4602cf38fe13a84ded28c71f96b18495917e56a5dc5393891f71bca3694625259f5406be8d534af8b4011b82c7927 envoy/config/filter/thrift/router/v2alpha1/router.proto +shake256:8b64c01228242819c686d8298bcc8cd5a0009f46172bb1160a0b504fcd9887a1d1a16f18f601186ba23509ca27d5fab13dc3ab4dcab7fe5d0ec5afec73a3279a envoy/config/filter/udp/udp_proxy/v2alpha/udp_proxy.proto +shake256:9c1bb39ce93f4f855fe268b2e6d4d54dd73bb2542292e0b86bfaf165d3e675e4d064899b0acc06993e0d58336f3260c16e2c1543dd72e9e0428a0b3c36495e45 envoy/config/grpc_credential/v2alpha/aws_iam.proto +shake256:ccd04514495a977770d0f97b6e366907b20b06daf79b935cea836ac8127e59a5a62116085c4a412751562cddd709808ff87781d7bab9e2f659e563b827dba353 envoy/config/grpc_credential/v2alpha/file_based_metadata.proto +shake256:62e9cbba4ef90857312393ba23c0c2e68c7ddf909fb944dbb82991c11ea9e2156e58cc0597c12e2057b122c1b5eef2de801256ff1185a6fd4e7b7f9f53ac43cd envoy/config/grpc_credential/v3/aws_iam.proto +shake256:3f8a8ff682430a9deb7aed8aba00fb69ba6696e62ae7161963ca11e80e4195db0bb9d0efca69da4ba67e9cd62fbce30ae0450144bf3e8d905d90e2eb2418ce59 envoy/config/grpc_credential/v3/file_based_metadata.proto +shake256:8913cce18ff3029b4361fe7cd0af29f512b44f31cff11c45f213873000f5e246f5376640a4df5818b9e9b1b296e5790a53909f4f50434154ea12b001fb180f29 envoy/config/health_checker/redis/v2/redis.proto +shake256:55c7c15b14acd86d816cfec4ac71c775f41c28059fa30449b2b636141bf6acaa769751f331d3fa8c2deed0c1c4a5b493d412761f638768fdab99fd08467afe2a envoy/config/listener/v2/api_listener.proto +shake256:047590d1b4f17739e8b57fd51ef0a1595e76358171b4470db6d058ef045fe31b4dbfcefd8aff4d8fd8fa861fa235a90e00ae867bfd65a78887dff4d08863e0a8 envoy/config/listener/v3/api_listener.proto +shake256:5b5b084dbbe1b362a90f9b2a9613d300241abe5aa6bb3aa065ebcbf75dd46992cf920d2d2a5138c8b55b4e7cbf94d57ce0a439dc4e32f1c6776200f4ceb35b87 envoy/config/listener/v3/listener.proto +shake256:898dcb73232fc67a2cdd1d61309a81f12c1da724cc3e5c9877e2a1c8f8c4b9f6d170383f7dff706ffc19dca6e09c9cd558136dc75a9cf507c7e1d341c497a293 envoy/config/listener/v3/listener_components.proto +shake256:a11917471e11f29c38dd4650a5a17c27bb52f83a37c27b31f0820da873e4a5bfab148d78d65fe152f954a8284fc29dc4cfb37855c8b4fbacb51b53d45bf3441a envoy/config/listener/v3/quic_config.proto +shake256:1d22bc9a3a0507d33d49885136fbee5c011fd5f74ac1f9ef105c7bca44d0ac9159452d54b8b559e428b8ccf83bfd7870911823678b5a38f44eb2ae1f3c8b1b1a envoy/config/listener/v3/udp_listener_config.proto +shake256:4f66defabea04b57f142cab999dd99555839e1eafd08aeda613bf09565089d4526163edcbd8b645798cc030da7731b4ab9e4c1c69fa9b9f5f4566d11d873cf4f envoy/config/metrics/v2/metrics_service.proto +shake256:381b65015b4dcf88a0b952cc9a87e083818051fa779f8cb7cd45ce92cbd24ca51f4a898bd4d35651962428db7cfcc23bd6203666402466a5aba58caeb3a8ff2c envoy/config/metrics/v2/stats.proto +shake256:a49fbe0a644dadf659afbce6a37b84716587601a0040f177bc88a42e5dc542f7110eafbff73383e2a07815fad1a156edbdeade4e9685f059ca319f2fa98fac7e envoy/config/metrics/v3/metrics_service.proto +shake256:a8554de3c086b2484470c8e4034fdc0e830708d90a38e319b28f9cacbc5cd39328f36abee0ef4d7cc378be2cde369b0ec69925e6836eb6c23c3b82fd4dd3c783 envoy/config/metrics/v3/stats.proto +shake256:00f5305f959618a910e0ffdf75afc0666c5217d86f64db2377b7e5c4c742cdbcbfa572a791db73ac3c4c5c37d3b3b41234c36a4b4b313e6a0bab8a48a4dba3ef envoy/config/overload/v2alpha/overload.proto +shake256:b1b80519ed10cd644f155c72798d6d0f8a55d4657fb61d2de8aab8c821865aa7b60be401f52e6b04157c806772428ea368d36791ded9328940fe980b70e42f8f envoy/config/overload/v3/overload.proto +shake256:89a239eff6cea2da4775f5ba8245b06aa675dd8c55d466537de4c17dca74965a54425b365da798ac31cc2165f497274457cfc8d607fa7872686d0d85b221b4e3 envoy/config/ratelimit/v2/rls.proto +shake256:56a59a28387e09e6e782cbfc68daad166335b3c6de22b367d07981a1d85683405ca5598aff8f3512d781af14e855332eff88cf76472616f7120807bb60ce988e envoy/config/ratelimit/v3/rls.proto +shake256:2ffedca49b310f8130941f9e8de30c1b55f5cc5fcf2adde9db1f041a4fa654fe07c76505d15632304475f0004e9483b3dcc6896d6d7438e21f188c5457fa4c62 envoy/config/rbac/v2/rbac.proto +shake256:b1cef5fdc3d1350e3f96bc2cf2d14909e19dc8686fb620a42bec19fab962d6e83a1a532b62d30e8ab5256d6809510a88722c4ee872548eb5d01f0e9bd832e3c5 envoy/config/rbac/v3/rbac.proto +shake256:9d482847cac75e699a0121874df7d06db534dcd9267f6d756691929550a8bf1c2ea73d85eae8ad873e0e7fc27872d06f07402ae8ea3b6163df3d4803b23b5666 envoy/config/resource_monitor/fixed_heap/v2alpha/fixed_heap.proto +shake256:d54077cd2998eb60031387346af05ebbccc9fe88e3b0d6f8d4a6b15ffc3f065b0741f42761ce9c3e6cd8d922ae67eb922c155f5490f0a2684923b0c70b1a09e2 envoy/config/resource_monitor/injected_resource/v2alpha/injected_resource.proto +shake256:864a6dbb71a9dc13b1f4724b7cf798208ab247d5eb4c51a3067fd7bad1e7c871c8c0a0c6cbd753462f43cd911f535756d23e24809848f4fdcce86ce58ff8c4f2 envoy/config/retry/omit_canary_hosts/v2/omit_canary_hosts.proto +shake256:42fcafbdb4d49cb14673cc7e2f1d4d12320d5df4f9ad5ef96398ee7aeaa0d731fc5e7fa8ed0c6d8eb7153f89b5eee8512eb94bde1c9ab42b91fb322140e07e21 envoy/config/retry/omit_host_metadata/v2/omit_host_metadata_config.proto +shake256:33f92a4028d3695fd5acb12636463b5d3217fe99aeecad27aa46c9888347f193c9f8b1c71559d8d3e999eb32785de600478db13e2128f559c3dbdecc44c766af envoy/config/retry/previous_hosts/v2/previous_hosts.proto +shake256:9db8237cbf8f7d69fb0ef897855f00e1b6a6517fba00f5972df3495948cc66c9a15270099b5aa7c6334d373514f1a9a30af239da352a3a6f718cf24ba7ddd6d5 envoy/config/retry/previous_priorities/previous_priorities_config.proto +shake256:508f82391d37554846ccfc4f806926470b0b5b71b1684be4c612426cd8e3265a6e8f33b03c26fa7038a0ba931e0343c26b7c34dc3e9325d52a74f9650303ec61 envoy/config/route/v3/route.proto +shake256:d2a94d5b779e9b75c6304545c0f1b7fbd6880270024fddd44bb7490334749e60d7d97fda0288bd27f0ea52658299d2e503c1ac580f161d867231052bba4d9744 envoy/config/route/v3/route_components.proto +shake256:134c73bfd73b81e521e4e18e6627c1c251e27f3df44ff846832d1330a018176583c0d9dd25711b5f2575b7ead00bc1c74fe14a198c49e2ea50a1ac3139c9249f envoy/config/route/v3/scoped_route.proto +shake256:63bcb78027b6c6f14834dbd14170097f2bf50972d5cf0482099b56b2ac8673d2434892cb0f9fff647e0b44ce64f8107eae83b1a3ea799d87ae7c44d9f2f80827 envoy/config/tap/v3/common.proto +shake256:44907bc9d2d03cc048d930b0a78bb6b72b4f353bc9f3a6524f2e93f0a47a2c7234c8299bdc989927d0ca64c593732557bab2d80f47b0c0fca3cdb2d87cc8eace envoy/config/trace/v2/datadog.proto +shake256:bef0bd256ae2d3261475815ec6187b5e852b6a0178d5e9927f526da8ee5d7ef61f4de2639f5ea3511093bde05515b62392becb83ed98f669f3e9a3baeacf203b envoy/config/trace/v2/dynamic_ot.proto +shake256:4637407c3a7a724268ec49ee0bee774f940f60c54d7e13838a12ea9c6115fb34ed56fa20c31ab972a2c9d022616784038e940d2f40c43c0fbb3b85bc9f53bf36 envoy/config/trace/v2/http_tracer.proto +shake256:e86033f3fbb58c172f8fc1a5111f060e09aee3d58d1454955a7d8262422de2a4f1a692456696aa46aae0389f4106738412ed50d067815e30b00106fcc7061006 envoy/config/trace/v2/lightstep.proto +shake256:69abf1db7b6b8ab228edfcca9b0e46831ab9b9374979e609a86bf2204df09d906b33279905bd04d9ff62d4f02c94a3a9dbedb042ba6e3dd96f46db72e5c9f67f envoy/config/trace/v2/service.proto +shake256:db7a4656ca79bb7a54e54e6c6d0c7fe39871f6333f32084aceb29823252bc2bca6090d1f79bebf9c0d2cc9517cb9bbf730003164fe278bdb8777765738320a14 envoy/config/trace/v2/trace.proto +shake256:57cd057a541105aa9f9188ce8135599b752cc1297823951edccf8bf4ad7aa45ce5493f923c7073738d524e9a585090ade1b83f75b6e103ced1dbacb7f8e89a12 envoy/config/trace/v2/zipkin.proto +shake256:14278856f8d450a326b53fd4bf1e136132131664538b2e6d56cdb2c0964c4141c959c1ab0670f6dc53cf84341f3450cd02cdf9fcc0086883648b642648298cda envoy/config/trace/v2alpha/xray.proto +shake256:8d3b5af6ae067de523ffd978d48c5d5426c091552276b300c62c4b2e4903bdc33b1b1b3245cf23056875ccb4d744b676cf7e23f2cfa5aa1d0381458174a21ff2 envoy/config/trace/v3/datadog.proto +shake256:6b579882c08e28fb21fd011c98212afc0edefafa702dd6bfb7545c79d105ae3b5abb8d150246aab75c67f9043c1c7a697b71da38dfa012fe52eab5cb93b477da envoy/config/trace/v3/dynamic_ot.proto +shake256:1125570b23390d44e86ae7a592edeefeafce7821b5281748cf452660d73c20022ce1b3ca8cce1e364209a201b57ff3d5cf75b69be828572475720122be764cdb envoy/config/trace/v3/http_tracer.proto +shake256:a4e359032b0711c7e2ec3dac5bdeb45b4910d590096d1f16ee559bb9210b0c94ab61c3e86dc9f85c6c2320f3769cfb97fdcb5d111af3350ac291c53343587c53 envoy/config/trace/v3/lightstep.proto +shake256:8d2592412d61a247b4c69a91d3d5299ac7288ba6f134c5b6f09f513998a5e7a21e24ca29bb8e8bbffe912af284a1b33d7846b7fe805052ce05494aaea2b2c269 envoy/config/trace/v3/opentelemetry.proto +shake256:c0071ad84f5e61f0075857b2635f283e4e8e62ca3b9c25e0a7a7fa88ef9ce8ffe243002a5633389ea76f772d1a3d9e44a0a385da9c80aa7880f19f2119764421 envoy/config/trace/v3/service.proto +shake256:a457e40b626a98e1714ca795c0f4c1e56c9efefef26b15b62dc0f1978e957de8e3b99f2a862f7b4fd88fafee15e50189af04cfd3c8b2bd8539a0bf0c9a221a74 envoy/config/trace/v3/skywalking.proto +shake256:d0205fe3c89d1f582db76034f79b0ffc035a8bd2c0d6c1b2fa0a080c9836e3fc69ec5c01d2ff82fdb53d52c27ff9e55f424535eb83b118a5bfc4b96654d41f17 envoy/config/trace/v3/trace.proto +shake256:719e4642cbe678ecafd1338699e9535aa6d448bc97ffed191fd59263dd37ee9fc432d7b7b9f7dd2303b1f4eb87416a237ce1d6b76f8a3321fa253e0167ff6a7b envoy/config/trace/v3/xray.proto +shake256:c8c66d1ff533c2b66cacc300d07c03d7e3d2fba6f98204a7b19739bb3411d64de521b48fa071bb30b49b74105a0d848e14bd8c8cc6117b8af917fb4c7ff8155d envoy/config/trace/v3/zipkin.proto +shake256:72b952cd7788414d2b15680e550320cacb9c2b05f41eebd366a352bf9a8a196bd13dfb37ae05c61d1dce10e3c20db7da9e08647cf1c021dbc040a06b7796f313 envoy/config/transport_socket/alts/v2alpha/alts.proto +shake256:791160950506e2699fca23d4f0a0064aae30c3d30ce6573ede6cdc993b7eec4c118ebfc80850b5dfe907cc8a2af039898741cb25a3b02fc1509e793c9c1c989e envoy/config/transport_socket/raw_buffer/v2/raw_buffer.proto +shake256:d3a0e662e7812372f28a70493a537c01d08628928062da79a6e328e19dd3d40c8376cf811c14decde7bad578a0123f3439be78c6665a1310d6ea3162a55ef556 envoy/config/transport_socket/tap/v2alpha/tap.proto +shake256:a384da635a4197c3cf8ac48f23e764ede9767970455bd7cf1323a18593efc4508198480c9d1cb36278c210d82d519b6e7822a569fd502eff74509802974dbae5 envoy/config/upstream/local_address_selector/v3/default_local_address_selector.proto +shake256:d7f5be3b0700a9aca56b8103381e2b6c492798c086fc2169808c5b6f57798d6f5e9ed0b2eccf7c2137aec6611a5c7e4e20bb7878bb80cc171fbd2ff0dd39f798 envoy/data/accesslog/v2/accesslog.proto +shake256:86c5b4103f030330711b6ae526941356cf190aee38cca1ff3da062ef5bce4ad78c7ea2e3b5193823e1fc53d4c33856249c8e848d417100f5caccd50f26ef52a3 envoy/data/accesslog/v3/accesslog.proto +shake256:678006c89c679ff2bbec15ea088af73a37958d828750a0a760ce561b0ceeab7fddaff1db91bc9abd58c64896a613149eec677169bea9bf49e2cca9a357b2e834 envoy/data/cluster/v2alpha/outlier_detection_event.proto +shake256:ee04b813c98e80ddfffbb24402adc26ea381b319e15c9c311ee9c718d4db80ad89ecabdf4ed455aa025a8a31f8c05a9508cbc69046e6ed48c78fe05d8b17914d envoy/data/cluster/v3/outlier_detection_event.proto +shake256:4949c45e24893b84cd2159ff9bd7abb5493facd0418def75117e1e512d142a8fef8e73e7b2a314621997df36441ccfd9b41d02ffeb114bc1b688940a56cba2f2 envoy/data/core/v2alpha/health_check_event.proto +shake256:5074d5c9185ae449c6d77e0cbf47b96a8d6f16c693196e1cce340dfeeb78efe9e49a8244d06097aa1c473d6db063d2dec759eacebe84e80d757794d53c36f6f7 envoy/data/core/v3/health_check_event.proto +shake256:fb22be3c902578521d77ca8769f88ced976e03612efe4299fbde79e62c57e8bbcdc79e27621afe121dc1f22e53eb3e681a3c64090a4ece6e88851d90c464ccf8 envoy/data/core/v3/tlv_metadata.proto +shake256:0ddbf0a812e2cdbfa67cffe6f295dddfe3ff1b67fafe2b189dbe56b794f198ea795af6f704b0106867702bf8ae60b1fb641eea702dafeed356514f56ea1ab8f6 envoy/data/dns/v2alpha/dns_table.proto +shake256:25c641eb9d2005b702048207b9e492e3498ce1c42c53954c645389fdc9d276ff97fb1cb63e06d61204c9ebe695fda0d55561d4f608d5b4903ba267d8d7553b2c envoy/data/dns/v3/dns_table.proto +shake256:65f89ef9986261b3a954ceeefd67a70ffd83ecf80fc8e50dab782d1ab212295a7625c96b56f9d277bd1ab96bbeb2c12525b74a32bcdbc2b09d541a86b7dae7c3 envoy/data/tap/v2alpha/common.proto +shake256:61cde86c7ef95ebe901410b910bf31fc2d0be253300932e44cb3b97a83437127df5c47e3c659e0f27220f44a74e10e2c8682386ba61e4e86f7465fa2f2227f46 envoy/data/tap/v2alpha/http.proto +shake256:53a01b2346d8821a23d0d7aa21fd7c134f89c74b7c33c1894aa94f08b59aef3e0093d0e676f08991dbc81ddd9a329a1008cc689f5ea6ac1b00f47a86aabb3476 envoy/data/tap/v2alpha/transport.proto +shake256:891d5bdb9017028abad1e14c68ee3b0e1646f569b97476b8eb8c63d2b781a4b06cb502a46582409292ee431a7e4c0aaf3b28e0272a25e03fbaa56713cb9e6f6b envoy/data/tap/v2alpha/wrapper.proto +shake256:631bfbc49593e820da137679e03ac21405ef7d76e2d68816de0a484bdf0d419f6d72e7d246591904c7712e002e10ebf7b0422c61818d26f1d23337e676f93652 envoy/data/tap/v3/common.proto +shake256:c82a19f7ce291208de13a789ed6d20354a890d763d8abf84c61240efa3dd470ec08ad91ad03621c45314c492b5a01d696db1b6f522863109bf779f5060b865bd envoy/data/tap/v3/http.proto +shake256:af4a3b601313bcce7ef84da45a835ffa25ff133be51f05f433da9758a99410004d8b52e2a695ef3ba6e84efeaf817c501a404c556f2f7d660d721bb75813eec4 envoy/data/tap/v3/transport.proto +shake256:06a9c81be98880bf743fdc7bad0cfbadad1bd333d89c88364ebe24deeaf2287c33be918618f2dfe9cafa31bd85a0e82a1f5c834d0d13ca285835813aeae7ab9a envoy/data/tap/v3/wrapper.proto +shake256:751d80e997924ab9d8826ac8deb4645239f57629571ac7cc458cacb8ada4779999258188a10d9728c0c17961305cb587074c054d6b23391dbfa3852a94a42c1e envoy/extensions/access_loggers/file/v3/file.proto +shake256:87551ab9254c96245cb5ff34c00d54a309356ba00865dfafd7d31d3ee8ac497087f852545238b0ee32a5b55f0fc9282f8574422a6bdcbb1df1877c69eaa0ae9b envoy/extensions/access_loggers/filters/cel/v3/cel.proto +shake256:56b5bfeea1b9589f8782e223818f04fc325bb38825f275cbb89387474f4e7fded90c907292e660bc01f02f2313aeeb19a29c9fefc0c82e031347130bc4fe9ebf envoy/extensions/access_loggers/fluentd/v3/fluentd.proto +shake256:cea5ade650586c7e3d0f5f583c76140ad465de448b21d230b21aebf5b0f6184bc79b12a11374d7672221a612c59a82a23f6061c3bcd978d4cb4d3b7eb321c613 envoy/extensions/access_loggers/grpc/v3/als.proto +shake256:aa1e11e4d509ca799b5c1c6bfc0488da23a4260d1610c9e586ce85230f42953e0b536dcfe207e368fec4bff5a006c00dffe714568b3abc97cbdb488b0df34b49 envoy/extensions/access_loggers/open_telemetry/v3/logs_service.proto +shake256:667450b661666527e11db45d12b9a0b0376e9c8eded7a80cbe8be51d33569ce931ed8267ac4be3d3cf8f1d1d689b3fe8ce52ddaf61fd2942a52bbf550dcbdb05 envoy/extensions/access_loggers/stream/v3/stream.proto +shake256:dc17cdcb684c9ed3fbd22ebb50989ccaba1edaafe8b2788b64c2aabe277a2540c48136b9db30129543b72ccc3835b563c43589187c10d932d24f55efa43d1ff3 envoy/extensions/access_loggers/wasm/v3/wasm.proto +shake256:02c3685ee9a377c8dc2d6dda1e5906e97b78d430219252c734d583bacb37dbe13bc2f7e9b8fe6d3a919d56e66349c076e4ce243aa955d0ebe5bc1dbb8d0d78ba envoy/extensions/bootstrap/internal_listener/v3/internal_listener.proto +shake256:05ea187dada1881335bb0a458e18fcba04b742190fffcccaba37b8c662cd3fe1b1a7e7c39b6ae6b58821206b04e02a2085b533d457549379f10f65a32a071a63 envoy/extensions/clusters/aggregate/v3/cluster.proto +shake256:e3fbc3da2acacca933166dc9dabde689f5f20e29f2b7ab43f839c0b29c8bb5bea668ff8536544d06a5a0020b7c537e3789fe9a671b2e217880442891c899d9a3 envoy/extensions/clusters/common/dns/v3/dns.proto +shake256:b8474a002d72c2f26c487b3f7ff34c9d28dede1ae5deebca5bca92acdc82e3eb084a31405538e2210f87d882cc4cedc05abe0a337497ff6dc211e65c16dcf02a envoy/extensions/clusters/dns/v3/dns_cluster.proto +shake256:7e03724651ff36311b8dc7064d7edd827f2b39c1d84707d9adbdba769385598813dcfe57343b470230c54a1d953ce09eba33b42e1b3baa52e3cc4e9b35565e7a envoy/extensions/clusters/dynamic_forward_proxy/v3/cluster.proto +shake256:5f8a02cf67b5c30f47a9459137ed47a77744906a5bb75baafbce675671109b7038b8464dc2b5e186728bd6360fa0d889df05ff944a21894a27d3cd2d7e38218b envoy/extensions/clusters/redis/v3/redis_cluster.proto +shake256:9a433eba11a7f4b3fa7ec0c57f89f1d8d9bb514953054bdbb6084f8aec89120f49a316d7b5a38b1cd16d4ab69e09ee5f4beed66abaf2fa285710024cb2be8468 envoy/extensions/common/async_files/v3/async_file_manager.proto +shake256:3c8077c937c86ff48ab61d081a0dd12a4f34778e79d77bc2bdeeecafcfc6e4bbd032fc63aecfb89e7a7828872ded2dc4efa515b62995683d4dc6d19c2da07e69 envoy/extensions/common/aws/v3/credential_provider.proto +shake256:51339f7df3874581ea183dceb910f4e78bd2250629a233f33aa536a56a14be29ebaac1724099fd5ab906754edcebf6c8678daaa23bd6576b86aebd418ad44958 envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto +shake256:dee56c7243546db3dcb520fc8c60eeca88376540e5bdbc2a4002dbcf8c61f2c012b17c1e87fc23cc833906440619398fa8a19cf1b4f5cfee4901ccad6c67c8e7 envoy/extensions/common/matching/v3/extension_matcher.proto +shake256:acf97d4c6b5404951c13b3929354bb0613f3cc5cb4852a71f6d79b0fc37a40cd8e0b756a90fc1bbc2a11fd52b851fbd244dae48296a34873dcaeef73fa9ca421 envoy/extensions/common/ratelimit/v3/ratelimit.proto +shake256:d0460fa03ea121f02b6240c234f86f50569c78e1e1b0751d21bdcd3f07e90a1f551cfd6b5b1beb96623f89ca1dd5fa409722e112d8fae05afc83611d37add45d envoy/extensions/common/tap/v3/common.proto +shake256:9da9e3129e59f3177a102a530d9c11b974c06bceb112924d1612993e48c266bbdd32f366fb9dd7c86dbb64666edc716ed8266e00f750d8a729b85a0bfb932a97 envoy/extensions/compression/brotli/compressor/v3/brotli.proto +shake256:e75815678d15ffdfee38535448fe91b904f26d1a2d8e25c3a16197c3e9713e94a5c7c9e893cd8eaf3f0d34f00168aaa53f3bc50a03ba3aa12f57ff98e5b9461d envoy/extensions/compression/brotli/decompressor/v3/brotli.proto +shake256:478847c0e8b17d45ba72ce23d3c0e658e8f479ddb8e70217a2b01f95f5005559432f958ffc1f3bbe524ec1afaa9d3c743f3d7e6b23380863847e37c4b309c537 envoy/extensions/compression/gzip/compressor/v3/gzip.proto +shake256:cefe1d4f68cf744c03b12227f097ed1cb32af4d23fbc72ba227c012da5d06ea82cb1e7cdba3558cca9d942bcb976ef9b71fe65bc80379a9942de1937604aece1 envoy/extensions/compression/gzip/decompressor/v3/gzip.proto +shake256:6970164ab52037dc7cb57972e4949deecda9f9a807cfa875f98cf96392ef3f88c12791bdf03f207885940fb888fc4df0e1f3350c8a86fb6ee0e1492da0d2fea5 envoy/extensions/compression/zstd/compressor/v3/zstd.proto +shake256:e63326da75acfa8ec8373a4f5552d89e171ddea73f8e081375a125a1a0d66f6ec85ade9b0a05fad190f4f5295a7f856fec6c6748e3faaaf356d4b5bab27e6954 envoy/extensions/compression/zstd/decompressor/v3/zstd.proto +shake256:3d8958129036bc56f9b6546fdc0d75d0b3bebbdcbb26b6f267c96f83031abd01bac80e946942cff60f46b3df0586a2f50539074ec4d93f20ea99505e9afbcd7b envoy/extensions/config/validators/minimum_clusters/v3/minimum_clusters.proto +shake256:c6d8f7809023346a853aedc7b74dd1f18dbb8be1dfe43cefecbc74b24ef29ee107f4f115a0481b954e41517f9d5c1d12d1a0eb3563bcdd5202b17d56555d8359 envoy/extensions/dynamic_modules/v3/dynamic_modules.proto +shake256:10d9f4d444b46337f205d8690ab38b50a4b8464aefafc1de2f0871f2b5000782bc237fa6f1934543bf87e9cff15a83145f31f972409ec7c2868c00eca946e322 envoy/extensions/early_data/v3/default_early_data_policy.proto +shake256:787ef67e791a0d0f60d135cbccabe03e05272cd73ebaba87e089eaab68a364da1efd36580bcaafd726e7345d26db688c86155b1d00c720a8b078504622b0e69e envoy/extensions/filters/common/dependency/v3/dependency.proto +shake256:1dc0cd631dc4ab17eb4b5eb919f7daf9b45d61d88a72bdd0888c853b33563966a7c89948948d6454c70c3662282a98d33121d71482babd07ddb13d66cf24e641 envoy/extensions/filters/common/fault/v3/fault.proto +shake256:df574600c0b95f0d3a67e84873051d67fb2204bd1416334e9a6604b12f69c1702988042636741c3979d120a525a098b12c1d976abd0381d4efc97eda88754fcc envoy/extensions/filters/common/matcher/action/v3/skip_action.proto +shake256:7b605d9bfd56c9e08a6f3318733547f870b050a8afa366b551ca8450a668920c817138cbab70909de8abda9149ce897f05069b79c89273520ad27848472d146a envoy/extensions/filters/common/set_filter_state/v3/value.proto +shake256:a9b55e6c62e72d3af670bf20a4272fd029c57f2ddfdfd04f679f713117d8b2d678c1f99321eb3d90b22fea7e53a704ebd2a929b75874fad5a9319e4c92771e35 envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto +shake256:3b505ee35fb0516a12fb2b6a8719392717d0d8edb3b5ca0bc76bff8d7d7f415f52fd1bf7a646aabb476606dae85971fa1e273dae165c400b662d7d3f06e80f9e envoy/extensions/filters/http/admission_control/v3/admission_control.proto +shake256:a78504454f77d6b293890693de4d63ec9ccbb54b5bfd88421221c2ab8cd55ccbf343d8de99591eb5e912cf3dc0cf9193b6b065d4056c32cb2e48c46f983560aa envoy/extensions/filters/http/alternate_protocols_cache/v3/alternate_protocols_cache.proto +shake256:3a1640f66dbc67a20600d062e3b0bdeb164df21765beb797dde519f0fa918cbfdb91a93956172fdd866a964a4cc02b5bbaf899fec9d102e681b241c95fe14c41 envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto +shake256:85ba38d715bdda34415e69f23c54e5e5fa02b5d913d26ac086a69433a16101d445cf369e48ccba09f6ccb7b0c1f783ca3fa41f759810e4dcd85dfc5cb89835ac envoy/extensions/filters/http/aws_lambda/v3/aws_lambda.proto +shake256:16743e9abc094d74cb488491197a0532e12c366aa9ca08f626567d642746c77f51d41fb061812c2e00ece48509131a6d1e0944c3802b62306a320ae73a49a4a0 envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto +shake256:a012539b93b3211ab8eaa539d7e5792c404eabbcadc186a517229c24f109368600dc9fa7101a18216b333310c6c214f0daf76a1d65aa824c7aae8a6c56834550 envoy/extensions/filters/http/bandwidth_limit/v3/bandwidth_limit.proto +shake256:0658d9ac6676216ef3c6a8d93e91d5ed61e9ebff0c4be5bfd1d7cdafdb3e4179a796bb5128b97da5497fe76f13f8b4c9b3c1d567257200326ad0f33275314592 envoy/extensions/filters/http/basic_auth/v3/basic_auth.proto +shake256:206a2c768f2b92f64a57eccf17009e8a6dc212dc7093b5fea083be08cae2f3df5ca3757aa37ee3e5bd4f5c7feaff43cae53e6cfe028ea1c3f3f18859321d0e26 envoy/extensions/filters/http/buffer/v3/buffer.proto +shake256:092c99ed8673f473541343b33d81bc4d0e0e5d5cc1d480ca1a2a99e502a72f91444c69ddec54957a7acf7f69e9a163f99d211a50fcad50d1941a2afea84726cd envoy/extensions/filters/http/cache/v3/cache.proto +shake256:44aee45498a29aab141211300debf8d21ca32b91974b941358765eddaff8edf6a44b4f1f201b9156b78ecaf90fde2e204bbdc4ace89bef75fa30afdd2d300658 envoy/extensions/filters/http/cdn_loop/v3/cdn_loop.proto +shake256:6742503496a716373df6642db049f7c4ccf30b75f97798dca06efcc7a9eddd675beaf4fe997d6efe8a89085706cbd997e005800e9e4c4ce80dc1dfecc310c070 envoy/extensions/filters/http/composite/v3/composite.proto +shake256:9e35d84f0b414865e2e6ca1ecf0ba146b26b9a0da6dd4734ca2d47b272cf23512f00ac05e2c0d3c78c2fc4e43f18e1726c829d90269417cfb4b5be24e41694cd envoy/extensions/filters/http/compressor/v3/compressor.proto +shake256:f76396fc10338f03835c8015117c14c6345e9544bff3300eda5aca31281d342902fdbfc69924318db6c8b22beba6e26b63e04b2de12248f98eeb6dface9a89df envoy/extensions/filters/http/connect_grpc_bridge/v3/config.proto +shake256:58f0a618660fee0d5bb74006551604907f8139629741afeb13d7bde16823ef999a93cad29e2be5528ca707ddbf5e279da17b5c842301ff3de6c6c67e410cf769 envoy/extensions/filters/http/cors/v3/cors.proto +shake256:c29f02e7841586ffc3d141aa7f632acabaddde17435cec01a64ece2e2af896af5686e07da9be15ec2b717f3c8fe056ecaccece3b51417583edc599c48088312b envoy/extensions/filters/http/credential_injector/v3/credential_injector.proto +shake256:86d3b5213890d1c4282fe4b466d3cbc3ab2a8afe6e91c6449b5ed1dde08ce5d7e48fe921551639033d0a744d6f08cc56865386fad1ad61d75e27fac18b550a93 envoy/extensions/filters/http/csrf/v3/csrf.proto +shake256:82ffd0cbfca838b0c290aa200fab3203a91825fb676853feb477c97c3cfd0b92f209e5af6daab0257bde72d859764e46cd4f986aca0227e98bd77023fc4b0765 envoy/extensions/filters/http/custom_response/v3/custom_response.proto +shake256:b6ad74944a6e9d41423c56167880b837e29398140519214771a4620522f8eaf703d17ace4ced56f00b4cdbd0858652c73e6da54bf45c283b4e3335e7bd9729fd envoy/extensions/filters/http/decompressor/v3/decompressor.proto +shake256:db953296292db1568252078e686cda911d3ccca478b6816fd6cf69863b07a178c6d9fbd07703e789408c8dab95c90abc4291adc2128c7187cdc0922e63c88b10 envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto +shake256:f0425c1657f5d21bc766ab56612144f466c193c9557a7ef43170b054b8f5f5f04b14d5fae4ec23a2503b68c22c2d7f30d4ab965aecb8472508901d4f277f717b envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto +shake256:cb69962e85abacb9240973a33cfde3c0751df04be12d99b5c8736416893a6d084fecfe9e9bdc6e6e29831ca852072f21ad08a501d1c105103dec24e7f43a8fad envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto +shake256:351c700fdc79f734495275aa260893d6c24fb092e46a262587b4bdc2ac6ff3ca72882169529598449f54aff03ceb3915e9ad71e3e6b2d0010e93e3081fa87a0e envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto +shake256:8c4419111eb187a571b0ee7b60f1cc436450e5d263ccc007c90e58fdd029c2a5c7db789944e0a9963b1c53d37a311f5ec3e05cf1849f7c794fea38899ea406ea envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto +shake256:943b936172d2c0860b92a0afa56913a1be1352d1271f46602903adbce38a51c7f651d973e5005f2e7baadee6391622726288c0f4b9481db3c1d6d01a6771b30a envoy/extensions/filters/http/fault/v3/fault.proto +shake256:17a99bcf1de1e3157f141247a5c03ee70c9b537ed3b45e255a01952a6492201b82e077f9d30d88266019b2abb34c4f2576aa1fb97f305e2f744297b8573533ce envoy/extensions/filters/http/file_system_buffer/v3/file_system_buffer.proto +shake256:32c11e93a8a0fd4d7d72d3676d66c1a0f14764d7a7df9ab8ac35a6fe8384b1a8a5cdd3bd7662994a51ed5833840855a9495f2baddadd8a29bd06f0fba39a1ce3 envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto +shake256:519184af6a7faed6e85ff545e070353cf589a48ebfd3cf90ba20938916178f73a8d38a6173514c36ef54eebf07a89b2699d4a918cbb243480f411c629b5ff96e envoy/extensions/filters/http/geoip/v3/geoip.proto +shake256:47e47d602ed52567c8ea6649f1dadf18ed958b2ddff78b2376dfc19922a4f01817bae6250660ccf2b85c8fa98ef6db326105d33905c600727e4e7e9084855dda envoy/extensions/filters/http/grpc_field_extraction/v3/config.proto +shake256:54ccc9976e5be2c8496523ee57a6de9c6b9237930e904c43a6531d6d6ff5c88cec12037998ad3a90beffcde8d9ada39d0c09c0b17fadd461dec04f94d8d3f6c4 envoy/extensions/filters/http/grpc_http1_bridge/v3/config.proto +shake256:35678736fadaab25fc9272b2cb7eeef51ad4b9918db5397823fc8acef4a53b16257eca5c8b321a8c76ad75b92179ed78391978d522366baa2d2276d960a3b883 envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3/config.proto +shake256:8695627774888384867f60a36b2bdd64d260d7dbeb4bde5a9fcaf617c436af794050181efee94998f5966bdceeaee8733c6db03b11af64e4487d1a0f4dd1e476 envoy/extensions/filters/http/grpc_json_reverse_transcoder/v3/transcoder.proto +shake256:7f3381d46d2e1b528e101037c04020abdc6d9c63963442bc625d63e9f2acabb81eded6004d731c3e7757469a054778545d0cc8bc9409fe74b7c6e2406311a46a envoy/extensions/filters/http/grpc_json_transcoder/v3/transcoder.proto +shake256:d9a4d41a9792b6012069dca15e2c976f6ddd652efea683a3a55220b846b4bcff6035c1d6e15d87de5c4b86805d37bd289e305047e4577f500cd5a8d944c1ef4b envoy/extensions/filters/http/grpc_stats/v3/config.proto +shake256:3a59bc4b6b35fdc24ec0d2b13aad7e9d87fcc0f2d6bac1173870a993cd643defab7ee86ea754985ef2ec40af21385d002f3ce4a042a8d1cd86fab9348eff427f envoy/extensions/filters/http/grpc_web/v3/grpc_web.proto +shake256:b8efb51f7b329e3d2e96c2aae437cf032560c7fe34fbfaf77a0365d6a5d328a52b69a740867a3ef2ada2181764cf30d101901d7002b95f61550066299ac98924 envoy/extensions/filters/http/gzip/v3/gzip.proto +shake256:f1334a390dbbb3b9711cb629b4e99b90ee363a428192cfb2de8206c7cf0d69e852796baa9e3fa00fb9f40e419ee2ca6c6a8815223b9ce27f28c49a72ea39828e envoy/extensions/filters/http/header_mutation/v3/header_mutation.proto +shake256:9820dba39ead15a6e5d67d9424be4c793ea6a035c70ebd1ddf88b4e12d7215c893e3250093ceefbb25bef9588d343e0ee0aaeef87c364bc978079e6747bdeb49 envoy/extensions/filters/http/header_to_metadata/v3/header_to_metadata.proto +shake256:f2763b3dee9379614a8049f2f7f071f5c63fd68ae1cb0e760d7b3e7d4612bdbc91142b497f98bb6b339b619fe02fd4f3a7df79ab2f64496f417139328f3e6db8 envoy/extensions/filters/http/health_check/v3/health_check.proto +shake256:e21dabe4f701068b930a6c2586ed13869ab20e7756b0ab88bf4730ac17d0eca7b68083f2fb86a8a15acf96150b78411dd840a35bb2865cceeb2c2840913e3f59 envoy/extensions/filters/http/ip_tagging/v3/ip_tagging.proto +shake256:45c4c0ac25f4b6ca432de42473f54e11620bf8b355c27c242ab40a0d1a215e889c98a4a36c61680b8f3873a9f886317cc905d715dbceb3cf12da2c5a9c8be57f envoy/extensions/filters/http/json_to_metadata/v3/json_to_metadata.proto +shake256:162b093e9cdbd67fa3171e3a4be08c6855ec0d8be95f1c7133d2c3028b7c2a651c069279f45e70f66e840862315f3b7d18c9d6ea14bb51d7c47d1069fdd688fa envoy/extensions/filters/http/jwt_authn/v3/config.proto +shake256:49399294c8f69e4092b27abaf692a23c812c3f687661268a7fdef357633f6092e9b7949537e203c81ddbe3f2d649636fc5baf98a298a4e47f654b8b5e473902f envoy/extensions/filters/http/kill_request/v3/kill_request.proto +shake256:ed857f1b4e4442d64e0b29e45a125ca119be0cf6e7698aaca7f13a73eace4875fad1b5a2cf7a8d7898aa4417acfeefaf642e7f7ecf4ffc0944f9e7f06db6d396 envoy/extensions/filters/http/local_ratelimit/v3/local_rate_limit.proto +shake256:cfe4f1df3d196e1010246c92f410ceeeb402cf42202e60da5d857c2ff0f2db3c7a2d7e419d18ff385caa5c4e3006070326ecc0772c5c85588475bfdeaf4ed369 envoy/extensions/filters/http/lua/v3/lua.proto +shake256:11f45c677f93182f5a7f82fb48ca417bbf204674684d823868a85fc0d1199404604c5b9753b20abed6e87ebe66b6d20a82f9e9deb5f79be528c4c08cb6835674 envoy/extensions/filters/http/oauth2/v3/oauth.proto +shake256:b2b81e43eb2abcb265d8f8eefaa3ed528c6ce42a02874adc5ccabe5ee7a70d4a59de073a20d939910b815abeaf0bbc001c4b97d6c73a3732301589b8c4711980 envoy/extensions/filters/http/on_demand/v3/on_demand.proto +shake256:1d3227dce10e77b73f813d975d24dafd38c5d3ab6a2491a45f3b56a4e8d6412a9b7d687db0e83e300672d7e1bad9998066dbeac43580d6027713e2793cd44e30 envoy/extensions/filters/http/original_src/v3/original_src.proto +shake256:71ee8e2035201dc6dd62cd966006e6135e557dce100b299314117875937adef13ac049d0a2ee07cb29251fcfd79640aadcd709f44f24c7650b4512e0d93174c1 envoy/extensions/filters/http/proto_message_extraction/v3/config.proto +shake256:28bd12f97bccae3aa606022c3f09d1d4acade512e586542287c6e6af79242d005caaa91ff24ae517a498d38a63e34906ac899f286461d4701c824be602b0a24b envoy/extensions/filters/http/rate_limit_quota/v3/rate_limit_quota.proto +shake256:3e1e879b6ddede1c4891287c1d075cc4f34f19e1ea15deee2125a63c00d86985d2857b186c8885dd09b51f0d76d081a5a12b88d096cba8766cb478144a9ba400 envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto +shake256:a7ace270dfc5529d04e093e9a690c647fb843209297a419754d7cd67f55fc632eb5b61e0437f05fce195614b0ad96031462f42785483824907afe39a8afd102a envoy/extensions/filters/http/rbac/v3/rbac.proto +shake256:73351fa032fbddc38e9b649f2680213cceb37c3adeb1e028a1567a4013ea2514b5f96a5fb90b7a82247cd5a779f0ac14f292502a9fc106e5a97dd86b913549c1 envoy/extensions/filters/http/router/v3/router.proto +shake256:d38cb8d1499d4aca120889be75342aa6a764b98840210510553bba03db976148eb33f935fa8d18fdbb6a306bb5fcf39bf01cd143b51a7308566638858ba2c8e3 envoy/extensions/filters/http/set_filter_state/v3/set_filter_state.proto +shake256:2d8d34eb836ad52142372664bc0d5e2c0a3432beb2ac2baf5e5190bedd33b625ec3a4c646d45bcf3612ee34b4d27bd598ccb957701ace8adc2d69002d03e1a8d envoy/extensions/filters/http/set_metadata/v3/set_metadata.proto +shake256:c29c6d22b41d00bd1a0c1ef267637fc69e8e43dcbe035dca36946ca152031f28cc5fb3773ece8c10b5051c9bf41f183abe458845d060c5b154c34265cf5368bf envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto +shake256:b952bd81dd83e9e92746b3115b433f59177125187778bae5ce268e5d74fa54116c38560118b2d3f2d9ac2526ebd34b372d1311728e0b21ce2aec9bf9b4df7069 envoy/extensions/filters/http/tap/v3/tap.proto +shake256:3fece685b44ed055e4973a2c99d778057b4b9afcfda5994363a78c6576d336dd2b3de619bd2ed79b8e075a93e9448962a8d7e1bd053bee8cecb3bad9288c32a3 envoy/extensions/filters/http/thrift_to_metadata/v3/thrift_to_metadata.proto +shake256:62ca580d449d9bfbc44a50576ce74ae2449838aa77333ce29b32dc1157ce4f5ff9bbc5f55e8aa47bee9c0a81bb311656458254570cfac7c5755baf1a54d1199e envoy/extensions/filters/http/upstream_codec/v3/upstream_codec.proto +shake256:7be62eac9f7e39c3ffa0070ae67183e9f795a6da804cfb80fa698e74236fa7f2ecca7eb7643750881ed954e23e47121b4340fa8b834924fe235b3f22001af52e envoy/extensions/filters/http/wasm/v3/wasm.proto +shake256:42754ad153b616a11218efdf3758ef197b6fa86a79b7eb54c2a69dc7a8a7516f277f13d417a2edc1da4335c1bc7ee788ba3d004d94db1ec2fd65d45033a95d8a envoy/extensions/filters/listener/http_inspector/v3/http_inspector.proto +shake256:ff875be86e430acc9cf5417559b1dcbe9908d93fe650a8c2bb8efa1477380310cb4b28e2b99f0123f63ed403e02b86e7d4b54bc6ac4321c1c39d4bb49724c320 envoy/extensions/filters/listener/local_ratelimit/v3/local_ratelimit.proto +shake256:4a6222cdacd18827561373bb4b265bfd8fce19d1d0ba98f8684d4ab00c25df3e828b5ed1b2cbd5613098947f3fe6a6cb4f98a4328a087affc3e5500cae2a8152 envoy/extensions/filters/listener/original_dst/v3/original_dst.proto +shake256:66ba94f4db7b435bf3334fd6f1e9cff5cc57a16f1482473043266888af1de5c3b367cd3597eeeb2f651479fea2131f6dec7bc2060e1a2b2137ac07d5886af19f envoy/extensions/filters/listener/original_src/v3/original_src.proto +shake256:5165f6af65f72345ff5d45ca98162cfaabc6f61bae81b2330182a92b81bb8eb23df7a63af83c211d122801cbbb55aba8d9f3911f29c0e9e1a2ca90091be37d6d envoy/extensions/filters/listener/proxy_protocol/v3/proxy_protocol.proto +shake256:c817423053b83d5707950b82b7dd170727b7731e589a30a73a8b24728bb41dcf4b7f8ecc8896bd58dda9432e25b6f80dbe99ecaeba456ef9e6d26ee2686998cb envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto +shake256:7fb4a9e553e835261f8b5ceadaab651f2c62e087b21ea911fa73f93a7a225280400dae1ed41dc8c12e6e48ae03140ffa5b42703fc4108bb4e8d3c1d46b1c01e9 envoy/extensions/filters/network/connection_limit/v3/connection_limit.proto +shake256:e25fa5bec0ccbb67c93a7490ef54159ef21897f7152d693133098346224b8b3fe3f7384397d2f8fb9c1bbc019ff7af93e107fd157194eae16066f7cee812dcda envoy/extensions/filters/network/direct_response/v3/config.proto +shake256:cc08f1da65cfd2a369dd00ebdcbeaec212436b7447914ea40ae9663db6b0c8d6383a20833d8b1f7c162fa0ef55cb159f578c1d596f51f7da021643628051810a envoy/extensions/filters/network/dubbo_proxy/router/v3/router.proto +shake256:4aa8fbb891c4f33443faab88bfcc469e6c43febd790ae7a42b2344f15da519a254362c1033ad0eaff1fdaf2d2dd23d6ae8ea6e1eb4fd2222b512f248b857be7a envoy/extensions/filters/network/dubbo_proxy/v3/dubbo_proxy.proto +shake256:b5aa593876329390075e36b05896ba1a53f7a6cec718f0dc36fb4d0fbd23426803ed3a035b00082a296e5e0bd54d3b8e321407bf87c2342b48c3941255a942a9 envoy/extensions/filters/network/dubbo_proxy/v3/route.proto +shake256:6bbcfb264094ea05e42dde37d991b735d59286c5aebcf78d1b263379541f1fe2119ea72580aecb53edff47bddaba873e1badc96d73956ae64923e472ffb537c2 envoy/extensions/filters/network/echo/v3/echo.proto +shake256:3064cddb46019f51a271eb488c705ff3749ca535b63b2769f8cb2ca9b76df9cd71b20eba79479a7682e9c5339bf8761c03e801888f64ac305444fb056170f713 envoy/extensions/filters/network/ext_authz/v3/ext_authz.proto +shake256:e457b38d22593438c13d6c7c1e8034c1f26880994e3a0b1f0bbfa70fb8fee2af67095abbeb8d9a2a7a51f6d1b43d4c466f63f22f3ebd1e9b4fca5e403f58637a envoy/extensions/filters/network/generic_proxy/action/v3/action.proto +shake256:5d42e421358f8b855a150c085d481c86fc97d63467e349a09ee370b9ece4ca9f324c1ad82216d347ee09dc21ae461e74af87900df20f5ec7bdc4416179cd62b8 envoy/extensions/filters/network/generic_proxy/codecs/dubbo/v3/dubbo.proto +shake256:a2f773aa218c0be748f502dc38227451ffd316db83b6dc4c25c1c38a880505f1fb54fa880e5185e6cb5df419182d76c9142550145a808a8377e9beced176053b envoy/extensions/filters/network/generic_proxy/codecs/http1/v3/http1.proto +shake256:38c38372911fc508b09d7643f104662c8b756deb2f4074cc7786ac71cbe25afb95040b0f1c5fe0ca0fb3e3c048fc13fd47722a73037d99edb18ed24d7171529b envoy/extensions/filters/network/generic_proxy/matcher/v3/matcher.proto +shake256:990910042d14b791cfc23677df7592313d816696cb7c4c9f5d352286a5882ddfd0be3e93e0226daa3d1473f2863ed503b4e076228b93c31a85c56a0ba98a683c envoy/extensions/filters/network/generic_proxy/router/v3/router.proto +shake256:f28e303b2c8ebf38f22f3248e6e949bbd1eb6d08e6700cbc810d283553a27dbe0b04a8c172554efeb4cfe430fe57c0650337be449f6670e8208aecd407cac5b1 envoy/extensions/filters/network/generic_proxy/v3/generic_proxy.proto +shake256:7084f88ef89e808dff1f0246917ce721896f8467b69e801a0e0b4148fa3f71abc7205b0f9e098dc07dfa635cdbf4b514ab410856d3342febf0e308e979bebbb0 envoy/extensions/filters/network/generic_proxy/v3/route.proto +shake256:c8daed978d22da1c6d9cfa605dabc020dece377ceda612fc6b219731e3eab82fea4a6d97ab9c7d875eec2ffeb37a216a2d4a9d1a289bde799d58600fafb88815 envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +shake256:668f665598f56fc23cf72fb07af2ea9bd19f1f0f4559d83f664cdbc865d066a9f2414579ce72207fc2efe04ab1cd1175d449f6f572f021cd9c60e467b1b7bbda envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.proto +shake256:ed382c5021bdd2dcdead147278a9b343cd78fa4e1e6142a09f0479375edf664c6d40fe69b7bcdcaf4a6ac500e5be27bfb824c402d6934695e605b5540ce6f17a envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.proto +shake256:4275b6a6cf29c0bea83f4af29f74d74061d8138bd5dd3fced6b848dd6925e75123ff26b5caec6a391703a0f72e1688eaae92a48fbab238d78669db1b114b4664 envoy/extensions/filters/network/ratelimit/v3/rate_limit.proto +shake256:aa88a5a272e85552ea9c02d9411ff0a545d9c0a4a0345db2c7c9ffa173ccb554d5c904b8fb177c2fd608c47feebe16457071b0eb1bfa401314d07008da49478e envoy/extensions/filters/network/rbac/v3/rbac.proto +shake256:ebeeefb6c01feff9c967ba253b22cbeb3e9e3a3670b0820352eff3b78a91a3f5ade59870bee96f21fc20e6fb439f8a4e47c9c0d8375b3ed5ac18aea94b2ee337 envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto +shake256:619c70284bae19989a4742feb2c895d0f0e222b9a930ae8742a42420ce6ec0265a3e86213fce4b1b7f5aff76f07623e291eb3d0ac6adc2d3fc68a57ffc8fcab7 envoy/extensions/filters/network/set_filter_state/v3/set_filter_state.proto +shake256:25bd66409ff35d0586bc0044e66f1e1dce1d0468827a918b24e47e7d462eed3111f16422598a7178fad89ce05dcf2d2b6a153c88e56993d3448429e83ecd7070 envoy/extensions/filters/network/sni_cluster/v3/sni_cluster.proto +shake256:e3ea7ba1c2fcc332e031713bde4b92e894ad6d650df9355b1d6cfd29439fe33578be62cba39f88f3c8a8845edeb0fae6a15a7874043b40b4f45e566c639bb19b envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3/sni_dynamic_forward_proxy.proto +shake256:13d28573480c0a3b4318af035def7a2044fd80b1e2976cc9d869d3d91e23eba5a81d0f7aaf7392fd2988a302f55e78feeca582d86a5257ee7c36c350f937f4b8 envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto +shake256:053b0baab6180520c5c2286be33254d0b50ec7c9cc4be9da19f61d59b21025de7de78dad34af65fba8396fcbf45ef35a1db9b7bbc0da489cc723c43b848a9f40 envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3/header_to_metadata.proto +shake256:e0fbef37510c2cb48041d269bdbf648a265a2ab859daac9c0d7c16c9ada91d4f4d07854e9d3af7f3f4ce92f7838625e603afbb92ad7404f98def19eead357875 envoy/extensions/filters/network/thrift_proxy/filters/payload_to_metadata/v3/payload_to_metadata.proto +shake256:c2810280f8595c193b5c9cef0cf1b664046fd568e240e3169f6c5f9d98b223c83e2e7850b7b4ebdb99fe36e7e493bb9d9c500303465f9295e32559175c943d7d envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3/rate_limit.proto +shake256:0c8fceafc6119af0fcea55ccbcd514a77a471f822e4f8cf8ba899eca1392e326aef811bcd03b5989e4cf3832aa0a6ef0928ccda72f5f0becb9308c2b37401d64 envoy/extensions/filters/network/thrift_proxy/router/v3/router.proto +shake256:dd60313c8303ec66220535b1f1089c4c3670f261b5ca1c85eadc9ad1686f7f16e41683ef86c6e1c9d6e33a8b1ef892a03b5652b8ae9ed9631c6e6ff35cdfd211 envoy/extensions/filters/network/thrift_proxy/v3/route.proto +shake256:7ed9f82e986f8b4536bbc8343b7f6a20bb3b1c5f53e55266d00792f55d7a2e08ee9400d9feec448c38ac7abd5a6c4dc80ed20a7f43fa8b242ba6bd1945b56183 envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.proto +shake256:1d16001d635cd983fdd0021dbfdb73f87efb41508b6cb5e637ab343f20f9bac8e0419ab3be7a5865c908c4e8d1317f29fcb6682991a2c76cd523091e875d6f66 envoy/extensions/filters/network/wasm/v3/wasm.proto +shake256:9ba04c15ed1a83409dd6102333eca6f31995c479bce9d0af3584d600599a877e31e6b4aa76ac8b0767384128dcefe302ea6f0836a74dd648ef86b6150d00ffbb envoy/extensions/filters/network/zookeeper_proxy/v3/zookeeper_proxy.proto +shake256:da97414bfcf74c6437aa405054365fa1d89e56778fab0510a672df7847771316083bc00c0cece2ce3ddfe828425bef3b9c19ead7089067ab2e7c9d93e54ead74 envoy/extensions/filters/udp/dns_filter/v3/dns_filter.proto +shake256:ce2cc8854cf066d5af22d29382cf8c48fec21386ea035ef7a6e7b6acecfe9e2e32575c577e2e3905de816cee3e02f9d2baa653e15a4283c9e1783aaaa269ce08 envoy/extensions/filters/udp/udp_proxy/session/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto +shake256:12840ff55337412639f5723ad910c1a12a665f9d1a2b949de3df273d49b3998b79d093fa550d75b87d300b7ec948ace5d9f1dd15fc4f086ab987dd5382ad3602 envoy/extensions/filters/udp/udp_proxy/session/http_capsule/v3/http_capsule.proto +shake256:e5efd7c39a13bd85f51e45e06146e65abbde3d1755fa33b1f04cff6201ececb28c9d18cc9a216db49facda118f4a2a777415e418688c98cdd0d9eae78dfd069a envoy/extensions/filters/udp/udp_proxy/v3/route.proto +shake256:90c9a5e1b2bfe3cf7dccc8cb444c46a99c9214ab0a7b0c78c19f9f9cdb9787c35a1a85547849ae858e97f440352069bbabe91c5efeb9d8643c457a64737ac00c envoy/extensions/filters/udp/udp_proxy/v3/udp_proxy.proto +shake256:303f6ea2d35cc0538af3f2b4082fe397b4870a5bb2898870a473f40069f331e7269dda90c2bc53174290b8c4901e88be730cfb721c44f9ad28491d3355289ae8 envoy/extensions/formatter/cel/v3/cel.proto +shake256:2ac01be68ca46be7840a26f46180503be77211d3cc49818140a97fcee1618ea520c8ebce9d75cd3191750a8e9153ddf79eed91898cecdb1f8ad8935f80e44628 envoy/extensions/formatter/metadata/v3/metadata.proto +shake256:5c603dd92b074e933991ab9e7c1b81023aa6d265f4d75cb3ab1b4761172c11ff942a3c88e8ff6975282f7fbed77f21d33932b96ba6a243ce5b5f3904f381bab1 envoy/extensions/formatter/req_without_query/v3/req_without_query.proto +shake256:cafa9942b9745bbc106133eed115c3ad4eb90a9b06251f9148a0f3df7a0a40623548878b1e5e17c0055de691a4a53000b605a35ae93f74470f502147823a0b0f envoy/extensions/geoip_providers/common/v3/common.proto +shake256:240765336a595779af4820c781b85965a595885a68874409ae18e8c8eda59fc91683804464431e2e0e8540db767fda6eca9541f49e82c4977f8698d69ef744e0 envoy/extensions/geoip_providers/maxmind/v3/maxmind.proto +shake256:4a151f7408451fe2eae927cdc8ec73a2fda8de863151640fed965d0b7330a60578db177089f2e7811a050de2a800c7b62d15047a55d87420f86bd910ce437587 envoy/extensions/health_check/event_sinks/file/v3/file.proto +shake256:c30c9ca82a218163fe2e0899015c9808cd1eb6eff066af79272552e5a3b664e674f6a758cd32a3425387d8e259d568db7458ae9d8f986511cc765472d6774fcd envoy/extensions/health_checkers/redis/v3/redis.proto +shake256:bc7fad5e1d7ce4fef15a7f97c8d6f3e66f6601c90c4c987ee4b14457e84b0af1bc51015a816b5b0077924c2278a3e55df3b3682ed0e75d6988890b70febc8966 envoy/extensions/health_checkers/thrift/v3/thrift.proto +shake256:ff9835c6f498d4d3c8ff151878270548673fc15db88f48aaed4ae4c8c89baa1080e829fe8276d2b014fd83653fe04c52cdd9b2620fe8c88c456942bf0e96588e envoy/extensions/http/cache/file_system_http_cache/v3/file_system_http_cache.proto +shake256:15c5fe0f88d3faf64dd64ae8c4515a10bd20819565f23b202cfbf8e908cd252bb279458607dc0968e021728e44b716e819d802926956f41e91dd1cdc932e783a envoy/extensions/http/cache/simple_http_cache/v3/config.proto +shake256:6f61959660cff32b12feab412ab5763c2ca598c7af8439e3de8ab409eee02d60f7424ae5368588ef48a6215290183bc718e582c18d46f04b3ce8e65d70dfff21 envoy/extensions/http/custom_response/local_response_policy/v3/local_response_policy.proto +shake256:4950afe9d63476b20e8bf7e1f474bfdf4e9f3dcfdffeb2e51cbdb84314bf18774b60751e5c756922e4356b5a7751b0177d09b344fec53b1183749dc96ff03196 envoy/extensions/http/custom_response/redirect_policy/v3/redirect_policy.proto +shake256:7f0e981a037ddd48e37e73f0f9dbe999ca911b4ae917b5ce06123a733bbc220bd5ef3308a7c3d3ebc64604a83c3349c06e12cabfcd64fd1a08c1260a81d1ad2e envoy/extensions/http/early_header_mutation/header_mutation/v3/header_mutation.proto +shake256:a181479f6dc29ac082a54cab8fb709f4bca39c35d1be062d830a211f03df0b549a2d18dc7eb2cdd34e6b4a6388959760a63225f012255b6ca285e6b28dfee5dc envoy/extensions/http/header_formatters/preserve_case/v3/preserve_case.proto +shake256:24c37202746eb6eaa65b1e0c2466a1444a40310a2b20e9f20129d3afab095e9987065145533fd4945b8313ca0f673884ebeea4168deeec448fc102549b50946c envoy/extensions/http/header_validators/envoy_default/v3/header_validator.proto +shake256:6b0e1a6e3cba84621deb339c7c207c24f56ce15807308af33b192dd716622b0975762aec4840310a3f5769a21aea78ad5330cd81515c23ceee3734c0e777871a envoy/extensions/http/injected_credentials/generic/v3/generic.proto +shake256:fc2bd4a42546e31038e731ff4646a016a5b126733c9e7ec565118b2fc4f4821b51699977e13f7ea80e51dfa2df31d5a5808263a2314393bf664e70aeff8bb6b2 envoy/extensions/http/injected_credentials/oauth2/v3/oauth2.proto +shake256:97a7c1a7dbec726161b4b980259f51744f4839253f20752e51c31213c041d8109c85c29cae138e7d575ddc27f1edda599007802ebeaad57583b5f5c45b93a4ec envoy/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto +shake256:9046d084b19926996f65f6a0a6e5486b87942636c4d6b31d04ef246bbf1227c58fbd1d3cf1a7acd212e1686184a46b9e09caa944296928ec551f3d50d1bdf7ab envoy/extensions/http/original_ip_detection/xff/v3/xff.proto +shake256:dc55ecb0f8715e8a44b37595950f7660c38048cc7f8c1ead8f859889b189c8a27b060357d6ca46069aa73566698d6180126288480df5780e1703a1acd71b67ad envoy/extensions/http/stateful_session/cookie/v3/cookie.proto +shake256:d65ef8c09d91ea81c580be40025e8d47304949e771c7703878c9401eb2890424cf3195259c57e36ccbafc723e4f2453d38b5cff55bca01d885dc9919753d6917 envoy/extensions/http/stateful_session/header/v3/header.proto +shake256:f4f40da154b91c5e812b9052ebb2f40e2a2197abcb0da08c06f80421907fe23fa51d2cdacce3c386013dee3e5012c333486f41c7482cfc8746e196b999762fa5 envoy/extensions/internal_redirect/allow_listed_routes/v3/allow_listed_routes_config.proto +shake256:3a0fe2dda37d6ef760596f9ef1217837d0ca6045f0b4e37c2bf79d3c9d3d2462fea787b78107a364b2d5dc20d05c5487b10b53e8b5bdcb95cf01848a07708ed2 envoy/extensions/internal_redirect/previous_routes/v3/previous_routes_config.proto +shake256:9bf7115b738e507c09777b248ae7fcdcffb7908769d316c479b6cc6a526deb0d599e6b9f9c7f64afb2d6b193f54aa1e7e7a846ffa73294386db4c4bf9adb6f12 envoy/extensions/internal_redirect/safe_cross_scheme/v3/safe_cross_scheme_config.proto +shake256:6a007316c0ee2726a32af18a23e61cdf8b129c7ebb01f3cf1e101b0a18c47e78d5f14c2584c84b23e58f6f52468be3b2c4c175bdc7fc2c53e2668afb8b8c5677 envoy/extensions/key_value/file_based/v3/config.proto +shake256:c3f3181ed5c473f13e0904d3ba7592a26c6e700e73172662d47a4bab5631547f61beb79a0d50cbb2888fbf77941421b8877ff1e4b3c68f8ab914abe2b58cda64 envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto +shake256:0116ad69672ab05cfdf0c0d476e470bb880db0a497883377aaad5d1bc443a590f27681c2abd73df2ca19de21d330a7de69c8be19e15e80fec3f257479a9c4a93 envoy/extensions/load_balancing_policies/cluster_provided/v3/cluster_provided.proto +shake256:7765d398beb932f987dcdfb84c9c093a86ff0c3019ae00ce0aed01392d541484dfb096d6677cee5625dfb3fed1ade3ce3fd7e8270023893b6a56da5804ef2bef envoy/extensions/load_balancing_policies/common/v3/common.proto +shake256:25c22487c24a950f4300c5082e57ef5e5a965b863668b8f3dc9263a861f9505c8849013aca73a6fda9112fd19c6451400e3d225d620c315d673bfaea1bfaf168 envoy/extensions/load_balancing_policies/least_request/v3/least_request.proto +shake256:82b636496e8c69961fc462d5cd88bbde2493a146bb59458ae0b28842006ffa025388f9f604a014f145c236c938eecebab3ee64a2d77f83c4497e8009c7e955c2 envoy/extensions/load_balancing_policies/maglev/v3/maglev.proto +shake256:d88e3d6952bc9827ef7e92790c4aa7bcddd81486f4a3162afe6c97e0ed3281b85e94cdecf5c4100d9d07a151ec6c0e0088641dcdf09d2e67d425ffb46907bd2a envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.proto +shake256:14035bc49cef4a7e0d25930d409af20d8f74032a102a88953dc77b620205df625bcadfe69ec9881e73481b3b23bfcfbef1b87247460be38e68d749291af318df envoy/extensions/load_balancing_policies/random/v3/random.proto +shake256:6ef8080f4b9cc3d9766a69e26d789b16d149e6f0754b7f211038e2b657afe4560bcfe34fb2f2e025343c7017062a83642e6f3452c74838788c0b09cf25a7f56c envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.proto +shake256:691efa6e69d36bef31bd84c3002119e91a7ca7efaa60569ab0c18f4e78423f887086eb9db941806511d78bf6061c257c99fcb199b060c9beb7f4b1c5666aa8d3 envoy/extensions/load_balancing_policies/round_robin/v3/round_robin.proto +shake256:fa99fb6373f07bb327f4c8c0f0f8ab64c3a839ba4ad393c7fdb8d05056dda912fee08bf412db38d93348d23371fbc45c6f9d02c454563493a811b3979bdcabe5 envoy/extensions/load_balancing_policies/subset/v3/subset.proto +shake256:d673104b092490db0e84941abe555c9870146903924a4d13ce28c7160cba9d7ad5aa573997ff50ae14e59fa45dada45ce76afb8490792be9e614a8445c55f2af envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto +shake256:1e37d347ef665bbf89aa2437a21c2bdeb64e7a303eb2be072a786af97d4ba1d76063f1f2026e2fd2f3c22e542c4b0c8f319a6899108dfa2d959d5a229c73d656 envoy/extensions/matching/common_inputs/environment_variable/v3/input.proto +shake256:dc915eb998e7b51ba653e5669cb4ddfdf3b0beaae3e7911a8688d8b7b30522120e761a951d967fade0f78afe88d3730a38f53f148178c78ed8e942327f5100c2 envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto +shake256:d227dc732d21538dabc1aebbda1423e1e7edcf9fc3815d7161a5f2451956ce6b7f0874150246a1128d8cd031d59f6f237df8d27624d44495eabce26326aa5f43 envoy/extensions/matching/common_inputs/ssl/v3/ssl_inputs.proto +shake256:c8ad4158166bc5d9552173149b76287d35e0f142457740a971d8d50a1a31ca154c5bac3aa8265d1abdf9cd0223643afa30db998c0e354f26ff66035b0fc617c9 envoy/extensions/matching/input_matchers/consistent_hashing/v3/consistent_hashing.proto +shake256:8f1301b6a4f15025967881d846e1866c0abd637f645202da0137196db618f307bb3be31429d6c841bf642556fbb0a8bf964ed90bb144ef921d062764444677e6 envoy/extensions/matching/input_matchers/ip/v3/ip.proto +shake256:10c52742299d0dc8b6eea424790a9f44c39f28b204d7ad0af6da35fc33d8a3f89154d42d769eb559aa0acc28a9e6fd896d2a6560fd95c91afe234d4e75636915 envoy/extensions/matching/input_matchers/metadata/v3/metadata.proto +shake256:88434c32dad5c61f6898371ff51de383160f36ee292c7b46983de2a4d54a0af20843221b52d8061759fa9b4767a387f4891c3d9aabc1bb4c56faa6d3e7a3345e envoy/extensions/matching/input_matchers/runtime_fraction/v3/runtime_fraction.proto +shake256:84fa5b00e53d153b1958f4cd8ec6ca9702f27208f44b546a259e3935d899d4d7cf80cda04664f71c289b33e3070ff7b37efb5a00170bef7945b3451bffc60330 envoy/extensions/network/dns_resolver/apple/v3/apple_dns_resolver.proto +shake256:51c726cd9b4aa56a62db2e6abd3546cc72958033365ca62c6c69b134d91d658ec04b82d64910f062d70c085f07bac3d93ee567493207ac3c736ec52cbcde847b envoy/extensions/network/dns_resolver/cares/v3/cares_dns_resolver.proto +shake256:b7b1cb7f2dc6a355caf556066add68769d1da26ef2df33b2804b3b59a5628e43ccd66f206fca717cc2a9f5c469f41f4fe24315a9e5a4c90389a48508d2b8d952 envoy/extensions/network/dns_resolver/getaddrinfo/v3/getaddrinfo_dns_resolver.proto +shake256:80433c20cd032ca7f217af05d724078b149c9846fe85274fe5da6d5849fb5d4ab24fe3950847d2ff6ed654dee6b83ef1ba007a04db8e7deae2b336f04fc85925 envoy/extensions/network/socket_interface/v3/default_socket_interface.proto +shake256:feee06cda1e05a53ff064f726ba892b2bdc07c192adcc50052818cb62ba1880cce1a559c352f35dc45eb275e8fd8fdde3602257ce4742d7485de67a77b6485ec envoy/extensions/outlier_detection_monitors/common/v3/error_types.proto +shake256:ef828f1761de1b5bcf19f71e99c4874d4b1e33475fe7ee3aa1c461d202afc3e4ff0ac4e3de52f4ef8c79f700ff481b6af3fa25084856e80a05b9181a9aecb701 envoy/extensions/outlier_detection_monitors/consecutive_errors/v3/consecutive_errors.proto +shake256:b59aa69fbb5a3fd019d0629969b596f1ef33d11c2db37b7167c80d49825c56ba11514538b5b5e18d9305862104bfd2ce2232b462a3632484756a12bdf3287943 envoy/extensions/path/match/uri_template/v3/uri_template_match.proto +shake256:4c14d13dd9e1e782b7a0dc85854642bfb2df4839adc50747cc71fa12c706d05a544208edeed5c5245f3506dfd83004a899d96d8fdf39dfe653382e92e8b6a3cf envoy/extensions/path/rewrite/uri_template/v3/uri_template_rewrite.proto +shake256:f7680ea8269c00d0a1c18ee2f3af1e75f8dd2c000c5e8b943910b9d94929ab55ee5d987f52e72a9de04314d7b1067f32b720b754a90f86de61696b264851498e envoy/extensions/quic/connection_debug_visitor/quic_stats/v3/quic_stats.proto +shake256:1f74c6723791858d9dea2478140f942cd69348c0b3914dc9e8e0fdbeb37ceebdec52d13770018d4ef0b13b65bdf421da6211355bdfde5cfed9b71b4b20532c9a envoy/extensions/quic/connection_debug_visitor/v3/connection_debug_visitor_basic.proto +shake256:b35b11e7deba787adcaa488361dce33d97804b1f276dcaa3c936a50dea030722b9d8707590b3d9e29093061ee67c6eac3ac1d107aa88d58a209d055674198b6a envoy/extensions/quic/connection_id_generator/v3/envoy_deterministic_connection_id_generator.proto +shake256:0d5c109aec1c8a34845c051213323cef13b8acb789a973993caab647c2015addd698e8b7d1df443e81dd966f198cf9029f3ad8e941b1308837d6e317212c2b43 envoy/extensions/quic/crypto_stream/v3/crypto_stream.proto +shake256:b81a6625d0afccd2d290f73787080f319dc2cbac737ff9f655a40d285847b80de77e5b4361d6f5208cb68e439517fccbed20d590e5ce2b47e5276f73a614764e envoy/extensions/quic/proof_source/v3/proof_source.proto +shake256:65be7ddec7f03e73203304f27b2dab6c0adb2f96bcf27859e458d1ee924c4cc13224b7b78b298e07baeedd9bfe26dcdb04c95e93363c32a34ae919edd722c46e envoy/extensions/quic/server_preferred_address/v3/datasource.proto +shake256:78fca01b6ab702853269079f74431a03f7d00738155eec24644ba13cfcd53af8d68aadb5e693066aee2c948847134f1a277d5c56c4425a47dba39294f205f17c envoy/extensions/quic/server_preferred_address/v3/fixed_server_preferred_address_config.proto +shake256:2cb8ebd50ee8f7dbe73b59288a57e8ce66169d0cf29fc0eac26709c6284e36e54582383668fd57d81428187b36b4c2c551b5a4192091ad7d7e8afcae14550e78 envoy/extensions/rate_limit_descriptors/expr/v3/expr.proto +shake256:efefeef95cda09d43c21ea224d984c6164d9eda0b5c74dc3103bb2125bbd19f6296557896636464cb6df3ece2ec78f92554204f6c2e8d269cc3ee78ce8952891 envoy/extensions/rbac/audit_loggers/stream/v3/stream.proto +shake256:12e6aab5a6bb2b487e96b85d1df9a327e4915ee2990d1e5b335a5d02b5b5ab74ef3e5357fb7c01b07cecce676349c9023fdd5fdc3954ff85a32e67232ca01883 envoy/extensions/rbac/matchers/upstream_ip_port/v3/upstream_ip_port_matcher.proto +shake256:ed50a0a24b7ede925b68420c09fcd56b455eff0efa60a01082c77f61835ce52d988901474e3c3003545a1c8c16e6d97629f4d23e543d06041237fa650a8d0f5e envoy/extensions/regex_engines/v3/google_re2.proto +shake256:acedfc0d080637f91af6bd52396281588d2e7216106d9c0fe4db78bb876e85f60e5cb8da19952d04c610e0889f43e14c3074485c4886a7262c3d4cabf2b13435 envoy/extensions/request_id/uuid/v3/uuid.proto +shake256:59fd26ac0bc5bfa6c797da012fff30fca038407fd2578c9ffda81c0ddefcf44672c59f0313f07e135718446174d4e9acfc1f20dc5064a64c33adb0c1262ae4bb envoy/extensions/resource_monitors/cpu_utilization/v3/cpu_utilization.proto +shake256:7f052f002d7e537933393a868929ec03b18b400819f44912c47f99a8fedfcad3dd11b77aeea43550e0ad5615384eb09f31ce8fc3db239543a1b92a6a003aa7d6 envoy/extensions/resource_monitors/downstream_connections/v3/downstream_connections.proto +shake256:12822650ee1addeed10c840b45b21a1578afff4ad262643364a5379a198fcf23dcb812e68cb8be40cea686ad0d4b6e575e1cd439a8ad5a261980f56e4b4f7ee4 envoy/extensions/resource_monitors/fixed_heap/v3/fixed_heap.proto +shake256:a99a18f73f95166d72f4daad65414723da4f3979be982e87e6a0e2e5f3a49dc5b0e49ff4f35c775aa48f3963d1522dfba66b7fddf1e13019b7503920fe7c0d62 envoy/extensions/resource_monitors/injected_resource/v3/injected_resource.proto +shake256:2d3237daa2aabf8c1379f7f16a5d10b87e41171a0eb5566e64b076fffd5725149040bae21fa5ce5fad3a244ac4118d9d90fa9b99219795648b3b39d2d85dacce envoy/extensions/retry/host/omit_canary_hosts/v3/omit_canary_hosts.proto +shake256:fbbab489437bd68a2d6dc6d762674947e94a5cbe005136ab35ac841b1ebc055df5aaf1c93e371cb4ff75dd84e9d5c13e8f581e87a2fc3ce70f84ba444abd4cde envoy/extensions/retry/host/omit_host_metadata/v3/omit_host_metadata_config.proto +shake256:541e01abca6919462a0d0cf1c85380321afbd0ad796915fa5734c13420603761ab956dfb51a4b1f9e3ed0658eb36f8e29f98e909044efc4998b5f0ac3187f895 envoy/extensions/retry/host/previous_hosts/v3/previous_hosts.proto +shake256:03777221093ecc5820256aa74fddbd488cbd21276dfb6f4155c379078d8070b1757464dfd3d657139733272d5f2308140af8fade16a491757156a9c96502d146 envoy/extensions/retry/priority/previous_priorities/v3/previous_priorities_config.proto +shake256:73aafa2c0d0ef67990969355e95643e8194dc84941666c70b9a1aeba1b4be20bbe8091825f496c26ec52f2f1ffd837abc2255b67f7e2a4a59a913beb20898b44 envoy/extensions/router/cluster_specifiers/lua/v3/lua.proto +shake256:baaef5b0dcd805f206a977806ecf55cd8785134085fa515bd3ddb848d3986d502fb8144bb0f6f06a11595c5444ff42da361497a4b70eeb21f1a8e0095b183c3b envoy/extensions/stat_sinks/graphite_statsd/v3/graphite_statsd.proto +shake256:f4ffbd13c1469d72b79196a50468dab6abcec6746b806d7ad07ad727fef7c0c4c043c8b063c30abc8a4c350ee1e0a032cfe188eed994e693b5426b02832046e8 envoy/extensions/stat_sinks/open_telemetry/v3/open_telemetry.proto +shake256:af239d758d000d60037294ba32773a6c102bd1a2de6c685299e94f127f09445a72a9f88821459c921fae1e9f9fe71259a20334fe4e9a96ac98e8efd59c9a5d87 envoy/extensions/stat_sinks/wasm/v3/wasm.proto +shake256:d7f75c34e0b7f8789150ee0eb5b19e71db666175432858ae35a618e1ed1d11c22833a10b0b7dab072dace62c6128b14ba0c1aed987b36594e77a0d78c4fea8e8 envoy/extensions/string_matcher/lua/v3/lua.proto +shake256:2dea78d980bdbcfd314655d85f68cdb80170b1a3a26689033ce3ab8d6b2323ee2f5f9ca431521c888046b1f67fe1b1df7e1b41e72a9525255a892647d03ba47e envoy/extensions/tracers/opentelemetry/resource_detectors/v3/dynatrace_resource_detector.proto +shake256:0b54ea2b09ad005e0f28e296f023999896dd1007d70b19359a8f771f82b222bf2987c8fbf517530c3f45e6a4319efc8aa63af3bad9659194a52854bfa39e7491 envoy/extensions/tracers/opentelemetry/resource_detectors/v3/environment_resource_detector.proto +shake256:5371f5be86060c954b6f8ff11aa8a8c8b2ef94175278fb84547bcfe1bce1496cbff48c324a90b2bc59a57f5d622bcd8be23f907252238be7e3cd391b241ffe18 envoy/extensions/tracers/opentelemetry/resource_detectors/v3/static_config_resource_detector.proto +shake256:d3ab1839e0d23b7027166b6e3c4ed1eb161268611607a79e8a0fe7c3d6ab5f744f66f925ea3390a6031fcd8aeae23c4711e4b5c8bcdc92cd8f4bb8bb8dc89dd2 envoy/extensions/tracers/opentelemetry/samplers/v3/always_on_sampler.proto +shake256:265484879d7ae5d9a0bb600cce1741b0f6d64ae04be75e7ce927c771066a565c54e1d99758ed3f85a04b3d17dd087018ed6fa0c21f46f90c59fb2d1d4c50cc67 envoy/extensions/tracers/opentelemetry/samplers/v3/dynatrace_sampler.proto +shake256:5b0a26f3fef746f0134abbfb12488a75cb6f71f1fe32cb3010571df1c61a0cbd9c60dcd14f7518e5cab37b005ba0bb90a25f0e4c6d1095bcfc75046023720725 envoy/extensions/transport_sockets/alts/v3/alts.proto +shake256:c89926efa58f9b00f2eef628d75352686701d1e12b269de0ffba93f7649233152a576759931350ba542d7ab374ddb4a982e8a248be9bb2297ae096cf86149293 envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto +shake256:6acc101dff2f6d9dfd42d93835b7eaab9d899ce27194865d6daa1c171d12bbb277784d478d2f2810f1bba0cf84341f59c7271bf3435d6583d9b6ab8b074123fb envoy/extensions/transport_sockets/internal_upstream/v3/internal_upstream.proto +shake256:432449b6de25f852f1c6d8ebb4df1376dfa0042cfa816a7906cafa4739032b3f66f887a2d85fbc00c2e6fd948515acb3732d7be761bf2e9af2d1739dde866b91 envoy/extensions/transport_sockets/proxy_protocol/v3/upstream_proxy_protocol.proto +shake256:ebf23934294ebd7ef3232d9e181e5aad268449fcf56a4d6e28392d793102e35cb0b4edaa9e122478c8140f53c56fc57c8ec3d10bfbc0dbd3b1e799bbedd51755 envoy/extensions/transport_sockets/quic/v3/quic_transport.proto +shake256:142e115afeaa6a4f0579552383c702b436bd640e359d05ad2617da6bad6044951b3d6ba0e9474fe34c2ac1e8d8468c0eb6417c4dcbef4317d24a694f65585af3 envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto +shake256:655ebe077789126227c45261078f8d64dd0d989295108efcbc136d2b59a717c6b2a486289156584173a79a7d90cf9429b8d43154cb534cb1aa671eb6a3abda22 envoy/extensions/transport_sockets/s2a/v3/s2a.proto +shake256:b65431721a1a46acfdd0a792ff8b87e2aa557a27cc2e8db151f97d02da20a70f02cdc21ebf72656e165931fcdac08deb6e3075d4431fc4bba160d3a8455776d3 envoy/extensions/transport_sockets/starttls/v3/starttls.proto +shake256:696c723c7b4de1b78ad2c782472b221b35c9f8e8eb049c8f3a0c94cdf303b931872094d2670f9769a0e957cab0f0cdf91c2c52ba5fad9d19978aa6c90c6927a0 envoy/extensions/transport_sockets/tap/v3/tap.proto +shake256:2db6ce813ff15044dcf88785d43e388e2bb26d59cf4015c0630a6cad9a2439e82f8bd8c2b254c420745604abadf2da52ff4da9bb3c6dff6fd6431eb6417a88f3 envoy/extensions/transport_sockets/tcp_stats/v3/tcp_stats.proto +shake256:70c3f79a8f5ada5334027f2ea99ebeee20e3dd431ef94d82eb096355a8aee3784a309eb588ce1f474844ba17fc17b0220fa2470b69908245d6b2ea3aef26c22a envoy/extensions/transport_sockets/tls/v3/cert.proto +shake256:c532345a4b2414764b040b34e5a2e9d71f496fdd34ca36725f4cae2d461cebe13c64c22c958f310b678440f349f8e34d468241d5f321d5a8b1358f755ab3f749 envoy/extensions/transport_sockets/tls/v3/common.proto +shake256:0ac526bf4a85e18f5af1bd57c30514eae96b67ea8b8dec8835fc2e26a71486d249e5ac56e01de1ae9de7938ec03f04a1372ca388ef27f93d45eae761d5728fbc envoy/extensions/transport_sockets/tls/v3/secret.proto +shake256:0711d88a9129014e77db8a918e6b1ff5fd7dd6f1e2e19cce9573ea29c253d700594809a424beebdb28ce10898b9c1db5ae88c05ae4b0cd139821dd502e6f68f2 envoy/extensions/transport_sockets/tls/v3/tls.proto +shake256:66e078eb6b79b47fe768856264ce06af5f672ca2d5f642f9effe0635fc1ebd29c74bdfc051b90789408a0d76834104cb9b4af3eb0205d3244ae67c9902a305b8 envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.proto +shake256:5ed9430060ee0140165e8bb75940bc40dd565350df5c01e0f3e154b708e4d39ebd525fd439a64da2b8656d438a39da89fa5250b721b90f4a84ea1f682b33ce35 envoy/extensions/udp_packet_writer/v3/udp_default_writer_factory.proto +shake256:628eef9f3842581bfef3c63dcb967478ecbf486c3da4491eefa31814f8fcd4d782b9f5fe81454015dfb2762d447fa6561a05622a59d52d34b75591413fea6321 envoy/extensions/udp_packet_writer/v3/udp_gso_batch_writer_factory.proto +shake256:79f80278f4f4e33eb6864b817786b5305cc6ae0da122f53e426e567cea75b910af45ab9cb858c81a91553386afe0ba5f2b0bbd4d17f855b3cd219a0b08d1b4f4 envoy/extensions/upstreams/http/generic/v3/generic_connection_pool.proto +shake256:1bc3d5c62725d72b2b5959f92e15634cc579ed8e136a92532150f83c2481dd0e9f251fad8f969390d298a39b3d05cd33754c8ce9cd994a321a7da9a0e5e6adf5 envoy/extensions/upstreams/http/http/v3/http_connection_pool.proto +shake256:102e997c91c76da612869b2a666ffe2e554593d6c3bdd63a5bbc9ac70d1a0064346c9415fa2f74368db77b4c3be872636c2917899d9dd951d959ae52ae15176b envoy/extensions/upstreams/http/tcp/v3/tcp_connection_pool.proto +shake256:d56f95c23b4fd61618df5dccf70e260f07194b05638161cbfe7b1636aff5114d7e90b49660b32891f570dae71fd2484ac392716197e2dea6318c2f3ccb5ee951 envoy/extensions/upstreams/http/udp/v3/udp_connection_pool.proto +shake256:3a755e6e344299bc4e109ea9340aea4a2eab999ebb4c8c09ce5934e03412a39f5f81b5da6f35971726ec1d9dd3f39f64d1b3a259133add567bda1b01f43adc9e envoy/extensions/upstreams/http/v3/http_protocol_options.proto +shake256:622d6f175b2b12659fad78cd611c5393c3866f584985ff06c29e1ab8a4a4628ead7c2db69a6380c7debf88bae406747b39780d23afc07aa17e7687ad45761a20 envoy/extensions/upstreams/tcp/generic/v3/generic_connection_pool.proto +shake256:96f4fcb2c56df1b0b0ac3414449baf6774e2aa8969255016a23513e170fec1536a30b6b4739f314403d7d61f6d6c3c78a5751e3fe112a4f946d5b8e065bea1de envoy/extensions/upstreams/tcp/v3/tcp_protocol_options.proto +shake256:6f596e69c9a1af917e12680f6e43c941f9e4a254ee86d30da4127b4aa01d9bb1f08d270c0ff8ddb63099c972d37cfac32cbf729633e4454d6a5c2dd28c2c7d81 envoy/extensions/wasm/v3/wasm.proto +shake256:762e5a35ffa359e351715abcb4d10973dc3eb542f39faf50fb2fd1a69d747413e88c992e218bba253a5a57745a384e923a24bda721056db31c0b2a310f80ba44 envoy/extensions/watchdog/profile_action/v3/profile_action.proto +shake256:4996109c5c6ad7c4df245ff378f41569c9323f6691c2f02bf26e6ded7b6059aed8b5214deb18008cf4fdcc9dd12499f170c570d0381ffc656e6119bfdcbd7205 envoy/service/accesslog/v2/als.proto +shake256:f4a29b2899acf38dc693efa125c0434c56847ea1569b056df833528e5a0603b3f6a62df53b9cf40ec9aa06e30b4cef0688764d468a6eb8da3680e99897106a68 envoy/service/accesslog/v3/als.proto +shake256:45bde801a880b9a8543e3342c1a32930c138f4d2eb2d8b5816388a534f4476a04dcdc656985e292f1c953e9ad195094059c4893c2f01d793bd00204cae4d3f64 envoy/service/auth/v2/attribute_context.proto +shake256:08a77da191422df68e2e2c432f597478b353b8d04455b618922e642f5938513fea27ec1950aa52acd3333b9d7d82be1035e3c0a253e5b97648cff309bcc8deef envoy/service/auth/v2/external_auth.proto +shake256:4eb4d2e4dd59617cf8ed6ba4d58661099422e8ede70006d905916dd5c60c660380fe977aa61f16361fe6d733c485c853c228dd5483dc4fd40ba7961e7319db8b envoy/service/auth/v2alpha/external_auth.proto +shake256:7e1e2c5a759abc47e7d1c6353f94bb3db26067efb80f581626d096e8be3eaf5f317a75ecfd3406a3751b59050d99eb6c9a3fe6142877eaf2338641744bcf5c03 envoy/service/auth/v3/attribute_context.proto +shake256:60bf140ff9f0e440bb27912913de0472c27f1a5781b41f2bb7acf944a869d5136da2bc42c0aa81f639be2b7fc21df20698c5e2daa5d584e6e1519d16d6fa788e envoy/service/auth/v3/external_auth.proto +shake256:2217dc6bf6933bed2e621b0a8a1f9a3ed3b77239591020eda87b0f592c3c00dbe299988b262029e022705549c0621b17dac6f1d320ff3a5dfc5aa07fcdea0e61 envoy/service/cluster/v3/cds.proto +shake256:c1370a13fe2e5e6b894233bb6432a0b8af8ddf1cf1078de0c750484b3055a78f7974a39fd6f1493d7ed485bcb0261715fa1be067c25f43e4f9469f48df8000da envoy/service/discovery/v2/ads.proto +shake256:ee52e1e4dacec7ff8d1a05136a89bdf7475eb1e6efaeb773f6e608a5f7d00379a3d4211d22a8ea82750a6eb36c8034522da5ab99007cef8c989d58a551717de1 envoy/service/discovery/v2/hds.proto +shake256:0318c755e701e782a34e6faa9e63ff5df3c75f4b8c7b78ed0648e1cd5fc815de826d24b1e9cf3908432c2023d3e6e2d7a3018ab2042be851fbfc1f81a82fc72d envoy/service/discovery/v2/rtds.proto +shake256:9d4cd9fdba3a202916bf6cff81d6eb2529974dc817135aaa900e859e678f9420b78821e80e6891bbde807a71bff8b5b7ceb4b3e31fb01a098d0ef252ec4d0832 envoy/service/discovery/v2/sds.proto +shake256:732ae86f43a83be70c45a2938b8d66e20bfc1abdab938a8705ad971039eaf5931dc9414c4e7299acf00c948e45afa5b1f16b70cffd4ce3e33775a88985a3ca97 envoy/service/discovery/v3/ads.proto +shake256:1dc0ed3175669fbe7e372cb788cf08b7bd223d1c41f84006c55252f24c7d97717692fcd2bba39c6073db9ea03761a7f2926b41cd7b58edfdb6ed1054777c5325 envoy/service/discovery/v3/discovery.proto +shake256:e8a56f89e6931dfa885cfd8de54dc6f92ae0164e007d0e5f366dcc25705008c5e263f636be831687f270d531ae698f7350b91623f9a647a242e49cf6b15931fa envoy/service/endpoint/v3/eds.proto +shake256:416d8c86026458e77fe8ae3845a769f59e3845ef062b5dbe6288745598223e2a450d28cebbc3cd8c6bd07f9838dc836ae7a2193a5c4ba81b14b1ff7c66daa10c envoy/service/endpoint/v3/leds.proto +shake256:b5bf9e082c4ec76d09d874ea26f0f2f70c77bf64caf46de1f9533dc61155ad06da023d650ab6f030c67da25f10488b47caeea7ff20efbc574ab3ff749f7e15c7 envoy/service/event_reporting/v2alpha/event_reporting_service.proto +shake256:357a584bbb25276c4dc0262c69fdd6f44fd6eeb08d50a2c4f8cb1b9f2a16b10385df785ca42ae0ca173bf38aefe80b14572ebf939b97d46ee84688218e1ba920 envoy/service/event_reporting/v3/event_reporting_service.proto +shake256:273468a90f7dcbc52642fbfc349d82c95b632f8e2a826803410ab1339941c30db7cbbbeead904fc6023365da6c465951f454b9d5d0efbf4154b454d527d39d20 envoy/service/ext_proc/v3/external_processor.proto +shake256:5839ad3dc4a42023ad466b1616339c6ca69d7432159eb516f70c4815f5aca99ea3ea11fcaa5c4f6f4f1bba49a4d8beea98263d92bbc78591a07de7b2887e23fd envoy/service/extension/v3/config_discovery.proto +shake256:8dc8e6bba48aa83023d8af0412d52cebd600eab03b0561a5c1c26b0ee561058eb3e11edf4ece580c2c5b8360a28264dc47c3a9e496701f2c796515dce5ed80fb envoy/service/health/v3/hds.proto +shake256:b30e1a9c40bddf8c84bbeeba1c23d3a391a440e0900b1fc589032b29601f055913c7ccacca2e200c1e4db6cb1131d29bf36161e1dd2e54210a9285adce491076 envoy/service/listener/v3/lds.proto +shake256:e6295415f5e5c97db3d7a76bf1ff2fbadc3d0bbb9dc89560869e243b497c84c21b8b811984d03e2f05fde18c0be89b84f3c4961e1623eda41be9e0cc582eff27 envoy/service/load_stats/v2/lrs.proto +shake256:699477da8f3f972de622c6a2945200c249456c1544c0b5890be78007e6b2549e2e7cdea581b0b1648fa45ad472eae3ab70461eb9f05ea069127b8e0d18d4d531 envoy/service/load_stats/v3/lrs.proto +shake256:b449e325335c4a27aaffffee78cd8efd0dc7f341590c6960ca3fc0820cd6c16cd43f600f602b4e505c0bef8ff96397b80fe3483315cb7ab0e8715c7a09f04e3f envoy/service/metrics/v2/metrics_service.proto +shake256:91f3b9e83028d2470ea9cdd586cc834f7e849b3ce3c1deac251fcbcbb7d1384e671a094596c6782563a3a3d2745da8e4a2aab0be31f980968a9a7a7208a8b9b2 envoy/service/metrics/v3/metrics_service.proto +shake256:4134d14b8efd20d58f826e9849d6e53b2d3ac7242560d367b7abc6d2a7ee155135e112da7a9bd738e5ebb22180c4bdbad8071c9c9574e945897bf6a608c7260d envoy/service/rate_limit_quota/v3/rlqs.proto +shake256:d2ae1ae11068ba99047618b4f3355c6c63b0cadb7f2b92b62ecaa418d6012a7bd2590ffd8ac4f1d30b9586b3eec6d14a8dacf67d7f4edf7f3946eb606609f962 envoy/service/ratelimit/v2/rls.proto +shake256:9641a91435e6e6b8c64e8e68adb42c0ce592170cc68972d4724169361766892b4d2a00b16e4dc9a2863d7b4d05ff1ebd27e820622355d2de4f5d09b7d71983ef envoy/service/ratelimit/v3/rls.proto +shake256:216d9b8b599926c745c66f9213c7158da4d4578f3a014d92900ba387032b086041bf6ecb1335a93d113fa08c10fc5d7f0601f5d13977d11e718820a5f9e30d15 envoy/service/redis_auth/v3/redis_external_auth.proto +shake256:d8c032e24b649e9bcd34a34c1aa7a3301636cac0d28ba8f2f66bf913f4020518c7147c5258ae7456b2c2a9098238e7d348682e510eec4b22b89ef0a6083b97ee envoy/service/route/v3/rds.proto +shake256:851029f814d9f06c8ddce15d14758f3b6bd3a12fc22f94abddb181a557e345053c6d99cef3f5fe00629e1c9880c606a677b3e146a0bc416e771eb63a32928c30 envoy/service/route/v3/srds.proto +shake256:bc3b113db998b71b675b735aacef60a5a44c4e5b4ae806c3451609adaa29d1abde505591df5e59afa71256aaadd47954750fc8d52b23dfb1a77b14a979e3195c envoy/service/runtime/v3/rtds.proto +shake256:224273be92cff332779fbc3c4cc05e9d896f07f7399755eaef09d4393c823c1417db21551aba27d8d638e9d2c5b2faa0ec7be818a80f669bf0bb3f2c050f3bf5 envoy/service/secret/v3/sds.proto +shake256:2e52093226a25dcfa49f732d9eb94d4e0cf45ea33ffaba69d33e237e1b3b57a1c09125dfe84aea26cf027949c665e65a1e0c3816a0f7632bfc1a27e60164afa1 envoy/service/status/v2/csds.proto +shake256:ac4a57cb2f25fbfce2a8daef2546317e33d09d8162447b82d56491df84b4847880ea6fa7048a0d82380191fced4f1caa1490773c8584aac1251b274429a8335b envoy/service/status/v3/csds.proto +shake256:8c3cdd75a9d29c3cab6409ef44c6560d04b701a5fbb750110a3c690cceed6579eebfa31ba1d3c24220fd30311fc3b1fc71382fd75b87617289584cb89614a8af envoy/service/tap/v2alpha/common.proto +shake256:9238348d1c026eaae1bbcb2eaf891214f11caa40506ac196f09635cef0d600b3fff85c7940f470bdfd0c77ede8b043bd595ef40fb49ef1d570d09b974ae3aee8 envoy/service/tap/v2alpha/tap.proto +shake256:7b68954434433606940c6fa3e32b470dfd6bd645d00e45d70292b0590be710452082946dd19eeaed41fe1a01395c093b0b2c5d5b4b5d25d8ed3d758b854dc629 envoy/service/tap/v3/tap.proto +shake256:690a4716c9c4c5360fc02c82ae8293203c13be4e1134f4d0cc335d6a5da7215b3c0d5448c04926e3e06a790c0a4d012054fff23ac609209e9c1cc3c2a32319ec envoy/type/hash_policy.proto +shake256:d19e024e24adeec5f0b76401119a091029122e4ac3f8a3294b47dca1ec8f8f65ae752c85d68375097421fdd0a5d5cb795603e2d721c5be802b8425f2ffae6755 envoy/type/http.proto +shake256:b049259fb5d9324970b206ad9a06a77d93c4811373764605448c8788bdeff820f2e962d5e47aef75843f703ad991e44784775553778d01c1b59641914a1dbcf2 envoy/type/http/v3/cookie.proto +shake256:0ae546ed47fc0e7f7067fe017de48efd5de4d88d4aa1fa4df6b9eaa51531830675076ff50f13011b4e5d1244aefaa3475e4102f25c9c07fe5fd4f93cdc1e9f92 envoy/type/http/v3/path_transformation.proto +shake256:9809a923db1af1a7ddc5ce050f7cdb9161e42b486765f9dc4c278ca55245897e524ece578d9200cbc16e5dc558b6e62ae0ad9bbbb28f0256444977007d125bf6 envoy/type/http_status.proto +shake256:c72973b0f8238dcde807395ef1b3722004a0fdd34c3e08118914285246babaa837ab4e1614f9a1cbeb93d3d8942f316bc870fc9d40afd1df9f4e08362694a784 envoy/type/matcher/metadata.proto +shake256:4a704a75f9c4816bfa4ab17ae4e9672b1b7e2e5a89177d4413ec3c13296e02918fc511aea1ca3e67bd4927691065b038392f5f6370780b78bb0b3c4fdc77e4b4 envoy/type/matcher/node.proto +shake256:0f00d2d7c167ff88b003036b0cc735fa7d839ab1a914fa03e38f9e67f8fc010fc50b7e743322141d3932169ed51fea1481af7bf5494ba47bb8793d932fba51d0 envoy/type/matcher/number.proto +shake256:4b05ff8e5ecf96d4a5fe628207d9ebf496207b03bdf7a4ca919821744ca76c715799b5f9bfad2caa1dce7d9d1941cc89fa84272603bf7081200f4ba059a7cdba envoy/type/matcher/path.proto +shake256:f64d77676fe9afb578981a25087575bd5473a0339bf128c008b266f89eeafe4615208e0ff2f3b82f9a3a77152c7f8ce49adf14fddd1c52e67362b44a3ab464cd envoy/type/matcher/regex.proto +shake256:cbd2eeb817c033f1083f650aa40e899eccbd5fb928901b2b7d00090a3255adfd14ee71f696ee01cd5db9ea298c9dd1a080ec578d94cdfaa0326b0cc014bcba63 envoy/type/matcher/string.proto +shake256:839ad15eb02acdb2dae9af33fa54e09d1681db3309c2cc28a5a83ab7490f8881d34487caa3e13c1cb2a10749f5f8d7c3c0ae43a69c2c1a9e6c11e0f91ef0834c envoy/type/matcher/struct.proto +shake256:b8aeb0435ab80c4f331ede8ee6367cf5eb25df2219c291e177b1be3dae38269671d7d2c2855e045c88058f0e973fdd447875a154228148abb5f00e94f4c47281 envoy/type/matcher/v3/address.proto +shake256:368384c1f18c40e250a3c223bad867c16c2171e4f3e81dc0e64f95ab0ac8ffa138e3615f975ff473c19ac9cc1de304ce6de23935424d7246b15449a70c8a1f55 envoy/type/matcher/v3/filter_state.proto +shake256:5f019ed81965c01108460610edac0725a6870e0fb85ffd2a1f64af152acb81e1333c24ae15f1c4aef42584271bac8bc6b70e1101ecbcaea42bce4661ed61604f envoy/type/matcher/v3/http_inputs.proto +shake256:e5d9fbd95100264e02a882a0f33a84cdeb1d26ee421a656a589640a7df21db222d515f6f34a622938997654294bfbdbe3019b28597146d6419cc1b0680fcf135 envoy/type/matcher/v3/metadata.proto +shake256:80fa673ba90f13a4986f6e6119784a9c59c841826227c38ed3ff837bd8213e9cb9a831a890f524b01f180664bbc8318ba8ecc52f7ef10fef2e5c55024681fca0 envoy/type/matcher/v3/node.proto +shake256:5cdefb24c00ba89be1cfd0ff3f0d1e191b0679d13a1dbaef9fcf16075c0d8d5e4f29ee460c29514b12074b53343198695873edacd165261d7ccccd4a4f590acb envoy/type/matcher/v3/number.proto +shake256:6332bfd31883dd3f0adb9cf32312f33ed4405ad8c371f60d6c325b8c7ca490760c0900c78c141b38b46d042b8155f141cefad9a6b3575f8a218ac653b8c4158a envoy/type/matcher/v3/path.proto +shake256:e34e7701305faf83076adebc1d9369573633e627a0e88a9c53fea1ab24a0e2dd400fd6772d75babdcac0174f54562e006792d65bf9c36565453b229ef02e0ad5 envoy/type/matcher/v3/regex.proto +shake256:262bde80e71fe6a168dd1b6a9ee1d1b27d3bbfe0e9e1e91129921cc0732f28380f5bb1cb18c041c29d57c93848b8c2ce35a16b0d4428d4df4e044c0fd6624bf0 envoy/type/matcher/v3/status_code_input.proto +shake256:e46ffbe7bcd767a08940e50a3a4f6ad348c695e01cb7539127f98e74610001a877d9c82e091099703316adaa2fd703d0d6d5715096f05ad7e81dd03247e60a6d envoy/type/matcher/v3/string.proto +shake256:0f38a58bd6eeba1aa88f3a5abdac8668f2540c620fcff2170763d93a5f764ef6694c0630c311d919fd8bc89735a5effcf50ac43fa77b2073392eaa206dcf501a envoy/type/matcher/v3/struct.proto +shake256:914b167bc0d15d4a96649c05ac568368e28cbe04d346a46526a07ef17f5b14944149c389a0a03a2a2b05de151940b8b459b7811cafa35d525a94a02d12a22618 envoy/type/matcher/v3/value.proto +shake256:a8dce06687fff254822d8665c7e5ac5633646822f786dca35d9dbe625a3fc3cf0d688220893dad91774493e1eb16226741fdbfd9e650b378742908324c4cf41b envoy/type/matcher/value.proto +shake256:c61a778022e769b7b86a6f2cf3311fa799234b4b8e8ca8645031605c6c6879b72dfef9928703ec02fdd24618b3afe1adcd0524d60af763d35dfb0c81c7c08c4b envoy/type/metadata/v2/metadata.proto +shake256:4584f068641a2ff7b407f48db0e8b408072e939b45a62283bf40f2c9070e05cd306a7440ce0ba91b520ce13c8dca1ac0b5485f789ae1f501b140b02eb40bf5cc envoy/type/metadata/v3/metadata.proto +shake256:ddfe76d43d5adbe5f2cbab06d966d142799b6cda620586672398c31f0ce34c0573112c6c55d9bc01e71782626d3808ad13f7c9ec79b00b430e3c77b788903156 envoy/type/percent.proto +shake256:17b206d1bff0fd1139d6be415b51e54947515ebbaf3ef6cefbe3849d2038eada9ff6bf7b1297066f624711966a9637ff3e78086274a5209f9d053c4ed7e04a6b envoy/type/range.proto +shake256:161720c94d007dfc3bd529c5a702119b85ba308622708caa6f942415e70c5df4615d58692574fcc217f07c11556c64982d94408ca3a1f78659dccbb96f31e8ff envoy/type/semantic_version.proto +shake256:b135fdd513959ff7a4e66d9935e9cb29f5ddeb4fca8e2e342fcf382c6f8e850126491d37a6ef8e234713490e4e95e8ed8d043399fce783d0398652f3c8af0667 envoy/type/token_bucket.proto +shake256:d201238906946214da41f85403023182139eb36c964414993bb659243aded648f4988b0a16875a6ee6e1e0bb1211a2c86a85b416cad62d4d00417a69fcca5d85 envoy/type/tracing/v2/custom_tag.proto +shake256:3f94e4dff884970471a386922110c7a611caf0c07dc38f6e3cd84209bdaf289951530a79b3864f7939cf335dd57a2e7896682479decce7921fc2bdac3b5d35d3 envoy/type/tracing/v3/custom_tag.proto +shake256:884e6803443363459542a1df859f5172ebdf5cae23fba2b2695a471af539c472d410bae54566813d865f05e079978a26c3406e174bc4076aed578ee6b690f5a1 envoy/type/v3/hash_policy.proto +shake256:406e55d1c3c28926cdcec7950f4e1ddac8f71fe9524f26df66e5f04e865b7fe37ec881c2c2ea96ee5928856a4f07ffc8b05e95a9987b99edc58ca8bf01668c04 envoy/type/v3/http.proto +shake256:d202ec6e99b45a8e9a5671718b070c368e6a5067194ab1c73da32705d28d45802db75994b6e5fb938b9bf4bd2eff59d52dddc8797e085ee99ca6a8d6db475de8 envoy/type/v3/http_status.proto +shake256:93083c00b1962447c795b3c85e8f291fb8fe80688209e48f07f1924b717fed0f76daac681f35b9da6f8719e77156feaf858694e8181df4174e450b46d499a478 envoy/type/v3/percent.proto +shake256:2a803a46ac7d02d32b5208db241509bda30e370014f07f211863e6086ac7ff1ae0cb1966cd60a32ca0cfed5aa2f35415cf676ea8c4120e0fd6fec7ad5dda2bfa envoy/type/v3/range.proto +shake256:e6fddcc8548f308a8bbc564bf1e302e640c95e2c1089a91891eac9711084b3d6b0d69341d9d9bbf7b49f485768df4b6454fb8778d3a76b7a732e0107b2e2b1b6 envoy/type/v3/ratelimit_strategy.proto +shake256:927bc95f9752bc98d44dac7bd56fc63f2e8fd8d8d4416704c396f5b4480c2f5d07ecb0b431050d0f9dc76af34d05731c18a28e62853a4787a9f0e95ca94891a2 envoy/type/v3/ratelimit_unit.proto +shake256:e802325fe5d940c76aab0881202db793985b6b26cbbe58d478363f1145a0c68b400754bd7b96d589d6a441a8f4a8eef8edb2409a202b0ee288818f0db3bcb726 envoy/type/v3/semantic_version.proto +shake256:cdd6fe9a656c7bde8194e9107f48f520b6f73ad7bc8a01b61df2fc56a9a79a09338503cbbcf457e0a9ec23b069851eb6deac656ba2ef31ef19bcc0b5b7fdb69d envoy/type/v3/token_bucket.proto +shake256:b85a6a8a18ed14fd96fa1d81be0f8d40a5f1a873f7dee40f037c004f5d77b5930dbbb9058bceee6ea5a1679cbec098795d13a261aa13afaf4d7e6b29fd7d19fb envoy/watchdog/v3/abort_action.proto diff --git a/modules/sync/envoyproxy/envoy/cas/11f45c677f93182f5a7f82fb48ca417bbf204674684d823868a85fc0d1199404604c5b9753b20abed6e87ebe66b6d20a82f9e9deb5f79be528c4c08cb6835674 b/modules/sync/envoyproxy/envoy/cas/11f45c677f93182f5a7f82fb48ca417bbf204674684d823868a85fc0d1199404604c5b9753b20abed6e87ebe66b6d20a82f9e9deb5f79be528c4c08cb6835674 new file mode 100644 index 00000000..09ade87f --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/11f45c677f93182f5a7f82fb48ca417bbf204674684d823868a85fc0d1199404604c5b9753b20abed6e87ebe66b6d20a82f9e9deb5f79be528c4c08cb6835674 @@ -0,0 +1,195 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.oauth2.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/http_uri.proto"; +import "envoy/config/route/v3/route_components.proto"; +import "envoy/extensions/transport_sockets/tls/v3/secret.proto"; +import "envoy/type/matcher/v3/path.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.oauth2.v3"; +option java_outer_classname = "OauthProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/oauth2/v3;oauth2v3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: OAuth] +// OAuth :ref:`configuration overview `. +// [#extension: envoy.filters.http.oauth2] +// + +// [#next-free-field: 6] +message OAuth2Credentials { + // [#next-free-field: 7] + message CookieNames { + // Cookie name to hold OAuth bearer token value. When the authentication server validates the + // client and returns an authorization token back to the OAuth filter, no matter what format + // that token is, if :ref:`forward_bearer_token ` + // is set to true the filter will send over the bearer token as a cookie with this name to the + // upstream. Defaults to ``BearerToken``. + string bearer_token = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + + // Cookie name to hold OAuth HMAC value. Defaults to ``OauthHMAC``. + string oauth_hmac = 2 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + + // Cookie name to hold OAuth expiry value. Defaults to ``OauthExpires``. + string oauth_expires = 3 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + + // Cookie name to hold the id token. Defaults to ``IdToken``. + string id_token = 4 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + + // Cookie name to hold the refresh token. Defaults to ``RefreshToken``. + string refresh_token = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + + // Cookie name to hold the nonce value. Defaults to ``OauthNonce``. + string oauth_nonce = 6 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + } + + // The client_id to be used in the authorize calls. This value will be URL encoded when sent to the OAuth server. + string client_id = 1 [(validate.rules).string = {min_len: 1}]; + + // The secret used to retrieve the access token. This value will be URL encoded when sent to the OAuth server. + transport_sockets.tls.v3.SdsSecretConfig token_secret = 2 + [(validate.rules).message = {required: true}]; + + // Configures how the secret token should be created. + oneof token_formation { + option (validate.required) = true; + + // If present, the secret token will be a HMAC using the provided secret. + transport_sockets.tls.v3.SdsSecretConfig hmac_secret = 3 + [(validate.rules).message = {required: true}]; + } + + // The cookie names used in OAuth filters flow. + CookieNames cookie_names = 4; + + // The domain to set the cookie on. If not set, the cookie will default to the host of the request, not including the subdomains. + // This is useful when token cookies need to be shared across multiple subdomains. + string cookie_domain = 5; +} + +// OAuth config +// +// [#next-free-field: 21] +message OAuth2Config { + enum AuthType { + // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body. + // This type should only be used when Auth server does not support Basic authentication. + URL_ENCODED_BODY = 0; + + // The ``client_id`` and ``client_secret`` will be sent using HTTP Basic authentication scheme. + BASIC_AUTH = 1; + } + + // Endpoint on the authorization server to retrieve the access token from. + config.core.v3.HttpUri token_endpoint = 1; + + // Specifies the retry policy for requests to the OAuth server. If not specified, then no retries will be performed. + config.core.v3.RetryPolicy retry_policy = 18; + + // The endpoint redirect to for authorization in response to unauthorized requests. + string authorization_endpoint = 2 [(validate.rules).string = {min_len: 1}]; + + // Credentials used for OAuth. + OAuth2Credentials credentials = 3 [(validate.rules).message = {required: true}]; + + // The redirect URI passed to the authorization endpoint. Supports header formatting + // tokens. For more information, including details on header value syntax, see the + // documentation on :ref:`custom request headers `. + // + // This URI should not contain any query parameters. + string redirect_uri = 4 [(validate.rules).string = {min_len: 1}]; + + // Matching criteria used to determine whether a path appears to be the result of a redirect from the authorization server. + type.matcher.v3.PathMatcher redirect_path_matcher = 5 + [(validate.rules).message = {required: true}]; + + // The path to sign a user out, clearing their credential cookies. + type.matcher.v3.PathMatcher signout_path = 6 [(validate.rules).message = {required: true}]; + + // Forward the OAuth token as a Bearer to upstream web service. + bool forward_bearer_token = 7; + + // If set to true, preserve the existing authorization header. + // By default the client strips the existing authorization header before forwarding upstream. + // Can not be set to true if forward_bearer_token is already set to true. + // Default value is false. + bool preserve_authorization_header = 16; + + // Any request that matches any of the provided matchers will be passed through without OAuth validation. + repeated config.route.v3.HeaderMatcher pass_through_matcher = 8; + + // Optional list of OAuth scopes to be claimed in the authorization request. If not specified, + // defaults to "user" scope. + // OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3 + repeated string auth_scopes = 9; + + // Optional resource parameter for authorization request + // RFC: https://tools.ietf.org/html/rfc8707 + repeated string resources = 10; + + // Defines how ``client_id`` and ``client_secret`` are sent in OAuth client to OAuth server requests. + // RFC https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 + AuthType auth_type = 11 [(validate.rules).enum = {defined_only: true}]; + + // If set to true, allows automatic access token refresh using the associated refresh token (see + // `RFC 6749 section 6 `_), provided that the OAuth server supports that. + // Default value is true. + google.protobuf.BoolValue use_refresh_token = 12; + + // The default lifetime in seconds of the access token, if omitted by the authorization server. + // + // If this value is not set, it will default to ``0s``. In this case, the expiry must be set by + // the authorization server or the OAuth flow will fail. + google.protobuf.Duration default_expires_in = 13; + + // Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid. + // Automatic access token refresh will be performed for these requests, if enabled. + // This behavior can be useful for AJAX requests. + repeated config.route.v3.HeaderMatcher deny_redirect_matcher = 14; + + // The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT. + // + // If this value is not set, it will default to ``604800s``. In this case, the cookie with the refresh token will be expired + // in a week. + // This setting is only considered if ``use_refresh_token`` is set to true, otherwise the authorization server expiration or ``default_expires_in`` is used. + google.protobuf.Duration default_refresh_token_expires_in = 15; + + // If set to true, the client will not set a cookie for ID Token even if one is received from the Identity Provider. This may be useful in cases where the ID + // Token is too large for HTTP cookies (longer than 4096 characters). Enabling this option will only disable setting the cookie response header, the filter + // will still process incoming ID Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future + // sessions would not set the IdToken cookie header. + bool disable_id_token_set_cookie = 17; + + // If set to true, the client will not set a cookie for Access Token even if one is received from the Identity Provider. + // Enabling this option will only disable setting the cookie response header, the filter + // will still process incoming Access Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future + // sessions would not set the Access Token cookie header. + bool disable_access_token_set_cookie = 19; + + // If set to true, the client will not set a cookie for Refresh Token even if one is received from the Identity Provider. + // Enabling this option will only disable setting the cookie response header, the filter + // will still process incoming Refresh Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future + // sessions would not set the Refresh Token cookie header. + bool disable_refresh_token_set_cookie = 20; +} + +// Filter config. +message OAuth2 { + // Leave this empty to disable OAuth2 for a specific route, using per filter config. + OAuth2Config config = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/13d28573480c0a3b4318af035def7a2044fd80b1e2976cc9d869d3d91e23eba5a81d0f7aaf7392fd2988a302f55e78feeca582d86a5257ee7c36c350f937f4b8 b/modules/sync/envoyproxy/envoy/cas/13d28573480c0a3b4318af035def7a2044fd80b1e2976cc9d869d3d91e23eba5a81d0f7aaf7392fd2988a302f55e78feeca582d86a5257ee7c36c350f937f4b8 new file mode 100644 index 00000000..3eaad1a2 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/13d28573480c0a3b4318af035def7a2044fd80b1e2976cc9d869d3d91e23eba5a81d0f7aaf7392fd2988a302f55e78feeca582d86a5257ee7c36c350f937f4b8 @@ -0,0 +1,256 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.tcp_proxy.v3; + +import "envoy/config/accesslog/v3/accesslog.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/config_source.proto"; +import "envoy/type/v3/hash_policy.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.tcp_proxy.v3"; +option java_outer_classname = "TcpProxyProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3;tcp_proxyv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: TCP Proxy] +// TCP Proxy :ref:`configuration overview `. +// [#extension: envoy.filters.network.tcp_proxy] + +// [#next-free-field: 18] +message TcpProxy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.tcp_proxy.v2.TcpProxy"; + + // Allows for specification of multiple upstream clusters along with weights + // that indicate the percentage of traffic to be forwarded to each cluster. + // The router selects an upstream cluster based on these weights. + message WeightedCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.tcp_proxy.v2.TcpProxy.WeightedCluster"; + + message ClusterWeight { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.tcp_proxy.v2.TcpProxy.WeightedCluster.ClusterWeight"; + + // Name of the upstream cluster. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // When a request matches the route, the choice of an upstream cluster is + // determined by its weight. The sum of weights across all entries in the + // clusters array determines the total weight. + uint32 weight = 2 [(validate.rules).uint32 = {gte: 1}]; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints + // in the upstream cluster with metadata matching what is set in this field will be considered + // for load balancing. Note that this will be merged with what's provided in + // :ref:`TcpProxy.metadata_match + // `, with values + // here taking precedence. The filter name should be specified as ``envoy.lb``. + config.core.v3.Metadata metadata_match = 3; + } + + // Specifies one or more upstream clusters associated with the route. + repeated ClusterWeight clusters = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // Configuration for tunneling TCP over other transports or application layers. + // Tunneling is supported over both HTTP/1.1 and HTTP/2. Upstream protocol is + // determined by the cluster configuration. + // [#next-free-field: 7] + message TunnelingConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.tcp_proxy.v2.TcpProxy.TunnelingConfig"; + + // The hostname to send in the synthesized CONNECT headers to the upstream proxy. + // This field evaluates command operators if set, otherwise returns hostname as is. + // + // Example: dynamically set hostname using downstream SNI + // + // .. code-block:: yaml + // + // tunneling_config: + // hostname: "%REQUESTED_SERVER_NAME%:443" + // + // Example: dynamically set hostname using dynamic metadata + // + // .. code-block:: yaml + // + // tunneling_config: + // hostname: "%DYNAMIC_METADATA(tunnel:address)%" + // + string hostname = 1 [(validate.rules).string = {min_len: 1}]; + + // Use POST method instead of CONNECT method to tunnel the TCP stream. + // The 'protocol: bytestream' header is also NOT set for HTTP/2 to comply with the spec. + // + // The upstream proxy is expected to convert POST payload as raw TCP. + bool use_post = 2; + + // Additional request headers to upstream proxy. This is mainly used to + // trigger upstream to convert POST requests back to CONNECT requests. + // + // Neither ``:-prefixed`` pseudo-headers nor the Host: header can be overridden. + repeated config.core.v3.HeaderValueOption headers_to_add = 3 + [(validate.rules).repeated = {max_items: 1000}]; + + // Save the response headers to the downstream info filter state for consumption + // by the network filters. The filter state key is ``envoy.tcp_proxy.propagate_response_headers``. + bool propagate_response_headers = 4; + + // The path used with POST method. Default path is ``/``. If post path is specified and + // :ref:`use_post field ` + // isn't true, it will be rejected. + string post_path = 5; + + // Save the response trailers to the downstream info filter state for consumption + // by the network filters. The filter state key is ``envoy.tcp_proxy.propagate_response_trailers``. + bool propagate_response_trailers = 6; + } + + message OnDemand { + // An optional configuration for on-demand cluster discovery + // service. If not specified, the on-demand cluster discovery will + // be disabled. When it's specified, the filter will pause a request + // to an unknown cluster and will begin a cluster discovery + // process. When the discovery is finished (successfully or not), + // the request will be resumed. + config.core.v3.ConfigSource odcds_config = 1; + + // xdstp:// resource locator for on-demand cluster collection. + // [#not-implemented-hide:] + string resources_locator = 2; + + // The timeout for on demand cluster lookup. If the CDS cannot return the required cluster, + // the downstream request will be closed with the error code detail NO_CLUSTER_FOUND. + // [#not-implemented-hide:] + google.protobuf.Duration timeout = 3; + } + + message TcpAccessLogOptions { + // The interval to flush access log. The TCP proxy will flush only one access log when the connection + // is closed by default. If this field is set, the TCP proxy will flush access log periodically with + // the specified interval. + // The interval must be at least 1ms. + google.protobuf.Duration access_log_flush_interval = 1 + [(validate.rules).duration = {gte {nanos: 1000000}}]; + + // If set to true, access log will be flushed when the TCP proxy has successfully established a + // connection with the upstream. If the connection failed, the access log will not be flushed. + bool flush_access_log_on_connected = 2; + } + + reserved 6; + + reserved "deprecated_v1"; + + // The prefix to use when emitting :ref:`statistics + // `. + string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; + + oneof cluster_specifier { + option (validate.required) = true; + + // The upstream cluster to connect to. + string cluster = 2; + + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. + WeightedCluster weighted_clusters = 10; + } + + // The on demand policy for the upstream cluster. + // It applies to both + // :ref:`TcpProxy.cluster ` + // and + // :ref:`TcpProxy.weighted_clusters `. + OnDemand on_demand = 14; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints + // in the upstream cluster with metadata matching what is set in this field will be considered + // for load balancing. The filter name should be specified as ``envoy.lb``. + config.core.v3.Metadata metadata_match = 9; + + // The idle timeout for connections managed by the TCP proxy filter. The idle timeout + // is defined as the period in which there are no bytes sent or received on either + // the upstream or downstream connection. If not set, the default idle timeout is 1 hour. If set + // to 0s, the timeout will be disabled. + // It is possible to dynamically override this configuration by setting a per-connection filter + // state object for the key ``envoy.tcp_proxy.per_connection_idle_timeout_ms``. + // + // .. warning:: + // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP + // FIN packets, etc. + google.protobuf.Duration idle_timeout = 8; + + // [#not-implemented-hide:] The idle timeout for connections managed by the TCP proxy + // filter. The idle timeout is defined as the period in which there is no + // active traffic. If not set, there is no idle timeout. When the idle timeout + // is reached the connection will be closed. The distinction between + // downstream_idle_timeout/upstream_idle_timeout provides a means to set + // timeout based on the last byte sent on the downstream/upstream connection. + google.protobuf.Duration downstream_idle_timeout = 3; + + // [#not-implemented-hide:] + google.protobuf.Duration upstream_idle_timeout = 4; + + // Configuration for :ref:`access logs ` + // emitted by the this tcp_proxy. + repeated config.accesslog.v3.AccessLog access_log = 5; + + // The maximum number of unsuccessful connection attempts that will be made before + // giving up. If the parameter is not specified, 1 connection attempt will be made. + google.protobuf.UInt32Value max_connect_attempts = 7 [(validate.rules).uint32 = {gte: 1}]; + + // Optional configuration for TCP proxy hash policy. If hash_policy is not set, the hash-based + // load balancing algorithms will select a host randomly. Currently the number of hash policies is + // limited to 1. + repeated type.v3.HashPolicy hash_policy = 11 [(validate.rules).repeated = {max_items: 1}]; + + // If set, this configures tunneling, e.g. configuration options to tunnel TCP payload over + // HTTP CONNECT. If this message is absent, the payload will be proxied upstream as per usual. + // It is possible to dynamically override this configuration and disable tunneling per connection, + // by setting a per-connection filter state object for the key ``envoy.tcp_proxy.disable_tunneling``. + TunnelingConfig tunneling_config = 12; + + // The maximum duration of a connection. The duration is defined as the period since a connection + // was established. If not set, there is no max duration. When max_downstream_connection_duration + // is reached the connection will be closed. Duration must be at least 1ms. + google.protobuf.Duration max_downstream_connection_duration = 13 + [(validate.rules).duration = {gte {nanos: 1000000}}]; + + // .. attention:: + // This field is deprecated in favor of + // :ref:`access_log_flush_interval + // `. + // Note that if both this field and :ref:`access_log_flush_interval + // ` + // are specified, the former (deprecated field) is ignored. + google.protobuf.Duration access_log_flush_interval = 15 [ + deprecated = true, + (validate.rules).duration = {gte {nanos: 1000000}}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // .. attention:: + // This field is deprecated in favor of + // :ref:`flush_access_log_on_connected + // `. + // Note that if both this field and :ref:`flush_access_log_on_connected + // ` + // are specified, the former (deprecated field) is ignored. + bool flush_access_log_on_connected = 16 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Additional access log options for TCP Proxy. + TcpAccessLogOptions access_log_options = 17; +} diff --git a/modules/sync/envoyproxy/envoy/cas/16743e9abc094d74cb488491197a0532e12c366aa9ca08f626567d642746c77f51d41fb061812c2e00ece48509131a6d1e0944c3802b62306a320ae73a49a4a0 b/modules/sync/envoyproxy/envoy/cas/16743e9abc094d74cb488491197a0532e12c366aa9ca08f626567d642746c77f51d41fb061812c2e00ece48509131a6d1e0944c3802b62306a320ae73a49a4a0 new file mode 100644 index 00000000..254352e7 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/16743e9abc094d74cb488491197a0532e12c366aa9ca08f626567d642746c77f51d41fb061812c2e00ece48509131a6d1e0944c3802b62306a320ae73a49a4a0 @@ -0,0 +1,124 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.aws_request_signing.v3; + +import "envoy/extensions/common/aws/v3/credential_provider.proto"; +import "envoy/type/matcher/v3/string.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.aws_request_signing.v3"; +option java_outer_classname = "AwsRequestSigningProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_request_signing/v3;aws_request_signingv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: AwsRequestSigning] +// AwsRequestSigning :ref:`configuration overview `. +// [#extension: envoy.filters.http.aws_request_signing] + +// Top level configuration for the AWS request signing filter. +// [#next-free-field: 9] +message AwsRequestSigning { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.aws_request_signing.v2alpha.AwsRequestSigning"; + + enum SigningAlgorithm { + // Use SigV4 for signing + AWS_SIGV4 = 0; + + // Use SigV4A for signing + AWS_SIGV4A = 1; + } + + message QueryString { + // Optional expiration time for the query string parameters. As query string parameter based requests are replayable, in effect representing + // an API call that has already been authenticated, it is recommended to keep this expiration time as short as feasible. + // This value will default to 5 seconds and has a maximum value of 3600 seconds (1 hour). + google.protobuf.Duration expiration_time = 1 [(validate.rules).duration = { + lte {seconds: 3600} + gte {seconds: 1} + }]; + } + + // The `service namespace + // `_ + // of the HTTP endpoint. + // + // Example: s3 + string service_name = 1 [(validate.rules).string = {min_len: 1}]; + + // Optional region string. If region is not provided, the region will be retrieved from the environment + // or AWS configuration files. See :ref:`config_http_filters_aws_request_signing_region` for more details. + // + // When signing_algorithm is set to ``AWS_SIGV4`` the region is a standard AWS `region `_ string for the service + // hosting the HTTP endpoint. + // + // Example: us-west-2 + // + // When signing_algorithm is set to ``AWS_SIGV4A`` the region is used as a region set. + // + // A region set is a comma separated list of AWS regions, such as ``us-east-1,us-east-2`` or wildcard ``*`` + // or even region strings containing wildcards such as ``us-east-*`` + // + // Example: '*' + // + // By configuring a region set, a SigV4A signed request can be sent to multiple regions, rather than being + // valid for only a single region destination. + string region = 2; + + // Indicates that before signing headers, the host header will be swapped with + // this value. If not set or empty, the original host header value + // will be used and no rewrite will happen. + // + // Note: this rewrite affects both signing and host header forwarding. However, this + // option shouldn't be used with + // :ref:`HCM host rewrite ` given that the + // value set here would be used for signing whereas the value set in the HCM would be used + // for host header forwarding which is not the desired outcome. + string host_rewrite = 3; + + // Instead of buffering the request to calculate the payload hash, use the literal string ``UNSIGNED-PAYLOAD`` + // to calculate the payload hash. Not all services support this option. See the `S3 + // `_ policy for details. + bool use_unsigned_payload = 4; + + // A list of request header string matchers that will be excluded from signing. The excluded header can be matched by + // any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc). + // + // Example: + // match_excluded_headers: + // - prefix: x-envoy + // - exact: foo + // - exact: bar + // When applied, all headers that start with "x-envoy" and headers "foo" and "bar" will not be signed. + repeated type.matcher.v3.StringMatcher match_excluded_headers = 5; + + // Optional Signing algorithm specifier, either ``AWS_SIGV4`` or ``AWS_SIGV4A``, defaulting to ``AWS_SIGV4``. + SigningAlgorithm signing_algorithm = 6; + + // If set, use the query string to store output of SigV4 or SigV4A calculation, rather than HTTP headers. The ``Authorization`` header will not be modified if ``query_string`` + // is configured. + // + // Example: + // query_string: {} + // + QueryString query_string = 7; + + // The credential provider for signing the request. This is optional and if not set, + // it will be retrieved from the procedure described in :ref:`config_http_filters_aws_request_signing`. + common.aws.v3.AwsCredentialProvider credential_provider = 8; +} + +message AwsRequestSigningPerRoute { + // Override the global configuration of the filter with this new config. + // This overrides the entire message of AwsRequestSigning and not at field level. + AwsRequestSigning aws_request_signing = 1; + + // The human readable prefix to use when emitting stats. + string stat_prefix = 2 [(validate.rules).string = {min_len: 1}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/1dc0ed3175669fbe7e372cb788cf08b7bd223d1c41f84006c55252f24c7d97717692fcd2bba39c6073db9ea03761a7f2926b41cd7b58edfdb6ed1054777c5325 b/modules/sync/envoyproxy/envoy/cas/1dc0ed3175669fbe7e372cb788cf08b7bd223d1c41f84006c55252f24c7d97717692fcd2bba39c6073db9ea03761a7f2926b41cd7b58edfdb6ed1054777c5325 new file mode 100644 index 00000000..6f3b1235 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/1dc0ed3175669fbe7e372cb788cf08b7bd223d1c41f84006c55252f24c7d97717692fcd2bba39c6073db9ea03761a7f2926b41cd7b58edfdb6ed1054777c5325 @@ -0,0 +1,415 @@ +syntax = "proto3"; + +package envoy.service.discovery.v3; + +import "envoy/config/core/v3/base.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/rpc/status.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.service.discovery.v3"; +option java_outer_classname = "DiscoveryProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3;discoveryv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Common discovery API components] + +// Specifies a resource to be subscribed to. +message ResourceLocator { + // The resource name to subscribe to. + string name = 1; + + // A set of dynamic parameters used to match against the dynamic parameter + // constraints on the resource. This allows clients to select between + // multiple variants of the same resource. + map dynamic_parameters = 2; +} + +// Specifies a concrete resource name. +message ResourceName { + // The name of the resource. + string name = 1; + + // Dynamic parameter constraints associated with this resource. To be used by client-side caches + // (including xDS proxies) when matching subscribed resource locators. + DynamicParameterConstraints dynamic_parameter_constraints = 2; +} + +// [#not-implemented-hide:] +// An error associated with a specific resource name, returned to the +// client by the server. +message ResourceError { + // The name of the resource. + ResourceName resource_name = 1; + + // The error reported for the resource. + google.rpc.Status error_detail = 2; +} + +// A DiscoveryRequest requests a set of versioned resources of the same type for +// a given Envoy node on some API. +// [#next-free-field: 8] +message DiscoveryRequest { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DiscoveryRequest"; + + // The version_info provided in the request messages will be the version_info + // received with the most recent successfully processed response or empty on + // the first request. It is expected that no new request is sent after a + // response is received until the Envoy instance is ready to ACK/NACK the new + // configuration. ACK/NACK takes place by returning the new API config version + // as applied or the previous API config version respectively. Each type_url + // (see below) has an independent version associated with it. + string version_info = 1; + + // The node making the request. + config.core.v3.Node node = 2; + + // List of resources to subscribe to, e.g. list of cluster names or a route + // configuration name. If this is empty, all resources for the API are + // returned. LDS/CDS may have empty resource_names, which will cause all + // resources for the Envoy instance to be returned. The LDS and CDS responses + // will then imply a number of resources that need to be fetched via EDS/RDS, + // which will be explicitly enumerated in resource_names. + repeated string resource_names = 3; + + // [#not-implemented-hide:] + // Alternative to ``resource_names`` field that allows specifying dynamic + // parameters along with each resource name. Clients that populate this + // field must be able to handle responses from the server where resources + // are wrapped in a Resource message. + // Note that it is legal for a request to have some resources listed + // in ``resource_names`` and others in ``resource_locators``. + repeated ResourceLocator resource_locators = 7; + + // Type of the resource that is being requested, e.g. + // "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment". This is implicit + // in requests made via singleton xDS APIs such as CDS, LDS, etc. but is + // required for ADS. + string type_url = 4; + + // nonce corresponding to DiscoveryResponse being ACK/NACKed. See above + // discussion on version_info and the DiscoveryResponse nonce comment. This + // may be empty only if 1) this is a non-persistent-stream xDS such as HTTP, + // or 2) the client has not yet accepted an update in this xDS stream (unlike + // delta, where it is populated only for new explicit ACKs). + string response_nonce = 5; + + // This is populated when the previous :ref:`DiscoveryResponse ` + // failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy + // internal exception related to the failure. It is only intended for consumption during manual + // debugging, the string provided is not guaranteed to be stable across Envoy versions. + google.rpc.Status error_detail = 6; +} + +// [#next-free-field: 8] +message DiscoveryResponse { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DiscoveryResponse"; + + // The version of the response data. + string version_info = 1; + + // The response resources. These resources are typed and depend on the API being called. + repeated google.protobuf.Any resources = 2; + + // [#not-implemented-hide:] + // Canary is used to support two Envoy command line flags: + // + // * --terminate-on-canary-transition-failure. When set, Envoy is able to + // terminate if it detects that configuration is stuck at canary. Consider + // this example sequence of updates: + // - Management server applies a canary config successfully. + // - Management server rolls back to a production config. + // - Envoy rejects the new production config. + // Since there is no sensible way to continue receiving configuration + // updates, Envoy will then terminate and apply production config from a + // clean slate. + // * --dry-run-canary. When set, a canary response will never be applied, only + // validated via a dry run. + bool canary = 3; + + // Type URL for resources. Identifies the xDS API when muxing over ADS. + // Must be consistent with the type_url in the 'resources' repeated Any (if non-empty). + string type_url = 4; + + // For gRPC based subscriptions, the nonce provides a way to explicitly ack a + // specific DiscoveryResponse in a following DiscoveryRequest. Additional + // messages may have been sent by Envoy to the management server for the + // previous version on the stream prior to this DiscoveryResponse, that were + // unprocessed at response send time. The nonce allows the management server + // to ignore any further DiscoveryRequests for the previous version until a + // DiscoveryRequest bearing the nonce. The nonce is optional and is not + // required for non-stream based xDS implementations. + string nonce = 5; + + // The control plane instance that sent the response. + config.core.v3.ControlPlane control_plane = 6; + + // [#not-implemented-hide:] + // Errors associated with specific resources. Clients are expected to + // remember the most recent error for a given resource across responses; + // the error condition is not considered to be cleared until a response is + // received that contains the resource in the 'resources' field. + repeated ResourceError resource_errors = 7; +} + +// DeltaDiscoveryRequest and DeltaDiscoveryResponse are used in a new gRPC +// endpoint for Delta xDS. +// +// With Delta xDS, the DeltaDiscoveryResponses do not need to include a full +// snapshot of the tracked resources. Instead, DeltaDiscoveryResponses are a +// diff to the state of a xDS client. +// In Delta XDS there are per-resource versions, which allow tracking state at +// the resource granularity. +// An xDS Delta session is always in the context of a gRPC bidirectional +// stream. This allows the xDS server to keep track of the state of xDS clients +// connected to it. +// +// In Delta xDS the nonce field is required and used to pair +// DeltaDiscoveryResponse to a DeltaDiscoveryRequest ACK or NACK. +// Optionally, a response message level system_version_info is present for +// debugging purposes only. +// +// DeltaDiscoveryRequest plays two independent roles. Any DeltaDiscoveryRequest +// can be either or both of: [1] informing the server of what resources the +// client has gained/lost interest in (using resource_names_subscribe and +// resource_names_unsubscribe), or [2] (N)ACKing an earlier resource update from +// the server (using response_nonce, with presence of error_detail making it a NACK). +// Additionally, the first message (for a given type_url) of a reconnected gRPC stream +// has a third role: informing the server of the resources (and their versions) +// that the client already possesses, using the initial_resource_versions field. +// +// As with state-of-the-world, when multiple resource types are multiplexed (ADS), +// all requests/acknowledgments/updates are logically walled off by type_url: +// a Cluster ACK exists in a completely separate world from a prior Route NACK. +// In particular, initial_resource_versions being sent at the "start" of every +// gRPC stream actually entails a message for each type_url, each with its own +// initial_resource_versions. +// [#next-free-field: 10] +message DeltaDiscoveryRequest { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DeltaDiscoveryRequest"; + + // The node making the request. + config.core.v3.Node node = 1; + + // Type of the resource that is being requested, e.g. + // ``type.googleapis.com/envoy.api.v2.ClusterLoadAssignment``. This does not need to be set if + // resources are only referenced via ``xds_resource_subscribe`` and + // ``xds_resources_unsubscribe``. + string type_url = 2; + + // DeltaDiscoveryRequests allow the client to add or remove individual + // resources to the set of tracked resources in the context of a stream. + // All resource names in the resource_names_subscribe list are added to the + // set of tracked resources and all resource names in the resource_names_unsubscribe + // list are removed from the set of tracked resources. + // + // *Unlike* state-of-the-world xDS, an empty resource_names_subscribe or + // resource_names_unsubscribe list simply means that no resources are to be + // added or removed to the resource list. + // *Like* state-of-the-world xDS, the server must send updates for all tracked + // resources, but can also send updates for resources the client has not subscribed to. + // + // NOTE: the server must respond with all resources listed in resource_names_subscribe, + // even if it believes the client has the most recent version of them. The reason: + // the client may have dropped them, but then regained interest before it had a chance + // to send the unsubscribe message. See DeltaSubscriptionStateTest.RemoveThenAdd. + // + // These two fields can be set in any DeltaDiscoveryRequest, including ACKs + // and initial_resource_versions. + // + // A list of Resource names to add to the list of tracked resources. + repeated string resource_names_subscribe = 3; + + // A list of Resource names to remove from the list of tracked resources. + repeated string resource_names_unsubscribe = 4; + + // [#not-implemented-hide:] + // Alternative to ``resource_names_subscribe`` field that allows specifying dynamic parameters + // along with each resource name. + // Note that it is legal for a request to have some resources listed + // in ``resource_names_subscribe`` and others in ``resource_locators_subscribe``. + repeated ResourceLocator resource_locators_subscribe = 8; + + // [#not-implemented-hide:] + // Alternative to ``resource_names_unsubscribe`` field that allows specifying dynamic parameters + // along with each resource name. + // Note that it is legal for a request to have some resources listed + // in ``resource_names_unsubscribe`` and others in ``resource_locators_unsubscribe``. + repeated ResourceLocator resource_locators_unsubscribe = 9; + + // Informs the server of the versions of the resources the xDS client knows of, to enable the + // client to continue the same logical xDS session even in the face of gRPC stream reconnection. + // It will not be populated: [1] in the very first stream of a session, since the client will + // not yet have any resources, [2] in any message after the first in a stream (for a given + // type_url), since the server will already be correctly tracking the client's state. + // (In ADS, the first message *of each type_url* of a reconnected stream populates this map.) + // The map's keys are names of xDS resources known to the xDS client. + // The map's values are opaque resource versions. + map initial_resource_versions = 5; + + // When the DeltaDiscoveryRequest is a ACK or NACK message in response + // to a previous DeltaDiscoveryResponse, the response_nonce must be the + // nonce in the DeltaDiscoveryResponse. + // Otherwise (unlike in DiscoveryRequest) response_nonce must be omitted. + string response_nonce = 6; + + // This is populated when the previous :ref:`DiscoveryResponse ` + // failed to update configuration. The ``message`` field in ``error_details`` + // provides the Envoy internal exception related to the failure. + google.rpc.Status error_detail = 7; +} + +// [#next-free-field: 10] +message DeltaDiscoveryResponse { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.DeltaDiscoveryResponse"; + + // The version of the response data (used for debugging). + string system_version_info = 1; + + // The response resources. These are typed resources, whose types must match + // the type_url field. + repeated Resource resources = 2; + + // field id 3 IS available! + + // Type URL for resources. Identifies the xDS API when muxing over ADS. + // Must be consistent with the type_url in the Any within 'resources' if 'resources' is non-empty. + string type_url = 4; + + // Resources names of resources that have be deleted and to be removed from the xDS Client. + // Removed resources for missing resources can be ignored. + repeated string removed_resources = 6; + + // Alternative to removed_resources that allows specifying which variant of + // a resource is being removed. This variant must be used for any resource + // for which dynamic parameter constraints were sent to the client. + repeated ResourceName removed_resource_names = 8; + + // The nonce provides a way for DeltaDiscoveryRequests to uniquely + // reference a DeltaDiscoveryResponse when (N)ACKing. The nonce is required. + string nonce = 5; + + // [#not-implemented-hide:] + // The control plane instance that sent the response. + config.core.v3.ControlPlane control_plane = 7; + + // [#not-implemented-hide:] + // Errors associated with specific resources. Note that a resource in + // this field with a status of NOT_FOUND should be treated the same as + // a resource listed in the 'removed_resources' or 'removed_resource_names' + // fields. + repeated ResourceError resource_errors = 9; +} + +// A set of dynamic parameter constraints associated with a variant of an individual xDS resource. +// These constraints determine whether the resource matches a subscription based on the set of +// dynamic parameters in the subscription, as specified in the +// :ref:`ResourceLocator.dynamic_parameters` +// field. This allows xDS implementations (clients, servers, and caching proxies) to determine +// which variant of a resource is appropriate for a given client. +message DynamicParameterConstraints { + // A single constraint for a given key. + message SingleConstraint { + message Exists { + } + + // The key to match against. + string key = 1; + + oneof constraint_type { + option (validate.required) = true; + + // Matches this exact value. + string value = 2; + + // Key is present (matches any value except for the key being absent). + // This allows setting a default constraint for clients that do + // not send a key at all, while there may be other clients that need + // special configuration based on that key. + Exists exists = 3; + } + } + + message ConstraintList { + repeated DynamicParameterConstraints constraints = 1; + } + + oneof type { + // A single constraint to evaluate. + SingleConstraint constraint = 1; + + // A list of constraints that match if any one constraint in the list + // matches. + ConstraintList or_constraints = 2; + + // A list of constraints that must all match. + ConstraintList and_constraints = 3; + + // The inverse (NOT) of a set of constraints. + DynamicParameterConstraints not_constraints = 4; + } +} + +// [#next-free-field: 10] +message Resource { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Resource"; + + // Cache control properties for the resource. + // [#not-implemented-hide:] + message CacheControl { + // If true, xDS proxies may not cache this resource. + // Note that this does not apply to clients other than xDS proxies, which must cache resources + // for their own use, regardless of the value of this field. + bool do_not_cache = 1; + } + + // The resource's name, to distinguish it from others of the same type of resource. + // Only one of ``name`` or ``resource_name`` may be set. + string name = 3; + + // Alternative to the ``name`` field, to be used when the server supports + // multiple variants of the named resource that are differentiated by + // dynamic parameter constraints. + // Only one of ``name`` or ``resource_name`` may be set. + ResourceName resource_name = 8; + + // The aliases are a list of other names that this resource can go by. + repeated string aliases = 4; + + // The resource level version. It allows xDS to track the state of individual + // resources. + string version = 1; + + // The resource being tracked. + google.protobuf.Any resource = 2; + + // Time-to-live value for the resource. For each resource, a timer is started. The timer is + // reset each time the resource is received with a new TTL. If the resource is received with + // no TTL set, the timer is removed for the resource. Upon expiration of the timer, the + // configuration for the resource will be removed. + // + // The TTL can be refreshed or changed by sending a response that doesn't change the resource + // version. In this case the resource field does not need to be populated, which allows for + // light-weight "heartbeat" updates to keep a resource with a TTL alive. + // + // The TTL feature is meant to support configurations that should be removed in the event of + // a management server failure. For example, the feature may be used for fault injection + // testing where the fault injection should be terminated in the event that Envoy loses contact + // with the management server. + google.protobuf.Duration ttl = 6; + + // Cache control properties for the resource. + // [#not-implemented-hide:] + CacheControl cache_control = 7; + + // The Metadata field can be used to provide additional information for the resource. + // E.g. the trace data for debugging. + config.core.v3.Metadata metadata = 9; +} diff --git a/modules/sync/envoyproxy/envoy/cas/273468a90f7dcbc52642fbfc349d82c95b632f8e2a826803410ab1339941c30db7cbbbeead904fc6023365da6c465951f454b9d5d0efbf4154b454d527d39d20 b/modules/sync/envoyproxy/envoy/cas/273468a90f7dcbc52642fbfc349d82c95b632f8e2a826803410ab1339941c30db7cbbbeead904fc6023365da6c465951f454b9d5d0efbf4154b454d527d39d20 new file mode 100644 index 00000000..ab193f49 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/273468a90f7dcbc52642fbfc349d82c95b632f8e2a826803410ab1339941c30db7cbbbeead904fc6023365da6c465951f454b9d5d0efbf4154b454d527d39d20 @@ -0,0 +1,415 @@ +syntax = "proto3"; + +package envoy.service.ext_proc.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto"; +import "envoy/type/v3/http_status.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.service.ext_proc.v3"; +option java_outer_classname = "ExternalProcessorProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/ext_proc/v3;ext_procv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: External processing service] + +// A service that can access and modify HTTP requests and responses +// as part of a filter chain. +// The overall external processing protocol works like this: +// +// 1. Envoy sends to the service information about the HTTP request. +// 2. The service sends back a ProcessingResponse message that directs Envoy +// to either stop processing, continue without it, or send it the +// next chunk of the message body. +// 3. If so requested, Envoy sends the server chunks of the message body, +// or the entire body at once. In either case, the server sends back +// a ProcessingResponse after each message it receives. +// 4. If so requested, Envoy sends the server the HTTP trailers, +// and the server sends back a ProcessingResponse. +// 5. At this point, request processing is done, and we pick up again +// at step 1 when Envoy receives a response from the upstream server. +// 6. At any point above, if the server closes the gRPC stream cleanly, +// then Envoy proceeds without consulting the server. +// 7. At any point above, if the server closes the gRPC stream with an error, +// then Envoy returns a 500 error to the client, unless the filter +// was configured to ignore errors. +// +// In other words, the process is a request/response conversation, but +// using a gRPC stream to make it easier for the server to +// maintain state. +service ExternalProcessor { + // This begins the bidirectional stream that Envoy will use to + // give the server control over what the filter does. The actual + // protocol is described by the ProcessingRequest and ProcessingResponse + // messages below. + rpc Process(stream ProcessingRequest) returns (stream ProcessingResponse) { + } +} + +// This represents the different types of messages that Envoy can send +// to an external processing server. +// [#next-free-field: 11] +message ProcessingRequest { + reserved 1; + + reserved "async_mode"; + + // Each request message will include one of the following sub-messages. Which + // ones are set for a particular HTTP request/response depend on the + // processing mode. + oneof request { + option (validate.required) = true; + + // Information about the HTTP request headers, as well as peer info and additional + // properties. Unless ``observability_mode`` is ``true``, the server must send back a + // HeaderResponse message, an ImmediateResponse message, or close the stream. + HttpHeaders request_headers = 2; + + // Information about the HTTP response headers, as well as peer info and additional + // properties. Unless ``observability_mode`` is ``true``, the server must send back a + // HeaderResponse message or close the stream. + HttpHeaders response_headers = 3; + + // A chunk of the HTTP request body. Unless ``observability_mode`` is true, the server must send back + // a BodyResponse message, an ImmediateResponse message, or close the stream. + HttpBody request_body = 4; + + // A chunk of the HTTP response body. Unless ``observability_mode`` is ``true``, the server must send back + // a BodyResponse message or close the stream. + HttpBody response_body = 5; + + // The HTTP trailers for the request path. Unless ``observability_mode`` is ``true``, the server + // must send back a TrailerResponse message or close the stream. + // + // This message is only sent if the trailers processing mode is set to ``SEND`` and + // the original downstream request has trailers. + HttpTrailers request_trailers = 6; + + // The HTTP trailers for the response path. Unless ``observability_mode`` is ``true``, the server + // must send back a TrailerResponse message or close the stream. + // + // This message is only sent if the trailers processing mode is set to ``SEND`` and + // the original upstream response has trailers. + HttpTrailers response_trailers = 7; + } + + // Dynamic metadata associated with the request. + config.core.v3.Metadata metadata_context = 8; + + // The values of properties selected by the ``request_attributes`` + // or ``response_attributes`` list in the configuration. Each entry + // in the list is populated from the standard + // :ref:`attributes ` supported across Envoy. + map attributes = 9; + + // Specify whether the filter that sent this request is running in :ref:`observability_mode + // ` + // and defaults to false. + // + // * A value of ``false`` indicates that the server must respond + // to this message by either sending back a matching ProcessingResponse message, + // or by closing the stream. + // * A value of ``true`` indicates that the server should not respond to this message, as any + // responses will be ignored. However, it may still close the stream to indicate that no more messages + // are needed. + // + bool observability_mode = 10; +} + +// For every ProcessingRequest received by the server with the ``observability_mode`` field +// set to false, the server must send back exactly one ProcessingResponse message. +// [#next-free-field: 11] +message ProcessingResponse { + // The response type that is sent by the server. + oneof response { + option (validate.required) = true; + + // The server must send back this message in response to a message with the + // ``request_headers`` field set. + HeadersResponse request_headers = 1; + + // The server must send back this message in response to a message with the + // ``response_headers`` field set. + HeadersResponse response_headers = 2; + + // The server must send back this message in response to a message with + // the ``request_body`` field set. + BodyResponse request_body = 3; + + // The server must send back this message in response to a message with + // the ``response_body`` field set. + BodyResponse response_body = 4; + + // The server must send back this message in response to a message with + // the ``request_trailers`` field set. + TrailersResponse request_trailers = 5; + + // The server must send back this message in response to a message with + // the ``response_trailers`` field set. + TrailersResponse response_trailers = 6; + + // If specified, attempt to create a locally generated response, send it + // downstream, and stop processing additional filters and ignore any + // additional messages received from the remote server for this request or + // response. If a response has already started -- for example, if this + // message is sent response to a ``response_body`` message -- then + // this will either ship the reply directly to the downstream codec, + // or reset the stream. + ImmediateResponse immediate_response = 7; + } + + // Optional metadata that will be emitted as dynamic metadata to be consumed by + // following filters. This metadata will be placed in the namespace(s) specified by the top-level + // field name(s) of the struct. + google.protobuf.Struct dynamic_metadata = 8; + + // Override how parts of the HTTP request and response are processed + // for the duration of this particular request/response only. Servers + // may use this to intelligently control how requests are processed + // based on the headers and other metadata that they see. + // This field is only applicable when servers responding to the header requests. + // If it is set in the response to the body or trailer requests, it will be ignored by Envoy. + // It is also ignored by Envoy when the ext_proc filter config + // :ref:`allow_mode_override + // ` + // is set to false, or + // :ref:`send_body_without_waiting_for_header_response + // ` + // is set to true. + envoy.extensions.filters.http.ext_proc.v3.ProcessingMode mode_override = 9; + + // When ext_proc server receives a request message, in case it needs more + // time to process the message, it sends back a ProcessingResponse message + // with a new timeout value. When Envoy receives this response message, + // it ignores other fields in the response, just stop the original timer, + // which has the timeout value specified in + // :ref:`message_timeout + // ` + // and start a new timer with this ``override_message_timeout`` value and keep the + // Envoy ext_proc filter state machine intact. + // Has to be >= 1ms and <= + // :ref:`max_message_timeout ` + // Such message can be sent at most once in a particular Envoy ext_proc filter processing state. + // To enable this API, one has to set ``max_message_timeout`` to a number >= 1ms. + google.protobuf.Duration override_message_timeout = 10; +} + +// The following are messages that are sent to the server. + +// This message is sent to the external server when the HTTP request and responses +// are first received. +message HttpHeaders { + // The HTTP request headers. All header keys will be + // lower-cased, because HTTP header keys are case-insensitive. + // The header value is encoded in the + // :ref:`raw_value ` field. + config.core.v3.HeaderMap headers = 1; + + // [#not-implemented-hide:] + // This field is deprecated and not implemented. Attributes will be sent in + // the top-level :ref:`attributes attributes = 2 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // If ``true``, then there is no message body associated with this + // request or response. + bool end_of_stream = 3; +} + +// This message is sent to the external server when the HTTP request and +// response bodies are received. +message HttpBody { + // The contents of the body in the HTTP request/response. Note that in + // streaming mode multiple ``HttpBody`` messages may be sent. + bytes body = 1; + + // If ``true``, this will be the last ``HttpBody`` message that will be sent and no + // trailers will be sent for the current request/response. + bool end_of_stream = 2; +} + +// This message is sent to the external server when the HTTP request and +// response trailers are received. +message HttpTrailers { + // The header value is encoded in the + // :ref:`raw_value ` field. + config.core.v3.HeaderMap trailers = 1; +} + +// The following are messages that may be sent back by the server. + +// This message is sent by the external server to Envoy after ``HttpHeaders`` was +// sent to it. +message HeadersResponse { + // Details the modifications (if any) to be made by Envoy to the current + // request/response. + CommonResponse response = 1; +} + +// This message is sent by the external server to Envoy after ``HttpBody`` was +// sent to it. +message BodyResponse { + // Details the modifications (if any) to be made by Envoy to the current + // request/response. + CommonResponse response = 1; +} + +// This message is sent by the external server to Envoy after ``HttpTrailers`` was +// sent to it. +message TrailersResponse { + // Details the modifications (if any) to be made by Envoy to the current + // request/response trailers. + HeaderMutation header_mutation = 1; +} + +// This message contains common fields between header and body responses. +// [#next-free-field: 6] +message CommonResponse { + // The status of the response. + enum ResponseStatus { + // Apply the mutation instructions in this message to the + // request or response, and then continue processing the filter + // stream as normal. This is the default. + CONTINUE = 0; + + // Apply the specified header mutation, replace the body with the body + // specified in the body mutation (if present), and do not send any + // further messages for this request or response even if the processing + // mode is configured to do so. + // + // When used in response to a request_headers or response_headers message, + // this status makes it possible to either completely replace the body + // while discarding the original body, or to add a body to a message that + // formerly did not have one. + // + // In other words, this response makes it possible to turn an HTTP GET + // into a POST, PUT, or PATCH. + CONTINUE_AND_REPLACE = 1; + } + + // If set, provide additional direction on how the Envoy proxy should + // handle the rest of the HTTP filter chain. + ResponseStatus status = 1 [(validate.rules).enum = {defined_only: true}]; + + // Instructions on how to manipulate the headers. When responding to an + // HttpBody request, header mutations will only take effect if + // the current processing mode for the body is BUFFERED. + HeaderMutation header_mutation = 2; + + // Replace the body of the last message sent to the remote server on this + // stream. If responding to an HttpBody request, simply replace or clear + // the body chunk that was sent with that request. Body mutations may take + // effect in response either to ``header`` or ``body`` messages. When it is + // in response to ``header`` messages, it only take effect if the + // :ref:`status ` + // is set to CONTINUE_AND_REPLACE. + BodyMutation body_mutation = 3; + + // [#not-implemented-hide:] + // Add new trailers to the message. This may be used when responding to either a + // HttpHeaders or HttpBody message, but only if this message is returned + // along with the CONTINUE_AND_REPLACE status. + // The header value is encoded in the + // :ref:`raw_value ` field. + config.core.v3.HeaderMap trailers = 4; + + // Clear the route cache for the current client request. This is necessary + // if the remote server modified headers that are used to calculate the route. + // This field is ignored in the response direction. This field is also ignored + // if the Envoy ext_proc filter is in the upstream filter chain. + bool clear_route_cache = 5; +} + +// This message causes the filter to attempt to create a locally +// generated response, send it downstream, stop processing +// additional filters, and ignore any additional messages received +// from the remote server for this request or response. If a response +// has already started, then this will either ship the reply directly +// to the downstream codec, or reset the stream. +// [#next-free-field: 6] +message ImmediateResponse { + // The response code to return. + type.v3.HttpStatus status = 1 [(validate.rules).message = {required: true}]; + + // Apply changes to the default headers, which will include content-type. + HeaderMutation headers = 2; + + // The message body to return with the response which is sent using the + // text/plain content type, or encoded in the grpc-message header. + bytes body = 3; + + // If set, then include a gRPC status trailer. + GrpcStatus grpc_status = 4; + + // A string detailing why this local reply was sent, which may be included + // in log and debug output (e.g. this populates the %RESPONSE_CODE_DETAILS% + // command operator field for use in access logging). + string details = 5; +} + +// This message specifies a gRPC status for an ImmediateResponse message. +message GrpcStatus { + // The actual gRPC status. + uint32 status = 1; +} + +// Change HTTP headers or trailers by appending, replacing, or removing +// headers. +message HeaderMutation { + // Add or replace HTTP headers. Attempts to set the value of + // any ``x-envoy`` header, and attempts to set the ``:method``, + // ``:authority``, ``:scheme``, or ``host`` headers will be ignored. + // The header value is encoded in the + // :ref:`raw_value ` field. + repeated config.core.v3.HeaderValueOption set_headers = 1; + + // Remove these HTTP headers. Attempts to remove system headers -- + // any header starting with ``:``, plus ``host`` -- will be ignored. + repeated string remove_headers = 2; +} + +// [#not-implemented-hide:] +// The body response message corresponding to FULL_DUPLEX_STREAMED body mode. +message StreamedBodyResponse { + // The body response chunk that will be passed to the upstream/downstream by Envoy. + bytes body = 1; + + // The server sets this flag to true if it has received a body request with + // :ref:`end_of_stream ` set to true, + // and this is the last chunk of body responses. + bool end_of_stream = 2; +} + +// This message specifies the body mutation the server sends to Envoy. +message BodyMutation { + // The type of mutation for the body. + oneof mutation { + // The entire body to replace. + // Should only be used when the corresponding ``BodySendMode`` in the + // :ref:`processing_mode ` + // is not set to ``FULL_DUPLEX_STREAMED``. + bytes body = 1; + + // Clear the corresponding body chunk. + // Should only be used when the corresponding ``BodySendMode`` in the + // :ref:`processing_mode ` + // is not set to ``FULL_DUPLEX_STREAMED``. + // Clear the corresponding body chunk. + bool clear_body = 2; + + // [#not-implemented-hide:] + // Must be used when the corresponding ``BodySendMode`` in the + // :ref:`processing_mode ` + // is set to ``FULL_DUPLEX_STREAMED``. + StreamedBodyResponse streamed_response = 3; + } +} diff --git a/modules/sync/envoyproxy/envoy/cas/351c700fdc79f734495275aa260893d6c24fb092e46a262587b4bdc2ac6ff3ca72882169529598449f54aff03ceb3915e9ad71e3e6b2d0010e93e3081fa87a0e b/modules/sync/envoyproxy/envoy/cas/351c700fdc79f734495275aa260893d6c24fb092e46a262587b4bdc2ac6ff3ca72882169529598449f54aff03ceb3915e9ad71e3e6b2d0010e93e3081fa87a0e new file mode 100644 index 00000000..871c9158 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/351c700fdc79f734495275aa260893d6c24fb092e46a262587b4bdc2ac6ff3ca72882169529598449f54aff03ceb3915e9ad71e3e6b2d0010e93e3081fa87a0e @@ -0,0 +1,438 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ext_proc.v3; + +import "envoy/config/common/mutation_rules/v3/mutation_rules.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/grpc_service.proto"; +import "envoy/config/core/v3/http_service.proto"; +import "envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto"; +import "envoy/type/matcher/v3/string.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; + +import "xds/annotations/v3/status.proto"; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_proc.v3"; +option java_outer_classname = "ExtProcProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_proc/v3;ext_procv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: External Processing Filter] +// External Processing Filter +// [#extension: envoy.filters.http.ext_proc] + +// The External Processing filter allows an external service to act on HTTP traffic in a flexible way. + +// The filter communicates with an external gRPC service called an "external processor" +// that can do a variety of things with the request and response: +// +// * Access and modify the HTTP headers on the request, response, or both +// * Access and modify the HTTP request and response bodies +// * Access and modify the dynamic stream metadata +// * Immediately send an HTTP response downstream and terminate other processing +// +// The filter communicates with the server using a gRPC bidirectional stream. After the initial +// request, the external server is in control over what additional data is sent to it +// and how it should be processed. +// +// By implementing the protocol specified by the stream, the external server can choose: +// +// * Whether it receives the response message at all +// * Whether it receives the message body at all, in separate chunks, or as a single buffer +// * Whether subsequent HTTP requests are transmitted synchronously or whether they are +// sent asynchronously. +// * To modify request or response trailers if they already exist +// +// The filter supports up to six different processing steps. Each is represented by +// a gRPC stream message that is sent to the external processor. For each message, the +// processor must send a matching response. +// +// * Request headers: Contains the headers from the original HTTP request. +// * Request body: Delivered if they are present and sent in a single message if +// the BUFFERED or BUFFERED_PARTIAL mode is chosen, in multiple messages if the +// STREAMED mode is chosen, and not at all otherwise. +// * Request trailers: Delivered if they are present and if the trailer mode is set +// to SEND. +// * Response headers: Contains the headers from the HTTP response. Keep in mind +// that if the upstream system sends them before processing the request body that +// this message may arrive before the complete body. +// * Response body: Sent according to the processing mode like the request body. +// * Response trailers: Delivered according to the processing mode like the +// request trailers. +// +// By default, the processor sends only the request and response headers messages. +// This may be changed to include any of the six steps by changing the processing_mode +// setting of the filter configuration, or by setting the mode_override of any response +// from the external processor. The latter is only enabled if allow_mode_override is +// set to true. This way, a processor may, for example, use information +// in the request header to determine whether the message body must be examined, or whether +// the proxy should simply stream it straight through. +// +// All of this together allows a server to process the filter traffic in fairly +// sophisticated ways. For example: +// +// * A server may choose to examine all or part of the HTTP message bodies depending +// on the content of the headers. +// * A server may choose to immediately reject some messages based on their HTTP +// headers (or other dynamic metadata) and more carefully examine others. +// * A server may asynchronously monitor traffic coming through the filter by inspecting +// headers, bodies, or both, and then decide to switch to a synchronous processing +// mode, either permanently or temporarily. +// +// The protocol itself is based on a bidirectional gRPC stream. Envoy will send the +// server +// :ref:`ProcessingRequest ` +// messages, and the server must reply with +// :ref:`ProcessingResponse `. +// +// Stats about each gRPC call are recorded in a :ref:`dynamic filter state +// ` object in a namespace matching the filter +// name. +// +// [#next-free-field: 23] +message ExternalProcessor { + // Describes the route cache action to be taken when an external processor response + // is received in response to request headers. + enum RouteCacheAction { + // The default behavior is to clear the route cache only when the + // :ref:`clear_route_cache ` + // field is set in an external processor response. + DEFAULT = 0; + + // Always clear the route cache irrespective of the clear_route_cache bit in + // the external processor response. + CLEAR = 1; + + // Do not clear the route cache irrespective of the clear_route_cache bit in + // the external processor response. Setting to RETAIN is equivalent to set the + // :ref:`disable_clear_route_cache ` + // to true. + RETAIN = 2; + } + + reserved 4; + + reserved "async_mode"; + + // Configuration for the gRPC service that the filter will communicate with. + // The filter supports both the "Envoy" and "Google" gRPC clients. + // Only one of ``grpc_service`` or ``http_service`` can be set. + // It is required that one of them must be set. + config.core.v3.GrpcService grpc_service = 1 + [(udpa.annotations.field_migrate).oneof_promotion = "ext_proc_service_type"]; + + // Configuration for the HTTP service that the filter will communicate with. + // Only one of ``http_service`` or + // :ref:`grpc_service `. + // can be set. It is required that one of them must be set. + // + // If ``http_service`` is set, the + // :ref:`processing_mode ` + // can not be configured to send any body or trailers. i.e, http_service only supports + // sending request or response headers to the side stream server. + // + // With this configuration, Envoy behavior: + // + // 1. The headers are first put in a proto message + // :ref:`ProcessingRequest `. + // + // 2. This proto message is then transcoded into a JSON text. + // + // 3. Envoy then sends a HTTP POST message with content-type as "application/json", + // and this JSON text as body to the side stream server. + // + // After the side-stream receives this HTTP request message, it is expected to do as follows: + // + // 1. It converts the body, which is a JSON string, into a ``ProcessingRequest`` + // proto message to examine and mutate the headers. + // + // 2. It then sets the mutated headers into a new proto message + // :ref:`ProcessingResponse `. + // + // 3. It converts ``ProcessingResponse`` proto message into a JSON text. + // + // 4. It then sends a HTTP response back to Envoy with status code as "200", + // content-type as "application/json" and sets the JSON text as the body. + // + ExtProcHttpService http_service = 20 [ + (udpa.annotations.field_migrate).oneof_promotion = "ext_proc_service_type", + (xds.annotations.v3.field_status).work_in_progress = true + ]; + + // By default, if the gRPC stream cannot be established, or if it is closed + // prematurely with an error, the filter will fail. Specifically, if the + // response headers have not yet been delivered, then it will return a 500 + // error downstream. If they have been delivered, then instead the HTTP stream to the + // downstream client will be reset. + // With this parameter set to true, however, then if the gRPC stream is prematurely closed + // or could not be opened, processing continues without error. + bool failure_mode_allow = 2; + + // Specifies default options for how HTTP headers, trailers, and bodies are + // sent. See ProcessingMode for details. + ProcessingMode processing_mode = 3; + + // Envoy provides a number of :ref:`attributes ` + // for expressive policies. Each attribute name provided in this field will be + // matched against that list and populated in the request_headers message. + // See the :ref:`attribute documentation ` + // for the list of supported attributes and their types. + repeated string request_attributes = 5; + + // Envoy provides a number of :ref:`attributes ` + // for expressive policies. Each attribute name provided in this field will be + // matched against that list and populated in the response_headers message. + // See the :ref:`attribute documentation ` + // for the list of supported attributes and their types. + repeated string response_attributes = 6; + + // Specifies the timeout for each individual message sent on the stream and + // when the filter is running in synchronous mode. Whenever the proxy sends + // a message on the stream that requires a response, it will reset this timer, + // and will stop processing and return an error (subject to the processing mode) + // if the timer expires before a matching response is received. There is no + // timeout when the filter is running in asynchronous mode. Zero is a valid + // config which means the timer will be triggered immediately. If not + // configured, default is 200 milliseconds. + google.protobuf.Duration message_timeout = 7 [(validate.rules).duration = { + lte {seconds: 3600} + gte {} + }]; + + // Optional additional prefix to use when emitting statistics. This allows to distinguish + // emitted statistics between configured *ext_proc* filters in an HTTP filter chain. + string stat_prefix = 8; + + // Rules that determine what modifications an external processing server may + // make to message headers. If not set, all headers may be modified except + // for "host", ":authority", ":scheme", ":method", and headers that start + // with the header prefix set via + // :ref:`header_prefix ` + // (which is usually "x-envoy"). + // Note that changing headers such as "host" or ":authority" may not in itself + // change Envoy's routing decision, as routes can be cached. To also force the + // route to be recomputed, set the + // :ref:`clear_route_cache ` + // field to true in the same response. + config.common.mutation_rules.v3.HeaderMutationRules mutation_rules = 9; + + // Specify the upper bound of + // :ref:`override_message_timeout ` + // If not specified, by default it is 0, which will effectively disable the ``override_message_timeout`` API. + google.protobuf.Duration max_message_timeout = 10 [(validate.rules).duration = { + lte {seconds: 3600} + gte {} + }]; + + // Allow headers matching the ``forward_rules`` to be forwarded to the external processing server. + // If not set, all headers are forwarded to the external processing server. + HeaderForwardingRules forward_rules = 12; + + // Additional metadata to be added to the filter state for logging purposes. The metadata + // will be added to StreamInfo's filter state under the namespace corresponding to the + // ext_proc filter name. + google.protobuf.Struct filter_metadata = 13; + + // If ``allow_mode_override`` is set to true, the filter config :ref:`processing_mode + // ` + // can be overridden by the response message from the external processing server + // :ref:`mode_override `. + // If not set, ``mode_override`` API in the response message will be ignored. + bool allow_mode_override = 14; + + // If set to true, ignore the + // :ref:`immediate_response ` + // message in an external processor response. In such case, no local reply will be sent. + // Instead, the stream to the external processor will be closed. There will be no + // more external processing for this stream from now on. + bool disable_immediate_response = 15; + + // Options related to the sending and receiving of dynamic metadata. + MetadataOptions metadata_options = 16; + + // If true, send each part of the HTTP request or response specified by ProcessingMode + // without pausing on filter chain iteration. It is "Send and Go" mode that can be used + // by external processor to observe Envoy data and status. In this mode: + // + // 1. Only STREAMED body processing mode is supported and any other body processing modes will be + // ignored. NONE mode(i.e., skip body processing) will still work as expected. + // + // 2. External processor should not send back processing response, as any responses will be ignored. + // This also means that + // :ref:`message_timeout ` + // restriction doesn't apply to this mode. + // + // 3. External processor may still close the stream to indicate that no more messages are needed. + // + // .. warning:: + // + // Flow control is necessary mechanism to prevent the fast sender (either downstream client or upstream server) + // from overwhelming the external processor when its processing speed is slower. + // This protective measure is being explored and developed but has not been ready yet, so please use your own + // discretion when enabling this feature. + // This work is currently tracked under https://github.com/envoyproxy/envoy/issues/33319. + // + bool observability_mode = 17; + + // Prevents clearing the route-cache when the + // :ref:`clear_route_cache ` + // field is set in an external processor response. + // Only one of ``disable_clear_route_cache`` or ``route_cache_action`` can be set. + // It is recommended to set ``route_cache_action`` which supersedes ``disable_clear_route_cache``. + bool disable_clear_route_cache = 11 + [(udpa.annotations.field_migrate).oneof_promotion = "clear_route_cache_type"]; + + // Specifies the action to be taken when an external processor response is + // received in response to request headers. It is recommended to set this field than set + // :ref:`disable_clear_route_cache `. + // Only one of ``disable_clear_route_cache`` or ``route_cache_action`` can be set. + RouteCacheAction route_cache_action = 18 + [(udpa.annotations.field_migrate).oneof_promotion = "clear_route_cache_type"]; + + // Specifies the deferred closure timeout for gRPC stream that connects to external processor. Currently, the deferred stream closure + // is only used in :ref:`observability_mode `. + // In observability mode, gRPC streams may be held open to the external processor longer than the lifetime of the regular client to + // backend stream lifetime. In this case, Envoy will eventually timeout the external processor stream according to this time limit. + // The default value is 5000 milliseconds (5 seconds) if not specified. + google.protobuf.Duration deferred_close_timeout = 19; + + // Send body to the side stream server once it arrives without waiting for the header response from that server. + // It only works for STREAMED body processing mode. For any other body processing modes, it is ignored. + // The server has two options upon receiving a header request: + // + // 1. Instant Response: send the header response as soon as the header request is received. + // + // 2. Delayed Response: wait for the body before sending any response. + // + // In all scenarios, the header-body ordering must always be maintained. + // + // If enabled Envoy will ignore the + // :ref:`mode_override ` + // value that the server sends in the header response. This is because Envoy may have already + // sent the body to the server, prior to processing the header response. + bool send_body_without_waiting_for_header_response = 21; + + // When :ref:`allow_mode_override + // ` is enabled and + // ``allowed_override_modes`` is configured, the filter config :ref:`processing_mode + // ` + // can only be overridden by the response message from the external processing server iff the + // :ref:`mode_override ` is allowed by + // the ``allowed_override_modes`` allow-list below. + repeated ProcessingMode allowed_override_modes = 22; +} + +// ExtProcHttpService is used for HTTP communication between the filter and the external processing service. +message ExtProcHttpService { + // Sets the HTTP service which the external processing requests must be sent to. + config.core.v3.HttpService http_service = 1; +} + +// The MetadataOptions structure defines options for the sending and receiving of +// dynamic metadata. Specifically, which namespaces to send to the server, whether +// metadata returned by the server may be written, and how that metadata may be written. +message MetadataOptions { + message MetadataNamespaces { + // Specifies a list of metadata namespaces whose values, if present, + // will be passed to the ext_proc service as an opaque *protobuf::Struct*. + repeated string untyped = 1; + + // Specifies a list of metadata namespaces whose values, if present, + // will be passed to the ext_proc service as a *protobuf::Any*. This allows + // envoy and the external processing server to share the protobuf message + // definition for safe parsing. + repeated string typed = 2; + } + + // Describes which typed or untyped dynamic metadata namespaces to forward to + // the external processing server. + MetadataNamespaces forwarding_namespaces = 1; + + // Describes which typed or untyped dynamic metadata namespaces to accept from + // the external processing server. Set to empty or leave unset to disallow writing + // any received dynamic metadata. Receiving of typed metadata is not supported. + MetadataNamespaces receiving_namespaces = 2; +} + +// The HeaderForwardingRules structure specifies what headers are +// allowed to be forwarded to the external processing server. +// +// This works as below: +// +// 1. If neither ``allowed_headers`` nor ``disallowed_headers`` is set, all headers are forwarded. +// 2. If both ``allowed_headers`` and ``disallowed_headers`` are set, only headers in the +// ``allowed_headers`` but not in the ``disallowed_headers`` are forwarded. +// 3. If ``allowed_headers`` is set, and ``disallowed_headers`` is not set, only headers in +// the ``allowed_headers`` are forwarded. +// 4. If ``disallowed_headers`` is set, and ``allowed_headers`` is not set, all headers except +// headers in the ``disallowed_headers`` are forwarded. +message HeaderForwardingRules { + // If set, specifically allow any header in this list to be forwarded to the external + // processing server. This can be overridden by the below ``disallowed_headers``. + type.matcher.v3.ListStringMatcher allowed_headers = 1; + + // If set, specifically disallow any header in this list to be forwarded to the external + // processing server. This overrides the above ``allowed_headers`` if a header matches both. + type.matcher.v3.ListStringMatcher disallowed_headers = 2; +} + +// Extra settings that may be added to per-route configuration for a +// virtual host or cluster. +message ExtProcPerRoute { + oneof override { + option (validate.required) = true; + + // Disable the filter for this particular vhost or route. + // If disabled is specified in multiple per-filter-configs, the most specific one will be used. + bool disabled = 1 [(validate.rules).bool = {const: true}]; + + // Override aspects of the configuration for this route. A set of + // overrides in a more specific configuration will override a "disabled" + // flag set in a less-specific one. + ExtProcOverrides overrides = 2; + } +} + +// Overrides that may be set on a per-route basis +// [#next-free-field: 8] +message ExtProcOverrides { + // Set a different processing mode for this route than the default. + ProcessingMode processing_mode = 1; + + // [#not-implemented-hide:] + // Set a different asynchronous processing option than the default. + bool async_mode = 2; + + // [#not-implemented-hide:] + // Set different optional attributes than the default setting of the + // ``request_attributes`` field. + repeated string request_attributes = 3; + + // [#not-implemented-hide:] + // Set different optional properties than the default setting of the + // ``response_attributes`` field. + repeated string response_attributes = 4; + + // Set a different gRPC service for this route than the default. + config.core.v3.GrpcService grpc_service = 5; + + // Options related to the sending and receiving of dynamic metadata. + // Lists of forwarding and receiving namespaces will be overridden in their entirety, + // meaning the most-specific config that specifies this override will be the final + // config used. It is the prerogative of the control plane to ensure this + // most-specific config contains the correct final overrides. + MetadataOptions metadata_options = 6; + + // Additional metadata to include into streams initiated to the ext_proc gRPC + // service. This can be used for scenarios in which additional ad hoc + // authorization headers (e.g. ``x-foo-bar: baz-key``) are to be injected or + // when a route needs to partially override inherited metadata. + repeated config.core.v3.HeaderValue grpc_initial_metadata = 7; +} diff --git a/modules/sync/envoyproxy/envoy/cas/368384c1f18c40e250a3c223bad867c16c2171e4f3e81dc0e64f95ab0ac8ffa138e3615f975ff473c19ac9cc1de304ce6de23935424d7246b15449a70c8a1f55 b/modules/sync/envoyproxy/envoy/cas/368384c1f18c40e250a3c223bad867c16c2171e4f3e81dc0e64f95ab0ac8ffa138e3615f975ff473c19ac9cc1de304ce6de23935424d7246b15449a70c8a1f55 new file mode 100644 index 00000000..8c38a515 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/368384c1f18c40e250a3c223bad867c16c2171e4f3e81dc0e64f95ab0ac8ffa138e3615f975ff473c19ac9cc1de304ce6de23935424d7246b15449a70c8a1f55 @@ -0,0 +1,33 @@ +syntax = "proto3"; + +package envoy.type.matcher.v3; + +import "envoy/type/matcher/v3/address.proto"; +import "envoy/type/matcher/v3/string.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.type.matcher.v3"; +option java_outer_classname = "FilterStateProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3;matcherv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Filter state matcher] + +// FilterStateMatcher provides a general interface for matching the filter state objects. +message FilterStateMatcher { + // The filter state key to retrieve the object. + string key = 1 [(validate.rules).string = {min_len: 1}]; + + oneof matcher { + option (validate.required) = true; + + // Matches the filter state object as a string value. + StringMatcher string_match = 2; + + // Matches the filter state object as a ip Instance. + AddressMatcher address_match = 3; + } +} diff --git a/modules/sync/envoyproxy/envoy/cas/3a1640f66dbc67a20600d062e3b0bdeb164df21765beb797dde519f0fa918cbfdb91a93956172fdd866a964a4cc02b5bbaf899fec9d102e681b241c95fe14c41 b/modules/sync/envoyproxy/envoy/cas/3a1640f66dbc67a20600d062e3b0bdeb164df21765beb797dde519f0fa918cbfdb91a93956172fdd866a964a4cc02b5bbaf899fec9d102e681b241c95fe14c41 new file mode 100644 index 00000000..a75b803c --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/3a1640f66dbc67a20600d062e3b0bdeb164df21765beb797dde519f0fa918cbfdb91a93956172fdd866a964a4cc02b5bbaf899fec9d102e681b241c95fe14c41 @@ -0,0 +1,103 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.api_key_auth.v3; + +import "xds/annotations/v3/status.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.api_key_auth.v3"; +option java_outer_classname = "ApiKeyAuthProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/api_key_auth/v3;api_key_authv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (xds.annotations.v3.file_status).work_in_progress = true; + +// [#protodoc-title: APIKey Auth] +// APIKey Auth :ref:`configuration overview `. +// [#extension: envoy.filters.http.api_key_auth] + +// API Key HTTP authentication. +// +// For example, the following configuration configures the filter to authenticate the clients using +// the API key from the header ``X-API-KEY``. And only the clients with the key ``real-key`` are +// considered as authenticated. +// +// .. code-block:: yaml +// +// credentials: +// - key: real-key +// client: user +// key_sources: +// - header: "X-API-KEY" +// +message ApiKeyAuth { + // The credentials that are used to authenticate the clients. + repeated Credential credentials = 1 [(udpa.annotations.sensitive) = true]; + + // The key sources to fetch the key from the coming request. + repeated KeySource key_sources = 2; +} + +// API key auth configuration of per route or per virtual host or per route configuration. +message ApiKeyAuthPerRoute { + // The credentials that are used to authenticate the clients. If this field is non-empty, then the + // credentials in the filter level configuration will be ignored and the credentials in this + // configuration will be used. + repeated Credential credentials = 1 [(udpa.annotations.sensitive) = true]; + + // The key sources to fetch the key from the coming request. If this field is non-empty, then the + // key sources in the filter level configuration will be ignored and the key sources in this + // configuration will be used. + repeated KeySource key_sources = 2; + + // A list of clients that are allowed to access the route or vhost. The clients listed here + // should be subset of the clients listed in the ``credentials`` to provide authorization control + // after the authentication is successful. If the list is empty, then all authenticated clients + // are allowed. This provides very limited but simple authorization. If more complex authorization + // is required, then use the :ref:`HTTP RBAC filter ` instead. + // + // .. note:: + // Setting this field and ``credentials`` at the same configuration entry is not an error but + // also makes no much sense because they provide similar functionality. Please only use + // one of them at same configuration entry except for the case that you want to share the same + // credentials list across multiple routes but still use different allowed clients for each + // route. + // + repeated string allowed_clients = 3; +} + +// Single credential entry that contains the API key and the related client id. +message Credential { + // The value of the unique API key. + string key = 1 [(validate.rules).string = {min_len: 1}]; + + // The unique id or identity that used to identify the client or consumer. + string client = 2 [(validate.rules).string = {min_len: 1}]; +} + +message KeySource { + // The header name to fetch the key. If multiple header values are present, the first one will be + // used. If the header value starts with 'Bearer ', this prefix will be stripped to get the + // key value. + // + // If set, takes precedence over ``query`` and ``cookie``. + string header = 1 + [(validate.rules).string = + {max_len: 1024 well_known_regex: HTTP_HEADER_NAME strict: false ignore_empty: true}]; + + // The query parameter name to fetch the key. If multiple query values are present, the first one + // will be used. + // + // The field will be used if ``header`` is not set. If set, takes precedence over ``cookie``. + string query = 2 [(validate.rules).string = {max_len: 1024}]; + + // The cookie name to fetch the key. + // + // The field will be used if the ``header`` and ``query`` are not set. + string cookie = 3 + [(validate.rules).string = + {max_len: 1024 well_known_regex: HTTP_HEADER_NAME strict: false ignore_empty: true}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/3c8077c937c86ff48ab61d081a0dd12a4f34778e79d77bc2bdeeecafcfc6e4bbd032fc63aecfb89e7a7828872ded2dc4efa515b62995683d4dc6d19c2da07e69 b/modules/sync/envoyproxy/envoy/cas/3c8077c937c86ff48ab61d081a0dd12a4f34778e79d77bc2bdeeecafcfc6e4bbd032fc63aecfb89e7a7828872ded2dc4efa515b62995683d4dc6d19c2da07e69 new file mode 100644 index 00000000..722e9b32 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/3c8077c937c86ff48ab61d081a0dd12a4f34778e79d77bc2bdeeecafcfc6e4bbd032fc63aecfb89e7a7828872ded2dc4efa515b62995683d4dc6d19c2da07e69 @@ -0,0 +1,79 @@ +syntax = "proto3"; + +package envoy.extensions.common.aws.v3; + +import "envoy/config/core/v3/base.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.common.aws.v3"; +option java_outer_classname = "CredentialProviderProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/common/aws/v3;awsv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: AWS common configuration] + +// Configuration for AWS credential provider. This is optional and the credentials are normally +// retrieved from the environment or AWS configuration files by following the default credential +// provider chain. However, this configuration can be used to override the default behavior. +message AwsCredentialProvider { + // The option to use `AssumeRoleWithWebIdentity `_. + AssumeRoleWithWebIdentityCredentialProvider assume_role_with_web_identity_provider = 1; + + // The option to use an inline credential. If inline credential is provided, no chain will be created and only the inline credential will be used. + InlineCredentialProvider inline_credential = 2; + + // The option to specify parameters for credential retrieval from an envoy data source, such as a file in AWS credential format. + CredentialsFileCredentialProvider credentials_file_provider = 3; + + // Create a custom credential provider chain instead of the default credential provider chain. + // If set to TRUE, the credential provider chain that is created contains only those set in this credential provider message. + // If set to FALSE, the settings provided here will act as modifiers to the default credential provider chain. + // Defaults to FALSE. + // + // This has no effect if inline_credential is provided. + bool custom_credential_provider_chain = 4; +} + +// Configuration to use an inline AWS credential. This is an equivalent to setting the well-known +// environment variables ``AWS_ACCESS_KEY_ID``, ``AWS_SECRET_ACCESS_KEY``, and the optional ``AWS_SESSION_TOKEN``. +message InlineCredentialProvider { + // The AWS access key ID. + string access_key_id = 1 [(validate.rules).string = {min_len: 1}]; + + // The AWS secret access key. + string secret_access_key = 2 + [(validate.rules).string = {min_len: 1}, (udpa.annotations.sensitive) = true]; + + // The AWS session token. This is optional. + string session_token = 3 [(udpa.annotations.sensitive) = true]; +} + +// Configuration to use `AssumeRoleWithWebIdentity `_ +// to retrieve AWS credentials. +message AssumeRoleWithWebIdentityCredentialProvider { + // Data source for a web identity token that is provided by the identity provider to assume the role. + // When using this data source, even if a ``watched_directory`` is provided, the token file will only be re-read when the credentials + // returned from AssumeRoleWithWebIdentity expire. + config.core.v3.DataSource web_identity_token_data_source = 1 + [(udpa.annotations.sensitive) = true]; + + // The ARN of the role to assume. + string role_arn = 2 [(validate.rules).string = {min_len: 1}]; + + // Optional role session name to use in AssumeRoleWithWebIdentity API call. + string role_session_name = 3; +} + +message CredentialsFileCredentialProvider { + // Data source from which to retrieve AWS credentials + // When using this data source, if a ``watched_directory`` is provided, the credential file will be re-read when a file move is detected. + // See :ref:`watched_directory ` for more information about the ``watched_directory`` field. + config.core.v3.DataSource credentials_data_source = 1 [(udpa.annotations.sensitive) = true]; + + // The profile within the credentials_file data source. If not provided, the default profile will be used. + string profile = 2; +} diff --git a/modules/sync/envoyproxy/envoy/cas/3e1e879b6ddede1c4891287c1d075cc4f34f19e1ea15deee2125a63c00d86985d2857b186c8885dd09b51f0d76d081a5a12b88d096cba8766cb478144a9ba400 b/modules/sync/envoyproxy/envoy/cas/3e1e879b6ddede1c4891287c1d075cc4f34f19e1ea15deee2125a63c00d86985d2857b186c8885dd09b51f0d76d081a5a12b88d096cba8766cb478144a9ba400 new file mode 100644 index 00000000..1a40965c --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/3e1e879b6ddede1c4891287c1d075cc4f34f19e1ea15deee2125a63c00d86985d2857b186c8885dd09b51f0d76d081a5a12b88d096cba8766cb478144a9ba400 @@ -0,0 +1,195 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ratelimit.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/config/ratelimit/v3/rls.proto"; +import "envoy/config/route/v3/route_components.proto"; +import "envoy/type/v3/http_status.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ratelimit.v3"; +option java_outer_classname = "RateLimitProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3;ratelimitv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Rate limit] +// Rate limit :ref:`configuration overview `. +// [#extension: envoy.filters.http.ratelimit] + +// [#next-free-field: 14] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.rate_limit.v2.RateLimit"; + + // Defines the version of the standard to use for X-RateLimit headers. + // + // [#next-major-version: unify with local ratelimit, should use common.ratelimit.v3.XRateLimitHeadersRFCVersion instead.] + enum XRateLimitHeadersRFCVersion { + // X-RateLimit headers disabled. + OFF = 0; + + // Use `draft RFC Version 03 `_. + DRAFT_VERSION_03 = 1; + } + + // The rate limit domain to use when calling the rate limit service. + string domain = 1 [(validate.rules).string = {min_len: 1}]; + + // Specifies the rate limit configurations to be applied with the same + // stage number. If not set, the default stage number is 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}]; + + // The type of requests the filter should apply to. The supported + // types are ``internal``, ``external`` or ``both``. A request is considered internal if + // :ref:`x-envoy-internal` is set to true. If + // :ref:`x-envoy-internal` is not set or false, a + // request is considered external. The filter defaults to ``both``, and it will apply to all request + // types. + string request_type = 3 + [(validate.rules).string = {in: "internal" in: "external" in: "both" in: ""}]; + + // The timeout in milliseconds for the rate limit service RPC. If not + // set, this defaults to 20ms. + google.protobuf.Duration timeout = 4; + + // The filter's behaviour in case the rate limiting service does + // not respond back. When it is set to true, Envoy will not allow traffic in case of + // communication failure between rate limiting service and the proxy. + bool failure_mode_deny = 5; + + // Specifies whether a ``RESOURCE_EXHAUSTED`` gRPC code must be returned instead + // of the default ``UNAVAILABLE`` gRPC code for a rate limited gRPC call. The + // HTTP code will be 200 for a gRPC response. + bool rate_limited_as_resource_exhausted = 6; + + // Configuration for an external rate limit service provider. If not + // specified, any calls to the rate limit service will immediately return + // success. + config.ratelimit.v3.RateLimitServiceConfig rate_limit_service = 7 + [(validate.rules).message = {required: true}]; + + // Defines the standard version to use for X-RateLimit headers emitted by the filter: + // + // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the + // client in the current time-window followed by the description of the + // quota policy. The values are returned by the rate limiting service in + // :ref:`current_limit` + // field. Example: ``10, 10;w=1;name="per-ip", 1000;w=3600``. + // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the + // current time-window. The values are returned by the rate limiting service + // in :ref:`limit_remaining` + // field. + // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of + // the current time-window. The values are returned by the rate limiting service + // in :ref:`duration_until_reset` + // field. + // + // In case rate limiting policy specifies more then one time window, the values + // above represent the window that is closest to reaching its limit. + // + // For more information about the headers specification see selected version of + // the `draft RFC `_. + // + // Disabled by default. + // + // [#next-major-version: unify with local ratelimit, should use common.ratelimit.v3.XRateLimitHeadersRFCVersion instead.] + XRateLimitHeadersRFCVersion enable_x_ratelimit_headers = 8 + [(validate.rules).enum = {defined_only: true}]; + + // Disables emitting the :ref:`x-envoy-ratelimited` header + // in case of rate limiting (i.e. 429 responses). + // Having this header not present potentially makes the request retriable. + bool disable_x_envoy_ratelimited_header = 9; + + // This field allows for a custom HTTP response status code to the downstream client when + // the request has been rate limited. + // Defaults to 429 (TooManyRequests). + // + // .. note:: + // If this is set to < 400, 429 will be used instead. + type.v3.HttpStatus rate_limited_status = 10; + + // Specifies a list of HTTP headers that should be added to each response for requests that + // have been rate limited. + repeated config.core.v3.HeaderValueOption response_headers_to_add = 11 + [(validate.rules).repeated = {max_items: 10}]; + + // Sets the HTTP status that is returned to the client when the ratelimit server returns an error + // or cannot be reached. The default status is 500. + type.v3.HttpStatus status_on_error = 12; + + // Optional additional prefix to use when emitting statistics. This allows to distinguish + // emitted statistics between configured ``ratelimit`` filters in an HTTP filter chain. + string stat_prefix = 13; +} + +message RateLimitPerRoute { + // [#next-major-version: unify with local ratelimit, should use common.ratelimit.v3.VhRateLimitsOptions instead.] + enum VhRateLimitsOptions { + // Use the virtual host rate limits unless the route has a rate limit policy. + OVERRIDE = 0; + + // Use the virtual host rate limits even if the route has a rate limit policy. + INCLUDE = 1; + + // Ignore the virtual host rate limits even if the route does not have a rate limit policy. + IGNORE = 2; + } + + // The override option determines how the filter handles the cases where there is an override config at a more specific level than this one (from least to most specific: virtual host, route, cluster weight). + // [#not-implemented-hide:] + enum OverrideOptions { + // Client-defined default, typically OVERRIDE_POLICY. If VhRateLimitsOptions is set, that will be used instead. + DEFAULT = 0; + + // If there is an override config at a more specific level, use that instead of this one. + OVERRIDE_POLICY = 1; + + // If there is an override config at a more specific level, use data from both. + INCLUDE_POLICY = 2; + + // If there is an override config at a more specific level, ignore it and use only this one. + IGNORE_POLICY = 3; + } + + // Specifies if the rate limit filter should include the virtual host rate limits. + // [#next-major-version: unify with local ratelimit, should use common.ratelimit.v3.VhRateLimitsOptions instead.] + VhRateLimitsOptions vh_rate_limits = 1 [(validate.rules).enum = {defined_only: true}]; + + // Specifies if the rate limit filter should include the lower levels (route level, virtual host level or cluster weight level) rate limits override options. + // [#not-implemented-hide:] + OverrideOptions override_option = 2 [(validate.rules).enum = {defined_only: true}]; + + // Rate limit configuration that is used to generate a list of descriptor entries based on + // the request context. The generated entries will be used to find one or multiple matched rate + // limit rule from the ``descriptors``. + // If this is set, then + // :ref:`VirtualHost.rate_limits` or + // :ref:`RouteAction.rate_limits` fields + // will be ignored. + // + // .. note:: + // Not all configuration fields of + // :ref:`rate limit config ` is supported at here. + // Following fields are not supported: + // + // 1. :ref:`rate limit stage `. + // 2. :ref:`dynamic metadata `. + // 3. :ref:`disable_key `. + // 4. :ref:`override limit `. + repeated config.route.v3.RateLimit rate_limits = 3; + + // Overrides the domain. If not set, uses the filter-level domain instead. + string domain = 4; +} diff --git a/modules/sync/envoyproxy/envoy/cas/432449b6de25f852f1c6d8ebb4df1376dfa0042cfa816a7906cafa4739032b3f66f887a2d85fbc00c2e6fd948515acb3732d7be761bf2e9af2d1739dde866b91 b/modules/sync/envoyproxy/envoy/cas/432449b6de25f852f1c6d8ebb4df1376dfa0042cfa816a7906cafa4739032b3f66f887a2d85fbc00c2e6fd948515acb3732d7be761bf2e9af2d1739dde866b91 new file mode 100644 index 00000000..12c0e92d --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/432449b6de25f852f1c6d8ebb4df1376dfa0042cfa816a7906cafa4739032b3f66f887a2d85fbc00c2e6fd948515acb3732d7be761bf2e9af2d1739dde866b91 @@ -0,0 +1,36 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.proxy_protocol.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/proxy_protocol.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.proxy_protocol.v3"; +option java_outer_classname = "UpstreamProxyProtocolProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/proxy_protocol/v3;proxy_protocolv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Upstream Proxy Protocol] +// [#extension: envoy.transport_sockets.upstream_proxy_protocol] + +// Configuration for PROXY protocol socket +message ProxyProtocolUpstreamTransport { + // The PROXY protocol settings + config.core.v3.ProxyProtocolConfig config = 1; + + // The underlying transport socket being wrapped. + config.core.v3.TransportSocket transport_socket = 2 [(validate.rules).message = {required: true}]; + + // If this is set to true, the null addresses are allowed in the PROXY protocol header. + // The proxy protocol header encodes the null addresses to AF_UNSPEC. + // [#not-implemented-hide:] + bool allow_unspecified_address = 3; + + // If true, all the TLVs are encoded in the connection pool key. + // [#not-implemented-hide:] + bool tlv_as_pool_key = 4; +} diff --git a/modules/sync/envoyproxy/envoy/cas/4637407c3a7a724268ec49ee0bee774f940f60c54d7e13838a12ea9c6115fb34ed56fa20c31ab972a2c9d022616784038e940d2f40c43c0fbb3b85bc9f53bf36 b/modules/sync/envoyproxy/envoy/cas/4637407c3a7a724268ec49ee0bee774f940f60c54d7e13838a12ea9c6115fb34ed56fa20c31ab972a2c9d022616784038e940d2f40c43c0fbb3b85bc9f53bf36 new file mode 100644 index 00000000..23fec5ae --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/4637407c3a7a724268ec49ee0bee774f940f60c54d7e13838a12ea9c6115fb34ed56fa20c31ab972a2c9d022616784038e940d2f40c43c0fbb3b85bc9f53bf36 @@ -0,0 +1,64 @@ +syntax = "proto3"; + +package envoy.config.trace.v2; + +import "google/protobuf/any.proto"; +import "google/protobuf/struct.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v2"; +option java_outer_classname = "HttpTracerProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/trace/v2;tracev2"; +option (udpa.annotations.file_status).package_version_status = FROZEN; + +// [#protodoc-title: Tracing] +// Tracing :ref:`architecture overview `. + +// The tracing configuration specifies settings for an HTTP tracer provider used by Envoy. +// +// Envoy may support other tracers in the future, but right now the HTTP tracer is the only one +// supported. +// +// .. attention:: +// +// Use of this message type has been deprecated in favor of direct use of +// :ref:`Tracing.Http `. +message Tracing { + // Configuration for an HTTP tracer provider used by Envoy. + // + // The configuration is defined by the + // :ref:`HttpConnectionManager.Tracing ` + // :ref:`provider ` + // field. + message Http { + // The name of the HTTP trace driver to instantiate. The name must match a + // supported HTTP trace driver. Built-in trace drivers: + // + // - *envoy.tracers.lightstep* + // - *envoy.tracers.zipkin* + // - *envoy.tracers.dynamic_ot* + // - *envoy.tracers.datadog* + // - *envoy.tracers.xray* + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Trace driver specific configuration which depends on the driver being instantiated. + // See the trace drivers for examples: + // + // - :ref:`LightstepConfig ` + // - :ref:`ZipkinConfig ` + // - :ref:`DynamicOtConfig ` + // - :ref:`DatadogConfig ` + // - :ref:`AWS X-Ray ` + oneof config_type { + google.protobuf.Struct config = 2 [deprecated = true]; + + google.protobuf.Any typed_config = 3; + } + } + + // Provides configuration for the HTTP tracer. + Http http = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/51c726cd9b4aa56a62db2e6abd3546cc72958033365ca62c6c69b134d91d658ec04b82d64910f062d70c085f07bac3d93ee567493207ac3c736ec52cbcde847b b/modules/sync/envoyproxy/envoy/cas/51c726cd9b4aa56a62db2e6abd3546cc72958033365ca62c6c69b134d91d658ec04b82d64910f062d70c085f07bac3d93ee567493207ac3c736ec52cbcde847b new file mode 100644 index 00000000..2bc000e8 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/51c726cd9b4aa56a62db2e6abd3546cc72958033365ca62c6c69b134d91d658ec04b82d64910f062d70c085f07bac3d93ee567493207ac3c736ec52cbcde847b @@ -0,0 +1,71 @@ +syntax = "proto3"; + +package envoy.extensions.network.dns_resolver.cares.v3; + +import "envoy/config/core/v3/address.proto"; +import "envoy/config/core/v3/resolver.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.network.dns_resolver.cares.v3"; +option java_outer_classname = "CaresDnsResolverProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/network/dns_resolver/cares/v3;caresv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: c-ares DNS resolver] +// [#extension: envoy.network.dns_resolver.cares] + +// Configuration for c-ares DNS resolver. +// [#next-free-field: 9] +message CaresDnsResolverConfig { + // A list of dns resolver addresses. + // :ref:`use_resolvers_as_fallback` + // below dictates if the DNS client should override system defaults or only use the provided + // resolvers if the system defaults are not available, i.e., as a fallback. + repeated config.core.v3.Address resolvers = 1; + + // If true use the resolvers listed in the + // :ref:`resolvers` + // field only if c-ares is unable to obtain a + // nameserver from the system (e.g., /etc/resolv.conf). + // Otherwise, the resolvers listed in the resolvers list will override the default system + // resolvers. Defaults to false. + bool use_resolvers_as_fallback = 3; + + // The resolver will query available network interfaces and determine if there are no available + // interfaces for a given IP family. It will then filter these addresses from the results it + // presents. e.g., if there are no available IPv4 network interfaces, the resolver will not + // provide IPv4 addresses. + bool filter_unroutable_families = 4; + + // Configuration of DNS resolver option flags which control the behavior of the DNS resolver. + config.core.v3.DnsResolverOptions dns_resolver_options = 2; + + // This option allows for number of UDP based DNS queries to be capped. Note, this + // is only applicable to c-ares DNS resolver currently. + google.protobuf.UInt32Value udp_max_queries = 5; + + // The number of seconds each name server is given to respond to a query on the first try of any given server. + // + // Note: While the c-ares library defaults to 2 seconds, Envoy's default (if this field is unset) is 5 seconds. + // This adjustment was made to maintain the previous behavior after users reported an increase in DNS resolution times. + google.protobuf.UInt64Value query_timeout_seconds = 6 [(validate.rules).uint64 = {gte: 1}]; + + // The maximum number of query attempts the resolver will make before giving up. + // Each attempt may use a different name server. + // + // Note: While the c-ares library defaults to 3 attempts, Envoy's default (if this field is unset) is 4 attempts. + // This adjustment was made to maintain the previous behavior after users reported an increase in DNS resolution times. + google.protobuf.UInt32Value query_tries = 7 [(validate.rules).uint32 = {gte: 1}]; + + // Enable round-robin selection of name servers for DNS resolution. When enabled, the resolver will cycle through the + // list of name servers for each resolution request. This can help distribute the query load across multiple name + // servers. If disabled (default), the resolver will try name servers in the order they are configured. + // + // Note: This setting overrides any system configuration for name server rotation. + bool rotate_nameservers = 8; +} diff --git a/modules/sync/envoyproxy/envoy/cas/5f8a02cf67b5c30f47a9459137ed47a77744906a5bb75baafbce675671109b7038b8464dc2b5e186728bd6360fa0d889df05ff944a21894a27d3cd2d7e38218b b/modules/sync/envoyproxy/envoy/cas/5f8a02cf67b5c30f47a9459137ed47a77744906a5bb75baafbce675671109b7038b8464dc2b5e186728bd6360fa0d889df05ff944a21894a27d3cd2d7e38218b new file mode 100644 index 00000000..ba8f434d --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/5f8a02cf67b5c30f47a9459137ed47a77744906a5bb75baafbce675671109b7038b8464dc2b5e186728bd6360fa0d889df05ff944a21894a27d3cd2d7e38218b @@ -0,0 +1,86 @@ +syntax = "proto3"; + +package envoy.extensions.clusters.redis.v3; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.clusters.redis.v3"; +option java_outer_classname = "RedisClusterProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/redis/v3;redisv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Redis Cluster Configuration] +// This cluster adds support for `Redis Cluster `_, as part +// of :ref:`Envoy's support for Redis Cluster `. +// +// Redis Cluster is an extension of Redis which supports sharding and high availability (where a +// shard that loses its primary fails over to a replica, and designates it as the new primary). +// However, as there is no unified frontend or proxy service in front of Redis Cluster, the client +// (in this case Envoy) must locally maintain the state of the Redis Cluster, specifically the +// topology. A random node in the cluster is queried for the topology using the `CLUSTER SLOTS +// command `_. This result is then stored locally, and +// updated at user-configured intervals. +// +// Additionally, if +// :ref:`enable_redirection` +// is true, then moved and ask redirection errors from upstream servers will trigger a topology +// refresh when they exceed a user-configured error threshold. +// +// Example: +// +// .. code-block:: yaml +// +// name: name +// connect_timeout: 0.25s +// dns_lookup_family: V4_ONLY +// hosts: +// - socket_address: +// address: foo.bar.com +// port_value: 22120 +// cluster_type: +// name: envoy.clusters.redis +// typed_config: +// "@type": type.googleapis.com/google.protobuf.Struct +// value: +// cluster_refresh_rate: 30s +// cluster_refresh_timeout: 0.5s +// redirect_refresh_interval: 10s +// redirect_refresh_threshold: 10 +// [#extension: envoy.clusters.redis] + +// [#next-free-field: 7] +message RedisClusterConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.cluster.redis.RedisClusterConfig"; + + // Interval between successive topology refresh requests. If not set, this defaults to 5s. + google.protobuf.Duration cluster_refresh_rate = 1 [(validate.rules).duration = {gt {}}]; + + // Timeout for topology refresh request. If not set, this defaults to 3s. + google.protobuf.Duration cluster_refresh_timeout = 2 [(validate.rules).duration = {gt {}}]; + + // The minimum interval that must pass after triggering a topology refresh request before a new + // request can possibly be triggered again. Any errors received during one of these + // time intervals are ignored. If not set, this defaults to 5s. + google.protobuf.Duration redirect_refresh_interval = 3; + + // The number of redirection errors that must be received before + // triggering a topology refresh request. If not set, this defaults to 5. + // If this is set to 0, topology refresh after redirect is disabled. + google.protobuf.UInt32Value redirect_refresh_threshold = 4; + + // The number of failures that must be received before triggering a topology refresh request. + // If not set, this defaults to 0, which disables the topology refresh due to failure. + uint32 failure_refresh_threshold = 5; + + // The number of hosts became degraded or unhealthy before triggering a topology refresh request. + // If not set, this defaults to 0, which disables the topology refresh due to degraded or + // unhealthy host. + uint32 host_degraded_refresh_threshold = 6; +} diff --git a/modules/sync/envoyproxy/envoy/cas/62e9cbba4ef90857312393ba23c0c2e68c7ddf909fb944dbb82991c11ea9e2156e58cc0597c12e2057b122c1b5eef2de801256ff1185a6fd4e7b7f9f53ac43cd b/modules/sync/envoyproxy/envoy/cas/62e9cbba4ef90857312393ba23c0c2e68c7ddf909fb944dbb82991c11ea9e2156e58cc0597c12e2057b122c1b5eef2de801256ff1185a6fd4e7b7f9f53ac43cd new file mode 100644 index 00000000..5137602d --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/62e9cbba4ef90857312393ba23c0c2e68c7ddf909fb944dbb82991c11ea9e2156e58cc0597c12e2057b122c1b5eef2de801256ff1185a6fd4e7b7f9f53ac43cd @@ -0,0 +1,46 @@ +syntax = "proto3"; + +package envoy.config.grpc_credential.v3; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3"; +option java_outer_classname = "AwsIamProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/grpc_credential/v3;grpc_credentialv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Grpc Credentials AWS IAM] +// Configuration for AWS IAM Grpc Credentials Plugin +// .. warning:: +// +// This extension is deprecated and will be deleted in a future Envoy release, no +// later than Envoy 1.35, but possibly sooner. +// +// [#extension: envoy.grpc_credentials.aws_iam] + +message AwsIamConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.grpc_credential.v2alpha.AwsIamConfig"; + + // The `service namespace + // `_ + // of the Grpc endpoint. + // + // Example: appmesh + string service_name = 1 [ + deprecated = true, + (validate.rules).string = {min_len: 1}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // The `region `_ hosting the Grpc + // endpoint. If unspecified, the extension will use the value in the ``AWS_REGION`` environment + // variable. + // + // Example: us-west-2 + string region = 2 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/6f596e69c9a1af917e12680f6e43c941f9e4a254ee86d30da4127b4aa01d9bb1f08d270c0ff8ddb63099c972d37cfac32cbf729633e4454d6a5c2dd28c2c7d81 b/modules/sync/envoyproxy/envoy/cas/6f596e69c9a1af917e12680f6e43c941f9e4a254ee86d30da4127b4aa01d9bb1f08d270c0ff8ddb63099c972d37cfac32cbf729633e4454d6a5c2dd28c2c7d81 new file mode 100644 index 00000000..6ad19ee0 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/6f596e69c9a1af917e12680f6e43c941f9e4a254ee86d30da4127b4aa01d9bb1f08d270c0ff8ddb63099c972d37cfac32cbf729633e4454d6a5c2dd28c2c7d81 @@ -0,0 +1,198 @@ +syntax = "proto3"; + +package envoy.extensions.wasm.v3; + +import "envoy/config/core/v3/backoff.proto"; +import "envoy/config/core/v3/base.proto"; + +import "google/protobuf/any.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.wasm.v3"; +option java_outer_classname = "WasmProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3;wasmv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Wasm] +// [#extension: envoy.bootstrap.wasm] + +// If there is a fatal error on the VM (e.g. exception, abort()), then the policy will be applied. +enum FailurePolicy { + // No policy is specified. The default policy will be used. The default policy is ``FAIL_CLOSED``. + UNSPECIFIED = 0; + + // New plugin instance will be created for the new request if the VM is failed. Note this only + // be applied to the following failures: + // + // * ``proxy_wasm::FailState::RuntimeError`` + // + // This will fallback to the ``FAIL_CLOSED`` for all other failures. + FAIL_RELOAD = 1; + + // All plugins associated with the VM will return an HTTP 503 error. + FAIL_CLOSED = 2; + + // All plugins associated with the VM will be ignored and the filter chain will continue. This + // makes sense when the plugin is optional. + FAIL_OPEN = 3; +} + +message ReloadConfig { + // Backoff strategy for the VM failure reload. If not specified, the default 1s base interval + // will be applied. + config.core.v3.BackoffStrategy backoff = 1; +} + +// Configuration for restricting Proxy-Wasm capabilities available to modules. +message CapabilityRestrictionConfig { + // The Proxy-Wasm capabilities which will be allowed. Capabilities are mapped by + // name. The ``SanitizationConfig`` which each capability maps to is currently unimplemented and ignored, + // and so should be left empty. + // + // The capability names are given in the + // `Proxy-Wasm ABI `_. + // Additionally, the following WASI capabilities from + // `this list `_ + // are implemented and can be allowed: + // ``fd_write``, ``fd_read``, ``fd_seek``, ``fd_close``, ``fd_fdstat_get``, ``environ_get``, ``environ_sizes_get``, + // ``args_get``, ``args_sizes_get``, ``proc_exit``, ``clock_time_get``, ``random_get``. + map allowed_capabilities = 1; +} + +// Configuration for sanitization of inputs to an allowed capability. +// +// NOTE: This is currently unimplemented. +message SanitizationConfig { +} + +// Configuration for a Wasm VM. +// [#next-free-field: 8] +message VmConfig { + // An ID which will be used along with a hash of the wasm code (or the name of the registered Null + // VM plugin) to determine which VM will be used for the plugin. All plugins which use the same + // ``vm_id`` and code will use the same VM. May be left blank. Sharing a VM between plugins can + // reduce memory utilization and make sharing of data easier which may have security implications. + // [#comment: TODO: add ref for details.] + string vm_id = 1; + + // The Wasm runtime type, defaults to the first available Wasm engine used at Envoy build-time. + // The priority to search for the available engine is: v8 -> wasmtime -> wamr. + // Available Wasm runtime types are registered as extensions. The following runtimes are included + // in Envoy code base: + // + // .. _extension_envoy.wasm.runtime.null: + // + // **envoy.wasm.runtime.null**: Null sandbox, the Wasm module must be compiled and linked into the + // Envoy binary. The registered name is given in the ``code`` field as ``inline_string``. + // + // .. _extension_envoy.wasm.runtime.v8: + // + // **envoy.wasm.runtime.v8**: `V8 `_-based WebAssembly runtime. + // + // .. _extension_envoy.wasm.runtime.wamr: + // + // **envoy.wasm.runtime.wamr**: `WAMR `_-based WebAssembly runtime. + // This runtime is not enabled in the official build. + // + // .. _extension_envoy.wasm.runtime.wasmtime: + // + // **envoy.wasm.runtime.wasmtime**: `Wasmtime `_-based WebAssembly runtime. + // This runtime is not enabled in the official build. + // + // [#extension-category: envoy.wasm.runtime] + string runtime = 2; + + // The Wasm code that Envoy will execute. + config.core.v3.AsyncDataSource code = 3; + + // The Wasm configuration used in initialization of a new VM + // (proxy_on_start). ``google.protobuf.Struct`` is serialized as JSON before + // passing it to the plugin. ``google.protobuf.BytesValue`` and + // ``google.protobuf.StringValue`` are passed directly without the wrapper. + google.protobuf.Any configuration = 4; + + // Allow the wasm file to include pre-compiled code on VMs which support it. + // Warning: this should only be enable for trusted sources as the precompiled code is not + // verified. + bool allow_precompiled = 5; + + // If true and the code needs to be remotely fetched and it is not in the cache then NACK the configuration + // update and do a background fetch to fill the cache, otherwise fetch the code asynchronously and enter + // warming state. + bool nack_on_code_cache_miss = 6; + + // Specifies environment variables to be injected to this VM which will be available through + // WASI's ``environ_get`` and ``environ_get_sizes`` system calls. Note that these functions + // are generally called implicitly by your language's standard library. Therefore, you do not + // need to call them directly. You can access environment variables in the same way you would + // on native platforms. + // Warning: Envoy rejects the configuration if there's conflict of key space. + EnvironmentVariables environment_variables = 7; +} + +message EnvironmentVariables { + // The keys of *Envoy's* environment variables exposed to this VM. In other words, if a key exists in Envoy's environment + // variables, then that key-value pair will be injected. Note that if a key does not exist, it will be ignored. + repeated string host_env_keys = 1; + + // Explicitly given key-value pairs to be injected to this VM in the form of "KEY=VALUE". + map key_values = 2; +} + +// Base Configuration for Wasm Plugins e.g. filters and services. +// [#next-free-field: 9] +message PluginConfig { + // A unique name for a filters/services in a VM for use in identifying the filter/service if + // multiple filters/services are handled by the same ``vm_id`` and ``root_id`` and for + // logging/debugging. + string name = 1; + + // A unique ID for a set of filters/services in a VM which will share a RootContext and Contexts + // if applicable (e.g. an Wasm HttpFilter and an Wasm AccessLog). If left blank, all + // filters/services with a blank root_id with the same ``vm_id`` will share Context(s). + string root_id = 2; + + // Configuration for finding or starting VM. + oneof vm { + VmConfig vm_config = 3; + // TODO: add referential VM configurations. + } + + // Filter/service configuration used to configure or reconfigure a plugin + // (``proxy_on_configure``). + // ``google.protobuf.Struct`` is serialized as JSON before + // passing it to the plugin. ``google.protobuf.BytesValue`` and + // ``google.protobuf.StringValue`` are passed directly without the wrapper. + google.protobuf.Any configuration = 4; + + // If there is a fatal error on the VM (e.g. exception, abort(), on_start or on_configure return false), + // then all plugins associated with the VM will either fail closed (by default), e.g. by returning an HTTP 503 error, + // or fail open (if 'fail_open' is set to true) by bypassing the filter. Note: when on_start or on_configure return false + // during xDS updates the xDS configuration will be rejected and when on_start or on_configuration return false on initial + // startup the proxy will not start. + // This field is deprecated in favor of the ``failure_policy`` field. + bool fail_open = 5 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // The failure policy for the plugin. + FailurePolicy failure_policy = 7; + + // Reload configuration. This is only applied when ``failure_policy`` is set to ``FAIL_RELOAD``. + ReloadConfig reload_config = 8; + + // Configuration for restricting Proxy-Wasm capabilities available to modules. + CapabilityRestrictionConfig capability_restriction_config = 6; +} + +// WasmService is configured as a built-in ``envoy.wasm_service`` :ref:`WasmService +// ` This opaque configuration will be used to create a Wasm Service. +message WasmService { + // General plugin configuration. + PluginConfig config = 1; + + // If true, create a single VM rather than creating one VM per worker. Such a singleton can + // not be used with filters. + bool singleton = 2; +} diff --git a/modules/sync/envoyproxy/envoy/cas/795dd3264f9e074b9862a701299bd1a7a02feb95a27bbe36cf2dbb7b868690a14b411b38762ef399487148b25107dddda66115c1ff1faa7691e85d97e79db831 b/modules/sync/envoyproxy/envoy/cas/795dd3264f9e074b9862a701299bd1a7a02feb95a27bbe36cf2dbb7b868690a14b411b38762ef399487148b25107dddda66115c1ff1faa7691e85d97e79db831 new file mode 100644 index 00000000..7160cfb6 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/795dd3264f9e074b9862a701299bd1a7a02feb95a27bbe36cf2dbb7b868690a14b411b38762ef399487148b25107dddda66115c1ff1faa7691e85d97e79db831 @@ -0,0 +1,689 @@ +syntax = "proto3"; + +package envoy.config.core.v3; + +import "envoy/config/core/v3/extension.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "xds/annotations/v3/status.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v3"; +option java_outer_classname = "ProtocolProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Protocol options] + +// [#not-implemented-hide:] +message TcpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.TcpProtocolOptions"; +} + +// Config for keepalive probes in a QUIC connection. +// Note that QUIC keep-alive probing packets work differently from HTTP/2 keep-alive PINGs in a sense that the probing packet +// itself doesn't timeout waiting for a probing response. Quic has a shorter idle timeout than TCP, so it doesn't rely on such probing to discover dead connections. If the peer fails to respond, the connection will idle timeout eventually. Thus, they are configured differently from :ref:`connection_keepalive `. +message QuicKeepAliveSettings { + // The max interval for a connection to send keep-alive probing packets (with PING or PATH_RESPONSE). The value should be smaller than :ref:`connection idle_timeout ` to prevent idle timeout while not less than 1s to avoid throttling the connection or flooding the peer with probes. + // + // If :ref:`initial_interval ` is absent or zero, a client connection will use this value to start probing. + // + // If zero, disable keepalive probing. + // If absent, use the QUICHE default interval to probe. + google.protobuf.Duration max_interval = 1; + + // The interval to send the first few keep-alive probing packets to prevent connection from hitting the idle timeout. Subsequent probes will be sent, each one with an interval exponentially longer than previous one, till it reaches :ref:`max_interval `. And the probes afterwards will always use :ref:`max_interval `. + // + // The value should be smaller than :ref:`connection idle_timeout ` to prevent idle timeout and smaller than max_interval to take effect. + // + // If absent, disable keepalive probing for a server connection. For a client connection, if :ref:`max_interval ` is zero, do not keepalive, otherwise use max_interval or QUICHE default to probe all the time. + google.protobuf.Duration initial_interval = 2 [(validate.rules).duration = { + lte {} + gte {nanos: 1000000} + }]; +} + +// QUIC protocol options which apply to both downstream and upstream connections. +// [#next-free-field: 10] +message QuicProtocolOptions { + // Maximum number of streams that the client can negotiate per connection. 100 + // if not specified. + google.protobuf.UInt32Value max_concurrent_streams = 1 [(validate.rules).uint32 = {gte: 1}]; + + // `Initial stream-level flow-control receive window + // `_ size. Valid values range from + // 1 to 16777216 (2^24, maximum supported by QUICHE) and defaults to 16777216 (16 * 1024 * 1024). + // + // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use 16384 instead. + // QUICHE IETF Quic implementation supports 1 bytes window. We only support increasing the default window size now, so it's also the minimum. + // + // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the + // QUIC stream send and receive buffers. Once the buffer reaches this pointer, watermark callbacks will fire to + // stop the flow of data to the stream buffers. + google.protobuf.UInt32Value initial_stream_window_size = 2 + [(validate.rules).uint32 = {lte: 16777216 gte: 1}]; + + // Similar to ``initial_stream_window_size``, but for connection-level + // flow-control. Valid values rage from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults + // to 25165824 (24 * 1024 * 1024). + // + // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default + // window size now, so it's also the minimum. + google.protobuf.UInt32Value initial_connection_window_size = 3 + [(validate.rules).uint32 = {lte: 25165824 gte: 1}]; + + // The number of timeouts that can occur before port migration is triggered for QUIC clients. + // This defaults to 4. If set to 0, port migration will not occur on path degrading. + // Timeout here refers to QUIC internal path degrading timeout mechanism, such as PTO. + // This has no effect on server sessions. + google.protobuf.UInt32Value num_timeouts_to_trigger_port_migration = 4 + [(validate.rules).uint32 = {lte: 5 gte: 0}]; + + // Probes the peer at the configured interval to solicit traffic, i.e. ACK or PATH_RESPONSE, from the peer to push back connection idle timeout. + // If absent, use the default keepalive behavior of which a client connection sends PINGs every 15s, and a server connection doesn't do anything. + QuicKeepAliveSettings connection_keepalive = 5; + + // A comma-separated list of strings representing QUIC connection options defined in + // `QUICHE `_ and to be sent by upstream connections. + string connection_options = 6; + + // A comma-separated list of strings representing QUIC client connection options defined in + // `QUICHE `_ and to be sent by upstream connections. + string client_connection_options = 7; + + // The duration that a QUIC connection stays idle before it closes itself. If this field is not present, QUICHE + // default 600s will be applied. + // For internal corporate network, a long timeout is often fine. + // But for client facing network, 30s is usually a good choice. + google.protobuf.Duration idle_network_timeout = 8 [(validate.rules).duration = { + lte {seconds: 600} + gte {seconds: 1} + }]; + + // Maximum packet length for QUIC connections. It refers to the largest size of a QUIC packet that can be transmitted over the connection. + // If not specified, one of the `default values in QUICHE `_ is used. + google.protobuf.UInt64Value max_packet_length = 9; +} + +message UpstreamHttpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.UpstreamHttpProtocolOptions"; + + // Set transport socket `SNI `_ for new + // upstream connections based on the downstream HTTP host/authority header or any other arbitrary + // header when :ref:`override_auto_sni_header ` + // is set, as seen by the :ref:`router filter `. + // Does nothing if a filter before the http router filter sets the corresponding metadata. + // + // See :ref:`SNI configuration ` for details on how this + // interacts with other validation options. + bool auto_sni = 1; + + // Automatic validate upstream presented certificate for new upstream connections based on the + // downstream HTTP host/authority header or any other arbitrary header when :ref:`override_auto_sni_header ` + // is set, as seen by the :ref:`router filter `. + // This field is intended to be set with ``auto_sni`` field. + // Does nothing if a filter before the http router filter sets the corresponding metadata. + // + // See :ref:`validation configuration ` for how this interacts with + // other validation options. + bool auto_san_validation = 2; + + // An optional alternative to the host/authority header to be used for setting the SNI value. + // It should be a valid downstream HTTP header, as seen by the + // :ref:`router filter `. + // If unset, host/authority header will be used for populating the SNI. If the specified header + // is not found or the value is empty, host/authority header will be used instead. + // This field is intended to be set with ``auto_sni`` and/or ``auto_san_validation`` fields. + // If none of these fields are set then setting this would be a no-op. + // Does nothing if a filter before the http router filter sets the corresponding metadata. + string override_auto_sni_header = 3 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; +} + +// Configures the alternate protocols cache which tracks alternate protocols that can be used to +// make an HTTP connection to an origin server. See https://tools.ietf.org/html/rfc7838 for +// HTTP Alternative Services and https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-04 +// for the "HTTPS" DNS resource record. +// [#next-free-field: 6] +message AlternateProtocolsCacheOptions { + // Allows pre-populating the cache with HTTP/3 alternate protocols entries with a 7 day lifetime. + // This will cause Envoy to attempt HTTP/3 to those upstreams, even if the upstreams have not + // advertised HTTP/3 support. These entries will be overwritten by alt-svc + // response headers or cached values. + // As with regular cached entries, if the origin response would result in clearing an existing + // alternate protocol cache entry, pre-populated entries will also be cleared. + // Adding a cache entry with hostname=foo.com port=123 is the equivalent of getting + // response headers + // alt-svc: h3=:"123"; ma=86400" in a response to a request to foo.com:123 + message AlternateProtocolsCacheEntry { + // The host name for the alternate protocol entry. + string hostname = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + + // The port for the alternate protocol entry. + uint32 port = 2 [(validate.rules).uint32 = {lt: 65535 gt: 0}]; + } + + // The name of the cache. Multiple named caches allow independent alternate protocols cache + // configurations to operate within a single Envoy process using different configurations. All + // alternate protocols cache options with the same name *must* be equal in all fields when + // referenced from different configuration components. Configuration will fail to load if this is + // not the case. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // The maximum number of entries that the cache will hold. If not specified defaults to 1024. + // + // .. note: + // + // The implementation is approximate and enforced independently on each worker thread, thus + // it is possible for the maximum entries in the cache to go slightly above the configured + // value depending on timing. This is similar to how other circuit breakers work. + google.protobuf.UInt32Value max_entries = 2 [(validate.rules).uint32 = {gt: 0}]; + + // Allows configuring a persistent + // :ref:`key value store ` to flush + // alternate protocols entries to disk. + // This function is currently only supported if concurrency is 1 + // Cached entries will take precedence over pre-populated entries below. + TypedExtensionConfig key_value_store_config = 3; + + // Allows pre-populating the cache with entries, as described above. + repeated AlternateProtocolsCacheEntry prepopulated_entries = 4; + + // Optional list of hostnames suffixes for which Alt-Svc entries can be shared. For example, if + // this list contained the value ``.c.example.com``, then an Alt-Svc entry for ``foo.c.example.com`` + // could be shared with ``bar.c.example.com`` but would not be shared with ``baz.example.com``. On + // the other hand, if the list contained the value ``.example.com`` then all three hosts could share + // Alt-Svc entries. Each entry must start with ``.``. If a hostname matches multiple suffixes, the + // first listed suffix will be used. + // + // Since lookup in this list is O(n), it is recommended that the number of suffixes be limited. + // [#not-implemented-hide:] + repeated string canonical_suffixes = 5; +} + +// [#next-free-field: 8] +message HttpProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.HttpProtocolOptions"; + + // Action to take when Envoy receives client request with header names containing underscore + // characters. + // Underscore character is allowed in header names by the RFC-7230 and this behavior is implemented + // as a security measure due to systems that treat '_' and '-' as interchangeable. Envoy by default allows client request headers with underscore + // characters. + enum HeadersWithUnderscoresAction { + // Allow headers with underscores. This is the default behavior. + ALLOW = 0; + + // Reject client request. HTTP/1 requests are rejected with the 400 status. HTTP/2 requests + // end with the stream reset. The "httpN.requests_rejected_with_underscores_in_headers" counter + // is incremented for each rejected request. + REJECT_REQUEST = 1; + + // Drop the client header with name containing underscores. The header is dropped before the filter chain is + // invoked and as such filters will not see dropped headers. The + // "httpN.dropped_headers_with_underscores" is incremented for each dropped header. + DROP_HEADER = 2; + } + + // The idle timeout for connections. The idle timeout is defined as the + // period in which there are no active requests. When the + // idle timeout is reached the connection will be closed. If the connection is an HTTP/2 + // downstream connection a drain sequence will occur prior to closing the connection, see + // :ref:`drain_timeout + // `. + // Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. + // If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0. + // + // .. warning:: + // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP + // FIN packets, etc. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled for downstream connections according to the value for + // :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE `. + google.protobuf.Duration idle_timeout = 1; + + // The maximum duration of a connection. The duration is defined as a period since a connection + // was established. If not set, there is no max duration. When max_connection_duration is reached, + // the drain sequence will kick-in. The connection will be closed after the drain timeout period + // if there are no active streams. See :ref:`drain_timeout + // `. + google.protobuf.Duration max_connection_duration = 3; + + // The maximum number of headers (request headers if configured on HttpConnectionManager, + // response headers when configured on a cluster). + // If unconfigured, the default maximum number of headers allowed is 100. + // The default value for requests can be overridden by setting runtime key ``envoy.reloadable_features.max_request_headers_count``. + // The default value for responses can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_count``. + // Downstream requests that exceed this limit will receive a 431 response for HTTP/1.x and cause a stream + // reset for HTTP/2. + // Upstream responses that exceed this limit will result in a 503 response. + google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}]; + + // The maximum size of response headers. + // If unconfigured, the default is 60 KiB, except for HTTP/1 response headers which have a default + // of 80KiB. + // The default value can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_size_kb``. + // Responses that exceed this limit will result in a 503 response. + // In Envoy, this setting is only valid when configured on an upstream cluster, not on the + // :ref:`HTTP Connection Manager + // `. + // + // Note: currently some protocol codecs impose limits on the maximum size of a single header: + // HTTP/2 (when using nghttp2) limits a single header to around 100kb. + // HTTP/3 limits a single header to around 1024kb. + google.protobuf.UInt32Value max_response_headers_kb = 7 + [(validate.rules).uint32 = {lte: 8192 gt: 0}]; + + // Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be + // reset independent of any other timeouts. If not specified, this value is not set. + google.protobuf.Duration max_stream_duration = 4; + + // Action to take when a client request with a header name containing underscore characters is received. + // If this setting is not specified, the value defaults to ALLOW. + // Note: upstream responses are not affected by this setting. + // Note: this only affects client headers. It does not affect headers added + // by Envoy filters and does not have any impact if added to cluster config. + HeadersWithUnderscoresAction headers_with_underscores_action = 5; + + // Optional maximum requests for both upstream and downstream connections. + // If not specified, there is no limit. + // Setting this parameter to 1 will effectively disable keep alive. + // For HTTP/2 and HTTP/3, due to concurrent stream processing, the limit is approximate. + google.protobuf.UInt32Value max_requests_per_connection = 6; +} + +// [#next-free-field: 11] +message Http1ProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.Http1ProtocolOptions"; + + // [#next-free-field: 9] + message HeaderKeyFormat { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.Http1ProtocolOptions.HeaderKeyFormat"; + + message ProperCaseWords { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.Http1ProtocolOptions.HeaderKeyFormat.ProperCaseWords"; + } + + oneof header_format { + option (validate.required) = true; + + // Formats the header by proper casing words: the first character and any character following + // a special character will be capitalized if it's an alpha character. For example, + // "content-type" becomes "Content-Type", and "foo$b#$are" becomes "Foo$B#$Are". + // Note that while this results in most headers following conventional casing, certain headers + // are not covered. For example, the "TE" header will be formatted as "Te". + ProperCaseWords proper_case_words = 1; + + // Configuration for stateful formatter extensions that allow using received headers to + // affect the output of encoding headers. E.g., preserving case during proxying. + // [#extension-category: envoy.http.stateful_header_formatters] + TypedExtensionConfig stateful_formatter = 8; + } + } + + // Handle HTTP requests with absolute URLs in the requests. These requests + // are generally sent by clients to forward/explicit proxies. This allows clients to configure + // envoy as their HTTP proxy. In Unix, for example, this is typically done by setting the + // ``http_proxy`` environment variable. + google.protobuf.BoolValue allow_absolute_url = 1; + + // Handle incoming HTTP/1.0 and HTTP 0.9 requests. + // This is off by default, and not fully standards compliant. There is support for pre-HTTP/1.1 + // style connect logic, dechunking, and handling lack of client host iff + // ``default_host_for_http_10`` is configured. + bool accept_http_10 = 2; + + // A default host for HTTP/1.0 requests. This is highly suggested if ``accept_http_10`` is true as + // Envoy does not otherwise support HTTP/1.0 without a Host header. + // This is a no-op if ``accept_http_10`` is not true. + string default_host_for_http_10 = 3; + + // Describes how the keys for response headers should be formatted. By default, all header keys + // are lower cased. + HeaderKeyFormat header_key_format = 4; + + // Enables trailers for HTTP/1. By default the HTTP/1 codec drops proxied trailers. + // + // .. attention:: + // + // Note that this only happens when Envoy is chunk encoding which occurs when: + // - The request is HTTP/1.1. + // - Is neither a HEAD only request nor a HTTP Upgrade. + // - Not a response to a HEAD request. + // - The content length header is not present. + bool enable_trailers = 5; + + // Allows Envoy to process requests/responses with both ``Content-Length`` and ``Transfer-Encoding`` + // headers set. By default such messages are rejected, but if option is enabled - Envoy will + // remove Content-Length header and process message. + // See `RFC7230, sec. 3.3.3 `_ for details. + // + // .. attention:: + // Enabling this option might lead to request smuggling vulnerability, especially if traffic + // is proxied via multiple layers of proxies. + // [#comment:TODO: This field is ignored when the + // :ref:`header validation configuration ` + // is present.] + bool allow_chunked_length = 6; + + // Allows invalid HTTP messaging. When this option is false, then Envoy will terminate + // HTTP/1.1 connections upon receiving an invalid HTTP message. However, + // when this option is true, then Envoy will leave the HTTP/1.1 connection + // open where possible. + // If set, this overrides any HCM :ref:`stream_error_on_invalid_http_messaging + // `. + google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 7; + + // Allows sending fully qualified URLs when proxying the first line of the + // response. By default, Envoy will only send the path components in the first line. + // If this is true, Envoy will create a fully qualified URI composing scheme + // (inferred if not present), host (from the host/:authority header) and path + // (from first line or :path header). + bool send_fully_qualified_url = 8; + + // [#not-implemented-hide:] Hiding so that field can be removed after BalsaParser is rolled out. + // If set, force HTTP/1 parser: BalsaParser if true, http-parser if false. + // If unset, HTTP/1 parser is selected based on + // envoy.reloadable_features.http1_use_balsa_parser. + // See issue #21245. + google.protobuf.BoolValue use_balsa_parser = 9 + [(xds.annotations.v3.field_status).work_in_progress = true]; + + // [#not-implemented-hide:] Hiding so that field can be removed. + // If true, and BalsaParser is used (either `use_balsa_parser` above is true, + // or `envoy.reloadable_features.http1_use_balsa_parser` is true and + // `use_balsa_parser` is unset), then every non-empty method with only valid + // characters is accepted. Otherwise, methods not on the hard-coded list are + // rejected. + // Once UHV is enabled, this field should be removed, and BalsaParser should + // allow any method. UHV validates the method, rejecting empty string or + // invalid characters, and provides :ref:`restrict_http_methods + // ` + // to reject custom methods. + bool allow_custom_methods = 10 [(xds.annotations.v3.field_status).work_in_progress = true]; +} + +message KeepaliveSettings { + // Send HTTP/2 PING frames at this period, in order to test that the connection is still alive. + // If this is zero, interval PINGs will not be sent. + google.protobuf.Duration interval = 1 [(validate.rules).duration = {gte {nanos: 1000000}}]; + + // How long to wait for a response to a keepalive PING. If a response is not received within this + // time period, the connection will be aborted. Note that in order to prevent the influence of + // Head-of-line (HOL) blocking the timeout period is extended when *any* frame is received on + // the connection, under the assumption that if a frame is received the connection is healthy. + google.protobuf.Duration timeout = 2 [(validate.rules).duration = { + required: true + gte {nanos: 1000000} + }]; + + // A random jitter amount as a percentage of interval that will be added to each interval. + // A value of zero means there will be no jitter. + // The default value is 15%. + type.v3.Percent interval_jitter = 3; + + // If the connection has been idle for this duration, send a HTTP/2 ping ahead + // of new stream creation, to quickly detect dead connections. + // If this is zero, this type of PING will not be sent. + // If an interval ping is outstanding, a second ping will not be sent as the + // interval ping will determine if the connection is dead. + // + // The same feature for HTTP/3 is given by inheritance from QUICHE which uses :ref:`connection idle_timeout ` and the current PTO of the connection to decide whether to probe before sending a new request. + google.protobuf.Duration connection_idle_interval = 4 + [(validate.rules).duration = {gte {nanos: 1000000}}]; +} + +// [#next-free-field: 17] +message Http2ProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.Http2ProtocolOptions"; + + // Defines a parameter to be sent in the SETTINGS frame. + // See `RFC7540, sec. 6.5.1 `_ for details. + message SettingsParameter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.Http2ProtocolOptions.SettingsParameter"; + + // The 16 bit parameter identifier. + google.protobuf.UInt32Value identifier = 1 [ + (validate.rules).uint32 = {lte: 65535 gte: 0}, + (validate.rules).message = {required: true} + ]; + + // The 32 bit parameter value. + google.protobuf.UInt32Value value = 2 [(validate.rules).message = {required: true}]; + } + + // `Maximum table size `_ + // (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values + // range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header + // compression. + google.protobuf.UInt32Value hpack_table_size = 1; + + // `Maximum concurrent streams `_ + // allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1) + // and defaults to 2147483647. + // + // For upstream connections, this also limits how many streams Envoy will initiate concurrently + // on a single connection. If the limit is reached, Envoy may queue requests or establish + // additional connections (as allowed per circuit breaker limits). + // + // This acts as an upper bound: Envoy will lower the max concurrent streams allowed on a given + // connection based on upstream settings. Config dumps will reflect the configured upper bound, + // not the per-connection negotiated limits. + google.protobuf.UInt32Value max_concurrent_streams = 2 + [(validate.rules).uint32 = {lte: 2147483647 gte: 1}]; + + // `Initial stream-level flow-control window + // `_ size. Valid values range from 65535 + // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456 + // (256 * 1024 * 1024). + // + // NOTE: 65535 is the initial window size from HTTP/2 spec. We only support increasing the default + // window size now, so it's also the minimum. + // + // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the + // HTTP/2 codec buffers. Once the buffer reaches this pointer, watermark callbacks will fire to + // stop the flow of data to the codec buffers. + google.protobuf.UInt32Value initial_stream_window_size = 3 + [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}]; + + // Similar to ``initial_stream_window_size``, but for connection-level flow-control + // window. Currently, this has the same minimum/maximum/default as ``initial_stream_window_size``. + google.protobuf.UInt32Value initial_connection_window_size = 4 + [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}]; + + // Allows proxying Websocket and other upgrades over H2 connect. + bool allow_connect = 5; + + // [#not-implemented-hide:] Hiding until Envoy has full metadata support. + // Still under implementation. DO NOT USE. + // + // Allows sending and receiving HTTP/2 METADATA frames. See [metadata + // docs](https://github.com/envoyproxy/envoy/blob/main/source/docs/h2_metadata.md) for more + // information. + bool allow_metadata = 6; + + // Limit the number of pending outbound downstream frames of all types (frames that are waiting to + // be written into the socket). Exceeding this limit triggers flood mitigation and connection is + // terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due + // to flood mitigation. The default limit is 10000. + google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}]; + + // Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM, + // preventing high memory utilization when receiving continuous stream of these frames. Exceeding + // this limit triggers flood mitigation and connection is terminated. The + // ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood + // mitigation. The default limit is 1000. + google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}]; + + // Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an + // empty payload and no end stream flag. Those frames have no legitimate use and are abusive, but + // might be a result of a broken HTTP/2 implementation. The `http2.inbound_empty_frames_flood`` + // stat tracks the number of connections terminated due to flood mitigation. + // Setting this to 0 will terminate connection upon receiving first frame with an empty payload + // and no end stream flag. The default limit is 1. + google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9; + + // Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number + // of PRIORITY frames received over the lifetime of connection exceeds the value calculated + // using this formula:: + // + // ``max_inbound_priority_frames_per_stream`` * (1 + ``opened_streams``) + // + // the connection is terminated. For downstream connections the ``opened_streams`` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connection the + // ``opened_streams`` is incremented when Envoy send the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks + // the number of connections terminated due to flood mitigation. The default limit is 100. + google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10; + + // Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number + // of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated + // using this formula:: + // + // 5 + 2 * (``opened_streams`` + + // ``max_inbound_window_update_frames_per_data_frame_sent`` * ``outbound_data_frames``) + // + // the connection is terminated. For downstream connections the ``opened_streams`` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connections the + // ``opened_streams`` is incremented when Envoy sends the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks the number of connections terminated due to + // flood mitigation. The default max_inbound_window_update_frames_per_data_frame_sent value is 10. + // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, + // but more complex implementations that try to estimate available bandwidth require at least 2. + google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11 + [(validate.rules).uint32 = {gte: 1}]; + + // Allows invalid HTTP messaging and headers. When this option is disabled (default), then + // the whole HTTP/2 connection is terminated upon receiving invalid HEADERS frame. However, + // when this option is enabled, only the offending stream is terminated. + // + // This is overridden by HCM :ref:`stream_error_on_invalid_http_messaging + // ` + // iff present. + // + // This is deprecated in favor of :ref:`override_stream_error_on_invalid_http_message + // ` + // + // See `RFC7540, sec. 8.1 `_ for details. + bool stream_error_on_invalid_http_messaging = 12 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Allows invalid HTTP messaging and headers. When this option is disabled (default), then + // the whole HTTP/2 connection is terminated upon receiving invalid HEADERS frame. However, + // when this option is enabled, only the offending stream is terminated. + // + // This overrides any HCM :ref:`stream_error_on_invalid_http_messaging + // ` + // + // See `RFC7540, sec. 8.1 `_ for details. + google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 14; + + // [#not-implemented-hide:] + // Specifies SETTINGS frame parameters to be sent to the peer, with two exceptions: + // + // 1. SETTINGS_ENABLE_PUSH (0x2) is not configurable as HTTP/2 server push is not supported by + // Envoy. + // + // 2. SETTINGS_ENABLE_CONNECT_PROTOCOL (0x8) is only configurable through the named field + // 'allow_connect'. + // + // Note that custom parameters specified through this field can not also be set in the + // corresponding named parameters: + // + // .. code-block:: text + // + // ID Field Name + // ---------------- + // 0x1 hpack_table_size + // 0x3 max_concurrent_streams + // 0x4 initial_stream_window_size + // + // Collisions will trigger config validation failure on load/update. Likewise, inconsistencies + // between custom parameters with the same identifier will trigger a failure. + // + // See `IANA HTTP/2 Settings + // `_ for + // standardized identifiers. + repeated SettingsParameter custom_settings_parameters = 13; + + // Send HTTP/2 PING frames to verify that the connection is still healthy. If the remote peer + // does not respond within the configured timeout, the connection will be aborted. + KeepaliveSettings connection_keepalive = 15; + + // [#not-implemented-hide:] Hiding so that the field can be removed after oghttp2 is rolled out. + // If set, force use of a particular HTTP/2 codec: oghttp2 if true, nghttp2 if false. + // If unset, HTTP/2 codec is selected based on envoy.reloadable_features.http2_use_oghttp2. + google.protobuf.BoolValue use_oghttp2_codec = 16 + [(xds.annotations.v3.field_status).work_in_progress = true]; +} + +// [#not-implemented-hide:] +message GrpcProtocolOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.GrpcProtocolOptions"; + + Http2ProtocolOptions http2_protocol_options = 1; +} + +// A message which allows using HTTP/3. +// [#next-free-field: 7] +message Http3ProtocolOptions { + QuicProtocolOptions quic_protocol_options = 1; + + // Allows invalid HTTP messaging and headers. When this option is disabled (default), then + // the whole HTTP/3 connection is terminated upon receiving invalid HEADERS frame. However, + // when this option is enabled, only the offending stream is terminated. + // + // If set, this overrides any HCM :ref:`stream_error_on_invalid_http_messaging + // `. + google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 2; + + // Allows proxying Websocket and other upgrades over HTTP/3 CONNECT using + // the header mechanisms from the `HTTP/2 extended connect RFC + // `_ + // and settings `proposed for HTTP/3 + // `_ + // Note that HTTP/3 CONNECT is not yet an RFC. + bool allow_extended_connect = 5 [(xds.annotations.v3.field_status).work_in_progress = true]; + + // [#not-implemented-hide:] Hiding until Envoy has full metadata support. + // Still under implementation. DO NOT USE. + // + // Allows sending and receiving HTTP/3 METADATA frames. See [metadata + // docs](https://github.com/envoyproxy/envoy/blob/main/source/docs/h2_metadata.md) for more + // information. + bool allow_metadata = 6; +} + +// A message to control transformations to the :scheme header +message SchemeHeaderTransformation { + oneof transformation { + // Overwrite any Scheme header with the contents of this string. + // If set, takes precedence over match_upstream. + string scheme_to_overwrite = 1 [(validate.rules).string = {in: "http" in: "https"}]; + } + + // Set the Scheme header to match the upstream transport protocol. For example, should a + // request be sent to the upstream over TLS, the scheme header will be set to "https". Should the + // request be sent over plaintext, the scheme header will be set to "http". + // If scheme_to_overwrite is set, this field is not used. + bool match_upstream = 2; +} diff --git a/modules/sync/envoyproxy/envoy/cas/8695627774888384867f60a36b2bdd64d260d7dbeb4bde5a9fcaf617c436af794050181efee94998f5966bdceeaee8733c6db03b11af64e4487d1a0f4dd1e476 b/modules/sync/envoyproxy/envoy/cas/8695627774888384867f60a36b2bdd64d260d7dbeb4bde5a9fcaf617c436af794050181efee94998f5966bdceeaee8733c6db03b11af64e4487d1a0f4dd1e476 new file mode 100644 index 00000000..ddcae1ad --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/8695627774888384867f60a36b2bdd64d260d7dbeb4bde5a9fcaf617c436af794050181efee94998f5966bdceeaee8733c6db03b11af64e4487d1a0f4dd1e476 @@ -0,0 +1,61 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.grpc_json_reverse_transcoder.v3; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.grpc_json_reverse_transcoder.v3"; +option java_outer_classname = "TranscoderProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_json_reverse_transcoder/v3;grpc_json_reverse_transcoderv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: gRPC-JSON reverse transcoder] +// gRPC-JSON reverse transcoder :ref:`configuration overview `. +// [#extension: envoy.filters.http.grpc_json_reverse_transcoder] + +// [#next-free-field: 6] +// ``GrpcJsonReverseTranscoder`` is the filter configuration for the gRPC JSON +// reverse transcoder. The reverse transcoder acts as a bridge between a gRPC +// client and an HTTP/JSON server, converting the gRPC request into HTTP/JSON +// for the HTTP backend and the HTTP/JSON response back to gRPC for the gRPC +// client. This effectively reverses the behavior of the +// :ref:`grpc_json_transcoder filter `, +// allowing a gRPC client to communicate with an HTTP/JSON server. +message GrpcJsonReverseTranscoder { + // Supplies the filename of + // :ref:`the proto descriptor set + // ` for the gRPC services. + // If set, takes precedence over the ``descriptor_binary`` field. + string descriptor_path = 1; + + // Supplies the binary content of + // :ref:`the proto descriptor set + // ` for the gRPC services. + // If ``descriptor_path`` is set, this field is not used. + bytes descriptor_binary = 2; + + // The maximum size of a request body to be transcoded, in bytes. A body exceeding this size will + // provoke a ``gRPC status: ResourceExhausted`` response. + // + // Large values may cause envoy to use a lot of memory if there are many + // concurrent requests. + // + // If unset, the current stream buffer size is used. + google.protobuf.UInt32Value max_request_body_size = 3 [(validate.rules).uint32 = {gt: 0}]; + + // The maximum size of a response body to be transcoded, in bytes. A body exceeding this size will + // provoke a ``gRPC status: Internal`` response. + // + // Large values may cause envoy to use a lot of memory if there are many + // concurrent requests. + // + // If unset, the current stream buffer size is used. + google.protobuf.UInt32Value max_response_body_size = 4 [(validate.rules).uint32 = {gt: 0}]; + + // The name of the header field that has the API version of the request. + string api_version_header = 5; +} diff --git a/modules/sync/envoyproxy/envoy/cas/898dcb73232fc67a2cdd1d61309a81f12c1da724cc3e5c9877e2a1c8f8c4b9f6d170383f7dff706ffc19dca6e09c9cd558136dc75a9cf507c7e1d341c497a293 b/modules/sync/envoyproxy/envoy/cas/898dcb73232fc67a2cdd1d61309a81f12c1da724cc3e5c9877e2a1c8f8c4b9f6d170383f7dff706ffc19dca6e09c9cd558136dc75a9cf507c7e1d341c497a293 new file mode 100644 index 00000000..33eb349f --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/898dcb73232fc67a2cdd1d61309a81f12c1da724cc3e5c9877e2a1c8f8c4b9f6d170383f7dff706ffc19dca6e09c9cd558136dc75a9cf507c7e1d341c497a293 @@ -0,0 +1,351 @@ +syntax = "proto3"; + +package envoy.config.listener.v3; + +import "envoy/config/core/v3/address.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/config_source.proto"; +import "envoy/type/v3/range.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.listener.v3"; +option java_outer_classname = "ListenerComponentsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3;listenerv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Listener components] +// Listener :ref:`configuration overview ` + +// [#next-free-field: 6] +message Filter { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.Filter"; + + reserved 3, 2; + + reserved "config"; + + // The name of the filter configuration. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + oneof config_type { + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. + // [#extension-category: envoy.filters.network] + google.protobuf.Any typed_config = 4; + + // Configuration source specifier for an extension configuration discovery + // service. In case of a failure and without the default configuration, the + // listener closes the connections. + core.v3.ExtensionConfigSource config_discovery = 5; + } +} + +// Specifies the match criteria for selecting a specific filter chain for a +// listener. +// +// In order for a filter chain to be selected, *ALL* of its criteria must be +// fulfilled by the incoming connection, properties of which are set by the +// networking stack and/or listener filters. +// +// The following order applies: +// +// 1. Destination port. +// 2. Destination IP address. +// 3. Server name (e.g. SNI for TLS protocol), +// 4. Transport protocol. +// 5. Application protocols (e.g. ALPN for TLS protocol). +// 6. Directly connected source IP address (this will only be different from the source IP address +// when using a listener filter that overrides the source address, such as the :ref:`Proxy Protocol +// listener filter `). +// 7. Source type (e.g. any, local or external network). +// 8. Source IP address. +// 9. Source port. +// +// For criteria that allow ranges or wildcards, the most specific value in any +// of the configured filter chains that matches the incoming connection is going +// to be used (e.g. for SNI ``www.example.com`` the most specific match would be +// ``www.example.com``, then ``*.example.com``, then ``*.com``, then any filter +// chain without ``server_names`` requirements). +// +// A different way to reason about the filter chain matches: +// Suppose there exists N filter chains. Prune the filter chain set using the above 8 steps. +// In each step, filter chains which most specifically matches the attributes continue to the next step. +// The listener guarantees at most 1 filter chain is left after all of the steps. +// +// Example: +// +// For destination port, filter chains specifying the destination port of incoming traffic are the +// most specific match. If none of the filter chains specifies the exact destination port, the filter +// chains which do not specify ports are the most specific match. Filter chains specifying the +// wrong port can never be the most specific match. +// +// [#comment: Implemented rules are kept in the preference order, with deprecated fields +// listed at the end, because that's how we want to list them in the docs. +// +// [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules] +// [#next-free-field: 14] +message FilterChainMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.listener.FilterChainMatch"; + + enum ConnectionSourceType { + // Any connection source matches. + ANY = 0; + + // Match a connection originating from the same host. + SAME_IP_OR_LOOPBACK = 1; + + // Match a connection originating from a different host. + EXTERNAL = 2; + } + + reserved 1; + + // Optional destination port to consider when use_original_dst is set on the + // listener in determining a filter chain match. + google.protobuf.UInt32Value destination_port = 8 [(validate.rules).uint32 = {lte: 65535 gte: 1}]; + + // If non-empty, an IP address and prefix length to match addresses when the + // listener is bound to 0.0.0.0/:: or when use_original_dst is specified. + repeated core.v3.CidrRange prefix_ranges = 3; + + // If non-empty, an IP address and suffix length to match addresses when the + // listener is bound to 0.0.0.0/:: or when use_original_dst is specified. + // [#not-implemented-hide:] + string address_suffix = 4; + + // [#not-implemented-hide:] + google.protobuf.UInt32Value suffix_len = 5; + + // The criteria is satisfied if the directly connected source IP address of the downstream + // connection is contained in at least one of the specified subnets. If the parameter is not + // specified or the list is empty, the directly connected source IP address is ignored. + repeated core.v3.CidrRange direct_source_prefix_ranges = 13; + + // Specifies the connection source IP match type. Can be any, local or external network. + ConnectionSourceType source_type = 12 [(validate.rules).enum = {defined_only: true}]; + + // The criteria is satisfied if the source IP address of the downstream + // connection is contained in at least one of the specified subnets. If the + // parameter is not specified or the list is empty, the source IP address is + // ignored. + repeated core.v3.CidrRange source_prefix_ranges = 6; + + // The criteria is satisfied if the source port of the downstream connection + // is contained in at least one of the specified ports. If the parameter is + // not specified, the source port is ignored. + repeated uint32 source_ports = 7 + [(validate.rules).repeated = {items {uint32 {lte: 65535 gte: 1}}}]; + + // If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining + // a filter chain match. Those values will be compared against the server names of a new + // connection, when detected by one of the listener filters. + // + // The server name will be matched against all wildcard domains, i.e. ``www.example.com`` + // will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``. + // + // Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid. + // The value ``*`` is also not supported, and ``server_names`` should be omitted instead. + // + // .. attention:: + // + // See the :ref:`FAQ entry ` on how to configure SNI for more + // information. + repeated string server_names = 11; + + // If non-empty, a transport protocol to consider when determining a filter chain match. + // This value will be compared against the transport protocol of a new connection, when + // it's detected by one of the listener filters. + // + // Suggested values include: + // + // * ``raw_buffer`` - default, used when no transport protocol is detected, + // * ``tls`` - set by :ref:`envoy.filters.listener.tls_inspector ` + // when TLS protocol is detected. + string transport_protocol = 9; + + // If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when + // determining a filter chain match. Those values will be compared against the application + // protocols of a new connection, when detected by one of the listener filters. + // + // Suggested values include: + // + // * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector + // `, + // * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector ` + // + // .. attention:: + // + // Currently, only :ref:`TLS Inspector ` provides + // application protocol detection based on the requested + // `ALPN `_ values. + // + // However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet, + // and matching on values other than ``h2`` is going to lead to a lot of false negatives, + // unless all connecting clients are known to use ALPN. + repeated string application_protocols = 10; +} + +// A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and +// various other parameters. +// [#next-free-field: 10] +message FilterChain { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.FilterChain"; + + reserved 2, 8; + + reserved "tls_context", "on_demand_configuration"; + + // The criteria to use when matching a connection to this filter chain. + FilterChainMatch filter_chain_match = 1; + + // A list of individual network filters that make up the filter chain for + // connections established with the listener. Order matters as the filters are + // processed sequentially as connection events happen. Note: If the filter + // list is empty, the connection will close by default. + // + // For QUIC listeners, network filters other than HTTP Connection Manager (HCM) + // can be created, but due to differences in the connection implementation compared + // to TCP, the onData() method will never be called. Therefore, network filters + // for QUIC listeners should only expect to do work at the start of a new connection + // (i.e. in onNewConnection()). HCM must be the last (or only) filter in the chain. + repeated Filter filters = 3; + + // Whether the listener should expect a PROXY protocol V1 header on new + // connections. If this option is enabled, the listener will assume that that + // remote address of the connection is the one specified in the header. Some + // load balancers including the AWS ELB support this option. If the option is + // absent or set to false, Envoy will use the physical peer address of the + // connection as the remote address. + // + // This field is deprecated. Add a + // :ref:`PROXY protocol listener filter ` + // explicitly instead. + google.protobuf.BoolValue use_proxy_proto = 4 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // [#not-implemented-hide:] filter chain metadata. + core.v3.Metadata metadata = 5; + + // Optional custom transport socket implementation to use for downstream connections. + // To setup TLS, set a transport socket with name ``envoy.transport_sockets.tls`` and + // :ref:`DownstreamTlsContext ` in the ``typed_config``. + // If no transport socket configuration is specified, new connections + // will be set up with plaintext. + // [#extension-category: envoy.transport_sockets.downstream] + core.v3.TransportSocket transport_socket = 6; + + // If present and nonzero, the amount of time to allow incoming connections to complete any + // transport socket negotiations. If this expires before the transport reports connection + // establishment, the connection is summarily closed. + google.protobuf.Duration transport_socket_connect_timeout = 9; + + // The unique name (or empty) by which this filter chain is known. + // Note: :ref:`filter_chain_matcher + // ` + // requires that filter chains are uniquely named within a listener. + string name = 7; +} + +// Listener filter chain match configuration. This is a recursive structure which allows complex +// nested match configurations to be built using various logical operators. +// +// Examples: +// +// * Matches if the destination port is 3306. +// +// .. code-block:: yaml +// +// destination_port_range: +// start: 3306 +// end: 3307 +// +// * Matches if the destination port is 3306 or 15000. +// +// .. code-block:: yaml +// +// or_match: +// rules: +// - destination_port_range: +// start: 3306 +// end: 3307 +// - destination_port_range: +// start: 15000 +// end: 15001 +// +// [#next-free-field: 6] +message ListenerFilterChainMatchPredicate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.listener.ListenerFilterChainMatchPredicate"; + + // A set of match configurations used for logical operations. + message MatchSet { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.listener.ListenerFilterChainMatchPredicate.MatchSet"; + + // The list of rules that make up the set. + repeated ListenerFilterChainMatchPredicate rules = 1 + [(validate.rules).repeated = {min_items: 2}]; + } + + oneof rule { + option (validate.required) = true; + + // A set that describes a logical OR. If any member of the set matches, the match configuration + // matches. + MatchSet or_match = 1; + + // A set that describes a logical AND. If all members of the set match, the match configuration + // matches. + MatchSet and_match = 2; + + // A negation match. The match configuration will match if the negated match condition matches. + ListenerFilterChainMatchPredicate not_match = 3; + + // The match configuration will always match. + bool any_match = 4 [(validate.rules).bool = {const: true}]; + + // Match destination port. Particularly, the match evaluation must use the recovered local port if + // the owning listener filter is after :ref:`an original_dst listener filter `. + type.v3.Int32Range destination_port_range = 5; + } +} + +// [#next-free-field: 6] +message ListenerFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.listener.ListenerFilter"; + + reserved 2; + + reserved "config"; + + // The name of the filter configuration. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + oneof config_type { + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. + // [#extension-category: envoy.filters.listener,envoy.filters.udp_listener] + google.protobuf.Any typed_config = 3; + + // Configuration source specifier for an extension configuration discovery + // service. In case of a failure and without the default configuration, the + // listener closes the connections. + core.v3.ExtensionConfigSource config_discovery = 5; + } + + // Optional match predicate used to disable the filter. The filter is enabled when this field is empty. + // See :ref:`ListenerFilterChainMatchPredicate ` + // for further examples. + ListenerFilterChainMatchPredicate filter_disabled = 4; +} diff --git a/modules/sync/envoyproxy/envoy/cas/8c4419111eb187a571b0ee7b60f1cc436450e5d263ccc007c90e58fdd029c2a5c7db789944e0a9963b1c53d37a311f5ec3e05cf1849f7c794fea38899ea406ea b/modules/sync/envoyproxy/envoy/cas/8c4419111eb187a571b0ee7b60f1cc436450e5d263ccc007c90e58fdd029c2a5c7db789944e0a9963b1c53d37a311f5ec3e05cf1849f7c794fea38899ea406ea new file mode 100644 index 00000000..41403211 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/8c4419111eb187a571b0ee7b60f1cc436450e5d263ccc007c90e58fdd029c2a5c7db789944e0a9963b1c53d37a311f5ec3e05cf1849f7c794fea38899ea406ea @@ -0,0 +1,122 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ext_proc.v3; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_proc.v3"; +option java_outer_classname = "ProcessingModeProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_proc/v3;ext_procv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: External Processing Filter] +// External Processing Filter Processing Mode +// [#extension: envoy.filters.http.ext_proc] + +// This configuration describes which parts of an HTTP request and +// response are sent to a remote server and how they are delivered. + +// [#next-free-field: 7] +message ProcessingMode { + // Control how headers and trailers are handled + enum HeaderSendMode { + // The default HeaderSendMode depends on which part of the message is being + // processed. By default, request and response headers are sent, + // while trailers are skipped. + DEFAULT = 0; + + // Send the header or trailer. + SEND = 1; + + // Do not send the header or trailer. + SKIP = 2; + } + + // Control how the request and response bodies are handled + // When body mutation by external processor is enabled, ext_proc filter will always remove + // the content length header in four cases below because content length can not be guaranteed + // to be set correctly: + // 1) STREAMED BodySendMode: header processing completes before body mutation comes back. + // 2) BUFFERED_PARTIAL BodySendMode: body is buffered and could be injected in different phases. + // 3) BUFFERED BodySendMode + SKIP HeaderSendMode: header processing (e.g., update content-length) is skipped. + // 4) FULL_DUPLEX_STREAMED BodySendMode: header processing completes before body mutation comes back. + // + // In Envoy's http1 codec implementation, removing content length will enable chunked transfer + // encoding whenever feasible. The recipient (either client or server) must be able + // to parse and decode the chunked transfer coding. + // (see `details in RFC9112 `_). + // + // In BUFFERED BodySendMode + SEND HeaderSendMode, content length header is allowed but it is + // external processor's responsibility to set the content length correctly matched to the length + // of mutated body. If they don't match, the corresponding body mutation will be rejected and + // local reply will be sent with an error message. + enum BodySendMode { + // Do not send the body at all. This is the default. + NONE = 0; + + // Stream the body to the server in pieces as they arrive at the + // proxy. + STREAMED = 1; + + // Buffer the message body in memory and send the entire body at once. + // If the body exceeds the configured buffer limit, then the + // downstream system will receive an error. + BUFFERED = 2; + + // Buffer the message body in memory and send the entire body in one + // chunk. If the body exceeds the configured buffer limit, then the body contents + // up to the buffer limit will be sent. + BUFFERED_PARTIAL = 3; + + // [#not-implemented-hide:] + // Envoy streams the body to the server in pieces as they arrive. + // + // 1) The server may choose to buffer any number chunks of data before processing them. + // After it finishes buffering, the server processes the buffered data. Then it splits the processed + // data into any number of chunks, and streams them back to Envoy one by one. + // The server may continuously do so until the complete body is processed. + // The individual response chunk size is recommended to be no greater than 64K bytes, or + // :ref:`max_receive_message_length ` + // if EnvoyGrpc is used. + // + // 2) The server may also choose to buffer the entire message, including the headers (if header mode is + // ``SEND``), the entire body, and the trailers (if present), before sending back any response. + // The server response has to maintain the headers-body-trailers ordering. + // + // 3) Note that the server might also choose not to buffer data. That is, upon receiving a + // body request, it could process the data and send back a body response immediately. + // + // In this body mode: + // * The corresponding trailer mode has to be set to ``SEND``. + // * Envoy will send body and trailers (if present) to the server as they arrive. + // Sending the trailers (if present) is to inform the server the complete body arrives. + // In case there are no trailers, then Envoy will set + // :ref:`end_of_stream ` + // to true as part of the last body chunk request to notify the server that no other data is to be sent. + // * The server needs to send + // :ref:`StreamedBodyResponse ` + // to Envoy in the body response. + // * Envoy will stream the body chunks in the responses from the server to the upstream/downstream as they arrive. + FULL_DUPLEX_STREAMED = 4; + } + + // How to handle the request header. Default is "SEND". + HeaderSendMode request_header_mode = 1 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the response header. Default is "SEND". + HeaderSendMode response_header_mode = 2 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the request body. Default is "NONE". + BodySendMode request_body_mode = 3 [(validate.rules).enum = {defined_only: true}]; + + // How do handle the response body. Default is "NONE". + BodySendMode response_body_mode = 4 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the request trailers. Default is "SKIP". + HeaderSendMode request_trailer_mode = 5 [(validate.rules).enum = {defined_only: true}]; + + // How to handle the response trailers. Default is "SKIP". + HeaderSendMode response_trailer_mode = 6 [(validate.rules).enum = {defined_only: true}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/90c9a5e1b2bfe3cf7dccc8cb444c46a99c9214ab0a7b0c78c19f9f9cdb9787c35a1a85547849ae858e97f440352069bbabe91c5efeb9d8643c457a64737ac00c b/modules/sync/envoyproxy/envoy/cas/90c9a5e1b2bfe3cf7dccc8cb444c46a99c9214ab0a7b0c78c19f9f9cdb9787c35a1a85547849ae858e97f440352069bbabe91c5efeb9d8643c457a64737ac00c new file mode 100644 index 00000000..6de0c1e4 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/90c9a5e1b2bfe3cf7dccc8cb444c46a99c9214ab0a7b0c78c19f9f9cdb9787c35a1a85547849ae858e97f440352069bbabe91c5efeb9d8643c457a64737ac00c @@ -0,0 +1,271 @@ +syntax = "proto3"; + +package envoy.extensions.filters.udp.udp_proxy.v3; + +import "envoy/config/accesslog/v3/accesslog.proto"; +import "envoy/config/core/v3/backoff.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/config_source.proto"; +import "envoy/config/core/v3/udp_socket_config.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "xds/annotations/v3/status.proto"; +import "xds/type/matcher/v3/matcher.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.udp.udp_proxy.v3"; +option java_outer_classname = "UdpProxyProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/udp_proxy/v3;udp_proxyv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: UDP proxy] +// UDP proxy :ref:`configuration overview `. +// [#extension: envoy.filters.udp_listener.udp_proxy] + +// Configuration for the UDP proxy filter. +// [#next-free-field: 14] +message UdpProxyConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.udp.udp_proxy.v2alpha.UdpProxyConfig"; + + // Specifies the UDP hash policy. + // The packets can be routed by hash policy. + message HashPolicy { + oneof policy_specifier { + option (validate.required) = true; + + // The source IP will be used to compute the hash used by hash-based load balancing algorithms. + bool source_ip = 1 [(validate.rules).bool = {const: true}]; + + // A given key will be used to compute the hash used by hash-based load balancing algorithms. + // In certain cases there is a need to direct different UDP streams jointly towards the selected set of endpoints. + // A possible use-case is VoIP telephony, where media (RTP) and its corresponding control (RTCP) belong to the same logical session, + // although they travel in separate streams. To ensure that these pair of streams are load-balanced on session level + // (instead of individual stream level), dynamically created listeners can use the same hash key for each stream in the session. + string key = 2 [(validate.rules).string = {min_len: 1}]; + } + } + + // Configuration for UDP session filters. + message SessionFilter { + // The name of the filter configuration. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + oneof config_type { + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. + google.protobuf.Any typed_config = 2; + + // Configuration source specifier for an extension configuration discovery + // service. In case of a failure and without the default configuration, the + // UDP session will be removed. + config.core.v3.ExtensionConfigSource config_discovery = 3; + } + } + + // Configuration for tunneling UDP over other transports or application layers. + // Tunneling is currently supported over HTTP/2. + // [#next-free-field: 12] + message UdpTunnelingConfig { + // Configuration for UDP datagrams buffering. + message BufferOptions { + // If set, the filter will only buffer datagrams up to the requested limit, and will drop + // new UDP datagrams if the buffer contains the max_buffered_datagrams value at the time + // of a new datagram arrival. If not set, the default value is 1024 datagrams. + google.protobuf.UInt32Value max_buffered_datagrams = 1; + + // If set, the filter will only buffer datagrams up to the requested total buffered bytes limit, + // and will drop new UDP datagrams if the buffer contains the max_buffered_datagrams value + // at the time of a new datagram arrival. If not set, the default value is 16,384 (16KB). + google.protobuf.UInt64Value max_buffered_bytes = 2; + } + + message RetryOptions { + // The maximum number of unsuccessful connection attempts that will be made before giving up. + // If the parameter is not specified, 1 connection attempt will be made. + google.protobuf.UInt32Value max_connect_attempts = 1; + + // Sets the backoff strategy. If not set, the retries are performed without backoff. + config.core.v3.BackoffStrategy backoff_options = 2; + } + + // The hostname to send in the synthesized CONNECT headers to the upstream proxy. + // This field evaluates command operators if set, otherwise returns hostname as is. + // + // Example: dynamically set hostname using filter state + // + // .. code-block:: yaml + // + // tunneling_config: + // proxy_host: "%FILTER_STATE(proxy.host.key:PLAIN)%" + // + string proxy_host = 1 [(validate.rules).string = {min_len: 1}]; + + // Optional port value to add to the HTTP request URI. + // This value can be overridden per-session by setting the required port value for + // the filter state key ``udp.connect.proxy_port``. + google.protobuf.UInt32Value proxy_port = 2; + + // The target host to send in the synthesized CONNECT headers to the upstream proxy. + // This field evaluates command operators if set, otherwise returns hostname as is. + // + // Example: dynamically set target host using filter state + // + // .. code-block:: yaml + // + // tunneling_config: + // target_host: "%FILTER_STATE(target.host.key:PLAIN)%" + // + string target_host = 3 [(validate.rules).string = {min_len: 1}]; + + // The default target port to send in the CONNECT headers to the upstream proxy. + // This value can be overridden per-session by setting the required port value for + // the filter state key ``udp.connect.target_port``. + uint32 default_target_port = 4 [(validate.rules).uint32 = {lte: 65535 gt: 0}]; + + // Use POST method instead of CONNECT method to tunnel the UDP stream. + // + // .. note:: + // If use_post is set, the upstream stream does not comply with the connect-udp RFC, and + // instead it will be a POST request. the path used in the headers will be set from the + // post_path field, and the headers will not contain the target host and target port, as + // required by the connect-udp protocol. This flag should be used carefully. + // + bool use_post = 5; + + // The path used with POST method. Default path is ``/``. If post path is specified and + // use_post field isn't true, it will be rejected. + string post_path = 6; + + // Optional retry options, in case connecting to the upstream failed. + RetryOptions retry_options = 7; + + // Additional request headers to upstream proxy. Neither ``:-prefixed`` pseudo-headers + // nor the Host: header can be overridden. Values of the added headers evaluates command + // operators if they are set in the value template. + // + // Example: dynamically set a header with the local port + // + // .. code-block:: yaml + // + // headers_to_add: + // - header: + // key: original_dst_port + // value: "%DOWNSTREAM_LOCAL_PORT%" + // + repeated config.core.v3.HeaderValueOption headers_to_add = 8 + [(validate.rules).repeated = {max_items: 1000}]; + + // If configured, the filter will buffer datagrams in case that it is waiting for the upstream to be + // ready, whether if it is during the connection process or due to upstream buffer watermarks. + // If this field is not configured, there will be no buffering and downstream datagrams that arrive + // while the upstream is not ready will be dropped. In case this field is set but the options + // are not configured, the default values will be applied as described in the ``BufferOptions``. + BufferOptions buffer_options = 9; + + // Save the response headers to the downstream info filter state for consumption + // by the session filters. The filter state key is ``envoy.udp_proxy.propagate_response_headers``. + bool propagate_response_headers = 10; + + // Save the response trailers to the downstream info filter state for consumption + // by the session filters. The filter state key is ``envoy.udp_proxy.propagate_response_trailers``. + bool propagate_response_trailers = 11; + } + + message UdpAccessLogOptions { + // The interval to flush access log. The UDP proxy will flush only one access log when the session + // is ended by default. If this field is set, the UDP proxy will flush access log periodically with + // the specified interval. + // This field does not require on-tunnel-connected access logging enabled, and the other way around. + // The interval must be at least 1ms. + google.protobuf.Duration access_log_flush_interval = 1 + [(validate.rules).duration = {gte {nanos: 1000000}}]; + + // If set to true and UDP tunneling is configured, access log will be flushed when the UDP proxy has successfully + // established a connection tunnel with the upstream. If the connection failed, the access log will not be flushed. + bool flush_access_log_on_tunnel_connected = 2; + } + + // The stat prefix used when emitting UDP proxy filter stats. + string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; + + oneof route_specifier { + option (validate.required) = true; + + // The upstream cluster to connect to. + // This field is deprecated in favor of + // :ref:`matcher `. + string cluster = 2 [ + deprecated = true, + (validate.rules).string = {min_len: 1}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // The match tree to use when resolving route actions for incoming requests. + // See :ref:`Routing ` for more information. + xds.type.matcher.v3.Matcher matcher = 9 + [(xds.annotations.v3.field_status).work_in_progress = true]; + } + + // The idle timeout for sessions. Idle is defined as no datagrams between received or sent by + // the session. The default if not specified is 1 minute. + google.protobuf.Duration idle_timeout = 3; + + // Use the remote downstream IP address as the sender IP address when sending packets to upstream hosts. + // This option requires Envoy to be run with the ``CAP_NET_ADMIN`` capability on Linux. + // And the IPv6 stack must be enabled on Linux kernel. + // This option does not preserve the remote downstream port. + // If this option is enabled, the IP address of sent datagrams will be changed to the remote downstream IP address. + // This means that Envoy will not receive packets that are sent by upstream hosts because the upstream hosts + // will send the packets with the remote downstream IP address as the destination. All packets will be routed + // to the remote downstream directly if there are route rules on the upstream host side. + // There are two options to return the packets back to the remote downstream. + // The first one is to use DSR (Direct Server Return). + // The other one is to configure routing rules on the upstream hosts to forward + // all packets back to Envoy and configure iptables rules on the host running Envoy to + // forward all packets from upstream hosts to the Envoy process so that Envoy can forward the packets to the downstream. + // If the platform does not support this option, Envoy will raise a configuration error. + bool use_original_src_ip = 4; + + // Optional configuration for UDP proxy hash policies. If hash_policies is not set, the hash-based + // load balancing algorithms will select a host randomly. Currently the number of hash policies is + // limited to 1. + repeated HashPolicy hash_policies = 5 [(validate.rules).repeated = {max_items: 1}]; + + // UDP socket configuration for upstream sockets. The default for + // :ref:`prefer_gro ` is true for upstream + // sockets as the assumption is datagrams will be received from a single source. + config.core.v3.UdpSocketConfig upstream_socket_config = 6; + + // Perform per packet load balancing (upstream host selection) on each received data chunk. + // The default if not specified is false, that means each data chunk is forwarded + // to upstream host selected on first chunk receival for that "session" (identified by source IP/port and local IP/port). + // Only one of use_per_packet_load_balancing or session_filters can be used. + bool use_per_packet_load_balancing = 7; + + // Configuration for session access logs emitted by the UDP proxy. Note that certain UDP specific data is emitted as :ref:`Dynamic Metadata `. + repeated config.accesslog.v3.AccessLog access_log = 8; + + // Configuration for proxy access logs emitted by the UDP proxy. Note that certain UDP specific data is emitted as :ref:`Dynamic Metadata `. + repeated config.accesslog.v3.AccessLog proxy_access_log = 10; + + // Optional session filters that will run for each UDP session. + // Only one of use_per_packet_load_balancing or session_filters can be used. + // [#extension-category: envoy.filters.udp.session] + repeated SessionFilter session_filters = 11; + + // If set, this configures UDP tunneling. See `Proxying UDP in HTTP `_. + // More information can be found in the UDP Proxy and HTTP upgrade documentation. + UdpTunnelingConfig tunneling_config = 12; + + // Additional access log options for UDP Proxy. + UdpAccessLogOptions access_log_options = 13; +} diff --git a/modules/sync/envoyproxy/envoy/cas/9641a91435e6e6b8c64e8e68adb42c0ce592170cc68972d4724169361766892b4d2a00b16e4dc9a2863d7b4d05ff1ebd27e820622355d2de4f5d09b7d71983ef b/modules/sync/envoyproxy/envoy/cas/9641a91435e6e6b8c64e8e68adb42c0ce592170cc68972d4724169361766892b4d2a00b16e4dc9a2863d7b4d05ff1ebd27e820622355d2de4f5d09b7d71983ef new file mode 100644 index 00000000..63f2477a --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/9641a91435e6e6b8c64e8e68adb42c0ce592170cc68972d4724169361766892b4d2a00b16e4dc9a2863d7b4d05ff1ebd27e820622355d2de4f5d09b7d71983ef @@ -0,0 +1,229 @@ +syntax = "proto3"; + +package envoy.service.ratelimit.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/extensions/common/ratelimit/v3/ratelimit.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.service.ratelimit.v3"; +option java_outer_classname = "RlsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/ratelimit/v3;ratelimitv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Rate limit service (RLS)] + +service RateLimitService { + // Determine whether rate limiting should take place. + rpc ShouldRateLimit(RateLimitRequest) returns (RateLimitResponse) { + } +} + +// Main message for a rate limit request. The rate limit service is designed to be fully generic +// in the sense that it can operate on arbitrary hierarchical key/value pairs. The loaded +// configuration will parse the request and find the most specific limit to apply. In addition, +// a RateLimitRequest can contain multiple "descriptors" to limit on. When multiple descriptors +// are provided, the server will limit on *ALL* of them and return an OVER_LIMIT response if any +// of them are over limit. This enables more complex application level rate limiting scenarios +// if desired. +message RateLimitRequest { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.ratelimit.v2.RateLimitRequest"; + + // All rate limit requests must specify a domain. This enables the configuration to be per + // application without fear of overlap. E.g., "envoy". + string domain = 1; + + // All rate limit requests must specify at least one RateLimitDescriptor. Each descriptor is + // processed by the service (see below). If any of the descriptors are over limit, the entire + // request is considered to be over limit. + repeated envoy.extensions.common.ratelimit.v3.RateLimitDescriptor descriptors = 2; + + // Rate limit requests can optionally specify the number of hits a request adds to the matched + // limit. If the value is not set in the message, a request increases the matched limit by 1. + // This value can be overridden by setting filter state value ``envoy.ratelimit.hits_addend`` + // to the desired number. Invalid number (< 0) or number will be ignored. + uint32 hits_addend = 3; +} + +// A response from a ShouldRateLimit call. +// [#next-free-field: 8] +message RateLimitResponse { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.ratelimit.v2.RateLimitResponse"; + + enum Code { + // The response code is not known. + UNKNOWN = 0; + + // The response code to notify that the number of requests are under limit. + OK = 1; + + // The response code to notify that the number of requests are over limit. + OVER_LIMIT = 2; + } + + // Defines an actual rate limit in terms of requests per unit of time and the unit itself. + message RateLimit { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.ratelimit.v2.RateLimitResponse.RateLimit"; + + // Identifies the unit of of time for rate limit. + // [#comment: replace by envoy/type/v3/ratelimit_unit.proto in v4] + enum Unit { + // The time unit is not known. + UNKNOWN = 0; + + // The time unit representing a second. + SECOND = 1; + + // The time unit representing a minute. + MINUTE = 2; + + // The time unit representing an hour. + HOUR = 3; + + // The time unit representing a day. + DAY = 4; + + // The time unit representing a week. + WEEK = 7; + + // The time unit representing a month. + MONTH = 5; + + // The time unit representing a year. + YEAR = 6; + } + + // A name or description of this limit. + string name = 3; + + // The number of requests per unit of time. + uint32 requests_per_unit = 1; + + // The unit of time. + Unit unit = 2; + } + + // Cacheable quota for responses. + // Quota can be granted at different levels: either for each individual descriptor or for the whole descriptor set. + // This is a certain number of requests over a period of time. + // The client may cache this result and apply the effective RateLimitResponse to future matching + // requests without querying rate limit service. + // + // When quota expires due to timeout, a new RLS request will also be made. + // The implementation may choose to preemptively query the rate limit server for more quota on or + // before expiration or before the available quota runs out. + // [#not-implemented-hide:] + message Quota { + // Number of matching requests granted in quota. Must be 1 or more. + uint32 requests = 1 [(validate.rules).uint32 = {gt: 0}]; + + oneof expiration_specifier { + // Point in time at which the quota expires. + google.protobuf.Timestamp valid_until = 2; + } + + // The unique id that is associated with each Quota either at individual descriptor level or whole descriptor set level. + // + // For a matching policy with boolean logic, for example, match: "request.headers['environment'] == 'staging' || request.headers['environment'] == 'dev'"), + // the request_headers action produces a distinct list of descriptors for each possible value of the ‘environment’ header even though the granted quota is same. + // Thus, the client will use this id information (returned from RLS server) to correctly correlate the multiple descriptors/descriptor sets that have been granted with same quota (i.e., share the same quota among multiple descriptors or descriptor sets.) + // + // If id is empty, this id field will be ignored. If quota for the same id changes (e.g. due to configuration update), the old quota will be overridden by the new one. Shared quotas referenced by ID will still adhere to expiration after `valid_until`. + string id = 3; + } + + // [#next-free-field: 6] + message DescriptorStatus { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.ratelimit.v2.RateLimitResponse.DescriptorStatus"; + + // The response code for an individual descriptor. + Code code = 1; + + // The current limit as configured by the server. Useful for debugging, etc. + RateLimit current_limit = 2; + + // The limit remaining in the current time unit. + uint32 limit_remaining = 3; + + // Duration until reset of the current limit window. + google.protobuf.Duration duration_until_reset = 4; + + // Quota is available for a request if its descriptor set has cached quota available for all + // descriptors. + // This is for each individual descriptor in the descriptor set. The client will perform matches for each individual descriptor against available per-descriptor quota. + // + // If quota is available, a RLS request will not be made and the quota will be reduced by 1 for + // all matching descriptors. + // + // If there is not sufficient quota, there are three cases: + // 1. A cached entry exists for a RLS descriptor that is out-of-quota, but not expired. + // In this case, the request will be treated as OVER_LIMIT. + // 2. Some RLS descriptors have a cached entry that has valid quota but some RLS descriptors + // have no cached entry. This will trigger a new RLS request. + // When the result is returned, a single unit will be consumed from the quota for all + // matching descriptors. + // If the server did not provide a quota, such as the quota message is empty for some of + // the descriptors, then the request admission is determined by the + // :ref:`overall_code `. + // 3. All RLS descriptors lack a cached entry, this will trigger a new RLS request, + // When the result is returned, a single unit will be consumed from the quota for all + // matching descriptors. + // If the server did not provide a quota, such as the quota message is empty for some of + // the descriptors, then the request admission is determined by the + // :ref:`overall_code `. + // [#not-implemented-hide:] + Quota quota = 5; + } + + // The overall response code which takes into account all of the descriptors that were passed + // in the RateLimitRequest message. + Code overall_code = 1; + + // A list of DescriptorStatus messages which matches the length of the descriptor list passed + // in the RateLimitRequest. This can be used by the caller to determine which individual + // descriptors failed and/or what the currently configured limits are for all of them. + repeated DescriptorStatus statuses = 2; + + // A list of headers to add to the response + repeated config.core.v3.HeaderValue response_headers_to_add = 3; + + // A list of headers to add to the request when forwarded + repeated config.core.v3.HeaderValue request_headers_to_add = 4; + + // A response body to send to the downstream client when the response code is not OK. + bytes raw_body = 5; + + // Optional response metadata that will be emitted as dynamic metadata to be consumed by the next + // filter. This metadata lives in a namespace specified by the canonical name of extension filter + // that requires it: + // + // - :ref:`envoy.filters.http.ratelimit ` for HTTP filter. + // - :ref:`envoy.filters.network.ratelimit ` for network filter. + // - :ref:`envoy.filters.thrift.rate_limit ` for Thrift filter. + google.protobuf.Struct dynamic_metadata = 6; + + // Quota is available for a request if its entire descriptor set has cached quota available. + // This is a union of all descriptors in the descriptor set. Clients can use the quota for future matches if and only if the descriptor set matches what was sent in the request that originated this response. + // + // If quota is available, a RLS request will not be made and the quota will be reduced by 1. + // If quota is not available (i.e., a cached entry doesn't exist for a RLS descriptor set), a RLS request will be triggered. + // If the server did not provide a quota, such as the quota message is empty then the request admission is determined by the + // :ref:`overall_code `. + // + // If there is not sufficient quota and the cached entry exists for a RLS descriptor set is out-of-quota but not expired, + // the request will be treated as OVER_LIMIT. + // [#not-implemented-hide:] + Quota quota = 7; +} diff --git a/modules/sync/envoyproxy/envoy/cas/a7f813dbdfaadb034a6a7332b0255a0e3b22c62a143f04961312762d3abbf1f55bead00e1df978bdd79ea16c8d90d7c6fd485b60367217391e39ec5aab637b2b b/modules/sync/envoyproxy/envoy/cas/a7f813dbdfaadb034a6a7332b0255a0e3b22c62a143f04961312762d3abbf1f55bead00e1df978bdd79ea16c8d90d7c6fd485b60367217391e39ec5aab637b2b new file mode 100644 index 00000000..33a33166 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/a7f813dbdfaadb034a6a7332b0255a0e3b22c62a143f04961312762d3abbf1f55bead00e1df978bdd79ea16c8d90d7c6fd485b60367217391e39ec5aab637b2b @@ -0,0 +1,672 @@ +syntax = "proto3"; + +package envoy.config.filter.network.http_connection_manager.v2; + +import "envoy/api/v2/core/config_source.proto"; +import "envoy/api/v2/core/protocol.proto"; +import "envoy/api/v2/route.proto"; +import "envoy/api/v2/scoped_route.proto"; +import "envoy/config/filter/accesslog/v2/accesslog.proto"; +import "envoy/config/trace/v2/http_tracer.proto"; +import "envoy/type/percent.proto"; +import "envoy/type/tracing/v2/custom_tag.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.filter.network.http_connection_manager.v2"; +option java_outer_classname = "HttpConnectionManagerProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2;http_connection_managerv2"; +option (udpa.annotations.file_migrate).move_to_package = + "envoy.extensions.filters.network.http_connection_manager.v3"; +option (udpa.annotations.file_status).package_version_status = FROZEN; + +// [#protodoc-title: HTTP connection manager] +// HTTP connection manager :ref:`configuration overview `. +// [#extension: envoy.filters.network.http_connection_manager] + +// [#next-free-field: 37] +message HttpConnectionManager { + enum CodecType { + // For every new connection, the connection manager will determine which + // codec to use. This mode supports both ALPN for TLS listeners as well as + // protocol inference for plaintext listeners. If ALPN data is available, it + // is preferred, otherwise protocol inference is used. In almost all cases, + // this is the right option to choose for this setting. + AUTO = 0; + + // The connection manager will assume that the client is speaking HTTP/1.1. + HTTP1 = 1; + + // The connection manager will assume that the client is speaking HTTP/2 + // (Envoy does not require HTTP/2 to take place over TLS or to use ALPN. + // Prior knowledge is allowed). + HTTP2 = 2; + + // [#not-implemented-hide:] QUIC implementation is not production ready yet. Use this enum with + // caution to prevent accidental execution of QUIC code. I.e. `!= HTTP2` is no longer sufficient + // to distinguish HTTP1 and HTTP2 traffic. + HTTP3 = 3; + } + + enum ServerHeaderTransformation { + // Overwrite any Server header with the contents of server_name. + OVERWRITE = 0; + + // If no Server header is present, append Server server_name + // If a Server header is present, pass it through. + APPEND_IF_ABSENT = 1; + + // Pass through the value of the server header, and do not append a header + // if none is present. + PASS_THROUGH = 2; + } + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + enum ForwardClientCertDetails { + // Do not send the XFCC header to the next hop. This is the default value. + SANITIZE = 0; + + // When the client connection is mTLS (Mutual TLS), forward the XFCC header + // in the request. + FORWARD_ONLY = 1; + + // When the client connection is mTLS, append the client certificate + // information to the request’s XFCC header and forward it. + APPEND_FORWARD = 2; + + // When the client connection is mTLS, reset the XFCC header with the client + // certificate information and send it to the next hop. + SANITIZE_SET = 3; + + // Always forward the XFCC header in the request, regardless of whether the + // client connection is mTLS. + ALWAYS_FORWARD_ONLY = 4; + } + + // [#next-free-field: 10] + message Tracing { + enum OperationName { + // The HTTP listener is used for ingress/incoming requests. + INGRESS = 0; + + // The HTTP listener is used for egress/outgoing requests. + EGRESS = 1; + } + + // The span name will be derived from this field. If + // :ref:`traffic_direction ` is + // specified on the parent listener, then it is used instead of this field. + // + // .. attention:: + // This field has been deprecated in favor of `traffic_direction`. + OperationName operation_name = 1 [ + deprecated = true, + (validate.rules).enum = {defined_only: true}, + (envoy.annotations.disallowed_by_default) = true + ]; + + // A list of header names used to create tags for the active span. The header name is used to + // populate the tag name, and the header value is used to populate the tag value. The tag is + // created if the specified header name is present in the request's headers. + // + // .. attention:: + // This field has been deprecated in favor of :ref:`custom_tags + // `. + repeated string request_headers_for_tags = 2 [deprecated = true]; + + // Target percentage of requests managed by this HTTP connection manager that will be force + // traced if the :ref:`x-client-trace-id ` + // header is set. This field is a direct analog for the runtime variable + // 'tracing.client_enabled' in the :ref:`HTTP Connection Manager + // `. + // Default: 100% + type.Percent client_sampling = 3; + + // Target percentage of requests managed by this HTTP connection manager that will be randomly + // selected for trace generation, if not requested by the client or not forced. This field is + // a direct analog for the runtime variable 'tracing.random_sampling' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.Percent random_sampling = 4; + + // Target percentage of requests managed by this HTTP connection manager that will be traced + // after all other sampling checks have been applied (client-directed, force tracing, random + // sampling). This field functions as an upper limit on the total configured sampling rate. For + // instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% + // of client requests with the appropriate headers to be force traced. This field is a direct + // analog for the runtime variable 'tracing.global_enabled' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.Percent overall_sampling = 5; + + // Whether to annotate spans with additional data. If true, spans will include logs for stream + // events. + bool verbose = 6; + + // Maximum length of the request path to extract and include in the HttpUrl tag. Used to + // truncate lengthy request paths to meet the needs of a tracing backend. + // Default: 256 + google.protobuf.UInt32Value max_path_tag_length = 7; + + // A list of custom tags with unique tag name to create tags for the active span. + repeated type.tracing.v2.CustomTag custom_tags = 8; + + // Configuration for an external tracing provider. + // If not specified, no tracing will be performed. + trace.v2.Tracing.Http provider = 9; + } + + message InternalAddressConfig { + // Whether unix socket addresses should be considered internal. + bool unix_sockets = 1; + } + + // [#next-free-field: 7] + message SetCurrentClientCertDetails { + reserved 2; + + // Whether to forward the subject of the client cert. Defaults to false. + google.protobuf.BoolValue subject = 1; + + // Whether to forward the entire client cert in URL encoded PEM format. This will appear in the + // XFCC header comma separated from other values with the value Cert="PEM". + // Defaults to false. + bool cert = 3; + + // Whether to forward the entire client cert chain (including the leaf cert) in URL encoded PEM + // format. This will appear in the XFCC header comma separated from other values with the value + // Chain="PEM". + // Defaults to false. + bool chain = 6; + + // Whether to forward the DNS type Subject Alternative Names of the client cert. + // Defaults to false. + bool dns = 4; + + // Whether to forward the URI type Subject Alternative Name of the client cert. Defaults to + // false. + bool uri = 5; + } + + // The configuration for HTTP upgrades. + // For each upgrade type desired, an UpgradeConfig must be added. + // + // .. warning:: + // + // The current implementation of upgrade headers does not handle + // multi-valued upgrade headers. Support for multi-valued headers may be + // added in the future if needed. + // + // .. warning:: + // The current implementation of upgrade headers does not work with HTTP/2 + // upstreams. + message UpgradeConfig { + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] + // will be proxied upstream. + string upgrade_type = 1; + + // If present, this represents the filter chain which will be created for + // this type of upgrade. If no filters are present, the filter chain for + // HTTP connections will be used for this upgrade type. + repeated HttpFilter filters = 2; + + // Determines if upgrades are enabled or disabled by default. Defaults to true. + // This can be overridden on a per-route basis with :ref:`cluster + // ` as documented in the + // :ref:`upgrade documentation `. + google.protobuf.BoolValue enabled = 3; + } + + reserved 27; + + // Supplies the type of codec that the connection manager should use. + CodecType codec_type = 1 [(validate.rules).enum = {defined_only: true}]; + + // The human readable prefix to use when emitting statistics for the + // connection manager. See the :ref:`statistics documentation ` for + // more information. + string stat_prefix = 2 [(validate.rules).string = {min_bytes: 1}]; + + oneof route_specifier { + option (validate.required) = true; + + // The connection manager’s route table will be dynamically loaded via the RDS API. + Rds rds = 3; + + // The route table for the connection manager is static and is specified in this property. + api.v2.RouteConfiguration route_config = 4; + + // A route table will be dynamically assigned to each request based on request attributes + // (e.g., the value of a header). The "routing scopes" (i.e., route tables) and "scope keys" are + // specified in this message. + ScopedRoutes scoped_routes = 31; + } + + // A list of individual HTTP filters that make up the filter chain for + // requests made to the connection manager. :ref:`Order matters ` + // as the filters are processed sequentially as request events happen. + repeated HttpFilter http_filters = 5; + + // Whether the connection manager manipulates the :ref:`config_http_conn_man_headers_user-agent` + // and :ref:`config_http_conn_man_headers_downstream-service-cluster` headers. See the linked + // documentation for more information. Defaults to false. + google.protobuf.BoolValue add_user_agent = 6; + + // Presence of the object defines whether the connection manager + // emits :ref:`tracing ` data to the :ref:`configured tracing provider + // `. + Tracing tracing = 7; + + // Additional settings for HTTP requests handled by the connection manager. These will be + // applicable to both HTTP1 and HTTP2 requests. + api.v2.core.HttpProtocolOptions common_http_protocol_options = 35; + + // Additional HTTP/1 settings that are passed to the HTTP/1 codec. + api.v2.core.Http1ProtocolOptions http_protocol_options = 8; + + // Additional HTTP/2 settings that are passed directly to the HTTP/2 codec. + api.v2.core.Http2ProtocolOptions http2_protocol_options = 9; + + // An optional override that the connection manager will write to the server + // header in responses. If not set, the default is *envoy*. + string server_name = 10; + + // Defines the action to be applied to the Server header on the response path. + // By default, Envoy will overwrite the header with the value specified in + // server_name. + ServerHeaderTransformation server_header_transformation = 34 + [(validate.rules).enum = {defined_only: true}]; + + // The maximum request headers size for incoming connections. + // If unconfigured, the default max request headers allowed is 60 KiB. + // Requests that exceed this limit will receive a 431 response. + google.protobuf.UInt32Value max_request_headers_kb = 29 + [(validate.rules).uint32 = {lte: 8192 gt: 0}]; + + // The idle timeout for connections managed by the connection manager. The + // idle timeout is defined as the period in which there are no active + // requests. If not set, there is no idle timeout. When the idle timeout is + // reached the connection will be closed. If the connection is an HTTP/2 + // connection a drain sequence will occur prior to closing the connection. + // This field is deprecated. Use :ref:`idle_timeout + // ` + // instead. + google.protobuf.Duration idle_timeout = 11 + [deprecated = true, (envoy.annotations.disallowed_by_default) = true]; + + // The stream idle timeout for connections managed by the connection manager. + // If not specified, this defaults to 5 minutes. The default value was selected + // so as not to interfere with any smaller configured timeouts that may have + // existed in configurations prior to the introduction of this feature, while + // introducing robustness to TCP connections that terminate without a FIN. + // + // This idle timeout applies to new streams and is overridable by the + // :ref:`route-level idle_timeout + // `. Even on a stream in + // which the override applies, prior to receipt of the initial request + // headers, the :ref:`stream_idle_timeout + // ` + // applies. Each time an encode/decode event for headers or data is processed + // for the stream, the timer will be reset. If the timeout fires, the stream + // is terminated with a 408 Request Timeout error code if no upstream response + // header has been received, otherwise a stream reset occurs. + // + // This timeout also specifies the amount of time that Envoy will wait for the peer to open enough + // window to write any remaining stream data once the entirety of stream data (local end stream is + // true) has been buffered pending available window. In other words, this timeout defends against + // a peer that does not release enough window to completely write the stream, even though all + // data has been proxied within available flow control windows. If the timeout is hit in this + // case, the :ref:`tx_flush_timeout ` counter will be + // incremented. Note that :ref:`max_stream_duration + // ` does not apply to this corner + // case. + // + // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due + // to the granularity of events presented to the connection manager. For example, while receiving + // very large request headers, it may be the case that there is traffic regularly arriving on the + // wire while the connection manage is only able to observe the end-of-headers event, hence the + // stream may still idle timeout. + // + // A value of 0 will completely disable the connection manager stream idle + // timeout, although per-route idle timeout overrides will continue to apply. + google.protobuf.Duration stream_idle_timeout = 24; + + // The amount of time that Envoy will wait for the entire request to be received. + // The timer is activated when the request is initiated, and is disarmed when the last byte of the + // request is sent upstream (i.e. all decoding filters have processed the request), OR when the + // response is initiated. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_timeout = 28; + + // The time that Envoy will wait between sending an HTTP/2 “shutdown + // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. + // This is used so that Envoy provides a grace period for new streams that + // race with the final GOAWAY frame. During this grace period, Envoy will + // continue to accept new streams. After the grace period, a final GOAWAY + // frame is sent and Envoy will start refusing new streams. Draining occurs + // both when a connection hits the idle timeout or during general server + // draining. The default grace period is 5000 milliseconds (5 seconds) if this + // option is not specified. + google.protobuf.Duration drain_timeout = 12; + + // The delayed close timeout is for downstream connections managed by the HTTP connection manager. + // It is defined as a grace period after connection close processing has been locally initiated + // during which Envoy will wait for the peer to close (i.e., a TCP FIN/RST is received by Envoy + // from the downstream connection) prior to Envoy closing the socket associated with that + // connection. + // NOTE: This timeout is enforced even when the socket associated with the downstream connection + // is pending a flush of the write buffer. However, any progress made writing data to the socket + // will restart the timer associated with this timeout. This means that the total grace period for + // a socket in this state will be + // +. + // + // Delaying Envoy's connection close and giving the peer the opportunity to initiate the close + // sequence mitigates a race condition that exists when downstream clients do not drain/process + // data in a connection's receive buffer after a remote close has been detected via a socket + // write(). This race leads to such clients failing to process the response code sent by Envoy, + // which could result in erroneous downstream processing. + // + // If the timeout triggers, Envoy will close the connection's socket. + // + // The default timeout is 1000 ms if this option is not specified. + // + // .. NOTE:: + // To be useful in avoiding the race condition described above, this timeout must be set + // to *at least* +<100ms to account for + // a reasonable "worst" case processing time for a full iteration of Envoy's event loop>. + // + // .. WARNING:: + // A value of 0 will completely disable delayed close processing. When disabled, the downstream + // connection's socket will be closed immediately after the write flush is completed or will + // never close if the write flush does not complete. + google.protobuf.Duration delayed_close_timeout = 26; + + // Configuration for :ref:`HTTP access logs ` + // emitted by the connection manager. + repeated accesslog.v2.AccessLog access_log = 13; + + // If set to true, the connection manager will use the real remote address + // of the client connection when determining internal versus external origin and manipulating + // various headers. If set to false or absent, the connection manager will use the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for`, + // :ref:`config_http_conn_man_headers_x-envoy-internal`, and + // :ref:`config_http_conn_man_headers_x-envoy-external-address` for more information. + google.protobuf.BoolValue use_remote_address = 14; + + // The number of additional ingress proxy hops from the right side of the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when + // determining the origin client's IP address. The default is zero if this option + // is not specified. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. + uint32 xff_num_trusted_hops = 19; + + // Configures what network addresses are considered internal for stats and header sanitation + // purposes. If unspecified, only RFC1918 IP addresses will be considered internal. + // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more + // information about internal/external addresses. + InternalAddressConfig internal_address_config = 25; + + // If set, Envoy will not append the remote address to the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. This may be used in + // conjunction with HTTP filters that explicitly manipulate XFF after the HTTP connection manager + // has mutated the request headers. While :ref:`use_remote_address + // ` + // will also suppress XFF addition, it has consequences for logging and other + // Envoy uses of the remote address, so *skip_xff_append* should be used + // when only an elision of XFF addition is intended. + bool skip_xff_append = 21; + + // Via header value to append to request and response headers. If this is + // empty, no via header will be appended. + string via = 22; + + // Whether the connection manager will generate the :ref:`x-request-id + // ` header if it does not exist. This defaults to + // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature + // is not desired it can be disabled. + google.protobuf.BoolValue generate_request_id = 15; + + // Whether the connection manager will keep the :ref:`x-request-id + // ` header if passed for a request that is edge + // (Edge request is the request from external clients to front Envoy) and not reset it, which + // is the current Envoy behaviour. This defaults to false. + bool preserve_external_request_id = 32; + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + ForwardClientCertDetails forward_client_cert_details = 16 + [(validate.rules).enum = {defined_only: true}]; + + // This field is valid only when :ref:`forward_client_cert_details + // ` + // is APPEND_FORWARD or SANITIZE_SET and the client connection is mTLS. It specifies the fields in + // the client certificate to be forwarded. Note that in the + // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, *Hash* is always set, and + // *By* is always set when the client certificate presents the URI type Subject Alternative Name + // value. + SetCurrentClientCertDetails set_current_client_cert_details = 17; + + // If proxy_100_continue is true, Envoy will proxy incoming "Expect: + // 100-continue" headers upstream, and forward "100 Continue" responses + // downstream. If this is false or not set, Envoy will instead strip the + // "Expect: 100-continue" header, and send a "100 Continue" response itself. + bool proxy_100_continue = 18; + + // If + // :ref:`use_remote_address + // ` + // is true and represent_ipv4_remote_address_as_ipv4_mapped_ipv6 is true and the remote address is + // an IPv4 address, the address will be mapped to IPv6 before it is appended to *x-forwarded-for*. + // This is useful for testing compatibility of upstream services that parse the header value. For + // example, 50.0.0.1 is represented as ::FFFF:50.0.0.1. See `IPv4-Mapped IPv6 Addresses + // `_ for details. This will also affect the + // :ref:`config_http_conn_man_headers_x-envoy-external-address` header. See + // :ref:`http_connection_manager.represent_ipv4_remote_address_as_ipv4_mapped_ipv6 + // ` for runtime + // control. + // [#not-implemented-hide:] + bool represent_ipv4_remote_address_as_ipv4_mapped_ipv6 = 20; + + repeated UpgradeConfig upgrade_configs = 23; + + // Should paths be normalized according to RFC 3986 before any processing of + // requests by HTTP filters or routing? This affects the upstream *:path* header + // as well. For paths that fail this check, Envoy will respond with 400 to + // paths that are malformed. This defaults to false currently but will default + // true in the future. When not specified, this value may be overridden by the + // runtime variable + // :ref:`http_connection_manager.normalize_path`. + // See `Normalization and Comparison `_ + // for details of normalization. + // Note that Envoy does not perform + // `case normalization `_ + google.protobuf.BoolValue normalize_path = 30; + + // Determines if adjacent slashes in the path are merged into one before any processing of + // requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without + // setting this option, incoming requests with path `//dir///file` will not match against route + // with `prefix` match set to `/dir`. Defaults to `false`. Note that slash merging is not part of + // `HTTP spec `_ and is provided for convenience. + bool merge_slashes = 33; + + // The configuration of the request ID extension. This includes operations such as + // generation, validation, and associated tracing operations. + // + // If not set, Envoy uses the default UUID-based behavior: + // + // 1. Request ID is propagated using *x-request-id* header. + // + // 2. Request ID is a universally unique identifier (UUID). + // + // 3. Tracing decision (sampled, forced, etc) is set in 14th byte of the UUID. + RequestIDExtension request_id_extension = 36; +} + +message Rds { + // Configuration source specifier for RDS. + api.v2.core.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; + + // The name of the route configuration. This name will be passed to the RDS + // API. This allows an Envoy configuration with multiple HTTP listeners (and + // associated HTTP connection manager filters) to use different route + // configurations. + string route_config_name = 2 [(validate.rules).string = {min_bytes: 1}]; +} + +// This message is used to work around the limitations with 'oneof' and repeated fields. +message ScopedRouteConfigurationsList { + repeated api.v2.ScopedRouteConfiguration scoped_route_configurations = 1 + [(validate.rules).repeated = {min_items: 1}]; +} + +// [#next-free-field: 6] +message ScopedRoutes { + // Specifies the mechanism for constructing "scope keys" based on HTTP request attributes. These + // keys are matched against a set of :ref:`Key` + // objects assembled from :ref:`ScopedRouteConfiguration` + // messages distributed via SRDS (the Scoped Route Discovery Service) or assigned statically via + // :ref:`scoped_route_configurations_list`. + // + // Upon receiving a request's headers, the Router will build a key using the algorithm specified + // by this message. This key will be used to look up the routing table (i.e., the + // :ref:`RouteConfiguration`) to use for the request. + message ScopeKeyBuilder { + // Specifies the mechanism for constructing key fragments which are composed into scope keys. + message FragmentBuilder { + // Specifies how the value of a header should be extracted. + // The following example maps the structure of a header to the fields in this message. + // + // .. code:: + // + // <0> <1> <-- index + // X-Header: a=b;c=d + // | || | + // | || \----> + // | || + // | |\----> + // | | + // | \----> + // | + // \----> + // + // Each 'a=b' key-value pair constitutes an 'element' of the header field. + message HeaderValueExtractor { + // Specifies a header field's key value pair to match on. + message KvElement { + // The separator between key and value (e.g., '=' separates 'k=v;...'). + // If an element is an empty string, the element is ignored. + // If an element contains no separator, the whole element is parsed as key and the + // fragment value is an empty string. + // If there are multiple values for a matched key, the first value is returned. + string separator = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The key to match on. + string key = 2 [(validate.rules).string = {min_bytes: 1}]; + } + + // The name of the header field to extract the value from. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The element separator (e.g., ';' separates 'a;b;c;d'). + // Default: empty string. This causes the entirety of the header field to be extracted. + // If this field is set to an empty string and 'index' is used in the oneof below, 'index' + // must be set to 0. + string element_separator = 2; + + oneof extract_type { + // Specifies the zero based index of the element to extract. + // Note Envoy concatenates multiple values of the same header key into a comma separated + // string, the splitting always happens after the concatenation. + uint32 index = 3; + + // Specifies the key value pair to extract the value from. + KvElement element = 4; + } + } + + oneof type { + option (validate.required) = true; + + // Specifies how a header field's value should be extracted. + HeaderValueExtractor header_value_extractor = 1; + } + } + + // The final(built) scope key consists of the ordered union of these fragments, which are compared in order with the + // fragments of a :ref:`ScopedRouteConfiguration`. + // A missing fragment during comparison will make the key invalid, i.e., the computed key doesn't match any key. + repeated FragmentBuilder fragments = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // The name assigned to the scoped routing configuration. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The algorithm to use for constructing a scope key for each request. + ScopeKeyBuilder scope_key_builder = 2 [(validate.rules).message = {required: true}]; + + // Configuration source specifier for RDS. + // This config source is used to subscribe to RouteConfiguration resources specified in + // ScopedRouteConfiguration messages. + api.v2.core.ConfigSource rds_config_source = 3 [(validate.rules).message = {required: true}]; + + oneof config_specifier { + option (validate.required) = true; + + // The set of routing scopes corresponding to the HCM. A scope is assigned to a request by + // matching a key constructed from the request's attributes according to the algorithm specified + // by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRouteConfigurationsList scoped_route_configurations_list = 4; + + // The set of routing scopes associated with the HCM will be dynamically loaded via the SRDS + // API. A scope is assigned to a request by matching a key constructed from the request's + // attributes according to the algorithm specified by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRds scoped_rds = 5; + } +} + +message ScopedRds { + // Configuration source specifier for scoped RDS. + api.v2.core.ConfigSource scoped_rds_config_source = 1 + [(validate.rules).message = {required: true}]; +} + +message HttpFilter { + reserved 3; + + // The name of the filter to instantiate. The name must match a + // :ref:`supported filter `. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Filter specific configuration which depends on the filter being instantiated. See the supported + // filters for further documentation. + oneof config_type { + google.protobuf.Struct config = 2 [deprecated = true]; + + google.protobuf.Any typed_config = 4; + } +} + +message RequestIDExtension { + // Request ID extension specific configuration. + google.protobuf.Any typed_config = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/aa88a5a272e85552ea9c02d9411ff0a545d9c0a4a0345db2c7c9ffa173ccb554d5c904b8fb177c2fd608c47feebe16457071b0eb1bfa401314d07008da49478e b/modules/sync/envoyproxy/envoy/cas/aa88a5a272e85552ea9c02d9411ff0a545d9c0a4a0345db2c7c9ffa173ccb554d5c904b8fb177c2fd608c47feebe16457071b0eb1bfa401314d07008da49478e new file mode 100644 index 00000000..9032a659 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/aa88a5a272e85552ea9c02d9411ff0a545d9c0a4a0345db2c7c9ffa173ccb554d5c904b8fb177c2fd608c47feebe16457071b0eb1bfa401314d07008da49478e @@ -0,0 +1,98 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.rbac.v3; + +import "envoy/config/rbac/v3/rbac.proto"; + +import "google/protobuf/duration.proto"; + +import "xds/annotations/v3/status.proto"; +import "xds/type/matcher/v3/matcher.proto"; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.rbac.v3"; +option java_outer_classname = "RbacProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3;rbacv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: RBAC] +// Role-Based Access Control :ref:`configuration overview `. +// [#extension: envoy.filters.network.rbac] + +// RBAC network filter config. +// +// Header should not be used in rules/shadow_rules in RBAC network filter as +// this information is only available in :ref:`RBAC http filter `. +// [#next-free-field: 9] +message RBAC { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.rbac.v2.RBAC"; + + enum EnforcementType { + // Apply RBAC policies when the first byte of data arrives on the connection. + ONE_TIME_ON_FIRST_BYTE = 0; + + // Continuously apply RBAC policies as data arrives. Use this mode when + // using RBAC with message oriented protocols such as Mongo, MySQL, Kafka, + // etc. when the protocol decoders emit dynamic metadata such as the + // resources being accessed and the operations on the resources. + CONTINUOUS = 1; + } + + // Specify the RBAC rules to be applied globally. + // If absent, no enforcing RBAC policy will be applied. + // If present and empty, DENY. + // If both rules and matcher are configured, rules will be ignored. + config.rbac.v3.RBAC rules = 1 + [(udpa.annotations.field_migrate).oneof_promotion = "rules_specifier"]; + + // The match tree to use when resolving RBAC action for incoming connections. Connections do + // not match any matcher will be denied. + // If absent, no enforcing RBAC matcher will be applied. + // If present and empty, deny all connections. + xds.type.matcher.v3.Matcher matcher = 6 [ + (udpa.annotations.field_migrate).oneof_promotion = "rules_specifier", + (xds.annotations.v3.field_status).work_in_progress = true + ]; + + // Shadow rules are not enforced by the filter but will emit stats and logs + // and can be used for rule testing. + // If absent, no shadow RBAC policy will be applied. + // If both shadow rules and shadow matcher are configured, shadow rules will be ignored. + config.rbac.v3.RBAC shadow_rules = 2 + [(udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier"]; + + // The match tree to use for emitting stats and logs which can be used for rule testing for + // incoming connections. + // If absent, no shadow matcher will be applied. + xds.type.matcher.v3.Matcher shadow_matcher = 7 [ + (udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier", + (xds.annotations.v3.field_status).work_in_progress = true + ]; + + // If specified, shadow rules will emit stats with the given prefix. + // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with + // shadow rules. + string shadow_rules_stat_prefix = 5; + + // The prefix to use when emitting statistics. + string stat_prefix = 3 [(validate.rules).string = {min_len: 1}]; + + // RBAC enforcement strategy. By default RBAC will be enforced only once + // when the first byte of data arrives from the downstream. When used in + // conjunction with filters that emit dynamic metadata after decoding + // every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to + // CONTINUOUS to enforce RBAC policies on every message boundary. + EnforcementType enforcement_type = 4; + + // Delay the specified duration before closing the connection when the policy evaluation + // result is ``DENY``. If this is not present, the connection will be closed immediately. + // This is useful to provide a better protection for Envoy against clients that retries + // aggressively when the connection is rejected by the RBAC filter. + google.protobuf.Duration delay_deny = 8; +} diff --git a/modules/sync/envoyproxy/envoy/cas/ac4a57cb2f25fbfce2a8daef2546317e33d09d8162447b82d56491df84b4847880ea6fa7048a0d82380191fced4f1caa1490773c8584aac1251b274429a8335b b/modules/sync/envoyproxy/envoy/cas/ac4a57cb2f25fbfce2a8daef2546317e33d09d8162447b82d56491df84b4847880ea6fa7048a0d82380191fced4f1caa1490773c8584aac1251b274429a8335b new file mode 100644 index 00000000..de62fbf9 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/ac4a57cb2f25fbfce2a8daef2546317e33d09d8162447b82d56491df84b4847880ea6fa7048a0d82380191fced4f1caa1490773c8584aac1251b274429a8335b @@ -0,0 +1,206 @@ +syntax = "proto3"; + +package envoy.service.status.v3; + +import "envoy/admin/v3/config_dump_shared.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/type/matcher/v3/node.proto"; + +import "google/api/annotations.proto"; +import "google/protobuf/any.proto"; +import "google/protobuf/timestamp.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.service.status.v3"; +option java_outer_classname = "CsdsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/status/v3;statusv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Client status discovery service (CSDS)] + +// CSDS is Client Status Discovery Service. It can be used to get the status of +// an xDS-compliant client from the management server's point of view. It can +// also be used to get the current xDS states directly from the client. +service ClientStatusDiscoveryService { + rpc StreamClientStatus(stream ClientStatusRequest) returns (stream ClientStatusResponse) { + } + + rpc FetchClientStatus(ClientStatusRequest) returns (ClientStatusResponse) { + option (google.api.http).post = "/v3/discovery:client_status"; + option (google.api.http).body = "*"; + } +} + +// Status of a config from a management server view. +enum ConfigStatus { + // Status info is not available/unknown. + UNKNOWN = 0; + + // Management server has sent the config to client and received ACK. + SYNCED = 1; + + // Config is not sent. + NOT_SENT = 2; + + // Management server has sent the config to client but hasn’t received + // ACK/NACK. + STALE = 3; + + // Management server has sent the config to client but received NACK. The + // attached config dump will be the latest config (the rejected one), since + // it is the persisted version in the management server. + ERROR = 4; +} + +// Config status from a client-side view. +enum ClientConfigStatus { + // Config status is not available/unknown. + CLIENT_UNKNOWN = 0; + + // Client requested the config but hasn't received any config from management + // server yet. + CLIENT_REQUESTED = 1; + + // Client received the config and replied with ACK. + CLIENT_ACKED = 2; + + // Client received the config and replied with NACK. Notably, the attached + // config dump is not the NACKed version, but the most recent accepted one. If + // no config is accepted yet, the attached config dump will be empty. + CLIENT_NACKED = 3; + + // Client received an error from the control plane. The attached config + // dump is the most recent accepted one. If no config is accepted yet, + // the attached config dump will be empty. + CLIENT_RECEIVED_ERROR = 4; +} + +// Request for client status of clients identified by a list of NodeMatchers. +message ClientStatusRequest { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.status.v2.ClientStatusRequest"; + + // Management server can use these match criteria to identify clients. + // The match follows OR semantics. + repeated type.matcher.v3.NodeMatcher node_matchers = 1; + + // The node making the csds request. + config.core.v3.Node node = 2; + + // If true, the server will not include the resource contents in the response + // (i.e., the generic_xds_configs.xds_config field will not be populated). + // [#not-implemented-hide:] + bool exclude_resource_contents = 3; +} + +// Detailed config (per xDS) with status. +// [#next-free-field: 8] +message PerXdsConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.status.v2.PerXdsConfig"; + + // Config status generated by management servers. Will not be present if the + // CSDS server is an xDS client. + ConfigStatus status = 1; + + // Client config status is populated by xDS clients. Will not be present if + // the CSDS server is an xDS server. No matter what the client config status + // is, xDS clients should always dump the most recent accepted xDS config. + // + // .. attention:: + // This field is deprecated. Use :ref:`ClientResourceStatus + // ` for per-resource + // config status instead. + ClientConfigStatus client_status = 7 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + oneof per_xds_config { + admin.v3.ListenersConfigDump listener_config = 2; + + admin.v3.ClustersConfigDump cluster_config = 3; + + admin.v3.RoutesConfigDump route_config = 4; + + admin.v3.ScopedRoutesConfigDump scoped_route_config = 5; + + admin.v3.EndpointsConfigDump endpoint_config = 6; + } +} + +// All xds configs for a particular client. +message ClientConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.status.v2.ClientConfig"; + + // GenericXdsConfig is used to specify the config status and the dump + // of any xDS resource identified by their type URL. It is the generalized + // version of the now deprecated ListenersConfigDump, ClustersConfigDump etc + // [#next-free-field: 10] + message GenericXdsConfig { + // Type_url represents the fully qualified name of xDS resource type + // like envoy.v3.Cluster, envoy.v3.ClusterLoadAssignment etc. + string type_url = 1; + + // Name of the xDS resource + string name = 2; + + // This is the :ref:`version_info ` + // in the last processed xDS discovery response. If there are only + // static bootstrap listeners, this field will be "" + string version_info = 3; + + // The xDS resource config. Actual content depends on the type + google.protobuf.Any xds_config = 4; + + // Timestamp when the xDS resource was last updated + google.protobuf.Timestamp last_updated = 5; + + // Per xDS resource config status. It is generated by management servers. + // It will not be present if the CSDS server is an xDS client. + ConfigStatus config_status = 6; + + // Per xDS resource status from the view of a xDS client + admin.v3.ClientResourceStatus client_status = 7; + + // Set if the last update failed, cleared after the next successful + // update. The *error_state* field contains the rejected version of + // this particular resource along with the reason and timestamp. For + // successfully updated or acknowledged resource, this field should + // be empty. + // [#not-implemented-hide:] + admin.v3.UpdateFailureState error_state = 8; + + // Is static resource is true if it is specified in the config supplied + // through the file at the startup. + bool is_static_resource = 9; + } + + // Node for a particular client. + config.core.v3.Node node = 1; + + // This field is deprecated in favor of generic_xds_configs which is + // much simpler and uniform in structure. + repeated PerXdsConfig xds_config = 2 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Represents generic xDS config and the exact config structure depends on + // the type URL (like Cluster if it is CDS) + repeated GenericXdsConfig generic_xds_configs = 3; + + // For xDS clients, the scope in which the data is used. + // For example, gRPC indicates the data plane target or that the data is + // associated with gRPC server(s). + string client_scope = 4; +} + +message ClientStatusResponse { + option (udpa.annotations.versioning).previous_message_type = + "envoy.service.status.v2.ClientStatusResponse"; + + // Client configs for the clients specified in the ClientStatusRequest. + repeated ClientConfig config = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/acf97d4c6b5404951c13b3929354bb0613f3cc5cb4852a71f6d79b0fc37a40cd8e0b756a90fc1bbc2a11fd52b851fbd244dae48296a34873dcaeef73fa9ca421 b/modules/sync/envoyproxy/envoy/cas/acf97d4c6b5404951c13b3929354bb0613f3cc5cb4852a71f6d79b0fc37a40cd8e0b756a90fc1bbc2a11fd52b851fbd244dae48296a34873dcaeef73fa9ca421 new file mode 100644 index 00000000..77deff29 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/acf97d4c6b5404951c13b3929354bb0613f3cc5cb4852a71f6d79b0fc37a40cd8e0b756a90fc1bbc2a11fd52b851fbd244dae48296a34873dcaeef73fa9ca421 @@ -0,0 +1,157 @@ +syntax = "proto3"; + +package envoy.extensions.common.ratelimit.v3; + +import "envoy/type/v3/ratelimit_unit.proto"; +import "envoy/type/v3/token_bucket.proto"; + +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.common.ratelimit.v3"; +option java_outer_classname = "RatelimitProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/common/ratelimit/v3;ratelimitv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Common rate limit components] + +// Defines the version of the standard to use for X-RateLimit headers. +enum XRateLimitHeadersRFCVersion { + // X-RateLimit headers disabled. + OFF = 0; + + // Use `draft RFC Version 03 `_ where 3 headers will be added: + // + // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the + // client in the current time-window followed by the description of the + // quota policy. The value is returned by the maximum tokens of the token bucket. + // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the + // current time-window. The value is returned by the remaining tokens in the token bucket. + // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of + // the current time-window. The value is returned by the remaining fill interval of the token bucket. + DRAFT_VERSION_03 = 1; +} + +enum VhRateLimitsOptions { + // Use the virtual host rate limits unless the route has a rate limit policy. + OVERRIDE = 0; + + // Use the virtual host rate limits even if the route has a rate limit policy. + INCLUDE = 1; + + // Ignore the virtual host rate limits even if the route does not have a rate limit policy. + IGNORE = 2; +} + +// A RateLimitDescriptor is a list of hierarchical entries that are used by the service to +// determine the final rate limit key and overall allowed limit. Here are some examples of how +// they might be used for the domain "envoy". +// +// .. code-block:: cpp +// +// ["authenticated": "false"], ["remote_address": "10.0.0.1"] +// +// What it does: Limits all unauthenticated traffic for the IP address 10.0.0.1. The +// configuration supplies a default limit for the *remote_address* key. If there is a desire to +// raise the limit for 10.0.0.1 or block it entirely it can be specified directly in the +// configuration. +// +// .. code-block:: cpp +// +// ["authenticated": "false"], ["path": "/foo/bar"] +// +// What it does: Limits all unauthenticated traffic globally for a specific path (or prefix if +// configured that way in the service). +// +// .. code-block:: cpp +// +// ["authenticated": "false"], ["path": "/foo/bar"], ["remote_address": "10.0.0.1"] +// +// What it does: Limits unauthenticated traffic to a specific path for a specific IP address. +// Like (1) we can raise/block specific IP addresses if we want with an override configuration. +// +// .. code-block:: cpp +// +// ["authenticated": "true"], ["client_id": "foo"] +// +// What it does: Limits all traffic for an authenticated client "foo" +// +// .. code-block:: cpp +// +// ["authenticated": "true"], ["client_id": "foo"], ["path": "/foo/bar"] +// +// What it does: Limits traffic to a specific path for an authenticated client "foo" +// +// The idea behind the API is that (1)/(2)/(3) and (4)/(5) can be sent in 1 request if desired. +// This enables building complex application scenarios with a generic backend. +// +// Optionally the descriptor can contain a limit override under a "limit" key, that specifies +// the number of requests per unit to use instead of the number configured in the +// rate limiting service. +message RateLimitDescriptor { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.ratelimit.RateLimitDescriptor"; + + message Entry { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.ratelimit.RateLimitDescriptor.Entry"; + + // Descriptor key. + string key = 1 [(validate.rules).string = {min_len: 1}]; + + // Descriptor value. + string value = 2 [(validate.rules).string = {min_len: 1}]; + } + + // Override rate limit to apply to this descriptor instead of the limit + // configured in the rate limit service. See :ref:`rate limit override + // ` for more information. + message RateLimitOverride { + // The number of requests per unit of time. + uint32 requests_per_unit = 1; + + // The unit of time. + type.v3.RateLimitUnit unit = 2 [(validate.rules).enum = {defined_only: true}]; + } + + // Descriptor entries. + repeated Entry entries = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Optional rate limit override to supply to the ratelimit service. + RateLimitOverride limit = 2; + + // Optional hits_addend for the rate limit descriptor. If set the value will override the + // request level hits_addend. + google.protobuf.UInt64Value hits_addend = 3; +} + +// Configuration used to enable local rate limiting. +// +// .. note:: +// The ``LocalRateLimitDescriptor`` is used to configure a local rate limit rule with a token +// bucket algorithm. The ``RateLimitDescriptor`` is used to represent a list of symbols that +// are used to match against the rate limit rule. +// +message LocalRateLimitDescriptor { + // Descriptor entries. + repeated v3.RateLimitDescriptor.Entry entries = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Token Bucket algorithm for local ratelimiting. + type.v3.TokenBucket token_bucket = 2 [(validate.rules).message = {required: true}]; +} + +// Configuration used to enable local cluster level rate limiting where the token buckets +// will be shared across all the Envoy instances in the local cluster. +// A share will be calculated based on the membership of the local cluster dynamically +// and the configuration. When the limiter refilling the token bucket, the share will be +// applied. By default, the token bucket will be shared evenly. +// +// See :ref:`local cluster name +// ` for more context +// about local cluster. +message LocalClusterRateLimit { +} diff --git a/modules/sync/envoyproxy/envoy/cas/ae28b55a1d43e246e656acdd267aee16e19b6ab15c507b928417b17ce81741a6cbb4cb72da3cfd5980142e16aee8468122e34febd659868cf0e4cd077049470f b/modules/sync/envoyproxy/envoy/cas/ae28b55a1d43e246e656acdd267aee16e19b6ab15c507b928417b17ce81741a6cbb4cb72da3cfd5980142e16aee8468122e34febd659868cf0e4cd077049470f new file mode 100644 index 00000000..48ff5e7e --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/ae28b55a1d43e246e656acdd267aee16e19b6ab15c507b928417b17ce81741a6cbb4cb72da3cfd5980142e16aee8468122e34febd659868cf0e4cd077049470f @@ -0,0 +1,662 @@ +syntax = "proto3"; + +package envoy.config.core.v3; + +import "envoy/config/core/v3/address.proto"; +import "envoy/config/core/v3/backoff.proto"; +import "envoy/config/core/v3/http_uri.proto"; +import "envoy/type/v3/percent.proto"; +import "envoy/type/v3/semantic_version.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "xds/core/v3/context_params.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v3"; +option java_outer_classname = "BaseProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Common types] + +// Envoy supports :ref:`upstream priority routing +// ` both at the route and the virtual +// cluster level. The current priority implementation uses different connection +// pool and circuit breaking settings for each priority level. This means that +// even for HTTP/2 requests, two physical connections will be used to an +// upstream host. In the future Envoy will likely support true HTTP/2 priority +// over a single upstream connection. +enum RoutingPriority { + DEFAULT = 0; + HIGH = 1; +} + +// HTTP request method. +enum RequestMethod { + METHOD_UNSPECIFIED = 0; + GET = 1; + HEAD = 2; + POST = 3; + PUT = 4; + DELETE = 5; + CONNECT = 6; + OPTIONS = 7; + TRACE = 8; + PATCH = 9; +} + +// Identifies the direction of the traffic relative to the local Envoy. +enum TrafficDirection { + // Default option is unspecified. + UNSPECIFIED = 0; + + // The transport is used for incoming traffic. + INBOUND = 1; + + // The transport is used for outgoing traffic. + OUTBOUND = 2; +} + +// Identifies location of where either Envoy runs or where upstream hosts run. +message Locality { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Locality"; + + // Region this :ref:`zone ` belongs to. + string region = 1; + + // Defines the local service zone where Envoy is running. Though optional, it + // should be set if discovery service routing is used and the discovery + // service exposes :ref:`zone data `, + // either in this message or via :option:`--service-zone`. The meaning of zone + // is context dependent, e.g. `Availability Zone (AZ) + // `_ + // on AWS, `Zone `_ on + // GCP, etc. + string zone = 2; + + // When used for locality of upstream hosts, this field further splits zone + // into smaller chunks of sub-zones so they can be load balanced + // independently. + string sub_zone = 3; +} + +// BuildVersion combines SemVer version of extension with free-form build information +// (i.e. 'alpha', 'private-build') as a set of strings. +message BuildVersion { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BuildVersion"; + + // SemVer version of extension. + type.v3.SemanticVersion version = 1; + + // Free-form build information. + // Envoy defines several well known keys in the source/common/version/version.h file + google.protobuf.Struct metadata = 2; +} + +// Version and identification for an Envoy extension. +// [#next-free-field: 7] +message Extension { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Extension"; + + // This is the name of the Envoy filter as specified in the Envoy + // configuration, e.g. envoy.filters.http.router, com.acme.widget. + string name = 1; + + // Category of the extension. + // Extension category names use reverse DNS notation. For instance "envoy.filters.listener" + // for Envoy's built-in listener filters or "com.acme.filters.http" for HTTP filters from + // acme.com vendor. + // [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.] + string category = 2; + + // [#not-implemented-hide:] Type descriptor of extension configuration proto. + // [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] + // [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.] + string type_descriptor = 3 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // The version is a property of the extension and maintained independently + // of other extensions and the Envoy API. + // This field is not set when extension did not provide version information. + BuildVersion version = 4; + + // Indicates that the extension is present but was disabled via dynamic configuration. + bool disabled = 5; + + // Type URLs of extension configuration protos. + repeated string type_urls = 6; +} + +// Identifies a specific Envoy instance. The node identifier is presented to the +// management server, which may use this identifier to distinguish per Envoy +// configuration for serving. +// [#next-free-field: 13] +message Node { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Node"; + + reserved 5; + + reserved "build_version"; + + // An opaque node identifier for the Envoy node. This also provides the local + // service node name. It should be set if any of the following features are + // used: :ref:`statsd `, :ref:`CDS + // `, and :ref:`HTTP tracing + // `, either in this message or via + // :option:`--service-node`. + string id = 1; + + // Defines the local service cluster name where Envoy is running. Though + // optional, it should be set if any of the following features are used: + // :ref:`statsd `, :ref:`health check cluster + // verification + // `, + // :ref:`runtime override directory `, + // :ref:`user agent addition + // `, + // :ref:`HTTP global rate limiting `, + // :ref:`CDS `, and :ref:`HTTP tracing + // `, either in this message or via + // :option:`--service-cluster`. + string cluster = 2; + + // Opaque metadata extending the node identifier. Envoy will pass this + // directly to the management server. + google.protobuf.Struct metadata = 3; + + // Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike + // other fields in this message). For example, the xDS client may have a shard identifier that + // changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the + // dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic + // parameter then appears in this field during future discovery requests. + map dynamic_parameters = 12; + + // Locality specifying where the Envoy instance is running. + Locality locality = 4; + + // Free-form string that identifies the entity requesting config. + // E.g. "envoy" or "grpc" + string user_agent_name = 6; + + oneof user_agent_version_type { + // Free-form string that identifies the version of the entity requesting config. + // E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild" + string user_agent_version = 7; + + // Structured version of the entity requesting config. + BuildVersion user_agent_build_version = 8; + } + + // List of extensions and their versions supported by the node. + repeated Extension extensions = 9; + + // Client feature support list. These are well known features described + // in the Envoy API repository for a given major version of an API. Client features + // use reverse DNS naming scheme, for example ``com.acme.feature``. + // See :ref:`the list of features ` that xDS client may + // support. + repeated string client_features = 10; + + // Known listening ports on the node as a generic hint to the management server + // for filtering :ref:`listeners ` to be returned. For example, + // if there is a listener bound to port 80, the list can optionally contain the + // SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint. + repeated Address listening_addresses = 11 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; +} + +// Metadata provides additional inputs to filters based on matched listeners, +// filter chains, routes and endpoints. It is structured as a map, usually from +// filter name (in reverse DNS format) to metadata specific to the filter. Metadata +// key-values for a filter are merged as connection and request handling occurs, +// with later values for the same key overriding earlier values. +// +// An example use of metadata is providing additional values to +// http_connection_manager in the envoy.http_connection_manager.access_log +// namespace. +// +// Another example use of metadata is to per service config info in cluster metadata, which may get +// consumed by multiple filters. +// +// For load balancing, Metadata provides a means to subset cluster endpoints. +// Endpoints have a Metadata object associated and routes contain a Metadata +// object to match against. There are some well defined metadata used today for +// this purpose: +// +// * ``{"envoy.lb": {"canary": }}`` This indicates the canary status of an +// endpoint and is also used during header processing +// (x-envoy-upstream-canary) and for stats purposes. +// [#next-major-version: move to type/metadata/v2] +message Metadata { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Metadata"; + + // Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*`` + // namespace is reserved for Envoy's built-in filters. + // If both ``filter_metadata`` and + // :ref:`typed_filter_metadata ` + // fields are present in the metadata with same keys, + // only ``typed_filter_metadata`` field will be parsed. + map filter_metadata = 1 + [(validate.rules).map = {keys {string {min_len: 1}}}]; + + // Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*`` + // namespace is reserved for Envoy's built-in filters. + // The value is encoded as google.protobuf.Any. + // If both :ref:`filter_metadata ` + // and ``typed_filter_metadata`` fields are present in the metadata with same keys, + // only ``typed_filter_metadata`` field will be parsed. + map typed_filter_metadata = 2 + [(validate.rules).map = {keys {string {min_len: 1}}}]; +} + +// Runtime derived uint32 with a default when not specified. +message RuntimeUInt32 { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RuntimeUInt32"; + + // Default value if runtime value is not available. + uint32 default_value = 2; + + // Runtime key to get value for comparison. This value is used if defined. + string runtime_key = 3 [(validate.rules).string = {min_len: 1}]; +} + +// Runtime derived percentage with a default when not specified. +message RuntimePercent { + // Default value if runtime value is not available. + type.v3.Percent default_value = 1; + + // Runtime key to get value for comparison. This value is used if defined. + string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; +} + +// Runtime derived double with a default when not specified. +message RuntimeDouble { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RuntimeDouble"; + + // Default value if runtime value is not available. + double default_value = 1; + + // Runtime key to get value for comparison. This value is used if defined. + string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; +} + +// Runtime derived bool with a default when not specified. +message RuntimeFeatureFlag { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.RuntimeFeatureFlag"; + + // Default value if runtime value is not available. + google.protobuf.BoolValue default_value = 1 [(validate.rules).message = {required: true}]; + + // Runtime key to get value for comparison. This value is used if defined. The boolean value must + // be represented via its + // `canonical JSON encoding `_. + string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; +} + +// Please use :ref:`KeyValuePair ` instead. +// [#not-implemented-hide:] +message KeyValue { + // The key of the key/value pair. + string key = 1 [ + deprecated = true, + (validate.rules).string = {min_len: 1 max_bytes: 16384}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // The value of the key/value pair. + // + // The ``bytes`` type is used. This means if JSON or YAML is used to to represent the + // configuration, the value must be base64 encoded. This is unfriendly for users in most + // use scenarios of this message. + // + bytes value = 2 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; +} + +message KeyValuePair { + // The key of the key/value pair. + string key = 1 [(validate.rules).string = {min_len: 1 max_bytes: 16384}]; + + // The value of the key/value pair. + google.protobuf.Value value = 2; +} + +// Key/value pair plus option to control append behavior. This is used to specify +// key/value pairs that should be appended to a set of existing key/value pairs. +message KeyValueAppend { + // Describes the supported actions types for key/value pair append action. + enum KeyValueAppendAction { + // If the key already exists, this action will result in the following behavior: + // + // - Comma-concatenated value if multiple values are not allowed. + // - New value added to the list of values if multiple values are allowed. + // + // If the key doesn't exist then this will add pair with specified key and value. + APPEND_IF_EXISTS_OR_ADD = 0; + + // This action will add the key/value pair if it doesn't already exist. If the + // key already exists then this will be a no-op. + ADD_IF_ABSENT = 1; + + // This action will overwrite the specified value by discarding any existing + // values if the key already exists. If the key doesn't exist then this will add + // the pair with specified key and value. + OVERWRITE_IF_EXISTS_OR_ADD = 2; + + // This action will overwrite the specified value by discarding any existing + // values if the key already exists. If the key doesn't exist then this will + // be no-op. + OVERWRITE_IF_EXISTS = 3; + } + + // The single key/value pair record to be appended or overridden. This field must be set. + KeyValuePair record = 3; + + // Key/value pair entry that this option to append or overwrite. This field is deprecated + // and please use :ref:`record ` + // as replacement. + // [#not-implemented-hide:] + KeyValue entry = 1 [ + deprecated = true, + (validate.rules).message = {skip: true}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // Describes the action taken to append/overwrite the given value for an existing + // key or to only add this key if it's absent. + KeyValueAppendAction action = 2 [(validate.rules).enum = {defined_only: true}]; +} + +// Key/value pair to append or remove. +message KeyValueMutation { + // Key/value pair to append or overwrite. Only one of ``append`` or ``remove`` can be set or + // the configuration will be rejected. + KeyValueAppend append = 1; + + // Key to remove. Only one of ``append`` or ``remove`` can be set or the configuration will be + // rejected. + string remove = 2 [(validate.rules).string = {max_bytes: 16384}]; +} + +// Query parameter name/value pair. +message QueryParameter { + // The key of the query parameter. Case sensitive. + string key = 1 [(validate.rules).string = {min_len: 1}]; + + // The value of the query parameter. + string value = 2; +} + +// Header name/value pair. +message HeaderValue { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderValue"; + + // Header name. + string key = 1 + [(validate.rules).string = + {min_len: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Header value. + // + // The same :ref:`format specifier ` as used for + // :ref:`HTTP access logging ` applies here, however + // unknown header values are replaced with the empty string instead of ``-``. + // Header value is encoded as string. This does not work for non-utf8 characters. + // Only one of ``value`` or ``raw_value`` can be set. + string value = 2 [ + (validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}, + (udpa.annotations.field_migrate).oneof_promotion = "value_type" + ]; + + // Header value is encoded as bytes which can support non-utf8 characters. + // Only one of ``value`` or ``raw_value`` can be set. + bytes raw_value = 3 [ + (validate.rules).bytes = {min_len: 0 max_len: 16384}, + (udpa.annotations.field_migrate).oneof_promotion = "value_type" + ]; +} + +// Header name/value pair plus option to control append behavior. +message HeaderValueOption { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.HeaderValueOption"; + + // Describes the supported actions types for header append action. + enum HeaderAppendAction { + // If the header already exists, this action will result in: + // + // - Comma-concatenated for predefined inline headers. + // - Duplicate header added in the ``HeaderMap`` for other headers. + // + // If the header doesn't exist then this will add new header with specified key and value. + APPEND_IF_EXISTS_OR_ADD = 0; + + // This action will add the header if it doesn't already exist. If the header + // already exists then this will be a no-op. + ADD_IF_ABSENT = 1; + + // This action will overwrite the specified value by discarding any existing values if + // the header already exists. If the header doesn't exist then this will add the header + // with specified key and value. + OVERWRITE_IF_EXISTS_OR_ADD = 2; + + // This action will overwrite the specified value by discarding any existing values if + // the header already exists. If the header doesn't exist then this will be no-op. + OVERWRITE_IF_EXISTS = 3; + } + + // Header name/value pair that this option applies to. + HeaderValue header = 1 [(validate.rules).message = {required: true}]; + + // Should the value be appended? If true (default), the value is appended to + // existing values. Otherwise it replaces any existing values. + // This field is deprecated and please use + // :ref:`append_action ` as replacement. + // + // .. note:: + // The :ref:`external authorization service ` and + // :ref:`external processor service ` have + // default value (``false``) for this field. + google.protobuf.BoolValue append = 2 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Describes the action taken to append/overwrite the given value for an existing header + // or to only add this header if it's absent. + // Value defaults to :ref:`APPEND_IF_EXISTS_OR_ADD + // `. + HeaderAppendAction append_action = 3 [(validate.rules).enum = {defined_only: true}]; + + // Is the header value allowed to be empty? If false (default), custom headers with empty values are dropped, + // otherwise they are added. + bool keep_empty_value = 4; +} + +// Wrapper for a set of headers. +message HeaderMap { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderMap"; + + // A list of header names and their values. + repeated HeaderValue headers = 1; +} + +// A directory that is watched for changes, e.g. by inotify on Linux. Move/rename +// events inside this directory trigger the watch. +message WatchedDirectory { + // Directory path to watch. + string path = 1 [(validate.rules).string = {min_len: 1}]; +} + +// Data source consisting of a file, an inline value, or an environment variable. +// [#next-free-field: 6] +message DataSource { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.DataSource"; + + oneof specifier { + option (validate.required) = true; + + // Local filesystem data source. + string filename = 1 [(validate.rules).string = {min_len: 1}]; + + // Bytes inlined in the configuration. + bytes inline_bytes = 2; + + // String inlined in the configuration. + string inline_string = 3; + + // Environment variable data source. + string environment_variable = 4 [(validate.rules).string = {min_len: 1}]; + } + + // Watched directory that is watched for file changes. If this is set explicitly, the file + // specified in the ``filename`` field will be reloaded when relevant file move events occur. + // + // .. note:: + // This field only makes sense when the ``filename`` field is set. + // + // .. note:: + // Envoy only updates when the file is replaced by a file move, and not when the file is + // edited in place. + // + // .. note:: + // Not all use cases of ``DataSource`` support watching directories. It depends on the + // specific usage of the ``DataSource``. See the documentation of the parent message for + // details. + WatchedDirectory watched_directory = 5; +} + +// The message specifies the retry policy of remote data source when fetching fails. +// [#next-free-field: 7] +message RetryPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RetryPolicy"; + + // See :ref:`RetryPriority `. + message RetryPriority { + string name = 1 [(validate.rules).string = {min_len: 1}]; + + oneof config_type { + google.protobuf.Any typed_config = 2; + } + } + + // See :ref:`RetryHostPredicate `. + message RetryHostPredicate { + string name = 1 [(validate.rules).string = {min_len: 1}]; + + oneof config_type { + google.protobuf.Any typed_config = 2; + } + } + + // Specifies parameters that control :ref:`retry backoff strategy `. + // This parameter is optional, in which case the default base interval is 1000 milliseconds. The + // default maximum interval is 10 times the base interval. + BackoffStrategy retry_back_off = 1; + + // Specifies the allowed number of retries. This parameter is optional and + // defaults to 1. + google.protobuf.UInt32Value num_retries = 2 + [(udpa.annotations.field_migrate).rename = "max_retries"]; + + // For details, see :ref:`retry_on `. + string retry_on = 3; + + // For details, see :ref:`retry_priority `. + RetryPriority retry_priority = 4; + + // For details, see :ref:`RetryHostPredicate `. + repeated RetryHostPredicate retry_host_predicate = 5; + + // For details, see :ref:`host_selection_retry_max_attempts `. + int64 host_selection_retry_max_attempts = 6; +} + +// The message specifies how to fetch data from remote and how to verify it. +message RemoteDataSource { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RemoteDataSource"; + + // The HTTP URI to fetch the remote data. + HttpUri http_uri = 1 [(validate.rules).message = {required: true}]; + + // SHA256 string for verifying data. + string sha256 = 2 [(validate.rules).string = {min_len: 1}]; + + // Retry policy for fetching remote data. + RetryPolicy retry_policy = 3; +} + +// Async data source which support async data fetch. +message AsyncDataSource { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.AsyncDataSource"; + + oneof specifier { + option (validate.required) = true; + + // Local async data source. + DataSource local = 1; + + // Remote async data source. + RemoteDataSource remote = 2; + } +} + +// Configuration for transport socket in :ref:`listeners ` and +// :ref:`clusters `. If the configuration is +// empty, a default transport socket implementation and configuration will be +// chosen based on the platform and existence of tls_context. +message TransportSocket { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.TransportSocket"; + + reserved 2; + + reserved "config"; + + // The name of the transport socket to instantiate. The name must match a supported transport + // socket implementation. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Implementation specific configuration which depends on the implementation being instantiated. + // See the supported transport socket implementations for further documentation. + oneof config_type { + google.protobuf.Any typed_config = 3; + } +} + +// Runtime derived FractionalPercent with defaults for when the numerator or denominator is not +// specified via a runtime key. +// +// .. note:: +// +// Parsing of the runtime key's data is implemented such that it may be represented as a +// :ref:`FractionalPercent ` proto represented as JSON/YAML +// and may also be represented as an integer with the assumption that the value is an integral +// percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse +// as a ``FractionalPercent`` whose numerator is 42 and denominator is HUNDRED. +message RuntimeFractionalPercent { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.RuntimeFractionalPercent"; + + // Default value if the runtime value's for the numerator/denominator keys are not available. + type.v3.FractionalPercent default_value = 1 [(validate.rules).message = {required: true}]; + + // Runtime key for a YAML representation of a FractionalPercent. + string runtime_key = 2; +} + +// Identifies a specific ControlPlane instance that Envoy is connected to. +message ControlPlane { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ControlPlane"; + + // An opaque control plane identifier that uniquely identifies an instance + // of control plane. This can be used to identify which control plane instance, + // the Envoy is connected to. + string identifier = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/b1b80519ed10cd644f155c72798d6d0f8a55d4657fb61d2de8aab8c821865aa7b60be401f52e6b04157c806772428ea368d36791ded9328940fe980b70e42f8f b/modules/sync/envoyproxy/envoy/cas/b1b80519ed10cd644f155c72798d6d0f8a55d4657fb61d2de8aab8c821865aa7b60be401f52e6b04157c806772428ea368d36791ded9328940fe980b70e42f8f new file mode 100644 index 00000000..1f267c18 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/b1b80519ed10cd644f155c72798d6d0f8a55d4657fb61d2de8aab8c821865aa7b60be401f52e6b04157c806772428ea368d36791ded9328940fe980b70e42f8f @@ -0,0 +1,213 @@ +syntax = "proto3"; + +package envoy.config.overload.v3; + +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.overload.v3"; +option java_outer_classname = "OverloadProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/overload/v3;overloadv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Overload Manager] + +// The Overload Manager provides an extensible framework to protect Envoy instances +// from overload of various resources (memory, cpu, file descriptors, etc). +// It monitors a configurable set of resources and notifies registered listeners +// when triggers related to those resources fire. + +message ResourceMonitor { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.overload.v2alpha.ResourceMonitor"; + + reserved 2; + + reserved "config"; + + // The name of the resource monitor to instantiate. Must match a registered + // resource monitor type. + // See the :ref:`extensions listed in typed_config below ` for the default list of available resource monitor. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Configuration for the resource monitor being instantiated. + // [#extension-category: envoy.resource_monitors] + oneof config_type { + google.protobuf.Any typed_config = 3; + } +} + +message ThresholdTrigger { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.overload.v2alpha.ThresholdTrigger"; + + // If the resource pressure is greater than or equal to this value, the trigger + // will enter saturation. + double value = 1 [(validate.rules).double = {lte: 1.0 gte: 0.0}]; +} + +message ScaledTrigger { + // If the resource pressure is greater than this value, the trigger will be in the + // :ref:`scaling ` state with value + // ``(pressure - scaling_threshold) / (saturation_threshold - scaling_threshold)``. + double scaling_threshold = 1 [(validate.rules).double = {lte: 1.0 gte: 0.0}]; + + // If the resource pressure is greater than this value, the trigger will enter saturation. + double saturation_threshold = 2 [(validate.rules).double = {lte: 1.0 gte: 0.0}]; +} + +message Trigger { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.overload.v2alpha.Trigger"; + + // The name of the resource this is a trigger for. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + oneof trigger_oneof { + option (validate.required) = true; + + ThresholdTrigger threshold = 2; + + ScaledTrigger scaled = 3; + } +} + +// Typed configuration for the "envoy.overload_actions.reduce_timeouts" action. See +// :ref:`the docs ` for an example of how to configure +// the action with different timeouts and minimum values. +message ScaleTimersOverloadActionConfig { + enum TimerType { + // Unsupported value; users must explicitly specify the timer they want scaled. + UNSPECIFIED = 0; + + // Adjusts the idle timer for downstream HTTP connections that takes effect when there are no active streams. + // This affects the value of :ref:`HttpConnectionManager.common_http_protocol_options.idle_timeout + // ` + HTTP_DOWNSTREAM_CONNECTION_IDLE = 1; + + // Adjusts the idle timer for HTTP streams initiated by downstream clients. + // This affects the value of :ref:`RouteAction.idle_timeout ` and + // :ref:`HttpConnectionManager.stream_idle_timeout + // ` + HTTP_DOWNSTREAM_STREAM_IDLE = 2; + + // Adjusts the timer for how long downstream clients have to finish transport-level negotiations + // before the connection is closed. + // This affects the value of + // :ref:`FilterChain.transport_socket_connect_timeout `. + TRANSPORT_SOCKET_CONNECT = 3; + + // Adjusts the max connection duration timer for downstream HTTP connections. + // This affects the value of + // :ref:`HttpConnectionManager.common_http_protocol_options.max_connection_duration + // `. + HTTP_DOWNSTREAM_CONNECTION_MAX = 4; + } + + message ScaleTimer { + // The type of timer this minimum applies to. + TimerType timer = 1 [(validate.rules).enum = {defined_only: true not_in: 0}]; + + oneof overload_adjust { + option (validate.required) = true; + + // Sets the minimum duration as an absolute value. + google.protobuf.Duration min_timeout = 2; + + // Sets the minimum duration as a percentage of the maximum value. + type.v3.Percent min_scale = 3; + } + } + + // A set of timer scaling rules to be applied. + repeated ScaleTimer timer_scale_factors = 1 [(validate.rules).repeated = {min_items: 1}]; +} + +message OverloadAction { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.overload.v2alpha.OverloadAction"; + + // The name of the overload action. This is just a well-known string that listeners can + // use for registering callbacks. Custom overload actions should be named using reverse + // DNS to ensure uniqueness. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // A set of triggers for this action. The state of the action is the maximum + // state of all triggers, which can be scalar values between 0 and 1 or + // saturated. Listeners are notified when the overload action changes state. + // An overload manager action can only have one trigger for a given resource + // e.g. :ref:`Trigger.name + // ` must be unique + // in this list. + repeated Trigger triggers = 2 [(validate.rules).repeated = {min_items: 1}]; + + // Configuration for the action being instantiated. + google.protobuf.Any typed_config = 3; +} + +// A point within the connection or request lifecycle that provides context on +// whether to shed load at that given stage for the current entity at the +// point. +message LoadShedPoint { + // This is just a well-known string for the LoadShedPoint. + // Deployment specific LoadShedPoints e.g. within a custom extension should + // be prefixed by the company / deployment name to avoid colliding with any + // open source LoadShedPoints. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // A set of triggers for this LoadShedPoint. The LoadShedPoint will use the + // the maximum state of all triggers, which can be scalar values between 0 and + // 1 or saturated. A LoadShedPoint can only have one trigger for a given + // resource e.g. :ref:`Trigger.name + // ` must be unique in + // this list. + repeated Trigger triggers = 2 [(validate.rules).repeated = {min_items: 1}]; +} + +// Configuration for which accounts the WatermarkBuffer Factories should +// track. +message BufferFactoryConfig { + // The minimum power of two at which Envoy starts tracking an account. + // + // Envoy has 8 power of two buckets starting with the provided exponent below. + // Concretely the 1st bucket contains accounts for streams that use + // [2^minimum_account_to_track_power_of_two, + // 2^(minimum_account_to_track_power_of_two + 1)) bytes. + // With the 8th bucket tracking accounts + // >= 128 * 2^minimum_account_to_track_power_of_two. + // + // The maximum value is 56, since we're using uint64_t for bytes counting, + // and that's the last value that would use the 8 buckets. In practice, + // we don't expect the proxy to be holding 2^56 bytes. + // + // If omitted, Envoy should not do any tracking. + uint32 minimum_account_to_track_power_of_two = 1 [(validate.rules).uint32 = {lte: 56 gte: 10}]; +} + +// [#next-free-field: 6] +message OverloadManager { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.overload.v2alpha.OverloadManager"; + + // The interval for refreshing resource usage. + google.protobuf.Duration refresh_interval = 1; + + // The set of resources to monitor. + repeated ResourceMonitor resource_monitors = 2 [(validate.rules).repeated = {min_items: 1}]; + + // The set of overload actions. + repeated OverloadAction actions = 3; + + // The set of load shed points. + repeated LoadShedPoint loadshed_points = 5; + + // Configuration for buffer factory. + BufferFactoryConfig buffer_factory_config = 4; +} diff --git a/modules/sync/envoyproxy/envoy/cas/b1cef5fdc3d1350e3f96bc2cf2d14909e19dc8686fb620a42bec19fab962d6e83a1a532b62d30e8ab5256d6809510a88722c4ee872548eb5d01f0e9bd832e3c5 b/modules/sync/envoyproxy/envoy/cas/b1cef5fdc3d1350e3f96bc2cf2d14909e19dc8686fb620a42bec19fab962d6e83a1a532b62d30e8ab5256d6809510a88722c4ee872548eb5d01f0e9bd832e3c5 new file mode 100644 index 00000000..6593ccab --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/b1cef5fdc3d1350e3f96bc2cf2d14909e19dc8686fb620a42bec19fab962d6e83a1a532b62d30e8ab5256d6809510a88722c4ee872548eb5d01f0e9bd832e3c5 @@ -0,0 +1,437 @@ +syntax = "proto3"; + +package envoy.config.rbac.v3; + +import "envoy/config/core/v3/address.proto"; +import "envoy/config/core/v3/extension.proto"; +import "envoy/config/route/v3/route_components.proto"; +import "envoy/type/matcher/v3/filter_state.proto"; +import "envoy/type/matcher/v3/metadata.proto"; +import "envoy/type/matcher/v3/path.proto"; +import "envoy/type/matcher/v3/string.proto"; +import "envoy/type/v3/range.proto"; + +import "google/api/expr/v1alpha1/checked.proto"; +import "google/api/expr/v1alpha1/syntax.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.rbac.v3"; +option java_outer_classname = "RbacProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3;rbacv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Role Based Access Control (RBAC)] + +enum MetadataSource { + // Query :ref:`dynamic metadata ` + DYNAMIC = 0; + + // Query :ref:`route metadata ` + ROUTE = 1; +} + +// Role Based Access Control (RBAC) provides service-level and method-level access control for a +// service. Requests are allowed or denied based on the ``action`` and whether a matching policy is +// found. For instance, if the action is ALLOW and a matching policy is found the request should be +// allowed. +// +// RBAC can also be used to make access logging decisions by communicating with access loggers +// through dynamic metadata. When the action is LOG and at least one policy matches, the +// ``access_log_hint`` value in the shared key namespace 'envoy.common' is set to ``true`` indicating +// the request should be logged. +// +// Here is an example of RBAC configuration. It has two policies: +// +// * Service account ``cluster.local/ns/default/sa/admin`` has full access to the service, and so +// does "cluster.local/ns/default/sa/superuser". +// +// * Any user can read (``GET``) the service at paths with prefix ``/products``, so long as the +// destination port is either 80 or 443. +// +// .. code-block:: yaml +// +// action: ALLOW +// policies: +// "service-admin": +// permissions: +// - any: true +// principals: +// - authenticated: +// principal_name: +// exact: "cluster.local/ns/default/sa/admin" +// - authenticated: +// principal_name: +// exact: "cluster.local/ns/default/sa/superuser" +// "product-viewer": +// permissions: +// - and_rules: +// rules: +// - header: +// name: ":method" +// string_match: +// exact: "GET" +// - url_path: +// path: { prefix: "/products" } +// - or_rules: +// rules: +// - destination_port: 80 +// - destination_port: 443 +// principals: +// - any: true +// +message RBAC { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.RBAC"; + + // Should we do safe-list or block-list style access control? + enum Action { + // The policies grant access to principals. The rest are denied. This is safe-list style + // access control. This is the default type. + ALLOW = 0; + + // The policies deny access to principals. The rest are allowed. This is block-list style + // access control. + DENY = 1; + + // The policies set the ``access_log_hint`` dynamic metadata key based on if requests match. + // All requests are allowed. + LOG = 2; + } + + message AuditLoggingOptions { + // Deny and allow here refer to RBAC decisions, not actions. + enum AuditCondition { + // Never audit. + NONE = 0; + + // Audit when RBAC denies the request. + ON_DENY = 1; + + // Audit when RBAC allows the request. + ON_ALLOW = 2; + + // Audit whether RBAC allows or denies the request. + ON_DENY_AND_ALLOW = 3; + } + + // [#not-implemented-hide:] + message AuditLoggerConfig { + // Typed logger configuration. + // + // [#extension-category: envoy.rbac.audit_loggers] + core.v3.TypedExtensionConfig audit_logger = 1; + + // If true, when the logger is not supported, the data plane will not NACK but simply ignore it. + bool is_optional = 2; + } + + // Condition for the audit logging to happen. + // If this condition is met, all the audit loggers configured here will be invoked. + // + // [#not-implemented-hide:] + AuditCondition audit_condition = 1 [(validate.rules).enum = {defined_only: true}]; + + // Configurations for RBAC-based authorization audit loggers. + // + // [#not-implemented-hide:] + repeated AuditLoggerConfig logger_configs = 2; + } + + // The action to take if a policy matches. Every action either allows or denies a request, + // and can also carry out action-specific operations. + // + // Actions: + // + // * ``ALLOW``: Allows the request if and only if there is a policy that matches + // the request. + // * ``DENY``: Allows the request if and only if there are no policies that + // match the request. + // * ``LOG``: Allows all requests. If at least one policy matches, the dynamic + // metadata key ``access_log_hint`` is set to the value ``true`` under the shared + // key namespace ``envoy.common``. If no policies match, it is set to ``false``. + // Other actions do not modify this key. + // + Action action = 1 [(validate.rules).enum = {defined_only: true}]; + + // Maps from policy name to policy. A match occurs when at least one policy matches the request. + // The policies are evaluated in lexicographic order of the policy name. + map policies = 2; + + // Audit logging options that include the condition for audit logging to happen + // and audit logger configurations. + // + // [#not-implemented-hide:] + AuditLoggingOptions audit_logging_options = 3; +} + +// Policy specifies a role and the principals that are assigned/denied the role. +// A policy matches if and only if at least one of its permissions match the +// action taking place AND at least one of its principals match the downstream +// AND the condition is true if specified. +message Policy { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Policy"; + + // Required. The set of permissions that define a role. Each permission is + // matched with OR semantics. To match all actions for this policy, a single + // Permission with the ``any`` field set to true should be used. + repeated Permission permissions = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Required. The set of principals that are assigned/denied the role based on + // “action”. Each principal is matched with OR semantics. To match all + // downstreams for this policy, a single Principal with the ``any`` field set to + // true should be used. + repeated Principal principals = 2 [(validate.rules).repeated = {min_items: 1}]; + + // An optional symbolic expression specifying an access control + // :ref:`condition `. The condition is combined + // with the permissions and the principals as a clause with AND semantics. + // Only be used when checked_condition is not used. + google.api.expr.v1alpha1.Expr condition = 3 + [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"]; + + // [#not-implemented-hide:] + // An optional symbolic expression that has been successfully type checked. + // Only be used when condition is not used. + google.api.expr.v1alpha1.CheckedExpr checked_condition = 4 + [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"]; +} + +// SourcedMetadata enables matching against metadata from different sources in the request processing +// pipeline. It extends the base MetadataMatcher functionality by allowing specification of where the +// metadata should be sourced from, rather than only matching against dynamic metadata. +// +// The matcher can be configured to look up metadata from: +// +// * Dynamic metadata: Runtime metadata added by filters during request processing +// * Route metadata: Static metadata configured on the route entry +// +message SourcedMetadata { + // Metadata matcher configuration that defines what metadata to match against. This includes the filter name, + // metadata key path, and expected value. + type.matcher.v3.MetadataMatcher metadata_matcher = 1 + [(validate.rules).message = {required: true}]; + + // Specifies which metadata source should be used for matching. If not set, + // defaults to DYNAMIC (dynamic metadata). Set to ROUTE to match against + // static metadata configured on the route entry. + MetadataSource metadata_source = 2 [(validate.rules).enum = {defined_only: true}]; +} + +// Permission defines an action (or actions) that a principal can take. +// [#next-free-field: 15] +message Permission { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Permission"; + + // Used in the ``and_rules`` and ``or_rules`` fields in the ``rule`` oneof. Depending on the context, + // each are applied with the associated behavior. + message Set { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.rbac.v2.Permission.Set"; + + repeated Permission rules = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + oneof rule { + option (validate.required) = true; + + // A set of rules that all must match in order to define the action. + Set and_rules = 1; + + // A set of rules where at least one must match in order to define the action. + Set or_rules = 2; + + // When any is set, it matches any action. + bool any = 3 [(validate.rules).bool = {const: true}]; + + // A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only + // available for HTTP request. + // Note: the pseudo-header :path includes the query and fragment string. Use the ``url_path`` + // field if you want to match the URL path without the query and fragment string. + route.v3.HeaderMatcher header = 4; + + // A URL path on the incoming HTTP request. Only available for HTTP. + type.matcher.v3.PathMatcher url_path = 10; + + // A CIDR block that describes the destination IP. + core.v3.CidrRange destination_ip = 5; + + // A port number that describes the destination port connecting to. + uint32 destination_port = 6 [(validate.rules).uint32 = {lte: 65535}]; + + // A port number range that describes a range of destination ports connecting to. + type.v3.Int32Range destination_port_range = 11; + + // Metadata that describes additional information about the action. This field is deprecated; please use + // :ref:`sourced_metadata` instead. + type.matcher.v3.MetadataMatcher metadata = 7 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Negates matching the provided permission. For instance, if the value of + // ``not_rule`` would match, this permission would not match. Conversely, if + // the value of ``not_rule`` would not match, this permission would match. + Permission not_rule = 8; + + // The request server from the client's connection request. This is + // typically TLS SNI. + // + // .. attention:: + // + // The behavior of this field may be affected by how Envoy is configured + // as explained below. + // + // * If the :ref:`TLS Inspector ` + // filter is not added, and if a ``FilterChainMatch`` is not defined for + // the :ref:`server name + // `, + // a TLS connection's requested SNI server name will be treated as if it + // wasn't present. + // + // * A :ref:`listener filter ` may + // overwrite a connection's requested server name within Envoy. + // + // Please refer to :ref:`this FAQ entry ` to learn to + // setup SNI. + type.matcher.v3.StringMatcher requested_server_name = 9; + + // Extension for configuring custom matchers for RBAC. + // [#extension-category: envoy.rbac.matchers] + core.v3.TypedExtensionConfig matcher = 12; + + // URI template path matching. + // [#extension-category: envoy.path.match] + core.v3.TypedExtensionConfig uri_template = 13; + + // Matches against metadata from either dynamic state or route configuration. Preferred over the + // ``metadata`` field as it provides more flexibility in metadata source selection. + SourcedMetadata sourced_metadata = 14; + } +} + +// Principal defines an identity or a group of identities for a downstream +// subject. +// [#next-free-field: 14] +message Principal { + option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Principal"; + + // Used in the ``and_ids`` and ``or_ids`` fields in the ``identifier`` oneof. + // Depending on the context, each are applied with the associated behavior. + message Set { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.rbac.v2.Principal.Set"; + + repeated Principal ids = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // Authentication attributes for a downstream. + message Authenticated { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.rbac.v2.Principal.Authenticated"; + + reserved 1; + + // The name of the principal. If set, The URI SAN or DNS SAN in that order + // is used from the certificate, otherwise the subject field is used. If + // unset, it applies to any user that is authenticated. + type.matcher.v3.StringMatcher principal_name = 2; + } + + oneof identifier { + option (validate.required) = true; + + // A set of identifiers that all must match in order to define the + // downstream. + Set and_ids = 1; + + // A set of identifiers at least one must match in order to define the + // downstream. + Set or_ids = 2; + + // When any is set, it matches any downstream. + bool any = 3 [(validate.rules).bool = {const: true}]; + + // Authenticated attributes that identify the downstream. + Authenticated authenticated = 4; + + // A CIDR block that describes the downstream IP. + // This address will honor proxy protocol, but will not honor XFF. + // + // This field is deprecated; either use :ref:`remote_ip + // ` for the same + // behavior, or use + // :ref:`direct_remote_ip `. + core.v3.CidrRange source_ip = 5 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // A CIDR block that describes the downstream remote/origin address. + // Note: This is always the physical peer even if the + // :ref:`remote_ip ` is + // inferred from for example the x-forwarder-for header, proxy protocol, + // etc. + core.v3.CidrRange direct_remote_ip = 10; + + // A CIDR block that describes the downstream remote/origin address. + // Note: This may not be the physical peer and could be different from the + // :ref:`direct_remote_ip + // `. E.g, if the + // remote ip is inferred from for example the x-forwarder-for header, proxy + // protocol, etc. + core.v3.CidrRange remote_ip = 11; + + // A header (or pseudo-header such as :path or :method) on the incoming HTTP + // request. Only available for HTTP request. Note: the pseudo-header :path + // includes the query and fragment string. Use the ``url_path`` field if you + // want to match the URL path without the query and fragment string. + route.v3.HeaderMatcher header = 6; + + // A URL path on the incoming HTTP request. Only available for HTTP. + type.matcher.v3.PathMatcher url_path = 9; + + // Metadata that describes additional information about the principal. This field is deprecated; please use + // :ref:`sourced_metadata` instead. + type.matcher.v3.MetadataMatcher metadata = 7 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Identifies the principal using a filter state object. + type.matcher.v3.FilterStateMatcher filter_state = 12; + + // Negates matching the provided principal. For instance, if the value of + // ``not_id`` would match, this principal would not match. Conversely, if the + // value of ``not_id`` would not match, this principal would match. + Principal not_id = 8; + + // Matches against metadata from either dynamic state or route configuration. Preferred over the + // ``metadata`` field as it provides more flexibility in metadata source selection. + SourcedMetadata sourced_metadata = 13; + } +} + +// Action defines the result of allowance or denial when a request matches the matcher. +message Action { + // The name indicates the policy name. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // The action to take if the matcher matches. Every action either allows or denies a request, + // and can also carry out action-specific operations. + // + // Actions: + // + // * ``ALLOW``: If the request gets matched on ALLOW, it is permitted. + // * ``DENY``: If the request gets matched on DENY, it is not permitted. + // * ``LOG``: If the request gets matched on LOG, it is permitted. Besides, the + // dynamic metadata key ``access_log_hint`` under the shared key namespace + // ``envoy.common`` will be set to the value ``true``. + // * If the request cannot get matched, it will fallback to ``DENY``. + // + // Log behavior: + // + // If the RBAC matcher contains at least one LOG action, the dynamic + // metadata key ``access_log_hint`` will be set based on if the request + // get matched on the LOG action. + // + RBAC.Action action = 2; +} diff --git a/modules/sync/envoyproxy/envoy/cas/b5082be33b95bbc2c8a1bae0d4ab9585ce842da65878270cf233bf066be2276fd9282b37d7b809cb974812a92cd343d877f95344756ba946b6b05630261df3ce b/modules/sync/envoyproxy/envoy/cas/b5082be33b95bbc2c8a1bae0d4ab9585ce842da65878270cf233bf066be2276fd9282b37d7b809cb974812a92cd343d877f95344756ba946b6b05630261df3ce new file mode 100644 index 00000000..adf5ab44 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/b5082be33b95bbc2c8a1bae0d4ab9585ce842da65878270cf233bf066be2276fd9282b37d7b809cb974812a92cd343d877f95344756ba946b6b05630261df3ce @@ -0,0 +1,205 @@ +syntax = "proto3"; + +package envoy.admin.v3; + +import "envoy/config/core/v3/base.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v3"; +option java_outer_classname = "ServerInfoProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v3;adminv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Server state] + +// Proto representation of the value returned by /server_info, containing +// server version/server status information. +// [#next-free-field: 8] +message ServerInfo { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.ServerInfo"; + + enum State { + // Server is live and serving traffic. + LIVE = 0; + + // Server is draining listeners in response to external health checks failing. + DRAINING = 1; + + // Server has not yet completed cluster manager initialization. + PRE_INITIALIZING = 2; + + // Server is running the cluster manager initialization callbacks (e.g., RDS). + INITIALIZING = 3; + } + + // Server version. + string version = 1; + + // State of the server. + State state = 2; + + // Uptime since current epoch was started. + google.protobuf.Duration uptime_current_epoch = 3; + + // Uptime since the start of the first epoch. + google.protobuf.Duration uptime_all_epochs = 4; + + // Hot restart version. + string hot_restart_version = 5; + + // Command line options the server is currently running with. + CommandLineOptions command_line_options = 6; + + // Populated node identity of this server. + config.core.v3.Node node = 7; +} + +// [#next-free-field: 42] +message CommandLineOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.CommandLineOptions"; + + enum IpVersion { + v4 = 0; + v6 = 1; + } + + enum Mode { + // Validate configs and then serve traffic normally. + Serve = 0; + + // Validate configs and exit. + Validate = 1; + + // Completely load and initialize the config, and then exit without running the listener loop. + InitOnly = 2; + } + + enum DrainStrategy { + // Gradually discourage connections over the course of the drain period. + Gradual = 0; + + // Discourage all connections for the duration of the drain sequence. + Immediate = 1; + } + + reserved 12, 20, 21, 29; + + reserved "max_stats", "max_obj_name_len", "bootstrap_version"; + + // See :option:`--base-id` for details. + uint64 base_id = 1; + + // See :option:`--use-dynamic-base-id` for details. + bool use_dynamic_base_id = 31; + + // See :option:`--skip-hot-restart-on-no-parent` for details. + bool skip_hot_restart_on_no_parent = 39; + + // See :option:`--skip-hot-restart-parent-stats` for details. + bool skip_hot_restart_parent_stats = 40; + + // See :option:`--base-id-path` for details. + string base_id_path = 32; + + // See :option:`--concurrency` for details. + uint32 concurrency = 2; + + // See :option:`--config-path` for details. + string config_path = 3; + + // See :option:`--config-yaml` for details. + string config_yaml = 4; + + // See :option:`--allow-unknown-static-fields` for details. + bool allow_unknown_static_fields = 5; + + // See :option:`--reject-unknown-dynamic-fields` for details. + bool reject_unknown_dynamic_fields = 26; + + // See :option:`--ignore-unknown-dynamic-fields` for details. + bool ignore_unknown_dynamic_fields = 30; + + // See :option:`--skip-deprecated-logs` for details. + bool skip_deprecated_logs = 41; + + // See :option:`--admin-address-path` for details. + string admin_address_path = 6; + + // See :option:`--local-address-ip-version` for details. + IpVersion local_address_ip_version = 7; + + // See :option:`--log-level` for details. + string log_level = 8; + + // See :option:`--component-log-level` for details. + string component_log_level = 9; + + // See :option:`--log-format` for details. + string log_format = 10; + + // See :option:`--log-format-escaped` for details. + bool log_format_escaped = 27; + + // See :option:`--log-path` for details. + string log_path = 11; + + // See :option:`--service-cluster` for details. + string service_cluster = 13; + + // See :option:`--service-node` for details. + string service_node = 14; + + // See :option:`--service-zone` for details. + string service_zone = 15; + + // See :option:`--file-flush-interval-msec` for details. + google.protobuf.Duration file_flush_interval = 16; + + // See :option:`--drain-time-s` for details. + google.protobuf.Duration drain_time = 17; + + // See :option:`--drain-strategy` for details. + DrainStrategy drain_strategy = 33; + + // See :option:`--parent-shutdown-time-s` for details. + google.protobuf.Duration parent_shutdown_time = 18; + + // See :option:`--mode` for details. + Mode mode = 19; + + // See :option:`--disable-hot-restart` for details. + bool disable_hot_restart = 22; + + // See :option:`--enable-mutex-tracing` for details. + bool enable_mutex_tracing = 23; + + // See :option:`--restart-epoch` for details. + uint32 restart_epoch = 24; + + // See :option:`--cpuset-threads` for details. + bool cpuset_threads = 25; + + // See :option:`--disable-extensions` for details. + repeated string disabled_extensions = 28; + + // See :option:`--enable-fine-grain-logging` for details. + bool enable_fine_grain_logging = 34; + + // See :option:`--socket-path` for details. + string socket_path = 35; + + // See :option:`--socket-mode` for details. + uint32 socket_mode = 36; + + // See :option:`--enable-core-dump` for details. + bool enable_core_dump = 37; + + // See :option:`--stats-tag` for details. + repeated string stats_tag = 38; +} diff --git a/modules/sync/envoyproxy/envoy/cas/b8474a002d72c2f26c487b3f7ff34c9d28dede1ae5deebca5bca92acdc82e3eb084a31405538e2210f87d882cc4cedc05abe0a337497ff6dc211e65c16dcf02a b/modules/sync/envoyproxy/envoy/cas/b8474a002d72c2f26c487b3f7ff34c9d28dede1ae5deebca5bca92acdc82e3eb084a31405538e2210f87d882cc4cedc05abe0a337497ff6dc211e65c16dcf02a new file mode 100644 index 00000000..4266541e --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/b8474a002d72c2f26c487b3f7ff34c9d28dede1ae5deebca5bca92acdc82e3eb084a31405538e2210f87d882cc4cedc05abe0a337497ff6dc211e65c16dcf02a @@ -0,0 +1,92 @@ +syntax = "proto3"; + +package envoy.extensions.clusters.dns.v3; + +import "envoy/config/core/v3/extension.proto"; +import "envoy/extensions/clusters/common/dns/v3/dns.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.clusters.dns.v3"; +option java_outer_classname = "DnsClusterProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/dns/v3;dnsv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: DNS cluster configuration] + +// Configuration for DNS discovery clusters. +// [#extension: envoy.clusters.dns] + +// [#next-free-field: 10] +message DnsCluster { + message RefreshRate { + // Specifies the base interval between refreshes. This parameter is required and must be greater + // than zero and less than + // :ref:`max_interval `. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gt {nanos: 1000000} + }]; + + // Specifies the maximum interval between refreshes. This parameter is optional, but must be + // greater than or equal to the + // :ref:`base_interval ` if set. The default + // is 10 times the :ref:`base_interval `. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}]; + } + + // This value is the cluster’s DNS refresh rate. The value configured must be at least 1ms. + // If this setting is not specified, the + // value defaults to 5000ms. + google.protobuf.Duration dns_refresh_rate = 3 [(validate.rules).duration = {gt {nanos: 1000000}}]; + + // This is the cluster’s DNS refresh rate when requests are failing. If this setting is + // not specified, the failure refresh rate defaults to the DNS refresh rate. + RefreshRate dns_failure_refresh_rate = 4; + + // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true, + // cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS + // resolution. + bool respect_dns_ttl = 5; + + // DNS jitter causes the cluster to refresh DNS entries later by a random amount of time to avoid a + // stampede of DNS requests. This value sets the upper bound (exclusive) for the random amount. + // There will be no jitter if this value is omitted. + google.protobuf.Duration dns_jitter = 6 [(validate.rules).duration = {gte {}}]; + + // DNS resolver type configuration extension. This extension can be used to configure c-ares, apple, + // or any other DNS resolver types and the related parameters. + // For example, an object of + // :ref:`CaresDnsResolverConfig` + // can be packed into this ``typed_dns_resolver_config``. This configuration replaces the + // :ref:`Cluster.typed_dns_resolver_config` + // configuration which replaces :ref:`Cluster.dns_resolution_config`. + // During the transition period when + // :ref:`DnsCluster.typed_dns_resolver_config`, + // :ref:`Cluster.typed_dns_resolver_config`, + // and :ref:`Cluster.dns_resolution_config` + // exist, Envoy will use + // :ref:`DnsCluster.typed_dns_resolver_config` + // and ignore + // DNS resolver-related fields in :ref:`Cluster` if the cluster is configured via the + // :ref:`Cluster.cluster_type` extension point with the + // :ref:`DnsCluster` extension type. + // Otherwise, see :ref:`Cluster.typed_dns_resolver_config`. + // [#extension-category: envoy.network.dns_resolver] + config.core.v3.TypedExtensionConfig typed_dns_resolver_config = 7; + + // The DNS IP address resolution policy. If this setting is not specified, the + // value defaults to + // :ref:`AUTO`. + common.dns.v3.DnsLookupFamily dns_lookup_family = 8; + + // If true, all returned addresses are considered to be associated with a single endpoint, + // which maps to :ref:`logical DNS discovery ` + // semantics. Otherwise, each address is considered to be a separate endpoint, which maps to + // :ref:`strict DNS discovery ` semantics. + bool all_addresses_in_single_endpoint = 9; +} diff --git a/modules/sync/envoyproxy/envoy/cas/b8aeb0435ab80c4f331ede8ee6367cf5eb25df2219c291e177b1be3dae38269671d7d2c2855e045c88058f0e973fdd447875a154228148abb5f00e94f4c47281 b/modules/sync/envoyproxy/envoy/cas/b8aeb0435ab80c4f331ede8ee6367cf5eb25df2219c291e177b1be3dae38269671d7d2c2855e045c88058f0e973fdd447875a154228148abb5f00e94f4c47281 new file mode 100644 index 00000000..8a03a532 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/b8aeb0435ab80c4f331ede8ee6367cf5eb25df2219c291e177b1be3dae38269671d7d2c2855e045c88058f0e973fdd447875a154228148abb5f00e94f4c47281 @@ -0,0 +1,22 @@ +syntax = "proto3"; + +package envoy.type.matcher.v3; + +import "xds/core/v3/cidr.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.type.matcher.v3"; +option java_outer_classname = "AddressProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3;matcherv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Address Matcher] + +// Match an IP against a repeated CIDR range. This matcher is intended to be +// used in other matchers, for example in the filter state matcher to match a +// filter state object as an IP. +message AddressMatcher { + repeated xds.core.v3.CidrRange ranges = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/c287f1093bd60b0ed243f40f69dc868a8856f31b36cc3f44790c0ed62e24c23fee9046ff0c55512f5fdbabd3f7fb89ca60d13a90ae0e1595189e5f2ef03febb1 b/modules/sync/envoyproxy/envoy/cas/c287f1093bd60b0ed243f40f69dc868a8856f31b36cc3f44790c0ed62e24c23fee9046ff0c55512f5fdbabd3f7fb89ca60d13a90ae0e1595189e5f2ef03febb1 new file mode 100644 index 00000000..e5f86da5 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/c287f1093bd60b0ed243f40f69dc868a8856f31b36cc3f44790c0ed62e24c23fee9046ff0c55512f5fdbabd3f7fb89ca60d13a90ae0e1595189e5f2ef03febb1 @@ -0,0 +1,72 @@ +syntax = "proto3"; + +package envoy.config.filter.network.kafka_broker.v2alpha1; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.filter.network.kafka_broker.v2alpha1"; +option java_outer_classname = "KafkaBrokerProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/kafka_broker/v2alpha1"; +option (udpa.annotations.file_migrate).move_to_package = + "envoy.extensions.filters.network.kafka_broker.v3"; +option (udpa.annotations.file_status).package_version_status = FROZEN; + +// [#protodoc-title: Kafka Broker] +// Kafka Broker :ref:`configuration overview `. +// [#extension: envoy.filters.network.kafka_broker] +// [#next-free-field: 6] +message KafkaBroker { + // The prefix to use when emitting :ref:`statistics `. + string stat_prefix = 1 [(validate.rules).string = {min_bytes: 1}]; + + // Set to true if broker filter should attempt to serialize the received responses from the + // upstream broker instead of passing received bytes as is. + // Disabled by default. + bool force_response_rewrite = 2; + + // Optional broker address rewrite specification. + // Allows the broker filter to rewrite Kafka responses so that all connections established by + // the Kafka clients point to Envoy. + // This allows Kafka cluster not to configure its 'advertised.listeners' property + // (as the necessary re-pointing will be done by this filter). + // This collection of rules should cover all brokers in the cluster that is being proxied, + // otherwise some nodes' addresses might leak to the downstream clients. + oneof broker_address_rewrite_spec { + // Broker address rewrite rules that match by broker ID. + IdBasedBrokerRewriteSpec id_based_broker_address_rewrite_spec = 3; + } + + // Optional list of allowed Kafka API keys. Only requests with provided API keys will be + // routed, otherwise the connection will be closed. No effect if empty. + repeated uint32 api_keys_allowed = 4 + [(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}]; + + // Optional list of denied Kafka API keys. Requests with API keys matching this list will have + // the connection closed. No effect if empty. + repeated uint32 api_keys_denied = 5 + [(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}]; +} + +// Collection of rules matching by broker ID. +message IdBasedBrokerRewriteSpec { + repeated IdBasedBrokerRewriteRule rules = 1; +} + +// Defines a rule to rewrite broker address data. +message IdBasedBrokerRewriteRule { + // Broker ID to match. + uint32 id = 1 [(validate.rules).uint32 = {gte: 0}]; + + // The host value to use (resembling the host part of Kafka's advertised.listeners). + // The value should point to the Envoy (not Kafka) listener, so that all client traffic goes + // through Envoy. + string host = 2 [(validate.rules).string = {min_len: 1}]; + + // The port value to use (resembling the port part of Kafka's advertised.listeners). + // The value should point to the Envoy (not Kafka) listener, so that all client traffic goes + // through Envoy. + uint32 port = 3 [(validate.rules).uint32 = {lte: 65535}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/c29c6d22b41d00bd1a0c1ef267637fc69e8e43dcbe035dca36946ca152031f28cc5fb3773ece8c10b5051c9bf41f183abe458845d060c5b154c34265cf5368bf b/modules/sync/envoyproxy/envoy/cas/c29c6d22b41d00bd1a0c1ef267637fc69e8e43dcbe035dca36946ca152031f28cc5fb3773ece8c10b5051c9bf41f183abe458845d060c5b154c34265cf5368bf new file mode 100644 index 00000000..5cef3fc7 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/c29c6d22b41d00bd1a0c1ef267637fc69e8e43dcbe035dca36946ca152031f28cc5fb3773ece8c10b5051c9bf41f183abe458845d060c5b154c34265cf5368bf @@ -0,0 +1,45 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.stateful_session.v3; + +import "envoy/config/core/v3/extension.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.stateful_session.v3"; +option java_outer_classname = "StatefulSessionProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/stateful_session/v3;stateful_sessionv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Stateful session filter] +// Stateful session :ref:`configuration overview `. +// [#extension: envoy.filters.http.stateful_session] + +message StatefulSession { + // Specifies the implementation of session state. This session state is used to store and retrieve the address of the + // upstream host assigned to the session. + // + // [#extension-category: envoy.http.stateful_session] + config.core.v3.TypedExtensionConfig session_state = 1; + + // Determines whether the HTTP request must be strictly routed to the requested destination. When set to ``true``, + // if the requested destination is unavailable, Envoy will return a 503 status code. The default value is ``false``, + // which allows Envoy to fall back to its load balancing mechanism. In this case, if the requested destination is not + // found, the request will be routed according to the load balancing algorithm. + bool strict = 2; +} + +message StatefulSessionPerRoute { + oneof override { + option (validate.required) = true; + + // Disable the stateful session filter for this particular vhost or route. If disabled is + // specified in multiple per-filter-configs, the most specific one will be used. + bool disabled = 1 [(validate.rules).bool = {const: true}]; + + // Per-route stateful session configuration that can be served by RDS or static route table. + StatefulSession stateful_session = 2; + } +} diff --git a/modules/sync/envoyproxy/envoy/cas/c3a06caefa9e50db33112179456b945e2afe0288391af79cfc591a19ddcfc303a5ab49b43da11a334a728c093e15f0d2c733bebfb34308dc41c37d81368c828a b/modules/sync/envoyproxy/envoy/cas/c3a06caefa9e50db33112179456b945e2afe0288391af79cfc591a19ddcfc303a5ab49b43da11a334a728c093e15f0d2c733bebfb34308dc41c37d81368c828a new file mode 100644 index 00000000..5f8c3e36 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/c3a06caefa9e50db33112179456b945e2afe0288391af79cfc591a19ddcfc303a5ab49b43da11a334a728c093e15f0d2c733bebfb34308dc41c37d81368c828a @@ -0,0 +1,351 @@ +syntax = "proto3"; + +package envoy.config.accesslog.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/config/route/v3/route_components.proto"; +import "envoy/data/accesslog/v3/accesslog.proto"; +import "envoy/type/matcher/v3/metadata.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.accesslog.v3"; +option java_outer_classname = "AccesslogProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3;accesslogv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Common access log types] + +message AccessLog { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.AccessLog"; + + reserved 3; + + reserved "config"; + + // The name of the access log extension configuration. + string name = 1; + + // Filter which is used to determine if the access log needs to be written. + AccessLogFilter filter = 2; + + // Custom configuration that must be set according to the access logger extension being instantiated. + // [#extension-category: envoy.access_loggers] + oneof config_type { + google.protobuf.Any typed_config = 4; + } +} + +// [#next-free-field: 14] +message AccessLogFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.AccessLogFilter"; + + oneof filter_specifier { + option (validate.required) = true; + + // Status code filter. + StatusCodeFilter status_code_filter = 1; + + // Duration filter. + DurationFilter duration_filter = 2; + + // Not health check filter. + NotHealthCheckFilter not_health_check_filter = 3; + + // Traceable filter. + TraceableFilter traceable_filter = 4; + + // Runtime filter. + RuntimeFilter runtime_filter = 5; + + // And filter. + AndFilter and_filter = 6; + + // Or filter. + OrFilter or_filter = 7; + + // Header filter. + HeaderFilter header_filter = 8; + + // Response flag filter. + ResponseFlagFilter response_flag_filter = 9; + + // gRPC status filter. + GrpcStatusFilter grpc_status_filter = 10; + + // Extension filter. + // [#extension-category: envoy.access_loggers.extension_filters] + ExtensionFilter extension_filter = 11; + + // Metadata Filter + MetadataFilter metadata_filter = 12; + + // Log Type Filter + LogTypeFilter log_type_filter = 13; + } +} + +// Filter on an integer comparison. +message ComparisonFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.ComparisonFilter"; + + enum Op { + // = + EQ = 0; + + // >= + GE = 1; + + // <= + LE = 2; + } + + // Comparison operator. + Op op = 1 [(validate.rules).enum = {defined_only: true}]; + + // Value to compare against. + core.v3.RuntimeUInt32 value = 2 [(validate.rules).message = {required: true}]; +} + +// Filters on HTTP response/status code. +message StatusCodeFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.StatusCodeFilter"; + + // Comparison. + ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}]; +} + +// Filters based on the duration of the request or stream, in milliseconds. +// For end of stream access logs, the total duration of the stream will be used. +// For :ref:`periodic access logs`, +// the duration of the stream at the time of log recording will be used. +message DurationFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.DurationFilter"; + + // Comparison. + ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}]; +} + +// Filters for requests that are not health check requests. A health check +// request is marked by the health check filter. +message NotHealthCheckFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.NotHealthCheckFilter"; +} + +// Filters for requests that are traceable. See the tracing overview for more +// information on how a request becomes traceable. +message TraceableFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.TraceableFilter"; +} + +// Filters requests based on runtime-configurable sampling rates. +message RuntimeFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.RuntimeFilter"; + + // Specifies a key used to look up a custom sampling rate from the runtime configuration. If a value is found for this + // key, it will override the default sampling rate specified in ``percent_sampled``. + string runtime_key = 1 [(validate.rules).string = {min_len: 1}]; + + // Defines the default sampling percentage when no runtime override is present. If not specified, the default is + // **0%** (with a denominator of 100). + type.v3.FractionalPercent percent_sampled = 2; + + // Controls how sampling decisions are made. + // + // - Default behavior (``false``): + // + // * Uses the :ref:`x-request-id` as a consistent sampling pivot. + // * When :ref:`x-request-id` is present, sampling will be consistent + // across multiple hosts based on both the ``runtime_key`` and + // :ref:`x-request-id`. + // * Useful for tracking related requests across a distributed system. + // + // - When set to ``true`` or :ref:`x-request-id` is missing: + // + // * Sampling decisions are made randomly based only on the ``runtime_key``. + // * Useful in complex filter configurations (like nested + // :ref:`AndFilter`/ + // :ref:`OrFilter` blocks) where independent probability + // calculations are desired. + // * Can be used to implement logging kill switches with predictable probability distributions. + // + bool use_independent_randomness = 3; +} + +// Performs a logical “and” operation on the result of each filter in filters. +// Filters are evaluated sequentially and if one of them returns false, the +// filter returns false immediately. +message AndFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.AndFilter"; + + repeated AccessLogFilter filters = 1 [(validate.rules).repeated = {min_items: 2}]; +} + +// Performs a logical “or” operation on the result of each individual filter. +// Filters are evaluated sequentially and if one of them returns true, the +// filter returns true immediately. +message OrFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.OrFilter"; + + repeated AccessLogFilter filters = 2 [(validate.rules).repeated = {min_items: 2}]; +} + +// Filters requests based on the presence or value of a request header. +message HeaderFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.HeaderFilter"; + + // Only requests with a header which matches the specified HeaderMatcher will + // pass the filter check. + route.v3.HeaderMatcher header = 1 [(validate.rules).message = {required: true}]; +} + +// Filters requests that received responses with an Envoy response flag set. +// A list of the response flags can be found +// in the access log formatter +// :ref:`documentation`. +message ResponseFlagFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.ResponseFlagFilter"; + + // Only responses with the any of the flags listed in this field will be + // logged. This field is optional. If it is not specified, then any response + // flag will pass the filter check. + repeated string flags = 1 [(validate.rules).repeated = { + items { + string { + in: "LH" + in: "UH" + in: "UT" + in: "LR" + in: "UR" + in: "UF" + in: "UC" + in: "UO" + in: "NR" + in: "DI" + in: "FI" + in: "RL" + in: "UAEX" + in: "RLSE" + in: "DC" + in: "URX" + in: "SI" + in: "IH" + in: "DPE" + in: "UMSDR" + in: "RFCF" + in: "NFCF" + in: "DT" + in: "UPE" + in: "NC" + in: "OM" + in: "DF" + in: "DO" + in: "DR" + } + } + }]; +} + +// Filters gRPC requests based on their response status. If a gRPC status is not +// provided, the filter will infer the status from the HTTP status code. +message GrpcStatusFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.GrpcStatusFilter"; + + enum Status { + OK = 0; + CANCELED = 1; + UNKNOWN = 2; + INVALID_ARGUMENT = 3; + DEADLINE_EXCEEDED = 4; + NOT_FOUND = 5; + ALREADY_EXISTS = 6; + PERMISSION_DENIED = 7; + RESOURCE_EXHAUSTED = 8; + FAILED_PRECONDITION = 9; + ABORTED = 10; + OUT_OF_RANGE = 11; + UNIMPLEMENTED = 12; + INTERNAL = 13; + UNAVAILABLE = 14; + DATA_LOSS = 15; + UNAUTHENTICATED = 16; + } + + // Logs only responses that have any one of the gRPC statuses in this field. + repeated Status statuses = 1 [(validate.rules).repeated = {items {enum {defined_only: true}}}]; + + // If included and set to true, the filter will instead block all responses + // with a gRPC status or inferred gRPC status enumerated in statuses, and + // allow all other responses. + bool exclude = 2; +} + +// Filters based on matching dynamic metadata. +// If the matcher path and key correspond to an existing key in dynamic +// metadata, the request is logged only if the matcher value is equal to the +// metadata value. If the matcher path and key *do not* correspond to an +// existing key in dynamic metadata, the request is logged only if +// match_if_key_not_found is "true" or unset. +message MetadataFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.MetadataFilter"; + + // Matcher to check metadata for specified value. For example, to match on the + // access_log_hint metadata, set the filter to "envoy.common" and the path to + // "access_log_hint", and the value to "true". + type.matcher.v3.MetadataMatcher matcher = 1; + + // Default result if the key does not exist in dynamic metadata: if unset or + // true, then log; if false, then don't log. + google.protobuf.BoolValue match_if_key_not_found = 2; +} + +// Filters based on access log type. +message LogTypeFilter { + // Logs only records which their type is one of the types defined in this field. + repeated data.accesslog.v3.AccessLogType types = 1 + [(validate.rules).repeated = {items {enum {defined_only: true}}}]; + + // If this field is set to true, the filter will instead block all records + // with a access log type in types field, and allow all other records. + bool exclude = 2; +} + +// Extension filter is statically registered at runtime. +message ExtensionFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.accesslog.v2.ExtensionFilter"; + + reserved 2; + + reserved "config"; + + // The name of the filter implementation to instantiate. The name must + // match a statically registered filter. + string name = 1; + + // Custom configuration that depends on the filter being instantiated. + oneof config_type { + google.protobuf.Any typed_config = 3; + } +} diff --git a/modules/sync/envoyproxy/envoy/cas/c532345a4b2414764b040b34e5a2e9d71f496fdd34ca36725f4cae2d461cebe13c64c22c958f310b678440f349f8e34d468241d5f321d5a8b1358f755ab3f749 b/modules/sync/envoyproxy/envoy/cas/c532345a4b2414764b040b34e5a2e9d71f496fdd34ca36725f4cae2d461cebe13c64c22c958f310b678440f349f8e34d468241d5f321d5a8b1358f755ab3f749 new file mode 100644 index 00000000..bb53b4ee --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/c532345a4b2414764b040b34e5a2e9d71f496fdd34ca36725f4cae2d461cebe13c64c22c958f310b678440f349f8e34d468241d5f321d5a8b1358f755ab3f749 @@ -0,0 +1,568 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; +import "envoy/type/matcher/v3/string.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3"; +option java_outer_classname = "CommonProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3;tlsv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Common TLS configuration] + +// [#next-free-field: 6] +message TlsParameters { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsParameters"; + + enum TlsProtocol { + // Envoy will choose the optimal TLS version. + TLS_AUTO = 0; + + // TLS 1.0 + TLSv1_0 = 1; + + // TLS 1.1 + TLSv1_1 = 2; + + // TLS 1.2 + TLSv1_2 = 3; + + // TLS 1.3 + TLSv1_3 = 4; + } + + // Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers. + // + // TLS protocol versions below TLSv1_2 require setting compatible ciphers with the + // ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers. + // + // .. attention:: + // + // Using TLS protocol versions below TLSv1_2 has serious security considerations and risks. + TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum = {defined_only: true}]; + + // Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for + // servers. + TlsProtocol tls_maximum_protocol_version = 2 [(validate.rules).enum = {defined_only: true}]; + + // If specified, the TLS listener will only support the specified `cipher list + // `_ + // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). + // + // If not specified, a default list will be used. Defaults are different for server (downstream) and + // client (upstream) TLS configurations. + // Defaults will change over time in response to security considerations; If you care, configure + // it instead of using the default. + // + // In non-FIPS builds, the default server cipher list is: + // + // .. code-block:: none + // + // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] + // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // + // In builds using :ref:`BoringSSL FIPS `, the default server cipher list is: + // + // .. code-block:: none + // + // ECDHE-ECDSA-AES128-GCM-SHA256 + // ECDHE-RSA-AES128-GCM-SHA256 + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // + // In non-FIPS builds, the default client cipher list is: + // + // .. code-block:: none + // + // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] + // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + // + // In builds using :ref:`BoringSSL FIPS `, the default client cipher list is: + // + // .. code-block:: none + // + // ECDHE-ECDSA-AES128-GCM-SHA256 + // ECDHE-RSA-AES128-GCM-SHA256 + // ECDHE-ECDSA-AES256-GCM-SHA384 + // ECDHE-RSA-AES256-GCM-SHA384 + repeated string cipher_suites = 3; + + // If specified, the TLS connection will only support the specified ECDH + // curves. If not specified, the default curves will be used. + // + // In non-FIPS builds, the default curves are: + // + // .. code-block:: none + // + // X25519 + // P-256 + // + // In builds using :ref:`BoringSSL FIPS `, the default curve is: + // + // .. code-block:: none + // + // P-256 + repeated string ecdh_curves = 4; + + // If specified, the TLS connection will only support the specified signature algorithms. + // The list is ordered by preference. + // If not specified, the default signature algorithms defined by BoringSSL will be used. + // + // Default signature algorithms selected by BoringSSL (may be out of date): + // + // .. code-block:: none + // + // ecdsa_secp256r1_sha256 + // rsa_pss_rsae_sha256 + // rsa_pkcs1_sha256 + // ecdsa_secp384r1_sha384 + // rsa_pss_rsae_sha384 + // rsa_pkcs1_sha384 + // rsa_pss_rsae_sha512 + // rsa_pkcs1_sha512 + // rsa_pkcs1_sha1 + // + // Signature algorithms supported by BoringSSL (may be out of date): + // + // .. code-block:: none + // + // rsa_pkcs1_sha256 + // rsa_pkcs1_sha384 + // rsa_pkcs1_sha512 + // ecdsa_secp256r1_sha256 + // ecdsa_secp384r1_sha384 + // ecdsa_secp521r1_sha512 + // rsa_pss_rsae_sha256 + // rsa_pss_rsae_sha384 + // rsa_pss_rsae_sha512 + // ed25519 + // rsa_pkcs1_sha1 + // ecdsa_sha1 + repeated string signature_algorithms = 5; +} + +// BoringSSL private key method configuration. The private key methods are used for external +// (potentially asynchronous) signing and decryption operations. Some use cases for private key +// methods would be TPM support and TLS acceleration. +message PrivateKeyProvider { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.auth.PrivateKeyProvider"; + + reserved 2; + + reserved "config"; + + // Private key method provider name. The name must match a + // supported private key method provider type. + string provider_name = 1 [(validate.rules).string = {min_len: 1}]; + + // Private key method provider specific configuration. + oneof config_type { + google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true]; + } + + // If the private key provider isn't available (eg. the required hardware capability doesn't existed), + // Envoy will fallback to the BoringSSL default implementation when the ``fallback`` is true. + // The default value is ``false``. + bool fallback = 4; +} + +// [#next-free-field: 9] +message TlsCertificate { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsCertificate"; + + // The TLS certificate chain. + // + // If ``certificate_chain`` is a filesystem path, a watch will be added to the + // parent directory for any file moves to support rotation. This currently + // only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via + // SDS. + config.core.v3.DataSource certificate_chain = 1; + + // The TLS private key. + // + // If ``private_key`` is a filesystem path, a watch will be added to the parent + // directory for any file moves to support rotation. This currently only + // applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS. + config.core.v3.DataSource private_key = 2 [(udpa.annotations.sensitive) = true]; + + // ``Pkcs12`` data containing TLS certificate, chain, and private key. + // + // If ``pkcs12`` is a filesystem path, the file will be read, but no watch will + // be added to the parent directory, since ``pkcs12`` isn't used by SDS. + // This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``. + // This can't be marked as ``oneof`` due to API compatibility reasons. Setting + // both :ref:`private_key `, + // :ref:`certificate_chain `, + // or :ref:`private_key_provider ` + // and :ref:`pkcs12 ` + // fields will result in an error. Use :ref:`password + // ` + // to specify the password to unprotect the ``PKCS12`` data, if necessary. + config.core.v3.DataSource pkcs12 = 8 [(udpa.annotations.sensitive) = true]; + + // If specified, updates of file-based ``certificate_chain`` and ``private_key`` + // sources will be triggered by this watch. The certificate/key pair will be + // read together and validated for atomic read consistency (i.e. no + // intervening modification occurred between cert/key read, verified by file + // hash comparisons). This allows explicit control over the path watched, by + // default the parent directories of the filesystem paths in + // ``certificate_chain`` and ``private_key`` are watched if this field is not + // specified. This only applies when a ``TlsCertificate`` is delivered by SDS + // with references to filesystem paths. See the :ref:`SDS key rotation + // ` documentation for further details. + config.core.v3.WatchedDirectory watched_directory = 7; + + // BoringSSL private key method provider. This is an alternative to :ref:`private_key + // ` field. + // When both :ref:`private_key ` and + // :ref:`private_key_provider ` fields are set, + // ``private_key_provider`` takes precedence. + // If ``private_key_provider`` is unavailable and :ref:`fallback + // ` + // is enabled, ``private_key`` will be used. + PrivateKeyProvider private_key_provider = 6; + + // The password to decrypt the TLS private key. If this field is not set, it is assumed that the + // TLS private key is not password encrypted. + config.core.v3.DataSource password = 3 [(udpa.annotations.sensitive) = true]; + + // The OCSP response to be stapled with this certificate during the handshake. + // The response must be DER-encoded and may only be provided via ``filename`` or + // ``inline_bytes``. The response may pertain to only one certificate. + config.core.v3.DataSource ocsp_staple = 4; + + // [#not-implemented-hide:] + repeated config.core.v3.DataSource signed_certificate_timestamp = 5; +} + +message TlsSessionTicketKeys { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.auth.TlsSessionTicketKeys"; + + // Keys for encrypting and decrypting TLS session tickets. The + // first key in the array contains the key to encrypt all new sessions created by this context. + // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys + // by, for example, putting the new key first, and the previous key second. + // + // If :ref:`session_ticket_keys ` + // is not specified, the TLS library will still support resuming sessions via tickets, but it will + // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts + // or on different hosts. + // + // Each key must contain exactly 80 bytes of cryptographically-secure random data. For + // example, the output of ``openssl rand 80``. + // + // .. attention:: + // + // Using this feature has serious security considerations and risks. Improper handling of keys + // may result in loss of secrecy in connections, even if ciphers supporting perfect forward + // secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some + // discussion. To minimize the risk, you must: + // + // * Keep the session ticket keys at least as secure as your TLS certificate private keys + // * Rotate session ticket keys at least daily, and preferably hourly + // * Always generate keys using a cryptographically-secure random data source + repeated config.core.v3.DataSource keys = 1 + [(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true]; +} + +// Indicates a certificate to be obtained from a named CertificateProvider plugin instance. +// The plugin instances are defined in the client's bootstrap file. +// The plugin allows certificates to be fetched/refreshed over the network asynchronously with +// respect to the TLS handshake. +// [#not-implemented-hide:] +message CertificateProviderPluginInstance { + // Provider instance name. + // + // Instance names should generally be defined not in terms of the underlying provider + // implementation (e.g., "file_watcher") but rather in terms of the function of the + // certificates (e.g., "foo_deployment_identity"). + string instance_name = 1 [(validate.rules).string = {min_len: 1}]; + + // Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify + // a root-certificate (validation context) or "example.com" to specify a certificate for a + // particular domain. Not all provider instances will actually use this field, so the value + // defaults to the empty string. + string certificate_name = 2; +} + +// Matcher for subject alternative names, to match both type and value of the SAN. +message SubjectAltNameMatcher { + // Indicates the choice of GeneralName as defined in section 4.2.1.5 of RFC 5280 to match + // against. + enum SanType { + SAN_TYPE_UNSPECIFIED = 0; + EMAIL = 1; + DNS = 2; + URI = 3; + IP_ADDRESS = 4; + OTHER_NAME = 5; + } + + // Specification of type of SAN. Note that the default enum value is an invalid choice. + SanType san_type = 1 [(validate.rules).enum = {defined_only: true not_in: 0}]; + + // Matcher for SAN value. + // + // The string matching for OTHER_NAME SAN values depends on their ASN.1 type: + // + // * OBJECT: Validated against its dotted numeric notation (e.g., "1.2.3.4") + // * BOOLEAN: Validated against strings "true" or "false" + // * INTEGER/ENUMERATED: Validated against a string containing the integer value + // * NULL: Validated against an empty string + // * Other types: Validated directly against the string value + type.matcher.v3.StringMatcher matcher = 2 [(validate.rules).message = {required: true}]; + + // OID Value which is required if OTHER_NAME SAN type is used. + // For example, UPN OID is 1.3.6.1.4.1.311.20.2.3 + // (Reference: http://oid-info.com/get/1.3.6.1.4.1.311.20.2.3). + // + // If set for SAN types other than OTHER_NAME, it will be ignored. + string oid = 3; +} + +// [#next-free-field: 18] +message CertificateValidationContext { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.auth.CertificateValidationContext"; + + // Peer certificate verification mode. + enum TrustChainVerification { + // Perform default certificate verification (e.g., against CA / verification lists) + VERIFY_TRUST_CHAIN = 0; + + // Connections where the certificate fails verification will be permitted. + // For HTTP connections, the result of certificate verification can be used in route matching. ( + // see :ref:`validated ` ). + ACCEPT_UNTRUSTED = 1; + } + + message SystemRootCerts { + } + + reserved 4, 5; + + reserved "verify_subject_alt_name"; + + // TLS certificate data containing certificate authority certificates to use in verifying + // a presented peer certificate (e.g. server certificate for clusters or client certificate + // for listeners). If not specified and a peer certificate is presented it will not be + // verified. By default, a client certificate is optional, unless one of the additional + // options (:ref:`require_client_certificate + // `, + // :ref:`verify_certificate_spki + // `, + // :ref:`verify_certificate_hash + // `, or + // :ref:`match_typed_subject_alt_names + // `) is also + // specified. + // + // It can optionally contain certificate revocation lists, in which case Envoy will verify + // that the presented peer certificate has not been revoked by one of the included CRLs. Note + // that if a CRL is provided for any certificate authority in a trust chain, a CRL must be + // provided for all certificate authorities in that chain. Failure to do so will result in + // verification failure for both revoked and unrevoked certificates from that chain. + // The behavior of requiring all certificates to contain CRLs can be altered by + // setting :ref:`only_verify_leaf_cert_crl ` + // true. If set to true, only the final certificate in the chain undergoes CRL verification. + // + // See :ref:`the TLS overview ` for a list of common + // system CA locations. + // + // If ``trusted_ca`` is a filesystem path, a watch will be added to the parent + // directory for any file moves to support rotation. This currently only + // applies to dynamic secrets, when the ``CertificateValidationContext`` is + // delivered via SDS. + // + // X509_V_FLAG_PARTIAL_CHAIN is set by default, so non-root/intermediate ca certificate in ``trusted_ca`` + // can be treated as trust anchor as well. It allows verification with building valid partial chain instead + // of a full chain. + // + // If ``ca_certificate_provider_instance`` is set, it takes precedence over ``trusted_ca``. + config.core.v3.DataSource trusted_ca = 1 + [(udpa.annotations.field_migrate).oneof_promotion = "ca_cert_source"]; + + // Certificate provider instance for fetching TLS certificates. + // + // If set, takes precedence over ``trusted_ca``. + // [#not-implemented-hide:] + CertificateProviderPluginInstance ca_certificate_provider_instance = 13 + [(udpa.annotations.field_migrate).oneof_promotion = "ca_cert_source"]; + + // Use system root certs for validation. + // If present, system root certs are used only if neither of the ``trusted_ca`` + // or ``ca_certificate_provider_instance`` fields are set. + // [#not-implemented-hide:] + SystemRootCerts system_root_certs = 17; + + // If specified, updates of a file-based ``trusted_ca`` source will be triggered + // by this watch. This allows explicit control over the path watched, by + // default the parent directory of the filesystem path in ``trusted_ca`` is + // watched if this field is not specified. This only applies when a + // ``CertificateValidationContext`` is delivered by SDS with references to + // filesystem paths. See the :ref:`SDS key rotation ` + // documentation for further details. + config.core.v3.WatchedDirectory watched_directory = 11; + + // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the + // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate + // matches one of the specified values. + // + // A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate + // can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -noout -pubkey + // | openssl pkey -pubin -outform DER + // | openssl dgst -sha256 -binary + // | openssl enc -base64 + // NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A= + // + // This is the format used in HTTP Public Key Pinning. + // + // When both: + // :ref:`verify_certificate_hash + // ` and + // :ref:`verify_certificate_spki + // ` are specified, + // a hash matching value from either of the lists will result in the certificate being accepted. + // + // .. attention:: + // + // This option is preferred over :ref:`verify_certificate_hash + // `, + // because SPKI is tied to a private key, so it doesn't change when the certificate + // is renewed using the same private key. + repeated string verify_certificate_spki = 3 + [(validate.rules).repeated = {items {string {min_len: 44 max_bytes: 44}}}]; + + // An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that + // the SHA-256 of the DER-encoded presented certificate matches one of the specified values. + // + // A hex-encoded SHA-256 of the certificate can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2 + // df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a + // + // A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate + // can be generated with the following command: + // + // .. code-block:: bash + // + // $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2 + // DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A + // + // Both of those formats are acceptable. + // + // When both: + // :ref:`verify_certificate_hash + // ` and + // :ref:`verify_certificate_spki + // ` are specified, + // a hash matching value from either of the lists will result in the certificate being accepted. + repeated string verify_certificate_hash = 2 + [(validate.rules).repeated = {items {string {min_len: 64 max_bytes: 95}}}]; + + // An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the + // Subject Alternative Name of the presented certificate matches one of the specified matchers. + // The matching uses "any" semantics, that is to say, the SAN is verified if at least one matcher is + // matched. + // + // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be + // configured with exact match type in the :ref:`string matcher `. + // For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com", + // it should be configured as shown below. + // + // .. code-block:: yaml + // + // match_typed_subject_alt_names: + // - san_type: DNS + // matcher: + // exact: "api.example.com" + // + // .. attention:: + // + // Subject Alternative Names are easily spoofable and verifying only them is insecure, + // therefore this option must be used together with :ref:`trusted_ca + // `. + repeated SubjectAltNameMatcher match_typed_subject_alt_names = 15; + + // This field is deprecated in favor of + // :ref:`match_typed_subject_alt_names + // `. + // Note that if both this field and :ref:`match_typed_subject_alt_names + // ` + // are specified, the former (deprecated field) is ignored. + repeated type.matcher.v3.StringMatcher match_subject_alt_names = 9 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // [#not-implemented-hide:] Must present signed certificate time-stamp. + google.protobuf.BoolValue require_signed_certificate_timestamp = 6; + + // An optional `certificate revocation list + // `_ + // (in PEM format). If specified, Envoy will verify that the presented peer + // certificate has not been revoked by this CRL. If this DataSource contains + // multiple CRLs, all of them will be used. Note that if a CRL is provided + // for any certificate authority in a trust chain, a CRL must be provided + // for all certificate authorities in that chain. Failure to do so will + // result in verification failure for both revoked and unrevoked certificates + // from that chain. This default behavior can be altered by setting + // :ref:`only_verify_leaf_cert_crl ` to + // true. + // + // If ``crl`` is a filesystem path, a watch will be added to the parent + // directory for any file moves to support rotation. This currently only + // applies to dynamic secrets, when the ``CertificateValidationContext`` is + // delivered via SDS. + config.core.v3.DataSource crl = 7; + + // If specified, Envoy will not reject expired certificates. + bool allow_expired_certificate = 8; + + // Certificate trust chain verification mode. + TrustChainVerification trust_chain_verification = 10 + [(validate.rules).enum = {defined_only: true}]; + + // The configuration of an extension specific certificate validator. + // If specified, all validation is done by the specified validator, + // and the behavior of all other validation settings is defined by the specified validator (and may be entirely ignored, unused, and unvalidated). + // Refer to the documentation for the specified validator. If you do not want a custom validation algorithm, do not set this field. + // [#extension-category: envoy.tls.cert_validator] + config.core.v3.TypedExtensionConfig custom_validator_config = 12; + + // If this option is set to true, only the certificate at the end of the + // certificate chain will be subject to validation by :ref:`CRL `. + bool only_verify_leaf_cert_crl = 14; + + // Defines maximum depth of a certificate chain accepted in verification, the default limit is 100, though this can be system-dependent. + // This number does not include the leaf but includes the trust anchor, so a depth of 1 allows the leaf and one CA certificate. If a trusted issuer + // appears in the chain, but in a depth larger than configured, the certificate validation will fail. + // This matches the semantics of ``SSL_CTX_set_verify_depth`` in OpenSSL 1.0.x and older versions of BoringSSL. It differs from ``SSL_CTX_set_verify_depth`` + // in OpenSSL 1.1.x and newer versions of BoringSSL in that the trust anchor is included. + // Trusted issues are specified by setting :ref:`trusted_ca ` + google.protobuf.UInt32Value max_verify_depth = 16 [(validate.rules).uint32 = {lte: 100}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/c6d8f7809023346a853aedc7b74dd1f18dbb8be1dfe43cefecbc74b24ef29ee107f4f115a0481b954e41517f9d5c1d12d1a0eb3563bcdd5202b17d56555d8359 b/modules/sync/envoyproxy/envoy/cas/c6d8f7809023346a853aedc7b74dd1f18dbb8be1dfe43cefecbc74b24ef29ee107f4f115a0481b954e41517f9d5c1d12d1a0eb3563bcdd5202b17d56555d8359 new file mode 100644 index 00000000..e74ee1ef --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/c6d8f7809023346a853aedc7b74dd1f18dbb8be1dfe43cefecbc74b24ef29ee107f4f115a0481b954e41517f9d5c1d12d1a0eb3563bcdd5202b17d56555d8359 @@ -0,0 +1,49 @@ +syntax = "proto3"; + +package envoy.extensions.dynamic_modules.v3; + +import "xds/annotations/v3/status.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.dynamic_modules.v3"; +option java_outer_classname = "DynamicModulesProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/dynamic_modules/v3;dynamic_modulesv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (xds.annotations.v3.file_status).work_in_progress = true; + +// [#protodoc-title: Dynamic Modules common configuration] + +// Configuration of a dynamic module. A dynamic module is a shared object file that can be loaded via dlopen +// by various Envoy extension points. Currently, only HTTP filter (envoy.filters.http.dynamic_modules) is supported. +// +// How a module is loaded is determined by the extension point that uses it. For example, the HTTP filter +// loads the module with dlopen when Envoy receives a configuration that references the module at load time. +// If loading the module fails, the configuration will be rejected. +// +// Whether or not the shared object is the same is determined by the file path as well as the file's inode depending +// on the platform. Notably, if the file path and the content of the file are the same, the shared object will be reused. +// +// A module must be compatible with the ABI specified in :repo:`abi.h `. +// Currently, compatibility is only guaranteed by an exact version match between the Envoy +// codebase and the dynamic module SDKs. In the future, after the ABI is stabilized, we will revisit +// this restriction and hopefully provide a wider compatibility guarantee. Until then, Envoy +// checks the hash of the ABI header files to ensure that the dynamic modules are built against the +// same version of the ABI. +// +// Currently, the implementation is work in progress and not usable. +message DynamicModuleConfig { + // The name of the dynamic module. The client is expected to have some configuration indicating where to search for the module. + // In Envoy, the search path can only be configured via the environment variable ``ENVOY_DYNAMIC_MODULES_SEARCH_PATH``. + // The actual search path is ``${ENVOY_DYNAMIC_MODULES_SEARCH_PATH}/lib${name}.so``. TODO: make the search path configurable via + // command line options. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Set true to prevent the module from being unloaded with dlclose. + // This is useful for modules that have global state that should not be unloaded. + // A module is closed when no more references to it exist in the process. For example, + // no HTTP filters are using the module (e.g. after configuration update). + bool do_not_close = 3; +} diff --git a/modules/sync/envoyproxy/envoy/cas/c8daed978d22da1c6d9cfa605dabc020dece377ceda612fc6b219731e3eab82fea4a6d97ab9c7d875eec2ffeb37a216a2d4a9d1a289bde799d58600fafb88815 b/modules/sync/envoyproxy/envoy/cas/c8daed978d22da1c6d9cfa605dabc020dece377ceda612fc6b219731e3eab82fea4a6d97ab9c7d875eec2ffeb37a216a2d4a9d1a289bde799d58600fafb88815 new file mode 100644 index 00000000..ce549d6a --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/c8daed978d22da1c6d9cfa605dabc020dece377ceda612fc6b219731e3eab82fea4a6d97ab9c7d875eec2ffeb37a216a2d4a9d1a289bde799d58600fafb88815 @@ -0,0 +1,1247 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.http_connection_manager.v3; + +import "envoy/config/accesslog/v3/accesslog.proto"; +import "envoy/config/core/v3/address.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/config_source.proto"; +import "envoy/config/core/v3/extension.proto"; +import "envoy/config/core/v3/protocol.proto"; +import "envoy/config/core/v3/substitution_format_string.proto"; +import "envoy/config/route/v3/route.proto"; +import "envoy/config/route/v3/scoped_route.proto"; +import "envoy/config/trace/v3/http_tracer.proto"; +import "envoy/type/http/v3/path_transformation.proto"; +import "envoy/type/tracing/v3/custom_tag.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/security.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3"; +option java_outer_classname = "HttpConnectionManagerProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3;http_connection_managerv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: HTTP connection manager] +// HTTP connection manager :ref:`configuration overview `. +// [#extension: envoy.filters.network.http_connection_manager] + +// [#next-free-field: 59] +message HttpConnectionManager { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"; + + enum CodecType { + // For every new connection, the connection manager will determine which + // codec to use. This mode supports both ALPN for TLS listeners as well as + // protocol inference for plaintext listeners. If ALPN data is available, it + // is preferred, otherwise protocol inference is used. In almost all cases, + // this is the right option to choose for this setting. + AUTO = 0; + + // The connection manager will assume that the client is speaking HTTP/1.1. + HTTP1 = 1; + + // The connection manager will assume that the client is speaking HTTP/2 + // (Envoy does not require HTTP/2 to take place over TLS or to use ALPN. + // Prior knowledge is allowed). + HTTP2 = 2; + + // The connection manager will assume that the client is speaking HTTP/3. + // This needs to be consistent with listener and transport socket config. + HTTP3 = 3; + } + + enum ServerHeaderTransformation { + // Overwrite any Server header with the contents of server_name. + OVERWRITE = 0; + + // If no Server header is present, append Server server_name + // If a Server header is present, pass it through. + APPEND_IF_ABSENT = 1; + + // Pass through the value of the server header, and do not append a header + // if none is present. + PASS_THROUGH = 2; + } + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + enum ForwardClientCertDetails { + // Do not send the XFCC header to the next hop. This is the default value. + SANITIZE = 0; + + // When the client connection is mTLS (Mutual TLS), forward the XFCC header + // in the request. + FORWARD_ONLY = 1; + + // When the client connection is mTLS, append the client certificate + // information to the request’s XFCC header and forward it. + APPEND_FORWARD = 2; + + // When the client connection is mTLS, reset the XFCC header with the client + // certificate information and send it to the next hop. + SANITIZE_SET = 3; + + // Always forward the XFCC header in the request, regardless of whether the + // client connection is mTLS. + ALWAYS_FORWARD_ONLY = 4; + } + + // Determines the action for request that contain %2F, %2f, %5C or %5c sequences in the URI path. + // This operation occurs before URL normalization and the merge slashes transformations if they were enabled. + enum PathWithEscapedSlashesAction { + // Default behavior specific to implementation (i.e. Envoy) of this configuration option. + // Envoy, by default, takes the KEEP_UNCHANGED action. + // NOTE: the implementation may change the default behavior at-will. + IMPLEMENTATION_SPECIFIC_DEFAULT = 0; + + // Keep escaped slashes. + KEEP_UNCHANGED = 1; + + // Reject client request with the 400 status. gRPC requests will be rejected with the INTERNAL (13) error code. + // The "httpN.downstream_rq_failed_path_normalization" counter is incremented for each rejected request. + REJECT_REQUEST = 2; + + // Unescape %2F and %5C sequences and redirect request to the new path if these sequences were present. + // Redirect occurs after path normalization and merge slashes transformations if they were configured. + // NOTE: gRPC requests will be rejected with the INTERNAL (13) error code. + // This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to + // traverse all parties: downstream client, intermediate proxies, Envoy and upstream server. + // The "httpN.downstream_rq_redirected_with_normalized_path" counter is incremented for each + // redirected request. + UNESCAPE_AND_REDIRECT = 3; + + // Unescape %2F and %5C sequences. + // Note: this option should not be enabled if intermediaries perform path based access control as + // it may lead to path confusion vulnerabilities. + UNESCAPE_AND_FORWARD = 4; + } + + // [#next-free-field: 11] + message Tracing { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager.Tracing"; + + enum OperationName { + // The HTTP listener is used for ingress/incoming requests. + INGRESS = 0; + + // The HTTP listener is used for egress/outgoing requests. + EGRESS = 1; + } + + reserved 1, 2; + + reserved "operation_name", "request_headers_for_tags"; + + // Target percentage of requests managed by this HTTP connection manager that will be force + // traced if the :ref:`x-client-trace-id ` + // header is set. This field is a direct analog for the runtime variable + // 'tracing.client_enabled' in the :ref:`HTTP Connection Manager + // `. + // Default: 100% + type.v3.Percent client_sampling = 3; + + // Target percentage of requests managed by this HTTP connection manager that will be randomly + // selected for trace generation, if not requested by the client or not forced. This field is + // a direct analog for the runtime variable 'tracing.random_sampling' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.Percent random_sampling = 4; + + // Target percentage of requests managed by this HTTP connection manager that will be traced + // after all other sampling checks have been applied (client-directed, force tracing, random + // sampling). This field functions as an upper limit on the total configured sampling rate. For + // instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% + // of client requests with the appropriate headers to be force traced. This field is a direct + // analog for the runtime variable 'tracing.global_enabled' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.Percent overall_sampling = 5; + + // Whether to annotate spans with additional data. If true, spans will include logs for stream + // events. + bool verbose = 6; + + // Maximum length of the request path to extract and include in the HttpUrl tag. Used to + // truncate lengthy request paths to meet the needs of a tracing backend. + // Default: 256 + google.protobuf.UInt32Value max_path_tag_length = 7; + + // A list of custom tags with unique tag name to create tags for the active span. + repeated type.tracing.v3.CustomTag custom_tags = 8; + + // Configuration for an external tracing provider. + // If not specified, no tracing will be performed. + config.trace.v3.Tracing.Http provider = 9; + + // Create separate tracing span for each upstream request if true. And if this flag is set to true, + // the tracing provider will assume that Envoy will be independent hop in the trace chain and may + // set span type to client or server based on this flag. + // This will deprecate the + // :ref:`start_child_span ` + // in the router. + // + // Users should set appropriate value based on their tracing provider and actual scenario: + // + // * If Envoy is used as sidecar and users want to make the sidecar and its application as only one + // hop in the trace chain, this flag should be set to false. And please also make sure the + // :ref:`start_child_span ` + // in the router is not set to true. + // * If Envoy is used as gateway or independent proxy, or users want to make the sidecar and its + // application as different hops in the trace chain, this flag should be set to true. + // * If tracing provider that has explicit requirements on span creation (like SkyWalking), + // this flag should be set to true. + // + // The default value is false for now for backward compatibility. + google.protobuf.BoolValue spawn_upstream_span = 10; + } + + message InternalAddressConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager." + "InternalAddressConfig"; + + // Whether unix socket addresses should be considered internal. + bool unix_sockets = 1; + + // List of CIDR ranges that are treated as internal. If unset, then RFC1918 / RFC4193 + // IP addresses will be considered internal. + repeated config.core.v3.CidrRange cidr_ranges = 2; + } + + // [#next-free-field: 7] + message SetCurrentClientCertDetails { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager." + "SetCurrentClientCertDetails"; + + reserved 2; + + // Whether to forward the subject of the client cert. Defaults to false. + google.protobuf.BoolValue subject = 1; + + // Whether to forward the entire client cert in URL encoded PEM format. This will appear in the + // XFCC header comma separated from other values with the value Cert="PEM". + // Defaults to false. + bool cert = 3; + + // Whether to forward the entire client cert chain (including the leaf cert) in URL encoded PEM + // format. This will appear in the XFCC header comma separated from other values with the value + // Chain="PEM". + // Defaults to false. + bool chain = 6; + + // Whether to forward the DNS type Subject Alternative Names of the client cert. + // Defaults to false. + bool dns = 4; + + // Whether to forward the URI type Subject Alternative Name of the client cert. Defaults to + // false. + bool uri = 5; + } + + // The configuration for HTTP upgrades. + // For each upgrade type desired, an UpgradeConfig must be added. + // + // .. warning:: + // + // The current implementation of upgrade headers does not handle + // multi-valued upgrade headers. Support for multi-valued headers may be + // added in the future if needed. + // + // .. warning:: + // The current implementation of upgrade headers does not work with HTTP/2 + // upstreams. + message UpgradeConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager." + "UpgradeConfig"; + + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] + // will be proxied upstream. + string upgrade_type = 1; + + // If present, this represents the filter chain which will be created for + // this type of upgrade. If no filters are present, the filter chain for + // HTTP connections will be used for this upgrade type. + repeated HttpFilter filters = 2; + + // Determines if upgrades are enabled or disabled by default. Defaults to true. + // This can be overridden on a per-route basis with :ref:`cluster + // ` as documented in the + // :ref:`upgrade documentation `. + google.protobuf.BoolValue enabled = 3; + } + + // [#not-implemented-hide:] Transformations that apply to path headers. Transformations are applied + // before any processing of requests by HTTP filters, routing, and matching. Only the normalized + // path will be visible internally if a transformation is enabled. Any path rewrites that the + // router performs (e.g. :ref:`regex_rewrite + // ` or :ref:`prefix_rewrite + // `) will apply to the ``:path`` header + // destined for the upstream. + // + // Note: access logging and tracing will show the original ``:path`` header. + message PathNormalizationOptions { + // [#not-implemented-hide:] Normalization applies internally before any processing of requests by + // HTTP filters, routing, and matching *and* will affect the forwarded ``:path`` header. Defaults + // to :ref:`NormalizePathRFC3986 + // `. When not + // specified, this value may be overridden by the runtime variable + // :ref:`http_connection_manager.normalize_path`. + // Envoy will respond with 400 to paths that are malformed (e.g. for paths that fail RFC 3986 + // normalization due to disallowed characters.) + type.http.v3.PathTransformation forwarding_transformation = 1; + + // [#not-implemented-hide:] Normalization only applies internally before any processing of + // requests by HTTP filters, routing, and matching. These will be applied after full + // transformation is applied. The ``:path`` header before this transformation will be restored in + // the router filter and sent upstream unless it was mutated by a filter. Defaults to no + // transformations. + // Multiple actions can be applied in the same Transformation, forming a sequential + // pipeline. The transformations will be performed in the order that they appear. Envoy will + // respond with 400 to paths that are malformed (e.g. for paths that fail RFC 3986 + // normalization due to disallowed characters.) + type.http.v3.PathTransformation http_filter_transformation = 2; + } + + // Configures the manner in which the Proxy-Status HTTP response header is + // populated. + // + // See the [Proxy-Status + // RFC](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-proxy-status-08). + // [#comment:TODO: Update this with the non-draft URL when finalized.] + // + // The Proxy-Status header is a string of the form: + // + // "; error=; details=
" + // [#next-free-field: 7] + message ProxyStatusConfig { + // If true, the details field of the Proxy-Status header is not populated with stream_info.response_code_details. + // This value defaults to ``false``, i.e. the ``details`` field is populated by default. + bool remove_details = 1; + + // If true, the details field of the Proxy-Status header will not contain + // connection termination details. This value defaults to ``false``, i.e. the + // ``details`` field will contain connection termination details by default. + bool remove_connection_termination_details = 2; + + // If true, the details field of the Proxy-Status header will not contain an + // enumeration of the Envoy ResponseFlags. This value defaults to ``false``, + // i.e. the ``details`` field will contain a list of ResponseFlags by default. + bool remove_response_flags = 3; + + // If true, overwrites the existing Status header with the response code + // recommended by the Proxy-Status spec. + // This value defaults to ``false``, i.e. the HTTP response code is not + // overwritten. + bool set_recommended_response_code = 4; + + // The name of the proxy as it appears at the start of the Proxy-Status + // header. + // + // If neither of these values are set, this value defaults to ``server_name``, + // which itself defaults to "envoy". + oneof proxy_name { + // If ``use_node_id`` is set, Proxy-Status headers will use the Envoy's node + // ID as the name of the proxy. + bool use_node_id = 5; + + // If ``literal_proxy_name`` is set, Proxy-Status headers will use this + // value as the name of the proxy. + string literal_proxy_name = 6; + } + } + + message HcmAccessLogOptions { + // The interval to flush the above access logs. By default, the HCM will flush exactly one access log + // on stream close, when the HTTP request is complete. If this field is set, the HCM will flush access + // logs periodically at the specified interval. This is especially useful in the case of long-lived + // requests, such as CONNECT and Websockets. Final access logs can be detected via the + // ``requestComplete()`` method of ``StreamInfo`` in access log filters, or through the ``%DURATION%`` substitution + // string. + // The interval must be at least 1 millisecond. + google.protobuf.Duration access_log_flush_interval = 1 + [(validate.rules).duration = {gte {nanos: 1000000}}]; + + // If set to true, HCM will flush an access log when a new HTTP request is received, after request + // headers have been evaluated, before iterating through the HTTP filter chain. + // This log record, if enabled, does not depend on periodic log records or request completion log. + // Details related to upstream cluster, such as upstream host, will not be available for this log. + bool flush_access_log_on_new_request = 2; + + // If true, the HCM will flush an access log when a tunnel is successfully established. For example, + // this could be when an upstream has successfully returned 101 Switching Protocols, or when the proxy + // has returned 200 to a CONNECT request. + bool flush_log_on_tunnel_successfully_established = 3; + } + + reserved 27, 11; + + reserved "idle_timeout"; + + // Supplies the type of codec that the connection manager should use. + CodecType codec_type = 1 [(validate.rules).enum = {defined_only: true}]; + + // The human readable prefix to use when emitting statistics for the + // connection manager. See the :ref:`statistics documentation ` for + // more information. + string stat_prefix = 2 [(validate.rules).string = {min_len: 1}]; + + oneof route_specifier { + option (validate.required) = true; + + // The connection manager’s route table will be dynamically loaded via the RDS API. + Rds rds = 3; + + // The route table for the connection manager is static and is specified in this property. + config.route.v3.RouteConfiguration route_config = 4; + + // A route table will be dynamically assigned to each request based on request attributes + // (e.g., the value of a header). The "routing scopes" (i.e., route tables) and "scope keys" are + // specified in this message. + ScopedRoutes scoped_routes = 31; + } + + // A list of individual HTTP filters that make up the filter chain for + // requests made to the connection manager. :ref:`Order matters ` + // as the filters are processed sequentially as request events happen. + repeated HttpFilter http_filters = 5; + + // Whether the connection manager manipulates the :ref:`config_http_conn_man_headers_user-agent` + // and :ref:`config_http_conn_man_headers_downstream-service-cluster` headers. See the linked + // documentation for more information. Defaults to false. + google.protobuf.BoolValue add_user_agent = 6; + + // Presence of the object defines whether the connection manager + // emits :ref:`tracing ` data to the :ref:`configured tracing provider + // `. + Tracing tracing = 7; + + // Additional settings for HTTP requests handled by the connection manager. These will be + // applicable to both HTTP1 and HTTP2 requests. + config.core.v3.HttpProtocolOptions common_http_protocol_options = 35 + [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + + // If set to true, Envoy will not start a drain timer for downstream HTTP1 connections after + // :ref:`common_http_protocol_options.max_connection_duration + // ` passes. + // Instead, Envoy will wait for the next downstream request, add connection:close to the response + // headers, then close the connection after the stream ends. + // + // This behavior is compliant with `RFC 9112 section 9.6 `_ + // + // If set to false, ``max_connection_duration`` will cause Envoy to enter the normal drain + // sequence for HTTP1 with Envoy eventually closing the connection (once there are no active + // streams). + // + // Has no effect if ``max_connection_duration`` is unset. Defaults to false. + bool http1_safe_max_connection_duration = 58; + + // Additional HTTP/1 settings that are passed to the HTTP/1 codec. + // [#comment:TODO: The following fields are ignored when the + // :ref:`header validation configuration ` + // is present: + // 1. :ref:`allow_chunked_length `] + config.core.v3.Http1ProtocolOptions http_protocol_options = 8; + + // Additional HTTP/2 settings that are passed directly to the HTTP/2 codec. + config.core.v3.Http2ProtocolOptions http2_protocol_options = 9 + [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + + // Additional HTTP/3 settings that are passed directly to the HTTP/3 codec. + config.core.v3.Http3ProtocolOptions http3_protocol_options = 44; + + // An optional override that the connection manager will write to the server + // header in responses. If not set, the default is ``envoy``. + string server_name = 10 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Defines the action to be applied to the Server header on the response path. + // By default, Envoy will overwrite the header with the value specified in + // server_name. + ServerHeaderTransformation server_header_transformation = 34 + [(validate.rules).enum = {defined_only: true}]; + + // Allows for explicit transformation of the :scheme header on the request path. + // If not set, Envoy's default :ref:`scheme ` + // handling applies. + config.core.v3.SchemeHeaderTransformation scheme_header_transformation = 48; + + // The maximum request headers size for incoming connections. + // If unconfigured, the default max request headers allowed is 60 KiB. + // The default value can be overridden by setting runtime key ``envoy.reloadable_features.max_request_headers_size_kb``. + // Requests that exceed this limit will receive a 431 response. + // + // Note: currently some protocol codecs impose limits on the maximum size of a single header: + // HTTP/2 (when using nghttp2) limits a single header to around 100kb. + // HTTP/3 limits a single header to around 1024kb. + google.protobuf.UInt32Value max_request_headers_kb = 29 + [(validate.rules).uint32 = {lte: 8192 gt: 0}]; + + // The stream idle timeout for connections managed by the connection manager. + // If not specified, this defaults to 5 minutes. The default value was selected + // so as not to interfere with any smaller configured timeouts that may have + // existed in configurations prior to the introduction of this feature, while + // introducing robustness to TCP connections that terminate without a FIN. + // + // This idle timeout applies to new streams and is overridable by the + // :ref:`route-level idle_timeout + // `. Even on a stream in + // which the override applies, prior to receipt of the initial request + // headers, the :ref:`stream_idle_timeout + // ` + // applies. Each time an encode/decode event for headers or data is processed + // for the stream, the timer will be reset. If the timeout fires, the stream + // is terminated with a 408 Request Timeout error code if no upstream response + // header has been received, otherwise a stream reset occurs. + // + // This timeout also specifies the amount of time that Envoy will wait for the peer to open enough + // window to write any remaining stream data once the entirety of stream data (local end stream is + // true) has been buffered pending available window. In other words, this timeout defends against + // a peer that does not release enough window to completely write the stream, even though all + // data has been proxied within available flow control windows. If the timeout is hit in this + // case, the :ref:`tx_flush_timeout ` counter will be + // incremented. Note that :ref:`max_stream_duration + // ` does not apply to + // this corner case. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled according to the value for + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. + // + // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due + // to the granularity of events presented to the connection manager. For example, while receiving + // very large request headers, it may be the case that there is traffic regularly arriving on the + // wire while the connection manage is only able to observe the end-of-headers event, hence the + // stream may still idle timeout. + // + // A value of 0 will completely disable the connection manager stream idle + // timeout, although per-route idle timeout overrides will continue to apply. + google.protobuf.Duration stream_idle_timeout = 24 + [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + + // The amount of time that Envoy will wait for the entire request to be received. + // The timer is activated when the request is initiated, and is disarmed when the last byte of the + // request is sent upstream (i.e. all decoding filters have processed the request), OR when the + // response is initiated. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_timeout = 28 + [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + + // The amount of time that Envoy will wait for the request headers to be received. The timer is + // activated when the first byte of the headers is received, and is disarmed when the last byte of + // the headers has been received. If not specified or set to 0, this timeout is disabled. + google.protobuf.Duration request_headers_timeout = 41 [ + (validate.rules).duration = {gte {}}, + (udpa.annotations.security).configure_for_untrusted_downstream = true + ]; + + // The time that Envoy will wait between sending an HTTP/2 “shutdown + // notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame. + // This is used so that Envoy provides a grace period for new streams that + // race with the final GOAWAY frame. During this grace period, Envoy will + // continue to accept new streams. After the grace period, a final GOAWAY + // frame is sent and Envoy will start refusing new streams. Draining occurs + // either when a connection hits the idle timeout, when :ref:`max_connection_duration + // ` + // is reached, or during general server draining. The default grace period is + // 5000 milliseconds (5 seconds) if this option is not specified. + google.protobuf.Duration drain_timeout = 12; + + // The delayed close timeout is for downstream connections managed by the HTTP connection manager. + // It is defined as a grace period after connection close processing has been locally initiated + // during which Envoy will wait for the peer to close (i.e., a TCP FIN/RST is received by Envoy + // from the downstream connection) prior to Envoy closing the socket associated with that + // connection. + // NOTE: This timeout is enforced even when the socket associated with the downstream connection + // is pending a flush of the write buffer. However, any progress made writing data to the socket + // will restart the timer associated with this timeout. This means that the total grace period for + // a socket in this state will be + // +. + // + // Delaying Envoy's connection close and giving the peer the opportunity to initiate the close + // sequence mitigates a race condition that exists when downstream clients do not drain/process + // data in a connection's receive buffer after a remote close has been detected via a socket + // write(). This race leads to such clients failing to process the response code sent by Envoy, + // which could result in erroneous downstream processing. + // + // If the timeout triggers, Envoy will close the connection's socket. + // + // The default timeout is 1000 ms if this option is not specified. + // + // .. NOTE:: + // To be useful in avoiding the race condition described above, this timeout must be set + // to *at least* +<100ms to account for + // a reasonable "worst" case processing time for a full iteration of Envoy's event loop>. + // + // .. WARNING:: + // A value of 0 will completely disable delayed close processing. When disabled, the downstream + // connection's socket will be closed immediately after the write flush is completed or will + // never close if the write flush does not complete. + google.protobuf.Duration delayed_close_timeout = 26; + + // Configuration for :ref:`HTTP access logs ` + // emitted by the connection manager. + repeated config.accesslog.v3.AccessLog access_log = 13; + + // The interval to flush the above access logs. + // + // .. attention:: + // + // This field is deprecated in favor of + // :ref:`access_log_flush_interval + // `. + // Note that if both this field and :ref:`access_log_flush_interval + // ` + // are specified, the former (deprecated field) is ignored. + google.protobuf.Duration access_log_flush_interval = 54 [ + deprecated = true, + (validate.rules).duration = {gte {nanos: 1000000}}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // If set to true, HCM will flush an access log once when a new HTTP request is received, after the request + // headers have been evaluated, and before iterating through the HTTP filter chain. + // + // .. attention:: + // + // This field is deprecated in favor of + // :ref:`flush_access_log_on_new_request + // `. + // Note that if both this field and :ref:`flush_access_log_on_new_request + // ` + // are specified, the former (deprecated field) is ignored. + bool flush_access_log_on_new_request = 55 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Additional access log options for HTTP connection manager. + HcmAccessLogOptions access_log_options = 56; + + // If set to true, the connection manager will use the real remote address + // of the client connection when determining internal versus external origin and manipulating + // various headers. If set to false or absent, the connection manager will use the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for`, + // :ref:`config_http_conn_man_headers_x-envoy-internal`, and + // :ref:`config_http_conn_man_headers_x-envoy-external-address` for more information. + google.protobuf.BoolValue use_remote_address = 14 + [(udpa.annotations.security).configure_for_untrusted_downstream = true]; + + // The number of additional ingress proxy hops from the right side of the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when + // determining the origin client's IP address. The default is zero if this option + // is not specified. See the documentation for + // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. + uint32 xff_num_trusted_hops = 19; + + // The configuration for the original IP detection extensions. + // + // When configured the extensions will be called along with the request headers + // and information about the downstream connection, such as the directly connected address. + // Each extension will then use these parameters to decide the request's effective remote address. + // If an extension fails to detect the original IP address and isn't configured to reject + // the request, the HCM will try the remaining extensions until one succeeds or rejects + // the request. If the request isn't rejected nor any extension succeeds, the HCM will + // fallback to using the remote address. + // + // .. WARNING:: + // Extensions cannot be used in conjunction with :ref:`use_remote_address + // ` + // nor :ref:`xff_num_trusted_hops + // `. + // + // [#extension-category: envoy.http.original_ip_detection] + repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46; + + // The configuration for the early header mutation extensions. + // + // When configured the extensions will be called before any routing, tracing, or any filter processing. + // Each extension will be applied in the order they are configured. + // If the same header is mutated by multiple extensions, then the last extension will win. + // + // [#extension-category: envoy.http.early_header_mutation] + repeated config.core.v3.TypedExtensionConfig early_header_mutation_extensions = 52; + + // Configures what network addresses are considered internal for stats and header sanitation + // purposes. If unspecified, only RFC1918 IP addresses will be considered internal. + // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more + // information about internal/external addresses. + // + // .. warning:: + // As of Envoy 1.33.0 no IP addresses will be considered trusted. If you have tooling such as probes + // on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) + // you will have to manually include those addresses or CIDR ranges like: + // + // .. validated-code-block:: yaml + // :type-name: envoy.extensions.filters.network.http_connection_manager.v3.InternalAddressConfig + // + // cidr_ranges: + // address_prefix: 10.0.0.0 + // prefix_len: 8 + // cidr_ranges: + // address_prefix: 192.168.0.0 + // prefix_len: 16 + // cidr_ranges: + // address_prefix: 172.16.0.0 + // prefix_len: 12 + // cidr_ranges: + // address_prefix: 127.0.0.1 + // prefix_len: 32 + // cidr_ranges: + // address_prefix: fd00:: + // prefix_len: 8 + // cidr_ranges: + // address_prefix: ::1 + // prefix_len: 128 + // + InternalAddressConfig internal_address_config = 25; + + // If set, Envoy will not append the remote address to the + // :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header. This may be used in + // conjunction with HTTP filters that explicitly manipulate XFF after the HTTP connection manager + // has mutated the request headers. While :ref:`use_remote_address + // ` + // will also suppress XFF addition, it has consequences for logging and other + // Envoy uses of the remote address, so ``skip_xff_append`` should be used + // when only an elision of XFF addition is intended. + bool skip_xff_append = 21; + + // Via header value to append to request and response headers. If this is + // empty, no via header will be appended. + string via = 22 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Whether the connection manager will generate the :ref:`x-request-id + // ` header if it does not exist. This defaults to + // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature + // is not desired it can be disabled. + google.protobuf.BoolValue generate_request_id = 15; + + // Whether the connection manager will keep the :ref:`x-request-id + // ` header if passed for a request that is edge + // (Edge request is the request from external clients to front Envoy) and not reset it, which + // is the current Envoy behaviour. This defaults to false. + bool preserve_external_request_id = 32; + + // If set, Envoy will always set :ref:`x-request-id ` header in response. + // If this is false or not set, the request ID is returned in responses only if tracing is forced using + // :ref:`x-envoy-force-trace ` header. + bool always_set_request_id_in_response = 37; + + // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP + // header. + ForwardClientCertDetails forward_client_cert_details = 16 + [(validate.rules).enum = {defined_only: true}]; + + // This field is valid only when :ref:`forward_client_cert_details + // ` + // is APPEND_FORWARD or SANITIZE_SET and the client connection is mTLS. It specifies the fields in + // the client certificate to be forwarded. Note that in the + // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, ``Hash`` is always set, and + // ``By`` is always set when the client certificate presents the URI type Subject Alternative Name + // value. + SetCurrentClientCertDetails set_current_client_cert_details = 17; + + // If proxy_100_continue is true, Envoy will proxy incoming "Expect: + // 100-continue" headers upstream, and forward "100 Continue" responses + // downstream. If this is false or not set, Envoy will instead strip the + // "Expect: 100-continue" header, and send a "100 Continue" response itself. + bool proxy_100_continue = 18; + + // If + // :ref:`use_remote_address + // ` + // is true and represent_ipv4_remote_address_as_ipv4_mapped_ipv6 is true and the remote address is + // an IPv4 address, the address will be mapped to IPv6 before it is appended to ``x-forwarded-for``. + // This is useful for testing compatibility of upstream services that parse the header value. For + // example, 50.0.0.1 is represented as ::FFFF:50.0.0.1. See `IPv4-Mapped IPv6 Addresses + // `_ for details. This will also affect the + // :ref:`config_http_conn_man_headers_x-envoy-external-address` header. See + // :ref:`http_connection_manager.represent_ipv4_remote_address_as_ipv4_mapped_ipv6 + // ` for runtime + // control. + // [#not-implemented-hide:] + bool represent_ipv4_remote_address_as_ipv4_mapped_ipv6 = 20; + + repeated UpgradeConfig upgrade_configs = 23; + + // Should paths be normalized according to RFC 3986 before any processing of + // requests by HTTP filters or routing? This affects the upstream ``:path`` header + // as well. For paths that fail this check, Envoy will respond with 400 to + // paths that are malformed. This defaults to false currently but will default + // true in the future. When not specified, this value may be overridden by the + // runtime variable + // :ref:`http_connection_manager.normalize_path`. + // See `Normalization and Comparison `_ + // for details of normalization. + // Note that Envoy does not perform + // `case normalization `_ + // [#comment:TODO: This field is ignored when the + // :ref:`header validation configuration ` + // is present.] + google.protobuf.BoolValue normalize_path = 30; + + // Determines if adjacent slashes in the path are merged into one before any processing of + // requests by HTTP filters or routing. This affects the upstream ``:path`` header as well. Without + // setting this option, incoming requests with path ``//dir///file`` will not match against route + // with ``prefix`` match set to ``/dir``. Defaults to ``false``. Note that slash merging is not part of + // `HTTP spec `_ and is provided for convenience. + // [#comment:TODO: This field is ignored when the + // :ref:`header validation configuration ` + // is present.] + bool merge_slashes = 33; + + // Action to take when request URL path contains escaped slash sequences (%2F, %2f, %5C and %5c). + // The default value can be overridden by the :ref:`http_connection_manager.path_with_escaped_slashes_action` + // runtime variable. + // The :ref:`http_connection_manager.path_with_escaped_slashes_action_sampling` runtime + // variable can be used to apply the action to a portion of all requests. + // [#comment:TODO: This field is ignored when the + // :ref:`header validation configuration ` + // is present.] + PathWithEscapedSlashesAction path_with_escaped_slashes_action = 45; + + // The configuration of the request ID extension. This includes operations such as + // generation, validation, and associated tracing operations. If empty, the + // :ref:`UuidRequestIdConfig ` + // default extension is used with default parameters. See the documentation for that extension + // for details on what it does. Customizing the configuration for the default extension can be + // achieved by configuring it explicitly here. For example, to disable trace reason packing, + // the following configuration can be used: + // + // .. validated-code-block:: yaml + // :type-name: envoy.extensions.filters.network.http_connection_manager.v3.RequestIDExtension + // + // typed_config: + // "@type": type.googleapis.com/envoy.extensions.request_id.uuid.v3.UuidRequestIdConfig + // pack_trace_reason: false + // + // [#extension-category: envoy.request_id] + RequestIDExtension request_id_extension = 36; + + // The configuration to customize local reply returned by Envoy. It can customize status code, + // body text and response content type. If not specified, status code and text body are hard + // coded in Envoy, the response content type is plain text. + LocalReplyConfig local_reply_config = 38; + + // Determines if the port part should be removed from host/authority header before any processing + // of request by HTTP filters or routing. The port would be removed only if it is equal to the :ref:`listener's` + // local port. This affects the upstream host header unless the method is + // CONNECT in which case if no filter adds a port the original port will be restored before headers are + // sent upstream. + // Without setting this option, incoming requests with host ``example:443`` will not match against + // route with :ref:`domains` match set to ``example``. Defaults to ``false``. Note that port removal is not part + // of `HTTP spec `_ and is provided for convenience. + // Only one of ``strip_matching_host_port`` or ``strip_any_host_port`` can be set. + bool strip_matching_host_port = 39 + [(udpa.annotations.field_migrate).oneof_promotion = "strip_port_mode"]; + + oneof strip_port_mode { + // Determines if the port part should be removed from host/authority header before any processing + // of request by HTTP filters or routing. + // This affects the upstream host header unless the method is CONNECT in + // which case if no filter adds a port the original port will be restored before headers are sent upstream. + // Without setting this option, incoming requests with host ``example:443`` will not match against + // route with :ref:`domains` match set to ``example``. Defaults to ``false``. Note that port removal is not part + // of `HTTP spec `_ and is provided for convenience. + // Only one of ``strip_matching_host_port`` or ``strip_any_host_port`` can be set. + bool strip_any_host_port = 42; + } + + // Governs Envoy's behavior when receiving invalid HTTP from downstream. + // If this option is false (default), Envoy will err on the conservative side handling HTTP + // errors, terminating both HTTP/1.1 and HTTP/2 connections when receiving an invalid request. + // If this option is set to true, Envoy will be more permissive, only resetting the invalid + // stream in the case of HTTP/2 and leaving the connection open where possible (if the entire + // request is read for HTTP/1.1) + // In general this should be true for deployments receiving trusted traffic (L2 Envoys, + // company-internal mesh) and false when receiving untrusted traffic (edge deployments). + // + // If different behaviors for invalid_http_message for HTTP/1 and HTTP/2 are + // desired, one should use the new HTTP/1 option :ref:`override_stream_error_on_invalid_http_message + // ` or the new HTTP/2 option + // :ref:`override_stream_error_on_invalid_http_message + // ` + // ``not`` the deprecated but similarly named :ref:`stream_error_on_invalid_http_messaging + // ` + google.protobuf.BoolValue stream_error_on_invalid_http_message = 40; + + // [#not-implemented-hide:] Path normalization configuration. This includes + // configurations for transformations (e.g. RFC 3986 normalization or merge + // adjacent slashes) and the policy to apply them. The policy determines + // whether transformations affect the forwarded ``:path`` header. RFC 3986 path + // normalization is enabled by default and the default policy is that the + // normalized header will be forwarded. See :ref:`PathNormalizationOptions + // ` + // for details. + PathNormalizationOptions path_normalization_options = 43; + + // Determines if trailing dot of the host should be removed from host/authority header before any + // processing of request by HTTP filters or routing. + // This affects the upstream host header. + // Without setting this option, incoming requests with host ``example.com.`` will not match against + // route with :ref:`domains` match set to ``example.com``. Defaults to ``false``. + // When the incoming request contains a host/authority header that includes a port number, + // setting this option will strip a trailing dot, if present, from the host section, + // leaving the port as is (e.g. host value ``example.com.:443`` will be updated to ``example.com:443``). + bool strip_trailing_host_dot = 47; + + // Proxy-Status HTTP response header configuration. + // If this config is set, the Proxy-Status HTTP response header field is + // populated. By default, it is not. + ProxyStatusConfig proxy_status_config = 49; + + // Configuration options for Header Validation (UHV). + // UHV is an extensible mechanism for checking validity of HTTP requests as well as providing + // normalization for request attributes, such as URI path. + // If the typed_header_validation_config is present it overrides the following options: + // ``normalize_path``, ``merge_slashes``, ``path_with_escaped_slashes_action`` + // ``http_protocol_options.allow_chunked_length``, ``common_http_protocol_options.headers_with_underscores_action``. + // + // The default UHV checks the following: + // + // #. HTTP/1 header map validity according to `RFC 7230 section 3.2`_ + // #. Syntax of HTTP/1 request target URI and response status + // #. HTTP/2 header map validity according to `RFC 7540 section 8.1.2`_ + // #. Syntax of HTTP/3 pseudo headers + // #. Syntax of ``Content-Length`` and ``Transfer-Encoding`` + // #. Validation of HTTP/1 requests with both ``Content-Length`` and ``Transfer-Encoding`` headers + // #. Normalization of the URI path according to `Normalization and Comparison `_ + // without `case normalization `_ + // + // [#not-implemented-hide:] + // [#extension-category: envoy.http.header_validators] + config.core.v3.TypedExtensionConfig typed_header_validation_config = 50; + + // Append the ``x-forwarded-port`` header with the port value client used to connect to Envoy. It + // will be ignored if the ``x-forwarded-port`` header has been set by any trusted proxy in front of Envoy. + bool append_x_forwarded_port = 51; + + // Append the :ref:`config_http_conn_man_headers_x-envoy-local-overloaded` HTTP header in the scenario where + // the Overload Manager has been triggered. + bool append_local_overload = 57; + + // Whether the HCM will add ProxyProtocolFilterState to the Connection lifetime filter state. Defaults to ``true``. + // This should be set to ``false`` in cases where Envoy's view of the downstream address may not correspond to the + // actual client address, for example, if there's another proxy in front of the Envoy. + google.protobuf.BoolValue add_proxy_protocol_connection_state = 53; +} + +// The configuration to customize local reply returned by Envoy. +message LocalReplyConfig { + // Configuration of list of mappers which allows to filter and change local response. + // The mappers will be checked by the specified order until one is matched. + repeated ResponseMapper mappers = 1; + + // The configuration to form response body from the :ref:`command operators ` + // and to specify response content type as one of: plain/text or application/json. + // + // Example one: "plain/text" ``body_format``. + // + // .. validated-code-block:: yaml + // :type-name: envoy.config.core.v3.SubstitutionFormatString + // + // text_format: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%\n" + // + // The following response body in "plain/text" format will be generated for a request with + // local reply body of "upstream connection error", response_code=503 and path=/foo. + // + // .. code-block:: text + // + // upstream connect error:503:path=/foo + // + // Example two: "application/json" ``body_format``. + // + // .. validated-code-block:: yaml + // :type-name: envoy.config.core.v3.SubstitutionFormatString + // + // json_format: + // status: "%RESPONSE_CODE%" + // message: "%LOCAL_REPLY_BODY%" + // path: "%REQ(:path)%" + // + // The following response body in "application/json" format would be generated for a request with + // local reply body of "upstream connection error", response_code=503 and path=/foo. + // + // .. code-block:: json + // + // { + // "status": 503, + // "message": "upstream connection error", + // "path": "/foo" + // } + // + config.core.v3.SubstitutionFormatString body_format = 2; +} + +// The configuration to filter and change local response. +// [#next-free-field: 6] +message ResponseMapper { + // Filter to determine if this mapper should apply. + config.accesslog.v3.AccessLogFilter filter = 1 [(validate.rules).message = {required: true}]; + + // The new response status code if specified. + google.protobuf.UInt32Value status_code = 2 [(validate.rules).uint32 = {lt: 600 gte: 200}]; + + // The new local reply body text if specified. It will be used in the ``%LOCAL_REPLY_BODY%`` + // command operator in the ``body_format``. + config.core.v3.DataSource body = 3; + + // A per mapper ``body_format`` to override the :ref:`body_format `. + // It will be used when this mapper is matched. + config.core.v3.SubstitutionFormatString body_format_override = 4; + + // HTTP headers to add to a local reply. This allows the response mapper to append, to add + // or to override headers of any local reply before it is sent to a downstream client. + repeated config.core.v3.HeaderValueOption headers_to_add = 5 + [(validate.rules).repeated = {max_items: 1000}]; +} + +message Rds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.Rds"; + + // Configuration source specifier for RDS. + config.core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}]; + + // The name of the route configuration. This name will be passed to the RDS + // API. This allows an Envoy configuration with multiple HTTP listeners (and + // associated HTTP connection manager filters) to use different route + // configurations. + string route_config_name = 2; +} + +// This message is used to work around the limitations with 'oneof' and repeated fields. +message ScopedRouteConfigurationsList { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.ScopedRouteConfigurationsList"; + + repeated config.route.v3.ScopedRouteConfiguration scoped_route_configurations = 1 + [(validate.rules).repeated = {min_items: 1}]; +} + +// [#next-free-field: 6] +message ScopedRoutes { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.ScopedRoutes"; + + // Specifies the mechanism for constructing "scope keys" based on HTTP request attributes. These + // keys are matched against a set of :ref:`Key` + // objects assembled from :ref:`ScopedRouteConfiguration` + // messages distributed via SRDS (the Scoped Route Discovery Service) or assigned statically via + // :ref:`scoped_route_configurations_list`. + // + // Upon receiving a request's headers, the Router will build a key using the algorithm specified + // by this message. This key will be used to look up the routing table (i.e., the + // :ref:`RouteConfiguration`) to use for the request. + message ScopeKeyBuilder { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.ScopedRoutes.ScopeKeyBuilder"; + + // Specifies the mechanism for constructing key fragments which are composed into scope keys. + message FragmentBuilder { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.ScopedRoutes.ScopeKeyBuilder." + "FragmentBuilder"; + + // Specifies how the value of a header should be extracted. + // The following example maps the structure of a header to the fields in this message. + // + // .. code:: + // + // <0> <1> <-- index + // X-Header: a=b;c=d + // | || | + // | || \----> + // | || + // | |\----> + // | | + // | \----> + // | + // \----> + // + // Each 'a=b' key-value pair constitutes an 'element' of the header field. + message HeaderValueExtractor { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.ScopedRoutes.ScopeKeyBuilder." + "FragmentBuilder.HeaderValueExtractor"; + + // Specifies a header field's key value pair to match on. + message KvElement { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.ScopedRoutes.ScopeKeyBuilder." + "FragmentBuilder.HeaderValueExtractor.KvElement"; + + // The separator between key and value (e.g., '=' separates 'k=v;...'). + // If an element is an empty string, the element is ignored. + // If an element contains no separator, the whole element is parsed as key and the + // fragment value is an empty string. + // If there are multiple values for a matched key, the first value is returned. + string separator = 1 [(validate.rules).string = {min_len: 1}]; + + // The key to match on. + string key = 2 [(validate.rules).string = {min_len: 1}]; + } + + // The name of the header field to extract the value from. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + string name = 1 [ + (validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false} + ]; + + // The element separator (e.g., ';' separates 'a;b;c;d'). + // Default: empty string. This causes the entirety of the header field to be extracted. + // If this field is set to an empty string and 'index' is used in the oneof below, 'index' + // must be set to 0. + string element_separator = 2; + + oneof extract_type { + // Specifies the zero based index of the element to extract. + // Note Envoy concatenates multiple values of the same header key into a comma separated + // string, the splitting always happens after the concatenation. + uint32 index = 3; + + // Specifies the key value pair to extract the value from. + KvElement element = 4; + } + } + + oneof type { + option (validate.required) = true; + + // Specifies how a header field's value should be extracted. + HeaderValueExtractor header_value_extractor = 1; + } + } + + // The final(built) scope key consists of the ordered union of these fragments, which are compared in order with the + // fragments of a :ref:`ScopedRouteConfiguration`. + // A missing fragment during comparison will make the key invalid, i.e., the computed key doesn't match any key. + repeated FragmentBuilder fragments = 1 [(validate.rules).repeated = {min_items: 1}]; + } + + // The name assigned to the scoped routing configuration. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // The algorithm to use for constructing a scope key for each request. + ScopeKeyBuilder scope_key_builder = 2 [(validate.rules).message = {required: true}]; + + // Configuration source specifier for RDS. + // This config source is used to subscribe to RouteConfiguration resources specified in + // ScopedRouteConfiguration messages. + config.core.v3.ConfigSource rds_config_source = 3; + + oneof config_specifier { + option (validate.required) = true; + + // The set of routing scopes corresponding to the HCM. A scope is assigned to a request by + // matching a key constructed from the request's attributes according to the algorithm specified + // by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRouteConfigurationsList scoped_route_configurations_list = 4; + + // The set of routing scopes associated with the HCM will be dynamically loaded via the SRDS + // API. A scope is assigned to a request by matching a key constructed from the request's + // attributes according to the algorithm specified by the + // :ref:`ScopeKeyBuilder` + // in this message. + ScopedRds scoped_rds = 5; + } +} + +message ScopedRds { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.ScopedRds"; + + // Configuration source specifier for scoped RDS. + config.core.v3.ConfigSource scoped_rds_config_source = 1 + [(validate.rules).message = {required: true}]; + + // xdstp:// resource locator for scoped RDS collection. + // [#not-implemented-hide:] + string srds_resources_locator = 2; +} + +// [#next-free-field: 8] +message HttpFilter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.HttpFilter"; + + reserved 3, 2; + + reserved "config"; + + // The name of the filter configuration. It also serves as a resource name in ExtensionConfigDS. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + oneof config_type { + // Filter specific configuration which depends on the filter being instantiated. See the supported + // filters for further documentation. + // + // To support configuring a :ref:`match tree `, use an + // :ref:`ExtensionWithMatcher ` + // with the desired HTTP filter. + // [#extension-category: envoy.filters.http] + google.protobuf.Any typed_config = 4; + + // Configuration source specifier for an extension configuration discovery service. + // In case of a failure and without the default configuration, the HTTP listener responds with code 500. + // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061). + // + // To support configuring a :ref:`match tree `, use an + // :ref:`ExtensionWithMatcher ` + // with the desired HTTP filter. This works for both the default filter configuration as well + // as for filters provided via the API. + config.core.v3.ExtensionConfigSource config_discovery = 5; + } + + // If true, clients that do not support this filter may ignore the + // filter but otherwise accept the config. + // Otherwise, clients that do not support this filter must reject the config. + bool is_optional = 6; + + // If true, the filter is disabled by default and must be explicitly enabled by setting + // per filter configuration in the route configuration. + // See :ref:`route based filter chain ` + // for more details. + // + // Terminal filters (e.g. ``envoy.filters.http.router``) cannot be marked as disabled. + bool disabled = 7; +} + +message RequestIDExtension { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.http_connection_manager.v2.RequestIDExtension"; + + // Request ID extension specific configuration. + google.protobuf.Any typed_config = 1; +} + +// [#protodoc-title: Envoy Mobile HTTP connection manager] +// HTTP connection manager for use in Envoy mobile. +// [#extension: envoy.filters.network.envoy_mobile_http_connection_manager] +message EnvoyMobileHttpConnectionManager { + // The configuration for the underlying HttpConnectionManager which will be + // instantiated for Envoy mobile. + HttpConnectionManager config = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/cb69962e85abacb9240973a33cfde3c0751df04be12d99b5c8736416893a6d084fecfe9e9bdc6e6e29831ca852072f21ad08a501d1c105103dec24e7f43a8fad b/modules/sync/envoyproxy/envoy/cas/cb69962e85abacb9240973a33cfde3c0751df04be12d99b5c8736416893a6d084fecfe9e9bdc6e6e29831ca852072f21ad08a501d1c105103dec24e7f43a8fad new file mode 100644 index 00000000..d3bca54b --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/cb69962e85abacb9240973a33cfde3c0751df04be12d99b5c8736416893a6d084fecfe9e9bdc6e6e29831ca852072f21ad08a501d1c105103dec24e7f43a8fad @@ -0,0 +1,514 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ext_authz.v3; + +import "envoy/config/common/mutation_rules/v3/mutation_rules.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/config_source.proto"; +import "envoy/config/core/v3/grpc_service.proto"; +import "envoy/config/core/v3/http_uri.proto"; +import "envoy/type/matcher/v3/metadata.proto"; +import "envoy/type/matcher/v3/string.proto"; +import "envoy/type/v3/http_status.proto"; + +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3"; +option java_outer_classname = "ExtAuthzProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3;ext_authzv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: External Authorization] +// External Authorization :ref:`configuration overview `. +// [#extension: envoy.filters.http.ext_authz] + +// [#next-free-field: 30] +message ExtAuthz { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ext_authz.v3.ExtAuthz"; + + reserved 4; + + reserved "use_alpha"; + + // External authorization service configuration. + oneof services { + // gRPC service configuration (default timeout: 200ms). + config.core.v3.GrpcService grpc_service = 1; + + // HTTP service configuration (default timeout: 200ms). + HttpService http_service = 3; + } + + // API version for ext_authz transport protocol. This describes the ext_authz gRPC endpoint and + // version of messages used on the wire. + config.core.v3.ApiVersion transport_api_version = 12 + [(validate.rules).enum = {defined_only: true}]; + + // Changes filter's behavior on errors: + // + // 1. When set to true, the filter will ``accept`` client request even if the communication with + // the authorization service has failed, or if the authorization service has returned a HTTP 5xx + // error. + // + // 2. When set to false, ext-authz will ``reject`` client requests and return a ``Forbidden`` + // response if the communication with the authorization service has failed, or if the + // authorization service has returned a HTTP 5xx error. + // + // Note that errors can be ``always`` tracked in the :ref:`stats + // `. + bool failure_mode_allow = 2; + + // When ``failure_mode_allow`` and ``failure_mode_allow_header_add`` are both set to true, + // ``x-envoy-auth-failure-mode-allowed: true`` will be added to request headers if the communication + // with the authorization service has failed, or if the authorization service has returned a + // HTTP 5xx error. + bool failure_mode_allow_header_add = 19; + + // Enables filter to buffer the client request body and send it within the authorization request. + // A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization + // request message indicating if the body data is partial. + BufferSettings with_request_body = 5; + + // Clears route cache in order to allow the external authorization service to correctly affect + // routing decisions. Filter clears all cached routes when: + // + // 1. The field is set to ``true``. + // + // 2. The status returned from the authorization service is a HTTP 200 or gRPC 0. + // + // 3. At least one ``authorization response header`` is added to the client request, or is used for + // altering another client request header. + // + bool clear_route_cache = 6; + + // Sets the HTTP status that is returned to the client when the authorization server returns an error + // or cannot be reached. The default status is HTTP 403 Forbidden. + type.v3.HttpStatus status_on_error = 7; + + // When this is set to true, the filter will check the :ref:`ext_authz response + // ` for invalid header & + // query parameter mutations. If the side stream response is invalid, it will send a local reply + // to the downstream request with status HTTP 500 Internal Server Error. + // + // Note that headers_to_remove & query_parameters_to_remove are validated, but invalid elements in + // those fields should not affect any headers & thus will not cause the filter to send a local + // reply. + // + // When set to false, any invalid mutations will be visible to the rest of envoy and may cause + // unexpected behavior. + // + // If you are using ext_authz with an untrusted ext_authz server, you should set this to true. + bool validate_mutations = 24; + + // Specifies a list of metadata namespaces whose values, if present, will be passed to the + // ext_authz service. The :ref:`filter_metadata ` + // is passed as an opaque ``protobuf::Struct``. + // + // Please note that this field exclusively applies to the gRPC ext_authz service and has no effect on the HTTP service. + // + // For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata + // ` is set, + // then the following will pass the jwt payload to the authorization server. + // + // .. code-block:: yaml + // + // metadata_context_namespaces: + // - envoy.filters.http.jwt_authn + // + repeated string metadata_context_namespaces = 8; + + // Specifies a list of metadata namespaces whose values, if present, will be passed to the + // ext_authz service. :ref:`typed_filter_metadata ` + // is passed as a ``protobuf::Any``. + // + // Please note that this field exclusively applies to the gRPC ext_authz service and has no effect on the HTTP service. + // + // It works in a way similar to ``metadata_context_namespaces`` but allows Envoy and ext_authz server to share + // the protobuf message definition in order to do a safe parsing. + // + repeated string typed_metadata_context_namespaces = 16; + + // Specifies a list of route metadata namespaces whose values, if present, will be passed to the + // ext_authz service at :ref:`route_metadata_context ` in + // :ref:`CheckRequest `. + // :ref:`filter_metadata ` is passed as an opaque ``protobuf::Struct``. + repeated string route_metadata_context_namespaces = 21; + + // Specifies a list of route metadata namespaces whose values, if present, will be passed to the + // ext_authz service at :ref:`route_metadata_context ` in + // :ref:`CheckRequest `. + // :ref:`typed_filter_metadata ` is passed as an ``protobuf::Any``. + repeated string route_typed_metadata_context_namespaces = 22; + + // Specifies if the filter is enabled. + // + // If :ref:`runtime_key ` is specified, + // Envoy will lookup the runtime key to get the percentage of requests to filter. + // + // If this field is not specified, the filter will be enabled for all requests. + config.core.v3.RuntimeFractionalPercent filter_enabled = 9; + + // Specifies if the filter is enabled with metadata matcher. + // If this field is not specified, the filter will be enabled for all requests. + type.matcher.v3.MetadataMatcher filter_enabled_metadata = 14; + + // Specifies whether to deny the requests, when the filter is disabled. + // If :ref:`runtime_key ` is specified, + // Envoy will lookup the runtime key to determine whether to deny request for + // filter protected path at filter disabling. If filter is disabled in + // typed_per_filter_config for the path, requests will not be denied. + // + // If this field is not specified, all requests will be allowed when disabled. + // + // If a request is denied due to this setting, the response code in :ref:`status_on_error + // ` will + // be returned. + config.core.v3.RuntimeFeatureFlag deny_at_disable = 11; + + // Specifies if the peer certificate is sent to the external service. + // + // When this field is true, Envoy will include the peer X.509 certificate, if available, in the + // :ref:`certificate`. + bool include_peer_certificate = 10; + + // Optional additional prefix to use when emitting statistics. This allows to distinguish + // emitted statistics between configured ``ext_authz`` filters in an HTTP filter chain. For example: + // + // .. code-block:: yaml + // + // http_filters: + // - name: envoy.filters.http.ext_authz + // typed_config: + // "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz + // stat_prefix: waf # This emits ext_authz.waf.ok, ext_authz.waf.denied, etc. + // - name: envoy.filters.http.ext_authz + // typed_config: + // "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz + // stat_prefix: blocker # This emits ext_authz.blocker.ok, ext_authz.blocker.denied, etc. + // + string stat_prefix = 13; + + // Optional labels that will be passed to :ref:`labels` in + // :ref:`destination`. + // The labels will be read from :ref:`metadata` with the specified key. + string bootstrap_metadata_labels_key = 15; + + // Check request to authorization server will include the client request headers that have a correspondent match + // in the :ref:`list `. If this option isn't specified, then + // all client request headers are included in the check request to a gRPC authorization server, whereas no client request headers + // (besides the ones allowed by default - see note below) are included in the check request to an HTTP authorization server. + // This inconsistency between gRPC and HTTP servers is to maintain backwards compatibility with legacy behavior. + // + // .. note:: + // + // 1. For requests to an HTTP authorization server: in addition to the user's supplied matchers, ``Host``, ``Method``, ``Path``, + // ``Content-Length``, and ``Authorization`` are **additionally included** in the list. + // + // .. note:: + // + // 2. For requests to an HTTP authorization server: value of ``Content-Length`` will be set to 0 and the request to the + // authorization server will not have a message body. However, the check request can include the buffered + // client request body (controlled by :ref:`with_request_body + // ` setting), + // consequently the value of *Content-Length* of the authorization request reflects the size of + // its payload size. + // + // .. note:: + // + // 3. This can be overridden by the field ``disallowed_headers`` below. That is, if a header + // matches for both ``allowed_headers`` and ``disallowed_headers``, the header will NOT be sent. + type.matcher.v3.ListStringMatcher allowed_headers = 17; + + // If set, specifically disallow any header in this list to be forwarded to the external + // authentication server. This overrides the above ``allowed_headers`` if a header matches both. + type.matcher.v3.ListStringMatcher disallowed_headers = 25; + + // Specifies if the TLS session level details like SNI are sent to the external service. + // + // When this field is true, Envoy will include the SNI name used for TLSClientHello, if available, in the + // :ref:`tls_session`. + bool include_tls_session = 18; + + // Whether to increment cluster statistics (e.g. cluster..upstream_rq_*) on authorization failure. + // Defaults to true. + google.protobuf.BoolValue charge_cluster_response_stats = 20; + + // Whether to encode the raw headers (i.e. unsanitized values & unconcatenated multi-line headers) + // in authentication request. Works with both HTTP and gRPC clients. + // + // When this is set to true, header values are not sanitized. Headers with the same key will also + // not be combined into a single, comma-separated header. + // Requests to gRPC services will populate the field + // :ref:`header_map`. + // Requests to HTTP services will be constructed with the unsanitized header values and preserved + // multi-line headers with the same key. + // + // If this field is set to false, header values will be sanitized, with any non-UTF-8-compliant + // bytes replaced with '!'. Headers with the same key will have their values concatenated into a + // single comma-separated header value. + // Requests to gRPC services will populate the field + // :ref:`headers`. + // Requests to HTTP services will have their header values sanitized and will not preserve + // multi-line headers with the same key. + // + // It's recommended you set this to true unless you already rely on the old behavior. False is the + // default only for backwards compatibility. + bool encode_raw_headers = 23; + + // Rules for what modifications an ext_authz server may make to the request headers before + // continuing decoding / forwarding upstream. + // + // If set to anything, enables header mutation checking against configured rules. Note that + // :ref:`HeaderMutationRules ` + // has defaults that change ext_authz behavior. Also note that if this field is set to anything, + // ext_authz can no longer append to :-prefixed headers. + // + // If empty, header mutation rule checking is completely disabled. + // + // Regardless of what is configured here, ext_authz cannot remove :-prefixed headers. + // + // This field and ``validate_mutations`` have different use cases. ``validate_mutations`` enables + // correctness checks for all header / query parameter mutations (e.g. for invalid characters). + // This field allows the filter to reject mutations to specific headers. + config.common.mutation_rules.v3.HeaderMutationRules decoder_header_mutation_rules = 26; + + // Enable / disable ingestion of dynamic metadata from ext_authz service. + // + // If false, the filter will ignore dynamic metadata injected by the ext_authz service. If the + // ext_authz service tries injecting dynamic metadata, the filter will log, increment the + // ``ignored_dynamic_metadata`` stat, then continue handling the response. + // + // If true, the filter will ingest dynamic metadata entries as normal. + // + // If unset, defaults to true. + google.protobuf.BoolValue enable_dynamic_metadata_ingestion = 27; + + // Additional metadata to be added to the filter state for logging purposes. The metadata will be + // added to StreamInfo's filter state under the namespace corresponding to the ext_authz filter + // name. + google.protobuf.Struct filter_metadata = 28; + + // When set to true, the filter will emit per-stream stats for access logging. The filter state + // key will be the same as the filter name. + // + // If using Envoy gRPC, emits latency, bytes sent / received, upstream info, and upstream cluster + // info. If not using Envoy gRPC, emits only latency. Note that stats are ONLY added to filter + // state if a check request is actually made to an ext_authz service. + // + // If this is false the filter will not emit stats, but filter_metadata will still be respected if + // it has a value. + // + // Field ``latency_us`` is exposed for CEL and logging when using gRPC or HTTP service. + // Fields ``bytesSent`` and ``bytesReceived`` are exposed for CEL and logging only when using gRPC service. + bool emit_filter_state_stats = 29; +} + +// Configuration for buffering the request data. +message BufferSettings { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ext_authz.v2.BufferSettings"; + + // Sets the maximum size of a message body that the filter will hold in memory. Envoy will return + // ``HTTP 413`` and will *not* initiate the authorization process when buffer reaches the number + // set in this field. Note that this setting will have precedence over :ref:`failure_mode_allow + // `. + uint32 max_request_bytes = 1 [(validate.rules).uint32 = {gt: 0}]; + + // When this field is true, Envoy will buffer the message until ``max_request_bytes`` is reached. + // The authorization request will be dispatched and no 413 HTTP error will be returned by the + // filter. + bool allow_partial_message = 2; + + // If true, the body sent to the external authorization service is set with raw bytes, it sets + // the :ref:`raw_body` + // field of HTTP request attribute context. Otherwise, :ref:`body + // ` will be filled + // with UTF-8 string request body. + // + // This field only affects configurations using a :ref:`grpc_service + // `. In configurations that use + // an :ref:`http_service `, this + // has no effect. + bool pack_as_bytes = 3; +} + +// HttpService is used for raw HTTP communication between the filter and the authorization service. +// When configured, the filter will parse the client request and use these attributes to call the +// authorization server. Depending on the response, the filter may reject or accept the client +// request. Note that in any of these events, metadata can be added, removed or overridden by the +// filter: +// +// *On authorization request*, a list of allowed request headers may be supplied. See +// :ref:`allowed_headers +// ` +// for details. Additional headers metadata may be added to the authorization request. See +// :ref:`headers_to_add +// ` for +// details. +// +// On authorization response status HTTP 200 OK, the filter will allow traffic to the upstream and +// additional headers metadata may be added to the original client request. See +// :ref:`allowed_upstream_headers +// ` +// for details. Additionally, the filter may add additional headers to the client's response. See +// :ref:`allowed_client_headers_on_success +// ` +// for details. +// +// On other authorization response statuses, the filter will not allow traffic. Additional headers +// metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers +// ` +// for details. +// [#next-free-field: 9] +message HttpService { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ext_authz.v2.HttpService"; + + reserved 3, 4, 5, 6; + + // Sets the HTTP server URI which the authorization requests must be sent to. + config.core.v3.HttpUri server_uri = 1; + + // Sets a prefix to the value of authorization request header ``Path``. + string path_prefix = 2; + + // Settings used for controlling authorization request metadata. + AuthorizationRequest authorization_request = 7; + + // Settings used for controlling authorization response metadata. + AuthorizationResponse authorization_response = 8; +} + +message AuthorizationRequest { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ext_authz.v2.AuthorizationRequest"; + + // Authorization request includes the client request headers that have a correspondent match + // in the :ref:`list `. + // This field has been deprecated in favor of :ref:`allowed_headers + // `. + // + // .. note:: + // + // In addition to the user's supplied matchers, ``Host``, ``Method``, ``Path``, + // ``Content-Length``, and ``Authorization`` are **automatically included** in the list. + // + // .. note:: + // + // By default, ``Content-Length`` header is set to ``0`` and the request to the authorization + // service has no message body. However, the authorization request *may* include the buffered + // client request body (controlled by :ref:`with_request_body + // ` + // setting) hence the value of its ``Content-Length`` reflects the size of its payload size. + // + type.matcher.v3.ListStringMatcher allowed_headers = 1 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Sets a list of headers that will be included to the request to authorization service. Note that + // client request of the same key will be overridden. + repeated config.core.v3.HeaderValue headers_to_add = 2; +} + +// [#next-free-field: 6] +message AuthorizationResponse { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ext_authz.v2.AuthorizationResponse"; + + // When this :ref:`list ` is set, authorization + // response headers that have a correspondent match will be added to the original client request. + // Note that coexistent headers will be overridden. + type.matcher.v3.ListStringMatcher allowed_upstream_headers = 1; + + // When this :ref:`list ` is set, authorization + // response headers that have a correspondent match will be added to the original client request. + // Note that coexistent headers will be appended. + type.matcher.v3.ListStringMatcher allowed_upstream_headers_to_append = 3; + + // When this :ref:`list ` is set, authorization + // response headers that have a correspondent match will be added to the client's response. Note + // that when this list is *not* set, all the authorization response headers, except ``Authority + // (Host)`` will be in the response to the client. When a header is included in this list, ``Path``, + // ``Status``, ``Content-Length``, ``WWWAuthenticate`` and ``Location`` are automatically added. + type.matcher.v3.ListStringMatcher allowed_client_headers = 2; + + // When this :ref:`list ` is set, authorization + // response headers that have a correspondent match will be added to the client's response when + // the authorization response itself is successful, i.e. not failed or denied. When this list is + // *not* set, no additional headers will be added to the client's response on success. + type.matcher.v3.ListStringMatcher allowed_client_headers_on_success = 4; + + // When this :ref:`list ` is set, authorization + // response headers that have a correspondent match will be emitted as dynamic metadata to be consumed + // by the next filter. This metadata lives in a namespace specified by the canonical name of extension filter + // that requires it: + // + // - :ref:`envoy.filters.http.ext_authz ` for HTTP filter. + // - :ref:`envoy.filters.network.ext_authz ` for network filter. + type.matcher.v3.ListStringMatcher dynamic_metadata_from_headers = 5; +} + +// Extra settings on a per virtualhost/route/weighted-cluster level. +message ExtAuthzPerRoute { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ext_authz.v2.ExtAuthzPerRoute"; + + oneof override { + option (validate.required) = true; + + // Disable the ext auth filter for this particular vhost or route. + // If disabled is specified in multiple per-filter-configs, the most specific one will be used. + bool disabled = 1 [(validate.rules).bool = {const: true}]; + + // Check request settings for this route. + CheckSettings check_settings = 2 [(validate.rules).message = {required: true}]; + } +} + +// Extra settings for the check request. +message CheckSettings { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ext_authz.v2.CheckSettings"; + + // Context extensions to set on the CheckRequest's + // :ref:`AttributeContext.context_extensions` + // + // You can use this to provide extra context for the external authorization server on specific + // virtual hosts/routes. For example, adding a context extension on the virtual host level can + // give the ext-authz server information on what virtual host is used without needing to parse the + // host header. If CheckSettings is specified in multiple per-filter-configs, they will be merged + // in order, and the result will be used. + // + // Merge semantics for this field are such that keys from more specific configs override. + // + // .. note:: + // + // These settings are only applied to a filter configured with a + // :ref:`grpc_service`. + map context_extensions = 1 [(udpa.annotations.sensitive) = true]; + + // When set to true, disable the configured :ref:`with_request_body + // ` for a specific route. + // + // Please note that only one of *disable_request_body_buffering* or + // :ref:`with_request_body ` + // may be specified. + bool disable_request_body_buffering = 2; + + // Enable or override request body buffering, which is configured using the + // :ref:`with_request_body ` + // option for a specific route. + // + // Please note that only one of ``with_request_body`` or + // :ref:`disable_request_body_buffering ` + // may be specified. + BufferSettings with_request_body = 3; +} diff --git a/modules/sync/envoyproxy/envoy/cas/d0205fe3c89d1f582db76034f79b0ffc035a8bd2c0d6c1b2fa0a080c9836e3fc69ec5c01d2ff82fdb53d52c27ff9e55f424535eb83b118a5bfc4b96654d41f17 b/modules/sync/envoyproxy/envoy/cas/d0205fe3c89d1f582db76034f79b0ffc035a8bd2c0d6c1b2fa0a080c9836e3fc69ec5c01d2ff82fdb53d52c27ff9e55f424535eb83b118a5bfc4b96654d41f17 new file mode 100644 index 00000000..296c6bdf --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/d0205fe3c89d1f582db76034f79b0ffc035a8bd2c0d6c1b2fa0a080c9836e3fc69ec5c01d2ff82fdb53d52c27ff9e55f424535eb83b118a5bfc4b96654d41f17 @@ -0,0 +1,16 @@ +syntax = "proto3"; + +package envoy.config.trace.v3; + +import public "envoy/config/trace/v3/datadog.proto"; +import public "envoy/config/trace/v3/dynamic_ot.proto"; +import public "envoy/config/trace/v3/http_tracer.proto"; +import public "envoy/config/trace/v3/lightstep.proto"; +import public "envoy/config/trace/v3/opentelemetry.proto"; +import public "envoy/config/trace/v3/service.proto"; +import public "envoy/config/trace/v3/zipkin.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v3"; +option java_outer_classname = "TraceProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3;tracev3"; diff --git a/modules/sync/envoyproxy/envoy/cas/d202ec6e99b45a8e9a5671718b070c368e6a5067194ab1c73da32705d28d45802db75994b6e5fb938b9bf4bd2eff59d52dddc8797e085ee99ca6a8d6db475de8 b/modules/sync/envoyproxy/envoy/cas/d202ec6e99b45a8e9a5671718b070c368e6a5067194ab1c73da32705d28d45802db75994b6e5fb938b9bf4bd2eff59d52dddc8797e085ee99ca6a8d6db475de8 new file mode 100644 index 00000000..40d697be --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/d202ec6e99b45a8e9a5671718b070c368e6a5067194ab1c73da32705d28d45802db75994b6e5fb938b9bf4bd2eff59d52dddc8797e085ee99ca6a8d6db475de8 @@ -0,0 +1,199 @@ +syntax = "proto3"; + +package envoy.type.v3; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.type.v3"; +option java_outer_classname = "HttpStatusProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/type/v3;typev3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: HTTP status codes] + +// HTTP response codes supported in Envoy. +// For more details: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml +enum StatusCode { + // Empty - This code not part of the HTTP status code specification, but it is needed for proto + // `enum` type. + Empty = 0; + + // Continue - ``100`` status code. + Continue = 100; + + // OK - ``200`` status code. + OK = 200; + + // Created - ``201`` status code. + Created = 201; + + // Accepted - ``202`` status code. + Accepted = 202; + + // NonAuthoritativeInformation - ``203`` status code. + NonAuthoritativeInformation = 203; + + // NoContent - ``204`` status code. + NoContent = 204; + + // ResetContent - ``205`` status code. + ResetContent = 205; + + // PartialContent - ``206`` status code. + PartialContent = 206; + + // MultiStatus - ``207`` status code. + MultiStatus = 207; + + // AlreadyReported - ``208`` status code. + AlreadyReported = 208; + + // IMUsed - ``226`` status code. + IMUsed = 226; + + // MultipleChoices - ``300`` status code. + MultipleChoices = 300; + + // MovedPermanently - ``301`` status code. + MovedPermanently = 301; + + // Found - ``302`` status code. + Found = 302; + + // SeeOther - ``303`` status code. + SeeOther = 303; + + // NotModified - ``304`` status code. + NotModified = 304; + + // UseProxy - ``305`` status code. + UseProxy = 305; + + // TemporaryRedirect - ``307`` status code. + TemporaryRedirect = 307; + + // PermanentRedirect - ``308`` status code. + PermanentRedirect = 308; + + // BadRequest - ``400`` status code. + BadRequest = 400; + + // Unauthorized - ``401`` status code. + Unauthorized = 401; + + // PaymentRequired - ``402`` status code. + PaymentRequired = 402; + + // Forbidden - ``403`` status code. + Forbidden = 403; + + // NotFound - ``404`` status code. + NotFound = 404; + + // MethodNotAllowed - ``405`` status code. + MethodNotAllowed = 405; + + // NotAcceptable - ``406`` status code. + NotAcceptable = 406; + + // ProxyAuthenticationRequired - ``407`` status code. + ProxyAuthenticationRequired = 407; + + // RequestTimeout - ``408`` status code. + RequestTimeout = 408; + + // Conflict - ``409`` status code. + Conflict = 409; + + // Gone - ``410`` status code. + Gone = 410; + + // LengthRequired - ``411`` status code. + LengthRequired = 411; + + // PreconditionFailed - ``412`` status code. + PreconditionFailed = 412; + + // PayloadTooLarge - ``413`` status code. + PayloadTooLarge = 413; + + // URITooLong - ``414`` status code. + URITooLong = 414; + + // UnsupportedMediaType - ``415`` status code. + UnsupportedMediaType = 415; + + // RangeNotSatisfiable - ``416`` status code. + RangeNotSatisfiable = 416; + + // ExpectationFailed - ``417`` status code. + ExpectationFailed = 417; + + // MisdirectedRequest - ``421`` status code. + MisdirectedRequest = 421; + + // UnprocessableEntity - ``422`` status code. + UnprocessableEntity = 422; + + // Locked - ``423`` status code. + Locked = 423; + + // FailedDependency - ``424`` status code. + FailedDependency = 424; + + // UpgradeRequired - ``426`` status code. + UpgradeRequired = 426; + + // PreconditionRequired - ``428`` status code. + PreconditionRequired = 428; + + // TooManyRequests - ``429`` status code. + TooManyRequests = 429; + + // RequestHeaderFieldsTooLarge - ``431`` status code. + RequestHeaderFieldsTooLarge = 431; + + // InternalServerError - ``500`` status code. + InternalServerError = 500; + + // NotImplemented - ``501`` status code. + NotImplemented = 501; + + // BadGateway - ``502`` status code. + BadGateway = 502; + + // ServiceUnavailable - ``503`` status code. + ServiceUnavailable = 503; + + // GatewayTimeout - ``504`` status code. + GatewayTimeout = 504; + + // HTTPVersionNotSupported - ``505`` status code. + HTTPVersionNotSupported = 505; + + // VariantAlsoNegotiates - ``506`` status code. + VariantAlsoNegotiates = 506; + + // InsufficientStorage - ``507`` status code. + InsufficientStorage = 507; + + // LoopDetected - ``508`` status code. + LoopDetected = 508; + + // NotExtended - ``510`` status code. + NotExtended = 510; + + // NetworkAuthenticationRequired - ``511`` status code. + NetworkAuthenticationRequired = 511; +} + +// HTTP status. +message HttpStatus { + option (udpa.annotations.versioning).previous_message_type = "envoy.type.HttpStatus"; + + // Supplies HTTP response code. + StatusCode code = 1 [(validate.rules).enum = {defined_only: true not_in: 0}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/d2a94d5b779e9b75c6304545c0f1b7fbd6880270024fddd44bb7490334749e60d7d97fda0288bd27f0ea52658299d2e503c1ac580f161d867231052bba4d9744 b/modules/sync/envoyproxy/envoy/cas/d2a94d5b779e9b75c6304545c0f1b7fbd6880270024fddd44bb7490334749e60d7d97fda0288bd27f0ea52658299d2e503c1ac580f161d867231052bba4d9744 new file mode 100644 index 00000000..6225ae00 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/d2a94d5b779e9b75c6304545c0f1b7fbd6880270024fddd44bb7490334749e60d7d97fda0288bd27f0ea52658299d2e503c1ac580f161d867231052bba4d9744 @@ -0,0 +1,2563 @@ +syntax = "proto3"; + +package envoy.config.route.v3; + +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; +import "envoy/config/core/v3/proxy_protocol.proto"; +import "envoy/type/matcher/v3/metadata.proto"; +import "envoy/type/matcher/v3/regex.proto"; +import "envoy/type/matcher/v3/string.proto"; +import "envoy/type/metadata/v3/metadata.proto"; +import "envoy/type/tracing/v3/custom_tag.proto"; +import "envoy/type/v3/percent.proto"; +import "envoy/type/v3/range.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "xds/type/matcher/v3/matcher.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.route.v3"; +option java_outer_classname = "RouteComponentsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/route/v3;routev3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: HTTP route components] +// * Routing :ref:`architecture overview ` +// * HTTP :ref:`router filter ` + +// The top level element in the routing configuration is a virtual host. Each virtual host has +// a logical name as well as a set of domains that get routed to it based on the incoming request's +// host header. This allows a single listener to service multiple top level domain path trees. Once +// a virtual host is selected based on the domain, the routes are processed in order to see which +// upstream cluster to route to or whether to perform a redirect. +// [#next-free-field: 25] +message VirtualHost { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.VirtualHost"; + + enum TlsRequirementType { + // No TLS requirement for the virtual host. + NONE = 0; + + // External requests must use TLS. If a request is external and it is not + // using TLS, a 301 redirect will be sent telling the client to use HTTPS. + EXTERNAL_ONLY = 1; + + // All requests must use TLS. If a request is not using TLS, a 301 redirect + // will be sent telling the client to use HTTPS. + ALL = 2; + } + + reserved 9, 12; + + reserved "per_filter_config"; + + // The logical name of the virtual host. This is used when emitting certain + // statistics but is not relevant for routing. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // A list of domains (host/authority header) that will be matched to this + // virtual host. Wildcard hosts are supported in the suffix or prefix form. + // + // Domain search order: + // 1. Exact domain names: ``www.foo.com``. + // 2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``. + // 3. Prefix domain wildcards: ``foo.*`` or ``foo-*``. + // 4. Special wildcard ``*`` matching any domain. + // + // .. note:: + // + // The wildcard will not match the empty string. + // e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``. + // The longest wildcards match first. + // Only a single virtual host in the entire route configuration can match on ``*``. A domain + // must be unique across all virtual hosts or the config will fail to load. + // + // Domains cannot contain control characters. This is validated by the well_known_regex HTTP_HEADER_VALUE. + repeated string domains = 2 [(validate.rules).repeated = { + min_items: 1 + items {string {well_known_regex: HTTP_HEADER_VALUE strict: false}} + }]; + + // The list of routes that will be matched, in order, for incoming requests. + // The first route that matches will be used. + // Only one of this and ``matcher`` can be specified. + repeated Route routes = 3 [(udpa.annotations.field_migrate).oneof_promotion = "route_selection"]; + + // The match tree to use when resolving route actions for incoming requests. Only one of this and ``routes`` + // can be specified. + xds.type.matcher.v3.Matcher matcher = 21 + [(udpa.annotations.field_migrate).oneof_promotion = "route_selection"]; + + // Specifies the type of TLS enforcement the virtual host expects. If this option is not + // specified, there is no TLS requirement for the virtual host. + TlsRequirementType require_tls = 4 [(validate.rules).enum = {defined_only: true}]; + + // A list of virtual clusters defined for this virtual host. Virtual clusters + // are used for additional statistics gathering. + repeated VirtualCluster virtual_clusters = 5; + + // Specifies a set of rate limit configurations that will be applied to the + // virtual host. + repeated RateLimit rate_limits = 6; + + // Specifies a list of HTTP headers that should be added to each request + // handled by this virtual host. Headers specified at this level are applied + // after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the + // enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v3.HeaderValueOption request_headers_to_add = 7 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // handled by this virtual host. + repeated string request_headers_to_remove = 13 [(validate.rules).repeated = { + items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; + + // Specifies a list of HTTP headers that should be added to each response + // handled by this virtual host. Headers specified at this level are applied + // after headers from enclosed :ref:`envoy_v3_api_msg_config.route.v3.Route` and before headers from the + // enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v3.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // handled by this virtual host. + repeated string response_headers_to_remove = 11 [(validate.rules).repeated = { + items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; + + // Indicates that the virtual host has a CORS policy. This field is ignored if related cors policy is + // found in the + // :ref:`VirtualHost.typed_per_filter_config`. + // + // .. attention:: + // + // This option has been deprecated. Please use + // :ref:`VirtualHost.typed_per_filter_config` + // to configure the CORS HTTP filter. + CorsPolicy cors = 8 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // This field can be used to provide virtual host level per filter config. The key should match the + // :ref:`filter config name + // `. + // See :ref:`Http filter route specific config ` + // for details. + // [#comment: An entry's value may be wrapped in a + // :ref:`FilterConfig` + // message to specify additional options.] + map typed_per_filter_config = 15; + + // Decides whether the :ref:`x-envoy-attempt-count + // ` header should be included + // in the upstream request. Setting this option will cause it to override any existing header + // value, so in the case of two Envoys on the request path with this option enabled, the upstream + // will see the attempt count as perceived by the second Envoy. Defaults to false. + // This header is unaffected by the + // :ref:`suppress_envoy_headers + // ` flag. + // + // [#next-major-version: rename to include_attempt_count_in_request.] + bool include_request_attempt_count = 14; + + // Decides whether the :ref:`x-envoy-attempt-count + // ` header should be included + // in the downstream response. Setting this option will cause the router to override any existing header + // value, so in the case of two Envoys on the request path with this option enabled, the downstream + // will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false. + // This header is unaffected by the + // :ref:`suppress_envoy_headers + // ` flag. + bool include_attempt_count_in_response = 19; + + // Indicates the retry policy for all routes in this virtual host. Note that setting a + // route level entry will take precedence over this config and it'll be treated + // independently (e.g.: values are not inherited). + RetryPolicy retry_policy = 16; + + // [#not-implemented-hide:] + // Specifies the configuration for retry policy extension. Note that setting a route level entry + // will take precedence over this config and it'll be treated independently (e.g.: values are not + // inherited). :ref:`Retry policy ` should not be + // set if this field is used. + google.protobuf.Any retry_policy_typed_config = 20; + + // Indicates the hedge policy for all routes in this virtual host. Note that setting a + // route level entry will take precedence over this config and it'll be treated + // independently (e.g.: values are not inherited). + HedgePolicy hedge_policy = 17; + + // Decides whether to include the :ref:`x-envoy-is-timeout-retry ` + // request header in retries initiated by per try timeouts. + bool include_is_timeout_retry_header = 23; + + // The maximum bytes which will be buffered for retries and shadowing. + // If set and a route-specific limit is not set, the bytes actually buffered will be the minimum + // value of this and the listener per_connection_buffer_limit_bytes. + google.protobuf.UInt32Value per_request_buffer_limit_bytes = 18; + + // Specify a set of default request mirroring policies for every route under this virtual host. + // It takes precedence over the route config mirror policy entirely. + // That is, policies are not merged, the most specific non-empty one becomes the mirror policies. + repeated RouteAction.RequestMirrorPolicy request_mirror_policies = 22; + + // The metadata field can be used to provide additional information + // about the virtual host. It can be used for configuration, stats, and logging. + // The metadata should go under the filter namespace that will need it. + // For instance, if the metadata is intended for the Router filter, + // the filter name should be specified as ``envoy.filters.http.router``. + core.v3.Metadata metadata = 24; +} + +// A filter-defined action type. +message FilterAction { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.FilterAction"; + + google.protobuf.Any action = 1; +} + +// This can be used in route matcher :ref:`VirtualHost.matcher `. +// When the matcher matches, routes will be matched and run. +message RouteList { + // The list of routes that will be matched and run, in order. The first route that matches will be used. + repeated Route routes = 1; +} + +// A route is both a specification of how to match a request as well as an indication of what to do +// next (e.g., redirect, forward, rewrite, etc.). +// +// .. attention:: +// +// Envoy supports routing on HTTP method via :ref:`header matching +// `. +// [#next-free-field: 20] +message Route { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Route"; + + reserved 6, 8; + + reserved "per_filter_config"; + + // Name for the route. + string name = 14; + + // Route matching parameters. + RouteMatch match = 1 [(validate.rules).message = {required: true}]; + + oneof action { + option (validate.required) = true; + + // Route request to some upstream cluster. + RouteAction route = 2; + + // Return a redirect. + RedirectAction redirect = 3; + + // Return an arbitrary HTTP response directly, without proxying. + DirectResponseAction direct_response = 7; + + // [#not-implemented-hide:] + // A filter-defined action (e.g., it could dynamically generate the RouteAction). + // [#comment: TODO(samflattery): Remove cleanup in route_fuzz_test.cc when + // implemented] + FilterAction filter_action = 17; + + // [#not-implemented-hide:] + // An action used when the route will generate a response directly, + // without forwarding to an upstream host. This will be used in non-proxy + // xDS clients like the gRPC server. It could also be used in the future + // in Envoy for a filter that directly generates responses for requests. + NonForwardingAction non_forwarding_action = 18; + } + + // The Metadata field can be used to provide additional information + // about the route. It can be used for configuration, stats, and logging. + // The metadata should go under the filter namespace that will need it. + // For instance, if the metadata is intended for the Router filter, + // the filter name should be specified as ``envoy.filters.http.router``. + core.v3.Metadata metadata = 4; + + // Decorator for the matched route. + Decorator decorator = 5; + + // This field can be used to provide route specific per filter config. The key should match the + // :ref:`filter config name + // `. + // See :ref:`Http filter route specific config ` + // for details. + // [#comment: An entry's value may be wrapped in a + // :ref:`FilterConfig` + // message to specify additional options.] + map typed_per_filter_config = 13; + + // Specifies a set of headers that will be added to requests matching this + // route. Headers specified at this level are applied before headers from the + // enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v3.HeaderValueOption request_headers_to_add = 9 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request + // matching this route. + repeated string request_headers_to_remove = 12 [(validate.rules).repeated = { + items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; + + // Specifies a set of headers that will be added to responses to requests + // matching this route. Headers specified at this level are applied before + // headers from the enclosing :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost` and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on + // :ref:`custom request headers `. + repeated core.v3.HeaderValueOption response_headers_to_add = 10 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each response + // to requests matching this route. + repeated string response_headers_to_remove = 11 [(validate.rules).repeated = { + items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; + + // Presence of the object defines whether the connection manager's tracing configuration + // is overridden by this route specific instance. + Tracing tracing = 15; + + // The maximum bytes which will be buffered for retries and shadowing. + // If set, the bytes actually buffered will be the minimum value of this and the + // listener per_connection_buffer_limit_bytes. + google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16; + + // The human readable prefix to use when emitting statistics for this endpoint. + // The statistics are rooted at vhost..route.. + // This should be set for highly critical + // endpoints that one wishes to get “per-route” statistics on. + // If not set, endpoint statistics are not generated. + // + // The emitted statistics are the same as those documented for :ref:`virtual clusters `. + // + // .. warning:: + // + // We do not recommend setting up a stat prefix for + // every application endpoint. This is both not easily maintainable and + // statistics use a non-trivial amount of memory(approximately 1KiB per route). + string stat_prefix = 19; +} + +// Compared to the :ref:`cluster ` field that specifies a +// single upstream cluster as the target of a request, the :ref:`weighted_clusters +// ` option allows for specification of +// multiple upstream clusters along with weights that indicate the percentage of +// traffic to be forwarded to each cluster. The router selects an upstream cluster based on the +// weights. +message WeightedCluster { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.WeightedCluster"; + + // [#next-free-field: 13] + message ClusterWeight { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.WeightedCluster.ClusterWeight"; + + reserved 7, 8; + + reserved "per_filter_config"; + + // Only one of ``name`` and ``cluster_header`` may be specified. + // [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1}] + // Name of the upstream cluster. The cluster must exist in the + // :ref:`cluster manager configuration `. + string name = 1 [(udpa.annotations.field_migrate).oneof_promotion = "cluster_specifier"]; + + // Only one of ``name`` and ``cluster_header`` may be specified. + // [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1 }] + // Envoy will determine the cluster to route to by reading the value of the + // HTTP header named by cluster_header from the request headers. If the + // header is not found or the referenced cluster does not exist, Envoy will + // return a 404 response. + // + // .. attention:: + // + // Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 + // ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + string cluster_header = 12 [ + (validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}, + (udpa.annotations.field_migrate).oneof_promotion = "cluster_specifier" + ]; + + // The weight of the cluster. This value is relative to the other clusters' + // weights. When a request matches the route, the choice of an upstream cluster + // is determined by its weight. The sum of weights across all + // entries in the clusters array must be greater than 0, and must not exceed + // uint32_t maximal value (4294967295). + google.protobuf.UInt32Value weight = 2; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in + // the upstream cluster with metadata matching what is set in this field will be considered for + // load balancing. Note that this will be merged with what's provided in + // :ref:`RouteAction.metadata_match `, with + // values here taking precedence. The filter name should be specified as ``envoy.lb``. + core.v3.Metadata metadata_match = 3; + + // Specifies a list of headers to be added to requests when this cluster is selected + // through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. + // Headers specified at this level are applied before headers from the enclosing + // :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v3.HeaderValueOption request_headers_to_add = 4 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of HTTP headers that should be removed from each request when + // this cluster is selected through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. + repeated string request_headers_to_remove = 9 [(validate.rules).repeated = { + items {string {well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; + + // Specifies a list of headers to be added to responses when this cluster is selected + // through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. + // Headers specified at this level are applied before headers from the enclosing + // :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`, and + // :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. + repeated core.v3.HeaderValueOption response_headers_to_add = 5 + [(validate.rules).repeated = {max_items: 1000}]; + + // Specifies a list of headers to be removed from responses when this cluster is selected + // through the enclosing :ref:`envoy_v3_api_msg_config.route.v3.RouteAction`. + repeated string response_headers_to_remove = 6 [(validate.rules).repeated = { + items {string {well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; + + // This field can be used to provide weighted cluster specific per filter config. The key should match the + // :ref:`filter config name + // `. + // See :ref:`Http filter route specific config ` + // for details. + // [#comment: An entry's value may be wrapped in a + // :ref:`FilterConfig` + // message to specify additional options.] + map typed_per_filter_config = 10; + + oneof host_rewrite_specifier { + // Indicates that during forwarding, the host header will be swapped with + // this value. + string host_rewrite_literal = 11 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + } + } + + // Specifies one or more upstream clusters associated with the route. + repeated ClusterWeight clusters = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Specifies the total weight across all clusters. The sum of all cluster weights must equal this + // value, if this is greater than 0. + // This field is now deprecated, and the client will use the sum of all + // cluster weights. It is up to the management server to supply the correct weights. + google.protobuf.UInt32Value total_weight = 3 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Specifies the runtime key prefix that should be used to construct the + // runtime keys associated with each cluster. When the ``runtime_key_prefix`` is + // specified, the router will look for weights associated with each upstream + // cluster under the key ``runtime_key_prefix`` + ``.`` + ``cluster[i].name`` where + // ``cluster[i]`` denotes an entry in the clusters array field. If the runtime + // key for the cluster does not exist, the value specified in the + // configuration file will be used as the default weight. See the :ref:`runtime documentation + // ` for how key names map to the underlying implementation. + string runtime_key_prefix = 2; + + oneof random_value_specifier { + // Specifies the header name that is used to look up the random value passed in the request header. + // This is used to ensure consistent cluster picking across multiple proxy levels for weighted traffic. + // If header is not present or invalid, Envoy will fall back to use the internally generated random value. + // This header is expected to be single-valued header as we only want to have one selected value throughout + // the process for the consistency. And the value is a unsigned number between 0 and UINT64_MAX. + string header_name = 4 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; + } +} + +// Configuration for a cluster specifier plugin. +message ClusterSpecifierPlugin { + // The name of the plugin and its opaque configuration. + core.v3.TypedExtensionConfig extension = 1 [(validate.rules).message = {required: true}]; + + // If is_optional is not set or is set to false and the plugin defined by this message is not a + // supported type, the containing resource is NACKed. If is_optional is set to true, the resource + // would not be NACKed for this reason. In this case, routes referencing this plugin's name would + // not be treated as an illegal configuration, but would result in a failure if the route is + // selected. + bool is_optional = 2; +} + +// [#next-free-field: 16] +message RouteMatch { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteMatch"; + + message GrpcRouteMatchOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteMatch.GrpcRouteMatchOptions"; + } + + message TlsContextMatchOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteMatch.TlsContextMatchOptions"; + + // If specified, the route will match against whether or not a certificate is presented. + // If not specified, certificate presentation status (true or false) will not be considered when route matching. + google.protobuf.BoolValue presented = 1; + + // If specified, the route will match against whether or not a certificate is validated. + // If not specified, certificate validation status (true or false) will not be considered when route matching. + // + // .. warning:: + // + // Client certificate validation is not currently performed upon TLS session resumption. For + // a resumed TLS session the route will match only when ``validated`` is false, regardless of + // whether the client TLS certificate is valid. + // + // The only known workaround for this issue is to disable TLS session resumption entirely, by + // setting both :ref:`disable_stateless_session_resumption ` + // and :ref:`disable_stateful_session_resumption ` on the DownstreamTlsContext. + google.protobuf.BoolValue validated = 2; + } + + // An extensible message for matching CONNECT or CONNECT-UDP requests. + message ConnectMatcher { + } + + reserved 5, 3; + + reserved "regex"; + + oneof path_specifier { + option (validate.required) = true; + + // If specified, the route is a prefix rule meaning that the prefix must + // match the beginning of the ``:path`` header. + string prefix = 1; + + // If specified, the route is an exact path rule meaning that the path must + // exactly match the ``:path`` header once the query string is removed. + string path = 2; + + // If specified, the route is a regular expression rule meaning that the + // regex must match the ``:path`` header once the query string is removed. The entire path + // (without the query string) must match the regex. The rule will not match if only a + // subsequence of the ``:path`` header matches the regex. + // + // [#next-major-version: In the v3 API we should redo how path specification works such + // that we utilize StringMatcher, and additionally have consistent options around whether we + // strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive + // to deprecate the existing options. We should even consider whether we want to do away with + // path_specifier entirely and just rely on a set of header matchers which can already match + // on :path, etc. The issue with that is it is unclear how to generically deal with query string + // stripping. This needs more thought.] + type.matcher.v3.RegexMatcher safe_regex = 10 [(validate.rules).message = {required: true}]; + + // If this is used as the matcher, the matcher will only match CONNECT or CONNECT-UDP requests. + // Note that this will not match other Extended CONNECT requests (WebSocket and the like) as + // they are normalized in Envoy as HTTP/1.1 style upgrades. + // This is the only way to match CONNECT requests for HTTP/1.1. For HTTP/2 and HTTP/3, + // where Extended CONNECT requests may have a path, the path matchers will work if + // there is a path present. + // Note that CONNECT support is currently considered alpha in Envoy. + // [#comment: TODO(htuch): Replace the above comment with an alpha tag.] + ConnectMatcher connect_matcher = 12; + + // If specified, the route is a path-separated prefix rule meaning that the + // ``:path`` header (without the query string) must either exactly match the + // ``path_separated_prefix`` or have it as a prefix, followed by ``/`` + // + // For example, ``/api/dev`` would match + // ``/api/dev``, ``/api/dev/``, ``/api/dev/v1``, and ``/api/dev?param=true`` + // but would not match ``/api/developer`` + // + // Expect the value to not contain ``?`` or ``#`` and not to end in ``/`` + string path_separated_prefix = 14 [(validate.rules).string = {pattern: "^[^?#]+[^?#/]$"}]; + + // [#extension-category: envoy.path.match] + core.v3.TypedExtensionConfig path_match_policy = 15; + } + + // Indicates that prefix/path matching should be case sensitive. The default + // is true. Ignored for safe_regex matching. + google.protobuf.BoolValue case_sensitive = 4; + + // Indicates that the route should additionally match on a runtime key. Every time the route + // is considered for a match, it must also fall under the percentage of matches indicated by + // this field. For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numerator N, or if the key is not present, the default + // value, the router continues to evaluate the remaining match criteria. A runtime_fraction + // route configuration can be used to roll out route changes in a gradual manner without full + // code/config deploys. Refer to the :ref:`traffic shifting + // ` docs for additional documentation. + // + // .. note:: + // + // Parsing this field is implemented such that the runtime key's data may be represented + // as a FractionalPercent proto represented as JSON/YAML and may also be represented as an + // integer with the assumption that the value is an integral percentage out of 100. For + // instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent + // whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics. + core.v3.RuntimeFractionalPercent runtime_fraction = 9; + + // Specifies a set of headers that the route should match on. The router will + // check the request’s headers against all the specified headers in the route + // config. A match will happen if all the headers in the route are present in + // the request with the same values (or based on presence if the value field + // is not in the config). + repeated HeaderMatcher headers = 6; + + // Specifies a set of URL query parameters on which the route should + // match. The router will check the query string from the ``path`` header + // against all the specified query parameters. If the number of specified + // query parameters is nonzero, they all must match the ``path`` header's + // query string for a match to occur. In the event query parameters are + // repeated, only the first value for each key will be considered. + // + // .. note:: + // + // If query parameters are used to pass request message fields when + // `grpc_json_transcoder `_ + // is used, the transcoded message fields maybe different. The query parameters are + // url encoded, but the message fields are not. For example, if a query + // parameter is "foo%20bar", the message field will be "foo bar". + repeated QueryParameterMatcher query_parameters = 7; + + // If specified, only gRPC requests will be matched. The router will check + // that the content-type header has a application/grpc or one of the various + // application/grpc+ values. + GrpcRouteMatchOptions grpc = 8; + + // If specified, the client tls context will be matched against the defined + // match options. + // + // [#next-major-version: unify with RBAC] + TlsContextMatchOptions tls_context = 11; + + // Specifies a set of dynamic metadata matchers on which the route should match. + // The router will check the dynamic metadata against all the specified dynamic metadata matchers. + // If the number of specified dynamic metadata matchers is nonzero, they all must match the + // dynamic metadata for a match to occur. + repeated type.matcher.v3.MetadataMatcher dynamic_metadata = 13; +} + +// Cors policy configuration. +// +// .. attention:: +// +// This message has been deprecated. Please use +// :ref:`CorsPolicy in filter extension ` +// as as alternative. +// +// [#next-free-field: 14] +message CorsPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.CorsPolicy"; + + reserved 1, 8, 7; + + reserved "allow_origin", "allow_origin_regex", "enabled"; + + // Specifies string patterns that match allowed origins. An origin is allowed if any of the + // string matchers match. + repeated type.matcher.v3.StringMatcher allow_origin_string_match = 11; + + // Specifies the content for the ``access-control-allow-methods`` header. + string allow_methods = 2; + + // Specifies the content for the ``access-control-allow-headers`` header. + string allow_headers = 3; + + // Specifies the content for the ``access-control-expose-headers`` header. + string expose_headers = 4; + + // Specifies the content for the ``access-control-max-age`` header. + string max_age = 5; + + // Specifies whether the resource allows credentials. + google.protobuf.BoolValue allow_credentials = 6; + + oneof enabled_specifier { + // Specifies the % of requests for which the CORS filter is enabled. + // + // If neither ``enabled``, ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS + // filter will be enabled for 100% of the requests. + // + // If :ref:`runtime_key ` is + // specified, Envoy will lookup the runtime key to get the percentage of requests to filter. + core.v3.RuntimeFractionalPercent filter_enabled = 9; + } + + // Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not + // enforced. + // + // This field is intended to be used when ``filter_enabled`` and ``enabled`` are off. One of those + // fields have to explicitly disable the filter in order for this setting to take effect. + // + // If :ref:`runtime_key ` is specified, + // Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate + // and track the request's ``Origin`` to determine if it's valid but will not enforce any policies. + core.v3.RuntimeFractionalPercent shadow_enabled = 10; + + // Specify whether allow requests whose target server's IP address is more private than that from + // which the request initiator was fetched. + // + // More details refer to https://developer.chrome.com/blog/private-network-access-preflight. + google.protobuf.BoolValue allow_private_network_access = 12; + + // Specifies if preflight requests not matching the configured allowed origin should be forwarded + // to the upstream. Default is true. + google.protobuf.BoolValue forward_not_matching_preflights = 13; +} + +// [#next-free-field: 42] +message RouteAction { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteAction"; + + enum ClusterNotFoundResponseCode { + // HTTP status code - 503 Service Unavailable. + SERVICE_UNAVAILABLE = 0; + + // HTTP status code - 404 Not Found. + NOT_FOUND = 1; + + // HTTP status code - 500 Internal Server Error. + INTERNAL_SERVER_ERROR = 2; + } + + // Configures :ref:`internal redirect ` behavior. + // [#next-major-version: remove this definition - it's defined in the InternalRedirectPolicy message.] + enum InternalRedirectAction { + option deprecated = true; + + PASS_THROUGH_INTERNAL_REDIRECT = 0; + HANDLE_INTERNAL_REDIRECT = 1; + } + + // The router is capable of shadowing traffic from one cluster to another. The current + // implementation is "fire and forget," meaning Envoy will not wait for the shadow cluster to + // respond before returning the response from the primary cluster. All normal statistics are + // collected for the shadow cluster making this feature useful for testing. + // + // During shadowing, the host/authority header is altered such that ``-shadow`` is appended. This is + // useful for logging. For example, ``cluster1`` becomes ``cluster1-shadow``. This behavior can be + // disabled by setting ``disable_shadow_host_suffix_append`` to ``true``. + // + // .. note:: + // + // Shadowing will not be triggered if the primary cluster does not exist. + // + // .. note:: + // + // Shadowing doesn't support Http CONNECT and upgrades. + // [#next-free-field: 7] + message RequestMirrorPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.RequestMirrorPolicy"; + + reserved 2; + + reserved "runtime_key"; + + // Only one of ``cluster`` and ``cluster_header`` can be specified. + // [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1}] + // Specifies the cluster that requests will be mirrored to. The cluster must + // exist in the cluster manager configuration. + string cluster = 1 [(udpa.annotations.field_migrate).oneof_promotion = "cluster_specifier"]; + + // Only one of ``cluster`` and ``cluster_header`` can be specified. + // Envoy will determine the cluster to route to by reading the value of the + // HTTP header named by cluster_header from the request headers. Only the first value in header is used, + // and no shadow request will happen if the value is not found in headers. Envoy will not wait for + // the shadow cluster to respond before returning the response from the primary cluster. + // + // .. attention:: + // + // Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 + // ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + string cluster_header = 5 [ + (validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}, + (udpa.annotations.field_migrate).oneof_promotion = "cluster_specifier" + ]; + + // If not specified, all requests to the target cluster will be mirrored. + // + // If specified, this field takes precedence over the ``runtime_key`` field and requests must also + // fall under the percentage of matches indicated by this field. + // + // For some fraction N/D, a random number in the range [0,D) is selected. If the + // number is <= the value of the numerator N, or if the key is not present, the default + // value, the request will be mirrored. + core.v3.RuntimeFractionalPercent runtime_fraction = 3; + + // Specifies whether the trace span for the shadow request should be sampled. If this field is not explicitly set, + // the shadow request will inherit the sampling decision of its parent span. This ensures consistency with the trace + // sampling policy of the original request and prevents oversampling, especially in scenarios where runtime sampling + // is disabled. + google.protobuf.BoolValue trace_sampled = 4; + + // Disables appending the ``-shadow`` suffix to the shadowed ``Host`` header. Defaults to ``false``. + bool disable_shadow_host_suffix_append = 6; + } + + // Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer + // `. + // [#next-free-field: 7] + message HashPolicy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.HashPolicy"; + + message Header { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.HashPolicy.Header"; + + // The name of the request header that will be used to obtain the hash + // key. If the request header is not present, no hash will be produced. + string header_name = 1 + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // If specified, the request header value will be rewritten and used + // to produce the hash key. + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 2; + } + + // CookieAttribute defines an API for adding additional attributes for a HTTP cookie. + message CookieAttribute { + // The name of the cookie attribute. + string name = 1 + [(validate.rules).string = + {min_len: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // The optional value of the cookie attribute. + string value = 2 [(validate.rules).string = + {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}]; + } + + // Envoy supports two types of cookie affinity: + // + // 1. Passive. Envoy takes a cookie that's present in the cookies header and + // hashes on its value. + // + // 2. Generated. Envoy generates and sets a cookie with an expiration (TTL) + // on the first request from the client in its response to the client, + // based on the endpoint the request gets sent to. The client then + // presents this on the next and all subsequent requests. The hash of + // this is sufficient to ensure these requests get sent to the same + // endpoint. The cookie is generated by hashing the source and + // destination ports and addresses so that multiple independent HTTP2 + // streams on the same connection will independently receive the same + // cookie, even if they arrive at the Envoy simultaneously. + message Cookie { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.HashPolicy.Cookie"; + + // The name of the cookie that will be used to obtain the hash key. If the + // cookie is not present and ttl below is not set, no hash will be + // produced. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // If specified, a cookie with the TTL will be generated if the cookie is + // not present. If the TTL is present and zero, the generated cookie will + // be a session cookie. + google.protobuf.Duration ttl = 2; + + // The name of the path for the cookie. If no path is specified here, no path + // will be set for the cookie. + string path = 3; + + // Additional attributes for the cookie. They will be used when generating a new cookie. + repeated CookieAttribute attributes = 4; + } + + message ConnectionProperties { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.HashPolicy.ConnectionProperties"; + + // Hash on source IP address. + bool source_ip = 1; + } + + message QueryParameter { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.HashPolicy.QueryParameter"; + + // The name of the URL query parameter that will be used to obtain the hash + // key. If the parameter is not present, no hash will be produced. Query + // parameter names are case-sensitive. If query parameters are repeated, only + // the first value will be considered. + string name = 1 [(validate.rules).string = {min_len: 1}]; + } + + message FilterState { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.HashPolicy.FilterState"; + + // The name of the Object in the per-request filterState, which is an + // Envoy::Hashable object. If there is no data associated with the key, + // or the stored object is not Envoy::Hashable, no hash will be produced. + string key = 1 [(validate.rules).string = {min_len: 1}]; + } + + oneof policy_specifier { + option (validate.required) = true; + + // Header hash policy. + Header header = 1; + + // Cookie hash policy. + Cookie cookie = 2; + + // Connection properties hash policy. + ConnectionProperties connection_properties = 3; + + // Query parameter hash policy. + QueryParameter query_parameter = 5; + + // Filter state hash policy. + FilterState filter_state = 6; + } + + // The flag that short-circuits the hash computing. This field provides a + // 'fallback' style of configuration: "if a terminal policy doesn't work, + // fallback to rest of the policy list", it saves time when the terminal + // policy works. + // + // If true, and there is already a hash computed, ignore rest of the + // list of hash polices. + // For example, if the following hash methods are configured: + // + // ========= ======== + // specifier terminal + // ========= ======== + // Header A true + // Header B false + // Header C false + // ========= ======== + // + // The generateHash process ends if policy "header A" generates a hash, as + // it's a terminal policy. + bool terminal = 4; + } + + // Allows enabling and disabling upgrades on a per-route basis. + // This overrides any enabled/disabled upgrade filter chain specified in the + // HttpConnectionManager + // :ref:`upgrade_configs + // ` + // but does not affect any custom filter chain specified there. + message UpgradeConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RouteAction.UpgradeConfig"; + + // Configuration for sending data upstream as a raw data payload. This is used for + // CONNECT or POST requests, when forwarding request payload as raw TCP. + message ConnectConfig { + // If present, the proxy protocol header will be prepended to the CONNECT payload sent upstream. + core.v3.ProxyProtocolConfig proxy_protocol_config = 1; + + // If set, the route will also allow forwarding POST payload as raw TCP. + bool allow_post = 2; + } + + // The case-insensitive name of this upgrade, e.g. "websocket". + // For each upgrade type present in upgrade_configs, requests with + // Upgrade: [upgrade_type] will be proxied upstream. + string upgrade_type = 1 + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Determines if upgrades are available on this route. Defaults to true. + google.protobuf.BoolValue enabled = 2; + + // Configuration for sending data upstream as a raw data payload. This is used for + // CONNECT requests, when forwarding CONNECT payload as raw TCP. + // Note that CONNECT support is currently considered alpha in Envoy. + // [#comment: TODO(htuch): Replace the above comment with an alpha tag.] + ConnectConfig connect_config = 3; + } + + message MaxStreamDuration { + // Specifies the maximum duration allowed for streams on the route. If not specified, the value + // from the :ref:`max_stream_duration + // ` field in + // :ref:`HttpConnectionManager.common_http_protocol_options + // ` + // is used. If this field is set explicitly to zero, any + // HttpConnectionManager max_stream_duration timeout will be disabled for + // this route. + google.protobuf.Duration max_stream_duration = 1; + + // If present, and the request contains a `grpc-timeout header + // `_, use that value as the + // ``max_stream_duration``, but limit the applied timeout to the maximum value specified here. + // If set to 0, the ``grpc-timeout`` header is used without modification. + google.protobuf.Duration grpc_timeout_header_max = 2; + + // If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by + // subtracting the provided duration from the header. This is useful for allowing Envoy to set + // its global timeout to be less than that of the deadline imposed by the calling client, which + // makes it more likely that Envoy will handle the timeout instead of having the call canceled + // by the client. If, after applying the offset, the resulting timeout is zero or negative, + // the stream will timeout immediately. + google.protobuf.Duration grpc_timeout_header_offset = 3; + } + + reserved 12, 18, 19, 16, 22, 21, 10; + + reserved "request_mirror_policy"; + + oneof cluster_specifier { + option (validate.required) = true; + + // Indicates the upstream cluster to which the request should be routed + // to. + string cluster = 1 [(validate.rules).string = {min_len: 1}]; + + // Envoy will determine the cluster to route to by reading the value of the + // HTTP header named by cluster_header from the request headers. If the + // header is not found or the referenced cluster does not exist, Envoy will + // return a 404 response. + // + // .. attention:: + // + // Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 + // ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + string cluster_header = 2 + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Multiple upstream clusters can be specified for a given route. The + // request is routed to one of the upstream clusters based on weights + // assigned to each cluster. See + // :ref:`traffic splitting ` + // for additional documentation. + WeightedCluster weighted_clusters = 3; + + // Name of the cluster specifier plugin to use to determine the cluster for requests on this route. + // The cluster specifier plugin name must be defined in the associated + // :ref:`cluster specifier plugins ` + // in the :ref:`name ` field. + string cluster_specifier_plugin = 37; + + // Custom cluster specifier plugin configuration to use to determine the cluster for requests + // on this route. + ClusterSpecifierPlugin inline_cluster_specifier_plugin = 39; + } + + // The HTTP status code to use when configured cluster is not found. + // The default response code is 503 Service Unavailable. + ClusterNotFoundResponseCode cluster_not_found_response_code = 20 + [(validate.rules).enum = {defined_only: true}]; + + // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints + // in the upstream cluster with metadata matching what's set in this field will be considered + // for load balancing. If using :ref:`weighted_clusters + // `, metadata will be merged, with values + // provided there taking precedence. The filter name should be specified as ``envoy.lb``. + core.v3.Metadata metadata_match = 4; + + // Indicates that during forwarding, the matched prefix (or path) should be + // swapped with this value. This option allows application URLs to be rooted + // at a different path from those exposed at the reverse proxy layer. The router filter will + // place the original path before rewrite into the :ref:`x-envoy-original-path + // ` header. + // + // Only one of :ref:`regex_rewrite ` + // :ref:`path_rewrite_policy `, + // or :ref:`prefix_rewrite ` may be specified. + // + // .. attention:: + // + // Pay careful attention to the use of trailing slashes in the + // :ref:`route's match ` prefix value. + // Stripping a prefix from a path requires multiple Routes to handle all cases. For example, + // rewriting ``/prefix`` to ``/`` and ``/prefix/etc`` to ``/etc`` cannot be done in a single + // :ref:`Route `, as shown by the below config entries: + // + // .. code-block:: yaml + // + // - match: + // prefix: "/prefix/" + // route: + // prefix_rewrite: "/" + // - match: + // prefix: "/prefix" + // route: + // prefix_rewrite: "/" + // + // Having above entries in the config, requests to ``/prefix`` will be stripped to ``/``, while + // requests to ``/prefix/etc`` will be stripped to ``/etc``. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during forwarding, portions of the path that match the + // pattern should be rewritten, even allowing the substitution of capture + // groups from the pattern into the new path as specified by the rewrite + // substitution string. This is useful to allow application paths to be + // rewritten in a way that is aware of segments with variable content like + // identifiers. The router filter will place the original path as it was + // before the rewrite into the :ref:`x-envoy-original-path + // ` header. + // + // Only one of :ref:`regex_rewrite `, + // :ref:`prefix_rewrite `, or + // :ref:`path_rewrite_policy `] + // may be specified. + // + // Examples using Google's `RE2 `_ engine: + // + // * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution + // string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` + // into ``/v1/api/instance/foo``. + // + // * The pattern ``one`` paired with a substitution string of ``two`` would + // transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. + // + // * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of + // ``\1two\2`` would replace only the first occurrence of ``one``, + // transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. + // + // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` + // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to + // ``/aaa/yyy/bbb``. + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 32; + + // [#extension-category: envoy.path.rewrite] + core.v3.TypedExtensionConfig path_rewrite_policy = 41; + + oneof host_rewrite_specifier { + // Indicates that during forwarding, the host header will be swapped with + // this value. Using this option will append the + // :ref:`config_http_conn_man_headers_x-forwarded-host` header if + // :ref:`append_x_forwarded_host ` + // is set. + string host_rewrite_literal = 6 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during forwarding, the host header will be swapped with + // the hostname of the upstream host chosen by the cluster manager. This + // option is applicable only when the destination cluster for a route is of + // type ``strict_dns`` or ``logical_dns``, + // or when :ref:`hostname ` + // field is not empty. Setting this to true with other cluster types + // has no effect. Using this option will append the + // :ref:`config_http_conn_man_headers_x-forwarded-host` header if + // :ref:`append_x_forwarded_host ` + // is set. + google.protobuf.BoolValue auto_host_rewrite = 7; + + // Indicates that during forwarding, the host header will be swapped with the content of given + // downstream or :ref:`custom ` header. + // If header value is empty, host header is left intact. Using this option will append the + // :ref:`config_http_conn_man_headers_x-forwarded-host` header if + // :ref:`append_x_forwarded_host ` + // is set. + // + // .. attention:: + // + // Pay attention to the potential security implications of using this option. Provided header + // must come from trusted source. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + string host_rewrite_header = 29 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Indicates that during forwarding, the host header will be swapped with + // the result of the regex substitution executed on path value with query and fragment removed. + // This is useful for transitioning variable content between path segment and subdomain. + // Using this option will append the + // :ref:`config_http_conn_man_headers_x-forwarded-host` header if + // :ref:`append_x_forwarded_host ` + // is set. + // + // For example with the following config: + // + // .. code-block:: yaml + // + // host_rewrite_path_regex: + // pattern: + // google_re2: {} + // regex: "^/(.+)/.+$" + // substitution: \1 + // + // Would rewrite the host header to ``envoyproxy.io`` given the path ``/envoyproxy.io/some/path``. + type.matcher.v3.RegexMatchAndSubstitute host_rewrite_path_regex = 35; + } + + // If set, then a host rewrite action (one of + // :ref:`host_rewrite_literal `, + // :ref:`auto_host_rewrite `, + // :ref:`host_rewrite_header `, or + // :ref:`host_rewrite_path_regex `) + // causes the original value of the host header, if any, to be appended to the + // :ref:`config_http_conn_man_headers_x-forwarded-host` HTTP header if it is different to the last value appended. + bool append_x_forwarded_host = 38; + + // Specifies the upstream timeout for the route. If not specified, the default is 15s. This + // spans between the point at which the entire downstream request (i.e. end-of-stream) has been + // processed and when the upstream response has been completely processed. A value of 0 will + // disable the route's timeout. + // + // .. note:: + // + // This timeout includes all retries. See also + // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the + // :ref:`retry overview `. + google.protobuf.Duration timeout = 8; + + // Specifies the idle timeout for the route. If not specified, there is no per-route idle timeout, + // although the connection manager wide :ref:`stream_idle_timeout + // ` + // will still apply. A value of 0 will completely disable the route's idle timeout, even if a + // connection manager stream idle timeout is configured. + // + // The idle timeout is distinct to :ref:`timeout + // `, which provides an upper bound + // on the upstream response time; :ref:`idle_timeout + // ` instead bounds the amount + // of time the request's stream may be idle. + // + // After header decoding, the idle timeout will apply on downstream and + // upstream request events. Each time an encode/decode event for headers or + // data is processed for the stream, the timer will be reset. If the timeout + // fires, the stream is terminated with a 408 Request Timeout error code if no + // upstream response header has been received, otherwise a stream reset + // occurs. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled according to the value for + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. + google.protobuf.Duration idle_timeout = 24; + + // Specifies how to send request over TLS early data. + // If absent, allows `safe HTTP requests `_ to be sent on early data. + // [#extension-category: envoy.route.early_data_policy] + core.v3.TypedExtensionConfig early_data_policy = 40; + + // Indicates that the route has a retry policy. Note that if this is set, + // it'll take precedence over the virtual host level retry policy entirely + // (e.g.: policies are not merged, most internal one becomes the enforced policy). + RetryPolicy retry_policy = 9; + + // [#not-implemented-hide:] + // Specifies the configuration for retry policy extension. Note that if this is set, it'll take + // precedence over the virtual host level retry policy entirely (e.g.: policies are not merged, + // most internal one becomes the enforced policy). :ref:`Retry policy ` + // should not be set if this field is used. + google.protobuf.Any retry_policy_typed_config = 33; + + // Specify a set of route request mirroring policies. + // It takes precedence over the virtual host and route config mirror policy entirely. + // That is, policies are not merged, the most specific non-empty one becomes the mirror policies. + repeated RequestMirrorPolicy request_mirror_policies = 30; + + // Optionally specifies the :ref:`routing priority `. + core.v3.RoutingPriority priority = 11 [(validate.rules).enum = {defined_only: true}]; + + // Specifies a set of rate limit configurations that could be applied to the + // route. + repeated RateLimit rate_limits = 13; + + // Specifies if the rate limit filter should include the virtual host rate + // limits. By default, if the route configured rate limits, the virtual host + // :ref:`rate_limits ` are not applied to the + // request. + // + // This field is deprecated. Please use :ref:`vh_rate_limits ` + google.protobuf.BoolValue include_vh_rate_limits = 14 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Specifies a list of hash policies to use for ring hash load balancing. Each + // hash policy is evaluated individually and the combined result is used to + // route the request. The method of combination is deterministic such that + // identical lists of hash policies will produce the same hash. Since a hash + // policy examines specific parts of a request, it can fail to produce a hash + // (i.e. if the hashed header is not present). If (and only if) all configured + // hash policies fail to generate a hash, no hash will be produced for + // the route. In this case, the behavior is the same as if no hash policies + // were specified (i.e. the ring hash load balancer will choose a random + // backend). If a hash policy has the "terminal" attribute set to true, and + // there is already a hash generated, the hash is returned immediately, + // ignoring the rest of the hash policy list. + repeated HashPolicy hash_policy = 15; + + // Indicates that the route has a CORS policy. This field is ignored if related cors policy is + // found in the :ref:`Route.typed_per_filter_config` or + // :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config`. + // + // .. attention:: + // + // This option has been deprecated. Please use + // :ref:`Route.typed_per_filter_config` or + // :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config` + // to configure the CORS HTTP filter. + CorsPolicy cors = 17 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Deprecated by :ref:`grpc_timeout_header_max ` + // If present, and the request is a gRPC request, use the + // `grpc-timeout header `_, + // or its default value (infinity) instead of + // :ref:`timeout `, but limit the applied timeout + // to the maximum value specified here. If configured as 0, the maximum allowed timeout for + // gRPC requests is infinity. If not configured at all, the ``grpc-timeout`` header is not used + // and gRPC requests time out like any other requests using + // :ref:`timeout ` or its default. + // This can be used to prevent unexpected upstream request timeouts due to potentially long + // time gaps between gRPC request and response in gRPC streaming mode. + // + // .. note:: + // + // If a timeout is specified using :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, it takes + // precedence over `grpc-timeout header `_, when + // both are present. See also + // :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms`, + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms`, and the + // :ref:`retry overview `. + google.protobuf.Duration max_grpc_timeout = 23 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Deprecated by :ref:`grpc_timeout_header_offset `. + // If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by subtracting + // the provided duration from the header. This is useful in allowing Envoy to set its global + // timeout to be less than that of the deadline imposed by the calling client, which makes it more + // likely that Envoy will handle the timeout instead of having the call canceled by the client. + // The offset will only be applied if the provided grpc_timeout is greater than the offset. This + // ensures that the offset will only ever decrease the timeout and never set it to 0 (meaning + // infinity). + google.protobuf.Duration grpc_timeout_offset = 28 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + repeated UpgradeConfig upgrade_configs = 25; + + // If present, Envoy will try to follow an upstream redirect response instead of proxying the + // response back to the downstream. An upstream redirect response is defined + // by :ref:`redirect_response_codes + // `. + InternalRedirectPolicy internal_redirect_policy = 34; + + InternalRedirectAction internal_redirect_action = 26 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // An internal redirect is handled, iff the number of previous internal redirects that a + // downstream request has encountered is lower than this value, and + // :ref:`internal_redirect_action ` + // is set to :ref:`HANDLE_INTERNAL_REDIRECT + // ` + // In the case where a downstream request is bounced among multiple routes by internal redirect, + // the first route that hits this threshold, or has + // :ref:`internal_redirect_action ` + // set to + // :ref:`PASS_THROUGH_INTERNAL_REDIRECT + // ` + // will pass the redirect back to downstream. + // + // If not specified, at most one redirect will be followed. + google.protobuf.UInt32Value max_internal_redirects = 31 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Indicates that the route has a hedge policy. Note that if this is set, + // it'll take precedence over the virtual host level hedge policy entirely + // (e.g.: policies are not merged, most internal one becomes the enforced policy). + HedgePolicy hedge_policy = 27; + + // Specifies the maximum stream duration for this route. + MaxStreamDuration max_stream_duration = 36; +} + +// HTTP retry :ref:`architecture overview `. +// [#next-free-field: 14] +message RetryPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RetryPolicy"; + + enum ResetHeaderFormat { + SECONDS = 0; + UNIX_TIMESTAMP = 1; + } + + message RetryPriority { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RetryPolicy.RetryPriority"; + + reserved 2; + + reserved "config"; + + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // [#extension-category: envoy.retry_priorities] + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + message RetryHostPredicate { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RetryPolicy.RetryHostPredicate"; + + reserved 2; + + reserved "config"; + + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // [#extension-category: envoy.retry_host_predicates] + oneof config_type { + google.protobuf.Any typed_config = 3; + } + } + + message RetryBackOff { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RetryPolicy.RetryBackOff"; + + // Specifies the base interval between retries. This parameter is required and must be greater + // than zero. Values less than 1 ms are rounded up to 1 ms. + // See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion of Envoy's + // back-off algorithm. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gt {} + }]; + + // Specifies the maximum interval between retries. This parameter is optional, but must be + // greater than or equal to the ``base_interval`` if set. The default is 10 times the + // ``base_interval``. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion + // of Envoy's back-off algorithm. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}]; + } + + message ResetHeader { + // The name of the reset header. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + string name = 1 + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // The format of the reset header. + ResetHeaderFormat format = 2 [(validate.rules).enum = {defined_only: true}]; + } + + // A retry back-off strategy that applies when the upstream server rate limits + // the request. + // + // Given this configuration: + // + // .. code-block:: yaml + // + // rate_limited_retry_back_off: + // reset_headers: + // - name: Retry-After + // format: SECONDS + // - name: X-RateLimit-Reset + // format: UNIX_TIMESTAMP + // max_interval: "300s" + // + // The following algorithm will apply: + // + // 1. If the response contains the header ``Retry-After`` its value must be on + // the form ``120`` (an integer that represents the number of seconds to + // wait before retrying). If so, this value is used as the back-off interval. + // 2. Otherwise, if the response contains the header ``X-RateLimit-Reset`` its + // value must be on the form ``1595320702`` (an integer that represents the + // point in time at which to retry, as a Unix timestamp in seconds). If so, + // the current time is subtracted from this value and the result is used as + // the back-off interval. + // 3. Otherwise, Envoy will use the default + // :ref:`exponential back-off ` + // strategy. + // + // No matter which format is used, if the resulting back-off interval exceeds + // ``max_interval`` it is discarded and the next header in ``reset_headers`` + // is tried. If a request timeout is configured for the route it will further + // limit how long the request will be allowed to run. + // + // To prevent many clients retrying at the same point in time jitter is added + // to the back-off interval, so the resulting interval is decided by taking: + // ``random(interval, interval * 1.5)``. + // + // .. attention:: + // + // Configuring ``rate_limited_retry_back_off`` will not by itself cause a request + // to be retried. You will still need to configure the right retry policy to match + // the responses from the upstream server. + message RateLimitedRetryBackOff { + // Specifies the reset headers (like ``Retry-After`` or ``X-RateLimit-Reset``) + // to match against the response. Headers are tried in order, and matched case + // insensitive. The first header to be parsed successfully is used. If no headers + // match the default exponential back-off is used instead. + repeated ResetHeader reset_headers = 1 [(validate.rules).repeated = {min_items: 1}]; + + // Specifies the maximum back off interval that Envoy will allow. If a reset + // header contains an interval longer than this then it will be discarded and + // the next header will be tried. Defaults to 300 seconds. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}]; + } + + // Specifies the conditions under which retry takes place. These are the same + // conditions documented for :ref:`config_http_filters_router_x-envoy-retry-on` and + // :ref:`config_http_filters_router_x-envoy-retry-grpc-on`. + string retry_on = 1; + + // Specifies the allowed number of retries. This parameter is optional and + // defaults to 1. These are the same conditions documented for + // :ref:`config_http_filters_router_x-envoy-max-retries`. + google.protobuf.UInt32Value num_retries = 2 + [(udpa.annotations.field_migrate).rename = "max_retries"]; + + // Specifies a non-zero upstream timeout per retry attempt (including the initial attempt). This + // parameter is optional. The same conditions documented for + // :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms` apply. + // + // .. note:: + // + // If left unspecified, Envoy will use the global + // :ref:`route timeout ` for the request. + // Consequently, when using a :ref:`5xx ` based + // retry policy, a request that times out will not be retried as the total timeout budget + // would have been exhausted. + google.protobuf.Duration per_try_timeout = 3; + + // Specifies an upstream idle timeout per retry attempt (including the initial attempt). This + // parameter is optional and if absent there is no per try idle timeout. The semantics of the per + // try idle timeout are similar to the + // :ref:`route idle timeout ` and + // :ref:`stream idle timeout + // ` + // both enforced by the HTTP connection manager. The difference is that this idle timeout + // is enforced by the router for each individual attempt and thus after all previous filters have + // run, as opposed to *before* all previous filters run for the other idle timeouts. This timeout + // is useful in cases in which total request timeout is bounded by a number of retries and a + // :ref:`per_try_timeout `, but + // there is a desire to ensure each try is making incremental progress. Note also that similar + // to :ref:`per_try_timeout `, + // this idle timeout does not start until after both the entire request has been received by the + // router *and* a connection pool connection has been obtained. Unlike + // :ref:`per_try_timeout `, + // the idle timer continues once the response starts streaming back to the downstream client. + // This ensures that response data continues to make progress without using one of the HTTP + // connection manager idle timeouts. + google.protobuf.Duration per_try_idle_timeout = 13; + + // Specifies an implementation of a RetryPriority which is used to determine the + // distribution of load across priorities used for retries. Refer to + // :ref:`retry plugin configuration ` for more details. + RetryPriority retry_priority = 4; + + // Specifies a collection of RetryHostPredicates that will be consulted when selecting a host + // for retries. If any of the predicates reject the host, host selection will be reattempted. + // Refer to :ref:`retry plugin configuration ` for more + // details. + repeated RetryHostPredicate retry_host_predicate = 5; + + // Retry options predicates that will be applied prior to retrying a request. These predicates + // allow customizing request behavior between retries. + // [#comment: add [#extension-category: envoy.retry_options_predicates] when there are built-in extensions] + repeated core.v3.TypedExtensionConfig retry_options_predicates = 12; + + // The maximum number of times host selection will be reattempted before giving up, at which + // point the host that was last selected will be routed to. If unspecified, this will default to + // retrying once. + int64 host_selection_retry_max_attempts = 6; + + // HTTP status codes that should trigger a retry in addition to those specified by retry_on. + repeated uint32 retriable_status_codes = 7; + + // Specifies parameters that control exponential retry back off. This parameter is optional, in which case the + // default base interval is 25 milliseconds or, if set, the current value of the + // ``upstream.base_retry_backoff_ms`` runtime parameter. The default maximum interval is 10 times + // the base interval. The documentation for :ref:`config_http_filters_router_x-envoy-max-retries` + // describes Envoy's back-off algorithm. + RetryBackOff retry_back_off = 8; + + // Specifies parameters that control a retry back-off strategy that is used + // when the request is rate limited by the upstream server. The server may + // return a response header like ``Retry-After`` or ``X-RateLimit-Reset`` to + // provide feedback to the client on how long to wait before retrying. If + // configured, this back-off strategy will be used instead of the + // default exponential back off strategy (configured using ``retry_back_off``) + // whenever a response includes the matching headers. + RateLimitedRetryBackOff rate_limited_retry_back_off = 11; + + // HTTP response headers that trigger a retry if present in the response. A retry will be + // triggered if any of the header matches match the upstream response headers. + // The field is only consulted if 'retriable-headers' retry policy is active. + repeated HeaderMatcher retriable_headers = 9; + + // HTTP headers which must be present in the request for retries to be attempted. + repeated HeaderMatcher retriable_request_headers = 10; +} + +// HTTP request hedging :ref:`architecture overview `. +message HedgePolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.HedgePolicy"; + + // Specifies the number of initial requests that should be sent upstream. + // Must be at least 1. + // Defaults to 1. + // [#not-implemented-hide:] + google.protobuf.UInt32Value initial_requests = 1 [(validate.rules).uint32 = {gte: 1}]; + + // Specifies a probability that an additional upstream request should be sent + // on top of what is specified by initial_requests. + // Defaults to 0. + // [#not-implemented-hide:] + type.v3.FractionalPercent additional_request_chance = 2; + + // Indicates that a hedged request should be sent when the per-try timeout is hit. + // This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight. + // The first request to complete successfully will be the one returned to the caller. + // + // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client. + // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client + // if there are no more retries left. + // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. + // + // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least + // one error code and specifies a maximum number of retries. + // + // Defaults to false. + bool hedge_on_per_try_timeout = 3; +} + +// [#next-free-field: 10] +message RedirectAction { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RedirectAction"; + + enum RedirectResponseCode { + // Moved Permanently HTTP Status Code - 301. + MOVED_PERMANENTLY = 0; + + // Found HTTP Status Code - 302. + FOUND = 1; + + // See Other HTTP Status Code - 303. + SEE_OTHER = 2; + + // Temporary Redirect HTTP Status Code - 307. + TEMPORARY_REDIRECT = 3; + + // Permanent Redirect HTTP Status Code - 308. + PERMANENT_REDIRECT = 4; + } + + // When the scheme redirection take place, the following rules apply: + // 1. If the source URI scheme is ``http`` and the port is explicitly + // set to ``:80``, the port will be removed after the redirection + // 2. If the source URI scheme is ``https`` and the port is explicitly + // set to ``:443``, the port will be removed after the redirection + oneof scheme_rewrite_specifier { + // The scheme portion of the URL will be swapped with "https". + bool https_redirect = 4; + + // The scheme portion of the URL will be swapped with this value. + string scheme_redirect = 7; + } + + // The host portion of the URL will be swapped with this value. + string host_redirect = 1 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // The port value of the URL will be swapped with this value. + uint32 port_redirect = 8; + + oneof path_rewrite_specifier { + // The path portion of the URL will be swapped with this value. + // Please note that query string in path_redirect will override the + // request's query string and will not be stripped. + // + // For example, let's say we have the following routes: + // + // - match: { path: "/old-path-1" } + // redirect: { path_redirect: "/new-path-1" } + // - match: { path: "/old-path-2" } + // redirect: { path_redirect: "/new-path-2", strip-query: "true" } + // - match: { path: "/old-path-3" } + // redirect: { path_redirect: "/new-path-3?foo=1", strip_query: "true" } + // + // 1. if request uri is "/old-path-1?bar=1", users will be redirected to "/new-path-1?bar=1" + // 2. if request uri is "/old-path-2?bar=1", users will be redirected to "/new-path-2" + // 3. if request uri is "/old-path-3?bar=1", users will be redirected to "/new-path-3?foo=1" + string path_redirect = 2 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during redirection, the matched prefix (or path) + // should be swapped with this value. This option allows redirect URLs be dynamically created + // based on the request. + // + // .. attention:: + // + // Pay attention to the use of trailing slashes as mentioned in + // :ref:`RouteAction's prefix_rewrite `. + string prefix_rewrite = 5 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during redirect, portions of the path that match the + // pattern should be rewritten, even allowing the substitution of capture + // groups from the pattern into the new path as specified by the rewrite + // substitution string. This is useful to allow application paths to be + // rewritten in a way that is aware of segments with variable content like + // identifiers. + // + // Examples using Google's `RE2 `_ engine: + // + // * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution + // string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` + // into ``/v1/api/instance/foo``. + // + // * The pattern ``one`` paired with a substitution string of ``two`` would + // transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. + // + // * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of + // ``\1two\2`` would replace only the first occurrence of ``one``, + // transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. + // + // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` + // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to + // ``/aaa/yyy/bbb``. + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 9; + } + + // The HTTP status code to use in the redirect response. The default response + // code is MOVED_PERMANENTLY (301). + RedirectResponseCode response_code = 3 [(validate.rules).enum = {defined_only: true}]; + + // Indicates that during redirection, the query portion of the URL will + // be removed. Default value is false. + bool strip_query = 6; +} + +message DirectResponseAction { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.DirectResponseAction"; + + // Specifies the HTTP response status to be returned. + uint32 status = 1 [(validate.rules).uint32 = {lt: 600 gte: 200}]; + + // Specifies the content of the response body. If this setting is omitted, + // no body is included in the generated response. + // + // .. note:: + // + // Headers can be specified using ``response_headers_to_add`` in the enclosing + // :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` or + // :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`. + core.v3.DataSource body = 2; +} + +// [#not-implemented-hide:] +message NonForwardingAction { +} + +message Decorator { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Decorator"; + + // The operation name associated with the request matched to this route. If tracing is + // enabled, this information will be used as the span name reported for this request. + // + // .. note:: + // + // For ingress (inbound) requests, or egress (outbound) responses, this value may be overridden + // by the :ref:`x-envoy-decorator-operation + // ` header. + string operation = 1 [(validate.rules).string = {min_len: 1}]; + + // Whether the decorated details should be propagated to the other party. The default is true. + google.protobuf.BoolValue propagate = 2; +} + +message Tracing { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Tracing"; + + // Target percentage of requests managed by this HTTP connection manager that will be force + // traced if the :ref:`x-client-trace-id ` + // header is set. This field is a direct analog for the runtime variable + // 'tracing.client_enabled' in the :ref:`HTTP Connection Manager + // `. + // Default: 100% + type.v3.FractionalPercent client_sampling = 1; + + // Target percentage of requests managed by this HTTP connection manager that will be randomly + // selected for trace generation, if not requested by the client or not forced. This field is + // a direct analog for the runtime variable 'tracing.random_sampling' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.FractionalPercent random_sampling = 2; + + // Target percentage of requests managed by this HTTP connection manager that will be traced + // after all other sampling checks have been applied (client-directed, force tracing, random + // sampling). This field functions as an upper limit on the total configured sampling rate. For + // instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% + // of client requests with the appropriate headers to be force traced. This field is a direct + // analog for the runtime variable 'tracing.global_enabled' in the + // :ref:`HTTP Connection Manager `. + // Default: 100% + type.v3.FractionalPercent overall_sampling = 3; + + // A list of custom tags with unique tag name to create tags for the active span. + // It will take effect after merging with the :ref:`corresponding configuration + // ` + // configured in the HTTP connection manager. If two tags with the same name are configured + // each in the HTTP connection manager and the route level, the one configured here takes + // priority. + repeated type.tracing.v3.CustomTag custom_tags = 4; +} + +// A virtual cluster is a way of specifying a regex matching rule against +// certain important endpoints such that statistics are generated explicitly for +// the matched requests. The reason this is useful is that when doing +// prefix/path matching Envoy does not always know what the application +// considers to be an endpoint. Thus, it’s impossible for Envoy to generically +// emit per endpoint statistics. However, often systems have highly critical +// endpoints that they wish to get “perfect” statistics on. Virtual cluster +// statistics are perfect in the sense that they are emitted on the downstream +// side such that they include network level failures. +// +// Documentation for :ref:`virtual cluster statistics `. +// +// .. note:: +// +// Virtual clusters are a useful tool, but we do not recommend setting up a virtual cluster for +// every application endpoint. This is both not easily maintainable and as well the matching and +// statistics output are not free. +message VirtualCluster { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.VirtualCluster"; + + reserved 1, 3; + + reserved "pattern", "method"; + + // Specifies a list of header matchers to use for matching requests. Each specified header must + // match. The pseudo-headers ``:path`` and ``:method`` can be used to match the request path and + // method, respectively. + repeated HeaderMatcher headers = 4; + + // Specifies the name of the virtual cluster. The virtual cluster name as well + // as the virtual host name are used when emitting statistics. The statistics are emitted by the + // router filter and are documented :ref:`here `. + string name = 2 [(validate.rules).string = {min_len: 1}]; +} + +// Global rate limiting :ref:`architecture overview `. +// Also applies to Local rate limiting :ref:`using descriptors `. +// [#next-free-field: 7] +message RateLimit { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit"; + + // [#next-free-field: 13] + message Action { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RateLimit.Action"; + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("source_cluster", "") + // + // is derived from the :option:`--service-cluster` option. + message SourceCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RateLimit.Action.SourceCluster"; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("destination_cluster", "") + // + // Once a request matches against a route table rule, a routed cluster is determined by one of + // the following :ref:`route table configuration ` + // settings: + // + // * :ref:`cluster ` indicates the upstream cluster + // to route to. + // * :ref:`weighted_clusters ` + // chooses a cluster randomly from a set of clusters with attributed weight. + // * :ref:`cluster_header ` indicates which + // header in the request contains the target cluster. + message DestinationCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RateLimit.Action.DestinationCluster"; + } + + // The following descriptor entry is appended when a header contains a key that matches the + // ``header_name``: + // + // .. code-block:: cpp + // + // ("", "") + message RequestHeaders { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RateLimit.Action.RequestHeaders"; + + // The header name to be queried from the request headers. The header’s + // value is used to populate the value of the descriptor entry for the + // descriptor_key. + string header_name = 1 + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // The key to use in the descriptor entry. + string descriptor_key = 2 [(validate.rules).string = {min_len: 1}]; + + // Controls the behavior when the specified header is not present in the request. + // + // If set to ``false`` (default): + // + // * Envoy does **NOT** call the rate limiting service for this descriptor. + // * Useful if the header is optional and you prefer to skip rate limiting when it's absent. + // + // If set to ``true``: + // + // * Envoy calls the rate limiting service but omits this descriptor if the header is missing. + // * Useful if you want Envoy to enforce rate limiting even when the header is not present. + // + bool skip_if_absent = 3; + } + + // The following descriptor entry is appended when a query parameter contains a key that matches the + // ``query_parameter_name``: + // + // .. code-block:: cpp + // + // ("", "") + message QueryParameters { + // The name of the query parameter to use for rate limiting. Value of this query parameter is used to populate + // the value of the descriptor entry for the descriptor_key. + string query_parameter_name = 1 [(validate.rules).string = {min_len: 1}]; + + // The key to use when creating the rate limit descriptor entry. his descriptor key will be used to identify the + // rate limit rule in the rate limiting service. + string descriptor_key = 2 [(validate.rules).string = {min_len: 1}]; + + // Controls the behavior when the specified query parameter is not present in the request. + // + // If set to ``false`` (default): + // + // * Envoy does **NOT** call the rate limiting service for this descriptor. + // * Useful if the query parameter is optional and you prefer to skip rate limiting when it's absent. + // + // If set to ``true``: + // + // * Envoy calls the rate limiting service but omits this descriptor if the query parameter is missing. + // * Useful if you want Envoy to enforce rate limiting even when the query parameter is not present. + // + bool skip_if_absent = 3; + } + + // The following descriptor entry is appended to the descriptor and is populated using the + // trusted address from :ref:`x-forwarded-for `: + // + // .. code-block:: cpp + // + // ("remote_address", "") + message RemoteAddress { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RateLimit.Action.RemoteAddress"; + } + + // The following descriptor entry is appended to the descriptor and is populated using the + // masked address from :ref:`x-forwarded-for `: + // + // .. code-block:: cpp + // + // ("masked_remote_address", "") + message MaskedRemoteAddress { + // Length of prefix mask len for IPv4 (e.g. 0, 32). + // Defaults to 32 when unset. + // For example, trusted address from x-forwarded-for is ``192.168.1.1``, + // the descriptor entry is ("masked_remote_address", "192.168.1.1/32"); + // if mask len is 24, the descriptor entry is ("masked_remote_address", "192.168.1.0/24"). + google.protobuf.UInt32Value v4_prefix_mask_len = 1 [(validate.rules).uint32 = {lte: 32}]; + + // Length of prefix mask len for IPv6 (e.g. 0, 128). + // Defaults to 128 when unset. + // For example, trusted address from x-forwarded-for is ``2001:abcd:ef01:2345:6789:abcd:ef01:234``, + // the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345:6789:abcd:ef01:234/128"); + // if mask len is 64, the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345::/64"). + google.protobuf.UInt32Value v6_prefix_mask_len = 2 [(validate.rules).uint32 = {lte: 128}]; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("generic_key", "") + message GenericKey { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RateLimit.Action.GenericKey"; + + // The value to use in the descriptor entry. + string descriptor_value = 1 [(validate.rules).string = {min_len: 1}]; + + // An optional key to use in the descriptor entry. If not set it defaults + // to 'generic_key' as the descriptor key. + string descriptor_key = 2; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("header_match", "") + message HeaderValueMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.RateLimit.Action.HeaderValueMatch"; + + // The key to use in the descriptor entry. Defaults to ``header_match``. + string descriptor_key = 4; + + // The value to use in the descriptor entry. + string descriptor_value = 1 [(validate.rules).string = {min_len: 1}]; + + // If set to true, the action will append a descriptor entry when the + // request matches the headers. If set to false, the action will append a + // descriptor entry when the request does not match the headers. The + // default value is true. + google.protobuf.BoolValue expect_match = 2; + + // Specifies a set of headers that the rate limit action should match + // on. The action will check the request’s headers against all the + // specified headers in the config. A match will happen if all the + // headers in the config are present in the request with the same values + // (or based on presence if the value field is not in the config). + repeated HeaderMatcher headers = 3 [(validate.rules).repeated = {min_items: 1}]; + } + + // The following descriptor entry is appended when the + // :ref:`dynamic metadata ` contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + // + // .. attention:: + // This action has been deprecated in favor of the :ref:`metadata ` action + message DynamicMetaData { + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the dynamic metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if ``metadata_key`` is empty. If not set and + // no value is present under the metadata_key then no descriptor is generated. + string default_value = 3; + } + + // The following descriptor entry is appended when the metadata contains a key value: + // + // .. code-block:: cpp + // + // ("", "") + // [#next-free-field: 6] + message MetaData { + enum Source { + // Query :ref:`dynamic metadata ` + DYNAMIC = 0; + + // Query :ref:`route entry metadata ` + ROUTE_ENTRY = 1; + } + + // The key to use in the descriptor entry. + string descriptor_key = 1 [(validate.rules).string = {min_len: 1}]; + + // Metadata struct that defines the key and path to retrieve the string value. A match will + // only happen if the value in the metadata is of type string. + type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}]; + + // An optional value to use if ``metadata_key`` is empty. If not set and + // no value is present under the metadata_key then ``skip_if_absent`` is followed to + // skip calling the rate limiting service or skip the descriptor. + string default_value = 3; + + // Source of metadata + Source source = 4 [(validate.rules).enum = {defined_only: true}]; + + // Controls the behavior when the specified ``metadata_key`` is empty and ``default_value`` is not set. + // + // If set to ``false`` (default): + // + // * Envoy does **NOT** call the rate limiting service for this descriptor. + // * Useful if the metadata is optional and you prefer to skip rate limiting when it's absent. + // + // If set to ``true``: + // + // * Envoy calls the rate limiting service but omits this descriptor if the ``metadata_key`` is empty and + // ``default_value`` is missing. + // * Useful if you want Envoy to enforce rate limiting even when the metadata is not present. + // + bool skip_if_absent = 5; + } + + // The following descriptor entry is appended to the descriptor: + // + // .. code-block:: cpp + // + // ("query_match", "") + message QueryParameterValueMatch { + // The key to use in the descriptor entry. Defaults to ``query_match``. + string descriptor_key = 4; + + // The value to use in the descriptor entry. + string descriptor_value = 1 [(validate.rules).string = {min_len: 1}]; + + // If set to true, the action will append a descriptor entry when the + // request matches the headers. If set to false, the action will append a + // descriptor entry when the request does not match the headers. The + // default value is true. + google.protobuf.BoolValue expect_match = 2; + + // Specifies a set of query parameters that the rate limit action should match + // on. The action will check the request’s query parameters against all the + // specified query parameters in the config. A match will happen if all the + // query parameters in the config are present in the request with the same values + // (or based on presence if the value field is not in the config). + repeated QueryParameterMatcher query_parameters = 3 + [(validate.rules).repeated = {min_items: 1}]; + } + + oneof action_specifier { + option (validate.required) = true; + + // Rate limit on source cluster. + SourceCluster source_cluster = 1; + + // Rate limit on destination cluster. + DestinationCluster destination_cluster = 2; + + // Rate limit on request headers. + RequestHeaders request_headers = 3; + + // Rate limit on query parameters. + QueryParameters query_parameters = 12; + + // Rate limit on remote address. + RemoteAddress remote_address = 4; + + // Rate limit on a generic key. + GenericKey generic_key = 5; + + // Rate limit on the existence of request headers. + HeaderValueMatch header_value_match = 6; + + // Rate limit on dynamic metadata. + // + // .. attention:: + // This field has been deprecated in favor of the :ref:`metadata ` field + DynamicMetaData dynamic_metadata = 7 [ + deprecated = true, + (envoy.annotations.deprecated_at_minor_version) = "3.0", + (envoy.annotations.disallowed_by_default) = true + ]; + + // Rate limit on metadata. + MetaData metadata = 8; + + // Rate limit descriptor extension. See the rate limit descriptor extensions documentation. + // + // :ref:`HTTP matching input functions ` are + // permitted as descriptor extensions. The input functions are only + // looked up if there is no rate limit descriptor extension matching + // the type URL. + // + // [#extension-category: envoy.rate_limit_descriptors] + core.v3.TypedExtensionConfig extension = 9; + + // Rate limit on masked remote address. + MaskedRemoteAddress masked_remote_address = 10; + + // Rate limit on the existence of query parameters. + QueryParameterValueMatch query_parameter_value_match = 11; + } + } + + message Override { + // Fetches the override from the dynamic metadata. + message DynamicMetadata { + // Metadata struct that defines the key and path to retrieve the struct value. + // The value must be a struct containing an integer "requests_per_unit" property + // and a "unit" property with a value parseable to :ref:`RateLimitUnit + // enum ` + type.metadata.v3.MetadataKey metadata_key = 1 [(validate.rules).message = {required: true}]; + } + + oneof override_specifier { + option (validate.required) = true; + + // Limit override from dynamic metadata. + DynamicMetadata dynamic_metadata = 1; + } + } + + message HitsAddend { + // Fixed number of hits to add to the rate limit descriptor. + // + // One of the ``number`` or ``format`` fields should be set but not both. + google.protobuf.UInt64Value number = 1 [(validate.rules).uint64 = {lte: 1000000000}]; + + // Substitution format string to extract the number of hits to add to the rate limit descriptor. + // The same :ref:`format specifier ` as used for + // :ref:`HTTP access logging ` applies here. + // + // .. note:: + // + // The format string must contains only single valid substitution field. If the format string + // not meets the requirement, the configuration will be rejected. + // + // The substitution field should generates a non-negative number or string representation of + // a non-negative number. The value of the non-negative number should be less than or equal + // to 1000000000 like the ``number`` field. If the output of the substitution field not meet + // the requirement, this will be treated as an error and the current descriptor will be ignored. + // + // For example, the ``%BYTES_RECEIVED%`` format string will be replaced with the number of bytes + // received in the request. + // + // One of the ``number`` or ``format`` fields should be set but not both. + string format = 2 [(validate.rules).string = {prefix: "%" suffix: "%" ignore_empty: true}]; + } + + // Refers to the stage set in the filter. The rate limit configuration only + // applies to filters with the same stage number. The default stage number is + // 0. + // + // .. note:: + // + // The filter supports a range of 0 - 10 inclusively for stage numbers. + // + // .. note:: + // This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. + google.protobuf.UInt32Value stage = 1 [(validate.rules).uint32 = {lte: 10}]; + + // The key to be set in runtime to disable this rate limit configuration. + // + // .. note:: + // This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. + string disable_key = 2; + + // A list of actions that are to be applied for this rate limit configuration. + // Order matters as the actions are processed sequentially and the descriptor + // is composed by appending descriptor entries in that sequence. If an action + // cannot append a descriptor entry, no descriptor is generated for the + // configuration. See :ref:`composing actions + // ` for additional documentation. + repeated Action actions = 3 [(validate.rules).repeated = {min_items: 1}]; + + // An optional limit override to be appended to the descriptor produced by this + // rate limit configuration. If the override value is invalid or cannot be resolved + // from metadata, no override is provided. See :ref:`rate limit override + // ` for more information. + // + // .. note:: + // This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. + Override limit = 4; + + // An optional hits addend to be appended to the descriptor produced by this rate limit + // configuration. + // + // .. note:: + // This is only supported if the rate limit action is configured in the ``typed_per_filter_config`` like + // :ref:`VirtualHost.typed_per_filter_config` or + // :ref:`Route.typed_per_filter_config`, etc. + HitsAddend hits_addend = 5; + + // If true, the rate limit request will be applied when the stream completes. The default value is false. + // This is useful when the rate limit budget needs to reflect the response context that is not available + // on the request path. + // + // For example, let's say the upstream service calculates the usage statistics and returns them in the response body + // and we want to utilize these numbers to apply the rate limit action for the subsequent requests. + // Combined with another filter that can set the desired addend based on the response (e.g. Lua filter), + // this can be used to subtract the usage statistics from the rate limit budget. + // + // A rate limit applied on the stream completion is "fire-and-forget" by nature, and rate limit is not enforced by this config. + // In other words, the current request won't be blocked when this is true, but the budget will be updated for the subsequent + // requests based on the action with this field set to true. Users should ensure that the rate limit is enforced by the actions + // applied on the request path, i.e. the ones with this field set to false. + // + // Currently, this is only supported by the HTTP global rate filter. + bool apply_on_stream_done = 6; +} + +// .. attention:: +// +// Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 ``Host`` +// header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead. +// +// .. attention:: +// +// To route on HTTP method, use the special HTTP/2 ``:method`` header. This works for both +// HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g., +// +// .. code-block:: json +// +// { +// "name": ":method", +// "string_match": { +// "exact": "POST" +// } +// } +// +// .. attention:: +// In the absence of any header match specifier, match will default to :ref:`present_match +// `. i.e, a request that has the :ref:`name +// ` header will match, regardless of the header's +// value. +// +// [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.] +// [#next-free-field: 15] +message HeaderMatcher { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.HeaderMatcher"; + + reserved 2, 3, 5; + + reserved "regex_match"; + + // Specifies the name of the header in the request. + string name = 1 + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Specifies how the header match will be performed to route the request. + oneof header_match_specifier { + // If specified, header match will be performed based on the value of the header. + // This field is deprecated. Please use :ref:`string_match `. + string exact_match = 4 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // If specified, this regex string is a regular expression rule which implies the entire request + // header value must match the regex. The rule will not match if only a subsequence of the + // request header value matches the regex. + // This field is deprecated. Please use :ref:`string_match `. + type.matcher.v3.RegexMatcher safe_regex_match = 11 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // If specified, header match will be performed based on range. + // The rule will match if the request header value is within this range. + // The entire request header value must represent an integer in base 10 notation: consisting of + // an optional plus or minus sign followed by a sequence of digits. The rule will not match if + // the header value does not represent an integer. Match will fail for empty values, floating + // point numbers or if only a subsequence of the header value is an integer. + // + // Examples: + // + // * For range [-10,0), route will match for header value -1, but not for 0, ``somestring``, 10.9, + // ``-1somestring`` + type.v3.Int64Range range_match = 6; + + // If specified as true, header match will be performed based on whether the header is in the + // request. If specified as false, header match will be performed based on whether the header is absent. + bool present_match = 7; + + // If specified, header match will be performed based on the prefix of the header value. + // Note: empty prefix is not allowed, please use present_match instead. + // This field is deprecated. Please use :ref:`string_match `. + // + // Examples: + // + // * The prefix ``abcd`` matches the value ``abcdxyz``, but not for ``abcxyz``. + string prefix_match = 9 [ + deprecated = true, + (validate.rules).string = {min_len: 1}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // If specified, header match will be performed based on the suffix of the header value. + // Note: empty suffix is not allowed, please use present_match instead. + // This field is deprecated. Please use :ref:`string_match `. + // + // Examples: + // + // * The suffix ``abcd`` matches the value ``xyzabcd``, but not for ``xyzbcd``. + string suffix_match = 10 [ + deprecated = true, + (validate.rules).string = {min_len: 1}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // If specified, header match will be performed based on whether the header value contains + // the given value or not. + // Note: empty contains match is not allowed, please use present_match instead. + // This field is deprecated. Please use :ref:`string_match `. + // + // Examples: + // + // * The value ``abcd`` matches the value ``xyzabcdpqr``, but not for ``xyzbcdpqr``. + string contains_match = 12 [ + deprecated = true, + (validate.rules).string = {min_len: 1}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // If specified, header match will be performed based on the string match of the header value. + type.matcher.v3.StringMatcher string_match = 13; + } + + // If specified, the match result will be inverted before checking. Defaults to false. + // + // Examples: + // + // * The regex ``\d{3}`` does not match the value ``1234``, so it will match when inverted. + // * The range [-10,0) will match the value -1, so it will not match when inverted. + bool invert_match = 8; + + // If specified, for any header match rule, if the header match rule specified header + // does not exist, this header value will be treated as empty. Defaults to false. + // + // Examples: + // + // * The header match rule specified header "header1" to range match of [0, 10], + // :ref:`invert_match ` + // is set to true and :ref:`treat_missing_header_as_empty ` + // is set to true; The "header1" header is not present. The match rule will + // treat the "header1" as an empty header. The empty header does not match the range, + // so it will match when inverted. + // * The header match rule specified header "header2" to range match of [0, 10], + // :ref:`invert_match ` + // is set to true and :ref:`treat_missing_header_as_empty ` + // is set to false; The "header2" header is not present and the header + // matcher rule for "header2" will be ignored so it will not match. + // * The header match rule specified header "header3" to a string regex match + // ``^$`` which means an empty string, and + // :ref:`treat_missing_header_as_empty ` + // is set to true; The "header3" header is not present. + // The match rule will treat the "header3" header as an empty header so it will match. + // * The header match rule specified header "header4" to a string regex match + // ``^$`` which means an empty string, and + // :ref:`treat_missing_header_as_empty ` + // is set to false; The "header4" header is not present. + // The match rule for "header4" will be ignored so it will not match. + bool treat_missing_header_as_empty = 14; +} + +// Query parameter matching treats the query string of a request's :path header +// as an ampersand-separated list of keys and/or key=value elements. +// [#next-free-field: 7] +message QueryParameterMatcher { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.route.QueryParameterMatcher"; + + reserved 3, 4; + + reserved "value", "regex"; + + // Specifies the name of a key that must be present in the requested + // ``path``'s query string. + string name = 1 [(validate.rules).string = {min_len: 1 max_bytes: 1024}]; + + oneof query_parameter_match_specifier { + // Specifies whether a query parameter value should match against a string. + type.matcher.v3.StringMatcher string_match = 5 [(validate.rules).message = {required: true}]; + + // Specifies whether a query parameter should be present. + bool present_match = 6; + } +} + +// HTTP Internal Redirect :ref:`architecture overview `. +// [#next-free-field: 6] +message InternalRedirectPolicy { + // An internal redirect is not handled, unless the number of previous internal redirects that a + // downstream request has encountered is lower than this value. + // In the case where a downstream request is bounced among multiple routes by internal redirect, + // the first route that hits this threshold, or does not set :ref:`internal_redirect_policy + // ` + // will pass the redirect back to downstream. + // + // If not specified, at most one redirect will be followed. + google.protobuf.UInt32Value max_internal_redirects = 1; + + // Defines what upstream response codes are allowed to trigger internal redirect. If unspecified, + // only 302 will be treated as internal redirect. + // Only 301, 302, 303, 307 and 308 are valid values. Any other codes will be ignored. + repeated uint32 redirect_response_codes = 2 [(validate.rules).repeated = {max_items: 5}]; + + // Specifies a list of predicates that are queried when an upstream response is deemed + // to trigger an internal redirect by all other criteria. Any predicate in the list can reject + // the redirect, causing the response to be proxied to downstream. + // [#extension-category: envoy.internal_redirect_predicates] + repeated core.v3.TypedExtensionConfig predicates = 3; + + // Allow internal redirect to follow a target URI with a different scheme than the value of + // x-forwarded-proto. The default is false. + bool allow_cross_scheme_redirect = 4; + + // Specifies a list of headers, by name, to copy from the internal redirect into the subsequent + // request. If a header is specified here but not present in the redirect, it will be cleared in + // the subsequent request. + repeated string response_headers_to_copy = 5 [(validate.rules).repeated = { + unique: true + items {string {well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; +} + +// A simple wrapper for an HTTP filter config. This is intended to be used as a wrapper for the +// map value in +// :ref:`VirtualHost.typed_per_filter_config`, +// :ref:`Route.typed_per_filter_config`, +// or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config` +// to add additional flags to the filter. +message FilterConfig { + // The filter config. + google.protobuf.Any config = 1; + + // If true, the filter is optional, meaning that if the client does + // not support the specified filter, it may ignore the map entry rather + // than rejecting the config. + bool is_optional = 2; + + // If true, the filter is disabled in the route or virtual host and the ``config`` field is ignored. + // See :ref:`route based filter chain ` + // for more details. + // + // .. note:: + // + // This field will take effect when the request arrive and filter chain is created for the request. + // If initial route is selected for the request and a filter is disabled in the initial route, then + // the filter will not be added to the filter chain. + // And if the request is mutated later and re-match to another route, the disabled filter by the + // initial route will not be added back to the filter chain because the filter chain is already + // created and it is too late to change the chain. + // + // This field only make sense for the downstream HTTP filters for now. + bool disabled = 3; +} diff --git a/modules/sync/envoyproxy/envoy/cas/db7a4656ca79bb7a54e54e6c6d0c7fe39871f6333f32084aceb29823252bc2bca6090d1f79bebf9c0d2cc9517cb9bbf730003164fe278bdb8777765738320a14 b/modules/sync/envoyproxy/envoy/cas/db7a4656ca79bb7a54e54e6c6d0c7fe39871f6333f32084aceb29823252bc2bca6090d1f79bebf9c0d2cc9517cb9bbf730003164fe278bdb8777765738320a14 new file mode 100644 index 00000000..479da8b5 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/db7a4656ca79bb7a54e54e6c6d0c7fe39871f6333f32084aceb29823252bc2bca6090d1f79bebf9c0d2cc9517cb9bbf730003164fe278bdb8777765738320a14 @@ -0,0 +1,15 @@ +syntax = "proto3"; + +package envoy.config.trace.v2; + +import public "envoy/config/trace/v2/datadog.proto"; +import public "envoy/config/trace/v2/dynamic_ot.proto"; +import public "envoy/config/trace/v2/http_tracer.proto"; +import public "envoy/config/trace/v2/lightstep.proto"; +import public "envoy/config/trace/v2/service.proto"; +import public "envoy/config/trace/v2/zipkin.proto"; + +option java_package = "io.envoyproxy.envoy.config.trace.v2"; +option java_outer_classname = "TraceProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/trace/v2;tracev2"; diff --git a/modules/sync/envoyproxy/envoy/cas/e1d0772c1e79f87f10446e70e445510cee7549c348789cbaa4b6e17ab6931aea85a6051f3d3c056472e6900e9b711063a01a70abcced4d271558e455f397df98 b/modules/sync/envoyproxy/envoy/cas/e1d0772c1e79f87f10446e70e445510cee7549c348789cbaa4b6e17ab6931aea85a6051f3d3c056472e6900e9b711063a01a70abcced4d271558e455f397df98 new file mode 100644 index 00000000..926fdb53 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/e1d0772c1e79f87f10446e70e445510cee7549c348789cbaa4b6e17ab6931aea85a6051f3d3c056472e6900e9b711063a01a70abcced4d271558e455f397df98 @@ -0,0 +1,73 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.kafka_broker.v3; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.kafka_broker.v3"; +option java_outer_classname = "KafkaBrokerProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/kafka_broker/v3;kafka_brokerv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Kafka Broker] +// Kafka Broker :ref:`configuration overview `. +// [#extension: envoy.filters.network.kafka_broker] +// [#next-free-field: 6] +message KafkaBroker { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.network.kafka_broker.v2alpha1.KafkaBroker"; + + // The prefix to use when emitting :ref:`statistics `. + string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; + + // Set to true if broker filter should attempt to serialize the received responses from the + // upstream broker instead of passing received bytes as is. + // Disabled by default. + bool force_response_rewrite = 2; + + // Optional broker address rewrite specification. + // Allows the broker filter to rewrite Kafka responses so that all connections established by + // the Kafka clients point to Envoy. + // This allows Kafka cluster not to configure its 'advertised.listeners' property + // (as the necessary re-pointing will be done by this filter). + // This collection of rules should cover all brokers in the cluster that is being proxied, + // otherwise some nodes' addresses might leak to the downstream clients. + oneof broker_address_rewrite_spec { + // Broker address rewrite rules that match by broker ID. + IdBasedBrokerRewriteSpec id_based_broker_address_rewrite_spec = 3; + } + + // Optional list of allowed Kafka API keys. Only requests with provided API keys will be + // routed, otherwise the connection will be closed. No effect if empty. + repeated uint32 api_keys_allowed = 4 + [(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}]; + + // Optional list of denied Kafka API keys. Requests with API keys matching this list will have + // the connection closed. No effect if empty. + repeated uint32 api_keys_denied = 5 + [(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}]; +} + +// Collection of rules matching by broker ID. +message IdBasedBrokerRewriteSpec { + repeated IdBasedBrokerRewriteRule rules = 1; +} + +// Defines a rule to rewrite broker address data. +message IdBasedBrokerRewriteRule { + // Broker ID to match. + uint32 id = 1 [(validate.rules).uint32 = {gte: 0}]; + + // The host value to use (resembling the host part of Kafka's advertised.listeners). + // The value should point to the Envoy (not Kafka) listener, so that all client traffic goes + // through Envoy. + string host = 2 [(validate.rules).string = {min_len: 1}]; + + // The port value to use (resembling the port part of Kafka's advertised.listeners). + // The value should point to the Envoy (not Kafka) listener, so that all client traffic goes + // through Envoy. + uint32 port = 3 [(validate.rules).uint32 = {lte: 65535}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/e21dabe4f701068b930a6c2586ed13869ab20e7756b0ab88bf4730ac17d0eca7b68083f2fb86a8a15acf96150b78411dd840a35bb2865cceeb2c2840913e3f59 b/modules/sync/envoyproxy/envoy/cas/e21dabe4f701068b930a6c2586ed13869ab20e7756b0ab88bf4730ac17d0eca7b68083f2fb86a8a15acf96150b78411dd840a35bb2865cceeb2c2840913e3f59 new file mode 100644 index 00000000..87f725e1 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/e21dabe4f701068b930a6c2586ed13869ab20e7756b0ab88bf4730ac17d0eca7b68083f2fb86a8a15acf96150b78411dd840a35bb2865cceeb2c2840913e3f59 @@ -0,0 +1,100 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.ip_tagging.v3; + +import "envoy/config/core/v3/address.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.ip_tagging.v3"; +option java_outer_classname = "IpTaggingProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ip_tagging/v3;ip_taggingv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: IP tagging] +// IP tagging :ref:`configuration overview `. +// [#extension: envoy.filters.http.ip_tagging] + +// [#next-free-field: 6] +message IPTagging { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ip_tagging.v2.IPTagging"; + + // The type of requests the filter should apply to. The supported types + // are internal, external or both. The + // :ref:`x-forwarded-for` header is + // used to determine if a request is internal and will result in + // :ref:`x-envoy-internal` + // being set. The filter defaults to both, and it will apply to all request types. + enum RequestType { + // Both external and internal requests will be tagged. This is the default value. + BOTH = 0; + + // Only internal requests will be tagged. + INTERNAL = 1; + + // Only external requests will be tagged. + EXTERNAL = 2; + } + + // Supplies the IP tag name and the IP address subnets. + message IPTag { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.filter.http.ip_tagging.v2.IPTagging.IPTag"; + + // Specifies the IP tag name to apply. + string ip_tag_name = 1; + + // A list of IP address subnets that will be tagged with + // ip_tag_name. Both IPv4 and IPv6 are supported. + repeated config.core.v3.CidrRange ip_list = 2; + } + + // Specify to which header the tags will be written. + message IpTagHeader { + // Describes how to apply the tags to the headers. + enum HeaderAction { + // (DEFAULT) The header specified in :ref:`ip_tag_header ` + // will be dropped, before the tags are applied. The incoming header will be "sanitized" regardless of whether the request is internal or external. + // + // Note that the header will be visible unsanitized to any filters that are invoked before the ip-tag-header filter, unless it has an *x-envoy* prefix. + SANITIZE = 0; + + // Tags will be appended to the header specified in + // :ref:`ip_tag_header `. + // + // Please note that this could cause the header to retain values set by the http client regardless of whether the request is internal or external. + APPEND_IF_EXISTS_OR_ADD = 1; + } + + // Header to use for ip-tagging. + // + // This header will be sanitized based on the config in + // :ref:`action ` + // rather than the defaults for x-envoy prefixed headers. + string header = 1 + [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; + + // Control if the :ref:`header ` + // will be sanitized, or be appended to. + // + // Default: *SANITIZE*. + HeaderAction action = 2; + } + + // The type of request the filter should apply to. + RequestType request_type = 1 [(validate.rules).enum = {defined_only: true}]; + + // [#comment:TODO(ccaraman): Extend functionality to load IP tags from file system. + // Tracked by issue https://github.com/envoyproxy/envoy/issues/2695] + // The set of IP tags for the filter. + repeated IPTag ip_tags = 4 [(validate.rules).repeated = {min_items: 1}]; + + // Specify to which header the tags will be written. + // + // If left unspecified, the tags will be appended to the ``x-envoy-ip-tags`` header. + IpTagHeader ip_tag_header = 5; +} diff --git a/modules/sync/envoyproxy/envoy/cas/e3ea7ba1c2fcc332e031713bde4b92e894ad6d650df9355b1d6cfd29439fe33578be62cba39f88f3c8a8845edeb0fae6a15a7874043b40b4f45e566c639bb19b b/modules/sync/envoyproxy/envoy/cas/e3ea7ba1c2fcc332e031713bde4b92e894ad6d650df9355b1d6cfd29439fe33578be62cba39f88f3c8a8845edeb0fae6a15a7874043b40b4f45e566c639bb19b new file mode 100644 index 00000000..0f01889c --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/e3ea7ba1c2fcc332e031713bde4b92e894ad6d650df9355b1d6cfd29439fe33578be62cba39f88f3c8a8845edeb0fae6a15a7874043b40b4f45e566c639bb19b @@ -0,0 +1,42 @@ +syntax = "proto3"; + +package envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3; + +import "envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3"; +option java_outer_classname = "SniDynamicForwardProxyProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3;sni_dynamic_forward_proxyv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: SNI dynamic forward proxy] + +// Configuration for the SNI-based dynamic forward proxy filter. See the +// :ref:`architecture overview ` for +// more information. Note this filter must be configured along with +// :ref:`TLS inspector listener filter ` +// to work. +// [#extension: envoy.filters.network.sni_dynamic_forward_proxy] +message FilterConfig { + // The DNS cache configuration that the filter will attach to. Note this + // configuration must match that of associated :ref:`dynamic forward proxy + // cluster configuration + // `. + common.dynamic_forward_proxy.v3.DnsCacheConfig dns_cache_config = 1 + [(validate.rules).message = {required: true}]; + + oneof port_specifier { + // The port number to connect to the upstream. + uint32 port_value = 2 [(validate.rules).uint32 = {lte: 65535 gt: 0}]; + } + + // When this flag is set, the filter will add the resolved upstream address in the filter + // state. The state should be saved with key + // ``envoy.stream.upstream_address`` (See + // :repo:`upstream_address.h`). + bool save_upstream_address = 3; +} diff --git a/modules/sync/envoyproxy/envoy/cas/e3fbc3da2acacca933166dc9dabde689f5f20e29f2b7ab43f839c0b29c8bb5bea668ff8536544d06a5a0020b7c537e3789fe9a671b2e217880442891c899d9a3 b/modules/sync/envoyproxy/envoy/cas/e3fbc3da2acacca933166dc9dabde689f5f20e29f2b7ab43f839c0b29c8bb5bea668ff8536544d06a5a0020b7c537e3789fe9a671b2e217880442891c899d9a3 new file mode 100644 index 00000000..db4e31fb --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/e3fbc3da2acacca933166dc9dabde689f5f20e29f2b7ab43f839c0b29c8bb5bea668ff8536544d06a5a0020b7c537e3789fe9a671b2e217880442891c899d9a3 @@ -0,0 +1,22 @@ +syntax = "proto3"; + +package envoy.extensions.clusters.common.dns.v3; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.clusters.common.dns.v3"; +option java_outer_classname = "DnsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/common/dns/v3;dnsv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: DNS configuration for clusters] + +enum DnsLookupFamily { + UNSPECIFIED = 0; + AUTO = 1; + V4_ONLY = 2; + V6_ONLY = 3; + V4_PREFERRED = 4; + ALL = 5; +} diff --git a/modules/sync/envoyproxy/envoy/cas/e5c3e7849f8aab45cf872016d0b6f6288e7d1694fe103e3b0f64e74a7444dec99b7f296e59cbfe28373c351b0404b7c865e1281b175c19434c5b84f3d4225d03 b/modules/sync/envoyproxy/envoy/cas/e5c3e7849f8aab45cf872016d0b6f6288e7d1694fe103e3b0f64e74a7444dec99b7f296e59cbfe28373c351b0404b7c865e1281b175c19434c5b84f3d4225d03 new file mode 100644 index 00000000..b34e004d --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/e5c3e7849f8aab45cf872016d0b6f6288e7d1694fe103e3b0f64e74a7444dec99b7f296e59cbfe28373c351b0404b7c865e1281b175c19434c5b84f3d4225d03 @@ -0,0 +1,420 @@ +syntax = "proto3"; + +package envoy.admin.v3; + +import "google/protobuf/any.proto"; +import "google/protobuf/timestamp.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.admin.v3"; +option java_outer_classname = "ConfigDumpSharedProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v3;adminv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: ConfigDump] + +// Resource status from the view of a xDS client, which tells the synchronization +// status between the xDS client and the xDS server. +enum ClientResourceStatus { + // Resource status is not available/unknown. + UNKNOWN = 0; + + // Client requested this resource but hasn't received any update from management + // server. The client will not fail requests, but will queue them until update + // arrives or the client times out waiting for the resource. + REQUESTED = 1; + + // This resource has been requested by the client but has either not been + // delivered by the server or was previously delivered by the server and then + // subsequently removed from resources provided by the server. For more + // information, please refer to the :ref:`"Knowing When a Requested Resource + // Does Not Exist" ` section. + DOES_NOT_EXIST = 2; + + // Client received this resource and replied with ACK. + ACKED = 3; + + // Client received this resource and replied with NACK. + NACKED = 4; + + // Client received an error from the control plane. The attached config + // dump is the most recent accepted one. If no config is accepted yet, + // the attached config dump will be empty. + RECEIVED_ERROR = 5; + + // Client timed out waiting for the resource from the control plane. + TIMEOUT = 6; +} + +message UpdateFailureState { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.UpdateFailureState"; + + // What the component configuration would have been if the update had succeeded. + // This field may not be populated by xDS clients due to storage overhead. + google.protobuf.Any failed_configuration = 1; + + // Time of the latest failed update attempt. + google.protobuf.Timestamp last_update_attempt = 2; + + // Details about the last failed update attempt. + string details = 3; + + // This is the version of the rejected resource. + // [#not-implemented-hide:] + string version_info = 4; +} + +// Envoy's listener manager fills this message with all currently known listeners. Listener +// configuration information can be used to recreate an Envoy configuration by populating all +// listeners as static listeners or by returning them in a LDS response. +message ListenersConfigDump { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ListenersConfigDump"; + + // Describes a statically loaded listener. + message StaticListener { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ListenersConfigDump.StaticListener"; + + // The listener config. + google.protobuf.Any listener = 1; + + // The timestamp when the Listener was last successfully updated. + google.protobuf.Timestamp last_updated = 2; + } + + message DynamicListenerState { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ListenersConfigDump.DynamicListenerState"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time + // that the listener was loaded. In the future, discrete per-listener versions may be supported + // by the API. + string version_info = 1; + + // The listener config. + google.protobuf.Any listener = 2; + + // The timestamp when the Listener was last successfully updated. + google.protobuf.Timestamp last_updated = 3; + } + + // Describes a dynamically loaded listener via the LDS API. + // [#next-free-field: 7] + message DynamicListener { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ListenersConfigDump.DynamicListener"; + + // The name or unique id of this listener, pulled from the DynamicListenerState config. + string name = 1; + + // The listener state for any active listener by this name. + // These are listeners that are available to service data plane traffic. + DynamicListenerState active_state = 2; + + // The listener state for any warming listener by this name. + // These are listeners that are currently undergoing warming in preparation to service data + // plane traffic. Note that if attempting to recreate an Envoy configuration from a + // configuration dump, the warming listeners should generally be discarded. + DynamicListenerState warming_state = 3; + + // The listener state for any draining listener by this name. + // These are listeners that are currently undergoing draining in preparation to stop servicing + // data plane traffic. Note that if attempting to recreate an Envoy configuration from a + // configuration dump, the draining listeners should generally be discarded. + DynamicListenerState draining_state = 4; + + // Set if the last update failed, cleared after the next successful update. + // The ``error_state`` field contains the rejected version of this particular + // resource along with the reason and timestamp. For successfully updated or + // acknowledged resource, this field should be empty. + UpdateFailureState error_state = 5; + + // The client status of this resource. + // [#not-implemented-hide:] + ClientResourceStatus client_status = 6; + } + + // This is the :ref:`version_info ` in the + // last processed LDS discovery response. If there are only static bootstrap listeners, this field + // will be "". + string version_info = 1; + + // The statically loaded listener configs. + repeated StaticListener static_listeners = 2; + + // State for any warming, active, or draining listeners. + repeated DynamicListener dynamic_listeners = 3; +} + +// Envoy's cluster manager fills this message with all currently known clusters. Cluster +// configuration information can be used to recreate an Envoy configuration by populating all +// clusters as static clusters or by returning them in a CDS response. +message ClustersConfigDump { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ClustersConfigDump"; + + // Describes a statically loaded cluster. + message StaticCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ClustersConfigDump.StaticCluster"; + + // The cluster config. + google.protobuf.Any cluster = 1; + + // The timestamp when the Cluster was last updated. + google.protobuf.Timestamp last_updated = 2; + } + + // Describes a dynamically loaded cluster via the CDS API. + // [#next-free-field: 6] + message DynamicCluster { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ClustersConfigDump.DynamicCluster"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time + // that the cluster was loaded. In the future, discrete per-cluster versions may be supported by + // the API. + string version_info = 1; + + // The cluster config. + google.protobuf.Any cluster = 2; + + // The timestamp when the Cluster was last updated. + google.protobuf.Timestamp last_updated = 3; + + // Set if the last update failed, cleared after the next successful update. + // The ``error_state`` field contains the rejected version of this particular + // resource along with the reason and timestamp. For successfully updated or + // acknowledged resource, this field should be empty. + // [#not-implemented-hide:] + UpdateFailureState error_state = 4; + + // The client status of this resource. + // [#not-implemented-hide:] + ClientResourceStatus client_status = 5; + } + + // This is the :ref:`version_info ` in the + // last processed CDS discovery response. If there are only static bootstrap clusters, this field + // will be "". + string version_info = 1; + + // The statically loaded cluster configs. + repeated StaticCluster static_clusters = 2; + + // The dynamically loaded active clusters. These are clusters that are available to service + // data plane traffic. + repeated DynamicCluster dynamic_active_clusters = 3; + + // The dynamically loaded warming clusters. These are clusters that are currently undergoing + // warming in preparation to service data plane traffic. Note that if attempting to recreate an + // Envoy configuration from a configuration dump, the warming clusters should generally be + // discarded. + repeated DynamicCluster dynamic_warming_clusters = 4; +} + +// Envoy's RDS implementation fills this message with all currently loaded routes, as described by +// their RouteConfiguration objects. Static routes that are either defined in the bootstrap configuration +// or defined inline while configuring listeners are separated from those configured dynamically via RDS. +// Route configuration information can be used to recreate an Envoy configuration by populating all routes +// as static routes or by returning them in RDS responses. +message RoutesConfigDump { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.RoutesConfigDump"; + + message StaticRouteConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.RoutesConfigDump.StaticRouteConfig"; + + // The route config. + google.protobuf.Any route_config = 1; + + // The timestamp when the Route was last updated. + google.protobuf.Timestamp last_updated = 2; + } + + // [#next-free-field: 6] + message DynamicRouteConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.RoutesConfigDump.DynamicRouteConfig"; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time that + // the route configuration was loaded. + string version_info = 1; + + // The route config. + google.protobuf.Any route_config = 2; + + // The timestamp when the Route was last updated. + google.protobuf.Timestamp last_updated = 3; + + // Set if the last update failed, cleared after the next successful update. + // The ``error_state`` field contains the rejected version of this particular + // resource along with the reason and timestamp. For successfully updated or + // acknowledged resource, this field should be empty. + // [#not-implemented-hide:] + UpdateFailureState error_state = 4; + + // The client status of this resource. + // [#not-implemented-hide:] + ClientResourceStatus client_status = 5; + } + + // The statically loaded route configs. + repeated StaticRouteConfig static_route_configs = 2; + + // The dynamically loaded route configs. + repeated DynamicRouteConfig dynamic_route_configs = 3; +} + +// Envoy's scoped RDS implementation fills this message with all currently loaded route +// configuration scopes (defined via ScopedRouteConfigurationsSet protos). This message lists both +// the scopes defined inline with the higher order object (i.e., the HttpConnectionManager) and the +// dynamically obtained scopes via the SRDS API. +message ScopedRoutesConfigDump { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ScopedRoutesConfigDump"; + + message InlineScopedRouteConfigs { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ScopedRoutesConfigDump.InlineScopedRouteConfigs"; + + // The name assigned to the scoped route configurations. + string name = 1; + + // The scoped route configurations. + repeated google.protobuf.Any scoped_route_configs = 2; + + // The timestamp when the scoped route config set was last updated. + google.protobuf.Timestamp last_updated = 3; + } + + // [#next-free-field: 7] + message DynamicScopedRouteConfigs { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.ScopedRoutesConfigDump.DynamicScopedRouteConfigs"; + + // The name assigned to the scoped route configurations. + string name = 1; + + // This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time that + // the scoped routes configuration was loaded. + string version_info = 2; + + // The scoped route configurations. + repeated google.protobuf.Any scoped_route_configs = 3; + + // The timestamp when the scoped route config set was last updated. + google.protobuf.Timestamp last_updated = 4; + + // Set if the last update failed, cleared after the next successful update. + // The ``error_state`` field contains the rejected version of this particular + // resource along with the reason and timestamp. For successfully updated or + // acknowledged resource, this field should be empty. + // [#not-implemented-hide:] + UpdateFailureState error_state = 5; + + // The client status of this resource. + // [#not-implemented-hide:] + ClientResourceStatus client_status = 6; + } + + // The statically loaded scoped route configs. + repeated InlineScopedRouteConfigs inline_scoped_route_configs = 1; + + // The dynamically loaded scoped route configs. + repeated DynamicScopedRouteConfigs dynamic_scoped_route_configs = 2; +} + +// Envoy's admin fill this message with all currently known endpoints. Endpoint +// configuration information can be used to recreate an Envoy configuration by populating all +// endpoints as static endpoints or by returning them in an EDS response. +message EndpointsConfigDump { + message StaticEndpointConfig { + // The endpoint config. + google.protobuf.Any endpoint_config = 1; + + // [#not-implemented-hide:] The timestamp when the Endpoint was last updated. + google.protobuf.Timestamp last_updated = 2; + } + + // [#next-free-field: 6] + message DynamicEndpointConfig { + // [#not-implemented-hide:] This is the per-resource version information. This version is currently taken from the + // :ref:`version_info ` field at the time that + // the endpoint configuration was loaded. + string version_info = 1; + + // The endpoint config. + google.protobuf.Any endpoint_config = 2; + + // [#not-implemented-hide:] The timestamp when the Endpoint was last updated. + google.protobuf.Timestamp last_updated = 3; + + // Set if the last update failed, cleared after the next successful update. + // The ``error_state`` field contains the rejected version of this particular + // resource along with the reason and timestamp. For successfully updated or + // acknowledged resource, this field should be empty. + // [#not-implemented-hide:] + UpdateFailureState error_state = 4; + + // The client status of this resource. + // [#not-implemented-hide:] + ClientResourceStatus client_status = 5; + } + + // The statically loaded endpoint configs. + repeated StaticEndpointConfig static_endpoint_configs = 2; + + // The dynamically loaded endpoint configs. + repeated DynamicEndpointConfig dynamic_endpoint_configs = 3; +} + +// Envoy's ECDS service fills this message with all currently extension +// configuration. Extension configuration information can be used to recreate +// an Envoy ECDS listener and HTTP filters as static filters or by returning +// them in ECDS response. +message EcdsConfigDump { + option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.EcdsConfigDump"; + + // [#next-free-field: 6] + message EcdsFilterConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.admin.v2alpha.EcdsConfigDump.EcdsFilterConfig"; + + // This is the per-resource version information. This version is currently + // taken from the :ref:`version_info + // ` + // field at the time that the ECDS filter was loaded. + string version_info = 1; + + // The ECDS filter config. + google.protobuf.Any ecds_filter = 2; + + // The timestamp when the ECDS filter was last updated. + google.protobuf.Timestamp last_updated = 3; + + // Set if the last update failed, cleared after the next successful update. + // The ``error_state`` field contains the rejected version of this + // particular resource along with the reason and timestamp. For successfully + // updated or acknowledged resource, this field should be empty. + // [#not-implemented-hide:] + UpdateFailureState error_state = 4; + + // The client status of this resource. + // [#not-implemented-hide:] + ClientResourceStatus client_status = 5; + } + + // The ECDS filter configs. + repeated EcdsFilterConfig ecds_filters = 1; +} diff --git a/modules/sync/envoyproxy/envoy/cas/ebf748fd4dcfff091c2dd3e683ab0cbfbea458b8fc74989b53812d68e37aa595dbfaa781e456f98ca651ddb53629f52f4908d58a5e4d733b506977b98628c1a7 b/modules/sync/envoyproxy/envoy/cas/ebf748fd4dcfff091c2dd3e683ab0cbfbea458b8fc74989b53812d68e37aa595dbfaa781e456f98ca651ddb53629f52f4908d58a5e4d733b506977b98628c1a7 new file mode 100644 index 00000000..f4c8e4b6 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/ebf748fd4dcfff091c2dd3e683ab0cbfbea458b8fc74989b53812d68e37aa595dbfaa781e456f98ca651ddb53629f52f4908d58a5e4d733b506977b98628c1a7 @@ -0,0 +1,1364 @@ +syntax = "proto3"; + +package envoy.config.cluster.v3; + +import "envoy/config/cluster/v3/circuit_breaker.proto"; +import "envoy/config/cluster/v3/filter.proto"; +import "envoy/config/cluster/v3/outlier_detection.proto"; +import "envoy/config/core/v3/address.proto"; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/config_source.proto"; +import "envoy/config/core/v3/extension.proto"; +import "envoy/config/core/v3/health_check.proto"; +import "envoy/config/core/v3/protocol.proto"; +import "envoy/config/core/v3/resolver.proto"; +import "envoy/config/endpoint/v3/endpoint.proto"; +import "envoy/type/metadata/v3/metadata.proto"; +import "envoy/type/v3/percent.proto"; + +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/wrappers.proto"; + +import "xds/core/v3/collection_entry.proto"; + +import "envoy/annotations/deprecation.proto"; +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/security.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.v3"; +option java_outer_classname = "ClusterProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3;clusterv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Cluster configuration] + +// Cluster list collections. Entries are ``Cluster`` resources or references. +// [#not-implemented-hide:] +message ClusterCollection { + xds.core.v3.CollectionEntry entries = 1; +} + +// Configuration for a single upstream cluster. +// [#next-free-field: 59] +message Cluster { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster"; + + // Refer to :ref:`service discovery type ` + // for an explanation on each type. + enum DiscoveryType { + // Refer to the :ref:`static discovery type` + // for an explanation. + STATIC = 0; + + // Refer to the :ref:`strict DNS discovery + // type` + // for an explanation. + STRICT_DNS = 1; + + // Refer to the :ref:`logical DNS discovery + // type` + // for an explanation. + LOGICAL_DNS = 2; + + // Refer to the :ref:`service discovery type` + // for an explanation. + EDS = 3; + + // Refer to the :ref:`original destination discovery + // type` + // for an explanation. + ORIGINAL_DST = 4; + } + + // Refer to :ref:`load balancer type ` architecture + // overview section for information on each type. + enum LbPolicy { + reserved 4; + + reserved "ORIGINAL_DST_LB"; + + // Refer to the :ref:`round robin load balancing + // policy` + // for an explanation. + ROUND_ROBIN = 0; + + // Refer to the :ref:`least request load balancing + // policy` + // for an explanation. + LEAST_REQUEST = 1; + + // Refer to the :ref:`ring hash load balancing + // policy` + // for an explanation. + RING_HASH = 2; + + // Refer to the :ref:`random load balancing + // policy` + // for an explanation. + RANDOM = 3; + + // Refer to the :ref:`Maglev load balancing policy` + // for an explanation. + MAGLEV = 5; + + // This load balancer type must be specified if the configured cluster provides a cluster + // specific load balancer. Consult the configured cluster's documentation for whether to set + // this option or not. + CLUSTER_PROVIDED = 6; + + // Use the new :ref:`load_balancing_policy + // ` field to determine the LB policy. + // This has been deprecated in favor of using the :ref:`load_balancing_policy + // ` field without + // setting any value in :ref:`lb_policy`. + LOAD_BALANCING_POLICY_CONFIG = 7; + } + + // When V4_ONLY is selected, the DNS resolver will only perform a lookup for + // addresses in the IPv4 family. If V6_ONLY is selected, the DNS resolver will + // only perform a lookup for addresses in the IPv6 family. If AUTO is + // specified, the DNS resolver will first perform a lookup for addresses in + // the IPv6 family and fallback to a lookup for addresses in the IPv4 family. + // This is semantically equivalent to a non-existent V6_PREFERRED option. + // AUTO is a legacy name that is more opaque than + // necessary and will be deprecated in favor of V6_PREFERRED in a future major version of the API. + // If V4_PREFERRED is specified, the DNS resolver will first perform a lookup for addresses in the + // IPv4 family and fallback to a lookup for addresses in the IPv6 family. i.e., the callback + // target will only get v6 addresses if there were NO v4 addresses to return. + // If ALL is specified, the DNS resolver will perform a lookup for both IPv4 and IPv6 families, + // and return all resolved addresses. When this is used, Happy Eyeballs will be enabled for + // upstream connections. Refer to :ref:`Happy Eyeballs Support ` + // for more information. + // For cluster types other than + // :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS`, + // this setting is + // ignored. + // [#next-major-version: deprecate AUTO in favor of a V6_PREFERRED option.] + enum DnsLookupFamily { + AUTO = 0; + V4_ONLY = 1; + V6_ONLY = 2; + V4_PREFERRED = 3; + ALL = 4; + } + + enum ClusterProtocolSelection { + // Cluster can only operate on one of the possible upstream protocols (HTTP1.1, HTTP2). + // If :ref:`http2_protocol_options ` are + // present, HTTP2 will be used, otherwise HTTP1.1 will be used. + USE_CONFIGURED_PROTOCOL = 0; + + // Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection. + USE_DOWNSTREAM_PROTOCOL = 1; + } + + // TransportSocketMatch specifies what transport socket config will be used + // when the match conditions are satisfied. + message TransportSocketMatch { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.TransportSocketMatch"; + + // The name of the match, used in stats generation. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Optional metadata match criteria. + // The connection to the endpoint with metadata matching what is set in this field + // will use the transport socket configuration specified here. + // The endpoint's metadata entry in ``envoy.transport_socket_match`` is used to match + // against the values specified in this field. + google.protobuf.Struct match = 2; + + // The configuration of the transport socket. + // [#extension-category: envoy.transport_sockets.upstream] + core.v3.TransportSocket transport_socket = 3; + } + + // Extended cluster type. + message CustomClusterType { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.CustomClusterType"; + + // The type of the cluster to instantiate. The name must match a supported cluster type. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // Cluster specific configuration which depends on the cluster being instantiated. + // See the supported cluster for further documentation. + // [#extension-category: envoy.clusters] + google.protobuf.Any typed_config = 2; + } + + // Only valid when discovery type is EDS. + message EdsClusterConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.EdsClusterConfig"; + + // Configuration for the source of EDS updates for this Cluster. + core.v3.ConfigSource eds_config = 1; + + // Optional alternative to cluster name to present to EDS. This does not + // have the same restrictions as cluster name, i.e. it may be arbitrary + // length. This may be a xdstp:// URL. + string service_name = 2; + } + + // Optionally divide the endpoints in this cluster into subsets defined by + // endpoint metadata and selected by route and weighted cluster metadata. + // [#next-free-field: 9] + message LbSubsetConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.LbSubsetConfig"; + + // If NO_FALLBACK is selected, a result + // equivalent to no healthy hosts is reported. If ANY_ENDPOINT is selected, + // any cluster endpoint may be returned (subject to policy, health checks, + // etc). If DEFAULT_SUBSET is selected, load balancing is performed over the + // endpoints matching the values from the default_subset field. + enum LbSubsetFallbackPolicy { + NO_FALLBACK = 0; + ANY_ENDPOINT = 1; + DEFAULT_SUBSET = 2; + } + + enum LbSubsetMetadataFallbackPolicy { + // No fallback. Route metadata will be used as-is. + METADATA_NO_FALLBACK = 0; + + // A special metadata key ``fallback_list`` will be used to provide variants of metadata to try. + // Value of ``fallback_list`` key has to be a list. Every list element has to be a struct - it will + // be merged with route metadata, overriding keys that appear in both places. + // ``fallback_list`` entries will be used in order until a host is found. + // + // ``fallback_list`` key itself is removed from metadata before subset load balancing is performed. + // + // Example: + // + // for metadata: + // + // .. code-block:: yaml + // + // version: 1.0 + // fallback_list: + // - version: 2.0 + // hardware: c64 + // - hardware: c32 + // - version: 3.0 + // + // at first, metadata: + // + // .. code-block:: json + // + // {"version": "2.0", "hardware": "c64"} + // + // will be used for load balancing. If no host is found, metadata: + // + // .. code-block:: json + // + // {"version": "1.0", "hardware": "c32"} + // + // is next to try. If it still results in no host, finally metadata: + // + // .. code-block:: json + // + // {"version": "3.0"} + // + // is used. + FALLBACK_LIST = 1; + } + + // Specifications for subsets. + message LbSubsetSelector { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.LbSubsetConfig.LbSubsetSelector"; + + // Allows to override top level fallback policy per selector. + enum LbSubsetSelectorFallbackPolicy { + // If NOT_DEFINED top level config fallback policy is used instead. + NOT_DEFINED = 0; + + // If NO_FALLBACK is selected, a result equivalent to no healthy hosts is reported. + NO_FALLBACK = 1; + + // If ANY_ENDPOINT is selected, any cluster endpoint may be returned + // (subject to policy, health checks, etc). + ANY_ENDPOINT = 2; + + // If DEFAULT_SUBSET is selected, load balancing is performed over the + // endpoints matching the values from the default_subset field. + DEFAULT_SUBSET = 3; + + // If KEYS_SUBSET is selected, subset selector matching is performed again with metadata + // keys reduced to + // :ref:`fallback_keys_subset`. + // It allows for a fallback to a different, less specific selector if some of the keys of + // the selector are considered optional. + KEYS_SUBSET = 4; + } + + // List of keys to match with the weighted cluster metadata. + repeated string keys = 1; + + // Selects a mode of operation in which each subset has only one host. This mode uses the same rules for + // choosing a host, but updating hosts is faster, especially for large numbers of hosts. + // + // If a match is found to a host, that host will be used regardless of priority levels. + // + // When this mode is enabled, configurations that contain more than one host with the same metadata value for the single key in ``keys`` + // will use only one of the hosts with the given key; no requests will be routed to the others. The cluster gauge + // :ref:`lb_subsets_single_host_per_subset_duplicate` indicates how many duplicates are + // present in the current configuration. + bool single_host_per_subset = 4; + + // The behavior used when no endpoint subset matches the selected route's + // metadata. + LbSubsetSelectorFallbackPolicy fallback_policy = 2 + [(validate.rules).enum = {defined_only: true}]; + + // Subset of + // :ref:`keys` used by + // :ref:`KEYS_SUBSET` + // fallback policy. + // It has to be a non empty list if KEYS_SUBSET fallback policy is selected. + // For any other fallback policy the parameter is not used and should not be set. + // Only values also present in + // :ref:`keys` are allowed, but + // ``fallback_keys_subset`` cannot be equal to ``keys``. + repeated string fallback_keys_subset = 3; + } + + // The behavior used when no endpoint subset matches the selected route's + // metadata. The value defaults to + // :ref:`NO_FALLBACK`. + LbSubsetFallbackPolicy fallback_policy = 1 [(validate.rules).enum = {defined_only: true}]; + + // Specifies the default subset of endpoints used during fallback if + // fallback_policy is + // :ref:`DEFAULT_SUBSET`. + // Each field in default_subset is + // compared to the matching LbEndpoint.Metadata under the ``envoy.lb`` + // namespace. It is valid for no hosts to match, in which case the behavior + // is the same as a fallback_policy of + // :ref:`NO_FALLBACK`. + google.protobuf.Struct default_subset = 2; + + // For each entry, LbEndpoint.Metadata's + // ``envoy.lb`` namespace is traversed and a subset is created for each unique + // combination of key and value. For example: + // + // .. code-block:: json + // + // { "subset_selectors": [ + // { "keys": [ "version" ] }, + // { "keys": [ "stage", "hardware_type" ] } + // ]} + // + // A subset is matched when the metadata from the selected route and + // weighted cluster contains the same keys and values as the subset's + // metadata. The same host may appear in multiple subsets. + repeated LbSubsetSelector subset_selectors = 3; + + // If true, routing to subsets will take into account the localities and locality weights of the + // endpoints when making the routing decision. + // + // There are some potential pitfalls associated with enabling this feature, as the resulting + // traffic split after applying both a subset match and locality weights might be undesirable. + // + // Consider for example a situation in which you have 50/50 split across two localities X/Y + // which have 100 hosts each without subsetting. If the subset LB results in X having only 1 + // host selected but Y having 100, then a lot more load is being dumped on the single host in X + // than originally anticipated in the load balancing assignment delivered via EDS. + bool locality_weight_aware = 4; + + // When used with locality_weight_aware, scales the weight of each locality by the ratio + // of hosts in the subset vs hosts in the original subset. This aims to even out the load + // going to an individual locality if said locality is disproportionately affected by the + // subset predicate. + bool scale_locality_weight = 5; + + // If true, when a fallback policy is configured and its corresponding subset fails to find + // a host this will cause any host to be selected instead. + // + // This is useful when using the default subset as the fallback policy, given the default + // subset might become empty. With this option enabled, if that happens the LB will attempt + // to select a host from the entire cluster. + bool panic_mode_any = 6; + + // If true, metadata specified for a metadata key will be matched against the corresponding + // endpoint metadata if the endpoint metadata matches the value exactly OR it is a list value + // and any of the elements in the list matches the criteria. + bool list_as_any = 7; + + // Fallback mechanism that allows to try different route metadata until a host is found. + // If load balancing process, including all its mechanisms (like + // :ref:`fallback_policy`) + // fails to select a host, this policy decides if and how the process is repeated using another metadata. + // + // The value defaults to + // :ref:`METADATA_NO_FALLBACK`. + LbSubsetMetadataFallbackPolicy metadata_fallback_policy = 8 + [(validate.rules).enum = {defined_only: true}]; + } + + // Configuration for :ref:`slow start mode `. + message SlowStartConfig { + // Represents the size of slow start window. + // If set, the newly created host remains in slow start mode starting from its creation time + // for the duration of slow start window. + google.protobuf.Duration slow_start_window = 1; + + // This parameter controls the speed of traffic increase over the slow start window. Defaults to 1.0, + // so that endpoint would get linearly increasing amount of traffic. + // When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly. + // The value of aggression parameter should be greater than 0.0. + // By tuning the parameter, is possible to achieve polynomial or exponential shape of ramp-up curve. + // + // During slow start window, effective weight of an endpoint would be scaled with time factor and aggression: + // ``new_weight = weight * max(min_weight_percent, time_factor ^ (1 / aggression))``, + // where ``time_factor=(time_since_start_seconds / slow_start_time_seconds)``. + // + // As time progresses, more and more traffic would be sent to endpoint, which is in slow start window. + // Once host exits slow start, time_factor and aggression no longer affect its weight. + core.v3.RuntimeDouble aggression = 2; + + // Configures the minimum percentage of origin weight that avoids too small new weight, + // which may cause endpoints in slow start mode receive no traffic in slow start window. + // If not specified, the default is 10%. + type.v3.Percent min_weight_percent = 3; + } + + // Specific configuration for the RoundRobin load balancing policy. + message RoundRobinLbConfig { + // Configuration for slow start mode. + // If this configuration is not set, slow start will not be not enabled. + SlowStartConfig slow_start_config = 1; + } + + // Specific configuration for the LeastRequest load balancing policy. + message LeastRequestLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.LeastRequestLbConfig"; + + // The number of random healthy hosts from which the host with the fewest active requests will + // be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set. + google.protobuf.UInt32Value choice_count = 1 [(validate.rules).uint32 = {gte: 2}]; + + // The following formula is used to calculate the dynamic weights when hosts have different load + // balancing weights: + // + // ``weight = load_balancing_weight / (active_requests + 1)^active_request_bias`` + // + // The larger the active request bias is, the more aggressively active requests will lower the + // effective weight when all host weights are not equal. + // + // ``active_request_bias`` must be greater than or equal to 0.0. + // + // When ``active_request_bias == 0.0`` the Least Request Load Balancer doesn't consider the number + // of active requests at the time it picks a host and behaves like the Round Robin Load + // Balancer. + // + // When ``active_request_bias > 0.0`` the Least Request Load Balancer scales the load balancing + // weight by the number of active requests at the time it does a pick. + // + // The value is cached for performance reasons and refreshed whenever one of the Load Balancer's + // host sets changes, e.g., whenever there is a host membership update or a host load balancing + // weight change. + // + // .. note:: + // This setting only takes effect if all host weights are not equal. + core.v3.RuntimeDouble active_request_bias = 2; + + // Configuration for slow start mode. + // If this configuration is not set, slow start will not be not enabled. + SlowStartConfig slow_start_config = 3; + } + + // Specific configuration for the :ref:`RingHash` + // load balancing policy. + message RingHashLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.RingHashLbConfig"; + + // The hash function used to hash hosts onto the ketama ring. + enum HashFunction { + // Use `xxHash `_, this is the default hash function. + XX_HASH = 0; + + // Use `MurmurHash2 `_, this is compatible with + // std:hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled + // on Linux and not macOS. + MURMUR_HASH_2 = 1; + } + + reserved 2; + + // Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each + // provided host) the better the request distribution will reflect the desired weights. Defaults + // to 1024 entries, and limited to 8M entries. See also + // :ref:`maximum_ring_size`. + google.protobuf.UInt64Value minimum_ring_size = 1 [(validate.rules).uint64 = {lte: 8388608}]; + + // The hash function used to hash hosts onto the ketama ring. The value defaults to + // :ref:`XX_HASH`. + HashFunction hash_function = 3 [(validate.rules).enum = {defined_only: true}]; + + // Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered + // to further constrain resource use. See also + // :ref:`minimum_ring_size`. + google.protobuf.UInt64Value maximum_ring_size = 4 [(validate.rules).uint64 = {lte: 8388608}]; + } + + // Specific configuration for the :ref:`Maglev` + // load balancing policy. + message MaglevLbConfig { + // The table size for Maglev hashing. Maglev aims for "minimal disruption" rather than an absolute guarantee. + // Minimal disruption means that when the set of upstream hosts change, a connection will likely be sent to the same + // upstream as it was before. Increasing the table size reduces the amount of disruption. + // The table size must be prime number limited to 5000011. If it is not specified, the default is 65537. + google.protobuf.UInt64Value table_size = 1 [(validate.rules).uint64 = {lte: 5000011}]; + } + + // Specific configuration for the + // :ref:`Original Destination ` + // load balancing policy. + // [#extension: envoy.clusters.original_dst] + message OriginalDstLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.OriginalDstLbConfig"; + + // When true, a HTTP header can be used to override the original dst address. The default header is + // :ref:`x-envoy-original-dst-host `. + // + // .. attention:: + // + // This header isn't sanitized by default, so enabling this feature allows HTTP clients to + // route traffic to arbitrary hosts and/or ports, which may have serious security + // consequences. + // + // .. note:: + // + // If the header appears multiple times only the first value is used. + bool use_http_header = 1; + + // The http header to override destination address if :ref:`use_http_header `. + // is set to true. If the value is empty, :ref:`x-envoy-original-dst-host ` will be used. + string http_header_name = 2; + + // The port to override for the original dst address. This port + // will take precedence over filter state and header override ports + google.protobuf.UInt32Value upstream_port_override = 3 [(validate.rules).uint32 = {lte: 65535}]; + + // The dynamic metadata key to override destination address. + // First the request metadata is considered, then the connection one. + type.metadata.v3.MetadataKey metadata_key = 4; + } + + // Common configuration for all load balancer implementations. + // [#next-free-field: 9] + message CommonLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.CommonLbConfig"; + + // Configuration for :ref:`zone aware routing + // `. + message ZoneAwareLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.CommonLbConfig.ZoneAwareLbConfig"; + + // Configures percentage of requests that will be considered for zone aware routing + // if zone aware routing is configured. If not specified, the default is 100%. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + type.v3.Percent routing_enabled = 1; + + // Configures minimum upstream cluster size required for zone aware routing + // If upstream cluster size is less than specified, zone aware routing is not performed + // even if zone aware routing is configured. If not specified, the default is 6. + // * :ref:`runtime values `. + // * :ref:`Zone aware routing support `. + google.protobuf.UInt64Value min_cluster_size = 2; + + // If set to true, Envoy will not consider any hosts when the cluster is in :ref:`panic + // mode`. Instead, the cluster will fail all + // requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a + // failing service. + bool fail_traffic_on_panic = 3; + } + + // Configuration for :ref:`locality weighted load balancing + // ` + message LocalityWeightedLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.CommonLbConfig.LocalityWeightedLbConfig"; + } + + // Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) + message ConsistentHashingLbConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.Cluster.CommonLbConfig.ConsistentHashingLbConfig"; + + // If set to ``true``, the cluster will use hostname instead of the resolved + // address as the key to consistently hash to an upstream host. Only valid for StrictDNS clusters with hostnames which resolve to a single IP address. + bool use_hostname_for_hashing = 1; + + // Configures percentage of average cluster load to bound per upstream host. For example, with a value of 150 + // no upstream host will get a load more than 1.5 times the average load of all the hosts in the cluster. + // If not specified, the load is not bounded for any upstream host. Typical value for this parameter is between 120 and 200. + // Minimum is 100. + // + // Applies to both Ring Hash and Maglev load balancers. + // + // This is implemented based on the method described in the paper https://arxiv.org/abs/1608.01350. For the specified + // ``hash_balance_factor``, requests to any upstream host are capped at ``hash_balance_factor/100`` times the average number of requests + // across the cluster. When a request arrives for an upstream host that is currently serving at its max capacity, linear probing + // is used to identify an eligible host. Further, the linear probe is implemented using a random jump in hosts ring/table to identify + // the eligible host (this technique is as described in the paper https://arxiv.org/abs/1908.08762 - the random jump avoids the + // cascading overflow effect when choosing the next host in the ring/table). + // + // If weights are specified on the hosts, they are respected. + // + // This is an O(N) algorithm, unlike other load balancers. Using a lower ``hash_balance_factor`` results in more hosts + // being probed, so use a higher value if you require better performance. + google.protobuf.UInt32Value hash_balance_factor = 2 [(validate.rules).uint32 = {gte: 100}]; + } + + // Configures the :ref:`healthy panic threshold `. + // If not specified, the default is 50%. + // To disable panic mode, set to 0%. + // + // .. note:: + // The specified percent will be truncated to the nearest 1%. + type.v3.Percent healthy_panic_threshold = 1; + + oneof locality_config_specifier { + ZoneAwareLbConfig zone_aware_lb_config = 2; + + LocalityWeightedLbConfig locality_weighted_lb_config = 3; + } + + // If set, all health check/weight/metadata updates that happen within this duration will be + // merged and delivered in one shot when the duration expires. The start of the duration is when + // the first update happens. This is useful for big clusters, with potentially noisy deploys + // that might trigger excessive CPU usage due to a constant stream of healthcheck state changes + // or metadata updates. The first set of updates to be seen apply immediately (e.g.: a new + // cluster). Please always keep in mind that the use of sandbox technologies may change this + // behavior. + // + // If this is not set, we default to a merge window of 1000ms. To disable it, set the merge + // window to 0. + // + // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is + // because merging those updates isn't currently safe. See + // https://github.com/envoyproxy/envoy/pull/3941. + google.protobuf.Duration update_merge_window = 4; + + // If set to true, Envoy will :ref:`exclude ` new hosts + // when computing load balancing weights until they have been health checked for the first time. + // This will have no effect unless active health checking is also configured. + bool ignore_new_hosts_until_first_hc = 5; + + // If set to ``true``, the cluster manager will drain all existing + // connections to upstream hosts whenever hosts are added or removed from the cluster. + bool close_connections_on_host_set_change = 6; + + // Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) + ConsistentHashingLbConfig consistent_hashing_lb_config = 7; + + // This controls what hosts are considered valid when using + // :ref:`host overrides `, which is used by some + // filters to modify the load balancing decision. + // + // If this is unset then [UNKNOWN, HEALTHY, DEGRADED] will be applied by default. If this is + // set with an empty set of statuses then host overrides will be ignored by the load balancing. + core.v3.HealthStatusSet override_host_status = 8; + } + + message RefreshRate { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster.RefreshRate"; + + // Specifies the base interval between refreshes. This parameter is required and must be greater + // than zero and less than + // :ref:`max_interval `. + google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { + required: true + gt {nanos: 1000000} + }]; + + // Specifies the maximum interval between refreshes. This parameter is optional, but must be + // greater than or equal to the + // :ref:`base_interval ` if set. The default + // is 10 times the :ref:`base_interval `. + google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}]; + } + + message PreconnectPolicy { + // Indicates how many streams (rounded up) can be anticipated per-upstream for each + // incoming stream. This is useful for high-QPS or latency-sensitive services. Preconnecting + // will only be done if the upstream is healthy and the cluster has traffic. + // + // For example if this is 2, for an incoming HTTP/1.1 stream, 2 connections will be + // established, one for the new incoming stream, and one for a presumed follow-up stream. For + // HTTP/2, only one connection would be established by default as one connection can + // serve both the original and presumed follow-up stream. + // + // In steady state for non-multiplexed connections a value of 1.5 would mean if there were 100 + // active streams, there would be 100 connections in use, and 50 connections preconnected. + // This might be a useful value for something like short lived single-use connections, + // for example proxying HTTP/1.1 if keep-alive were false and each stream resulted in connection + // termination. It would likely be overkill for long lived connections, such as TCP proxying SMTP + // or regular HTTP/1.1 with keep-alive. For long lived traffic, a value of 1.05 would be more + // reasonable, where for every 100 connections, 5 preconnected connections would be in the queue + // in case of unexpected disconnects where the connection could not be reused. + // + // If this value is not set, or set explicitly to one, Envoy will fetch as many connections + // as needed to serve streams in flight. This means in steady state if a connection is torn down, + // a subsequent streams will pay an upstream-rtt latency penalty waiting for a new connection. + // + // This is limited somewhat arbitrarily to 3 because preconnecting too aggressively can + // harm latency more than the preconnecting helps. + google.protobuf.DoubleValue per_upstream_preconnect_ratio = 1 + [(validate.rules).double = {lte: 3.0 gte: 1.0}]; + + // Indicates how many streams (rounded up) can be anticipated across a cluster for each + // stream, useful for low QPS services. This is currently supported for a subset of + // deterministic non-hash-based load-balancing algorithms (weighted round robin, random). + // Unlike ``per_upstream_preconnect_ratio`` this preconnects across the upstream instances in a + // cluster, doing best effort predictions of what upstream would be picked next and + // pre-establishing a connection. + // + // Preconnecting will be limited to one preconnect per configured upstream in the cluster and will + // only be done if there are healthy upstreams and the cluster has traffic. + // + // For example if preconnecting is set to 2 for a round robin HTTP/2 cluster, on the first + // incoming stream, 2 connections will be preconnected - one to the first upstream for this + // cluster, one to the second on the assumption there will be a follow-up stream. + // + // If this value is not set, or set explicitly to one, Envoy will fetch as many connections + // as needed to serve streams in flight, so during warm up and in steady state if a connection + // is closed (and per_upstream_preconnect_ratio is not set), there will be a latency hit for + // connection establishment. + // + // If both this and preconnect_ratio are set, Envoy will make sure both predicted needs are met, + // basically preconnecting max(predictive-preconnect, per-upstream-preconnect), for each + // upstream. + google.protobuf.DoubleValue predictive_preconnect_ratio = 2 + [(validate.rules).double = {lte: 3.0 gte: 1.0}]; + } + + reserved 12, 15, 7, 11, 35; + + reserved "hosts", "tls_context", "extension_protocol_options"; + + // Configuration to use different transport sockets for different endpoints. The entry of + // ``envoy.transport_socket_match`` in the :ref:`LbEndpoint.Metadata + // ` is used to match against the + // transport sockets as they appear in the list. If a match is not found, the search continues in + // :ref:`LocalityLbEndpoints.Metadata + // `. The first :ref:`match + // ` is used. For example, with + // the following match + // + // .. code-block:: yaml + // + // transport_socket_matches: + // - name: "enableMTLS" + // match: + // acceptMTLS: true + // transport_socket: + // name: envoy.transport_sockets.tls + // config: { ... } # tls socket configuration + // - name: "defaultToPlaintext" + // match: {} + // transport_socket: + // name: envoy.transport_sockets.raw_buffer + // + // Connections to the endpoints whose metadata value under ``envoy.transport_socket_match`` + // having "acceptMTLS"/"true" key/value pair use the "enableMTLS" socket configuration. + // + // If a :ref:`socket match ` with empty match + // criteria is provided, that always match any endpoint. For example, the "defaultToPlaintext" + // socket match in case above. + // + // If an endpoint metadata's value under ``envoy.transport_socket_match`` does not match any + // ``TransportSocketMatch``, the locality metadata is then checked for a match. Barring any + // matches in the endpoint or locality metadata, the socket configuration fallbacks to use the + // ``tls_context`` or ``transport_socket`` specified in this cluster. + // + // This field allows gradual and flexible transport socket configuration changes. + // + // The metadata of endpoints in EDS can indicate transport socket capabilities. For example, + // an endpoint's metadata can have two key value pairs as "acceptMTLS": "true", + // "acceptPlaintext": "true". While some other endpoints, only accepting plaintext traffic + // has "acceptPlaintext": "true" metadata information. + // + // Then the xDS server can configure the CDS to a client, Envoy A, to send mutual TLS + // traffic for endpoints with "acceptMTLS": "true", by adding a corresponding + // ``TransportSocketMatch`` in this field. Other client Envoys receive CDS without + // ``transport_socket_match`` set, and still send plain text traffic to the same cluster. + // + // This field can be used to specify custom transport socket configurations for health + // checks by adding matching key/value pairs in a health check's + // :ref:`transport socket match criteria ` field. + // + // [#comment:TODO(incfly): add a detailed architecture doc on intended usage.] + repeated TransportSocketMatch transport_socket_matches = 43; + + // Supplies the name of the cluster which must be unique across all clusters. + // The cluster name is used when emitting + // :ref:`statistics ` if :ref:`alt_stat_name + // ` is not provided. + // Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics. + string name = 1 [(validate.rules).string = {min_len: 1}]; + + // An optional alternative to the cluster name to be used for observability. This name is used + // emitting stats for the cluster and access logging the cluster name. This will appear as + // additional information in configuration dumps of a cluster's current status as + // :ref:`observability_name ` + // and as an additional tag "upstream_cluster.name" while tracing. Note: Any ``:`` in the name + // will be converted to ``_`` when emitting statistics. This should not be confused with + // :ref:`Router Filter Header `. + string alt_stat_name = 28 [(udpa.annotations.field_migrate).rename = "observability_name"]; + + oneof cluster_discovery_type { + // The :ref:`service discovery type ` + // to use for resolving the cluster. + DiscoveryType type = 2 [(validate.rules).enum = {defined_only: true}]; + + // The custom cluster type. + CustomClusterType cluster_type = 38; + } + + // Configuration to use for EDS updates for the Cluster. + EdsClusterConfig eds_cluster_config = 3; + + // The timeout for new network connections to hosts in the cluster. + // If not set, a default value of 5s will be used. + google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}]; + + // Soft limit on size of the cluster’s connections read and write buffers. If + // unspecified, an implementation defined default is applied (1MiB). + google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5 + [(udpa.annotations.security).configure_for_untrusted_upstream = true]; + + // The :ref:`load balancer type ` to use + // when picking a host in the cluster. + LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}]; + + // Setting this is required for specifying members of + // :ref:`STATIC`, + // :ref:`STRICT_DNS` + // or :ref:`LOGICAL_DNS` clusters. + // This field supersedes the ``hosts`` field in the v2 API. + // + // .. attention:: + // + // Setting this allows non-EDS cluster types to contain embedded EDS equivalent + // :ref:`endpoint assignments`. + // + endpoint.v3.ClusterLoadAssignment load_assignment = 33; + + // Optional :ref:`active health checking ` + // configuration for the cluster. If no + // configuration is specified no health checking will be done and all cluster + // members will be considered healthy at all times. + repeated core.v3.HealthCheck health_checks = 8; + + // Optional maximum requests for a single upstream connection. This parameter + // is respected by both the HTTP/1.1 and HTTP/2 connection pool + // implementations. If not specified, there is no limit. Setting this + // parameter to 1 will effectively disable keep alive. + // + // .. attention:: + // This field has been deprecated in favor of the :ref:`max_requests_per_connection ` field. + google.protobuf.UInt32Value max_requests_per_connection = 9 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Optional :ref:`circuit breaking ` for the cluster. + CircuitBreakers circuit_breakers = 10; + + // HTTP protocol options that are applied only to upstream HTTP connections. + // These options apply to all HTTP versions. + // This has been deprecated in favor of + // :ref:`upstream_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. + // upstream_http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See :ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Additional options when handling HTTP requests upstream. These options will be applicable to + // both HTTP1 and HTTP2 requests. + // This has been deprecated in favor of + // :ref:`common_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. + // common_http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See :ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.HttpProtocolOptions common_http_protocol_options = 29 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Additional options when handling HTTP1 requests. + // This has been deprecated in favor of http_protocol_options fields in the + // :ref:`http_protocol_options ` message. + // http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See :ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.Http1ProtocolOptions http_protocol_options = 13 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Even if default HTTP2 protocol options are desired, this field must be + // set so that Envoy will assume that the upstream supports HTTP/2 when + // making new HTTP connection pool connections. Currently, Envoy only + // supports prior knowledge for upstream connections. Even if TLS is used + // with ALPN, ``http2_protocol_options`` must be specified. As an aside this allows HTTP/2 + // connections to happen over plain text. + // This has been deprecated in favor of http2_protocol_options fields in the + // :ref:`http_protocol_options ` + // message. http2_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See :ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.Http2ProtocolOptions http2_protocol_options = 14 [ + deprecated = true, + (udpa.annotations.security).configure_for_untrusted_upstream = true, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // The extension_protocol_options field is used to provide extension-specific protocol options + // for upstream connections. The key should match the extension filter name, such as + // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on + // specific options. + // [#next-major-version: make this a list of typed extensions.] + map typed_extension_protocol_options = 36; + + // If the DNS refresh rate is specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this value is used as the cluster’s DNS refresh + // rate. The value configured must be at least 1ms. If this setting is not specified, the + // value defaults to 5000ms. For cluster types other than + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` + // this setting is ignored. + // This field is deprecated in favor of using the :ref:`cluster_type` + // extension point and configuring it with :ref:`DnsCluster`. + // If :ref:`cluster_type` is configured with + // :ref:`DnsCluster`, this field will be ignored. + google.protobuf.Duration dns_refresh_rate = 16 [ + deprecated = true, + (validate.rules).duration = {gt {nanos: 1000000}}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // DNS jitter can be optionally specified if the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`. + // DNS jitter causes the cluster to refresh DNS entries later by a random amount of time to avoid a + // stampede of DNS requests. This value sets the upper bound (exclusive) for the random amount. + // There will be no jitter if this value is omitted. For cluster types other than + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` + // this setting is ignored. + // This field is deprecated in favor of using the :ref:`cluster_type` + // extension point and configuring it with :ref:`DnsCluster`. + // If :ref:`cluster_type` is configured with + // :ref:`DnsCluster`, this field will be ignored. + google.protobuf.Duration dns_jitter = 58 [ + deprecated = true, + (validate.rules).duration = {gte {}}, + (envoy.annotations.deprecated_at_minor_version) = "3.0" + ]; + + // If the DNS failure refresh rate is specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this is used as the cluster’s DNS refresh rate when requests are failing. If this setting is + // not specified, the failure refresh rate defaults to the DNS refresh rate. For cluster types + // other than :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS` this setting is + // ignored. + // This field is deprecated in favor of using the :ref:`cluster_type` + // extension point and configuring it with :ref:`DnsCluster`. + // If :ref:`cluster_type` is configured with + // :ref:`DnsCluster`, this field will be ignored. + RefreshRate dns_failure_refresh_rate = 44 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true, + // cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS + // resolution. + // This field is deprecated in favor of using the :ref:`cluster_type` + // extension point and configuring it with :ref:`DnsCluster`. + // If :ref:`cluster_type` is configured with + // :ref:`DnsCluster`, this field will be ignored. + bool respect_dns_ttl = 39 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // The DNS IP address resolution policy. If this setting is not specified, the + // value defaults to + // :ref:`AUTO`. + // For logical and strict dns cluster, this field is deprecated in favor of using the + // :ref:`cluster_type` + // extension point and configuring it with :ref:`DnsCluster`. + // If :ref:`cluster_type` is configured with + // :ref:`DnsCluster`, this field will be ignored. + DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}]; + + // If DNS resolvers are specified and the cluster type is either + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // this value is used to specify the cluster’s dns resolvers. + // If this setting is not specified, the value defaults to the default + // resolver, which uses /etc/resolv.conf for configuration. For cluster types + // other than + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` + // this setting is ignored. + // This field is deprecated in favor of ``dns_resolution_config`` + // which aggregates all of the DNS resolver configuration in a single message. + repeated core.v3.Address dns_resolvers = 18 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Always use TCP queries instead of UDP queries for DNS lookups. + // This field is deprecated in favor of ``dns_resolution_config`` + // which aggregates all of the DNS resolver configuration in a single message. + bool use_tcp_for_dns_lookups = 45 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // DNS resolution configuration which includes the underlying dns resolver addresses and options. + // This field is deprecated in favor of + // :ref:`typed_dns_resolver_config `. + core.v3.DnsResolutionConfig dns_resolution_config = 53 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // DNS resolver type configuration extension. This extension can be used to configure c-ares, apple, + // or any other DNS resolver types and the related parameters. + // For example, an object of + // :ref:`CaresDnsResolverConfig ` + // can be packed into this ``typed_dns_resolver_config``. This configuration replaces the + // :ref:`dns_resolution_config ` + // configuration. + // During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists, + // when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``. + // When ``typed_dns_resolver_config`` is missing, the default behavior is in place. + // Also note that this field is deprecated for logical dns and strict dns clusters and will be ignored when + // :ref:`cluster_type` is configured with + // :ref:`DnsCluster`. + // [#extension-category: envoy.network.dns_resolver] + core.v3.TypedExtensionConfig typed_dns_resolver_config = 55; + + // Optional configuration for having cluster readiness block on warm-up. Currently, only applicable for + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, + // or :ref:`Redis Cluster`. + // If true, cluster readiness blocks on warm-up. If false, the cluster will complete + // initialization whether or not warm-up has completed. Defaults to true. + google.protobuf.BoolValue wait_for_warm_on_init = 54; + + // If specified, outlier detection will be enabled for this upstream cluster. + // Each of the configuration values can be overridden via + // :ref:`runtime values `. + OutlierDetection outlier_detection = 19; + + // The interval for removing stale hosts from a cluster type + // :ref:`ORIGINAL_DST`. + // Hosts are considered stale if they have not been used + // as upstream destinations during this interval. New hosts are added + // to original destination clusters on demand as new connections are + // redirected to Envoy, causing the number of hosts in the cluster to + // grow over time. Hosts that are not stale (they are actively used as + // destinations) are kept in the cluster, which allows connections to + // them remain open, saving the latency that would otherwise be spent + // on opening new connections. If this setting is not specified, the + // value defaults to 5000ms. For cluster types other than + // :ref:`ORIGINAL_DST` + // this setting is ignored. + google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}]; + + // Optional configuration used to bind newly established upstream connections. + // This overrides any bind_config specified in the bootstrap proto. + // If the address and port are empty, no bind will be performed. + core.v3.BindConfig upstream_bind_config = 21; + + // Configuration for load balancing subsetting. + LbSubsetConfig lb_subset_config = 22; + + // Optional configuration for the load balancing algorithm selected by + // LbPolicy. Currently only + // :ref:`RING_HASH`, + // :ref:`MAGLEV` and + // :ref:`LEAST_REQUEST` + // has additional configuration options. + // Specifying ring_hash_lb_config or maglev_lb_config or least_request_lb_config without setting the corresponding + // LbPolicy will generate an error at runtime. + oneof lb_config { + // Optional configuration for the Ring Hash load balancing policy. + RingHashLbConfig ring_hash_lb_config = 23; + + // Optional configuration for the Maglev load balancing policy. + MaglevLbConfig maglev_lb_config = 52; + + // Optional configuration for the Original Destination load balancing policy. + OriginalDstLbConfig original_dst_lb_config = 34; + + // Optional configuration for the LeastRequest load balancing policy. + LeastRequestLbConfig least_request_lb_config = 37; + + // Optional configuration for the RoundRobin load balancing policy. + RoundRobinLbConfig round_robin_lb_config = 56; + } + + // Common configuration for all load balancer implementations. + CommonLbConfig common_lb_config = 27; + + // Optional custom transport socket implementation to use for upstream connections. + // To setup TLS, set a transport socket with name ``envoy.transport_sockets.tls`` and + // :ref:`UpstreamTlsContexts ` in the ``typed_config``. + // If no transport socket configuration is specified, new connections + // will be set up with plaintext. + core.v3.TransportSocket transport_socket = 24; + + // The Metadata field can be used to provide additional information about the + // cluster. It can be used for stats, logging, and varying filter behavior. + // Fields should use reverse DNS notation to denote which entity within Envoy + // will need the information. For instance, if the metadata is intended for + // the Router filter, the filter name should be specified as ``envoy.filters.http.router``. + core.v3.Metadata metadata = 25; + + // Determines how Envoy selects the protocol used to speak to upstream hosts. + // This has been deprecated in favor of setting explicit protocol selection + // in the :ref:`http_protocol_options + // ` message. + // http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + ClusterProtocolSelection protocol_selection = 26 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Optional options for upstream connections. + UpstreamConnectionOptions upstream_connection_options = 30; + + // If an upstream host becomes unhealthy (as determined by the configured health checks + // or outlier detection), immediately close all connections to the failed host. + // + // .. note:: + // + // This is currently only supported for connections created by tcp_proxy. + // + // .. note:: + // + // The current implementation of this feature closes all connections immediately when + // the unhealthy status is detected. If there are a large number of connections open + // to an upstream host that becomes unhealthy, Envoy may spend a substantial amount of + // time exclusively closing these connections, and not processing any other traffic. + bool close_connections_on_host_health_failure = 31; + + // If set to true, Envoy will ignore the health value of a host when processing its removal + // from service discovery. This means that if active health checking is used, Envoy will *not* + // wait for the endpoint to go unhealthy before removing it. + bool ignore_health_on_host_removal = 32; + + // An (optional) network filter chain, listed in the order the filters should be applied. + // The chain will be applied to all outgoing connections that Envoy makes to the upstream + // servers of this cluster. + repeated Filter filters = 40; + + // If this field is set and is supported by the client, it will supersede the value of + // :ref:`lb_policy`. + LoadBalancingPolicy load_balancing_policy = 41; + + // [#not-implemented-hide:] + // If present, tells the client where to send load reports via LRS. If not present, the + // client will fall back to a client-side default, which may be either (a) don't send any + // load reports or (b) send load reports for all clusters to a single default server + // (which may be configured in the bootstrap file). + // + // Note that if multiple clusters point to the same LRS server, the client may choose to + // create a separate stream for each cluster or it may choose to coalesce the data for + // multiple clusters onto a single stream. Either way, the client must make sure to send + // the data for any given cluster on no more than one stream. + // + // [#next-major-version: In the v3 API, we should consider restructuring this somehow, + // maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation + // from the LRS stream here.] + core.v3.ConfigSource lrs_server = 42; + + // A list of metric names from :ref:`ORCA load reports ` to propagate to LRS. + // + // If not specified, then ORCA load reports will not be propagated to LRS. + // + // For map fields in the ORCA proto, the string will be of the form ``.``. + // For example, the string ``named_metrics.foo`` will mean to look for the key ``foo`` in the ORCA + // :ref:`named_metrics ` field. + // + // The special map key ``*`` means to report all entries in the map (e.g., ``named_metrics.*`` means to + // report all entries in the ORCA named_metrics field). Note that this should be used only with trusted + // backends. + // + // The metric names in LRS will follow the same semantics as this field. In other words, if this field + // contains ``named_metrics.foo``, then the LRS load report will include the data with that same string + // as the key. + repeated string lrs_report_endpoint_metrics = 57; + + // If track_timeout_budgets is true, the :ref:`timeout budget histograms + // ` will be published for each + // request. These show what percentage of a request's per try and global timeout was used. A value + // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value + // of 100 would indicate that the request took the entirety of the timeout given to it. + // + // .. attention:: + // + // This field has been deprecated in favor of ``timeout_budgets``, part of + // :ref:`track_cluster_stats `. + bool track_timeout_budgets = 47 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; + + // Optional customization and configuration of upstream connection pool, and upstream type. + // + // Currently this field only applies for HTTP traffic but is designed for eventual use for custom + // TCP upstreams. + // + // For HTTP traffic, Envoy will generally take downstream HTTP and send it upstream as upstream + // HTTP, using the http connection pool and the codec from ``http2_protocol_options`` + // + // For routes where CONNECT termination is configured, Envoy will take downstream CONNECT + // requests and forward the CONNECT payload upstream over raw TCP using the tcp connection pool. + // + // The default pool used is the generic connection pool which creates the HTTP upstream for most + // HTTP requests, and the TCP upstream if CONNECT termination is configured. + // + // If users desire custom connection pool or upstream behavior, for example terminating + // CONNECT only if a custom filter indicates it is appropriate, the custom factories + // can be registered and configured here. + // [#extension-category: envoy.upstreams] + core.v3.TypedExtensionConfig upstream_config = 48; + + // Configuration to track optional cluster stats. + TrackClusterStats track_cluster_stats = 49; + + // Preconnect configuration for this cluster. + PreconnectPolicy preconnect_policy = 50; + + // If ``connection_pool_per_downstream_connection`` is true, the cluster will use a separate + // connection pool for every downstream connection + bool connection_pool_per_downstream_connection = 51; +} + +// Extensible load balancing policy configuration. +// +// Every LB policy defined via this mechanism will be identified via a unique name using reverse +// DNS notation. If the policy needs configuration parameters, it must define a message for its +// own configuration, which will be stored in the config field. The name of the policy will tell +// clients which type of message they should expect to see in the config field. +// +// Note that there are cases where it is useful to be able to independently select LB policies +// for choosing a locality and for choosing an endpoint within that locality. For example, a +// given deployment may always use the same policy to choose the locality, but for choosing the +// endpoint within the locality, some clusters may use weighted-round-robin, while others may +// use some sort of session-based balancing. +// +// This can be accomplished via hierarchical LB policies, where the parent LB policy creates a +// child LB policy for each locality. For each request, the parent chooses the locality and then +// delegates to the child policy for that locality to choose the endpoint within the locality. +// +// To facilitate this, the config message for the top-level LB policy may include a field of +// type LoadBalancingPolicy that specifies the child policy. +message LoadBalancingPolicy { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.LoadBalancingPolicy"; + + message Policy { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.LoadBalancingPolicy.Policy"; + + reserved 2, 1, 3; + + reserved "config", "name", "typed_config"; + + // [#extension-category: envoy.load_balancing_policies] + core.v3.TypedExtensionConfig typed_extension_config = 4; + } + + // Each client will iterate over the list in order and stop at the first policy that it + // supports. This provides a mechanism for starting to use new LB policies that are not yet + // supported by all clients. + repeated Policy policies = 1; +} + +message UpstreamConnectionOptions { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.UpstreamConnectionOptions"; + + enum FirstAddressFamilyVersion { + // respect the native ranking of destination ip addresses returned from dns + // resolution + DEFAULT = 0; + + V4 = 1; + + V6 = 2; + } + + message HappyEyeballsConfig { + // Specify the IP address family to attempt connection first in happy + // eyeballs algorithm according to RFC8305#section-4. + FirstAddressFamilyVersion first_address_family_version = 1; + + // Specify the number of addresses of the first_address_family_version being + // attempted for connection before the other address family. + google.protobuf.UInt32Value first_address_family_count = 2 [(validate.rules).uint32 = {gte: 1}]; + } + + // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. + core.v3.TcpKeepalive tcp_keepalive = 1; + + // If enabled, associates the interface name of the local address with the upstream connection. + // This can be used by extensions during processing of requests. The association mechanism is + // implementation specific. Defaults to false due to performance concerns. + bool set_local_interface_name_on_upstream_connections = 2; + + // Configurations for happy eyeballs algorithm. + // Add configs for first_address_family_version and first_address_family_count + // when sorting destination ip addresses. + HappyEyeballsConfig happy_eyeballs_config = 3; +} + +message TrackClusterStats { + // If timeout_budgets is true, the :ref:`timeout budget histograms + // ` will be published for each + // request. These show what percentage of a request's per try and global timeout was used. A value + // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value + // of 100 would indicate that the request took the entirety of the timeout given to it. + bool timeout_budgets = 1; + + // If request_response_sizes is true, then the :ref:`histograms + // ` tracking header and body sizes + // of requests and responses will be published. + bool request_response_sizes = 2; + + // If true, some stats will be emitted per-endpoint, similar to the stats in admin ``/clusters`` + // output. + // + // This does not currently output correct stats during a hot-restart. + // + // This is not currently implemented by all stat sinks. + // + // These stats do not honor filtering or tag extraction rules in :ref:`StatsConfig + // ` (but fixed-value tags are supported). Admin + // endpoint filtering is supported. + // + // This may not be used at the same time as + // :ref:`load_stats_config `. + bool per_endpoint_stats = 3; +} diff --git a/modules/sync/envoyproxy/envoy/cas/f0425c1657f5d21bc766ab56612144f466c193c9557a7ef43170b054b8f5f5f04b14d5fae4ec23a2503b68c22c2d7f30d4ab965aecb8472508901d4f277f717b b/modules/sync/envoyproxy/envoy/cas/f0425c1657f5d21bc766ab56612144f466c193c9557a7ef43170b054b8f5f5f04b14d5fae4ec23a2503b68c22c2d7f30d4ab965aecb8472508901d4f277f717b new file mode 100644 index 00000000..eb3b1e6a --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/f0425c1657f5d21bc766ab56612144f466c193c9557a7ef43170b054b8f5f5f04b14d5fae4ec23a2503b68c22c2d7f30d4ab965aecb8472508901d4f277f717b @@ -0,0 +1,46 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.dynamic_modules.v3; + +import "envoy/extensions/dynamic_modules/v3/dynamic_modules.proto"; + +import "xds/annotations/v3/status.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamic_modules.v3"; +option java_outer_classname = "DynamicModulesProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/dynamic_modules/v3;dynamic_modulesv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (xds.annotations.v3.file_status).work_in_progress = true; + +// [#protodoc-title: HTTP filter for dynamic modules] + +// Configuration of the HTTP filter for dynamic modules. This filter allows loading shared object files +// that can be loaded via dlopen by the HTTP filter. +// +// A module can be loaded by multiple HTTP filters, hence the program can be structured in a way that +// the module is loaded only once and shared across multiple filters providing multiple functionalities. +// +// Currently, the implementation is work in progress and not usable. +message DynamicModuleFilter { + // Specifies the shared-object level configuration. + envoy.extensions.dynamic_modules.v3.DynamicModuleConfig dynamic_module_config = 1; + + // The name for this filter configuration. This can be used to distinguish between different filter implementations + // inside a dynamic module. For example, a module can have completely different filter implementations. + // When Envoy receives this configuration, it passes the filter_name to the dynamic module's HTTP filter config init function + // together with the filter_config. + // That way a module can decide which in-module filter implementation to use based on the name at load time. + string filter_name = 2; + + // The configuration for the filter chosen by filter_name. This is passed to the module's HTTP filter initialization function. + // Together with the filter_name, the module can decide which in-module filter implementation to use and + // fine-tune the behavior of the filter. + // + // For example, if a module has two filter implementations, one for logging and one for header manipulation, + // filter_name is used to choose either logging or header manipulation. The filter_config can be used to + // configure the logging level or the header manipulation behavior. + string filter_config = 3; +} diff --git a/modules/sync/envoyproxy/envoy/cas/f1334a390dbbb3b9711cb629b4e99b90ee363a428192cfb2de8206c7cf0d69e852796baa9e3fa00fb9f40e419ee2ca6c6a8815223b9ce27f28c49a72ea39828e b/modules/sync/envoyproxy/envoy/cas/f1334a390dbbb3b9711cb629b4e99b90ee363a428192cfb2de8206c7cf0d69e852796baa9e3fa00fb9f40e419ee2ca6c6a8815223b9ce27f28c49a72ea39828e new file mode 100644 index 00000000..ca951db8 --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/f1334a390dbbb3b9711cb629b4e99b90ee363a428192cfb2de8206c7cf0d69e852796baa9e3fa00fb9f40e419ee2ca6c6a8815223b9ce27f28c49a72ea39828e @@ -0,0 +1,48 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.header_mutation.v3; + +import "envoy/config/common/mutation_rules/v3/mutation_rules.proto"; +import "envoy/config/core/v3/base.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.header_mutation.v3"; +option java_outer_classname = "HeaderMutationProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_mutation/v3;header_mutationv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Header mutation filter configuration] +// [#extension: envoy.filters.http.header_mutation] + +message Mutations { + // The request mutations are applied before the request is forwarded to the upstream cluster. + repeated config.common.mutation_rules.v3.HeaderMutation request_mutations = 1; + + // The ``path`` header query parameter mutations are applied after ``request_mutations`` and before the request + // is forwarded to the next filter in the filter chain. + repeated config.core.v3.KeyValueMutation query_parameter_mutations = 3; + + // The response mutations are applied before the response is sent to the downstream client. + repeated config.common.mutation_rules.v3.HeaderMutation response_mutations = 2; +} + +// Per route configuration for the header mutation filter. +message HeaderMutationPerRoute { + Mutations mutations = 1; +} + +// Configuration for the header mutation filter. The mutation rules in the filter configuration will +// always be applied first and then the per-route mutation rules, if both are specified. +message HeaderMutation { + Mutations mutations = 1; + + // If per route HeaderMutationPerRoute config is configured at multiple route levels, header mutations + // at all specified levels are evaluated. By default, the order is from most specific (i.e. route entry level) + // to least specific (i.e. route configuration level). Later header mutations may override earlier mutations. + // + // This order can be reversed by setting this field to true. In other words, most specific level mutation + // is evaluated last. + bool most_specific_header_mutations_wins = 2; +} diff --git a/modules/sync/envoyproxy/envoy/cas/f7680ea8269c00d0a1c18ee2f3af1e75f8dd2c000c5e8b943910b9d94929ab55ee5d987f52e72a9de04314d7b1067f32b720b754a90f86de61696b264851498e b/modules/sync/envoyproxy/envoy/cas/f7680ea8269c00d0a1c18ee2f3af1e75f8dd2c000c5e8b943910b9d94929ab55ee5d987f52e72a9de04314d7b1067f32b720b754a90f86de61696b264851498e new file mode 100644 index 00000000..541fa8cf --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/f7680ea8269c00d0a1c18ee2f3af1e75f8dd2c000c5e8b943910b9d94929ab55ee5d987f52e72a9de04314d7b1067f32b720b754a90f86de61696b264851498e @@ -0,0 +1,24 @@ +syntax = "proto3"; + +package envoy.extensions.quic.connection_debug_visitor.quic_stats.v3; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.quic.connection_debug_visitor.quic_stats.v3"; +option java_outer_classname = "QuicStatsProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/quic/connection_debug_visitor/quic_stats/v3;quic_statsv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: QUIC stats config] +// [#extension: envoy.quic.connection_debug_visitor.quic_stats] + +// Configuration for a QUIC debug visitor which emits stats from the underlying QUIC transport. +message Config { + // Period to update stats while the connection is open. If unset, updates only happen when the + // connection is closed. Stats are always updated one final time when the connection is closed. + google.protobuf.Duration update_period = 2 [(validate.rules).duration = {gte {nanos: 1000000}}]; +} diff --git a/modules/sync/envoyproxy/envoy/cas/f88d1d71037a70c72f39863a5a9ec8d65ded375d725b7e416d36ec233adcd670e010a8b024c755835c16899a8e4c1d00ee24eacc7bc51c778296d6c5fff1fc8a b/modules/sync/envoyproxy/envoy/cas/f88d1d71037a70c72f39863a5a9ec8d65ded375d725b7e416d36ec233adcd670e010a8b024c755835c16899a8e4c1d00ee24eacc7bc51c778296d6c5fff1fc8a new file mode 100644 index 00000000..ec07961c --- /dev/null +++ b/modules/sync/envoyproxy/envoy/cas/f88d1d71037a70c72f39863a5a9ec8d65ded375d725b7e416d36ec233adcd670e010a8b024c755835c16899a8e4c1d00ee24eacc7bc51c778296d6c5fff1fc8a @@ -0,0 +1,82 @@ +syntax = "proto3"; + +package envoy.config.cluster.redis; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.cluster.redis"; +option java_outer_classname = "RedisClusterProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/cluster/redis"; +option (udpa.annotations.file_status).package_version_status = FROZEN; + +// [#protodoc-title: Redis Cluster Configuration] +// This cluster adds support for `Redis Cluster `_, as part +// of :ref:`Envoy's support for Redis Cluster `. +// +// Redis Cluster is an extension of Redis which supports sharding and high availability (where a +// shard that loses its primary fails over to a replica, and designates it as the new primary). +// However, as there is no unified frontend or proxy service in front of Redis Cluster, the client +// (in this case Envoy) must locally maintain the state of the Redis Cluster, specifically the +// topology. A random node in the cluster is queried for the topology using the `CLUSTER SLOTS +// command `_. This result is then stored locally, and +// updated at user-configured intervals. +// +// Additionally, if +// :ref:`enable_redirection` +// is true, then moved and ask redirection errors from upstream servers will trigger a topology +// refresh when they exceed a user-configured error threshold. +// +// Example: +// +// .. code-block:: yaml +// +// name: name +// connect_timeout: 0.25s +// dns_lookup_family: V4_ONLY +// hosts: +// - socket_address: +// address: foo.bar.com +// port_value: 22120 +// cluster_type: +// name: envoy.clusters.redis +// typed_config: +// "@type": type.googleapis.com/google.protobuf.Struct +// value: +// cluster_refresh_rate: 30s +// cluster_refresh_timeout: 0.5s +// redirect_refresh_interval: 10s +// redirect_refresh_threshold: 10 +// [#extension: envoy.clusters.redis] + +// [#next-free-field: 7] +message RedisClusterConfig { + // Interval between successive topology refresh requests. If not set, this defaults to 5s. + google.protobuf.Duration cluster_refresh_rate = 1 [(validate.rules).duration = {gt {}}]; + + // Timeout for topology refresh request. If not set, this defaults to 3s. + google.protobuf.Duration cluster_refresh_timeout = 2 [(validate.rules).duration = {gt {}}]; + + // The minimum interval that must pass after triggering a topology refresh request before a new + // request can possibly be triggered again. Any errors received during one of these + // time intervals are ignored. If not set, this defaults to 5s. + google.protobuf.Duration redirect_refresh_interval = 3; + + // The number of redirection errors that must be received before + // triggering a topology refresh request. If not set, this defaults to 5. + // If this is set to 0, topology refresh after redirect is disabled. + google.protobuf.UInt32Value redirect_refresh_threshold = 4; + + // The number of failures that must be received before triggering a topology refresh request. + // If not set, this defaults to 0, which disables the topology refresh due to failure. + uint32 failure_refresh_threshold = 5; + + // The number of hosts became degraded or unhealthy before triggering a topology refresh request. + // If not set, this defaults to 0, which disables the topology refresh due to degraded or + // unhealthy host. + uint32 host_degraded_refresh_threshold = 6; +} diff --git a/modules/sync/envoyproxy/envoy/state.json b/modules/sync/envoyproxy/envoy/state.json index 029b38b9..2c2c38fa 100644 --- a/modules/sync/envoyproxy/envoy/state.json +++ b/modules/sync/envoyproxy/envoy/state.json @@ -27,6 +27,10 @@ { "name": "v1.32.3", "digest": "a85ebaf16e7fbb65c6c15e0b6f2ca8790e82d27d8952114ebb8c531ca3d8ca48ccef60fc6c13dd6788a3eaa47e03fd1d1aa23e0f7211380db969f1b5b48975cb" + }, + { + "name": "v1.33.0", + "digest": "0f6f4339ea181ae26dd8156629ac3d40d49740ff4ba2cea29a7c393755902df2a8a5ab4140e97f28c86ca25c08b73d4610bd00d049e6fa2ed176191570b209f1" } ] } \ No newline at end of file diff --git a/modules/sync/envoyproxy/ratelimit/state.json b/modules/sync/envoyproxy/ratelimit/state.json index 3079cd01..c0dc7701 100644 --- a/modules/sync/envoyproxy/ratelimit/state.json +++ b/modules/sync/envoyproxy/ratelimit/state.json @@ -183,6 +183,10 @@ { "name": "fccc16521cbceba814ebeecfbaa9031c5f261627", "digest": "e5d46e06ebe64630de4d45a6de4ef6dab86d2a9feae086455fbfb6288d8e20bdc649cce7d22de18d156a062d0bcf4bba03463c16b434541c59942a89dababc39" + }, + { + "name": "60d8e81b58990265d00429f71997866d5e64c52d", + "digest": "e5d46e06ebe64630de4d45a6de4ef6dab86d2a9feae086455fbfb6288d8e20bdc649cce7d22de18d156a062d0bcf4bba03463c16b434541c59942a89dababc39" } ] } \ No newline at end of file diff --git a/modules/sync/googleapis/googleapis/state.json b/modules/sync/googleapis/googleapis/state.json index 5d75f4c2..acc2ef12 100644 --- a/modules/sync/googleapis/googleapis/state.json +++ b/modules/sync/googleapis/googleapis/state.json @@ -15623,6 +15623,18 @@ { "name": "79d2e1371246e5d5453e0a4394c7b503413bdeea", "digest": "93dbe51c27606999eef918360df509485a4d272e79aaed6d0016940379a9b06d316fc5228b7b50cca94bb310f34c5fc5955ce7474f655f0d0a224c4121dda3c1" + }, + { + "name": "34d78f08e32be18b731c5065b67758ff8a0e8db7", + "digest": "93dbe51c27606999eef918360df509485a4d272e79aaed6d0016940379a9b06d316fc5228b7b50cca94bb310f34c5fc5955ce7474f655f0d0a224c4121dda3c1" + }, + { + "name": "fc2697ec5327db9073b4e0aa140248f19b15d7ef", + "digest": "93dbe51c27606999eef918360df509485a4d272e79aaed6d0016940379a9b06d316fc5228b7b50cca94bb310f34c5fc5955ce7474f655f0d0a224c4121dda3c1" + }, + { + "name": "8a75da84d67d7dc194ff81fbf8f48a2b07eee595", + "digest": "93dbe51c27606999eef918360df509485a4d272e79aaed6d0016940379a9b06d316fc5228b7b50cca94bb310f34c5fc5955ce7474f655f0d0a224c4121dda3c1" } ] } \ No newline at end of file diff --git a/modules/sync/state.json b/modules/sync/state.json index 29a97bee..246e2a22 100644 --- a/modules/sync/state.json +++ b/modules/sync/state.json @@ -22,7 +22,7 @@ }, { "module_name": "envoyproxy/envoy", - "latest_reference": "v1.32.3" + "latest_reference": "v1.33.0" }, { "module_name": "envoyproxy/protoc-gen-validate", @@ -30,7 +30,7 @@ }, { "module_name": "envoyproxy/ratelimit", - "latest_reference": "fccc16521cbceba814ebeecfbaa9031c5f261627" + "latest_reference": "60d8e81b58990265d00429f71997866d5e64c52d" }, { "module_name": "gogo/protobuf", @@ -42,7 +42,7 @@ }, { "module_name": "googleapis/googleapis", - "latest_reference": "79d2e1371246e5d5453e0a4394c7b503413bdeea" + "latest_reference": "8a75da84d67d7dc194ff81fbf8f48a2b07eee595" }, { "module_name": "googlechrome/lighthouse",