xds: implement extension config discovery for HCM (#11826)

Signed-off-by: Kuat Yessenov <kuat@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ e8216a8cf79c54e3e0a77ab729ebf27f4e79eb1b

BUILD

@@ -245,6 +245,7 @@ proto_library(
         "//envoy/service/discovery/v3:pkg",
         "//envoy/service/endpoint/v3:pkg",
         "//envoy/service/event_reporting/v3:pkg",
+        "//envoy/service/extension/v3:pkg",
         "//envoy/service/health/v3:pkg",
         "//envoy/service/listener/v3:pkg",
         "//envoy/service/load_stats/v3:pkg",

envoy/config/accesslog/v3/accesslog.proto

@@ -242,6 +242,7 @@ message ResponseFlagFilter {
         in: "DPE"
         in: "UMSDR"
         in: "RFCF"
+        in: "NFCF"
       }
     }
   }];

envoy/config/accesslog/v4alpha/accesslog.proto

@@ -241,6 +241,7 @@ message ResponseFlagFilter {
         in: "DPE"
         in: "UMSDR"
         in: "RFCF"
+        in: "NFCF"
       }
     }
   }];

envoy/config/core/v3/extension.proto

@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.config.core.v3;
 
+import "envoy/config/core/v3/config_source.proto";
+
 import "google/protobuf/any.proto";
 
 import "udpa/annotations/status.proto";
@@ -28,3 +30,32 @@ message TypedExtensionConfig {
   // <config_overview_extension_configuration>` for further details.
   google.protobuf.Any typed_config = 2 [(validate.rules).any = {required: true}];
 }
+
+// Configuration source specifier for a late-bound extension configuration. The
+// parent resource is warmed until all the initial extension configurations are
+// received, unless the flag to apply the default configuration is set.
+// Subsequent extension updates are atomic on a per-worker basis. Once an
+// extension configuration is applied to a request or a connection, it remains
+// constant for the duration of processing. If the initial delivery of the
+// extension configuration fails, due to a timeout for example, the optional
+// default configuration is applied. Without a default configuration, the
+// extension is disabled, until an extension configuration is received. The
+// behavior of a disabled extension depends on the context. For example, a
+// filter chain with a disabled extension filter rejects all incoming streams.
+message ExtensionConfigSource {
+  ConfigSource config_source = 1 [(validate.rules).any = {required: true}];
+
+  // Optional default configuration to use as the initial configuration if
+  // there is a failure to receive the initial extension configuration or if
+  // `apply_default_config_without_warming` flag is set.
+  google.protobuf.Any default_config = 2;
+
+  // Use the default config as the initial configuration without warming and
+  // waiting for the first discovery response. Requires the default configuration
+  // to be supplied.
+  bool apply_default_config_without_warming = 3;
+
+  // A set of permitted extension type URLs. Extension configuration updates are rejected
+  // if they do not match any type URL in the set.
+  repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}];
+}

envoy/config/core/v4alpha/extension.proto

@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.config.core.v4alpha;
 
+import "envoy/config/core/v4alpha/config_source.proto";
+
 import "google/protobuf/any.proto";
 
 import "udpa/annotations/status.proto";
@@ -32,3 +34,35 @@ message TypedExtensionConfig {
   // <config_overview_extension_configuration>` for further details.
   google.protobuf.Any typed_config = 2 [(validate.rules).any = {required: true}];
 }
+
+// Configuration source specifier for a late-bound extension configuration. The
+// parent resource is warmed until all the initial extension configurations are
+// received, unless the flag to apply the default configuration is set.
+// Subsequent extension updates are atomic on a per-worker basis. Once an
+// extension configuration is applied to a request or a connection, it remains
+// constant for the duration of processing. If the initial delivery of the
+// extension configuration fails, due to a timeout for example, the optional
+// default configuration is applied. Without a default configuration, the
+// extension is disabled, until an extension configuration is received. The
+// behavior of a disabled extension depends on the context. For example, a
+// filter chain with a disabled extension filter rejects all incoming streams.
+message ExtensionConfigSource {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.core.v3.ExtensionConfigSource";
+
+  ConfigSource config_source = 1 [(validate.rules).any = {required: true}];
+
+  // Optional default configuration to use as the initial configuration if
+  // there is a failure to receive the initial extension configuration or if
+  // `apply_default_config_without_warming` flag is set.
+  google.protobuf.Any default_config = 2;
+
+  // Use the default config as the initial configuration without warming and
+  // waiting for the first discovery response. Requires the default configuration
+  // to be supplied.
+  bool apply_default_config_without_warming = 3;
+
+  // A set of permitted extension type URLs. Extension configuration updates are rejected
+  // if they do not match any type URL in the set.
+  repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}];
+}

envoy/data/accesslog/v3/accesslog.proto

@@ -186,7 +186,7 @@ message AccessLogCommon {
 }
 
 // Flags indicating occurrences during request/response processing.
-// [#next-free-field: 22]
+// [#next-free-field: 23]
 message ResponseFlags {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.data.accesslog.v2.ResponseFlags";
@@ -269,6 +269,9 @@ message ResponseFlags {
 
   // Indicates the response was served from a cache filter.
   bool response_from_cache_filter = 21;
+
+  // Indicates that a filter configuration is not available.
+  bool no_filter_config_found = 22;
 }
 
 // Properties of a negotiated TLS connection.

envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto

@@ -5,6 +5,7 @@ package envoy.extensions.filters.network.http_connection_manager.v3;
 import "envoy/config/accesslog/v3/accesslog.proto";
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/config_source.proto";
+import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/protocol.proto";
 import "envoy/config/core/v3/substitution_format_string.proto";
 import "envoy/config/route/v3/route.proto";
@@ -797,38 +798,13 @@ message HttpFilter {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.http_connection_manager.v2.HttpFilter";
 
-  // [#not-implemented-hide:] Configuration source specifier for the late-bound
-  // filter configuration. The HTTP Listener is warmed until all the initial
-  // filter configurations are received, unless the flag to apply the default
-  // configuration is set. Subsequent filter updates are atomic on a per-worker
-  // basis, and apply to new streams while the active streams continue using
-  // the older filter configurations. If the initial delivery of the filter
-  // configuration fails, due to a timeout for example, the optional default
-  // configuration is applied. Without a default configuration, the filter is
-  // disabled, and the HTTP listener responds with 500 immediately. After the
-  // failure, the listener continues subscribing to the subsequent filter
-  // configurations.
-  message HttpFilterConfigSource {
-    config.core.v3.ConfigSource config_source = 1;
-
-    // Optional default configuration to use as the initial configuration if
-    // there is a failure to receive the initial filter configuration or if
-    // `apply_default_config_without_warming` flag is set.
-    google.protobuf.Any default_config = 2;
-
-    // Use the default config as the initial configuration without warming and
-    // waiting for the first xDS response. Requires the default configuration
-    // to be supplied.
-    bool apply_default_config_without_warming = 3;
-  }
-
   reserved 3, 2;
 
   reserved "config";
 
   // The name of the filter configuration. The name is used as a fallback to
   // select an extension if the type of the configuration proto is not
-  // sufficient. It also serves as a resource name in FilterConfigDS.
+  // sufficient. It also serves as a resource name in ExtensionConfigDS.
   string name = 1 [(validate.rules).string = {min_bytes: 1}];
 
   // Filter specific configuration which depends on the filter being instantiated. See the supported
@@ -836,8 +812,10 @@ message HttpFilter {
   oneof config_type {
     google.protobuf.Any typed_config = 4;
 
-    // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS.
-    HttpFilterConfigSource filter_config_ds = 5;
+    // Configuration source specifier for an extension configuration discovery service.
+    // In case of a failure and without the default configuration, the HTTP listener responds with 500.
+    // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061).
+    config.core.v3.ExtensionConfigSource config_discovery = 5;
   }
 }
 

envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto

@@ -5,6 +5,7 @@ package envoy.extensions.filters.network.http_connection_manager.v4alpha;
 import "envoy/config/accesslog/v4alpha/accesslog.proto";
 import "envoy/config/core/v4alpha/base.proto";
 import "envoy/config/core/v4alpha/config_source.proto";
+import "envoy/config/core/v4alpha/extension.proto";
 import "envoy/config/core/v4alpha/protocol.proto";
 import "envoy/config/core/v4alpha/substitution_format_string.proto";
 import "envoy/config/route/v4alpha/route.proto";
@@ -803,42 +804,13 @@ message HttpFilter {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter";
 
-  // [#not-implemented-hide:] Configuration source specifier for the late-bound
-  // filter configuration. The HTTP Listener is warmed until all the initial
-  // filter configurations are received, unless the flag to apply the default
-  // configuration is set. Subsequent filter updates are atomic on a per-worker
-  // basis, and apply to new streams while the active streams continue using
-  // the older filter configurations. If the initial delivery of the filter
-  // configuration fails, due to a timeout for example, the optional default
-  // configuration is applied. Without a default configuration, the filter is
-  // disabled, and the HTTP listener responds with 500 immediately. After the
-  // failure, the listener continues subscribing to the subsequent filter
-  // configurations.
-  message HttpFilterConfigSource {
-    option (udpa.annotations.versioning).previous_message_type =
-        "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter."
-        "HttpFilterConfigSource";
-
-    config.core.v4alpha.ConfigSource config_source = 1;
-
-    // Optional default configuration to use as the initial configuration if
-    // there is a failure to receive the initial filter configuration or if
-    // `apply_default_config_without_warming` flag is set.
-    google.protobuf.Any default_config = 2;
-
-    // Use the default config as the initial configuration without warming and
-    // waiting for the first xDS response. Requires the default configuration
-    // to be supplied.
-    bool apply_default_config_without_warming = 3;
-  }
-
   reserved 3, 2;
 
   reserved "config";
 
   // The name of the filter configuration. The name is used as a fallback to
   // select an extension if the type of the configuration proto is not
-  // sufficient. It also serves as a resource name in FilterConfigDS.
+  // sufficient. It also serves as a resource name in ExtensionConfigDS.
   string name = 1 [(validate.rules).string = {min_bytes: 1}];
 
   // Filter specific configuration which depends on the filter being instantiated. See the supported
@@ -846,8 +818,10 @@ message HttpFilter {
   oneof config_type {
     google.protobuf.Any typed_config = 4;
 
-    // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS.
-    HttpFilterConfigSource filter_config_ds = 5;
+    // Configuration source specifier for an extension configuration discovery service.
+    // In case of a failure and without the default configuration, the HTTP listener responds with 500.
+    // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061).
+    config.core.v4alpha.ExtensionConfigSource config_discovery = 5;
   }
 }
 

envoy/service/extension/v3/config_discovery.proto

@@ -1,6 +1,6 @@
 syntax = "proto3";
 
-package envoy.service.filter.v3;
+package envoy.service.extension.v3;
 
 import "envoy/service/discovery/v3/discovery.proto";
 
@@ -10,28 +10,29 @@ import "envoy/annotations/resource.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 
-option java_package = "io.envoyproxy.envoy.service.filter.v3";
-option java_outer_classname = "FilterConfigDiscoveryProto";
+option java_package = "io.envoyproxy.envoy.service.extension.v3";
+option java_outer_classname = "ConfigDiscoveryProto";
 option java_multiple_files = true;
 option java_generic_services = true;
 option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
-// [#protodoc-title: FilterConfigDS]
+// [#protodoc-title: ExtensionConfigDS]
 
-// Return filter configurations.
-service FilterConfigDiscoveryService {
+// Return extension configurations.
+service ExtensionConfigDiscoveryService {
   option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig";
 
-  rpc StreamFilterConfigs(stream discovery.v3.DiscoveryRequest)
+  rpc StreamExtensionConfigs(stream discovery.v3.DiscoveryRequest)
       returns (stream discovery.v3.DiscoveryResponse) {
   }
 
-  rpc DeltaFilterConfigs(stream discovery.v3.DeltaDiscoveryRequest)
+  rpc DeltaExtensionConfigs(stream discovery.v3.DeltaDiscoveryRequest)
       returns (stream discovery.v3.DeltaDiscoveryResponse) {
   }
 
-  rpc FetchFilterConfigs(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) {
-    option (google.api.http).post = "/v3/discovery:filter_configs";
+  rpc FetchExtensionConfigs(discovery.v3.DiscoveryRequest)
+      returns (discovery.v3.DiscoveryResponse) {
+    option (google.api.http).post = "/v3/discovery:extension_configs";
     option (google.api.http).body = "*";
   }
 }

versioning/BUILD

@@ -128,7 +128,7 @@ proto_library(
         "//envoy/service/discovery/v3:pkg",
         "//envoy/service/endpoint/v3:pkg",
         "//envoy/service/event_reporting/v3:pkg",
-        "//envoy/service/filter/v3:pkg",
+        "//envoy/service/extension/v3:pkg",
         "//envoy/service/health/v3:pkg",
         "//envoy/service/listener/v3:pkg",
         "//envoy/service/load_stats/v3:pkg",