grpc_stats filter: Add config options to restrict number of stats (#10467)

Add options to either put all methods into the same per-cluster
stat, or to whitelist which methods to create stats for.

Additionally, start a deprecation process for the default mode
being to create a stat for all methods, to remove an unsafe
default.

Risk Level: Low
Testing: Unit tests added
Docs Changes: done
Release Notes: added
Fixes #10445
Deprecated: added

Mirrored from https://github.com/envoyproxy/envoy @ 715992f3ac891d87e67566ffbfd6b3af8d8a4e1d
master-ci-test
data-plane-api(CircleCI) 5 years ago
parent 03ef46cf33
commit 843c15a171
  1. 28
      envoy/api/v2/core/grpc_method_list.proto
  2. 32
      envoy/config/core/v3/grpc_method_list.proto
  3. 5
      envoy/config/filter/http/grpc_stats/v2alpha/BUILD
  4. 31
      envoy/config/filter/http/grpc_stats/v2alpha/config.proto
  5. 1
      envoy/extensions/filters/http/grpc_stats/v3/BUILD
  6. 31
      envoy/extensions/filters/http/grpc_stats/v3/config.proto

@ -0,0 +1,28 @@
syntax = "proto3";
package envoy.api.v2.core;
import "udpa/annotations/migrate.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.api.v2.core";
option java_outer_classname = "GrpcMethodListProto";
option java_multiple_files = true;
option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: gRPC method list]
// A list of gRPC methods which can be used as an allowlist, for example.
message GrpcMethodList {
message Service {
// The name of the gRPC service.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// The names of the gRPC methods in this service.
repeated string method_names = 2 [(validate.rules).repeated = {min_items: 1}];
}
repeated Service services = 1;
}

@ -0,0 +1,32 @@
syntax = "proto3";
package envoy.config.core.v3;
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "GrpcMethodListProto";
option java_multiple_files = true;
option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
// [#protodoc-title: gRPC method list]
// A list of gRPC methods which can be used as an allowlist, for example.
message GrpcMethodList {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.GrpcMethodList";
message Service {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcMethodList.Service";
// The name of the gRPC service.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// The names of the gRPC methods in this service.
repeated string method_names = 2 [(validate.rules).repeated = {min_items: 1}];
}
repeated Service services = 1;
}

@ -5,5 +5,8 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
licenses(["notice"]) # Apache 2
api_proto_package(
deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"],
deps = [
"//envoy/api/v2/core:pkg",
"@com_github_cncf_udpa//udpa/annotations:pkg",
],
)

@ -2,6 +2,10 @@ syntax = "proto3";
package envoy.config.filter.http.grpc_stats.v2alpha;
import "envoy/api/v2/core/grpc_method_list.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/migrate.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@ -22,6 +26,33 @@ message FilterConfig {
// If true, the filter maintains a filter state object with the request and response message
// counts.
bool emit_filter_state = 1;
oneof per_method_stat_specifier {
// If set, specifies an allowlist of service/methods that will have individual stats
// emitted for them. Any call that does not match the allowlist will be counted
// in a stat with no method specifier: `cluster.<name>.grpc.*`.
api.v2.core.GrpcMethodList individual_method_stats_allowlist = 2;
// If set to true, emit stats for all service/method names.
//
// If set to false, emit stats for all service/message types to the same stats without including
// the service/method in the name, with prefix `cluster.<name>.grpc`. This can be useful if
// service/method granularity is not needed, or if each cluster only receives a single method.
//
// .. attention::
// This option is only safe if all clients are trusted. If this option is enabled
// with untrusted clients, the clients could cause unbounded growth in the number of stats in
// Envoy, using unbounded memory and potentially slowing down stats pipelines.
//
// .. attention::
// If neither `individual_method_stats_allowlist` nor `stats_for_all_methods` is set, the
// behavior will default to `stats_for_all_methods=true`. This default value is deprecated,
// and in a future release, if neither field is set, it will default to
// `stats_for_all_methods=false` in order to be safe by default. This behavior can be
// controlled with runtime override
// `envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default`.
google.protobuf.BoolValue stats_for_all_methods = 3;
}
}
// gRPC statistics filter state object in protobuf form.

@ -6,6 +6,7 @@ licenses(["notice"]) # Apache 2
api_proto_package(
deps = [
"//envoy/config/core/v3:pkg",
"//envoy/config/filter/http/grpc_stats/v2alpha:pkg",
"@com_github_cncf_udpa//udpa/annotations:pkg",
],

@ -2,6 +2,10 @@ syntax = "proto3";
package envoy.extensions.filters.http.grpc_stats.v3;
import "envoy/config/core/v3/grpc_method_list.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
@ -23,6 +27,33 @@ message FilterConfig {
// If true, the filter maintains a filter state object with the request and response message
// counts.
bool emit_filter_state = 1;
oneof per_method_stat_specifier {
// If set, specifies an allowlist of service/methods that will have individual stats
// emitted for them. Any call that does not match the allowlist will be counted
// in a stat with no method specifier: `cluster.<name>.grpc.*`.
config.core.v3.GrpcMethodList individual_method_stats_allowlist = 2;
// If set to true, emit stats for all service/method names.
//
// If set to false, emit stats for all service/message types to the same stats without including
// the service/method in the name, with prefix `cluster.<name>.grpc`. This can be useful if
// service/method granularity is not needed, or if each cluster only receives a single method.
//
// .. attention::
// This option is only safe if all clients are trusted. If this option is enabled
// with untrusted clients, the clients could cause unbounded growth in the number of stats in
// Envoy, using unbounded memory and potentially slowing down stats pipelines.
//
// .. attention::
// If neither `individual_method_stats_allowlist` nor `stats_for_all_methods` is set, the
// behavior will default to `stats_for_all_methods=true`. This default value is deprecated,
// and in a future release, if neither field is set, it will default to
// `stats_for_all_methods=false` in order to be safe by default. This behavior can be
// controlled with runtime override
// `envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default`.
google.protobuf.BoolValue stats_for_all_methods = 3;
}
}
// gRPC statistics filter state object in protobuf form.

Loading…
Cancel
Save