[READ ONLY MIRROR] Envoy REST/proto API definitions and documentation. (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

113 lines
5.5 KiB

syntax = "proto3";
package envoy.config.route.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/config_source.proto";
import "envoy/config/route/v3/route_components.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.route.v3";
option java_outer_classname = "RouteProto";
option java_multiple_files = true;
// [#protodoc-title: HTTP route configuration]
// * Routing :ref:`architecture overview <arch_overview_http_routing>`
// * HTTP :ref:`router filter <config_http_filters_router>`
// [#next-free-field: 11]
message RouteConfiguration {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.RouteConfiguration";
// The name of the route configuration. For example, it might match
// :ref:`route_config_name
5 years ago
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.Rds.route_config_name>` in
// :ref:`envoy_api_msg_extensions.filters.network.http_connection_manager.v3.Rds`.
string name = 1;
// An array of virtual hosts that make up the route table.
repeated VirtualHost virtual_hosts = 2;
// An array of virtual hosts will be dynamically loaded via the VHDS API.
// Both *virtual_hosts* and *vhds* fields will be used when present. *virtual_hosts* can be used
// for a base routing table or for infrequently changing virtual hosts. *vhds* is used for
// on-demand discovery of virtual hosts. The contents of these two fields will be merged to
// generate a routing table for a given RouteConfiguration, with *vhds* derived configuration
// taking precedence.
Vhds vhds = 9;
// Optionally specifies a list of HTTP headers that the connection manager
// will consider to be internal only. If they are found on external requests they will be cleaned
// prior to filter invocation. See :ref:`config_http_conn_man_headers_x-envoy-internal` for more
// information.
[api] [fuzz] fix many header related config fuzz bugs (#10093) This change includes validations on header names and values that appear in config fields. This prevents setting header keys/values with invalid characters in config fields, which pops up as ASSERT failures when converting to HeaderString values. For reference, the well_known_regex for the header names and values do the following: - HTTP_HEADER_NAME: whitelists alphanums and the whitelisted tokens (`!#$%&'*+-.^_|~``) in https://tools.ietf.org/html/rfc7230#section-3.2 - HTTP_HEADER_VALUE: blacklists control characters except SPC and TAB. Purposely meant to be permissive, and blacklist problems like nulls Changes in `base.proto` * Invalid headers to match (from [`HeaderValue`](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/core/base.proto#L234) proto) - `clusterfuzz-testcase-minimized-route_fuzz_test-5635252339343360` Changes in `route_components.proto`: * [domains](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L75) with invalid control characters in `VirtualHost` config - `clusterfuzz-testcase-minimized-route_fuzz_test-5699465522970624` * Invalid [header_name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L604) in hash policy - `clusterfuzz-testcase-minimized-route_fuzz_test-5634743613259776` * Invalid control characters in [upgrade_type](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L698) header - `clusterfuzz-testcase-minimized-route_fuzz_test-5750746072481792` * `RateLimit` message has a [header_name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L1273) field - `clusterfuzz-testcase-minimized-route_fuzz_test-5206842068697088` * Invalid [response_headers_to_add](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L113) in - `clusterfuzz-testcase-minimized-route_fuzz_test-4592245302362112` * The [cluster_header](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L723) change came up in a fuzz bug, but after that was fixed, the code ran in to another deeper issue to be fixed. * The [name](https://github.com/envoyproxy/envoy/blob/bbdc33e53723dc02b6d51bb0f329c5b369adfe03/api/envoy/config/route/v3/route_components.proto#L1381) in `HeaderMatcher` message - `clusterfuzz-testcase-minimized-route_fuzz_test-5635252339343360` Changes in `custom_tag.proto` * `CustomTag` has a [name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/type/tracing/v3/custom_tag.proto#L51) - `clusterfuzz-testcase-minimized-route_fuzz_test-5661762636742656` Changes in fuzz tests: * `conn_manager_impl_fuzz_test` that fails on invalid characters in an authority header. this is not a config related change, just handled by replaced the invalid character in the fuzz test. - `clusterfuzz-testcase-minimized-conn_manager_impl_fuzz_test-5714279517126656` * `route_fuzz_test` was cleaned up now that a lot of the processing was moved to config. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19923 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16143 (most of) Signed-off-by: Asra Ali <asraa@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 855b2a359a7133fd559ddbd757be4c0963cd8a73
5 years ago
repeated string internal_only_headers = 3
[(validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME}}}];
// Specifies a list of HTTP headers that should be added to each response that
// the connection manager encodes. Headers specified at this level are applied
5 years ago
// after headers from any enclosed :ref:`envoy_api_msg_config.route.v3.VirtualHost` or
// :ref:`envoy_api_msg_config.route.v3.RouteAction`. For more information, including details on
// header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.v3.HeaderValueOption response_headers_to_add = 4
[(validate.rules).repeated = {max_items: 1000}];
// Specifies a list of HTTP headers that should be removed from each response
// that the connection manager encodes.
[api] [fuzz] fix many header related config fuzz bugs (#10093) This change includes validations on header names and values that appear in config fields. This prevents setting header keys/values with invalid characters in config fields, which pops up as ASSERT failures when converting to HeaderString values. For reference, the well_known_regex for the header names and values do the following: - HTTP_HEADER_NAME: whitelists alphanums and the whitelisted tokens (`!#$%&'*+-.^_|~``) in https://tools.ietf.org/html/rfc7230#section-3.2 - HTTP_HEADER_VALUE: blacklists control characters except SPC and TAB. Purposely meant to be permissive, and blacklist problems like nulls Changes in `base.proto` * Invalid headers to match (from [`HeaderValue`](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/core/base.proto#L234) proto) - `clusterfuzz-testcase-minimized-route_fuzz_test-5635252339343360` Changes in `route_components.proto`: * [domains](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L75) with invalid control characters in `VirtualHost` config - `clusterfuzz-testcase-minimized-route_fuzz_test-5699465522970624` * Invalid [header_name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L604) in hash policy - `clusterfuzz-testcase-minimized-route_fuzz_test-5634743613259776` * Invalid control characters in [upgrade_type](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L698) header - `clusterfuzz-testcase-minimized-route_fuzz_test-5750746072481792` * `RateLimit` message has a [header_name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L1273) field - `clusterfuzz-testcase-minimized-route_fuzz_test-5206842068697088` * Invalid [response_headers_to_add](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L113) in - `clusterfuzz-testcase-minimized-route_fuzz_test-4592245302362112` * The [cluster_header](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L723) change came up in a fuzz bug, but after that was fixed, the code ran in to another deeper issue to be fixed. * The [name](https://github.com/envoyproxy/envoy/blob/bbdc33e53723dc02b6d51bb0f329c5b369adfe03/api/envoy/config/route/v3/route_components.proto#L1381) in `HeaderMatcher` message - `clusterfuzz-testcase-minimized-route_fuzz_test-5635252339343360` Changes in `custom_tag.proto` * `CustomTag` has a [name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/type/tracing/v3/custom_tag.proto#L51) - `clusterfuzz-testcase-minimized-route_fuzz_test-5661762636742656` Changes in fuzz tests: * `conn_manager_impl_fuzz_test` that fails on invalid characters in an authority header. this is not a config related change, just handled by replaced the invalid character in the fuzz test. - `clusterfuzz-testcase-minimized-conn_manager_impl_fuzz_test-5714279517126656` * `route_fuzz_test` was cleaned up now that a lot of the processing was moved to config. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19923 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16143 (most of) Signed-off-by: Asra Ali <asraa@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 855b2a359a7133fd559ddbd757be4c0963cd8a73
5 years ago
repeated string response_headers_to_remove = 5
[(validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME}}}];
// Specifies a list of HTTP headers that should be added to each request
// routed by the HTTP connection manager. Headers specified at this level are
5 years ago
// applied after headers from any enclosed :ref:`envoy_api_msg_config.route.v3.VirtualHost` or
// :ref:`envoy_api_msg_config.route.v3.RouteAction`. For more information, including details on
// header value syntax, see the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated core.v3.HeaderValueOption request_headers_to_add = 6
[(validate.rules).repeated = {max_items: 1000}];
// Specifies a list of HTTP headers that should be removed from each request
// routed by the HTTP connection manager.
[api] [fuzz] fix many header related config fuzz bugs (#10093) This change includes validations on header names and values that appear in config fields. This prevents setting header keys/values with invalid characters in config fields, which pops up as ASSERT failures when converting to HeaderString values. For reference, the well_known_regex for the header names and values do the following: - HTTP_HEADER_NAME: whitelists alphanums and the whitelisted tokens (`!#$%&'*+-.^_|~``) in https://tools.ietf.org/html/rfc7230#section-3.2 - HTTP_HEADER_VALUE: blacklists control characters except SPC and TAB. Purposely meant to be permissive, and blacklist problems like nulls Changes in `base.proto` * Invalid headers to match (from [`HeaderValue`](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/core/base.proto#L234) proto) - `clusterfuzz-testcase-minimized-route_fuzz_test-5635252339343360` Changes in `route_components.proto`: * [domains](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L75) with invalid control characters in `VirtualHost` config - `clusterfuzz-testcase-minimized-route_fuzz_test-5699465522970624` * Invalid [header_name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L604) in hash policy - `clusterfuzz-testcase-minimized-route_fuzz_test-5634743613259776` * Invalid control characters in [upgrade_type](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L698) header - `clusterfuzz-testcase-minimized-route_fuzz_test-5750746072481792` * `RateLimit` message has a [header_name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L1273) field - `clusterfuzz-testcase-minimized-route_fuzz_test-5206842068697088` * Invalid [response_headers_to_add](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L113) in - `clusterfuzz-testcase-minimized-route_fuzz_test-4592245302362112` * The [cluster_header](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/api/v2/route/route_components.proto#L723) change came up in a fuzz bug, but after that was fixed, the code ran in to another deeper issue to be fixed. * The [name](https://github.com/envoyproxy/envoy/blob/bbdc33e53723dc02b6d51bb0f329c5b369adfe03/api/envoy/config/route/v3/route_components.proto#L1381) in `HeaderMatcher` message - `clusterfuzz-testcase-minimized-route_fuzz_test-5635252339343360` Changes in `custom_tag.proto` * `CustomTag` has a [name](https://github.com/asraa/envoy/blob/88d35569818cb3a1236cce5d79299c4986ffdc77/api/envoy/type/tracing/v3/custom_tag.proto#L51) - `clusterfuzz-testcase-minimized-route_fuzz_test-5661762636742656` Changes in fuzz tests: * `conn_manager_impl_fuzz_test` that fails on invalid characters in an authority header. this is not a config related change, just handled by replaced the invalid character in the fuzz test. - `clusterfuzz-testcase-minimized-conn_manager_impl_fuzz_test-5714279517126656` * `route_fuzz_test` was cleaned up now that a lot of the processing was moved to config. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19923 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16143 (most of) Signed-off-by: Asra Ali <asraa@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 855b2a359a7133fd559ddbd757be4c0963cd8a73
5 years ago
repeated string request_headers_to_remove = 8
[(validate.rules).repeated = {items {string {well_known_regex: HTTP_HEADER_NAME}}}];
// By default, headers that should be added/removed are evaluated from most to least specific:
//
// * route level
// * virtual host level
// * connection manager level
//
// To allow setting overrides at the route or virtual host level, this order can be reversed
// by setting this option to true. Defaults to false.
//
// [#next-major-version: In the v3 API, this will default to true.]
bool most_specific_header_mutations_wins = 10;
// An optional boolean that specifies whether the clusters that the route
// table refers to will be validated by the cluster manager. If set to true
// and a route refers to a non-existent cluster, the route table will not
// load. If set to false and a route refers to a non-existent cluster, the
// route table will load and the router filter will return a 404 if the route
// is selected at runtime. This setting defaults to true if the route table
// is statically defined via the :ref:`route_config
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.route_config>`
// option. This setting default to false if the route table is loaded dynamically via the
// :ref:`rds
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.rds>`
// option. Users may wish to override the default behavior in certain cases (for example when
// using CDS with a static route table).
google.protobuf.BoolValue validate_clusters = 7;
}
message Vhds {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Vhds";
// Configuration source specifier for VHDS.
core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}];
}