|
|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
|
|
package envoy.api.v2.ratelimit;
|
|
|
|
|
|
|
|
|
|
import "udpa/annotations/migrate.proto";
|
|
|
|
|
import "validate/validate.proto";
|
|
|
|
|
|
|
|
|
|
option java_package = "io.envoyproxy.envoy.api.v2.ratelimit";
|
|
|
|
|
option java_outer_classname = "RatelimitProto";
|
|
|
|
|
option java_multiple_files = true;
|
|
|
|
|
option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.common.ratelimit.v3";
|
|
|
|
|
|
|
|
|
|
// [#protodoc-title: Common rate limit components]
|
|
|
|
|
|
|
|
|
|
// A RateLimitDescriptor is a list of hierarchical entries that are used by the service to
|
|
|
|
|
// determine the final rate limit key and overall allowed limit. Here are some examples of how
|
|
|
|
|
// they might be used for the domain "envoy".
|
|
|
|
|
//
|
|
|
|
|
// .. code-block:: cpp
|
|
|
|
|
//
|
|
|
|
|
// ["authenticated": "false"], ["remote_address": "10.0.0.1"]
|
|
|
|
|
//
|
|
|
|
|
// What it does: Limits all unauthenticated traffic for the IP address 10.0.0.1. The
|
|
|
|
|
// configuration supplies a default limit for the *remote_address* key. If there is a desire to
|
|
|
|
|
// raise the limit for 10.0.0.1 or block it entirely it can be specified directly in the
|
|
|
|
|
// configuration.
|
|
|
|
|
//
|
|
|
|
|
// .. code-block:: cpp
|
|
|
|
|
//
|
|
|
|
|
// ["authenticated": "false"], ["path": "/foo/bar"]
|
|
|
|
|
//
|
|
|
|
|
// What it does: Limits all unauthenticated traffic globally for a specific path (or prefix if
|
|
|
|
|
// configured that way in the service).
|
|
|
|
|
//
|
|
|
|
|
// .. code-block:: cpp
|
|
|
|
|
//
|
|
|
|
|
// ["authenticated": "false"], ["path": "/foo/bar"], ["remote_address": "10.0.0.1"]
|
|
|
|
|
//
|
|
|
|
|
// What it does: Limits unauthenticated traffic to a specific path for a specific IP address.
|
|
|
|
|
// Like (1) we can raise/block specific IP addresses if we want with an override configuration.
|
|
|
|
|
//
|
|
|
|
|
// .. code-block:: cpp
|
|
|
|
|
//
|
|
|
|
|
// ["authenticated": "true"], ["client_id": "foo"]
|
|
|
|
|
//
|
|
|
|
|
// What it does: Limits all traffic for an authenticated client "foo"
|
|
|
|
|
//
|
|
|
|
|
// .. code-block:: cpp
|
|
|
|
|
//
|
|
|
|
|
// ["authenticated": "true"], ["client_id": "foo"], ["path": "/foo/bar"]
|
|
|
|
|
//
|
|
|
|
|
// What it does: Limits traffic to a specific path for an authenticated client "foo"
|
|
|
|
|
//
|
|
|
|
|
// The idea behind the API is that (1)/(2)/(3) and (4)/(5) can be sent in 1 request if desired.
|
|
|
|
|
// This enables building complex application scenarios with a generic backend.
|
|
|
|
|
message RateLimitDescriptor {
|
|
|
|
|
message Entry {
|
|
|
|
|
// Descriptor key.
|
api: protoxform tool and API reformat. (#8309)
This patch introduces a new tool, protoxform, that will be the basis of
the v2 -> v3 migration tooling. It operates as a Python protoc plugin,
within the same framework as protodoc, and provides the ability to
operate on protoc AST input and generate proto output.
As a first step, the tool is applied reflexively on v2, and functions as
a formatting tool. In later patches, this will be added to
check_format/fix_format scripts and CI.
Part of #8082.
Risk level: medium (it's possible that some inadvertent wire changes
occur, if they do, this patch should be rolled back).
Testing: manual inspection of diff, bazel test //test/..., some
grep/diff scripts to ensure we haven't lost any comments.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
|
|
|
string key = 1 [(validate.rules).string = {min_bytes: 1}];
|
|
|
|
|
|
|
|
|
|
// Descriptor value.
|
api: protoxform tool and API reformat. (#8309)
This patch introduces a new tool, protoxform, that will be the basis of
the v2 -> v3 migration tooling. It operates as a Python protoc plugin,
within the same framework as protodoc, and provides the ability to
operate on protoc AST input and generate proto output.
As a first step, the tool is applied reflexively on v2, and functions as
a formatting tool. In later patches, this will be added to
check_format/fix_format scripts and CI.
Part of #8082.
Risk level: medium (it's possible that some inadvertent wire changes
occur, if they do, this patch should be rolled back).
Testing: manual inspection of diff, bazel test //test/..., some
grep/diff scripts to ensure we haven't lost any comments.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
|
|
|
string value = 2 [(validate.rules).string = {min_bytes: 1}];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Descriptor entries.
|
api: protoxform tool and API reformat. (#8309)
This patch introduces a new tool, protoxform, that will be the basis of
the v2 -> v3 migration tooling. It operates as a Python protoc plugin,
within the same framework as protodoc, and provides the ability to
operate on protoc AST input and generate proto output.
As a first step, the tool is applied reflexively on v2, and functions as
a formatting tool. In later patches, this will be added to
check_format/fix_format scripts and CI.
Part of #8082.
Risk level: medium (it's possible that some inadvertent wire changes
occur, if they do, this patch should be rolled back).
Testing: manual inspection of diff, bazel test //test/..., some
grep/diff scripts to ensure we haven't lost any comments.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
|
|
|
repeated Entry entries = 1 [(validate.rules).repeated = {min_items: 1}];
|
|
|
|
|
}
|
