diff --git a/envoy/api/v2/core/grpc_method_list.proto b/envoy/api/v2/core/grpc_method_list.proto new file mode 100644 index 00000000..9728b203 --- /dev/null +++ b/envoy/api/v2/core/grpc_method_list.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.api.v2.core; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.api.v2.core"; +option java_outer_classname = "GrpcMethodListProto"; +option java_multiple_files = true; +option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: gRPC method list] + +// A list of gRPC methods which can be used as an allowlist, for example. +message GrpcMethodList { + message Service { + // The name of the gRPC service. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The names of the gRPC methods in this service. + repeated string method_names = 2 [(validate.rules).repeated = {min_items: 1}]; + } + + repeated Service services = 1; +} diff --git a/envoy/config/core/v3/grpc_method_list.proto b/envoy/config/core/v3/grpc_method_list.proto new file mode 100644 index 00000000..2bc24e36 --- /dev/null +++ b/envoy/config/core/v3/grpc_method_list.proto @@ -0,0 +1,32 @@ +syntax = "proto3"; + +package envoy.config.core.v3; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.config.core.v3"; +option java_outer_classname = "GrpcMethodListProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: gRPC method list] + +// A list of gRPC methods which can be used as an allowlist, for example. +message GrpcMethodList { + option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.GrpcMethodList"; + + message Service { + option (udpa.annotations.versioning).previous_message_type = + "envoy.api.v2.core.GrpcMethodList.Service"; + + // The name of the gRPC service. + string name = 1 [(validate.rules).string = {min_bytes: 1}]; + + // The names of the gRPC methods in this service. + repeated string method_names = 2 [(validate.rules).repeated = {min_items: 1}]; + } + + repeated Service services = 1; +} diff --git a/envoy/config/filter/http/grpc_stats/v2alpha/BUILD b/envoy/config/filter/http/grpc_stats/v2alpha/BUILD index ef3541eb..69168ad0 100644 --- a/envoy/config/filter/http/grpc_stats/v2alpha/BUILD +++ b/envoy/config/filter/http/grpc_stats/v2alpha/BUILD @@ -5,5 +5,8 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") licenses(["notice"]) # Apache 2 api_proto_package( - deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], + deps = [ + "//envoy/api/v2/core:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], ) diff --git a/envoy/config/filter/http/grpc_stats/v2alpha/config.proto b/envoy/config/filter/http/grpc_stats/v2alpha/config.proto index 88ca3dee..4280a44f 100644 --- a/envoy/config/filter/http/grpc_stats/v2alpha/config.proto +++ b/envoy/config/filter/http/grpc_stats/v2alpha/config.proto @@ -2,6 +2,10 @@ syntax = "proto3"; package envoy.config.filter.http.grpc_stats.v2alpha; +import "envoy/api/v2/core/grpc_method_list.proto"; + +import "google/protobuf/wrappers.proto"; + import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -22,6 +26,33 @@ message FilterConfig { // If true, the filter maintains a filter state object with the request and response message // counts. bool emit_filter_state = 1; + + oneof per_method_stat_specifier { + // If set, specifies an allowlist of service/methods that will have individual stats + // emitted for them. Any call that does not match the allowlist will be counted + // in a stat with no method specifier: `cluster..grpc.*`. + api.v2.core.GrpcMethodList individual_method_stats_allowlist = 2; + + // If set to true, emit stats for all service/method names. + // + // If set to false, emit stats for all service/message types to the same stats without including + // the service/method in the name, with prefix `cluster..grpc`. This can be useful if + // service/method granularity is not needed, or if each cluster only receives a single method. + // + // .. attention:: + // This option is only safe if all clients are trusted. If this option is enabled + // with untrusted clients, the clients could cause unbounded growth in the number of stats in + // Envoy, using unbounded memory and potentially slowing down stats pipelines. + // + // .. attention:: + // If neither `individual_method_stats_allowlist` nor `stats_for_all_methods` is set, the + // behavior will default to `stats_for_all_methods=true`. This default value is deprecated, + // and in a future release, if neither field is set, it will default to + // `stats_for_all_methods=false` in order to be safe by default. This behavior can be + // controlled with runtime override + // `envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default`. + google.protobuf.BoolValue stats_for_all_methods = 3; + } } // gRPC statistics filter state object in protobuf form. diff --git a/envoy/extensions/filters/http/grpc_stats/v3/BUILD b/envoy/extensions/filters/http/grpc_stats/v3/BUILD index 6416ce6b..cfae56e4 100644 --- a/envoy/extensions/filters/http/grpc_stats/v3/BUILD +++ b/envoy/extensions/filters/http/grpc_stats/v3/BUILD @@ -6,6 +6,7 @@ licenses(["notice"]) # Apache 2 api_proto_package( deps = [ + "//envoy/config/core/v3:pkg", "//envoy/config/filter/http/grpc_stats/v2alpha:pkg", "@com_github_cncf_udpa//udpa/annotations:pkg", ], diff --git a/envoy/extensions/filters/http/grpc_stats/v3/config.proto b/envoy/extensions/filters/http/grpc_stats/v3/config.proto index c2d2696b..037e5efe 100644 --- a/envoy/extensions/filters/http/grpc_stats/v3/config.proto +++ b/envoy/extensions/filters/http/grpc_stats/v3/config.proto @@ -2,6 +2,10 @@ syntax = "proto3"; package envoy.extensions.filters.http.grpc_stats.v3; +import "envoy/config/core/v3/grpc_method_list.proto"; + +import "google/protobuf/wrappers.proto"; + import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -23,6 +27,33 @@ message FilterConfig { // If true, the filter maintains a filter state object with the request and response message // counts. bool emit_filter_state = 1; + + oneof per_method_stat_specifier { + // If set, specifies an allowlist of service/methods that will have individual stats + // emitted for them. Any call that does not match the allowlist will be counted + // in a stat with no method specifier: `cluster..grpc.*`. + config.core.v3.GrpcMethodList individual_method_stats_allowlist = 2; + + // If set to true, emit stats for all service/method names. + // + // If set to false, emit stats for all service/message types to the same stats without including + // the service/method in the name, with prefix `cluster..grpc`. This can be useful if + // service/method granularity is not needed, or if each cluster only receives a single method. + // + // .. attention:: + // This option is only safe if all clients are trusted. If this option is enabled + // with untrusted clients, the clients could cause unbounded growth in the number of stats in + // Envoy, using unbounded memory and potentially slowing down stats pipelines. + // + // .. attention:: + // If neither `individual_method_stats_allowlist` nor `stats_for_all_methods` is set, the + // behavior will default to `stats_for_all_methods=true`. This default value is deprecated, + // and in a future release, if neither field is set, it will default to + // `stats_for_all_methods=false` in order to be safe by default. This behavior can be + // controlled with runtime override + // `envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default`. + google.protobuf.BoolValue stats_for_all_methods = 3; + } } // gRPC statistics filter state object in protobuf form.