From 7017abb12d27ab3a124b05c485fd33d277d77693 Mon Sep 17 00:00:00 2001 From: "data-plane-api(CircleCI)" Date: Thu, 23 Jul 2020 22:00:29 +0000 Subject: [PATCH] xds: implement extension config discovery for HCM (#11826) Signed-off-by: Kuat Yessenov Mirrored from https://github.com/envoyproxy/envoy @ e8216a8cf79c54e3e0a77ab729ebf27f4e79eb1b --- BUILD | 1 + envoy/config/accesslog/v3/accesslog.proto | 1 + .../config/accesslog/v4alpha/accesslog.proto | 1 + envoy/config/core/v3/extension.proto | 31 +++++++++++++++ envoy/config/core/v4alpha/extension.proto | 34 +++++++++++++++++ envoy/data/accesslog/v3/accesslog.proto | 5 ++- .../v3/http_connection_manager.proto | 34 +++-------------- .../v4alpha/http_connection_manager.proto | 38 +++---------------- envoy/service/{filter => extension}/v3/BUILD | 0 .../v3/config_discovery.proto} | 21 +++++----- versioning/BUILD | 2 +- 11 files changed, 96 insertions(+), 72 deletions(-) rename envoy/service/{filter => extension}/v3/BUILD (100%) rename envoy/service/{filter/v3/filter_config_discovery.proto => extension/v3/config_discovery.proto} (52%) diff --git a/BUILD b/BUILD index 9d4f802d..50835fb0 100644 --- a/BUILD +++ b/BUILD @@ -245,6 +245,7 @@ proto_library( "//envoy/service/discovery/v3:pkg", "//envoy/service/endpoint/v3:pkg", "//envoy/service/event_reporting/v3:pkg", + "//envoy/service/extension/v3:pkg", "//envoy/service/health/v3:pkg", "//envoy/service/listener/v3:pkg", "//envoy/service/load_stats/v3:pkg", diff --git a/envoy/config/accesslog/v3/accesslog.proto b/envoy/config/accesslog/v3/accesslog.proto index 9a2f276b..e1b5a2e5 100644 --- a/envoy/config/accesslog/v3/accesslog.proto +++ b/envoy/config/accesslog/v3/accesslog.proto @@ -242,6 +242,7 @@ message ResponseFlagFilter { in: "DPE" in: "UMSDR" in: "RFCF" + in: "NFCF" } } }]; diff --git a/envoy/config/accesslog/v4alpha/accesslog.proto b/envoy/config/accesslog/v4alpha/accesslog.proto index 939d4df9..35f494ea 100644 --- a/envoy/config/accesslog/v4alpha/accesslog.proto +++ b/envoy/config/accesslog/v4alpha/accesslog.proto @@ -241,6 +241,7 @@ message ResponseFlagFilter { in: "DPE" in: "UMSDR" in: "RFCF" + in: "NFCF" } } }]; diff --git a/envoy/config/core/v3/extension.proto b/envoy/config/core/v3/extension.proto index 63639876..ba66da6a 100644 --- a/envoy/config/core/v3/extension.proto +++ b/envoy/config/core/v3/extension.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.config.core.v3; +import "envoy/config/core/v3/config_source.proto"; + import "google/protobuf/any.proto"; import "udpa/annotations/status.proto"; @@ -28,3 +30,32 @@ message TypedExtensionConfig { // ` for further details. google.protobuf.Any typed_config = 2 [(validate.rules).any = {required: true}]; } + +// Configuration source specifier for a late-bound extension configuration. The +// parent resource is warmed until all the initial extension configurations are +// received, unless the flag to apply the default configuration is set. +// Subsequent extension updates are atomic on a per-worker basis. Once an +// extension configuration is applied to a request or a connection, it remains +// constant for the duration of processing. If the initial delivery of the +// extension configuration fails, due to a timeout for example, the optional +// default configuration is applied. Without a default configuration, the +// extension is disabled, until an extension configuration is received. The +// behavior of a disabled extension depends on the context. For example, a +// filter chain with a disabled extension filter rejects all incoming streams. +message ExtensionConfigSource { + ConfigSource config_source = 1 [(validate.rules).any = {required: true}]; + + // Optional default configuration to use as the initial configuration if + // there is a failure to receive the initial extension configuration or if + // `apply_default_config_without_warming` flag is set. + google.protobuf.Any default_config = 2; + + // Use the default config as the initial configuration without warming and + // waiting for the first discovery response. Requires the default configuration + // to be supplied. + bool apply_default_config_without_warming = 3; + + // A set of permitted extension type URLs. Extension configuration updates are rejected + // if they do not match any type URL in the set. + repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}]; +} diff --git a/envoy/config/core/v4alpha/extension.proto b/envoy/config/core/v4alpha/extension.proto index 52ae2a14..4de10758 100644 --- a/envoy/config/core/v4alpha/extension.proto +++ b/envoy/config/core/v4alpha/extension.proto @@ -2,6 +2,8 @@ syntax = "proto3"; package envoy.config.core.v4alpha; +import "envoy/config/core/v4alpha/config_source.proto"; + import "google/protobuf/any.proto"; import "udpa/annotations/status.proto"; @@ -32,3 +34,35 @@ message TypedExtensionConfig { // ` for further details. google.protobuf.Any typed_config = 2 [(validate.rules).any = {required: true}]; } + +// Configuration source specifier for a late-bound extension configuration. The +// parent resource is warmed until all the initial extension configurations are +// received, unless the flag to apply the default configuration is set. +// Subsequent extension updates are atomic on a per-worker basis. Once an +// extension configuration is applied to a request or a connection, it remains +// constant for the duration of processing. If the initial delivery of the +// extension configuration fails, due to a timeout for example, the optional +// default configuration is applied. Without a default configuration, the +// extension is disabled, until an extension configuration is received. The +// behavior of a disabled extension depends on the context. For example, a +// filter chain with a disabled extension filter rejects all incoming streams. +message ExtensionConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.ExtensionConfigSource"; + + ConfigSource config_source = 1 [(validate.rules).any = {required: true}]; + + // Optional default configuration to use as the initial configuration if + // there is a failure to receive the initial extension configuration or if + // `apply_default_config_without_warming` flag is set. + google.protobuf.Any default_config = 2; + + // Use the default config as the initial configuration without warming and + // waiting for the first discovery response. Requires the default configuration + // to be supplied. + bool apply_default_config_without_warming = 3; + + // A set of permitted extension type URLs. Extension configuration updates are rejected + // if they do not match any type URL in the set. + repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}]; +} diff --git a/envoy/data/accesslog/v3/accesslog.proto b/envoy/data/accesslog/v3/accesslog.proto index 347adc20..c16b5be1 100644 --- a/envoy/data/accesslog/v3/accesslog.proto +++ b/envoy/data/accesslog/v3/accesslog.proto @@ -186,7 +186,7 @@ message AccessLogCommon { } // Flags indicating occurrences during request/response processing. -// [#next-free-field: 22] +// [#next-free-field: 23] message ResponseFlags { option (udpa.annotations.versioning).previous_message_type = "envoy.data.accesslog.v2.ResponseFlags"; @@ -269,6 +269,9 @@ message ResponseFlags { // Indicates the response was served from a cache filter. bool response_from_cache_filter = 21; + + // Indicates that a filter configuration is not available. + bool no_filter_config_found = 22; } // Properties of a negotiated TLS connection. diff --git a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 87e629f4..04a132ad 100644 --- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -5,6 +5,7 @@ package envoy.extensions.filters.network.http_connection_manager.v3; import "envoy/config/accesslog/v3/accesslog.proto"; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/config_source.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/protocol.proto"; import "envoy/config/core/v3/substitution_format_string.proto"; import "envoy/config/route/v3/route.proto"; @@ -797,38 +798,13 @@ message HttpFilter { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpFilter"; - // [#not-implemented-hide:] Configuration source specifier for the late-bound - // filter configuration. The HTTP Listener is warmed until all the initial - // filter configurations are received, unless the flag to apply the default - // configuration is set. Subsequent filter updates are atomic on a per-worker - // basis, and apply to new streams while the active streams continue using - // the older filter configurations. If the initial delivery of the filter - // configuration fails, due to a timeout for example, the optional default - // configuration is applied. Without a default configuration, the filter is - // disabled, and the HTTP listener responds with 500 immediately. After the - // failure, the listener continues subscribing to the subsequent filter - // configurations. - message HttpFilterConfigSource { - config.core.v3.ConfigSource config_source = 1; - - // Optional default configuration to use as the initial configuration if - // there is a failure to receive the initial filter configuration or if - // `apply_default_config_without_warming` flag is set. - google.protobuf.Any default_config = 2; - - // Use the default config as the initial configuration without warming and - // waiting for the first xDS response. Requires the default configuration - // to be supplied. - bool apply_default_config_without_warming = 3; - } - reserved 3, 2; reserved "config"; // The name of the filter configuration. The name is used as a fallback to // select an extension if the type of the configuration proto is not - // sufficient. It also serves as a resource name in FilterConfigDS. + // sufficient. It also serves as a resource name in ExtensionConfigDS. string name = 1 [(validate.rules).string = {min_bytes: 1}]; // Filter specific configuration which depends on the filter being instantiated. See the supported @@ -836,8 +812,10 @@ message HttpFilter { oneof config_type { google.protobuf.Any typed_config = 4; - // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS. - HttpFilterConfigSource filter_config_ds = 5; + // Configuration source specifier for an extension configuration discovery service. + // In case of a failure and without the default configuration, the HTTP listener responds with 500. + // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061). + config.core.v3.ExtensionConfigSource config_discovery = 5; } } diff --git a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto index ac31bf1e..042a3986 100644 --- a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto +++ b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -5,6 +5,7 @@ package envoy.extensions.filters.network.http_connection_manager.v4alpha; import "envoy/config/accesslog/v4alpha/accesslog.proto"; import "envoy/config/core/v4alpha/base.proto"; import "envoy/config/core/v4alpha/config_source.proto"; +import "envoy/config/core/v4alpha/extension.proto"; import "envoy/config/core/v4alpha/protocol.proto"; import "envoy/config/core/v4alpha/substitution_format_string.proto"; import "envoy/config/route/v4alpha/route.proto"; @@ -803,42 +804,13 @@ message HttpFilter { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter"; - // [#not-implemented-hide:] Configuration source specifier for the late-bound - // filter configuration. The HTTP Listener is warmed until all the initial - // filter configurations are received, unless the flag to apply the default - // configuration is set. Subsequent filter updates are atomic on a per-worker - // basis, and apply to new streams while the active streams continue using - // the older filter configurations. If the initial delivery of the filter - // configuration fails, due to a timeout for example, the optional default - // configuration is applied. Without a default configuration, the filter is - // disabled, and the HTTP listener responds with 500 immediately. After the - // failure, the listener continues subscribing to the subsequent filter - // configurations. - message HttpFilterConfigSource { - option (udpa.annotations.versioning).previous_message_type = - "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter." - "HttpFilterConfigSource"; - - config.core.v4alpha.ConfigSource config_source = 1; - - // Optional default configuration to use as the initial configuration if - // there is a failure to receive the initial filter configuration or if - // `apply_default_config_without_warming` flag is set. - google.protobuf.Any default_config = 2; - - // Use the default config as the initial configuration without warming and - // waiting for the first xDS response. Requires the default configuration - // to be supplied. - bool apply_default_config_without_warming = 3; - } - reserved 3, 2; reserved "config"; // The name of the filter configuration. The name is used as a fallback to // select an extension if the type of the configuration proto is not - // sufficient. It also serves as a resource name in FilterConfigDS. + // sufficient. It also serves as a resource name in ExtensionConfigDS. string name = 1 [(validate.rules).string = {min_bytes: 1}]; // Filter specific configuration which depends on the filter being instantiated. See the supported @@ -846,8 +818,10 @@ message HttpFilter { oneof config_type { google.protobuf.Any typed_config = 4; - // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS. - HttpFilterConfigSource filter_config_ds = 5; + // Configuration source specifier for an extension configuration discovery service. + // In case of a failure and without the default configuration, the HTTP listener responds with 500. + // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061). + config.core.v4alpha.ExtensionConfigSource config_discovery = 5; } } diff --git a/envoy/service/filter/v3/BUILD b/envoy/service/extension/v3/BUILD similarity index 100% rename from envoy/service/filter/v3/BUILD rename to envoy/service/extension/v3/BUILD diff --git a/envoy/service/filter/v3/filter_config_discovery.proto b/envoy/service/extension/v3/config_discovery.proto similarity index 52% rename from envoy/service/filter/v3/filter_config_discovery.proto rename to envoy/service/extension/v3/config_discovery.proto index 79c58467..ce2a5c7d 100644 --- a/envoy/service/filter/v3/filter_config_discovery.proto +++ b/envoy/service/extension/v3/config_discovery.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package envoy.service.filter.v3; +package envoy.service.extension.v3; import "envoy/service/discovery/v3/discovery.proto"; @@ -10,28 +10,29 @@ import "envoy/annotations/resource.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; -option java_package = "io.envoyproxy.envoy.service.filter.v3"; -option java_outer_classname = "FilterConfigDiscoveryProto"; +option java_package = "io.envoyproxy.envoy.service.extension.v3"; +option java_outer_classname = "ConfigDiscoveryProto"; option java_multiple_files = true; option java_generic_services = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; -// [#protodoc-title: FilterConfigDS] +// [#protodoc-title: ExtensionConfigDS] -// Return filter configurations. -service FilterConfigDiscoveryService { +// Return extension configurations. +service ExtensionConfigDiscoveryService { option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig"; - rpc StreamFilterConfigs(stream discovery.v3.DiscoveryRequest) + rpc StreamExtensionConfigs(stream discovery.v3.DiscoveryRequest) returns (stream discovery.v3.DiscoveryResponse) { } - rpc DeltaFilterConfigs(stream discovery.v3.DeltaDiscoveryRequest) + rpc DeltaExtensionConfigs(stream discovery.v3.DeltaDiscoveryRequest) returns (stream discovery.v3.DeltaDiscoveryResponse) { } - rpc FetchFilterConfigs(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) { - option (google.api.http).post = "/v3/discovery:filter_configs"; + rpc FetchExtensionConfigs(discovery.v3.DiscoveryRequest) + returns (discovery.v3.DiscoveryResponse) { + option (google.api.http).post = "/v3/discovery:extension_configs"; option (google.api.http).body = "*"; } } diff --git a/versioning/BUILD b/versioning/BUILD index e00a0fbb..00939e94 100644 --- a/versioning/BUILD +++ b/versioning/BUILD @@ -128,7 +128,7 @@ proto_library( "//envoy/service/discovery/v3:pkg", "//envoy/service/endpoint/v3:pkg", "//envoy/service/event_reporting/v3:pkg", - "//envoy/service/filter/v3:pkg", + "//envoy/service/extension/v3:pkg", "//envoy/service/health/v3:pkg", "//envoy/service/listener/v3:pkg", "//envoy/service/load_stats/v3:pkg",