rbac: support to configure the shadow rule stat with a custom prefix. (#15323)

This is useful when there are more than 1 RBAC filter configured
with shadow rules to distinguish the shadow stats generated
by different filters.

Signed-off-by: Yangmin Zhu <ymzhu@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ fa81296e53a040ccebf45bfc6c67044e6d0d8b62

envoy/extensions/filters/http/rbac/v3/rbac.proto

@@ -29,6 +29,11 @@ message RBAC {
   // but will emit stats and logs and can be used for rule testing.
   // If absent, no shadow RBAC policy will be applied.
   config.rbac.v3.RBAC shadow_rules = 2;
+
+  // If specified, shadow rules will emit stats with the given prefix.
+  // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
+  // shadow rules.
+  string shadow_rules_stat_prefix = 3;
 }
 
 message RBACPerRoute {

envoy/extensions/filters/http/rbac/v4alpha/rbac.proto

@@ -29,6 +29,11 @@ message RBAC {
   // but will emit stats and logs and can be used for rule testing.
   // If absent, no shadow RBAC policy will be applied.
   config.rbac.v4alpha.RBAC shadow_rules = 2;
+
+  // If specified, shadow rules will emit stats with the given prefix.
+  // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
+  // shadow rules.
+  string shadow_rules_stat_prefix = 3;
 }
 
 message RBACPerRoute {

envoy/extensions/filters/network/rbac/v3/rbac.proto

@@ -21,6 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 //
 // Header should not be used in rules/shadow_rules in RBAC network filter as
 // this information is only available in :ref:`RBAC http filter <config_http_filters_rbac>`.
+// [#next-free-field: 6]
 message RBAC {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.rbac.v2.RBAC";
@@ -45,6 +46,11 @@ message RBAC {
   // If absent, no shadow RBAC policy will be applied.
   config.rbac.v3.RBAC shadow_rules = 2;
 
+  // If specified, shadow rules will emit stats with the given prefix.
+  // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
+  // shadow rules.
+  string shadow_rules_stat_prefix = 5;
+
   // The prefix to use when emitting statistics.
   string stat_prefix = 3 [(validate.rules).string = {min_len: 1}];
 

envoy/extensions/filters/network/rbac/v4alpha/rbac.proto

@@ -21,6 +21,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO
 //
 // Header should not be used in rules/shadow_rules in RBAC network filter as
 // this information is only available in :ref:`RBAC http filter <config_http_filters_rbac>`.
+// [#next-free-field: 6]
 message RBAC {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.extensions.filters.network.rbac.v3.RBAC";
@@ -45,6 +46,11 @@ message RBAC {
   // If absent, no shadow RBAC policy will be applied.
   config.rbac.v4alpha.RBAC shadow_rules = 2;
 
+  // If specified, shadow rules will emit stats with the given prefix.
+  // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
+  // shadow rules.
+  string shadow_rules_stat_prefix = 5;
+
   // The prefix to use when emitting statistics.
   string stat_prefix = 3 [(validate.rules).string = {min_len: 1}];