config: v2 transport API fatal-by-default. (#14223)

This is a followup to #13950 in which the transport API is also fatal-by-default. Risk level: High (this will break anyone who is still using v2 and has not enabled CLI or runtime override) Testing: Various tests updated as described above. New unit test added for bootstrap to server_test and to ads_integration_test for dynamic rejection behavior. api_version_integration_test continues to provide the definitive cross-version transport API integration test. Release Notes: Same as #13950. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 9093131e2a01d368566741943e112fa629c96725
4 years ago · 5ae6eda3ee
parent d6828354ba
commit 5ae6eda3ee
15 changed files with 435 additions and 11 deletions
--- a/envoy/api/v2/core/config_source.proto
+++ b/envoy/api/v2/core/config_source.proto
@ -26,10 +26,10 @@ enum ApiVersion {
  // When not specified, we assume v2, to ease migration to Envoy's stable API
  // versioning. If a client does not support v2 (e.g. due to deprecation), this
  // is an invalid value.
-  AUTO = 0;
+  AUTO = 0 [deprecated = true];
  // Use xDS v2 API.
-  V2 = 1;
+  V2 = 1 [deprecated = true];
  // Use xDS v3 API.
  V3 = 2;
--- a/envoy/config/accesslog/v4alpha/accesslog.proto
+++ b/envoy/config/accesslog/v4alpha/accesslog.proto
@ -47,9 +47,9 @@ message AccessLog {
  // #. "envoy.access_loggers.file": :ref:`FileAccessLog
  //    <envoy_api_msg_extensions.access_loggers.file.v4alpha.FileAccessLog>`
  // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig
-  //    <envoy_api_msg_extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig>`
+  //    <envoy_api_msg_extensions.access_loggers.grpc.v4alpha.HttpGrpcAccessLogConfig>`
  // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig
-  //    <envoy_api_msg_extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig>`
+  //    <envoy_api_msg_extensions.access_loggers.grpc.v4alpha.TcpGrpcAccessLogConfig>`
  oneof config_type {
    google.protobuf.Any typed_config = 4;
  }
--- a/envoy/config/core/v3/config_source.proto
+++ b/envoy/config/core/v3/config_source.proto
@ -27,10 +27,10 @@ enum ApiVersion {
  // When not specified, we assume v2, to ease migration to Envoy's stable API
  // versioning. If a client does not support v2 (e.g. due to deprecation), this
  // is an invalid value.
-  AUTO = 0;
+  AUTO = 0 [deprecated = true];
  // Use xDS v2 API.
-  V2 = 1;
+  V2 = 1 [deprecated = true];
  // Use xDS v3 API.
  V3 = 2;
--- a/envoy/config/core/v4alpha/config_source.proto
+++ b/envoy/config/core/v4alpha/config_source.proto
@ -24,13 +24,14 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO
 // xDS API and non-xDS services version. This is used to describe both resource and transport
 // protocol versions (in distinct configuration fields).
 enum ApiVersion {
  reserved 1;
  reserved "V2";
  // When not specified, we assume v2, to ease migration to Envoy's stable API
  // versioning. If a client does not support v2 (e.g. due to deprecation), this
  // is an invalid value.
-  AUTO = 0;
+  DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 [deprecated = true];
  // Use xDS v2 API.
  V2 = 1;
  // Use xDS v3 API.
  V3 = 2;
--- a/envoy/config/ratelimit/v4alpha/BUILD
+++ b/envoy/config/ratelimit/v4alpha/BUILD
@ -0,0 +1,13 @@
 # DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
 load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 api_proto_package(
    deps = [
        "//envoy/config/core/v4alpha:pkg",
        "//envoy/config/ratelimit/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
 )
--- a/envoy/config/ratelimit/v4alpha/rls.proto
+++ b/envoy/config/ratelimit/v4alpha/rls.proto
@ -0,0 +1,34 @@
 syntax = "proto3";
 package envoy.config.ratelimit.v4alpha;
 import "envoy/config/core/v4alpha/config_source.proto";
 import "envoy/config/core/v4alpha/grpc_service.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
 option java_package = "io.envoyproxy.envoy.config.ratelimit.v4alpha";
 option java_outer_classname = "RlsProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
 // [#protodoc-title: Rate limit service]
 // Rate limit :ref:`configuration overview <config_rate_limit_service>`.
 message RateLimitServiceConfig {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.ratelimit.v3.RateLimitServiceConfig";
  reserved 1, 3;
  // Specifies the gRPC service that hosts the rate limit service. The client
  // will connect to this cluster when it needs to make rate limit service
  // requests.
  core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}];
  // API version for rate limit transport protocol. This describes the rate limit gRPC endpoint and
  // version of messages used on the wire.
  core.v4alpha.ApiVersion transport_api_version = 4 [(validate.rules).enum = {defined_only: true}];
 }
--- a/envoy/extensions/access_loggers/grpc/v4alpha/BUILD
+++ b/envoy/extensions/access_loggers/grpc/v4alpha/BUILD
@ -0,0 +1,13 @@
 # DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
 load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 api_proto_package(
    deps = [
        "//envoy/config/core/v4alpha:pkg",
        "//envoy/extensions/access_loggers/grpc/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
 )
--- a/envoy/extensions/access_loggers/grpc/v4alpha/als.proto
+++ b/envoy/extensions/access_loggers/grpc/v4alpha/als.proto
@ -0,0 +1,89 @@
 syntax = "proto3";
 package envoy.extensions.access_loggers.grpc.v4alpha;
 import "envoy/config/core/v4alpha/config_source.proto";
 import "envoy/config/core/v4alpha/grpc_service.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
 option java_package = "io.envoyproxy.envoy.extensions.access_loggers.grpc.v4alpha";
 option java_outer_classname = "AlsProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
 // [#protodoc-title: gRPC Access Log Service (ALS)]
 // Configuration for the built-in *envoy.access_loggers.http_grpc*
 // :ref:`AccessLog <envoy_api_msg_config.accesslog.v4alpha.AccessLog>`. This configuration will
 // populate :ref:`StreamAccessLogsMessage.http_logs
 // <envoy_api_field_service.accesslog.v4alpha.StreamAccessLogsMessage.http_logs>`.
 // [#extension: envoy.access_loggers.http_grpc]
 message HttpGrpcAccessLogConfig {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig";
  CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}];
  // Additional request headers to log in :ref:`HTTPRequestProperties.request_headers
  // <envoy_api_field_data.accesslog.v3.HTTPRequestProperties.request_headers>`.
  repeated string additional_request_headers_to_log = 2;
  // Additional response headers to log in :ref:`HTTPResponseProperties.response_headers
  // <envoy_api_field_data.accesslog.v3.HTTPResponseProperties.response_headers>`.
  repeated string additional_response_headers_to_log = 3;
  // Additional response trailers to log in :ref:`HTTPResponseProperties.response_trailers
  // <envoy_api_field_data.accesslog.v3.HTTPResponseProperties.response_trailers>`.
  repeated string additional_response_trailers_to_log = 4;
 }
 // Configuration for the built-in *envoy.access_loggers.tcp_grpc* type. This configuration will
 // populate *StreamAccessLogsMessage.tcp_logs*.
 // [#extension: envoy.access_loggers.tcp_grpc]
 message TcpGrpcAccessLogConfig {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig";
  CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message = {required: true}];
 }
 // Common configuration for gRPC access logs.
 // [#next-free-field: 7]
 message CommonGrpcAccessLogConfig {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.access_loggers.grpc.v3.CommonGrpcAccessLogConfig";
  // The friendly name of the access log to be returned in :ref:`StreamAccessLogsMessage.Identifier
  // <envoy_api_msg_service.accesslog.v4alpha.StreamAccessLogsMessage.Identifier>`. This allows the
  // access log server to differentiate between different access logs coming from the same Envoy.
  string log_name = 1 [(validate.rules).string = {min_len: 1}];
  // The gRPC service for the access log service.
  config.core.v4alpha.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}];
  // API version for access logs service transport protocol. This describes the access logs service
  // gRPC endpoint and version of messages used on the wire.
  config.core.v4alpha.ApiVersion transport_api_version = 6
      [(validate.rules).enum = {defined_only: true}];
  // Interval for flushing access logs to the gRPC stream. Logger will flush requests every time
  // this interval is elapsed, or when batch size limit is hit, whichever comes first. Defaults to
  // 1 second.
  google.protobuf.Duration buffer_flush_interval = 3 [(validate.rules).duration = {gt {}}];
  // Soft size limit in bytes for access log entries buffer. Logger will buffer requests until
  // this limit it hit, or every time flush interval is elapsed, whichever comes first. Setting it
  // to zero effectively disables the batching. Defaults to 16384.
  google.protobuf.UInt32Value buffer_size_bytes = 4;
  // Additional filter state objects to log in :ref:`filter_state_objects
  // <envoy_api_field_data.accesslog.v3.AccessLogCommon.filter_state_objects>`.
  // Logger will call `FilterState::Object::serializeAsProto` to serialize the filter state object.
  repeated string filter_state_objects_to_log = 5;
 }
--- a/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD
+++ b/envoy/extensions/filters/http/ratelimit/v4alpha/BUILD
@ -0,0 +1,13 @@
 # DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
 load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 api_proto_package(
    deps = [
        "//envoy/config/ratelimit/v4alpha:pkg",
        "//envoy/extensions/filters/http/ratelimit/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
 )
--- a/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto
+++ b/envoy/extensions/filters/http/ratelimit/v4alpha/rate_limit.proto
@ -0,0 +1,125 @@
 syntax = "proto3";
 package envoy.extensions.filters.http.ratelimit.v4alpha;
 import "envoy/config/ratelimit/v4alpha/rls.proto";
 import "google/protobuf/duration.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
 option java_package = "io.envoyproxy.envoy.extensions.filters.http.ratelimit.v4alpha";
 option java_outer_classname = "RateLimitProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_http_filters_rate_limit>`.
 // [#extension: envoy.filters.http.ratelimit]
 // [#next-free-field: 10]
 message RateLimit {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.filters.http.ratelimit.v3.RateLimit";
  // Defines the version of the standard to use for X-RateLimit headers.
  enum XRateLimitHeadersRFCVersion {
    // X-RateLimit headers disabled.
    OFF = 0;
    // Use `draft RFC Version 03 <https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html>`_.
    DRAFT_VERSION_03 = 1;
  }
  // The rate limit domain to use when calling the rate limit service.
  string domain = 1 [(validate.rules).string = {min_len: 1}];
  // Specifies the rate limit configurations to be applied with the same
  // stage number. If not set, the default stage number is 0.
  //
  // .. note::
  //
  //  The filter supports a range of 0 - 10 inclusively for stage numbers.
  uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}];
  // The type of requests the filter should apply to. The supported
  // types are *internal*, *external* or *both*. A request is considered internal if
  // :ref:`x-envoy-internal<config_http_conn_man_headers_x-envoy-internal>` is set to true. If
  // :ref:`x-envoy-internal<config_http_conn_man_headers_x-envoy-internal>` is not set or false, a
  // request is considered external. The filter defaults to *both*, and it will apply to all request
  // types.
  string request_type = 3
      [(validate.rules).string = {in: "internal" in: "external" in: "both" in: ""}];
  // The timeout in milliseconds for the rate limit service RPC. If not
  // set, this defaults to 20ms.
  google.protobuf.Duration timeout = 4;
  // The filter's behaviour in case the rate limiting service does
  // not respond back. When it is set to true, Envoy will not allow traffic in case of
  // communication failure between rate limiting service and the proxy.
  bool failure_mode_deny = 5;
  // Specifies whether a `RESOURCE_EXHAUSTED` gRPC code must be returned instead
  // of the default `UNAVAILABLE` gRPC code for a rate limited gRPC call. The
  // HTTP code will be 200 for a gRPC response.
  bool rate_limited_as_resource_exhausted = 6;
  // Configuration for an external rate limit service provider. If not
  // specified, any calls to the rate limit service will immediately return
  // success.
  config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 7
      [(validate.rules).message = {required: true}];
  // Defines the standard version to use for X-RateLimit headers emitted by the filter:
  //
  // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the
  //   client in the current time-window followed by the description of the
  //   quota policy. The values are returned by the rate limiting service in
  //   :ref:`current_limit<envoy_v3_api_field_service.ratelimit.v3.RateLimitResponse.DescriptorStatus.current_limit>`
  //   field. Example: `10, 10;w=1;name="per-ip", 1000;w=3600`.
  // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the
  //   current time-window. The values are returned by the rate limiting service
  //   in :ref:`limit_remaining<envoy_v3_api_field_service.ratelimit.v3.RateLimitResponse.DescriptorStatus.limit_remaining>`
  //   field.
  // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of
  //   the current time-window. The values are returned by the rate limiting service
  //   in :ref:`duration_until_reset<envoy_v3_api_field_service.ratelimit.v3.RateLimitResponse.DescriptorStatus.duration_until_reset>`
  //   field.
  //
  // In case rate limiting policy specifies more then one time window, the values
  // above represent the window that is closest to reaching its limit.
  //
  // For more information about the headers specification see selected version of
  // the `draft RFC <https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html>`_.
  //
  // Disabled by default.
  XRateLimitHeadersRFCVersion enable_x_ratelimit_headers = 8
      [(validate.rules).enum = {defined_only: true}];
  // Disables emitting the :ref:`x-envoy-ratelimited<config_http_filters_router_x-envoy-ratelimited>` header
  // in case of rate limiting (i.e. 429 responses).
  // Having this header not present potentially makes the request retriable.
  bool disable_x_envoy_ratelimited_header = 9;
 }
 message RateLimitPerRoute {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute";
  enum VhRateLimitsOptions {
    // Use the virtual host rate limits unless the route has a rate limit policy.
    OVERRIDE = 0;
    // Use the virtual host rate limits even if the route has a rate limit policy.
    INCLUDE = 1;
    // Ignore the virtual host rate limits even if the route does not have a rate limit policy.
    IGNORE = 2;
  }
  // Specifies if the rate limit filter should include the virtual host rate limits.
  VhRateLimitsOptions vh_rate_limits = 1 [(validate.rules).enum = {defined_only: true}];
 }
--- a/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD
+++ b/envoy/extensions/filters/network/ratelimit/v4alpha/BUILD
@ -0,0 +1,14 @@
 # DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
 load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 api_proto_package(
    deps = [
        "//envoy/config/ratelimit/v4alpha:pkg",
        "//envoy/extensions/common/ratelimit/v3:pkg",
        "//envoy/extensions/filters/network/ratelimit/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
 )
--- a/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto
+++ b/envoy/extensions/filters/network/ratelimit/v4alpha/rate_limit.proto
@ -0,0 +1,53 @@
 syntax = "proto3";
 package envoy.extensions.filters.network.ratelimit.v4alpha;
 import "envoy/config/ratelimit/v4alpha/rls.proto";
 import "envoy/extensions/common/ratelimit/v3/ratelimit.proto";
 import "google/protobuf/duration.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
 option java_package = "io.envoyproxy.envoy.extensions.filters.network.ratelimit.v4alpha";
 option java_outer_classname = "RateLimitProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_network_filters_rate_limit>`.
 // [#extension: envoy.filters.network.ratelimit]
 // [#next-free-field: 7]
 message RateLimit {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.filters.network.ratelimit.v3.RateLimit";
  // The prefix to use when emitting :ref:`statistics <config_network_filters_rate_limit_stats>`.
  string stat_prefix = 1 [(validate.rules).string = {min_len: 1}];
  // The rate limit domain to use in the rate limit service request.
  string domain = 2 [(validate.rules).string = {min_len: 1}];
  // The rate limit descriptor list to use in the rate limit service request.
  repeated common.ratelimit.v3.RateLimitDescriptor descriptors = 3
      [(validate.rules).repeated = {min_items: 1}];
  // The timeout in milliseconds for the rate limit service RPC. If not
  // set, this defaults to 20ms.
  google.protobuf.Duration timeout = 4;
  // The filter's behaviour in case the rate limiting service does
  // not respond back. When it is set to true, Envoy will not allow traffic in case of
  // communication failure between rate limiting service and the proxy.
  // Defaults to false.
  bool failure_mode_deny = 5;
  // Configuration for an external rate limit service provider. If not
  // specified, any calls to the rate limit service will immediately return
  // success.
  config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 6
      [(validate.rules).message = {required: true}];
 }
--- a/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD
+++ b/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/BUILD
@ -0,0 +1,13 @@
 # DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
 load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 api_proto_package(
    deps = [
        "//envoy/config/ratelimit/v4alpha:pkg",
        "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3:pkg",
        "@com_github_cncf_udpa//udpa/annotations:pkg",
    ],
 )
--- a/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto
+++ b/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v4alpha/rate_limit.proto
@ -0,0 +1,56 @@
 syntax = "proto3";
 package envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha;
 import "envoy/config/ratelimit/v4alpha/rls.proto";
 import "google/protobuf/duration.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
 option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v4alpha";
 option java_outer_classname = "RateLimitProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_thrift_filters_rate_limit>`.
 // [#extension: envoy.filters.thrift.ratelimit]
 // [#next-free-field: 6]
 message RateLimit {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3.RateLimit";
  // The rate limit domain to use in the rate limit service request.
  string domain = 1 [(validate.rules).string = {min_len: 1}];
  // Specifies the rate limit configuration stage. Each configured rate limit filter performs a
  // rate limit check using descriptors configured in the
  // :ref:`envoy_api_msg_extensions.filters.network.thrift_proxy.v4alpha.RouteAction` for the request.
  // Only those entries with a matching stage number are used for a given filter. If not set, the
  // default stage number is 0.
  //
  // .. note::
  //
  //  The filter supports a range of 0 - 10 inclusively for stage numbers.
  uint32 stage = 2 [(validate.rules).uint32 = {lte: 10}];
  // The timeout in milliseconds for the rate limit service RPC. If not
  // set, this defaults to 20ms.
  google.protobuf.Duration timeout = 3;
  // The filter's behaviour in case the rate limiting service does
  // not respond back. When it is set to true, Envoy will not allow traffic in case of
  // communication failure between rate limiting service and the proxy.
  // Defaults to false.
  bool failure_mode_deny = 4;
  // Configuration for an external rate limit service provider. If not
  // specified, any calls to the rate limit service will immediately return
  // success.
  config.ratelimit.v4alpha.RateLimitServiceConfig rate_limit_service = 5
      [(validate.rules).message = {required: true}];
 }
--- a/envoy/service/accesslog/v4alpha/als.proto
+++ b/envoy/service/accesslog/v4alpha/als.proto
@ -49,7 +49,7 @@ message StreamAccessLogsMessage {
    config.core.v4alpha.Node node = 1 [(validate.rules).message = {required: true}];
    // The friendly name of the log configured in :ref:`CommonGrpcAccessLogConfig
-    // <envoy_api_msg_extensions.access_loggers.grpc.v3.CommonGrpcAccessLogConfig>`.
+    // <envoy_api_msg_extensions.access_loggers.grpc.v4alpha.CommonGrpcAccessLogConfig>`.
    string log_name = 2 [(validate.rules).string = {min_len: 1}];
  }