adding check_format and fix_format (#300)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
pull/246/head
alyssawilk 7 years ago committed by Matt Klein
parent b227517de0
commit 99dab97a47
  1. 9
      .circleci/config.yml
  2. 2
      .clang-format
  3. 4
      api/BUILD
  4. 2
      api/base.proto
  5. 1
      api/bootstrap.proto
  6. 9
      api/cds.proto
  7. 3
      api/discovery.proto
  8. 22
      api/eds.proto
  9. 2
      api/filter/accesslog/BUILD
  10. 16
      api/filter/accesslog/accesslog.proto
  11. 3
      api/filter/fault.proto
  12. 2
      api/filter/http/BUILD
  13. 6
      api/filter/http/buffer.proto
  14. 5
      api/filter/http/fault.proto
  15. 2
      api/filter/http/transcoder.proto
  16. 4
      api/filter/network/BUILD
  17. 8
      api/filter/network/http_connection_manager.proto
  18. 3
      api/filter/network/tcp_proxy.proto
  19. 3
      api/hds.proto
  20. 3
      api/health_check.proto
  21. 27
      api/lds.proto
  22. 7
      api/metrics_service.proto
  23. 27
      api/rds.proto
  24. 15
      api/rls.proto
  25. 32
      api/sds.proto
  26. 25
      bazel/api_build_system.bzl
  27. 2
      test/build/BUILD
  28. 30
      test/build/build_test.cc
  29. 8
      test/validate/pgv_test.cc
  30. 0
      tools/check_format.py
  31. 4
      tools/protodoc/BUILD

@ -20,6 +20,14 @@ jobs:
- run: docs/publish.sh - run: docs/publish.sh
- store_artifacts: - store_artifacts:
path: generated/docs path: generated/docs
format:
docker:
- image: lyft/envoy-build:114e24c6fd05fc026492e9d2ca5608694e5ea59d
resource_class: xlarge
working_directory: /source
steps:
- checkout
- run: ci/do_ci.sh check_format
workflows: workflows:
version: 2 version: 2
@ -27,3 +35,4 @@ workflows:
jobs: jobs:
- test - test
- docs - docs
- format

@ -10,5 +10,7 @@ SortIncludes: false
--- ---
Language: Proto Language: Proto
ColumnLimit: 100 ColumnLimit: 100
SpacesInContainerLiterals: false
AllowShortFunctionsOnASingleLine: false
... ...

@ -96,11 +96,11 @@ api_proto_library(
name = "metrics", name = "metrics",
srcs = ["metrics_service.proto"], srcs = ["metrics_service.proto"],
has_services = 1, has_services = 1,
require_py = 0,
deps = [ deps = [
":base", ":base",
"@promotheus_metrics_model//:client_model", "@promotheus_metrics_model//:client_model",
], ],
require_py = 0,
) )
api_proto_library( api_proto_library(
@ -146,7 +146,7 @@ proto_library(
":lds", ":lds",
":protocol", ":protocol",
":rds", ":rds",
"//api/filter/accesslog:accesslog", "//api/filter/accesslog",
"//api/filter/http:buffer", "//api/filter/http:buffer",
"//api/filter/http:fault", "//api/filter/http:fault",
"//api/filter/http:health_check", "//api/filter/http:health_check",

@ -152,7 +152,7 @@ message ApiConfigSource {
ApiType api_type = 1; ApiType api_type = 1;
// Multiple cluster names may be provided. If > 1 cluster is defined, clusters // Multiple cluster names may be provided. If > 1 cluster is defined, clusters
// will be cycled through if any kind of failure occurs. // will be cycled through if any kind of failure occurs.
repeated string cluster_name = 2 [(validate.rules).repeated.min_items = 1]; repeated string cluster_name = 2 [(validate.rules).repeated .min_items = 1];
// For REST APIs, the delay between successive polls. // For REST APIs, the delay between successive polls.
google.protobuf.Duration refresh_delay = 3; google.protobuf.Duration refresh_delay = 3;
} }

@ -250,7 +250,6 @@ message Watchdog {
// kill behavior. If not specified the default is 0 (disabled). // kill behavior. If not specified the default is 0 (disabled).
google.protobuf.Duration kill_timeout = 3; google.protobuf.Duration kill_timeout = 3;
// If at least two watched threads have been nonresponsive for at least this // If at least two watched threads have been nonresponsive for at least this
// duration assume a true deadlock and kill the entire Envoy process. Set to 0 // duration assume a true deadlock and kill the entire Envoy process. Set to 0
// to disable this behavior. If not specified the default is 0 (disabled). // to disable this behavior. If not specified the default is 0 (disabled).

@ -20,12 +20,10 @@ import "validate/validate.proto";
// Return list of all clusters this proxy will load balance to. // Return list of all clusters this proxy will load balance to.
service ClusterDiscoveryService { service ClusterDiscoveryService {
rpc StreamClusters(stream DiscoveryRequest) rpc StreamClusters(stream DiscoveryRequest) returns (stream DiscoveryResponse) {
returns (stream DiscoveryResponse) {
} }
rpc FetchClusters(DiscoveryRequest) rpc FetchClusters(DiscoveryRequest) returns (DiscoveryResponse) {
returns (DiscoveryResponse) {
option (google.api.http) = { option (google.api.http) = {
post: "/v2/discovery:clusters" post: "/v2/discovery:clusters"
body: "*" body: "*"
@ -319,7 +317,8 @@ message Cluster {
// The % chance that a host will be actually ejected when an outlier status // The % chance that a host will be actually ejected when an outlier status
// is detected through consecutive gateway failures. This setting can be // is detected through consecutive gateway failures. This setting can be
// used to disable ejection or to ramp it up slowly. Defaults to 0. // used to disable ejection or to ramp it up slowly. Defaults to 0.
google.protobuf.UInt32Value enforcing_consecutive_gateway_failure = 11 [(validate.rules).uint32.lte = 100]; google.protobuf.UInt32Value enforcing_consecutive_gateway_failure = 11
[(validate.rules).uint32.lte = 100];
} }
// If specified, outlier detection will be enabled for this upstream cluster. // If specified, outlier detection will be enabled for this upstream cluster.

@ -16,8 +16,7 @@ import "google/protobuf/any.proto";
// the multiplexed singleton APIs at the Envoy instance and management server. // the multiplexed singleton APIs at the Envoy instance and management server.
service AggregatedDiscoveryService { service AggregatedDiscoveryService {
// This is a gRPC-only API. // This is a gRPC-only API.
rpc StreamAggregatedResources(stream DiscoveryRequest) rpc StreamAggregatedResources(stream DiscoveryRequest) returns (stream DiscoveryResponse) {
returns (stream DiscoveryResponse) {
} }
} }

@ -17,12 +17,10 @@ import "validate/validate.proto";
service EndpointDiscoveryService { service EndpointDiscoveryService {
// The resource_names field in DiscoveryRequest specifies a list of clusters // The resource_names field in DiscoveryRequest specifies a list of clusters
// to subscribe to updates for. // to subscribe to updates for.
rpc StreamEndpoints(stream DiscoveryRequest) rpc StreamEndpoints(stream DiscoveryRequest) returns (stream DiscoveryResponse) {
returns (stream DiscoveryResponse) {
} }
rpc FetchEndpoints(DiscoveryRequest) rpc FetchEndpoints(DiscoveryRequest) returns (DiscoveryResponse) {
returns (DiscoveryResponse) {
option (google.api.http) = { option (google.api.http) = {
post: "/v2/discovery:endpoints" post: "/v2/discovery:endpoints"
body: "*" body: "*"
@ -57,8 +55,7 @@ service EndpointDiscoveryService {
// 6. The management server uses the load reports from all reported Envoys // 6. The management server uses the load reports from all reported Envoys
// from around the world, computes global assignment and prepares traffic // from around the world, computes global assignment and prepares traffic
// assignment destined for each zone Envoys are located in. Goto 2. // assignment destined for each zone Envoys are located in. Goto 2.
rpc StreamLoadStats(stream LoadStatsRequest) rpc StreamLoadStats(stream LoadStatsRequest) returns (stream LoadStatsResponse) {
returns (stream LoadStatsResponse) {
} }
} }
@ -93,7 +90,8 @@ message LbEndpoint {
// The limit of 128 is somewhat arbitrary, but is applied due to performance // The limit of 128 is somewhat arbitrary, but is applied due to performance
// concerns with the current implementation and can be removed when // concerns with the current implementation and can be removed when
// `this issue <https://github.com/envoyproxy/envoy/issues/1285>`_ is fixed. // `this issue <https://github.com/envoyproxy/envoy/issues/1285>`_ is fixed.
google.protobuf.UInt32Value load_balancing_weight = 4 [(validate.rules).uint32 = {gte:1, lte:128}]; google.protobuf.UInt32Value load_balancing_weight = 4
[(validate.rules).uint32 = {gte: 1, lte: 128}];
} }
// A group of endpoints belonging to a Locality. // A group of endpoints belonging to a Locality.
@ -123,7 +121,8 @@ message LocalityLbEndpoints {
// The limit of 128 is somewhat arbitrary, but is applied due to performance // The limit of 128 is somewhat arbitrary, but is applied due to performance
// concerns with the current implementation and can be removed when // concerns with the current implementation and can be removed when
// `this issue <https://github.com/envoyproxy/envoy/issues/1285>`_ is fixed. // `this issue <https://github.com/envoyproxy/envoy/issues/1285>`_ is fixed.
google.protobuf.UInt32Value load_balancing_weight = 3 [(validate.rules).uint32 = {gte:1, lte:128}]; google.protobuf.UInt32Value load_balancing_weight = 3
[(validate.rules).uint32 = {gte: 1, lte: 128}];
// Optional: the priority for this LocalityLbEndpoints. If unspecified this will // Optional: the priority for this LocalityLbEndpoints. If unspecified this will
// default to the highest priority (0). // default to the highest priority (0).
@ -207,7 +206,8 @@ message ClusterStats {
string cluster_name = 1 [(validate.rules).string.min_bytes = 1]; string cluster_name = 1 [(validate.rules).string.min_bytes = 1];
// Need at least one. // Need at least one.
repeated UpstreamLocalityStats upstream_locality_stats = 2 [(validate.rules).repeated.min_items = 1]; repeated UpstreamLocalityStats upstream_locality_stats = 2
[(validate.rules).repeated .min_items = 1];
// Cluster-level stats such as total_successful_requests may be computed by // Cluster-level stats such as total_successful_requests may be computed by
// summing upstream_locality_stats. In addition, below there are additional // summing upstream_locality_stats. In addition, below there are additional
@ -259,7 +259,7 @@ message ClusterLoadAssignment {
// recover from an outage or should they be unable to autoscale and hence // recover from an outage or should they be unable to autoscale and hence
// overall incoming traffic volume need to be trimmed to protect them. // overall incoming traffic volume need to be trimmed to protect them.
// [#v2-api-diff: This is known as maintenance mode in v1.] // [#v2-api-diff: This is known as maintenance mode in v1.]
double drop_overload = 1 [(validate.rules).double = {gte:0, lte: 100}]; double drop_overload = 1 [(validate.rules).double = {gte: 0, lte: 100}];
} }
// Load balancing policy settings. // Load balancing policy settings.
@ -271,7 +271,7 @@ message ClusterLoadAssignment {
// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
message LoadStatsResponse { message LoadStatsResponse {
// Clusters to report stats for. // Clusters to report stats for.
repeated string clusters = 1 [(validate.rules).repeated.min_items = 1]; repeated string clusters = 1 [(validate.rules).repeated .min_items = 1];
// The interval of time to collect stats. The default is 10 seconds. // The interval of time to collect stats. The default is 10 seconds.
google.protobuf.Duration load_reporting_interval = 2; google.protobuf.Duration load_reporting_interval = 2;

@ -6,6 +6,6 @@ api_proto_library(
has_services = 1, has_services = 1,
deps = [ deps = [
"//api:address", "//api:address",
"//api:base" "//api:base",
], ],
) )

@ -275,11 +275,13 @@ message DurationFilter {
// Filters for requests that are not health check requests. A health check // Filters for requests that are not health check requests. A health check
// request is marked by the health check filter. // request is marked by the health check filter.
message NotHealthCheckFilter {} message NotHealthCheckFilter {
}
// Filters for requests that are traceable. See the tracing overview for more // Filters for requests that are traceable. See the tracing overview for more
// information on how a request becomes traceable. // information on how a request becomes traceable.
message TraceableFilter {} message TraceableFilter {
}
// Filters for random sampling of requests. Sampling pivots on the header // Filters for random sampling of requests. Sampling pivots on the header
// :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being present. If // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being present. If
@ -297,14 +299,14 @@ message RuntimeFilter {
// Filters are evaluated sequentially and if one of them returns false, the // Filters are evaluated sequentially and if one of them returns false, the
// filter returns false immediately. // filter returns false immediately.
message AndFilter { message AndFilter {
repeated AccessLogFilter filters = 1 [(validate.rules).repeated.min_items = 2]; repeated AccessLogFilter filters = 1 [(validate.rules).repeated .min_items = 2];
} }
// Performs a logical or operation on the result of each individual filter. // Performs a logical or operation on the result of each individual filter.
// Filters are evaluated sequentially and if one of them returns true, the // Filters are evaluated sequentially and if one of them returns true, the
// filter returns true immediately. // filter returns true immediately.
message OrFilter { message OrFilter {
repeated AccessLogFilter filters = 2 [(validate.rules).repeated.min_items = 2]; repeated AccessLogFilter filters = 2 [(validate.rules).repeated .min_items = 2];
} }
message AccessLogFilter { message AccessLogFilter {
@ -396,7 +398,8 @@ message StreamAccessLogsMessage {
// Empty response for the StreamAccessLogs API. Will never be sent. See below. // Empty response for the StreamAccessLogs API. Will never be sent. See below.
// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.
message StreamAccessLogsResponse {} message StreamAccessLogsResponse {
}
// Service for streaming access logs from Envoy to an access log server. // Service for streaming access logs from Envoy to an access log server.
service AccessLogService { service AccessLogService {
@ -406,8 +409,7 @@ service AccessLogService {
// API for "critical" access logs in which Envoy will buffer access logs for some period of time // API for "critical" access logs in which Envoy will buffer access logs for some period of time
// until it gets an ACK so it could then retry. This API is designed for high throughput with the // until it gets an ACK so it could then retry. This API is designed for high throughput with the
// expectation that it might be lossy. // expectation that it might be lossy.
rpc StreamAccessLogs(stream StreamAccessLogsMessage) rpc StreamAccessLogs(stream StreamAccessLogsMessage) returns (StreamAccessLogsResponse) {
returns (StreamAccessLogsResponse) {
} }
} }

@ -17,7 +17,8 @@ message FaultDelay {
FIXED = 0; FIXED = 0;
} }
// Delay type to use (fixed|exponential|..). Currently, only fixed delay (step function) is supported. // Delay type to use (fixed|exponential|..). Currently, only fixed delay (step function) is
// supported.
FaultDelayType type = 1 [(validate.rules).enum.defined_only = true]; FaultDelayType type = 1 [(validate.rules).enum.defined_only = true];
// An integer between 0-100 indicating the percentage of operations/connection requests // An integer between 0-100 indicating the percentage of operations/connection requests

@ -5,7 +5,7 @@ licenses(["notice"]) # Apache 2
api_proto_library( api_proto_library(
name = "router", name = "router",
srcs = ["router.proto"], srcs = ["router.proto"],
deps = ["//api/filter/accesslog:accesslog"], deps = ["//api/filter/accesslog"],
) )
api_proto_library( api_proto_library(

@ -17,8 +17,6 @@ message Buffer {
// The maximum number of seconds that the filter will wait for a complete // The maximum number of seconds that the filter will wait for a complete
// request before returning a 408 response. // request before returning a 408 response.
google.protobuf.Duration max_request_time = 2 [(validate.rules).duration = { google.protobuf.Duration max_request_time = 2
required: true, [(validate.rules).duration = {required: true, gt: {}}];
gt: {}
}];
} }

@ -19,10 +19,7 @@ message FaultAbort {
option (validate.required) = true; option (validate.required) = true;
// HTTP status code to use to abort the HTTP request. // HTTP status code to use to abort the HTTP request.
uint32 http_status = 2 [(validate.rules).uint32 = { uint32 http_status = 2 [(validate.rules).uint32 = {gte: 200, lt: 600}];
gte: 200,
lt: 600
}];
} }
} }

@ -35,7 +35,7 @@ message GrpcJsonTranscoder {
// transcoder will translate. If the service name doesn't exist in ``proto_descriptor``, Envoy // transcoder will translate. If the service name doesn't exist in ``proto_descriptor``, Envoy
// will fail at startup. The ``proto_descriptor`` may contain more services than the service names // will fail at startup. The ``proto_descriptor`` may contain more services than the service names
// specified here, but they won't be translated. // specified here, but they won't be translated.
repeated string services = 2 [(validate.rules).repeated.min_items = 1]; repeated string services = 2 [(validate.rules).repeated .min_items = 1];
message PrintOptions { message PrintOptions {
// Whether to add spaces, line breaks and indentation to make the JSON // Whether to add spaces, line breaks and indentation to make the JSON

@ -9,7 +9,7 @@ api_proto_library(
"//api:base", "//api:base",
"//api:protocol", "//api:protocol",
"//api:rds", "//api:rds",
"//api/filter/accesslog:accesslog", "//api/filter/accesslog",
], ],
) )
@ -23,8 +23,8 @@ api_proto_library(
name = "tcp_proxy", name = "tcp_proxy",
srcs = ["tcp_proxy.proto"], srcs = ["tcp_proxy.proto"],
deps = [ deps = [
"//api/filter/accesslog:accesslog",
"//api:address", "//api:address",
"//api/filter/accesslog",
], ],
) )

@ -173,9 +173,9 @@ message HttpConnectionManager {
google.protobuf.BoolValue use_remote_address = 14; google.protobuf.BoolValue use_remote_address = 14;
// Whether the connection manager will generate the :ref:`x-request-id // Whether the connection manager will generate the :ref:`x-request-id
// <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to true. // <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to
// Generating a random UUID4 is expensive so in high throughput scenarios where this feature is // true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature
// not desired it can be disabled. // is not desired it can be disabled.
google.protobuf.BoolValue generate_request_id = 15; google.protobuf.BoolValue generate_request_id = 15;
// How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP
@ -204,7 +204,7 @@ message HttpConnectionManager {
// How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP // How to handle the :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) HTTP
// header. // header.
ForwardClientCertDetails forward_client_cert_details = 16 ForwardClientCertDetails forward_client_cert_details = 16
[(validate.rules).enum.defined_only = true]; [(validate.rules).enum.defined_only = true];
message SetCurrentClientCertDetails { message SetCurrentClientCertDetails {
// Whether to forward the subject of the client cert. Defaults to false. // Whether to forward the subject of the client cert. Defaults to false.

@ -13,7 +13,8 @@ import "validate/validate.proto";
// [#protodoc-title: TCP Proxy] // [#protodoc-title: TCP Proxy]
// TCP Proxy :ref:`configuration overview <config_network_filters_tcp_proxy>`. // TCP Proxy :ref:`configuration overview <config_network_filters_tcp_proxy>`.
// [#v2-api-diff: The route match now takes place in the :ref:`FilterChainMatch <envoy_api_msg_FilterChainMatch>` table]. // [#v2-api-diff: The route match now takes place in the :ref:`FilterChainMatch
// <envoy_api_msg_FilterChainMatch>` table].
message TcpProxy { message TcpProxy {
// The prefix to use when emitting :ref:`statistics // The prefix to use when emitting :ref:`statistics

@ -56,8 +56,7 @@ service HealthDiscoveryService {
// TODO(htuch): Unlike the gRPC version, there is no stream-based binding of // TODO(htuch): Unlike the gRPC version, there is no stream-based binding of
// request/response. Should we add an identifier to the HealthCheckSpecifier // request/response. Should we add an identifier to the HealthCheckSpecifier
// to bind with the response? // to bind with the response?
rpc FetchHealthCheck(HealthCheckRequestOrEndpointHealthResponse) rpc FetchHealthCheck(HealthCheckRequestOrEndpointHealthResponse) returns (HealthCheckSpecifier) {
returns (HealthCheckSpecifier) {
option (google.api.http) = { option (google.api.http) = {
post: "/v2/discovery:health_check" post: "/v2/discovery:health_check"
body: "*" body: "*"

@ -85,7 +85,8 @@ message HealthCheck {
repeated Payload receive = 2; repeated Payload receive = 2;
} }
message RedisHealthCheck {} message RedisHealthCheck {
}
oneof health_checker { oneof health_checker {
option (validate.required) = true; option (validate.required) = true;

@ -21,12 +21,10 @@ import "validate/validate.proto";
// consist of a complete update of all listeners. Existing connections will be // consist of a complete update of all listeners. Existing connections will be
// allowed to drain from listeners that are no longer present. // allowed to drain from listeners that are no longer present.
service ListenerDiscoveryService { service ListenerDiscoveryService {
rpc StreamListeners(stream DiscoveryRequest) rpc StreamListeners(stream DiscoveryRequest) returns (stream DiscoveryResponse) {
returns (stream DiscoveryResponse) {
} }
rpc FetchListeners(DiscoveryRequest) rpc FetchListeners(DiscoveryRequest) returns (DiscoveryResponse) {
returns (DiscoveryResponse) {
option (google.api.http) = { option (google.api.http) = {
post: "/v2/discovery:listeners" post: "/v2/discovery:listeners"
body: "*" body: "*"
@ -137,8 +135,9 @@ message Listener {
// The unique name by which this listener is known. If no name is provided, // The unique name by which this listener is known. If no name is provided,
// Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically
// updated or removed via :ref:`LDS <config_listeners_lds>` a unique name must be provided. // updated or removed via :ref:`LDS <config_listeners_lds>` a unique name must be provided.
// By default, the maximum length of a listener's name is limited to 60 characters. This limit can be // By default, the maximum length of a listener's name is limited to 60 characters. This limit can
// increased by setting the :option:`--max-obj-name-len` command line argument to the desired value. // be increased by setting the :option:`--max-obj-name-len` command line argument to the desired
// value.
string name = 1; string name = 1;
// The address that the listener should listen on. In general, the address must be unique, though // The address that the listener should listen on. In general, the address must be unique, though
@ -156,16 +155,16 @@ message Listener {
// configured. See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more // configured. See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
// information. When multiple filter chains are configured, each filter chain must have an // information. When multiple filter chains are configured, each filter chain must have an
// **identical** set of :ref:`filters <envoy_api_field_FilterChain.filters>`. If the filters // **identical** set of :ref:`filters <envoy_api_field_FilterChain.filters>`. If the filters
// differ, the configuration will fail to load. In the future, this limitation will be relaxed such that // differ, the configuration will fail to load. In the future, this limitation will be relaxed
// different filters can be used depending on which filter chain matches (based on SNI or // such that different filters can be used depending on which filter chain matches (based on SNI
// some other parameter). // or some other parameter).
repeated FilterChain filter_chains = 3 [(validate.rules).repeated.min_items = 1]; repeated FilterChain filter_chains = 3 [(validate.rules).repeated .min_items = 1];
// If a connection is redirected using *iptables*, the port on which the proxy // If a connection is redirected using *iptables*, the port on which the proxy
// receives it might be different from the original destination address. When this flag is set to true, // receives it might be different from the original destination address. When this flag is set to
// the listener hands off redirected connections to the listener associated with the original // true, the listener hands off redirected connections to the listener associated with the
// destination address. If there is no listener associated with the original destination address, the // original destination address. If there is no listener associated with the original destination
// connection is handled by the listener that receives it. Defaults to false. // address, the connection is handled by the listener that receives it. Defaults to false.
google.protobuf.BoolValue use_original_dst = 4; google.protobuf.BoolValue use_original_dst = 4;
// Soft limit on size of the listeners new connection read and write buffers. // Soft limit on size of the listeners new connection read and write buffers.

@ -13,12 +13,13 @@ import "metrics.proto";
// data model as a standard to represent metrics information. // data model as a standard to represent metrics information.
service MetricsService { service MetricsService {
// Envoy will connect and send StreamMetricsMessage messages forever. It does not expect any // Envoy will connect and send StreamMetricsMessage messages forever. It does not expect any
// response to be sent as nothing would be done in the case of failure. // response to be sent as nothing would be done in the case of failure.
rpc StreamMetrics(stream StreamMetricsMessage) returns (StreamMetricsResponse) { rpc StreamMetrics(stream StreamMetricsMessage) returns (StreamMetricsResponse) {
} }
} }
message StreamMetricsResponse {} message StreamMetricsResponse {
}
message StreamMetricsMessage { message StreamMetricsMessage {
message Identifier { message Identifier {
@ -26,7 +27,7 @@ message StreamMetricsMessage {
Node node = 1; Node node = 1;
} }
// Identifier data effectively is a structured metadata. // Identifier data effectively is a structured metadata.
// As a performance optimization this will only be sent in the first message on the stream. // As a performance optimization this will only be sent in the first message on the stream.
Identifier identifier = 1; Identifier identifier = 1;

@ -20,12 +20,10 @@ import "validate/validate.proto";
// configurations. Each listener will bind its HTTP connection manager filter to // configurations. Each listener will bind its HTTP connection manager filter to
// a route table via this identifier. // a route table via this identifier.
service RouteDiscoveryService { service RouteDiscoveryService {
rpc StreamRoutes(stream DiscoveryRequest) rpc StreamRoutes(stream DiscoveryRequest) returns (stream DiscoveryResponse) {
returns (stream DiscoveryResponse) {
} }
rpc FetchRoutes(DiscoveryRequest) rpc FetchRoutes(DiscoveryRequest) returns (DiscoveryResponse) {
returns (DiscoveryResponse) {
option (google.api.http) = { option (google.api.http) = {
post: "/v2/discovery:routes" post: "/v2/discovery:routes"
body: "*" body: "*"
@ -57,7 +55,7 @@ message WeightedCluster {
} }
// Specifies one or more upstream clusters associated with the route. // Specifies one or more upstream clusters associated with the route.
repeated ClusterWeight clusters = 1 [(validate.rules).repeated.min_items = 1]; repeated ClusterWeight clusters = 1 [(validate.rules).repeated .min_items = 1];
// Specifies the runtime key prefix that should be used to construct the // Specifies the runtime key prefix that should be used to construct the
// runtime keys associated with each cluster. When the *runtime_key_prefix* is // runtime keys associated with each cluster. When the *runtime_key_prefix* is
@ -510,7 +508,8 @@ message RateLimit {
// ("source_cluster", "<local service cluster>") // ("source_cluster", "<local service cluster>")
// //
// <local service cluster> is derived from the :option:`--service-cluster` option. // <local service cluster> is derived from the :option:`--service-cluster` option.
message SourceCluster {} message SourceCluster {
}
// The following descriptor entry is appended to the descriptor: // The following descriptor entry is appended to the descriptor:
// //
@ -528,7 +527,8 @@ message RateLimit {
// chooses a cluster randomly from a set of clusters with attributed weight. // chooses a cluster randomly from a set of clusters with attributed weight.
// * :ref:`cluster_header <envoy_api_field_RouteAction.cluster_header>` indicates which // * :ref:`cluster_header <envoy_api_field_RouteAction.cluster_header>` indicates which
// header in the request contains the target cluster. // header in the request contains the target cluster.
message DestinationCluster {} message DestinationCluster {
}
// The following descriptor entry is appended when a header contains a key that matches the // The following descriptor entry is appended when a header contains a key that matches the
// *header_name*: // *header_name*:
@ -552,7 +552,8 @@ message RateLimit {
// .. code-block:: cpp // .. code-block:: cpp
// //
// ("remote_address", "<trusted address from x-forwarded-for>") // ("remote_address", "<trusted address from x-forwarded-for>")
message RemoteAddress {} message RemoteAddress {
}
// The following descriptor entry is appended to the descriptor: // The following descriptor entry is appended to the descriptor:
// //
@ -584,7 +585,7 @@ message RateLimit {
// specified headers in the config. A match will happen if all the // specified headers in the config. A match will happen if all the
// headers in the config are present in the request with the same values // headers in the config are present in the request with the same values
// (or based on presence if the value field is not in the config). // (or based on presence if the value field is not in the config).
repeated HeaderMatcher headers = 3 [(validate.rules).repeated.min_items = 1]; repeated HeaderMatcher headers = 3 [(validate.rules).repeated .min_items = 1];
} }
oneof action_specifier { oneof action_specifier {
@ -616,7 +617,7 @@ message RateLimit {
// cannot append a descriptor entry, no descriptor is generated for the // cannot append a descriptor entry, no descriptor is generated for the
// configuration. See :ref:`composing actions // configuration. See :ref:`composing actions
// <config_http_filters_rate_limit_composing_actions>` for additional documentation. // <config_http_filters_rate_limit_composing_actions>` for additional documentation.
repeated Action actions = 3 [(validate.rules).repeated.min_items = 1]; repeated Action actions = 3 [(validate.rules).repeated .min_items = 1];
} }
// .. attention:: // .. attention::
@ -659,8 +660,8 @@ message HeaderMatcher {
// The top level element in the routing configuration is a virtual host. Each virtual host has // The top level element in the routing configuration is a virtual host. Each virtual host has
// a logical name as well as a set of domains that get routed to it based on the incoming request's // a logical name as well as a set of domains that get routed to it based on the incoming request's
// host header. This allows a single listener to service multiple top level domain path trees. Once a // host header. This allows a single listener to service multiple top level domain path trees. Once
// virtual host is selected based on the domain, the routes are processed in order to see which // a virtual host is selected based on the domain, the routes are processed in order to see which
// upstream cluster to route to or whether to perform a redirect. // upstream cluster to route to or whether to perform a redirect.
message VirtualHost { message VirtualHost {
// The logical name of the virtual host. This is used when emitting certain // The logical name of the virtual host. This is used when emitting certain
@ -679,7 +680,7 @@ message VirtualHost {
// host/authority header. Only a single virtual host in the entire route // host/authority header. Only a single virtual host in the entire route
// configuration can match on *. A domain must be unique across all virtual // configuration can match on *. A domain must be unique across all virtual
// hosts or the config will fail to load. // hosts or the config will fail to load.
repeated string domains = 2 [(validate.rules).repeated.min_items = 1]; repeated string domains = 2 [(validate.rules).repeated .min_items = 1];
// The list of routes that will be matched, in order, for incoming requests. // The list of routes that will be matched, in order, for incoming requests.
// The first route that matches will be used. // The first route that matches will be used.

@ -4,7 +4,8 @@ package envoy.api.v2;
service RateLimitService { service RateLimitService {
// Determine whether rate limiting should take place. // Determine whether rate limiting should take place.
rpc ShouldRateLimit (RateLimitRequest) returns (RateLimitResponse) {} rpc ShouldRateLimit(RateLimitRequest) returns (RateLimitResponse) {
}
} }
// Main message for a rate limit request. The rate limit service is designed to be fully generic // Main message for a rate limit request. The rate limit service is designed to be fully generic
@ -22,8 +23,8 @@ message RateLimitRequest {
// processed by the service (see below). If any of the descriptors are over limit, the entire // processed by the service (see below). If any of the descriptors are over limit, the entire
// request is considered to be over limit. // request is considered to be over limit.
repeated RateLimitDescriptor descriptors = 2; repeated RateLimitDescriptor descriptors = 2;
// Rate limit requests can optionally specify the number of hits a request adds to the matched limit. If the // Rate limit requests can optionally specify the number of hits a request adds to the matched
// value is not set in the message, a request increases the matched limit by 1. // limit. If the value is not set in the message, a request increases the matched limit by 1.
uint32 hits_addend = 3; uint32 hits_addend = 3;
} }
@ -69,10 +70,10 @@ message RateLimitResponse {
message RateLimit { message RateLimit {
enum Unit { enum Unit {
UNKNOWN = 0; UNKNOWN = 0;
SECOND = 1; SECOND = 1;
MINUTE = 2; MINUTE = 2;
HOUR = 3; HOUR = 3;
DAY = 4; DAY = 4;
} }
uint32 requests_per_unit = 1; uint32 requests_per_unit = 1;

@ -12,13 +12,11 @@ import "validate/validate.proto";
// [#protodoc-title: Common TLS configuration] // [#protodoc-title: Common TLS configuration]
service SecretDiscoveryService{ service SecretDiscoveryService {
rpc StreamSecrets(stream DiscoveryRequest) rpc StreamSecrets(stream DiscoveryRequest) returns (stream DiscoveryResponse) {
returns (stream DiscoveryResponse) {
} }
rpc FetchSecrets(DiscoveryRequest) rpc FetchSecrets(DiscoveryRequest) returns (DiscoveryResponse) {
returns (DiscoveryResponse) {
option (google.api.http) = { option (google.api.http) = {
post: "/v2/discovery:secrets" post: "/v2/discovery:secrets"
body: "*" body: "*"
@ -128,25 +126,27 @@ message TlsSessionTicketKeys {
// //
// .. attention:: // .. attention::
// //
// Using this feature has serious security considerations and risks. Improper handling of keys may // Using this feature has serious security considerations and risks. Improper handling of keys
// result in loss of secrecy in connections, even if ciphers supporting perfect forward secrecy // may result in loss of secrecy in connections, even if ciphers supporting perfect forward
// are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some discussion. // secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
// To minimize the risk, you must: // discussion. To minimize the risk, you must:
// //
// * Keep the session ticket keys at least as secure as your TLS certificate private keys // * Keep the session ticket keys at least as secure as your TLS certificate private keys
// * Rotate session ticket keys at least daily, and preferably hourly // * Rotate session ticket keys at least daily, and preferably hourly
// * Always generate keys using a cryptographically-secure random data source // * Always generate keys using a cryptographically-secure random data source
repeated DataSource keys = 1 [(validate.rules).repeated.min_items = 1]; repeated DataSource keys = 1 [(validate.rules).repeated .min_items = 1];
} }
message CertificateValidationContext { message CertificateValidationContext {
// TLS certificate data containing certificate authority certificates to use in verifying // TLS certificate data containing certificate authority certificates to use in verifying
// a presented client side certificate. If not specified and a client certificate is presented it // a presented client side certificate. If not specified and a client certificate is presented it
// will not be verified. By default, a client certificate is optional, unless one of the additional // will not be verified. By default, a client certificate is optional, unless one of the
// options (:ref:`require_client_certificate <envoy_api_field_DownstreamTlsContext.require_client_certificate>`, // additional options (:ref:`require_client_certificate
// :ref:`verify_certificate_hash <envoy_api_field_CertificateValidationContext.verify_certificate_hash>`, or // <envoy_api_field_DownstreamTlsContext.require_client_certificate>`,
// :ref:`verify_subject_alt_name <envoy_api_field_CertificateValidationContext.verify_subject_alt_name>`) is also // :ref:`verify_certificate_hash
// specified. // <envoy_api_field_CertificateValidationContext.verify_certificate_hash>`, or
// :ref:`verify_subject_alt_name
// <envoy_api_field_CertificateValidationContext.verify_subject_alt_name>`) is also specified.
DataSource trusted_ca = 1; DataSource trusted_ca = 1;
// If specified, Envoy will verify (pin) the hex-encoded SHA-256 hash of // If specified, Envoy will verify (pin) the hex-encoded SHA-256 hash of
@ -182,7 +182,7 @@ message CommonTlsContext {
// //
// Although this is a list, currently only a single certificate is supported. This will be // Although this is a list, currently only a single certificate is supported. This will be
// relaxed in the future. // relaxed in the future.
repeated TlsCertificate tls_certificates = 2 [(validate.rules).repeated.max_items = 1]; repeated TlsCertificate tls_certificates = 2 [(validate.rules).repeated .max_items = 1];
// [#not-implemented-hide:] // [#not-implemented-hide:]
repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6; repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6;

@ -1,11 +1,18 @@
load("@com_google_protobuf//:protobuf.bzl", "py_proto_library") load("@com_google_protobuf//:protobuf.bzl", "py_proto_library")
load("@com_lyft_protoc_gen_validate//bazel:pgv_proto_library.bzl", "pgv_cc_proto_library") load("@com_lyft_protoc_gen_validate//bazel:pgv_proto_library.bzl", "pgv_cc_proto_library")
def _CcSuffix(d): _PY_SUFFIX="_py"
return d + "_cc" _CC_SUFFIX="_cc"
def _Suffix(d, suffix):
return d + suffix
def _LibrarySuffix(library_name, suffix):
# Transform //a/b/c to //a/b/c:c in preparation for suffix operation below.
if library_name.startswith("//") and ":" not in library_name:
library_name += ":" + Label(library_name).name
return _Suffix(library_name, suffix)
def _PySuffix(d):
return d + "_py"
# TODO(htuch): has_services is currently ignored but will in future support # TODO(htuch): has_services is currently ignored but will in future support
# gRPC stub generation. # gRPC stub generation.
@ -14,11 +21,11 @@ def _PySuffix(d):
# https://github.com/bazelbuild/bazel/issues/2626 are resolved. # https://github.com/bazelbuild/bazel/issues/2626 are resolved.
def api_py_proto_library(name, srcs = [], deps = [], has_services = 0): def api_py_proto_library(name, srcs = [], deps = [], has_services = 0):
py_proto_library( py_proto_library(
name = _PySuffix(name), name = _Suffix(name, _PY_SUFFIX),
srcs = srcs, srcs = srcs,
default_runtime = "@com_google_protobuf//:protobuf_python", default_runtime = "@com_google_protobuf//:protobuf_python",
protoc = "@com_google_protobuf//:protoc", protoc = "@com_google_protobuf//:protoc",
deps = [_PySuffix(d) for d in deps] + [ deps = [_LibrarySuffix(d, _PY_SUFFIX) for d in deps] + [
"@com_lyft_protoc_gen_validate//validate:validate_py", "@com_lyft_protoc_gen_validate//validate:validate_py",
"@googleapis//:http_api_protos_py", "@googleapis//:http_api_protos_py",
], ],
@ -54,9 +61,9 @@ def api_proto_library(name, srcs = [], deps = [], has_services = 0, require_py =
# provider. Hopefully one day we can move to a model where this target and # provider. Hopefully one day we can move to a model where this target and
# the proto_library above are aligned. # the proto_library above are aligned.
pgv_cc_proto_library( pgv_cc_proto_library(
name = _CcSuffix(name), name = _Suffix(name, _CC_SUFFIX),
srcs = srcs, srcs = srcs,
deps = [_CcSuffix(d) for d in deps], deps = [_LibrarySuffix(d, _CC_SUFFIX) for d in deps],
external_deps = [ external_deps = [
"@com_google_protobuf//:cc_wkt_protos", "@com_google_protobuf//:cc_wkt_protos",
"@googleapis//:http_api_protos", "@googleapis//:http_api_protos",
@ -70,5 +77,5 @@ def api_cc_test(name, srcs, proto_deps):
native.cc_test( native.cc_test(
name = name, name = name,
srcs = srcs, srcs = srcs,
deps = [_CcSuffix(d) for d in proto_deps], deps = [_LibrarySuffix(d, _CC_SUFFIX) for d in proto_deps],
) )

@ -6,7 +6,6 @@ api_cc_test(
name = "build_test", name = "build_test",
srcs = ["build_test.cc"], srcs = ["build_test.cc"],
proto_deps = [ proto_deps = [
"//api/filter/accesslog:accesslog",
"//api:cds", "//api:cds",
"//api:discovery", "//api:discovery",
"//api:eds", "//api:eds",
@ -15,5 +14,6 @@ api_cc_test(
"//api:metrics", "//api:metrics",
"//api:rds", "//api:rds",
"//api:rls", "//api:rls",
"//api/filter/accesslog",
], ],
) )

@ -4,22 +4,22 @@
#include "google/protobuf/descriptor.h" #include "google/protobuf/descriptor.h"
// Basic C++ build/link validation for the v2 xDS APIs. // Basic C++ build/link validation for the v2 xDS APIs.
int main(int argc, char *argv[]) { int main(int argc, char* argv[]) {
const auto methods = { const auto methods = {
"envoy.api.v2.filter.accesslog.AccessLogService.StreamAccessLogs", "envoy.api.v2.filter.accesslog.AccessLogService.StreamAccessLogs",
"envoy.api.v2.AggregatedDiscoveryService.StreamAggregatedResources", "envoy.api.v2.AggregatedDiscoveryService.StreamAggregatedResources",
"envoy.api.v2.ClusterDiscoveryService.FetchClusters", "envoy.api.v2.ClusterDiscoveryService.FetchClusters",
"envoy.api.v2.ClusterDiscoveryService.StreamClusters", "envoy.api.v2.ClusterDiscoveryService.StreamClusters",
"envoy.api.v2.EndpointDiscoveryService.FetchEndpoints", "envoy.api.v2.EndpointDiscoveryService.FetchEndpoints",
"envoy.api.v2.EndpointDiscoveryService.StreamEndpoints", "envoy.api.v2.EndpointDiscoveryService.StreamEndpoints",
"envoy.api.v2.HealthDiscoveryService.FetchHealthCheck", "envoy.api.v2.HealthDiscoveryService.FetchHealthCheck",
"envoy.api.v2.HealthDiscoveryService.StreamHealthCheck", "envoy.api.v2.HealthDiscoveryService.StreamHealthCheck",
"envoy.api.v2.ListenerDiscoveryService.FetchListeners", "envoy.api.v2.ListenerDiscoveryService.FetchListeners",
"envoy.api.v2.ListenerDiscoveryService.StreamListeners", "envoy.api.v2.ListenerDiscoveryService.StreamListeners",
"envoy.api.v2.MetricsService.StreamMetrics", "envoy.api.v2.MetricsService.StreamMetrics",
"envoy.api.v2.RouteDiscoveryService.FetchRoutes", "envoy.api.v2.RouteDiscoveryService.FetchRoutes",
"envoy.api.v2.RouteDiscoveryService.StreamRoutes", "envoy.api.v2.RouteDiscoveryService.StreamRoutes",
"envoy.api.v2.RateLimitService.ShouldRateLimit", "envoy.api.v2.RateLimitService.ShouldRateLimit",
}; };
for (const auto& method : methods) { for (const auto& method : methods) {

@ -7,14 +7,13 @@
// from data-plane-api. // from data-plane-api.
// TODO(htuch): Switch to using real data-plane-api protos once we can support // TODO(htuch): Switch to using real data-plane-api protos once we can support
// the required field types. // the required field types.
int main(int argc, char *argv[]) { int main(int argc, char* argv[]) {
{ {
test::validate::Foo empty; test::validate::Foo empty;
std::string err; std::string err;
if (Validate(empty, &err)) { if (Validate(empty, &err)) {
std::cout << "Unexpected successful validation of empty proto." std::cout << "Unexpected successful validation of empty proto." << std::endl;
<< std::endl;
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }
@ -25,8 +24,7 @@ int main(int argc, char *argv[]) {
std::string err; std::string err;
if (!Validate(non_empty, &err)) { if (!Validate(non_empty, &err)) {
std::cout << "Unexpected failed validation of empty proto: " << err std::cout << "Unexpected failed validation of empty proto: " << err << std::endl;
<< std::endl;
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }

@ -3,9 +3,9 @@ licenses(["notice"]) # Apache 2
py_binary( py_binary(
name = "protodoc", name = "protodoc",
srcs = ["protodoc.py"], srcs = ["protodoc.py"],
visibility = ["//visibility:public"],
deps = [ deps = [
"@com_lyft_protoc_gen_validate//validate:validate_py",
"@com_google_protobuf//:protobuf_python", "@com_google_protobuf//:protobuf_python",
"@com_lyft_protoc_gen_validate//validate:validate_py",
], ],
visibility = ["//visibility:public"],
) )

Loading…
Cancel
Save