From a66448b203e3a4f8ebbea0a5b7beede5c25640f6 Mon Sep 17 00:00:00 2001 From: Kuat Date: Thu, 25 Jan 2018 14:02:16 -0800 Subject: [PATCH] Split base API package into sub-packages (#421) Signed-off-by: Kuat Yessenov --- api/BUILD | 371 ------------------ api/eds.proto | 278 ------------- bazel/api_build_system.bzl | 1 + ci/do_ci.sh | 2 +- docs/build.sh | 77 ++-- docs/root/api-v2/api.rst | 40 +- .../api-v2/{ => api/v2}/filter/filter.rst | 0 .../api-v2/{ => api/v2}/filter/http/http.rst | 0 .../{ => api/v2}/filter/network/network.rst | 0 docs/root/configuration/access_log.rst | 4 +- .../cluster_circuit_breakers.rst | 2 +- .../cluster_manager/cluster_manager.rst | 2 +- .../configuration/http_conn_man/headers.rst | 6 +- .../listener_filters/original_dst_filter.rst | 2 +- .../configuration/listeners/listeners.rst | 2 +- .../network_filters/echo_filter.rst | 2 +- .../configuration/overview/v2_overview.rst | 48 +-- docs/root/configuration/rate_limit.rst | 2 +- docs/root/configuration/runtime.rst | 2 +- docs/root/faq/sni.rst | 4 +- .../arch_overview/dynamic_configuration.rst | 2 +- .../intro/arch_overview/load_balancing.rst | 4 +- docs/root/intro/arch_overview/ssl.rst | 4 +- docs/root/intro/arch_overview/statistics.rst | 2 +- docs/root/intro/arch_overview/tracing.rst | 2 +- docs/root/intro/version_history.rst | 22 +- docs/root/operations/admin.rst | 2 +- docs/root/operations/cli.rst | 6 +- envoy/BUILD | 27 ++ envoy/api/v2/BUILD | 85 ++++ {api => envoy/api/v2}/address.proto | 0 envoy/api/v2/auth/BUILD | 38 ++ {api => envoy/api/v2/auth}/auth.proto | 3 +- api/sds.proto => envoy/api/v2/auth/cert.proto | 35 +- {api => envoy/api/v2}/base.proto | 8 +- envoy/api/v2/cluster/BUILD | 59 +++ envoy/api/v2/cluster/circuit_breaker.proto | 47 +++ .../api/v2/cluster/cluster.proto | 187 ++------- envoy/api/v2/cluster/outlier_detection.proto | 75 ++++ {api => envoy/api/v2}/config_source.proto | 2 +- envoy/api/v2/endpoint/BUILD | 45 +++ envoy/api/v2/endpoint/endpoint.proto | 97 +++++ envoy/api/v2/endpoint/load_report.proto | 96 +++++ {api => envoy/api/v2}/filter/BUILD | 0 {api => envoy/api/v2}/filter/README.md | 0 {api => envoy/api/v2}/filter/accesslog/BUILD | 7 +- .../api/v2}/filter/accesslog/accesslog.proto | 93 +---- {api => envoy/api/v2}/filter/fault.proto | 0 {api => envoy/api/v2}/filter/http/BUILD | 29 +- .../api/v2}/filter/http/buffer.proto | 0 .../api/v2}/filter/http/ext_authz.proto | 2 +- {api => envoy/api/v2}/filter/http/fault.proto | 6 +- {api => envoy/api/v2}/filter/http/gzip.proto | 0 .../api/v2}/filter/http/health_check.proto | 2 +- .../api/v2}/filter/http/ip_tagging.proto | 2 +- {api => envoy/api/v2}/filter/http/lua.proto | 0 .../api/v2}/filter/http/rate_limit.proto | 0 .../api/v2}/filter/http/router.proto | 3 +- .../api/v2}/filter/http/squash.proto | 0 .../api/v2}/filter/http/transcoder.proto | 0 {api => envoy/api/v2}/filter/network/BUILD | 36 +- .../v2}/filter/network/client_ssl_auth.proto | 2 +- .../api/v2}/filter/network/ext_authz.proto | 2 +- .../network/http_connection_manager.proto | 13 +- .../api/v2}/filter/network/mongo_proxy.proto | 2 +- .../api/v2}/filter/network/rate_limit.proto | 4 +- .../api/v2}/filter/network/redis_proxy.proto | 0 .../api/v2}/filter/network/tcp_proxy.proto | 15 +- {api => envoy/api/v2}/grpc_service.proto | 6 +- {api => envoy/api/v2}/health_check.proto | 0 envoy/api/v2/listener/BUILD | 23 ++ .../api/v2/listener/listener.proto | 58 +-- {api => envoy/api/v2}/protocol.proto | 0 envoy/api/v2/ratelimit/BUILD | 13 + envoy/api/v2/ratelimit/ratelimit.proto | 62 +++ envoy/api/v2/route/BUILD | 21 + .../api/v2/route/route.proto | 80 ++-- envoy/config/accesslog/v2/BUILD | 9 + envoy/config/accesslog/v2/als.proto | 42 ++ envoy/config/bootstrap/v2/BUILD | 37 ++ .../config/bootstrap/v2}/bootstrap.proto | 84 ++-- envoy/config/metrics/v2/BUILD | 35 ++ envoy/config/metrics/v2/metrics_service.proto | 19 + {api => envoy/config/metrics/v2}/stats.proto | 30 +- envoy/config/ratelimit/v2/BUILD | 19 + envoy/config/ratelimit/v2/rls.proto | 30 ++ envoy/config/trace/v2/BUILD | 19 + {api => envoy/config/trace/v2}/trace.proto | 23 +- envoy/service/accesslog/v2/BUILD | 12 + envoy/service/accesslog/v2/als.proto | 65 +++ {api/auth => envoy/service/auth/v2}/BUILD | 6 +- .../service/auth/v2}/external_auth.proto | 9 +- envoy/service/discovery/BUILD | 13 + envoy/service/discovery/v2/BUILD | 146 +++++++ envoy/service/discovery/v2/ads.proto | 22 ++ envoy/service/discovery/v2/cds.proto | 25 ++ .../service/discovery/v2/common.proto | 19 +- envoy/service/discovery/v2/eds.proto | 63 +++ {api => envoy/service/discovery/v2}/hds.proto | 24 +- envoy/service/discovery/v2/lds.proto | 28 ++ envoy/service/discovery/v2/rds.proto | 29 ++ envoy/service/discovery/v2/sds.proto | 24 ++ envoy/service/load_stats/BUILD | 7 + envoy/service/load_stats/v2/BUILD | 22 ++ envoy/service/load_stats/v2/lrs.proto | 67 ++++ envoy/service/metrics/BUILD | 7 + envoy/service/metrics/v2/BUILD | 15 + .../service/metrics/v2}/metrics_service.proto | 17 +- envoy/service/ratelimit/BUILD | 7 + envoy/service/ratelimit/v2/BUILD | 22 ++ {api => envoy/service/ratelimit/v2}/rls.proto | 63 +-- envoy/service/trace/v2/BUILD | 14 + .../service/trace/v2}/trace_service.proto | 14 +- test/build/BUILD | 37 +- test/build/build_test.cc | 28 +- test/build/go_build_test.go | 22 +- test/validate/BUILD | 38 +- test/validate/pgv_test.cc | 48 +-- tools/BUILD | 4 +- tools/generate_listeners.py | 6 +- tools/protodoc/protodoc.py | 11 +- 121 files changed, 2002 insertions(+), 1453 deletions(-) delete mode 100644 api/BUILD delete mode 100644 api/eds.proto rename docs/root/api-v2/{ => api/v2}/filter/filter.rst (100%) rename docs/root/api-v2/{ => api/v2}/filter/http/http.rst (100%) rename docs/root/api-v2/{ => api/v2}/filter/network/network.rst (100%) create mode 100644 envoy/BUILD create mode 100644 envoy/api/v2/BUILD rename {api => envoy/api/v2}/address.proto (100%) create mode 100644 envoy/api/v2/auth/BUILD rename {api => envoy/api/v2/auth}/auth.proto (94%) rename api/sds.proto => envoy/api/v2/auth/cert.proto (89%) rename {api => envoy/api/v2}/base.proto (98%) create mode 100644 envoy/api/v2/cluster/BUILD create mode 100644 envoy/api/v2/cluster/circuit_breaker.proto rename api/cds.proto => envoy/api/v2/cluster/cluster.proto (62%) create mode 100644 envoy/api/v2/cluster/outlier_detection.proto rename {api => envoy/api/v2}/config_source.proto (98%) create mode 100644 envoy/api/v2/endpoint/BUILD create mode 100644 envoy/api/v2/endpoint/endpoint.proto create mode 100644 envoy/api/v2/endpoint/load_report.proto rename {api => envoy/api/v2}/filter/BUILD (100%) rename {api => envoy/api/v2}/filter/README.md (100%) rename {api => envoy/api/v2}/filter/accesslog/BUILD (60%) rename {api => envoy/api/v2}/filter/accesslog/accesslog.proto (79%) rename {api => envoy/api/v2}/filter/fault.proto (100%) rename {api => envoy/api/v2}/filter/http/BUILD (64%) rename {api => envoy/api/v2}/filter/http/buffer.proto (100%) rename {api => envoy/api/v2}/filter/http/ext_authz.proto (95%) rename {api => envoy/api/v2}/filter/http/fault.proto (94%) rename {api => envoy/api/v2}/filter/http/gzip.proto (100%) rename {api => envoy/api/v2}/filter/http/health_check.proto (97%) rename {api => envoy/api/v2}/filter/http/ip_tagging.proto (96%) rename {api => envoy/api/v2}/filter/http/lua.proto (100%) rename {api => envoy/api/v2}/filter/http/rate_limit.proto (100%) rename {api => envoy/api/v2}/filter/http/router.proto (92%) rename {api => envoy/api/v2}/filter/http/squash.proto (100%) rename {api => envoy/api/v2}/filter/http/transcoder.proto (100%) rename {api => envoy/api/v2}/filter/network/BUILD (50%) rename {api => envoy/api/v2}/filter/network/client_ssl_auth.proto (97%) rename {api => envoy/api/v2}/filter/network/ext_authz.proto (95%) rename {api => envoy/api/v2}/filter/network/http_connection_manager.proto (97%) rename {api => envoy/api/v2}/filter/network/mongo_proxy.proto (95%) rename {api => envoy/api/v2}/filter/network/rate_limit.proto (84%) rename {api => envoy/api/v2}/filter/network/redis_proxy.proto (100%) rename {api => envoy/api/v2}/filter/network/tcp_proxy.proto (90%) rename {api => envoy/api/v2}/grpc_service.proto (94%) rename {api => envoy/api/v2}/health_check.proto (100%) create mode 100644 envoy/api/v2/listener/BUILD rename api/lds.proto => envoy/api/v2/listener/listener.proto (82%) rename {api => envoy/api/v2}/protocol.proto (100%) create mode 100644 envoy/api/v2/ratelimit/BUILD create mode 100644 envoy/api/v2/ratelimit/ratelimit.proto create mode 100644 envoy/api/v2/route/BUILD rename api/rds.proto => envoy/api/v2/route/route.proto (92%) create mode 100644 envoy/config/accesslog/v2/BUILD create mode 100644 envoy/config/accesslog/v2/als.proto create mode 100644 envoy/config/bootstrap/v2/BUILD rename {api => envoy/config/bootstrap/v2}/bootstrap.proto (78%) create mode 100644 envoy/config/metrics/v2/BUILD create mode 100644 envoy/config/metrics/v2/metrics_service.proto rename {api => envoy/config/metrics/v2}/stats.proto (84%) create mode 100644 envoy/config/ratelimit/v2/BUILD create mode 100644 envoy/config/ratelimit/v2/rls.proto create mode 100644 envoy/config/trace/v2/BUILD rename {api => envoy/config/trace/v2}/trace.proto (74%) create mode 100644 envoy/service/accesslog/v2/BUILD create mode 100644 envoy/service/accesslog/v2/als.proto rename {api/auth => envoy/service/auth/v2}/BUILD (50%) rename {api/auth => envoy/service/auth/v2}/external_auth.proto (98%) create mode 100644 envoy/service/discovery/BUILD create mode 100644 envoy/service/discovery/v2/BUILD create mode 100644 envoy/service/discovery/v2/ads.proto create mode 100644 envoy/service/discovery/v2/cds.proto rename api/discovery.proto => envoy/service/discovery/v2/common.proto (84%) create mode 100644 envoy/service/discovery/v2/eds.proto rename {api => envoy/service/discovery/v2}/hds.proto (88%) create mode 100644 envoy/service/discovery/v2/lds.proto create mode 100644 envoy/service/discovery/v2/rds.proto create mode 100644 envoy/service/discovery/v2/sds.proto create mode 100644 envoy/service/load_stats/BUILD create mode 100644 envoy/service/load_stats/v2/BUILD create mode 100644 envoy/service/load_stats/v2/lrs.proto create mode 100644 envoy/service/metrics/BUILD create mode 100644 envoy/service/metrics/v2/BUILD rename {api => envoy/service/metrics/v2}/metrics_service.proto (65%) create mode 100644 envoy/service/ratelimit/BUILD create mode 100644 envoy/service/ratelimit/v2/BUILD rename {api => envoy/service/ratelimit/v2}/rls.proto (56%) create mode 100644 envoy/service/trace/v2/BUILD rename {api => envoy/service/trace/v2}/trace_service.proto (75%) diff --git a/api/BUILD b/api/BUILD deleted file mode 100644 index 5f61aa11..00000000 --- a/api/BUILD +++ /dev/null @@ -1,371 +0,0 @@ -load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library", "api_go_grpc_library") - -licenses(["notice"]) # Apache 2 - -api_proto_library( - name = "address", - srcs = ["address.proto"], -) - -api_go_proto_library( - name = "address", - proto = ":address", -) - -api_proto_library( - name = "base", - srcs = ["base.proto"], - deps = [":address"], -) - -api_go_proto_library( - name = "base", - proto = ":base", - deps = [":address_go_proto"], -) - -api_proto_library( - name = "bootstrap", - srcs = ["bootstrap.proto"], - deps = [ - ":address", - ":base", - ":cds", - ":config_source", - ":grpc_service", - ":lds", - ":sds", - ":stats", - ":trace", - ], -) - -api_go_proto_library( - name = "bootstrap", - proto = ":bootstrap", - deps = [ - ":address_go_proto", - ":base_go_proto", - ":cds_go_grpc", - ":config_source_go_proto", - ":grpc_service_go_proto", - ":lds_go_grpc", - ":sds_go_grpc", - ":stats_go_proto", - ":trace_go_proto", - ], -) - -api_proto_library( - name = "health_check", - srcs = ["health_check.proto"], - deps = [":base"], -) - -api_go_proto_library( - name = "health_check", - proto = ":health_check", - deps = [":base_go_proto"], -) - -api_proto_library( - name = "cds", - srcs = ["cds.proto"], - has_services = 1, - deps = [ - ":address", - ":base", - ":config_source", - ":discovery", - ":health_check", - ":protocol", - ":sds", - ], -) - -api_go_grpc_library( - name = "cds", - proto = ":cds", - deps = [ - ":address_go_proto", - ":base_go_proto", - ":config_source_go_proto", - ":discovery_go_grpc", - ":health_check_go_proto", - ":protocol_go_proto", - ":sds_go_grpc", - ], -) - -api_proto_library( - name = "config_source", - srcs = ["config_source.proto"], - deps = [ - ":base", - ":grpc_service", - ], -) - -api_go_proto_library( - name = "config_source", - proto = ":config_source", - deps = [ - ":base_go_proto", - ":grpc_service_go_proto", - ], -) - -api_proto_library( - name = "discovery", - srcs = ["discovery.proto"], - has_services = 1, - deps = [":base"], -) - -api_go_grpc_library( - name = "discovery", - proto = ":discovery", - deps = [":base_go_proto"], -) - -api_proto_library( - name = "eds", - srcs = ["eds.proto"], - has_services = 1, - deps = [ - ":address", - ":base", - ":discovery", - ":health_check", - ], -) - -api_go_grpc_library( - name = "eds", - proto = ":eds", - deps = [ - ":address_go_proto", - ":base_go_proto", - ":discovery_go_grpc", - ":health_check_go_proto", - ], -) - -api_proto_library( - name = "grpc_service", - srcs = ["grpc_service.proto"], - deps = [":base"], -) - -api_go_proto_library( - name = "grpc_service", - proto = ":grpc_service", - deps = [":base_go_proto"], -) - -api_proto_library( - name = "hds", - srcs = ["hds.proto"], - has_services = 1, - deps = [ - ":base", - ":health_check", - ], -) - -api_go_grpc_library( - name = "hds", - proto = ":hds", - deps = [ - ":base_go_proto", - ":health_check_go_proto", - ], -) - -api_proto_library( - name = "lds", - srcs = ["lds.proto"], - has_services = 1, - deps = [ - ":address", - ":base", - ":discovery", - ":sds", - ], -) - -api_go_grpc_library( - name = "lds", - proto = ":lds", - deps = [ - ":address_go_proto", - ":base_go_proto", - ":discovery_go_grpc", - ":sds_go_grpc", - ], -) - -api_proto_library( - name = "metrics", - srcs = ["metrics_service.proto"], - has_services = 1, - require_py = 0, - deps = [ - ":base", - ":grpc_service", - "@promotheus_metrics_model//:client_model", - ], -) - -api_proto_library( - name = "protocol", - srcs = ["protocol.proto"], -) - -api_go_proto_library( - name = "protocol", - proto = ":protocol", -) - -api_proto_library( - name = "rls", - srcs = ["rls.proto"], - has_services = 1, -) - -api_go_grpc_library( - name = "rls", - proto = ":rls", -) - -api_proto_library( - name = "rds", - srcs = ["rds.proto"], - has_services = 1, - deps = [ - ":auth", - ":base", - ":discovery", - ], -) - -api_go_grpc_library( - name = "rds", - proto = ":rds", - deps = [ - ":auth_go_proto", - ":base_go_proto", - ":discovery_go_grpc", - ], -) - -api_proto_library( - name = "sds", - srcs = ["sds.proto"], - has_services = 1, - deps = [ - ":base", - ":config_source", - ":discovery", - ], -) - -api_go_grpc_library( - name = "sds", - proto = ":sds", - deps = [ - ":base_go_proto", - ":config_source_go_proto", - ":discovery_go_grpc", - ], -) - -api_proto_library( - name = "stats", - srcs = ["stats.proto"], - deps = [ - ":address", - ], -) - -api_go_proto_library( - name = "stats", - proto = ":stats", - deps = [ - ":address_go_proto", - ], -) - -api_proto_library( - name = "trace", - srcs = ["trace.proto"], -) - -api_go_proto_library( - name = "trace", - proto = ":trace", -) - -api_proto_library( - name = "auth", - srcs = ["auth.proto"], - deps = [ - ":sds", - ], -) - -api_go_proto_library( - name = "auth", - proto = ":auth", - deps = [ - "//api:address_go_proto", - "//api:sds_go_grpc", - "@googleapis//:rpc_status_go_proto", - ], -) - -api_proto_library( - name = "trace_service", - srcs = ["trace_service.proto"], - has_services = 1, - require_py = 0, - deps = [ - ":base", - ":grpc_service", - "@io_opencensus_trace//:trace_model", - ], -) - -# TODO(htuch): Grow this to cover everything we want to generate docs for, so we can just invoke -# bazel build //api --aspects tools/protodoc/protodoc.bzl%proto_doc_aspect --output_groups=rst -proto_library( - name = "api", - deps = [ - ":bootstrap", - ":cds", - ":eds", - ":lds", - ":metrics", - ":protocol", - ":rds", - ":rls", - "//api/filter/accesslog", - "//api/filter/http:buffer", - "//api/filter/http:ext_authz", - "//api/filter/http:fault", - "//api/filter/http:gzip", - "//api/filter/http:health_check", - "//api/filter/http:lua", - "//api/filter/http:rate_limit", - "//api/filter/http:router", - "//api/filter/http:squash", - "//api/filter/http:transcoder", - "//api/filter/network:client_ssl_auth", - "//api/filter/network:ext_authz", - "//api/filter/network:http_connection_manager", - "//api/filter/network:mongo_proxy", - "//api/filter/network:rate_limit", - "//api/filter/network:redis_proxy", - "//api/filter/network:tcp_proxy", - ], -) diff --git a/api/eds.proto b/api/eds.proto deleted file mode 100644 index 7b25d00d..00000000 --- a/api/eds.proto +++ /dev/null @@ -1,278 +0,0 @@ -syntax = "proto3"; - -package envoy.api.v2; - -import "api/base.proto"; -import "api/discovery.proto"; -import "api/health_check.proto"; - -import "google/api/annotations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; - -import "validate/validate.proto"; - -// [#protodoc-title: Endpoints and EDS] - -service EndpointDiscoveryService { - // The resource_names field in DiscoveryRequest specifies a list of clusters - // to subscribe to updates for. - rpc StreamEndpoints(stream DiscoveryRequest) returns (stream DiscoveryResponse) { - } - - rpc FetchEndpoints(DiscoveryRequest) returns (DiscoveryResponse) { - option (google.api.http) = { - post: "/v2/discovery:endpoints" - body: "*" - }; - } - - // Advanced API to allow for multi-dimensional load balancing by remote - // server. For receiving LB assignments, the steps are: - // 1, The management server is configured with per cluster/zone/load metric - // capacity configuration. The capacity configuration definition is - // outside of the scope of this document. - // 2. Envoy issues a standard {Stream,Fetch}Endpoints request for the clusters - // to balance. - // - // Independently, Envoy will initiate a StreamLoadStats bidi stream with a - // management server: - // 1. Once a connection establishes, the management server publishes a - // LoadStatsResponse for all clusters it is interested in learning load - // stats about. - // 2. For each cluster, Envoy load balances incoming traffic to upstream hosts - // based on per-zone weights and/or per-instance weights (if specified) - // based on intra-zone LbPolicy. This information comes from the above - // {Stream,Fetch}Endpoints. - // 3. When upstream hosts reply, they optionally add header with ASCII representation of EndpointLoadMetricStats. - // 4. Envoy aggregates load reports over the period of time given to it in - // LoadStatsResponse.load_reporting_interval. This includes aggregation - // stats Envoy maintains by itself (total_requests, rpc_errors etc.) as - // well as load metrics from upstream hosts. - // 5. When the timer of load_reporting_interval expires, Envoy sends new - // LoadStatsRequest filled with load reports for each cluster. - // 6. The management server uses the load reports from all reported Envoys - // from around the world, computes global assignment and prepares traffic - // assignment destined for each zone Envoys are located in. Goto 2. - rpc StreamLoadStats(stream LoadStatsRequest) returns (stream LoadStatsResponse) { - } -} - -// An Endpoint that Envoy can route traffic to. -message LbEndpoint { - // Upstream host identifier - Endpoint endpoint = 1; - - // [#not-implemented-hide:] Optional health status when known and supplied by - // EDS server. - HealthStatus health_status = 2; - - // The endpoint metadata specifies values that may be used by the load - // balancer to select endpoints in a cluster for a given request. The filter - // name should be specified as *envoy.lb*. An example boolean key-value pair - // is *canary*, providing the optional canary status of the upstream host. - // This may be matched against in a route's ForwardAction metadata_match field - // to subset the endpoints considered in cluster load balancing. - Metadata metadata = 3; - - // The optional load balancing weight of the upstream host, in the range 1 - - // 128. Envoy uses the load balancing weight in some of the built in load - // balancers. The load balancing weight for an endpoint is divided by the sum - // of the weights of all endpoints in the endpoint's locality to produce a - // percentage of traffic for the endpoint. This percentage is then further - // weighted by the endpoint's locality's load balancing weight from - // LocalityLbEndpoints. If unspecified, each host is presumed to have equal - // weight in a locality. - // - // .. attention:: - // - // The limit of 128 is somewhat arbitrary, but is applied due to performance - // concerns with the current implementation and can be removed when - // `this issue `_ is fixed. - google.protobuf.UInt32Value load_balancing_weight = 4 - [(validate.rules).uint32 = {gte: 1, lte: 128}]; -} - -// A group of endpoints belonging to a Locality. -// One can have multiple LocalityLbEndpoints for a locality, but this is -// generally only done if the different groups need to have different load -// balancing weights or different priorities. -message LocalityLbEndpoints { - // Identifies location of where the upstream hosts run. - Locality locality = 1; - - // The group of endpoints belonging to the locality specified. - repeated LbEndpoint lb_endpoints = 2; - - // Optional: Per priority/region/zone/sub_zone weight - range 1-128. The load - // balancing weight for a locality is divided by the sum of the weights of all - // localities at the same priority level to produce the effective percentage - // of traffic for the locality. - // - // Weights must be specified for either all localities in a given priority - // level or none. - // - // If unspecified, each locality is presumed to have equal weight in a - // cluster. - // - // .. attention:: - // - // The limit of 128 is somewhat arbitrary, but is applied due to performance - // concerns with the current implementation and can be removed when - // `this issue `_ is fixed. - google.protobuf.UInt32Value load_balancing_weight = 3 - [(validate.rules).uint32 = {gte: 1, lte: 128}]; - - // Optional: the priority for this LocalityLbEndpoints. If unspecified this will - // default to the highest priority (0). - // - // Under usual circumstances, Envoy will only select endpoints for the highest - // priority (0). In the event all endpoints for a particular priority are - // unavailable/unhealthy, Envoy will fail over to selecting endpoints for the - // next highest priority group. - // - // Priorities should range from 0 (highest) to N (lowest) without skipping. - uint32 priority = 5; -} - -// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. -message EndpointLoadMetricStats { - // Name of the metric; may be empty. - string metric_name = 1; - - // Number of calls that finished and included this metric. - uint64 num_requests_finished_with_metric = 2; - - // Sum of metric values across all calls that finished with this metric for - // load_reporting_interval. - double total_metric_value = 3; -} - -// These are stats Envoy reports to GLB every so often. Report frequency is -// defined by -// :ref:`LoadStatsResponse.load_reporting_interval`. -// Stats per upstream region/zone and optionally per subzone. -// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. -message UpstreamLocalityStats { - // Name of zone, region and optionally endpoint group these metrics were - // collected from. Zone and region names could be empty if unknown. - Locality locality = 1; - - // The total number of requests sent by this Envoy since the last report. A - // single HTTP or gRPC request or stream is counted as one request. A TCP - // connection is also treated as one request. There is no explicit - // total_requests field below for a locality, but it may be inferred from: - // - // .. code-block:: none - // - // total_requests = total_successful_requests + total_requests_in_progress + - // total_error_requests - // - // The total number of requests successfully completed by the endpoints in the - // locality. These include non-5xx responses for HTTP, where errors - // originate at the client and the endpoint responded successfuly. For gRPC, - // the grpc-status values are those not covered by total_error_requests below. - uint64 total_successful_requests = 2; - - // The total number of unfinished requests - uint64 total_requests_in_progress = 3; - - // The total number of requests that failed due to errors at the endpoint. - // For HTTP these are responses with 5xx status codes and for gRPC the - // grpc-status values: - // - // - DeadlineExceeded - // - Unimplemented - // - Internal - // - Unavailable - // - Unknown - // - DataLoss - uint64 total_error_requests = 4; - - // Stats for multi-dimensional load balancing. - repeated EndpointLoadMetricStats load_metric_stats = 5; - - // [#not-implemented-hide:] The priority of the endpoint group these metrics - // were collected from. - uint32 priority = 6; -} - -// Per cluster load stats. Envoy reports these stats a management server in a -// :ref:`LoadStatsRequest` -// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. -message ClusterStats { - // The name of the cluster. - string cluster_name = 1 [(validate.rules).string.min_bytes = 1]; - - // Need at least one. - repeated UpstreamLocalityStats upstream_locality_stats = 2 - [(validate.rules).repeated .min_items = 1]; - - // Cluster-level stats such as total_successful_requests may be computed by - // summing upstream_locality_stats. In addition, below there are additional - // cluster-wide stats. The following total_requests equality holds at the - // cluster-level: - // - // .. code-block:: none - // - // sum_locality(total_successful_requests) + sum_locality(total_requests_in_progress) + - // sum_locality(total_error_requests) + total_dropped_requests` - // - // The total number of dropped requests. This covers requests - // deliberately dropped by the drop_overload policy and circuit breaking. - uint64 total_dropped_requests = 3; -} - -// A load report Envoy sends to the management server. -// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. -message LoadStatsRequest { - // Node identifier for Envoy instance. - Node node = 1; - - // A list of load stats to report. - repeated ClusterStats cluster_stats = 2; -} - -// Each route from RDS will map to a single cluster or traffic split across -// clusters using weights expressed in the RDS WeightedCluster. -// -// With EDS, each cluster is treated independently from a LB perspective, with -// LB taking place between the Localities within a cluster and at a finer -// granularity between the hosts within a locality. For a given cluster, the -// effective weight of a host is its load_balancing_weight multiplied by the -// load_balancing_weight of its Locality. -message ClusterLoadAssignment { - // Name of the cluster. This will be the :ref:`service_name - // ` value if specified - // in the cluster :ref:`EdsClusterConfig - // `. - string cluster_name = 1 [(validate.rules).string.min_bytes = 1]; - - // List of endpoints to load balance to. - repeated LocalityLbEndpoints endpoints = 2; - - // Load balancing policy settings. - message Policy { - // Percentage of traffic (0-100) that should be dropped. This - // action allows protection of upstream hosts should they unable to - // recover from an outage or should they be unable to autoscale and hence - // overall incoming traffic volume need to be trimmed to protect them. - // [#v2-api-diff: This is known as maintenance mode in v1.] - double drop_overload = 1 [(validate.rules).double = {gte: 0, lte: 100}]; - } - - // Load balancing policy settings. - Policy policy = 4; -} - -// The management server sends envoy a LoadStatsResponse with all clusters it -// is interested in learning load stats about. -// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. -message LoadStatsResponse { - // Clusters to report stats for. - repeated string clusters = 1 [(validate.rules).repeated .min_items = 1]; - - // The interval of time to collect stats. The default is 10 seconds. - google.protobuf.Duration load_reporting_interval = 2; -} diff --git a/bazel/api_build_system.bzl b/bazel/api_build_system.bzl index 89a6ecb6..a8c4bca8 100644 --- a/bazel/api_build_system.bzl +++ b/bazel/api_build_system.bzl @@ -51,6 +51,7 @@ def api_go_proto_library(name, proto, deps = []): "@com_github_golang_protobuf//ptypes/struct:go_default_library", "@com_github_golang_protobuf//ptypes/timestamp:go_default_library", "@com_github_golang_protobuf//ptypes/wrappers:go_default_library", + "@com_github_golang_protobuf//ptypes/any:go_default_library", "@com_lyft_protoc_gen_validate//validate:go_default_library", ] ) diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 069b708d..61d6194d 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -15,7 +15,7 @@ echo "building using ${NUM_CPUS} CPUs" if [[ "$1" == "bazel.test" ]]; then echo "bazel building and testing..." - bazel --batch build ${BAZEL_BUILD_OPTIONS} //api/... + bazel --batch build ${BAZEL_BUILD_OPTIONS} //envoy/... bazel --batch test ${BAZEL_TEST_OPTIONS} //test/... //tools/... exit 0 elif [[ "$1" == "bazel.docs" ]]; then diff --git a/docs/build.sh b/docs/build.sh index ba9b97bc..ea2c58da 100755 --- a/docs/build.sh +++ b/docs/build.sh @@ -20,47 +20,50 @@ fi source "${BUILD_DIR}"/venv/bin/activate -bazel --batch build ${BAZEL_BUILD_OPTIONS} //api --aspects \ +bazel --batch build ${BAZEL_BUILD_OPTIONS} //envoy --aspects \ tools/protodoc/protodoc.bzl%proto_doc_aspect --output_groups=rst --action_env=CPROFILE_ENABLED # These are the protos we want to put in docs, this list will grow. # TODO(htuch): Factor this out of this script. PROTO_RST=" - /api/address/api/address.proto.rst - /api/base/api/base.proto.rst - /api/bootstrap/api/bootstrap.proto.rst - /api/cds/api/cds.proto.rst - /api/config_source/api/config_source.proto.rst - /api/discovery/api/discovery.proto.rst - /api/eds/api/eds.proto.rst - /api/grpc_service/api/grpc_service.proto.rst - /api/health_check/api/health_check.proto.rst - /api/lds/api/lds.proto.rst - /api/metrics/api/metrics_service.proto.rst - /api/rds/api/rds.proto.rst - /api/rls/api/rls.proto.rst - /api/sds/api/sds.proto.rst - /api/stats/api/stats.proto.rst - /api/trace/api/trace.proto.rst - /api/filter/accesslog/accesslog/api/filter/accesslog/accesslog.proto.rst - /api/filter/fault/api/filter/fault.proto.rst - /api/filter/http/buffer/api/filter/http/buffer.proto.rst - /api/filter/http/fault/api/filter/http/fault.proto.rst - /api/filter/http/gzip/api/filter/http/gzip.proto.rst - /api/filter/http/health_check/api/filter/http/health_check.proto.rst - /api/filter/http/lua/api/filter/http/lua.proto.rst - /api/filter/http/rate_limit/api/filter/http/rate_limit.proto.rst - /api/filter/http/router/api/filter/http/router.proto.rst - /api/filter/http/squash/api/filter/http/squash.proto.rst - /api/filter/http/transcoder/api/filter/http/transcoder.proto.rst - /api/filter/network/client_ssl_auth/api/filter/network/client_ssl_auth.proto.rst - /api/filter/network/http_connection_manager/api/filter/network/http_connection_manager.proto.rst - /api/filter/network/mongo_proxy/api/filter/network/mongo_proxy.proto.rst - /api/filter/network/rate_limit/api/filter/network/rate_limit.proto.rst - /api/filter/network/redis_proxy/api/filter/network/redis_proxy.proto.rst - /api/filter/network/tcp_proxy/api/filter/network/tcp_proxy.proto.rst - /api/protocol/api/protocol.proto.rst - /api/rds/api/rds.proto.rst + /envoy/api/v2/address/envoy/api/v2/address.proto.rst + /envoy/api/v2/base/envoy/api/v2/base.proto.rst + /envoy/api/v2/auth/cert/envoy/api/v2/auth/cert.proto.rst + /envoy/api/v2/endpoint/endpoint/envoy/api/v2/endpoint/endpoint.proto.rst + /envoy/api/v2/cluster/cluster/envoy/api/v2/cluster/cluster.proto.rst + /envoy/api/v2/cluster/outlier_detection/envoy/api/v2/cluster/outlier_detection.proto.rst + /envoy/api/v2/cluster/circuit_breaker/envoy/api/v2/cluster/circuit_breaker.proto.rst + /envoy/api/v2/route/route/envoy/api/v2/route/route.proto.rst + /envoy/api/v2/listener/listener/envoy/api/v2/listener/listener.proto.rst + /envoy/api/v2/config_source/envoy/api/v2/config_source.proto.rst + /envoy/api/v2/grpc_service/envoy/api/v2/grpc_service.proto.rst + /envoy/api/v2/health_check/envoy/api/v2/health_check.proto.rst + /envoy/api/v2/protocol/envoy/api/v2/protocol.proto.rst + /envoy/api/v2/ratelimit/ratelimit/envoy/api/v2/ratelimit/ratelimit.proto.rst + /envoy/config/bootstrap/v2/bootstrap/envoy/config/bootstrap/v2/bootstrap.proto.rst + /envoy/service/discovery/v2/common/envoy/service/discovery/v2/common.proto.rst + /envoy/service/discovery/v2/eds/envoy/service/discovery/v2/eds.proto.rst + /envoy/config/ratelimit/v2/rls/envoy/config/ratelimit/v2/rls.proto.rst + /envoy/config/metrics/v2/metrics_service/envoy/config/metrics/v2/metrics_service.proto.rst + /envoy/config/metrics/v2/stats/envoy/config/metrics/v2/stats.proto.rst + /envoy/config/trace/v2/trace/envoy/config/trace/v2/trace.proto.rst + /envoy/api/v2/filter/accesslog/accesslog/envoy/api/v2/filter/accesslog/accesslog.proto.rst + /envoy/api/v2/filter/fault/envoy/api/v2/filter/fault.proto.rst + /envoy/api/v2/filter/http/buffer/envoy/api/v2/filter/http/buffer.proto.rst + /envoy/api/v2/filter/http/fault/envoy/api/v2/filter/http/fault.proto.rst + /envoy/api/v2/filter/http/gzip/envoy/api/v2/filter/http/gzip.proto.rst + /envoy/api/v2/filter/http/health_check/envoy/api/v2/filter/http/health_check.proto.rst + /envoy/api/v2/filter/http/lua/envoy/api/v2/filter/http/lua.proto.rst + /envoy/api/v2/filter/http/rate_limit/envoy/api/v2/filter/http/rate_limit.proto.rst + /envoy/api/v2/filter/http/router/envoy/api/v2/filter/http/router.proto.rst + /envoy/api/v2/filter/http/squash/envoy/api/v2/filter/http/squash.proto.rst + /envoy/api/v2/filter/http/transcoder/envoy/api/v2/filter/http/transcoder.proto.rst + /envoy/api/v2/filter/network/client_ssl_auth/envoy/api/v2/filter/network/client_ssl_auth.proto.rst + /envoy/api/v2/filter/network/http_connection_manager/envoy/api/v2/filter/network/http_connection_manager.proto.rst + /envoy/api/v2/filter/network/mongo_proxy/envoy/api/v2/filter/network/mongo_proxy.proto.rst + /envoy/api/v2/filter/network/rate_limit/envoy/api/v2/filter/network/rate_limit.proto.rst + /envoy/api/v2/filter/network/redis_proxy/envoy/api/v2/filter/network/redis_proxy.proto.rst + /envoy/api/v2/filter/network/tcp_proxy/envoy/api/v2/filter/network/tcp_proxy.proto.rst " # Dump all the generated RST so they can be added to PROTO_RST easily. @@ -69,7 +72,7 @@ find -L bazel-bin -name "*.proto.rst" # Only copy in the protos we care about and know how to deal with in protodoc. for p in $PROTO_RST do - DEST="${GENERATED_RST_DIR}/api-v2/$(sed -e 's#/api.*/api/##' <<< "$p")" + DEST="${GENERATED_RST_DIR}/api-v2/$(sed -e 's#/envoy\/.*/envoy/##' <<< "$p")" mkdir -p "$(dirname "${DEST}")" cp -f bazel-bin/"${p}" "$(dirname "${DEST}")" [ -n "${CPROFILE_ENABLED}" ] && cp -f bazel-bin/"${p}".profile "$(dirname "${DEST}")" diff --git a/docs/root/api-v2/api.rst b/docs/root/api-v2/api.rst index 4106a765..98f1b5d3 100644 --- a/docs/root/api-v2/api.rst +++ b/docs/root/api-v2/api.rst @@ -7,21 +7,25 @@ v2 API reference :glob: :maxdepth: 2 - bootstrap.proto - config_source.proto - grpc_service.proto - lds.proto - cds.proto - eds.proto - health_check.proto - rds.proto - sds.proto - stats.proto - metrics_service.proto - trace.proto - base.proto - address.proto - protocol.proto - discovery.proto - rls.proto - filter/filter + config/bootstrap/v2/bootstrap.proto + api/v2/config_source.proto + api/v2/grpc_service.proto + api/v2/listener/listener.proto + api/v2/cluster/cluster.proto + api/v2/cluster/outlier_detection.proto + api/v2/cluster/circuit_breaker.proto + api/v2/endpoint/endpoint.proto + service/discovery/v2/eds.proto + api/v2/health_check.proto + api/v2/route/route.proto + api/v2/auth/cert.proto + config/metrics/v2/stats.proto + config/metrics/v2/metrics_service.proto + config/trace/v2/trace.proto + api/v2/base.proto + api/v2/address.proto + api/v2/protocol.proto + service/discovery/v2/common.proto + api/v2/ratelimit/ratelimit.proto + config/ratelimit/v2/rls.proto + api/v2/filter/filter diff --git a/docs/root/api-v2/filter/filter.rst b/docs/root/api-v2/api/v2/filter/filter.rst similarity index 100% rename from docs/root/api-v2/filter/filter.rst rename to docs/root/api-v2/api/v2/filter/filter.rst diff --git a/docs/root/api-v2/filter/http/http.rst b/docs/root/api-v2/api/v2/filter/http/http.rst similarity index 100% rename from docs/root/api-v2/filter/http/http.rst rename to docs/root/api-v2/api/v2/filter/http/http.rst diff --git a/docs/root/api-v2/filter/network/network.rst b/docs/root/api-v2/api/v2/filter/network/network.rst similarity index 100% rename from docs/root/api-v2/filter/network/network.rst rename to docs/root/api-v2/api/v2/filter/network/network.rst diff --git a/docs/root/configuration/access_log.rst b/docs/root/configuration/access_log.rst index cf005d8c..26f8ad73 100644 --- a/docs/root/configuration/access_log.rst +++ b/docs/root/configuration/access_log.rst @@ -116,7 +116,7 @@ The following command operators are supported: .. note:: This may not be the physical remote address of the peer if the address has been inferred from - :ref:`proxy proto ` or :ref:`x-forwarded-for + :ref:`proxy proto ` or :ref:`x-forwarded-for `. %DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT% @@ -126,7 +126,7 @@ The following command operators are supported: .. note:: This may not be the physical remote address of the peer if the address has been inferred from - :ref:`proxy proto ` or :ref:`x-forwarded-for + :ref:`proxy proto ` or :ref:`x-forwarded-for `. %DOWNSTREAM_LOCAL_ADDRESS% diff --git a/docs/root/configuration/cluster_manager/cluster_circuit_breakers.rst b/docs/root/configuration/cluster_manager/cluster_circuit_breakers.rst index 8b1b137b..331d59b8 100644 --- a/docs/root/configuration/cluster_manager/cluster_circuit_breakers.rst +++ b/docs/root/configuration/cluster_manager/cluster_circuit_breakers.rst @@ -5,7 +5,7 @@ Circuit breaking * Circuit Breaking :ref:`architecture overview `. * :ref:`v1 API documentation `. -* :ref:`v2 API documentation `. +* :ref:`v2 API documentation `. Runtime ------- diff --git a/docs/root/configuration/cluster_manager/cluster_manager.rst b/docs/root/configuration/cluster_manager/cluster_manager.rst index e89afa58..d8fa6973 100644 --- a/docs/root/configuration/cluster_manager/cluster_manager.rst +++ b/docs/root/configuration/cluster_manager/cluster_manager.rst @@ -14,4 +14,4 @@ Cluster manager * Cluster manager :ref:`architecture overview ` * :ref:`v1 API reference ` -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` diff --git a/docs/root/configuration/http_conn_man/headers.rst b/docs/root/configuration/http_conn_man/headers.rst index ffb113bc..a4f4c3bb 100644 --- a/docs/root/configuration/http_conn_man/headers.rst +++ b/docs/root/configuration/http_conn_man/headers.rst @@ -283,7 +283,7 @@ Custom request/response headers Custom request/response headers can be added to a request/response that matches a specific route at the route, virtual host, and global route configuration level. See the relevant :ref:`v1 -` and :ref:`v2 ` API +` and :ref:`v2 ` API documentation. Headers are appended to requests/responses in the following order: route level headers, @@ -315,7 +315,7 @@ Supported variable names are: .. note:: This may not be the physical remote address of the peer if the address has been inferred from - :ref:`proxy proto ` or :ref:`x-forwarded-for + :ref:`proxy proto ` or :ref:`x-forwarded-for `. %PROTOCOL% @@ -323,7 +323,7 @@ Supported variable names are: :ref:`x-forwarded-proto ` request header. %UPSTREAM_METADATA(["namespace", "key", ...])% - Populates the header with :ref:`EDS endpoint metadata ` from the + Populates the header with ref:`EDS endpoint metadata ` from the upstream host selected by the router. Metadata may be selected from any namespace. In general, metadata values may be strings, numbers, booleans, lists, nested structures, or null. Upstream metadata values may be selected from nested structs by specifying multiple keys. Otherwise, diff --git a/docs/root/configuration/listener_filters/original_dst_filter.rst b/docs/root/configuration/listener_filters/original_dst_filter.rst index bae339eb..50aa7c1c 100644 --- a/docs/root/configuration/listener_filters/original_dst_filter.rst +++ b/docs/root/configuration/listener_filters/original_dst_filter.rst @@ -10,4 +10,4 @@ listening at. Furthermore, :ref:`an original destination cluster ` may be used to forward HTTP requests or TCP connections to the restored destination address. -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` diff --git a/docs/root/configuration/listeners/listeners.rst b/docs/root/configuration/listeners/listeners.rst index 947c7a8b..92032830 100644 --- a/docs/root/configuration/listeners/listeners.rst +++ b/docs/root/configuration/listeners/listeners.rst @@ -7,7 +7,7 @@ The top level Envoy configuration contains a list of :ref:`listeners ` -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` .. toctree:: :hidden: diff --git a/docs/root/configuration/network_filters/echo_filter.rst b/docs/root/configuration/network_filters/echo_filter.rst index e1b2199e..0073eeda 100644 --- a/docs/root/configuration/network_filters/echo_filter.rst +++ b/docs/root/configuration/network_filters/echo_filter.rst @@ -7,4 +7,4 @@ The echo is a trivial network filter mainly meant to demonstrate the network fil installed it will echo (write) all received data back to the connected downstream client. * :ref:`v1 API reference ` -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` diff --git a/docs/root/configuration/overview/v2_overview.rst b/docs/root/configuration/overview/v2_overview.rst index c24035c8..92fcce51 100644 --- a/docs/root/configuration/overview/v2_overview.rst +++ b/docs/root/configuration/overview/v2_overview.rst @@ -44,15 +44,15 @@ where the extension reflects the underlying v2 config representation. The to autodetect the config file version, but this option provides an enhanced debug experience when configuration parsing fails. -The :ref:`Bootstrap ` message is the root of the -configuration. A key concept in the :ref:`Bootstrap ` +The :ref:`Bootstrap ` message is the root of the +configuration. A key concept in the :ref:`Bootstrap ` message is the distinction between static and dynamic resouces. Resources such -as a :ref:`Listener ` or :ref:`Cluster -` may be supplied either statically in -:ref:`static_resources ` or have +as a :ref:`Listener ` or :ref:`Cluster +` may be supplied either statically in +:ref:`static_resources ` or have an xDS service such as :ref:`LDS ` or :ref:`CDS ` configured in -:ref:`dynamic_resources `. +:ref:`dynamic_resources `. Example ------- @@ -105,7 +105,7 @@ Mostly static with dynamic EDS A bootstrap config that continues from the above example with :ref:`dynamic endpoint discovery ` via an -:ref:`EDS` gRPC management server listening +:ref:`EDS` gRPC management server listening on 127.0.0.3:5678 is provided below: .. code-block:: yaml @@ -158,7 +158,7 @@ an otherwise completely dynamic configurations, some static resources need to be defined to point Envoy at its xDS management server(s). In the above example, the EDS management server could then return a proto encoding of a -:ref:`DiscoveryResponse `: +:ref:`DiscoveryResponse `: .. code-block:: yaml @@ -293,8 +293,8 @@ Management server A v2 xDS management server will implement the below endpoints as required for gRPC and/or REST serving. In both streaming gRPC and -REST-JSON cases, a :ref:`DiscoveryRequest ` is sent and a -:ref:`DiscoveryResponse ` received following the +REST-JSON cases, a :ref:`DiscoveryRequest ` is sent and a +:ref:`DiscoveryResponse ` received following the `xDS protocol `_. .. _v2_grpc_streaming_endpoints: @@ -316,8 +316,8 @@ for the service definition. This is used by Envoy as a client when cluster_names: [some_xds_cluster] is set in the :ref:`dynamic_resources -` of the :ref:`Bootstrap -` config. +` of the :ref:`Bootstrap +` config. .. http:post:: /envoy.api.v2.EndpointDiscoveryService/StreamEndpoints @@ -333,8 +333,8 @@ for the service definition. This is used by Envoy as a client when cluster_names: [some_xds_cluster] is set in the :ref:`eds_cluster_config -` field of the :ref:`Cluster -` config. +` field of the :ref:`Cluster +` config. .. http:post:: /envoy.api.v2.ListenerDiscoveryService/StreamListeners @@ -350,8 +350,8 @@ for the service definition. This is used by Envoy as a client when cluster_names: [some_xds_cluster] is set in the :ref:`dynamic_resources -` of the :ref:`Bootstrap -` config. +` of the :ref:`Bootstrap +` config. .. http:post:: /envoy.api.v2.RouteDiscoveryService/StreamRoutes @@ -388,8 +388,8 @@ for the service definition. This is used by Envoy as a client when cluster_names: [some_xds_cluster] is set in the :ref:`dynamic_resources -` of the :ref:`Bootstrap -` config. +` of the :ref:`Bootstrap +` config. .. http:post:: /v2/discovery:endpoints @@ -405,8 +405,8 @@ for the service definition. This is used by Envoy as a client when cluster_names: [some_xds_cluster] is set in the :ref:`eds_cluster_config -` field of the :ref:`Cluster -` config. +` field of the :ref:`Cluster +` config. .. http:post:: /v2/discovery:listeners @@ -422,8 +422,8 @@ for the service definition. This is used by Envoy as a client when cluster_names: [some_xds_cluster] is set in the :ref:`dynamic_resources -` of the :ref:`Bootstrap -` config. +` of the :ref:`Bootstrap +` config. .. http:post:: /v2/discovery:routes @@ -488,8 +488,8 @@ for the service definition. This is used by Envoy as a client when cluster_names: [some_ads_cluster] is set in the :ref:`dynamic_resources -` of the :ref:`Bootstrap -` config. +` of the :ref:`Bootstrap +` config. When this is set, any of the configuration sources :ref:`above ` can be set to use the ADS channel. For example, a LDS config could be changed from diff --git a/docs/root/configuration/rate_limit.rst b/docs/root/configuration/rate_limit.rst index b73dc40f..8dc5638a 100644 --- a/docs/root/configuration/rate_limit.rst +++ b/docs/root/configuration/rate_limit.rst @@ -8,7 +8,7 @@ limit service Envoy should talk to when it needs to make global rate limit decis limit service is configured, a "null" service will be used which will always return OK if called. * :ref:`v1 API reference ` -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` gRPC service IDL ---------------- diff --git a/docs/root/configuration/runtime.rst b/docs/root/configuration/runtime.rst index c9f5055d..1d1458c4 100644 --- a/docs/root/configuration/runtime.rst +++ b/docs/root/configuration/runtime.rst @@ -8,7 +8,7 @@ system tree that contains re-loadable configuration elements. If runtime is not provider is used which has the effect of using all defaults built into the code. * :ref:`v1 API reference ` -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` File system layout ------------------ diff --git a/docs/root/faq/sni.rst b/docs/root/faq/sni.rst index 78e4155d..21e1e500 100644 --- a/docs/root/faq/sni.rst +++ b/docs/root/faq/sni.rst @@ -7,10 +7,10 @@ How do I setup SNI? configuration/API `. The current implementation has the requirement that the :ref:`filters -` in every :ref:`FilterChain ` must +` in every :ref:`FilterChain ` must be identical. In a future release, this requirement will be relaxed so that SNI can be used to choose between completely different filter chains. :ref:`Domain name matching -` can still be used within the HTTP connection manager to +` can still be used within the HTTP connection manager to choose different routes. This is by far the most common use case for SNI. The following is a YAML example of the above requirement. diff --git a/docs/root/intro/arch_overview/dynamic_configuration.rst b/docs/root/intro/arch_overview/dynamic_configuration.rst index ceb4be0e..ccd2d03d 100644 --- a/docs/root/intro/arch_overview/dynamic_configuration.rst +++ b/docs/root/intro/arch_overview/dynamic_configuration.rst @@ -34,7 +34,7 @@ SDS/EDS only The :ref:`service discovery service (SDS) API ` provides a more advanced mechanism by which Envoy can discover members of an upstream cluster. SDS has been renamed to :ref:`Endpoint -Discovery Service (EDS)` in the +Discovery Service (EDS)` in the :ref:`v2 API `. Layered on top of a static configuration, SDS allows an Envoy deployment to circumvent the limitations of DNS (maximum records in a response, etc.) as well as consume more information used in load balancing and routing (e.g., diff --git a/docs/root/intro/arch_overview/load_balancing.rst b/docs/root/intro/arch_overview/load_balancing.rst index 6223162d..9a593341 100644 --- a/docs/root/intro/arch_overview/load_balancing.rst +++ b/docs/root/intro/arch_overview/load_balancing.rst @@ -97,7 +97,7 @@ Priority levels ------------------ During load balancing, Envoy will generally only consider hosts configured at the highest priority -level. For each EDS :ref:`LocalityLbEndpoints` an optional +level. For each EDS :ref:`LocalityLbEndpoints` an optional priority may also be specified. When endpoints at the highest priority level (P=0) are healthy, all traffic will land on endpoints in that priority level. As endpoints for the highest priority level become unhealthy, traffic will begin to trickle to lower priority levels. @@ -240,7 +240,7 @@ not be used with subsets because the upstream hosts are not known in advance. Su with zone aware routing, but be aware that the use of subsets may easily violate the minimum hosts condition described above. -If subsets are :ref:`configured ` and a route +If subsets are :ref:`configured ` and a route specifies no metadata or no subset matching the metadata exists, the subset load balancer initiates its fallback policy. The default policy is ``NO_ENDPOINT``, in which case the request fails as if the cluster had no hosts. Conversely, the ``ANY_ENDPOINT`` fallback policy load balances across all diff --git a/docs/root/intro/arch_overview/ssl.rst b/docs/root/intro/arch_overview/ssl.rst index 508795eb..234ccd4c 100644 --- a/docs/root/intro/arch_overview/ssl.rst +++ b/docs/root/intro/arch_overview/ssl.rst @@ -78,8 +78,8 @@ standard Debian installations. Common paths for system CA bundles on Linux and B * /usr/local/etc/ssl/cert.pem (FreeBSD) * /etc/ssl/cert.pem (OpenBSD) -See the reference for :ref:`UpstreamTlsContexts ` and -:ref:`DownstreamTlsContexts ` for other TLS options. +See the reference for :ref:`UpstreamTlsContexts ` and +:ref:`DownstreamTlsContexts ` for other TLS options. .. _arch_overview_ssl_auth_filter: diff --git a/docs/root/intro/arch_overview/statistics.rst b/docs/root/intro/arch_overview/statistics.rst index 83486752..9c4d1ba6 100644 --- a/docs/root/intro/arch_overview/statistics.rst +++ b/docs/root/intro/arch_overview/statistics.rst @@ -23,4 +23,4 @@ received. Note: what were previously referred to as timers have become histogram difference between the two representations was the units. * :ref:`v1 API reference `. -* :ref:`v2 API reference `. +* :ref:`v2 API reference `. diff --git a/docs/root/intro/arch_overview/tracing.rst b/docs/root/intro/arch_overview/tracing.rst index c6ed919c..a5294a56 100644 --- a/docs/root/intro/arch_overview/tracing.rst +++ b/docs/root/intro/arch_overview/tracing.rst @@ -102,6 +102,6 @@ request ID :ref:`config_http_conn_man_headers_x-request-id` (LightStep) or the trace ID configuration (Zipkin). See * :ref:`v1 API reference ` -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` for more information on how to setup tracing in Envoy. diff --git a/docs/root/intro/version_history.rst b/docs/root/intro/version_history.rst index 439d1f33..8881ed2f 100644 --- a/docs/root/intro/version_history.rst +++ b/docs/root/intro/version_history.rst @@ -20,11 +20,11 @@ Version history * http: end-to-end HTTP flow control is now complete across both connections, streams, and filters. * load balancer: added :ref:`subset load balancer `. * load balancer: added ring size and hash :ref:`configuration options - `. This used to be configurable via runtime. The runtime + `. This used to be configurable via runtime. The runtime configuration was deleted without deprecation as we are fairly certain no one is using it. * log: added the ability to optionally log to a file instead of stderr via the :option:`--log-path` option. -* listeners: added :ref:`drain_type ` option. +* listeners: added :ref:`drain_type ` option. * lua: added experimental :ref:`Lua filter `. * mongo filter: added :ref:`fault injection `. * mongo filter: added :ref:`"drain close" ` support. @@ -35,20 +35,20 @@ Version history production ready. * redis: added :ref:`"drain close" ` functionality. * router: added :ref:`x-envoy-overloaded ` support. -* router: added :ref:`regex ` route matching. +* router: added :ref:`regex ` route matching. * router: added :ref:`custom request headers ` for upstream requests. * router: added :ref:`downstream IP hashing - ` for HTTP ketama routing. -* router: added :ref:`cookie hashing `. + ` for HTTP ketama routing. +* router: added :ref:`cookie hashing `. * router: added :ref:`start_child_span ` option to create child span for egress calls. * router: added optional :ref:`upstream logs `. * router: added complete :ref:`custom append/override/remove support ` of request/response headers. * router: added support to :ref:`specify response code during redirect - `. -* router: added :ref:`configuration ` + `. +* router: added :ref:`configuration ` to return either a 404 or 503 if the upstream cluster does not exist. * runtime: added :ref:`comment capability `. * server: change default log level (:option:`-l`) to `info`. @@ -60,11 +60,11 @@ Version history * tcp proxy: enable use of :ref:`outlier detector `. * tls: added :ref:`SNI support `. * tls: added support for specifying :ref:`TLS session ticket keys - `. + `. * tls: allow configuration of the :ref:`min - ` and :ref:`max - ` TLS protocol versions. -* tracing: added :ref:`custom trace span decorators `. + ` and :ref:`max + ` TLS protocol versions. +* tracing: added :ref:`custom trace span decorators `. * Many small bug fixes and performance improvements not listed. 1.4.0 diff --git a/docs/root/operations/admin.rst b/docs/root/operations/admin.rst index 34392811..4b967c5f 100644 --- a/docs/root/operations/admin.rst +++ b/docs/root/operations/admin.rst @@ -7,7 +7,7 @@ Envoy exposes a local administration interface that can be used to query and modify different aspects of the server: * :ref:`v1 API reference ` -* :ref:`v2 API reference ` +* :ref:`v2 API reference ` .. http:get:: / diff --git a/docs/root/operations/cli.rst b/docs/root/operations/cli.rst index 2224f3ba..a50bbcc4 100644 --- a/docs/root/operations/cli.rst +++ b/docs/root/operations/cli.rst @@ -90,7 +90,7 @@ following are the command line options that Envoy supports. *(optional)* Defines the local service cluster name where Envoy is running. The local service cluster name is first sourced from the :ref:`Bootstrap node - ` message's :ref:`cluster + ` message's :ref:`cluster ` field. This CLI option provides an alternative method for specifying this value and will override any value set in bootstrap configuration. It should be set if any of the following features are used: @@ -107,7 +107,7 @@ following are the command line options that Envoy supports. *(optional)* Defines the local service node name where Envoy is running. The local service node name is first sourced from the :ref:`Bootstrap node - ` message's :ref:`id + ` message's :ref:`id ` field. This CLI option provides an alternative method for specifying this value and will override any value set in bootstrap configuration. It should be set if any of the following features are used: @@ -120,7 +120,7 @@ following are the command line options that Envoy supports. *(optional)* Defines the local service zone where Envoy is running. The local service zone is first sourced from the :ref:`Bootstrap node - ` message's :ref:`locality.zone + ` message's :ref:`locality.zone ` field. This CLI option provides an alternative method for specifying this value and will override any value set in bootstrap configuration. It should be set if discovery service routing is diff --git a/envoy/BUILD b/envoy/BUILD new file mode 100644 index 00000000..486701bc --- /dev/null +++ b/envoy/BUILD @@ -0,0 +1,27 @@ +licenses(["notice"]) # Apache 2 + +# TODO(htuch): Grow this to cover everything we want to generate docs for, so we can just invoke +# bazel build //envoy/api --aspects tools/protodoc/protodoc.bzl%proto_doc_aspect --output_groups=rst +proto_library( + name = "envoy", + deps = [ + "//envoy/api/v2", + "//envoy/api/v2/cluster", + "//envoy/api/v2/cluster:circuit_breaker", + "//envoy/api/v2/cluster:outlier_detection", + "//envoy/api/v2/filter/accesslog", + "//envoy/api/v2/filter/http", + "//envoy/api/v2/filter/network", + "//envoy/api/v2/listener", + "//envoy/api/v2/ratelimit", + "//envoy/api/v2/route", + "//envoy/config/bootstrap/v2:bootstrap", + "//envoy/config/metrics/v2:metrics_service", + "//envoy/config/metrics/v2:stats", + "//envoy/config/ratelimit/v2:rls", + "//envoy/config/trace/v2:trace", + "//envoy/service/discovery", + "//envoy/service/load_stats", + "//envoy/service/metrics", + ], +) diff --git a/envoy/api/v2/BUILD b/envoy/api/v2/BUILD new file mode 100644 index 00000000..381a3be1 --- /dev/null +++ b/envoy/api/v2/BUILD @@ -0,0 +1,85 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "address", + srcs = ["address.proto"], +) + +api_go_proto_library( + name = "address", + proto = ":address", +) + +api_proto_library( + name = "base", + srcs = ["base.proto"], + deps = [":address"], +) + +api_go_proto_library( + name = "base", + proto = ":base", + deps = [":address_go_proto"], +) + +api_proto_library( + name = "health_check", + srcs = ["health_check.proto"], + deps = [":base"], +) + +api_go_proto_library( + name = "health_check", + proto = ":health_check", + deps = [":base_go_proto"], +) + +api_proto_library( + name = "config_source", + srcs = ["config_source.proto"], + deps = [ + ":base", + ":grpc_service", + ], +) + +api_go_proto_library( + name = "config_source", + proto = ":config_source", + deps = [ + ":base_go_proto", + ":grpc_service_go_proto", + ], +) + +api_proto_library( + name = "grpc_service", + srcs = ["grpc_service.proto"], + deps = [":base"], +) + +api_go_proto_library( + name = "grpc_service", + proto = ":grpc_service", + deps = [":base_go_proto"], +) + +api_proto_library( + name = "protocol", + srcs = ["protocol.proto"], +) + +api_go_proto_library( + name = "protocol", + proto = ":protocol", +) + +proto_library( + name = "v2", + visibility = ["//envoy:__pkg__"], + deps = [ + ":protocol", + ], +) diff --git a/api/address.proto b/envoy/api/v2/address.proto similarity index 100% rename from api/address.proto rename to envoy/api/v2/address.proto diff --git a/envoy/api/v2/auth/BUILD b/envoy/api/v2/auth/BUILD new file mode 100644 index 00000000..bb807def --- /dev/null +++ b/envoy/api/v2/auth/BUILD @@ -0,0 +1,38 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "auth", + srcs = ["auth.proto"], + deps = [ + ":cert", + ], +) + +api_go_proto_library( + name = "auth", + proto = ":auth", + deps = [ + ":cert_go_proto", + "@googleapis//:rpc_status_go_proto", + ], +) + +api_proto_library( + name = "cert", + srcs = ["cert.proto"], + deps = [ + "//envoy/api/v2:base", + "//envoy/api/v2:config_source", + ], +) + +api_go_proto_library( + name = "cert", + proto = ":cert", + deps = [ + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2:config_source_go_proto", + ], +) diff --git a/api/auth.proto b/envoy/api/v2/auth/auth.proto similarity index 94% rename from api/auth.proto rename to envoy/api/v2/auth/auth.proto index 6236e241..e97c670a 100644 --- a/api/auth.proto +++ b/envoy/api/v2/auth/auth.proto @@ -3,8 +3,9 @@ syntax = "proto3"; // [#proto-status: draft] package envoy.api.v2.auth; +option go_package = "auth"; -import "api/sds.proto"; +import "envoy/api/v2/auth/cert.proto"; message AuthAction { // Should we do white-list or black-list style access control. diff --git a/api/sds.proto b/envoy/api/v2/auth/cert.proto similarity index 89% rename from api/sds.proto rename to envoy/api/v2/auth/cert.proto index 49f2252c..989107c0 100644 --- a/api/sds.proto +++ b/envoy/api/v2/auth/cert.proto @@ -1,30 +1,16 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.api.v2.auth; -import "api/base.proto"; -import "api/config_source.proto"; -import "api/discovery.proto"; +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/config_source.proto"; -import "google/api/annotations.proto"; import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; // [#protodoc-title: Common TLS configuration] -service SecretDiscoveryService { - rpc StreamSecrets(stream DiscoveryRequest) returns (stream DiscoveryResponse) { - } - - rpc FetchSecrets(DiscoveryRequest) returns (DiscoveryResponse) { - option (google.api.http) = { - post: "/v2/discovery:secrets" - body: "*" - }; - } -} - message TlsParameters { enum TlsProtocol { // Envoy will choose the optimal TLS version. @@ -105,10 +91,10 @@ message TlsSessionTicketKeys { // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys // by, for example, putting the new key first, and the previous key second. // - // If :ref:`session_ticket_keys ` is not - // specified, the TLS library will still support resuming - // sessions via tickets, but it will use an internally-generated and managed key, so sessions - // cannot be resumed across hot restarts or on different hosts. + // If :ref:`session_ticket_keys ` + // is not specified, the TLS library will still support resuming sessions via tickets, but it will + // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts + // or on different hosts. // // Each key must contain exactly 80 bytes of cryptographically-secure random data. For // example, the output of ``openssl rand 80``. @@ -132,11 +118,12 @@ message CertificateValidationContext { // for listeners). If not specified and a peer certificate is presented it will not be // verified. By default, a client certificate is optional, unless one of the additional // options (:ref:`require_client_certificate - // `, + // `, // :ref:`verify_certificate_hash - // `, or + // `, or // :ref:`verify_subject_alt_name - // `) is also specified. + // `) is also + // specified. // // See :ref:`the TLS overview ` for a list of common // system CA locations. diff --git a/api/base.proto b/envoy/api/v2/base.proto similarity index 98% rename from api/base.proto rename to envoy/api/v2/base.proto index 72c66337..4abeb340 100644 --- a/api/base.proto +++ b/envoy/api/v2/base.proto @@ -3,9 +3,8 @@ syntax = "proto3"; package envoy.api.v2; option go_package = "api"; -import "api/address.proto"; +import "envoy/api/v2/address.proto"; -import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -77,11 +76,6 @@ message Node { string build_version = 5; } -// Upstream host identifier. -message Endpoint { - Address address = 1; -} - // Metadata provides additional inputs to filters based on matched listeners, // filter chains, routes and endpoints. It is structured as a map from filter // name (in reverse DNS format) to metadata specific to the filter. Metadata diff --git a/envoy/api/v2/cluster/BUILD b/envoy/api/v2/cluster/BUILD new file mode 100644 index 00000000..a0210991 --- /dev/null +++ b/envoy/api/v2/cluster/BUILD @@ -0,0 +1,59 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "circuit_breaker", + srcs = ["circuit_breaker.proto"], + deps = [ + "//envoy/api/v2:base", + ], +) + +api_go_proto_library( + name = "circuit_breaker", + proto = ":circuit_breaker", + deps = [ + "//envoy/api/v2:base_go_proto", + ], +) + +api_proto_library( + name = "outlier_detection", + srcs = ["outlier_detection.proto"], +) + +api_go_proto_library( + name = "outlier_detection", + proto = ":outlier_detection", +) + +api_proto_library( + name = "cluster", + srcs = ["cluster.proto"], + deps = [ + ":circuit_breaker", + ":outlier_detection", + "//envoy/api/v2:address", + "//envoy/api/v2:base", + "//envoy/api/v2:config_source", + "//envoy/api/v2:health_check", + "//envoy/api/v2:protocol", + "//envoy/api/v2/auth:cert", + ], +) + +api_go_proto_library( + name = "cluster", + proto = ":cluster", + deps = [ + ":circuit_breaker_go_proto", + ":outlier_detection_go_proto", + "//envoy/api/v2:address_go_proto", + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2:config_source_go_proto", + "//envoy/api/v2:health_check_go_proto", + "//envoy/api/v2:protocol_go_proto", + "//envoy/api/v2/auth:cert_go_proto", + ], +) diff --git a/envoy/api/v2/cluster/circuit_breaker.proto b/envoy/api/v2/cluster/circuit_breaker.proto new file mode 100644 index 00000000..06c19abd --- /dev/null +++ b/envoy/api/v2/cluster/circuit_breaker.proto @@ -0,0 +1,47 @@ +syntax = "proto3"; + +package envoy.api.v2.cluster; + +import "envoy/api/v2/base.proto"; + +import "google/protobuf/wrappers.proto"; + +// [#protodoc-title: Circuit breakers] + +// :ref:`Circuit breaking` settings can be +// specified individually for each defined priority. +message CircuitBreakers { + + // A Thresholds defines CircuitBreaker settings for a + // :ref:`RoutingPriority`. + message Thresholds { + // The :ref:`RoutingPriority` + // the specified CircuitBreaker settings apply to. + // [#comment:TODO(htuch): add (validate.rules).enum.defined_only = true once + // https://github.com/lyft/protoc-gen-validate/issues/42 is resolved.] + RoutingPriority priority = 1; + + // The maximum number of connections that Envoy will make to the upstream + // cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_connections = 2; + + // The maximum number of pending requests that Envoy will allow to the + // upstream cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_pending_requests = 3; + + // The maximum number of parallel requests that Envoy will make to the + // upstream cluster. If not specified, the default is 1024. + google.protobuf.UInt32Value max_requests = 4; + + // The maximum number of parallel retries that Envoy will allow to the + // upstream cluster. If not specified, the default is 3. + google.protobuf.UInt32Value max_retries = 5; + } + + // If multiple :ref:`Thresholds` + // are defined with the same :ref:`RoutingPriority`, + // the first one in the list is used. If no Thresholds is defined for a given + // :ref:`RoutingPriority`, the default values + // are used. + repeated Thresholds thresholds = 1; +} diff --git a/api/cds.proto b/envoy/api/v2/cluster/cluster.proto similarity index 62% rename from api/cds.proto rename to envoy/api/v2/cluster/cluster.proto index d3c6e919..d40ce0df 100644 --- a/api/cds.proto +++ b/envoy/api/v2/cluster/cluster.proto @@ -1,16 +1,17 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.api.v2.cluster; +option go_package = "cluster"; + +import "envoy/api/v2/address.proto"; +import "envoy/api/v2/auth/cert.proto"; +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/config_source.proto"; +import "envoy/api/v2/health_check.proto"; +import "envoy/api/v2/protocol.proto"; +import "envoy/api/v2/cluster/circuit_breaker.proto"; +import "envoy/api/v2/cluster/outlier_detection.proto"; -import "api/address.proto"; -import "api/base.proto"; -import "api/config_source.proto"; -import "api/discovery.proto"; -import "api/health_check.proto"; -import "api/protocol.proto"; -import "api/sds.proto"; - -import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -18,20 +19,7 @@ import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; import "gogoproto/gogo.proto"; -// [#protodoc-title: Clusters and CDS] - -// Return list of all clusters this proxy will load balance to. -service ClusterDiscoveryService { - rpc StreamClusters(stream DiscoveryRequest) returns (stream DiscoveryResponse) { - } - - rpc FetchClusters(DiscoveryRequest) returns (DiscoveryResponse) { - option (google.api.http) = { - post: "/v2/discovery:clusters" - body: "*" - }; - } -} +// [#protodoc-title: Clusters] message Cluster { // Supplies the name of the cluster which must be unique across all clusters. @@ -131,9 +119,9 @@ message Cluster { LbPolicy lb_policy = 6 [(validate.rules).enum.defined_only = true]; // If the service discovery type is - // :ref:`STATIC`, - // :ref:`STRICT_DNS` - // or :ref:`LOGICAL_DNS`, + // :ref:`STATIC`, + // :ref:`STRICT_DNS` + // or :ref:`LOGICAL_DNS`, // then hosts is required. repeated Address hosts = 7; @@ -158,9 +146,9 @@ message Cluster { // .. attention:: // // Server certificate verification is not enabled by default. Configure - // :ref:`trusted_ca` to enable + // :ref:`trusted_ca` to enable // verification. - UpstreamTlsContext tls_context = 11; + auth.UpstreamTlsContext tls_context = 11; reserved 12; @@ -178,13 +166,13 @@ message Cluster { reserved 15; // If the DNS refresh rate is specified and the cluster type is either - // :ref:`STRICT_DNS`, - // or :ref:`LOGICAL_DNS`, + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, // this value is used as the cluster’s DNS refresh // rate. If this setting is not specified, the value defaults to 5000. For // cluster types other than - // :ref:`STRICT_DNS` - // and :ref:`LOGICAL_DNS` + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` // this setting is ignored. google.protobuf.Duration dns_refresh_rate = 16 [(validate.rules).duration.gt = {}, (gogoproto.stdduration) = true]; @@ -195,8 +183,8 @@ message Cluster { // specified, the DNS resolver will first perform a lookup for addresses in // the IPv6 family and fallback to a lookup for addresses in the IPv4 family. // For cluster types other than - // :ref:`STRICT_DNS` and - // :ref:`LOGICAL_DNS`, + // :ref:`STRICT_DNS` and + // :ref:`LOGICAL_DNS`, // this setting is // ignored. enum DnsLookupFamily { @@ -207,93 +195,28 @@ message Cluster { // The DNS IP address resolution policy. If this setting is not specified, the // value defaults to - // :ref:`AUTO`. + // :ref:`AUTO`. DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum.defined_only = true]; // If DNS resolvers are specified and the cluster type is either - // :ref:`STRICT_DNS`, - // or :ref:`LOGICAL_DNS`, + // :ref:`STRICT_DNS`, + // or :ref:`LOGICAL_DNS`, // this value is used to specify the cluster’s dns resolvers. // If this setting is not specified, the value defaults to the default // resolver, which uses /etc/resolv.conf for configuration. For cluster types // other than - // :ref:`STRICT_DNS` - // and :ref:`LOGICAL_DNS` + // :ref:`STRICT_DNS` + // and :ref:`LOGICAL_DNS` // this setting is ignored. repeated Address dns_resolvers = 18; - // See the :ref:`architecture overview ` for - // more information on outlier detection. - message OutlierDetection { - // The number of consecutive 5xx responses before a consecutive 5xx ejection - // occurs. Defaults to 5. - google.protobuf.UInt32Value consecutive_5xx = 1; - - // The time interval between ejection analysis sweeps. This can result in - // both new ejections as well as hosts being returned to service. Defaults - // to 10000ms or 10s. - google.protobuf.Duration interval = 2 [(validate.rules).duration.gt = {}]; - - // The base time that a host is ejected for. The real time is equal to the - // base time multiplied by the number of times the host has been ejected. - // Defaults to 30000ms or 30s. - google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration.gt = {}]; - - // The maximum % of an upstream cluster that can be ejected due to outlier - // detection. Defaults to 10%. - google.protobuf.UInt32Value max_ejection_percent = 4 [(validate.rules).uint32.lte = 100]; - - // The % chance that a host will be actually ejected when an outlier status - // is detected through consecutive 5xx. This setting can be used to disable - // ejection or to ramp it up slowly. Defaults to 100. - google.protobuf.UInt32Value enforcing_consecutive_5xx = 5 [(validate.rules).uint32.lte = 100]; - - // The % chance that a host will be actually ejected when an outlier status - // is detected through success rate statistics. This setting can be used to - // disable ejection or to ramp it up slowly. Defaults to 100. - google.protobuf.UInt32Value enforcing_success_rate = 6 [(validate.rules).uint32.lte = 100]; - - // The number of hosts in a cluster that must have enough request volume to - // detect success rate outliers. If the number of hosts is less than this - // setting, outlier detection via success rate statistics is not performed - // for any host in the cluster. Defaults to 5. - google.protobuf.UInt32Value success_rate_minimum_hosts = 7; - - // The minimum number of total requests that must be collected in one - // interval (as defined by the interval duration above) to include this host - // in success rate based outlier detection. If the volume is lower than this - // setting, outlier detection via success rate statistics is not performed - // for that host. Defaults to 100. - google.protobuf.UInt32Value success_rate_request_volume = 8; - - // This factor is used to determine the ejection threshold for success rate - // outlier ejection. The ejection threshold is the difference between the - // mean success rate, and the product of this factor and the standard - // deviation of the mean success rate: mean - (stdev * - // success_rate_stdev_factor). This factor is divided by a thousand to get a - // double. That is, if the desired factor is 1.9, the runtime value should - // be 1900. Defaults to 1900. - google.protobuf.UInt32Value success_rate_stdev_factor = 9; - - // The number of consecutive gateway failures (502, 503, 504 status or - // connection errors that are mapped to one of those status codes) before a - // consecutive gateway failure ejection occurs. Defaults to 5. - google.protobuf.UInt32Value consecutive_gateway_failure = 10; - - // The % chance that a host will be actually ejected when an outlier status - // is detected through consecutive gateway failures. This setting can be - // used to disable ejection or to ramp it up slowly. Defaults to 0. - google.protobuf.UInt32Value enforcing_consecutive_gateway_failure = 11 - [(validate.rules).uint32.lte = 100]; - } - // If specified, outlier detection will be enabled for this upstream cluster. // Each of the configuration values can be overridden via // :ref:`runtime values `. OutlierDetection outlier_detection = 19; // The interval for removing stale hosts from a cluster type - // :ref:`ORIGINAL_DST`. + // :ref:`ORIGINAL_DST`. // Hosts are considered stale if they have not been used // as upstream destinations during this interval. New hosts are added // to original destination clusters on demand as new connections are @@ -303,7 +226,7 @@ message Cluster { // them remain open, saving the latency that would otherwise be spent // on opening new connections. If this setting is not specified, the // value defaults to 5000ms. For cluster types other than - // :ref:`ORIGINAL_DST` + // :ref:`ORIGINAL_DST` // this setting is ignored. google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration.gt = {}, (gogoproto.stdduration) = true]; @@ -330,17 +253,17 @@ message Cluster { // The behavior used when no endpoint subset matches the selected route's // metadata. The value defaults to - // :ref:`NO_FALLBACK`. + // :ref:`NO_FALLBACK`. LbSubsetFallbackPolicy fallback_policy = 1 [(validate.rules).enum.defined_only = true]; // Specifies the default subset of endpoints used during fallback if // fallback_policy is - // :ref:`DEFAULT_SUBSET`. + // :ref:`DEFAULT_SUBSET`. // Each field in default_subset is // compared to the matching LbEndpoint.Metadata under the *envoy.lb* // namespace. It is valid for no hosts to match, in which case the behavior // is the same as a fallback_policy of - // :ref:`NO_FALLBACK`. + // :ref:`NO_FALLBACK`. google.protobuf.Struct default_subset = 2; // Specifications for subsets. @@ -394,10 +317,10 @@ message Cluster { // Optional configuration for the load balancing algorithm selected by // LbPolicy. Currently only - // :ref:`RING_HASH` + // :ref:`RING_HASH` // has additional configuration options. // Specifying ring_hash_lb_config without setting the LbPolicy to - // :ref:`RING_HASH` + // :ref:`RING_HASH` // will generate an error at runtime. oneof lb_config { // Optional configuration for the Ring Hash load balancing policy. @@ -416,7 +339,7 @@ message Cluster { enum ClusterProtocolSelection { // Cluster can only operate on one of the possible upstream protocols (HTTP1.1, HTTP2). - // If :ref:`http2_protocol_options ` are + // If :ref:`http2_protocol_options ` are // present, HTTP2 will be used, otherwise HTTP1.1 will be used. USE_CONFIGURED_PROTOCOL = 0; // Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection. @@ -431,41 +354,3 @@ message UpstreamBindConfig { // The address Envoy should bind to when establishing upstream connections. Address source_address = 1; } - -// :ref:`Circuit breaking` settings can be -// specified individually for each defined priority. -message CircuitBreakers { - - // A Thresholds defines CircuitBreaker settings for a - // :ref:`RoutingPriority`. - message Thresholds { - // The :ref:`RoutingPriority` - // the specified CircuitBreaker settings apply to. - // [#comment:TODO(htuch): add (validate.rules).enum.defined_only = true once - // https://github.com/lyft/protoc-gen-validate/issues/42 is resolved.] - RoutingPriority priority = 1; - - // The maximum number of connections that Envoy will make to the upstream - // cluster. If not specified, the default is 1024. - google.protobuf.UInt32Value max_connections = 2; - - // The maximum number of pending requests that Envoy will allow to the - // upstream cluster. If not specified, the default is 1024. - google.protobuf.UInt32Value max_pending_requests = 3; - - // The maximum number of parallel requests that Envoy will make to the - // upstream cluster. If not specified, the default is 1024. - google.protobuf.UInt32Value max_requests = 4; - - // The maximum number of parallel retries that Envoy will allow to the - // upstream cluster. If not specified, the default is 3. - google.protobuf.UInt32Value max_retries = 5; - } - - // If multiple :ref:`Thresholds` - // are defined with the same :ref:`RoutingPriority`, - // the first one in the list is used. If no Thresholds is defined for a given - // :ref:`RoutingPriority`, the default values - // are used. - repeated Thresholds thresholds = 1; -} diff --git a/envoy/api/v2/cluster/outlier_detection.proto b/envoy/api/v2/cluster/outlier_detection.proto new file mode 100644 index 00000000..0eeeda6c --- /dev/null +++ b/envoy/api/v2/cluster/outlier_detection.proto @@ -0,0 +1,75 @@ +syntax = "proto3"; + +package envoy.api.v2.cluster; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "validate/validate.proto"; + +// [#protodoc-title: Outlier detection] + +// See the :ref:`architecture overview ` for +// more information on outlier detection. +message OutlierDetection { + // The number of consecutive 5xx responses before a consecutive 5xx ejection + // occurs. Defaults to 5. + google.protobuf.UInt32Value consecutive_5xx = 1; + + // The time interval between ejection analysis sweeps. This can result in + // both new ejections as well as hosts being returned to service. Defaults + // to 10000ms or 10s. + google.protobuf.Duration interval = 2 [(validate.rules).duration.gt = {}]; + + // The base time that a host is ejected for. The real time is equal to the + // base time multiplied by the number of times the host has been ejected. + // Defaults to 30000ms or 30s. + google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration.gt = {}]; + + // The maximum % of an upstream cluster that can be ejected due to outlier + // detection. Defaults to 10%. + google.protobuf.UInt32Value max_ejection_percent = 4 [(validate.rules).uint32.lte = 100]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive 5xx. This setting can be used to disable + // ejection or to ramp it up slowly. Defaults to 100. + google.protobuf.UInt32Value enforcing_consecutive_5xx = 5 [(validate.rules).uint32.lte = 100]; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through success rate statistics. This setting can be used to + // disable ejection or to ramp it up slowly. Defaults to 100. + google.protobuf.UInt32Value enforcing_success_rate = 6 [(validate.rules).uint32.lte = 100]; + + // The number of hosts in a cluster that must have enough request volume to + // detect success rate outliers. If the number of hosts is less than this + // setting, outlier detection via success rate statistics is not performed + // for any host in the cluster. Defaults to 5. + google.protobuf.UInt32Value success_rate_minimum_hosts = 7; + + // The minimum number of total requests that must be collected in one + // interval (as defined by the interval duration above) to include this host + // in success rate based outlier detection. If the volume is lower than this + // setting, outlier detection via success rate statistics is not performed + // for that host. Defaults to 100. + google.protobuf.UInt32Value success_rate_request_volume = 8; + + // This factor is used to determine the ejection threshold for success rate + // outlier ejection. The ejection threshold is the difference between the + // mean success rate, and the product of this factor and the standard + // deviation of the mean success rate: mean - (stdev * + // success_rate_stdev_factor). This factor is divided by a thousand to get a + // double. That is, if the desired factor is 1.9, the runtime value should + // be 1900. Defaults to 1900. + google.protobuf.UInt32Value success_rate_stdev_factor = 9; + + // The number of consecutive gateway failures (502, 503, 504 status or + // connection errors that are mapped to one of those status codes) before a + // consecutive gateway failure ejection occurs. Defaults to 5. + google.protobuf.UInt32Value consecutive_gateway_failure = 10; + + // The % chance that a host will be actually ejected when an outlier status + // is detected through consecutive gateway failures. This setting can be + // used to disable ejection or to ramp it up slowly. Defaults to 0. + google.protobuf.UInt32Value enforcing_consecutive_gateway_failure = 11 + [(validate.rules).uint32.lte = 100]; +} diff --git a/api/config_source.proto b/envoy/api/v2/config_source.proto similarity index 98% rename from api/config_source.proto rename to envoy/api/v2/config_source.proto index c843ba98..c9046255 100644 --- a/api/config_source.proto +++ b/envoy/api/v2/config_source.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package envoy.api.v2; -import "api/grpc_service.proto"; +import "envoy/api/v2/grpc_service.proto"; import "google/protobuf/duration.proto"; diff --git a/envoy/api/v2/endpoint/BUILD b/envoy/api/v2/endpoint/BUILD new file mode 100644 index 00000000..07e1c750 --- /dev/null +++ b/envoy/api/v2/endpoint/BUILD @@ -0,0 +1,45 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "endpoint", + srcs = ["endpoint.proto"], + deps = [ + "//envoy/api/v2:address", + "//envoy/api/v2:base", + "//envoy/api/v2:config_source", + "//envoy/api/v2:health_check", + "//envoy/api/v2:protocol", + "//envoy/api/v2/auth:cert", + ], +) + +api_go_proto_library( + name = "endpoint", + proto = ":endpoint", + deps = [ + "//envoy/api/v2:address_go_proto", + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2:config_source_go_proto", + "//envoy/api/v2:health_check_go_proto", + "//envoy/api/v2:protocol_go_proto", + "//envoy/api/v2/auth:cert_go_proto", + ], +) + +api_proto_library( + name = "load_report", + srcs = ["load_report.proto"], + deps = [ + "//envoy/api/v2:base", + ], +) + +api_go_proto_library( + name = "load_report", + proto = ":load_report", + deps = [ + "//envoy/api/v2:base_go_proto", + ], +) diff --git a/envoy/api/v2/endpoint/endpoint.proto b/envoy/api/v2/endpoint/endpoint.proto new file mode 100644 index 00000000..ecb8ca2e --- /dev/null +++ b/envoy/api/v2/endpoint/endpoint.proto @@ -0,0 +1,97 @@ +syntax = "proto3"; + +package envoy.api.v2.endpoint; +option go_package = "endpoint"; + +import "envoy/api/v2/address.proto"; +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/health_check.proto"; + +import "google/protobuf/wrappers.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +// [#protodoc-title: Endpoints] + +// Upstream host identifier. +message Endpoint { + Address address = 1; +} + +// An Endpoint that Envoy can route traffic to. +message LbEndpoint { + // Upstream host identifier + Endpoint endpoint = 1; + + // [#not-implemented-hide:] Optional health status when known and supplied by + // EDS server. + HealthStatus health_status = 2; + + // The endpoint metadata specifies values that may be used by the load + // balancer to select endpoints in a cluster for a given request. The filter + // name should be specified as *envoy.lb*. An example boolean key-value pair + // is *canary*, providing the optional canary status of the upstream host. + // This may be matched against in a route's ForwardAction metadata_match field + // to subset the endpoints considered in cluster load balancing. + Metadata metadata = 3; + + // The optional load balancing weight of the upstream host, in the range 1 - + // 128. Envoy uses the load balancing weight in some of the built in load + // balancers. The load balancing weight for an endpoint is divided by the sum + // of the weights of all endpoints in the endpoint's locality to produce a + // percentage of traffic for the endpoint. This percentage is then further + // weighted by the endpoint's locality's load balancing weight from + // LocalityLbEndpoints. If unspecified, each host is presumed to have equal + // weight in a locality. + // + // .. attention:: + // + // The limit of 128 is somewhat arbitrary, but is applied due to performance + // concerns with the current implementation and can be removed when + // `this issue `_ is fixed. + google.protobuf.UInt32Value load_balancing_weight = 4 + [(validate.rules).uint32 = {gte: 1, lte: 128}]; +} + +// A group of endpoints belonging to a Locality. +// One can have multiple LocalityLbEndpoints for a locality, but this is +// generally only done if the different groups need to have different load +// balancing weights or different priorities. +message LocalityLbEndpoints { + // Identifies location of where the upstream hosts run. + Locality locality = 1; + + // The group of endpoints belonging to the locality specified. + repeated LbEndpoint lb_endpoints = 2; + + // Optional: Per priority/region/zone/sub_zone weight - range 1-128. The load + // balancing weight for a locality is divided by the sum of the weights of all + // localities at the same priority level to produce the effective percentage + // of traffic for the locality. + // + // Weights must be specified for either all localities in a given priority + // level or none. + // + // If unspecified, each locality is presumed to have equal weight in a + // cluster. + // + // .. attention:: + // + // The limit of 128 is somewhat arbitrary, but is applied due to performance + // concerns with the current implementation and can be removed when + // `this issue `_ is fixed. + google.protobuf.UInt32Value load_balancing_weight = 3 + [(validate.rules).uint32 = {gte: 1, lte: 128}]; + + // Optional: the priority for this LocalityLbEndpoints. If unspecified this will + // default to the highest priority (0). + // + // Under usual circumstances, Envoy will only select endpoints for the highest + // priority (0). In the event all endpoints for a particular priority are + // unavailable/unhealthy, Envoy will fail over to selecting endpoints for the + // next highest priority group. + // + // Priorities should range from 0 (highest) to N (lowest) without skipping. + uint32 priority = 5; +} diff --git a/envoy/api/v2/endpoint/load_report.proto b/envoy/api/v2/endpoint/load_report.proto new file mode 100644 index 00000000..2c2106c7 --- /dev/null +++ b/envoy/api/v2/endpoint/load_report.proto @@ -0,0 +1,96 @@ +syntax = "proto3"; + +package envoy.api.v2.endpoint; + +import "envoy/api/v2/base.proto"; + +import "validate/validate.proto"; +import "gogoproto/gogo.proto"; + +// These are stats Envoy reports to GLB every so often. Report frequency is +// defined by +// :ref:`LoadStatsResponse.load_reporting_interval`. +// Stats per upstream region/zone and optionally per subzone. +// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. +message UpstreamLocalityStats { + // Name of zone, region and optionally endpoint group these metrics were + // collected from. Zone and region names could be empty if unknown. + envoy.api.v2.Locality locality = 1; + + // The total number of requests sent by this Envoy since the last report. A + // single HTTP or gRPC request or stream is counted as one request. A TCP + // connection is also treated as one request. There is no explicit + // total_requests field below for a locality, but it may be inferred from: + // + // .. code-block:: none + // + // total_requests = total_successful_requests + total_requests_in_progress + + // total_error_requests + // + // The total number of requests successfully completed by the endpoints in the + // locality. These include non-5xx responses for HTTP, where errors + // originate at the client and the endpoint responded successfuly. For gRPC, + // the grpc-status values are those not covered by total_error_requests below. + uint64 total_successful_requests = 2; + + // The total number of unfinished requests + uint64 total_requests_in_progress = 3; + + // The total number of requests that failed due to errors at the endpoint. + // For HTTP these are responses with 5xx status codes and for gRPC the + // grpc-status values: + // + // - DeadlineExceeded + // - Unimplemented + // - Internal + // - Unavailable + // - Unknown + // - DataLoss + uint64 total_error_requests = 4; + + // Stats for multi-dimensional load balancing. + repeated EndpointLoadMetricStats load_metric_stats = 5; + + // [#not-implemented-hide:] The priority of the endpoint group these metrics + // were collected from. + uint32 priority = 6; +} + +// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. +message EndpointLoadMetricStats { + // Name of the metric; may be empty. + string metric_name = 1; + + // Number of calls that finished and included this metric. + uint64 num_requests_finished_with_metric = 2; + + // Sum of metric values across all calls that finished with this metric for + // load_reporting_interval. + double total_metric_value = 3; +} + +// Per cluster load stats. Envoy reports these stats a management server in a +// :ref:`LoadStatsRequest` +// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. +message ClusterStats { + // The name of the cluster. + string cluster_name = 1 [(validate.rules).string.min_bytes = 1]; + + // Need at least one. + repeated UpstreamLocalityStats upstream_locality_stats = 2 + [(validate.rules).repeated .min_items = 1]; + + // Cluster-level stats such as total_successful_requests may be computed by + // summing upstream_locality_stats. In addition, below there are additional + // cluster-wide stats. The following total_requests equality holds at the + // cluster-level: + // + // .. code-block:: none + // + // sum_locality(total_successful_requests) + sum_locality(total_requests_in_progress) + + // sum_locality(total_error_requests) + total_dropped_requests` + // + // The total number of dropped requests. This covers requests + // deliberately dropped by the drop_overload policy and circuit breaking. + uint64 total_dropped_requests = 3; +} diff --git a/api/filter/BUILD b/envoy/api/v2/filter/BUILD similarity index 100% rename from api/filter/BUILD rename to envoy/api/v2/filter/BUILD diff --git a/api/filter/README.md b/envoy/api/v2/filter/README.md similarity index 100% rename from api/filter/README.md rename to envoy/api/v2/filter/README.md diff --git a/api/filter/accesslog/BUILD b/envoy/api/v2/filter/accesslog/BUILD similarity index 60% rename from api/filter/accesslog/BUILD rename to envoy/api/v2/filter/accesslog/BUILD index e15f36a1..6a7af769 100644 --- a/api/filter/accesslog/BUILD +++ b/envoy/api/v2/filter/accesslog/BUILD @@ -3,10 +3,9 @@ load("//bazel:api_build_system.bzl", "api_proto_library") api_proto_library( name = "accesslog", srcs = ["accesslog.proto"], - has_services = 1, deps = [ - "//api:address", - "//api:base", - "//api:grpc_service", + "//envoy/api/v2:address", + "//envoy/api/v2:base", + "//envoy/api/v2:grpc_service", ], ) diff --git a/api/filter/accesslog/accesslog.proto b/envoy/api/v2/filter/accesslog/accesslog.proto similarity index 79% rename from api/filter/accesslog/accesslog.proto rename to envoy/api/v2/filter/accesslog/accesslog.proto index f21b25b1..9fa8336e 100644 --- a/api/filter/accesslog/accesslog.proto +++ b/envoy/api/v2/filter/accesslog/accesslog.proto @@ -3,9 +3,8 @@ syntax = "proto3"; package envoy.api.v2.filter.accesslog; option go_package = "accesslog"; -import "api/address.proto"; -import "api/base.proto"; -import "api/grpc_service.proto"; +import "envoy/api/v2/address.proto"; +import "envoy/api/v2/base.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; @@ -401,91 +400,3 @@ message FileAccessLog { // `. string format = 2; } - -// Configuration for the built-in *envoy.tcp_grpc_access_log* type. This configuration will -// populate *StreamAccessLogsMessage.tcp_logs*. -// [#not-implemented-hide:] -// [#comment:TODO(mattklein123): Block type in non-tcp proxy cases?] -message TcpGrpcAccessLogConfig { - CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message.required = true]; -} - -// Configuration for the built-in *envoy.http_grpc_access_log* type. This configuration will -// populate *StreamAccessLogsMessage.http_logs*. -// [#not-implemented-hide:] -// [#comment:TODO(mattklein123): Block type in non-http/router proxy cases?] -message HttpGrpcAccessLogConfig { - CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message.required = true]; - - // Additional request headers to log in *HTTPRequestProperties.request_headers*. - repeated string additional_request_headers_to_log = 2; - - // Additional response headers to log in *HTTPResponseProperties.response_headers*. - repeated string additional_response_headers_to_log = 3; -} - -// Common configuration for gRPC access logs. -// [#not-implemented-hide:] -message CommonGrpcAccessLogConfig { - // The friendly name of the access log to be returned in StreamAccessLogsMessage.Identifier. This - // allows the access log server to differentiate between different access logs coming from the - // same Envoy. - string log_name = 1 [(validate.rules).string.min_bytes = 1]; - - // The gRPC service for the access log service. - GrpcService grpc_service = 2 [(validate.rules).message.required = true]; -} - -// [#proto-status: experimental] -// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. -// Stream message for the StreamAccessLogs API. Envoy will open a stream to the server and stream -// access logs without ever expecting a response. -message StreamAccessLogsMessage { - message Identifier { - // The node sending the access log messages over the stream. - Node node = 1 [(validate.rules).message.required = true]; - - // The friendly name of the log configured in AccessLogServiceConfig. - string log_name = 2 [(validate.rules).string.min_bytes = 1]; - } - - // Identifier data that will only be sent in the first message on the stream. This is effectively - // structured metadata and is a performance optimization. - Identifier identifier = 1; - - // Wrapper for batches of HTTP access log entries. - message HTTPAccessLogEntries { - repeated HTTPAccessLogEntry log_entry = 1 [(validate.rules).repeated .min_items = 1]; - } - - // Wrapper for batches of TCP access log entries. - message TCPAccessLogEntries { - repeated TCPAccessLogEntry log_entry = 1 [(validate.rules).repeated .min_items = 1]; - } - - // Batches of log entries of a single type. Generally speaking, a given stream should only - // ever incude one type of log entry. - oneof log_entries { - option (validate.required) = true; - - HTTPAccessLogEntries http_logs = 2; - TCPAccessLogEntries tcp_logs = 3; - } -} - -// Empty response for the StreamAccessLogs API. Will never be sent. See below. -// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. -message StreamAccessLogsResponse { -} - -// Service for streaming access logs from Envoy to an access log server. -service AccessLogService { - // Envoy will connect and send StreamAccessLogsMessage messages forever. It does not expect any - // response to be sent as nothing would be done in the case of failure. The server should - // disconnect if it expects Envoy to reconnect. In the future we may decide to add a different - // API for "critical" access logs in which Envoy will buffer access logs for some period of time - // until it gets an ACK so it could then retry. This API is designed for high throughput with the - // expectation that it might be lossy. - rpc StreamAccessLogs(stream StreamAccessLogsMessage) returns (StreamAccessLogsResponse) { - } -} diff --git a/api/filter/fault.proto b/envoy/api/v2/filter/fault.proto similarity index 100% rename from api/filter/fault.proto rename to envoy/api/v2/filter/fault.proto diff --git a/api/filter/http/BUILD b/envoy/api/v2/filter/http/BUILD similarity index 64% rename from api/filter/http/BUILD rename to envoy/api/v2/filter/http/BUILD index 5cf22fd0..24bacf1b 100644 --- a/api/filter/http/BUILD +++ b/envoy/api/v2/filter/http/BUILD @@ -5,7 +5,7 @@ licenses(["notice"]) # Apache 2 api_proto_library( name = "router", srcs = ["router.proto"], - deps = ["//api/filter/accesslog"], + deps = ["//envoy/api/v2/filter/accesslog"], ) api_proto_library( @@ -31,14 +31,14 @@ api_proto_library( api_proto_library( name = "ip_tagging", srcs = ["ip_tagging.proto"], - deps = ["//api:address"], + deps = ["//envoy/api/v2:address"], ) api_proto_library( name = "health_check", srcs = ["health_check.proto"], deps = [ - "//api:base", + "//envoy/api/v2:base", ], ) @@ -46,8 +46,8 @@ api_proto_library( name = "fault", srcs = ["fault.proto"], deps = [ - "//api:rds", - "//api/filter:fault", + "//envoy/api/v2/filter:fault", + "//envoy/api/v2/route", ], ) @@ -64,5 +64,22 @@ api_proto_library( api_proto_library( name = "ext_authz", srcs = ["ext_authz.proto"], - deps = ["//api:grpc_service"], + deps = ["//envoy/api/v2:grpc_service"], +) + +proto_library( + name = "http", + visibility = ["//envoy:__pkg__"], + deps = [ + ":buffer", + ":ext_authz", + ":fault", + ":gzip", + ":health_check", + ":lua", + ":rate_limit", + ":router", + ":squash", + ":transcoder", + ], ) diff --git a/api/filter/http/buffer.proto b/envoy/api/v2/filter/http/buffer.proto similarity index 100% rename from api/filter/http/buffer.proto rename to envoy/api/v2/filter/http/buffer.proto diff --git a/api/filter/http/ext_authz.proto b/envoy/api/v2/filter/http/ext_authz.proto similarity index 95% rename from api/filter/http/ext_authz.proto rename to envoy/api/v2/filter/http/ext_authz.proto index 807127db..e741a25b 100644 --- a/api/filter/http/ext_authz.proto +++ b/envoy/api/v2/filter/http/ext_authz.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package envoy.api.v2.filter.http; -import "api/grpc_service.proto"; +import "envoy/api/v2/grpc_service.proto"; import "validate/validate.proto"; diff --git a/api/filter/http/fault.proto b/envoy/api/v2/filter/http/fault.proto similarity index 94% rename from api/filter/http/fault.proto rename to envoy/api/v2/filter/http/fault.proto index d2cbf418..ca08be14 100644 --- a/api/filter/http/fault.proto +++ b/envoy/api/v2/filter/http/fault.proto @@ -2,8 +2,8 @@ syntax = "proto3"; package envoy.api.v2.filter.http; -import "api/rds.proto"; -import "api/filter/fault.proto"; +import "envoy/api/v2/filter/fault.proto"; +import "envoy/api/v2/route/route.proto"; import "validate/validate.proto"; @@ -46,7 +46,7 @@ message HTTPFault { // config. A match will happen if all the headers in the config are present in // the request with the same values (or based on presence if the *value* field // is not in the config). - repeated HeaderMatcher headers = 4; + repeated route.HeaderMatcher headers = 4; // Faults are injected for the specified list of downstream hosts. If this // setting is not set, faults are injected for all downstream nodes. diff --git a/api/filter/http/gzip.proto b/envoy/api/v2/filter/http/gzip.proto similarity index 100% rename from api/filter/http/gzip.proto rename to envoy/api/v2/filter/http/gzip.proto diff --git a/api/filter/http/health_check.proto b/envoy/api/v2/filter/http/health_check.proto similarity index 97% rename from api/filter/http/health_check.proto rename to envoy/api/v2/filter/http/health_check.proto index c1266955..814facb8 100644 --- a/api/filter/http/health_check.proto +++ b/envoy/api/v2/filter/http/health_check.proto @@ -5,7 +5,7 @@ package envoy.api.v2.filter.http; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -import "api/base.proto"; +import "envoy/api/v2/base.proto"; import "validate/validate.proto"; // [#protodoc-title: Health check] diff --git a/api/filter/http/ip_tagging.proto b/envoy/api/v2/filter/http/ip_tagging.proto similarity index 96% rename from api/filter/http/ip_tagging.proto rename to envoy/api/v2/filter/http/ip_tagging.proto index dcfd6cd9..d7a1f5d0 100644 --- a/api/filter/http/ip_tagging.proto +++ b/envoy/api/v2/filter/http/ip_tagging.proto @@ -4,7 +4,7 @@ syntax = "proto3"; package envoy.api.v2.filter.http; -import "api/address.proto"; +import "envoy/api/v2/address.proto"; // This is an HTTP filter which enables Envoy to tag requests with extra // information such as location, cloud source, and any extra data. This is diff --git a/api/filter/http/lua.proto b/envoy/api/v2/filter/http/lua.proto similarity index 100% rename from api/filter/http/lua.proto rename to envoy/api/v2/filter/http/lua.proto diff --git a/api/filter/http/rate_limit.proto b/envoy/api/v2/filter/http/rate_limit.proto similarity index 100% rename from api/filter/http/rate_limit.proto rename to envoy/api/v2/filter/http/rate_limit.proto diff --git a/api/filter/http/router.proto b/envoy/api/v2/filter/http/router.proto similarity index 92% rename from api/filter/http/router.proto rename to envoy/api/v2/filter/http/router.proto index 5451eed9..e75b76ab 100644 --- a/api/filter/http/router.proto +++ b/envoy/api/v2/filter/http/router.proto @@ -1,8 +1,9 @@ syntax = "proto3"; package envoy.api.v2.filter.http; +option go_package = "http"; -import "api/filter/accesslog/accesslog.proto"; +import "envoy/api/v2/filter/accesslog/accesslog.proto"; import "google/protobuf/wrappers.proto"; diff --git a/api/filter/http/squash.proto b/envoy/api/v2/filter/http/squash.proto similarity index 100% rename from api/filter/http/squash.proto rename to envoy/api/v2/filter/http/squash.proto diff --git a/api/filter/http/transcoder.proto b/envoy/api/v2/filter/http/transcoder.proto similarity index 100% rename from api/filter/http/transcoder.proto rename to envoy/api/v2/filter/http/transcoder.proto diff --git a/api/filter/network/BUILD b/envoy/api/v2/filter/network/BUILD similarity index 50% rename from api/filter/network/BUILD rename to envoy/api/v2/filter/network/BUILD index e87026ce..7530df95 100644 --- a/api/filter/network/BUILD +++ b/envoy/api/v2/filter/network/BUILD @@ -6,26 +6,26 @@ api_proto_library( name = "http_connection_manager", srcs = ["http_connection_manager.proto"], deps = [ - "//api:base", - "//api:config_source", - "//api:protocol", - "//api:rds", - "//api/filter/accesslog", + "//envoy/api/v2:base", + "//envoy/api/v2:config_source", + "//envoy/api/v2:protocol", + "//envoy/api/v2/filter/accesslog", + "//envoy/api/v2/route", ], ) api_proto_library( name = "mongo_proxy", srcs = ["mongo_proxy.proto"], - deps = ["//api/filter:fault"], + deps = ["//envoy/api/v2/filter:fault"], ) api_proto_library( name = "tcp_proxy", srcs = ["tcp_proxy.proto"], deps = [ - "//api:address", - "//api/filter/accesslog", + "//envoy/api/v2:address", + "//envoy/api/v2/filter/accesslog", ], ) @@ -37,17 +37,31 @@ api_proto_library( api_proto_library( name = "client_ssl_auth", srcs = ["client_ssl_auth.proto"], - deps = ["//api:address"], + deps = ["//envoy/api/v2:address"], ) api_proto_library( name = "rate_limit", srcs = ["rate_limit.proto"], - deps = ["//api:rls"], + deps = ["//envoy/api/v2/ratelimit"], ) api_proto_library( name = "ext_authz", srcs = ["ext_authz.proto"], - deps = ["//api:grpc_service"], + deps = ["//envoy/api/v2:grpc_service"], +) + +proto_library( + name = "network", + visibility = ["//envoy:__pkg__"], + deps = [ + ":client_ssl_auth", + ":ext_authz", + ":http_connection_manager", + ":mongo_proxy", + ":rate_limit", + ":redis_proxy", + ":tcp_proxy", + ], ) diff --git a/api/filter/network/client_ssl_auth.proto b/envoy/api/v2/filter/network/client_ssl_auth.proto similarity index 97% rename from api/filter/network/client_ssl_auth.proto rename to envoy/api/v2/filter/network/client_ssl_auth.proto index 0270a920..e115b4f6 100644 --- a/api/filter/network/client_ssl_auth.proto +++ b/envoy/api/v2/filter/network/client_ssl_auth.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package envoy.api.v2.filter.network; -import "api/address.proto"; +import "envoy/api/v2/address.proto"; import "google/protobuf/duration.proto"; import "validate/validate.proto"; diff --git a/api/filter/network/ext_authz.proto b/envoy/api/v2/filter/network/ext_authz.proto similarity index 95% rename from api/filter/network/ext_authz.proto rename to envoy/api/v2/filter/network/ext_authz.proto index a256caaa..5cfdf410 100644 --- a/api/filter/network/ext_authz.proto +++ b/envoy/api/v2/filter/network/ext_authz.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package envoy.api.v2.filter.network; -import "api/grpc_service.proto"; +import "envoy/api/v2/grpc_service.proto"; import "validate/validate.proto"; diff --git a/api/filter/network/http_connection_manager.proto b/envoy/api/v2/filter/network/http_connection_manager.proto similarity index 97% rename from api/filter/network/http_connection_manager.proto rename to envoy/api/v2/filter/network/http_connection_manager.proto index 8f89bc75..00de62f3 100644 --- a/api/filter/network/http_connection_manager.proto +++ b/envoy/api/v2/filter/network/http_connection_manager.proto @@ -3,11 +3,10 @@ syntax = "proto3"; package envoy.api.v2.filter.network; option go_package = "network"; -import "api/base.proto"; -import "api/config_source.proto"; -import "api/protocol.proto"; -import "api/rds.proto"; -import "api/filter/accesslog/accesslog.proto"; +import "envoy/api/v2/config_source.proto"; +import "envoy/api/v2/protocol.proto"; +import "envoy/api/v2/filter/accesslog/accesslog.proto"; +import "envoy/api/v2/route/route.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; @@ -52,7 +51,7 @@ message HttpConnectionManager { Rds rds = 3; // The route table for the connection manager is static and is specified in this property. - RouteConfiguration route_config = 4; + route.RouteConfiguration route_config = 4; } // A list of individual HTTP filters that make up the filter chain for @@ -85,7 +84,7 @@ message HttpConnectionManager { // Presence of the object defines whether the connection manager // emits :ref:`tracing ` data to the :ref:`configured tracing provider - // `. + // `. Tracing tracing = 7; // Additional HTTP/1 settings that are passed to the HTTP/1 codec. diff --git a/api/filter/network/mongo_proxy.proto b/envoy/api/v2/filter/network/mongo_proxy.proto similarity index 95% rename from api/filter/network/mongo_proxy.proto rename to envoy/api/v2/filter/network/mongo_proxy.proto index cd16906d..f4540c4a 100644 --- a/api/filter/network/mongo_proxy.proto +++ b/envoy/api/v2/filter/network/mongo_proxy.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package envoy.api.v2.filter.network; -import "api/filter/fault.proto"; +import "envoy/api/v2/filter/fault.proto"; import "validate/validate.proto"; diff --git a/api/filter/network/rate_limit.proto b/envoy/api/v2/filter/network/rate_limit.proto similarity index 84% rename from api/filter/network/rate_limit.proto rename to envoy/api/v2/filter/network/rate_limit.proto index 6ef06329..0d3f5f6a 100644 --- a/api/filter/network/rate_limit.proto +++ b/envoy/api/v2/filter/network/rate_limit.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package envoy.api.v2.filter.network; -import "api/rls.proto"; +import "envoy/api/v2/ratelimit/ratelimit.proto"; import "google/protobuf/duration.proto"; import "validate/validate.proto"; @@ -18,7 +18,7 @@ message RateLimit { string domain = 2 [(validate.rules).string.min_bytes = 1]; // The rate limit descriptor list to use in the rate limit service request. - repeated RateLimitDescriptor descriptors = 3 [(validate.rules).repeated .min_items = 1]; + repeated ratelimit.RateLimitDescriptor descriptors = 3 [(validate.rules).repeated .min_items = 1]; // The timeout in milliseconds for the rate limit service RPC. If not // set, this defaults to 20ms. diff --git a/api/filter/network/redis_proxy.proto b/envoy/api/v2/filter/network/redis_proxy.proto similarity index 100% rename from api/filter/network/redis_proxy.proto rename to envoy/api/v2/filter/network/redis_proxy.proto diff --git a/api/filter/network/tcp_proxy.proto b/envoy/api/v2/filter/network/tcp_proxy.proto similarity index 90% rename from api/filter/network/tcp_proxy.proto rename to envoy/api/v2/filter/network/tcp_proxy.proto index 022e31e2..8febffaa 100644 --- a/api/filter/network/tcp_proxy.proto +++ b/envoy/api/v2/filter/network/tcp_proxy.proto @@ -1,10 +1,9 @@ syntax = "proto3"; package envoy.api.v2.filter.network; -option go_package = "network"; -import "api/filter/accesslog/accesslog.proto"; -import "api/address.proto"; +import "envoy/api/v2/filter/accesslog/accesslog.proto"; +import "envoy/api/v2/address.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; @@ -25,10 +24,10 @@ message TcpProxy { // // Once full filter chain matching is implemented in listeners, this field will become the only // way to configure the target cluster. All other matching will be done via :ref:`filter chain - // matching rules `. For very simple configurations, this field - // can still be used to select the cluster when no other matching rules are required. Otherwise, - // a :ref:`deprecated_v1 ` configuration - // is required to use more complex routing in the interim. + // matching rules `. For very simple configurations, + // this field can still be used to select the cluster when no other matching rules are required. + // Otherwise, a :ref:`deprecated_v1 ` + // configuration is required to use more complex routing in the interim. // string cluster = 2; @@ -55,7 +54,7 @@ message TcpProxy { // TCP Proxy filter configuration using V1 format, until Envoy gets the // ability to match source/destination at the listener level (called - // :ref:`filter chain match `). + // :ref:`filter chain match `). message DeprecatedV1 { // A TCP proxy route consists of a set of optional L4 criteria and the // name of a cluster. If a downstream connection matches all the diff --git a/api/grpc_service.proto b/envoy/api/v2/grpc_service.proto similarity index 94% rename from api/grpc_service.proto rename to envoy/api/v2/grpc_service.proto index fba11378..ab3e8067 100644 --- a/api/grpc_service.proto +++ b/envoy/api/v2/grpc_service.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package envoy.api.v2; -import "api/base.proto"; +import "envoy/api/v2/base.proto"; import "google/protobuf/duration.proto"; @@ -16,8 +16,8 @@ import "validate/validate.proto"; message GrpcService { message EnvoyGrpc { // The name of the upstream gRPC cluster. SSL credentials will be supplied - // in the :ref:`Cluster ` :ref:`tls_context - // `. + // in the :ref:`Cluster ` :ref:`tls_context + // `. string cluster_name = 1 [(validate.rules).string.min_bytes = 1]; } diff --git a/api/health_check.proto b/envoy/api/v2/health_check.proto similarity index 100% rename from api/health_check.proto rename to envoy/api/v2/health_check.proto diff --git a/envoy/api/v2/listener/BUILD b/envoy/api/v2/listener/BUILD new file mode 100644 index 00000000..f6261132 --- /dev/null +++ b/envoy/api/v2/listener/BUILD @@ -0,0 +1,23 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "listener", + srcs = ["listener.proto"], + deps = [ + "//envoy/api/v2:address", + "//envoy/api/v2:base", + "//envoy/api/v2/auth:cert", + ], +) + +api_go_proto_library( + name = "listener", + proto = ":listener", + deps = [ + "//envoy/api/v2:address_go_proto", + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2/auth:cert_go_proto", + ], +) diff --git a/api/lds.proto b/envoy/api/v2/listener/listener.proto similarity index 82% rename from api/lds.proto rename to envoy/api/v2/listener/listener.proto index 02fcc5bf..d328964e 100644 --- a/api/lds.proto +++ b/envoy/api/v2/listener/listener.proto @@ -1,37 +1,20 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.api.v2.listener; +option go_package = "listener"; -import "api/address.proto"; -import "api/base.proto"; -import "api/discovery.proto"; -import "api/sds.proto"; +import "envoy/api/v2/address.proto"; +import "envoy/api/v2/auth/cert.proto"; +import "envoy/api/v2/base.proto"; -import "google/api/annotations.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; -// [#protodoc-title: Listeners and LDS] +// [#protodoc-title: Listeners] // Listener :ref:`configuration overview ` -// The Envoy instance initiates an RPC at startup to discover a list of -// listeners. Updates are delivered via streaming from the LDS server and -// consist of a complete update of all listeners. Existing connections will be -// allowed to drain from listeners that are no longer present. -service ListenerDiscoveryService { - rpc StreamListeners(stream DiscoveryRequest) returns (stream DiscoveryResponse) { - } - - rpc FetchListeners(DiscoveryRequest) returns (DiscoveryResponse) { - option (google.api.http) = { - post: "/v2/discovery:listeners" - body: "*" - }; - } -} - message Listener { // The unique name by which this listener is known. If no name is provided, // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically @@ -47,18 +30,19 @@ message Listener { Address address = 2 [(validate.rules).message.required = true]; // A list of filter chains to consider for this listener. The - // :ref:`FilterChain ` with the most specific :ref:`FilterChainMatch - // ` criteria is used on a connection. + // :ref:`FilterChain ` with the most specific + // :ref:`FilterChainMatch ` criteria is used on a + // connection. // // .. attention:: // // In the current version, multiple filter chains are supported **only** so that SNI can be // configured. See the :ref:`FAQ entry ` on how to configure SNI for more // information. When multiple filter chains are configured, each filter chain must have an - // **identical** set of :ref:`filters `. If the filters - // differ, the configuration will fail to load. In the future, this limitation will be relaxed - // such that different filters can be used depending on which filter chain matches (based on SNI - // or some other parameter). + // **identical** set of :ref:`filters `. If the + // filters differ, the configuration will fail to load. In the future, this limitation will be + // relaxed such that different filters can be used depending on which filter chain matches + // (based on SNI or some other parameter). repeated FilterChain filter_chains = 3 [(validate.rules).repeated .min_items = 1]; // If a connection is redirected using *iptables*, the port on which the proxy @@ -70,12 +54,12 @@ message Listener { // .. attention:: // // This field is deprecated. Use :ref:`an original_dst ` - // :ref:`listener filter ` instead. + // :ref:`listener filter ` instead. // // Note that hand off to another listener is *NOT* performed without this flag. Once - // :ref:`FilterChainMatch ` is implemented this flag will be - // removed, as filter chain matching can be used to select a filter chain based on the restored - // destination address. + // :ref:`FilterChainMatch ` is implemented this flag + // will be removed, as filter chain matching can be used to select a filter chain based on the + // restored destination address. google.protobuf.BoolValue use_original_dst = 4 [deprecated = true]; // Soft limit on size of the listener’s new connection read and write buffers. @@ -116,9 +100,9 @@ message Listener { // Listener filters have the opportunity to manipulate and augment the connection metadata that // is used in connection filter chain matching, for example. These filters are run before any in - // :ref:`filter_chains `. Order matters as the filters - // are processed sequentially right after a socket has been accepted by the listener, and before - // a connection is created. + // :ref:`filter_chains `. Order matters as the + // filters are processed sequentially right after a socket has been accepted by the listener, and + // before a connection is created. repeated ListenerFilter listener_filters = 9; } @@ -200,7 +184,7 @@ message FilterChain { FilterChainMatch filter_chain_match = 1; // The TLS context for this filter chain. - DownstreamTlsContext tls_context = 2; + auth.DownstreamTlsContext tls_context = 2; // A list of individual network filters that make up the filter chain for // connections established with the listener. Order matters as the filters are diff --git a/api/protocol.proto b/envoy/api/v2/protocol.proto similarity index 100% rename from api/protocol.proto rename to envoy/api/v2/protocol.proto diff --git a/envoy/api/v2/ratelimit/BUILD b/envoy/api/v2/ratelimit/BUILD new file mode 100644 index 00000000..76db38ad --- /dev/null +++ b/envoy/api/v2/ratelimit/BUILD @@ -0,0 +1,13 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "ratelimit", + srcs = ["ratelimit.proto"], +) + +api_go_proto_library( + name = "ratelimit", + proto = ":ratelimit", +) diff --git a/envoy/api/v2/ratelimit/ratelimit.proto b/envoy/api/v2/ratelimit/ratelimit.proto new file mode 100644 index 00000000..47818cdc --- /dev/null +++ b/envoy/api/v2/ratelimit/ratelimit.proto @@ -0,0 +1,62 @@ +syntax = "proto3"; + +package envoy.api.v2.ratelimit; +option go_package = "ratelimit"; + +import "validate/validate.proto"; + +// [#protodoc-title: Common rate limit components] + +// A RateLimitDescriptor is a list of hierarchical entries that are used by the service to +// determine the final rate limit key and overall allowed limit. Here are some examples of how +// they might be used for the domain "envoy". +// +// .. code-block:: cpp +// +// ["authenticated": "false"], ["remote_address": "10.0.0.1"] +// +// What it does: Limits all unauthenticated traffic for the IP address 10.0.0.1. The +// configuration supplies a default limit for the *remote_address* key. If there is a desire to +// raise the limit for 10.0.0.1 or block it entirely it can be specified directly in the +// configuration. +// +// .. code-block:: cpp +// +// ["authenticated": "false"], ["path": "/foo/bar"] +// +// What it does: Limits all unauthenticated traffic globally for a specific path (or prefix if +// configured that way in the service). +// +// .. code-block:: cpp +// +// ["authenticated": "false"], ["path": "/foo/bar"], ["remote_address": "10.0.0.1"] +// +// What it does: Limits unauthenticated traffic to a specific path for a specific IP address. +// Like (1) we can raise/block specific IP addresses if we want with an override configuration. +// +// .. code-block:: cpp +// +// ["authenticated": "true"], ["client_id": "foo"] +// +// What it does: Limits all traffic for an authenticated client "foo" +// +// .. code-block:: cpp +// +// ["authenticated": "true"], ["client_id": "foo"], ["path": "/foo/bar"] +// +// What it does: Limits traffic to a specific path for an authenticated client "foo" +// +// The idea behind the API is that (1)/(2)/(3) and (4)/(5) can be sent in 1 request if desired. +// This enables building complex application scenarios with a generic backend. +message RateLimitDescriptor { + message Entry { + // Descriptor key. + string key = 1 [(validate.rules).string.min_bytes = 1]; + + // Descriptor value. + string value = 2 [(validate.rules).string.min_bytes = 1]; + } + + // Descriptor entries. + repeated Entry entries = 1 [(validate.rules).repeated .min_items = 1]; +} diff --git a/envoy/api/v2/route/BUILD b/envoy/api/v2/route/BUILD new file mode 100644 index 00000000..53fc2e1f --- /dev/null +++ b/envoy/api/v2/route/BUILD @@ -0,0 +1,21 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "route", + srcs = ["route.proto"], + deps = [ + "//envoy/api/v2:base", + "//envoy/api/v2/auth", + ], +) + +api_go_proto_library( + name = "route", + proto = ":route", + deps = [ + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2/auth:auth_go_proto", + ], +) diff --git a/api/rds.proto b/envoy/api/v2/route/route.proto similarity index 92% rename from api/rds.proto rename to envoy/api/v2/route/route.proto index 0ecf672d..ae13c4f4 100644 --- a/api/rds.proto +++ b/envoy/api/v2/route/route.proto @@ -1,36 +1,18 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.api.v2.route; +option go_package = "route"; -import "api/auth.proto"; -import "api/base.proto"; -import "api/discovery.proto"; +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/auth/auth.proto"; -import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; import "gogoproto/gogo.proto"; -// [#protodoc-title: HTTP route management and RDS] - -// The resource_names field in DiscoveryRequest specifies a route configuration. -// This allows an Envoy configuration with multiple HTTP listeners (and -// associated HTTP connection manager filters) to use different route -// configurations. Each listener will bind its HTTP connection manager filter to -// a route table via this identifier. -service RouteDiscoveryService { - rpc StreamRoutes(stream DiscoveryRequest) returns (stream DiscoveryResponse) { - } - - rpc FetchRoutes(DiscoveryRequest) returns (DiscoveryResponse) { - option (google.api.http) = { - post: "/v2/discovery:routes" - body: "*" - }; - } -} +// [#protodoc-title: HTTP route management] // * Routing :ref:`architecture overview ` // * HTTP :ref:`router filter ` @@ -51,8 +33,8 @@ message RouteConfiguration { // Specifies a list of HTTP headers that should be added to each response that // the connection manager encodes. Headers specified at this level are applied - // after headers from any enclosed :ref:`envoy_api_msg_VirtualHost` or - // :ref:`envoy_api_msg_RouteAction`. For more information, including details on + // after headers from any enclosed :ref:`envoy_api_msg_route.VirtualHost` or + // :ref:`envoy_api_msg_route.RouteAction`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. repeated HeaderValueOption response_headers_to_add = 4; @@ -63,8 +45,8 @@ message RouteConfiguration { // Specifies a list of HTTP headers that should be added to each request // routed by the HTTP connection manager. Headers specified at this level are - // applied after headers from any enclosed :ref:`envoy_api_msg_VirtualHost` or - // :ref:`envoy_api_msg_RouteAction`. For more information, including details on + // applied after headers from any enclosed :ref:`envoy_api_msg_route.VirtualHost` or + // :ref:`envoy_api_msg_route.RouteAction`. For more information, including details on // header value syntax, see the documentation on :ref:`custom request headers // `. repeated HeaderValueOption request_headers_to_add = 6; @@ -139,17 +121,17 @@ message VirtualHost { // Specifies a list of HTTP headers that should be added to each request // handled by this virtual host. Headers specified at this level are applied - // after headers from enclosed :ref:`envoy_api_msg_RouteAction` and before headers from the - // enclosing :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on - // header value syntax, see the documentation on :ref:`custom request headers + // after headers from enclosed :ref:`envoy_api_msg_route.RouteAction` and before headers from the + // enclosing :ref:`envoy_api_msg_route.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers // `. repeated HeaderValueOption request_headers_to_add = 7; // Specifies a list of HTTP headers that should be added to each response // handled by this virtual host. Headers specified at this level are applied - // after headers from enclosed :ref:`envoy_api_msg_RouteAction` and before headers from the - // enclosing :ref:`envoy_api_msg_RouteConfiguration`. For more information, including details on - // header value syntax, see the documentation on :ref:`custom request headers + // after headers from enclosed :ref:`envoy_api_msg_route.RouteAction` and before headers from the + // enclosing :ref:`envoy_api_msg_route.RouteConfiguration`. For more information, including + // details on header value syntax, see the documentation on :ref:`custom request headers // `. repeated HeaderValueOption response_headers_to_add = 10; @@ -171,7 +153,7 @@ message VirtualHost { // .. attention:: // // Envoy supports routing on HTTP method via :ref:`header matching -// `. +// `. message Route { // Route matching parameters. RouteMatch match = 1 [(validate.rules).message.required = true]; @@ -204,9 +186,9 @@ message Route { auth.AuthAction auth = 6; } -// Compared to the :ref:`cluster ` field that specifies a +// Compared to the :ref:`cluster ` field that specifies a // single upstream cluster as the target of a request, the :ref:`weighted_clusters -// ` option allows for specification of +// ` option allows for specification of // multiple upstream clusters along with weights that indicate the percentage of // traffic to be forwarded to each cluster. The router selects an upstream cluster based on the // weights. @@ -418,7 +400,7 @@ message RouteAction { // .. note:: // // If left unspecified, Envoy will use the global - // :ref:`route timeout ` for the request. + // :ref:`route timeout ` for the request. // Consequently, when using a :ref:`5xx ` based // retry policy, a request that times out will not be retried as the total timeout budget // would have been exhausted. @@ -459,15 +441,16 @@ message RouteAction { // Specifies a set of headers that will be added to requests matching this // route. Headers specified at this level are applied before headers from the - // enclosing :ref:`envoy_api_msg_VirtualHost` and :ref:`envoy_api_msg_RouteConfiguration`. - // For more information, including details on header value syntax, see the documentation on - // :ref:`custom request headers `. + // enclosing :ref:`envoy_api_msg_route.VirtualHost` and + // :ref:`envoy_api_msg_route.RouteConfiguration`. For more information, including details on + // header value syntax, see the documentation on :ref:`custom request headers + // `. repeated HeaderValueOption request_headers_to_add = 12; // Specifies a set of headers that will be added to responses to requests // matching this route. Headers specified at this level are applied before - // headers from the enclosing :ref:`envoy_api_msg_VirtualHost` and - // :ref:`envoy_api_msg_RouteConfiguration`. For more information, including + // headers from the enclosing :ref:`envoy_api_msg_route.VirtualHost` and + // :ref:`envoy_api_msg_route.RouteConfiguration`. For more information, including // details on header value syntax, see the documentation on // :ref:`custom request headers `. repeated HeaderValueOption response_headers_to_add = 18; @@ -482,7 +465,8 @@ message RouteAction { // Specifies if the rate limit filter should include the virtual host rate // limits. By default, if the route configured rate limits, the virtual host - // :ref:`rate_limits ` are not applied to the request. + // :ref:`rate_limits ` are not applied to the + // request. google.protobuf.BoolValue include_vh_rate_limits = 14; // Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer @@ -614,7 +598,7 @@ message DirectResponseAction { // .. note:: // // Headers can be specified using *response_headers_to_add* in - // :ref:`envoy_api_msg_RouteConfiguration`. + // :ref:`envoy_api_msg_route.RouteConfiguration`. DataSource body = 2; } @@ -703,14 +687,14 @@ message RateLimit { // ("destination_cluster", "") // // Once a request matches against a route table rule, a routed cluster is determined by one of - // the following :ref:`route table configuration ` + // the following :ref:`route table configuration ` // settings: // - // * :ref:`cluster ` indicates the upstream cluster + // * :ref:`cluster ` indicates the upstream cluster // to route to. - // * :ref:`weighted_clusters ` + // * :ref:`weighted_clusters ` // chooses a cluster randomly from a set of clusters with attributed weight. - // * :ref:`cluster_header ` indicates which + // * :ref:`cluster_header ` indicates which // header in the request contains the target cluster. message DestinationCluster { } diff --git a/envoy/config/accesslog/v2/BUILD b/envoy/config/accesslog/v2/BUILD new file mode 100644 index 00000000..52b740d5 --- /dev/null +++ b/envoy/config/accesslog/v2/BUILD @@ -0,0 +1,9 @@ +load("//bazel:api_build_system.bzl", "api_proto_library") + +api_proto_library( + name = "als", + srcs = ["als.proto"], + deps = [ + "//envoy/api/v2:grpc_service", + ], +) diff --git a/envoy/config/accesslog/v2/als.proto b/envoy/config/accesslog/v2/als.proto new file mode 100644 index 00000000..1bd2425f --- /dev/null +++ b/envoy/config/accesslog/v2/als.proto @@ -0,0 +1,42 @@ +syntax = "proto3"; + +package envoy.config.accesslog.v2; +option go_package = "accesslog"; + +import "envoy/api/v2/grpc_service.proto"; + +import "validate/validate.proto"; + +// Configuration for the built-in *envoy.tcp_grpc_access_log* type. This configuration will +// populate *StreamAccessLogsMessage.tcp_logs*. +// [#not-implemented-hide:] +// [#comment:TODO(mattklein123): Block type in non-tcp proxy cases?] +message TcpGrpcAccessLogConfig { + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message.required = true]; +} + +// Configuration for the built-in *envoy.http_grpc_access_log* type. This configuration will +// populate *StreamAccessLogsMessage.http_logs*. +// [#not-implemented-hide:] +// [#comment:TODO(mattklein123): Block type in non-http/router proxy cases?] +message HttpGrpcAccessLogConfig { + CommonGrpcAccessLogConfig common_config = 1 [(validate.rules).message.required = true]; + + // Additional request headers to log in *HTTPRequestProperties.request_headers*. + repeated string additional_request_headers_to_log = 2; + + // Additional response headers to log in *HTTPResponseProperties.response_headers*. + repeated string additional_response_headers_to_log = 3; +} + +// Common configuration for gRPC access logs. +// [#not-implemented-hide:] +message CommonGrpcAccessLogConfig { + // The friendly name of the access log to be returned in StreamAccessLogsMessage.Identifier. This + // allows the access log server to differentiate between different access logs coming from the + // same Envoy. + string log_name = 1 [(validate.rules).string.min_bytes = 1]; + + // The gRPC service for the access log service. + envoy.api.v2.GrpcService grpc_service = 2 [(validate.rules).message.required = true]; +} diff --git a/envoy/config/bootstrap/v2/BUILD b/envoy/config/bootstrap/v2/BUILD new file mode 100644 index 00000000..d089ce07 --- /dev/null +++ b/envoy/config/bootstrap/v2/BUILD @@ -0,0 +1,37 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "bootstrap", + srcs = ["bootstrap.proto"], + deps = [ + "//envoy/api/v2:address", + "//envoy/api/v2:base", + "//envoy/api/v2:config_source", + "//envoy/api/v2/auth:cert", + "//envoy/api/v2/cluster", + "//envoy/api/v2/listener", + "//envoy/config/metrics/v2:metrics_service", + "//envoy/config/metrics/v2:stats", + "//envoy/config/ratelimit/v2:rls", + "//envoy/config/trace/v2:trace", + ], +) + +api_go_proto_library( + name = "bootstrap", + proto = ":bootstrap", + deps = [ + "//envoy/api/v2:address_go_proto", + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2:config_source_go_proto", + "//envoy/api/v2/auth:cert_go_proto", + "//envoy/api/v2/cluster:cluster_go_proto", + "//envoy/api/v2/listener:listener_go_proto", + "//envoy/config/metrics/v2:metrics_service_go_proto", + "//envoy/config/metrics/v2:stats_go_proto", + "//envoy/config/ratelimit/v2:rls_go_grpc", + "//envoy/config/trace/v2:trace_go_proto", + ], +) diff --git a/api/bootstrap.proto b/envoy/config/bootstrap/v2/bootstrap.proto similarity index 78% rename from api/bootstrap.proto rename to envoy/config/bootstrap/v2/bootstrap.proto index cf60bf78..b044e46c 100644 --- a/api/bootstrap.proto +++ b/envoy/config/bootstrap/v2/bootstrap.proto @@ -5,17 +5,18 @@ syntax = "proto3"; -package envoy.api.v2; - -import "api/address.proto"; -import "api/base.proto"; -import "api/config_source.proto"; -import "api/cds.proto"; -import "api/grpc_service.proto"; -import "api/lds.proto"; -import "api/sds.proto"; -import "api/stats.proto"; -import "api/trace.proto"; +package envoy.config.bootstrap.v2; +option go_package = "bootstrap"; + +import "envoy/api/v2/address.proto"; +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/auth/cert.proto"; +import "envoy/api/v2/config_source.proto"; +import "envoy/api/v2/cluster/cluster.proto"; +import "envoy/api/v2/listener/listener.proto"; +import "envoy/config/trace/v2/trace.proto"; +import "envoy/config/metrics/v2/stats.proto"; +import "envoy/config/ratelimit/v2/rls.proto"; import "google/protobuf/duration.proto"; @@ -26,36 +27,36 @@ import "gogoproto/gogo.proto"; message Bootstrap { // Node identity to present to the management server and for instance // identification purposes (e.g. in generated headers). - Node node = 1; + envoy.api.v2.Node node = 1; message StaticResources { - // Static :ref:`Listeners `. These listeners are + // Static :ref:`Listeners `. These listeners are // available regardless of LDS configuration. - repeated Listener listeners = 1; + repeated envoy.api.v2.listener.Listener listeners = 1; // If a network based configuration source is specified for :ref:`cds_config - // `, it's necessary + // `, it's necessary // to have some initial cluster definitions available to allow Envoy to know // how to speak to the management server. These cluster definitions may not // use :ref:`EDS ` (i.e. they should be static // IP or DNS-based). - repeated Cluster clusters = 2; + repeated envoy.api.v2.cluster.Cluster clusters = 2; // [#not-implemented-hide:] - repeated Secret secrets = 3; + repeated envoy.api.v2.auth.Secret secrets = 3; } // Statically specified resources. StaticResources static_resources = 2; message DynamicResources { - // All :ref:`Listeners ` are provided by a single + // All :ref:`Listeners ` are provided by a single // :ref:`LDS ` configuration source. - ConfigSource lds_config = 1; + envoy.api.v2.ConfigSource lds_config = 1; - // All post-bootstrap :ref:`Cluster ` definitions are + // All post-bootstrap :ref:`Cluster ` definitions are // provided by a single :ref:`CDS ` // configuration source. - ConfigSource cds_config = 2; + envoy.api.v2.ConfigSource cds_config = 2; // A single :ref:`ADS ` source may be optionally // specified. This must have :ref:`api_type @@ -64,14 +65,14 @@ message Bootstrap { // :ref:`ConfigSources ` that have // the :ref:`ads ` field set will be // streamed on the ADS channel. - ApiConfigSource ads_config = 3; + envoy.api.v2.ApiConfigSource ads_config = 3; message DeprecatedV1 { // This is the global :ref:`SDS ` config // when using v1 REST for :ref:`CDS // `/:ref:`EDS // `. - ConfigSource sds_config = 1; + envoy.api.v2.ConfigSource sds_config = 1; } // [#not-implemented-hide:] @@ -88,10 +89,10 @@ message Bootstrap { string flags_path = 5; // Optional set of stats sinks. - repeated StatsSink stats_sinks = 6; + repeated envoy.config.metrics.v2.StatsSink stats_sinks = 6; // Configuration for internal processing of stats. - StatsConfig stats_config = 13; + envoy.config.metrics.v2.StatsConfig stats_config = 13; // Optional duration between flushes to configured stats sinks. For // performance reasons Envoy latches counters and only flushes counters and @@ -104,12 +105,12 @@ message Bootstrap { // Configuration for an external tracing provider. If not specified, no // tracing will be performed. - Tracing tracing = 9; + envoy.config.trace.v2.Tracing tracing = 9; // Configuration for an external rate limit service provider. If not // specified, any calls to the rate limit service will immediately return // success. - RateLimitServiceConfig rate_limit_service = 10; + envoy.config.ratelimit.v2.RateLimitServiceConfig rate_limit_service = 10; // Configuration for the runtime configuration provider. If not specified, a // “null” provider will be used which will result in all defaults being used. @@ -131,7 +132,8 @@ message Admin { string profile_path = 2; // The TCP address that the administration server will listen on. - Address address = 3 [(validate.rules).message.required = true, (gogoproto.nullable) = false]; + envoy.api.v2.Address address = 3 + [(validate.rules).message.required = true, (gogoproto.nullable) = false]; } // Cluster manager :ref:`architecture overview `. @@ -142,7 +144,7 @@ message ClusterManager { // If *local_cluster_name* is defined then :ref:`clusters // ` must be defined in the :ref:`Bootstrap // static cluster resources - // `. This is unrelated to + // `. This is unrelated to // the :option:`--service-cluster` option which does not `affect zone aware // routing `_. string local_cluster_name = 1; @@ -156,12 +158,12 @@ message ClusterManager { // Optional configuration used to bind newly established upstream connections. // This may be overridden on a per-cluster basis by upstream_bind_config in the cds_config. - BindConfig upstream_bind_config = 3; + envoy.api.v2.BindConfig upstream_bind_config = 3; // A management server endpoint to stream load stats to via // *StreamLoadStats*. This must have :ref:`api_type ` // :ref:`GRPC `. - ApiConfigSource load_stats_config = 4; + envoy.api.v2.ApiConfigSource load_stats_config = 4; } // Envoy process watchdog configuration. When configured, this monitors for @@ -209,23 +211,3 @@ message Runtime { // configuration. See below for exactly how the override directory is used. string override_subdirectory = 3; } - -// Rate limit :ref:`configuration overview `. -message RateLimitServiceConfig { - oneof service_specifier { - option (validate.required) = true; - - // Specifies the cluster manager cluster name that hosts the rate limit - // service. The client will connect to this cluster when it needs to make - // rate limit service requests. This field is deprecated and `grpc_service` - // should be used instead. The :ref:`Envoy gRPC client - // ` will be used when this field is - // specified. - string cluster_name = 1 [(validate.rules).string.min_bytes = 1, deprecated = true]; - - // Specifies the gRPC service that hosts the rate limit service. The client - // will connect to this cluster when it needs to make rate limit service - // requests. - GrpcService grpc_service = 2; - } -} diff --git a/envoy/config/metrics/v2/BUILD b/envoy/config/metrics/v2/BUILD new file mode 100644 index 00000000..1e73614d --- /dev/null +++ b/envoy/config/metrics/v2/BUILD @@ -0,0 +1,35 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "metrics_service", + srcs = ["metrics_service.proto"], + deps = [ + "//envoy/api/v2:grpc_service", + ], +) + +api_go_proto_library( + name = "metrics_service", + proto = ":metrics_service", + deps = [ + "//envoy/api/v2:grpc_service_go_proto", + ], +) + +api_proto_library( + name = "stats", + srcs = ["stats.proto"], + deps = [ + "//envoy/api/v2:address", + ], +) + +api_go_proto_library( + name = "stats", + proto = ":stats", + deps = [ + "//envoy/api/v2:address_go_proto", + ], +) diff --git a/envoy/config/metrics/v2/metrics_service.proto b/envoy/config/metrics/v2/metrics_service.proto new file mode 100644 index 00000000..9faa7306 --- /dev/null +++ b/envoy/config/metrics/v2/metrics_service.proto @@ -0,0 +1,19 @@ +syntax = "proto3"; + +// [#proto-status: draft] + +// [#protodoc-title: Metrics Service] + +package envoy.config.metrics.v2; + +import "envoy/api/v2/grpc_service.proto"; + +import "validate/validate.proto"; + +// Metrics Service is configured as a built-in *envoy.metrics_service* :ref:`StatsSink +// `. This opaque configuration will be used to create +// Metrics Service. +message MetricsServiceConfig { + // The upstream gRPC cluster that hosts the metrics service. + envoy.api.v2.GrpcService grpc_service = 1 [(validate.rules).message.required = true]; +} diff --git a/api/stats.proto b/envoy/config/metrics/v2/stats.proto similarity index 84% rename from api/stats.proto rename to envoy/config/metrics/v2/stats.proto index d4377923..6e31fb42 100644 --- a/api/stats.proto +++ b/envoy/config/metrics/v2/stats.proto @@ -3,9 +3,10 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.config.metrics.v2; +option go_package = "metrics"; -import "api/address.proto"; +import "envoy/api/v2/address.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -17,13 +18,13 @@ message StatsSink { // The name of the stats sink to instantiate. The name must match a supported // stats sink. The built-in stats sinks are: // - // * :ref:`envoy.statsd ` - // * :ref:`envoy.dog_statsd ` - // * :ref:`envoy.metrics_service ` + // * :ref:`envoy.statsd ` + // * :ref:`envoy.dog_statsd ` + // * :ref:`envoy.metrics_service ` string name = 1; // Stats sink specific configuration which depends on the sink being - // instantiated. See :ref:`StatsdSink ` for an + // instantiated. See :ref:`StatsdSink ` for an // example. google.protobuf.Struct config = 2; } @@ -32,13 +33,13 @@ message StatsSink { message StatsConfig { // Each stat name is iteratively processed through these tag specifiers. // When a tag is matched, the first capture group is removed from the name so - // later :ref:`TagSpecifiers ` cannot match that + // later :ref:`TagSpecifiers ` cannot match that // same portion of the match. repeated TagSpecifier stats_tags = 1; // Use all default tag regexes specified in Envoy. These can be combined with // custom tags specified in :ref:`stats_tags - // `. They will be processed before + // `. They will be processed before // the custom tags. // // .. note:: @@ -64,9 +65,9 @@ message TagSpecifier { // portions of existing stats, which can be found in `well_known_names.h // `_ // in the Envoy repository. If a :ref:`tag_name - // ` is provided in the config and neither - // :ref:`regex ` or - // :ref:`fixed_value ` were specified, + // ` is provided in the config and + // neither :ref:`regex ` or + // :ref:`fixed_value ` were specified, // Envoy will attempt to find that name in its set of defaults and use the accompanying regex. // // .. note:: @@ -144,7 +145,7 @@ message StatsdSink { // The UDP address of a running `statsd `_ // compliant listener. If specified, statistics will be flushed to this // address. - Address address = 1; + envoy.api.v2.Address address = 1; // The name of a cluster that is running a TCP `statsd // `_ compliant listener. If specified, @@ -155,14 +156,15 @@ message StatsdSink { // Stats configuration proto schema for built-in *envoy.dog_statsd* sink. // The sink emits stats with `DogStatsD `_ -// compatible tags. Tags are configurable via :ref:`StatsConfig `. +// compatible tags. Tags are configurable via :ref:`StatsConfig +// `. message DogStatsdSink { oneof dog_statsd_specifier { option (validate.required) = true; // The UDP address of a running DogStatsD compliant listener. If specified, // statistics will be flushed to this address. - Address address = 1; + envoy.api.v2.Address address = 1; // The name of a cluster that is DogStatsD compliant TCP listener. If specified, // Envoy will connect to this cluster to flush statistics. diff --git a/envoy/config/ratelimit/v2/BUILD b/envoy/config/ratelimit/v2/BUILD new file mode 100644 index 00000000..0a7bafa3 --- /dev/null +++ b/envoy/config/ratelimit/v2/BUILD @@ -0,0 +1,19 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "rls", + srcs = ["rls.proto"], + deps = [ + "//envoy/api/v2:grpc_service", + ], +) + +api_go_grpc_library( + name = "rls", + proto = ":rls", + deps = [ + "//envoy/api/v2:grpc_service_go_proto", + ], +) diff --git a/envoy/config/ratelimit/v2/rls.proto b/envoy/config/ratelimit/v2/rls.proto new file mode 100644 index 00000000..5ecd3635 --- /dev/null +++ b/envoy/config/ratelimit/v2/rls.proto @@ -0,0 +1,30 @@ +syntax = "proto3"; + +package envoy.config.ratelimit.v2; +option go_package = "ratelimit"; + +import "envoy/api/v2/grpc_service.proto"; + +import "validate/validate.proto"; + +// [#protodoc-title: Rate limit service configuration] + +// Rate limit :ref:`configuration overview `. +message RateLimitServiceConfig { + oneof service_specifier { + option (validate.required) = true; + + // Specifies the cluster manager cluster name that hosts the rate limit + // service. The client will connect to this cluster when it needs to make + // rate limit service requests. This field is deprecated and `grpc_service` + // should be used instead. The :ref:`Envoy gRPC client + // ` will be used when this field is + // specified. + string cluster_name = 1 [(validate.rules).string.min_bytes = 1, deprecated = true]; + + // Specifies the gRPC service that hosts the rate limit service. The client + // will connect to this cluster when it needs to make rate limit service + // requests. + envoy.api.v2.GrpcService grpc_service = 2; + } +} diff --git a/envoy/config/trace/v2/BUILD b/envoy/config/trace/v2/BUILD new file mode 100644 index 00000000..08e36b14 --- /dev/null +++ b/envoy/config/trace/v2/BUILD @@ -0,0 +1,19 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "trace", + srcs = ["trace.proto"], + deps = [ + "//envoy/api/v2:grpc_service", + ], +) + +api_go_proto_library( + name = "trace", + proto = ":trace", + deps = [ + "//envoy/api/v2:grpc_service_go_proto", + ], +) diff --git a/api/trace.proto b/envoy/config/trace/v2/trace.proto similarity index 74% rename from api/trace.proto rename to envoy/config/trace/v2/trace.proto index a11c59c6..219d73b0 100644 --- a/api/trace.proto +++ b/envoy/config/trace/v2/trace.proto @@ -3,7 +3,10 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.config.trace.v2; +option go_package = "trace"; + +import "envoy/api/v2/grpc_service.proto"; import "google/protobuf/struct.proto"; @@ -11,8 +14,8 @@ import "validate/validate.proto"; // The tracing configuration specifies global // settings for the HTTP tracer used by Envoy. The configuration is defined by -// the :ref:`Bootstrap ` :ref:`tracing -// ` field. Envoy may support other tracers +// the :ref:`Bootstrap ` :ref:`tracing +// ` field. Envoy may support other tracers // in the future, but right now the HTTP tracer is the only one supported. message Tracing { message Http { @@ -23,9 +26,9 @@ message Tracing { // Trace driver specific configuration which depends on the driver being // instantiated. See the :ref:`LightstepConfig - // `, :ref:`ZipkinConfig - // `, and :ref:`DynamicOtConfig - // ` trace drivers for examples. + // `, :ref:`ZipkinConfig + // `, and :ref:`DynamicOtConfig + // ` trace drivers for examples. google.protobuf.Struct config = 2; } // Provides configuration for the HTTP tracer. @@ -45,7 +48,7 @@ message LightstepConfig { message ZipkinConfig { // The cluster manager cluster that hosts the Zipkin collectors. Note that the // Zipkin cluster must be defined in the :ref:`Bootstrap static cluster - // resources `. + // resources `. string collector_cluster = 1 [(validate.rules).string.min_bytes = 1]; // The API endpoint of the Zipkin service where the spans will be sent. When @@ -66,3 +69,9 @@ message DynamicOtConfig { // library. google.protobuf.Struct config = 2; } + +// Configuration structure. +message TraceServiceConfig { + // The upstream gRPC cluster that hosts the metrics service. + envoy.api.v2.GrpcService grpc_service = 1 [(validate.rules).message.required = true]; +} diff --git a/envoy/service/accesslog/v2/BUILD b/envoy/service/accesslog/v2/BUILD new file mode 100644 index 00000000..4d3ba6b5 --- /dev/null +++ b/envoy/service/accesslog/v2/BUILD @@ -0,0 +1,12 @@ +load("//bazel:api_build_system.bzl", "api_proto_library") + +api_proto_library( + name = "als", + srcs = ["als.proto"], + has_services = 1, + deps = [ + "//envoy/api/v2:base", + "//envoy/api/v2:grpc_service", + "//envoy/api/v2/filter/accesslog", + ], +) diff --git a/envoy/service/accesslog/v2/als.proto b/envoy/service/accesslog/v2/als.proto new file mode 100644 index 00000000..9efed409 --- /dev/null +++ b/envoy/service/accesslog/v2/als.proto @@ -0,0 +1,65 @@ +syntax = "proto3"; + +package envoy.service.accesslog.v2; +option go_package = "accesslog"; + +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/filter/accesslog/accesslog.proto"; + +import "validate/validate.proto"; + +// Service for streaming access logs from Envoy to an access log server. +service AccessLogService { + // Envoy will connect and send StreamAccessLogsMessage messages forever. It does not expect any + // response to be sent as nothing would be done in the case of failure. The server should + // disconnect if it expects Envoy to reconnect. In the future we may decide to add a different + // API for "critical" access logs in which Envoy will buffer access logs for some period of time + // until it gets an ACK so it could then retry. This API is designed for high throughput with the + // expectation that it might be lossy. + rpc StreamAccessLogs(stream StreamAccessLogsMessage) returns (StreamAccessLogsResponse) { + } +} + +// Empty response for the StreamAccessLogs API. Will never be sent. See below. +// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. +message StreamAccessLogsResponse { +} + +// [#proto-status: experimental] +// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. +// Stream message for the StreamAccessLogs API. Envoy will open a stream to the server and stream +// access logs without ever expecting a response. +message StreamAccessLogsMessage { + message Identifier { + // The node sending the access log messages over the stream. + envoy.api.v2.Node node = 1 [(validate.rules).message.required = true]; + + // The friendly name of the log configured in AccessLogServiceConfig. + string log_name = 2 [(validate.rules).string.min_bytes = 1]; + } + + // Identifier data that will only be sent in the first message on the stream. This is effectively + // structured metadata and is a performance optimization. + Identifier identifier = 1; + + // Wrapper for batches of HTTP access log entries. + message HTTPAccessLogEntries { + repeated envoy.api.v2.filter.accesslog.HTTPAccessLogEntry log_entry = 1 + [(validate.rules).repeated .min_items = 1]; + } + + // Wrapper for batches of TCP access log entries. + message TCPAccessLogEntries { + repeated envoy.api.v2.filter.accesslog.TCPAccessLogEntry log_entry = 1 + [(validate.rules).repeated .min_items = 1]; + } + + // Batches of log entries of a single type. Generally speaking, a given stream should only + // ever incude one type of log entry. + oneof log_entries { + option (validate.required) = true; + + HTTPAccessLogEntries http_logs = 2; + TCPAccessLogEntries tcp_logs = 3; + } +} diff --git a/api/auth/BUILD b/envoy/service/auth/v2/BUILD similarity index 50% rename from api/auth/BUILD rename to envoy/service/auth/v2/BUILD index 4c6a60e9..b5131d82 100644 --- a/api/auth/BUILD +++ b/envoy/service/auth/v2/BUILD @@ -1,14 +1,14 @@ -load("//bazel:api_build_system.bzl", "api_proto_library") +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library") licenses(["notice"]) # Apache 2 api_proto_library( - name = "auth", + name = "external_auth", srcs = [ "external_auth.proto", ], has_services = 1, deps = [ - "//api:address", + "//envoy/api/v2:address", ], ) diff --git a/api/auth/external_auth.proto b/envoy/service/auth/v2/external_auth.proto similarity index 98% rename from api/auth/external_auth.proto rename to envoy/service/auth/v2/external_auth.proto index 967fb849..0befab91 100644 --- a/api/auth/external_auth.proto +++ b/envoy/service/auth/v2/external_auth.proto @@ -2,12 +2,13 @@ syntax = "proto3"; // [#proto-status: draft] -package envoy.api.v2.auth; - +package envoy.service.auth.v2; option go_package = "auth"; -import "api/address.proto"; +import "envoy/api/v2/address.proto"; + import "google/protobuf/timestamp.proto"; + import "google/rpc/status.proto"; // A generic interface for performing authorization check on incoming @@ -42,7 +43,7 @@ message AttributeContext { message Peer { // The address of the peer, this is typically the IP address. // It can also be UDS path, or others. - Address address = 1; + envoy.api.v2.Address address = 1; // The canonical service name of the peer. // It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster diff --git a/envoy/service/discovery/BUILD b/envoy/service/discovery/BUILD new file mode 100644 index 00000000..606b2450 --- /dev/null +++ b/envoy/service/discovery/BUILD @@ -0,0 +1,13 @@ +proto_library( + name = "discovery", + visibility = ["//envoy:__pkg__"], + deps = [ + "//envoy/service/discovery/v2:ads", + "//envoy/service/discovery/v2:cds", + "//envoy/service/discovery/v2:common", + "//envoy/service/discovery/v2:eds", + "//envoy/service/discovery/v2:lds", + "//envoy/service/discovery/v2:rds", + "//envoy/service/discovery/v2:sds", + ], +) diff --git a/envoy/service/discovery/v2/BUILD b/envoy/service/discovery/v2/BUILD new file mode 100644 index 00000000..f911cc4b --- /dev/null +++ b/envoy/service/discovery/v2/BUILD @@ -0,0 +1,146 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "common", + srcs = ["common.proto"], + deps = ["//envoy/api/v2:base"], +) + +api_go_proto_library( + name = "common", + proto = ":common", + deps = ["//envoy/api/v2:base_go_proto"], +) + +api_proto_library( + name = "ads", + srcs = ["ads.proto"], + has_services = 1, + deps = [ + ":common", + ], +) + +api_go_grpc_library( + name = "ads", + proto = ":ads", + deps = [ + ":common_go_proto", + ], +) + +api_proto_library( + name = "eds", + srcs = ["eds.proto"], + has_services = 1, + deps = [ + ":common", + "//envoy/api/v2:address", + "//envoy/api/v2:base", + "//envoy/api/v2:health_check", + "//envoy/api/v2/endpoint", + ], +) + +api_go_grpc_library( + name = "eds", + proto = ":eds", + deps = [ + ":common_go_proto", + "//envoy/api/v2:address_go_proto", + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2:health_check_go_proto", + "//envoy/api/v2/endpoint:endpoint_go_proto", + ], +) + +api_proto_library( + name = "cds", + srcs = ["cds.proto"], + has_services = 1, + deps = [ + ":common", + ], +) + +api_go_grpc_library( + name = "cds", + proto = ":cds", + deps = [ + ":common_go_proto", + ], +) + +api_proto_library( + name = "lds", + srcs = ["lds.proto"], + has_services = 1, + deps = [ + ":common", + ], +) + +api_go_grpc_library( + name = "lds", + proto = ":lds", + deps = [ + ":common_go_proto", + ], +) + +api_proto_library( + name = "hds", + srcs = ["hds.proto"], + has_services = 1, + deps = [ + "//envoy/api/v2:base", + "//envoy/api/v2:health_check", + "//envoy/api/v2/endpoint", + ], +) + +api_go_grpc_library( + name = "hds", + proto = ":hds", + deps = [ + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2:health_check_go_proto", + "//envoy/api/v2/endpoint:endpoint_go_proto", + ], +) + +api_proto_library( + name = "rds", + srcs = ["rds.proto"], + has_services = 1, + deps = [ + ":common", + ], +) + +api_go_grpc_library( + name = "rds", + proto = ":rds", + deps = [ + ":common_go_proto", + ], +) + +api_proto_library( + name = "sds", + srcs = ["sds.proto"], + has_services = 1, + deps = [ + ":common", + ], +) + +api_go_grpc_library( + name = "sds", + proto = ":sds", + deps = [ + ":common_go_proto", + ], +) diff --git a/envoy/service/discovery/v2/ads.proto b/envoy/service/discovery/v2/ads.proto new file mode 100644 index 00000000..7c71182b --- /dev/null +++ b/envoy/service/discovery/v2/ads.proto @@ -0,0 +1,22 @@ +syntax = "proto3"; + +package envoy.service.discovery.v2; + +import "envoy/service/discovery/v2/common.proto"; + +// [#not-implemented-hide:] Not configuration. Workaround c++ protobuf issue with importing +// services: https://github.com/google/protobuf/issues/4221 +message AdsDummy { +} + +// See https://github.com/lyft/envoy-api#apis for a description of the role of +// ADS and how it is intended to be used by a management server. ADS requests +// have the same structure as their singleton xDS counterparts, but can +// multiplex many resource types on a single stream. The type_url in the +// DiscoveryRequest/DiscoveryResponse provides sufficient information to recover +// the multiplexed singleton APIs at the Envoy instance and management server. +service AggregatedDiscoveryService { + // This is a gRPC-only API. + rpc StreamAggregatedResources(stream DiscoveryRequest) returns (stream DiscoveryResponse) { + } +} diff --git a/envoy/service/discovery/v2/cds.proto b/envoy/service/discovery/v2/cds.proto new file mode 100644 index 00000000..9125d189 --- /dev/null +++ b/envoy/service/discovery/v2/cds.proto @@ -0,0 +1,25 @@ +syntax = "proto3"; + +package envoy.service.discovery.v2; + +import "envoy/service/discovery/v2/common.proto"; + +import "google/api/annotations.proto"; + +// [#not-implemented-hide:] Not configuration. Workaround c++ protobuf issue with importing +// services: https://github.com/google/protobuf/issues/4221 +message CdsDummy { +} + +// Return list of all clusters this proxy will load balance to. +service ClusterDiscoveryService { + rpc StreamClusters(stream DiscoveryRequest) returns (stream DiscoveryResponse) { + } + + rpc FetchClusters(DiscoveryRequest) returns (DiscoveryResponse) { + option (google.api.http) = { + post: "/v2/discovery:clusters" + body: "*" + }; + } +} diff --git a/api/discovery.proto b/envoy/service/discovery/v2/common.proto similarity index 84% rename from api/discovery.proto rename to envoy/service/discovery/v2/common.proto index eba088cf..9ab41e52 100644 --- a/api/discovery.proto +++ b/envoy/service/discovery/v2/common.proto @@ -1,25 +1,14 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.service.discovery.v2; +option go_package = "discovery"; -import "api/base.proto"; +import "envoy/api/v2/base.proto"; import "google/protobuf/any.proto"; // [#protodoc-title: Common discovery API components] -// See https://github.com/lyft/envoy-api#apis for a description of the role of -// ADS and how it is intended to be used by a management server. ADS requests -// have the same structure as their singleton xDS counterparts, but can -// multiplex many resource types on a single stream. The type_url in the -// DiscoveryRequest/DiscoveryResponse provides sufficient information to recover -// the multiplexed singleton APIs at the Envoy instance and management server. -service AggregatedDiscoveryService { - // This is a gRPC-only API. - rpc StreamAggregatedResources(stream DiscoveryRequest) returns (stream DiscoveryResponse) { - } -} - // A DiscoveryRequest requests a set of versioned resources of the same type for // a given Envoy node on some API. message DiscoveryRequest { @@ -33,7 +22,7 @@ message DiscoveryRequest { string version_info = 1; // The node making the request. - Node node = 2; + envoy.api.v2.Node node = 2; // List of resources to subscribe to, e.g. list of cluster names or a route // configuration name. If this is empty, all resources for the API are diff --git a/envoy/service/discovery/v2/eds.proto b/envoy/service/discovery/v2/eds.proto new file mode 100644 index 00000000..783036dc --- /dev/null +++ b/envoy/service/discovery/v2/eds.proto @@ -0,0 +1,63 @@ +syntax = "proto3"; + +package envoy.service.discovery.v2; + +import "envoy/service/discovery/v2/common.proto"; +import "envoy/api/v2/endpoint/endpoint.proto"; + +import "google/api/annotations.proto"; + +import "validate/validate.proto"; + +// [#protodoc-title: EDS] + +// [#not-implemented-hide:] Not configuration. Workaround c++ protobuf issue with importing +// services: https://github.com/google/protobuf/issues/4221 +message EdsDummy { +} + +service EndpointDiscoveryService { + // The resource_names field in DiscoveryRequest specifies a list of clusters + // to subscribe to updates for. + rpc StreamEndpoints(stream DiscoveryRequest) returns (stream DiscoveryResponse) { + } + + rpc FetchEndpoints(DiscoveryRequest) returns (DiscoveryResponse) { + option (google.api.http) = { + post: "/v2/discovery:endpoints" + body: "*" + }; + } +} + +// Each route from RDS will map to a single cluster or traffic split across +// clusters using weights expressed in the RDS WeightedCluster. +// +// With EDS, each cluster is treated independently from a LB perspective, with +// LB taking place between the Localities within a cluster and at a finer +// granularity between the hosts within a locality. For a given cluster, the +// effective weight of a host is its load_balancing_weight multiplied by the +// load_balancing_weight of its Locality. +message ClusterLoadAssignment { + // Name of the cluster. This will be the :ref:`service_name + // ` value if specified + // in the cluster :ref:`EdsClusterConfig + // `. + string cluster_name = 1 [(validate.rules).string.min_bytes = 1]; + + // List of endpoints to load balance to. + repeated envoy.api.v2.endpoint.LocalityLbEndpoints endpoints = 2; + + // Load balancing policy settings. + message Policy { + // Percentage of traffic (0-100) that should be dropped. This + // action allows protection of upstream hosts should they unable to + // recover from an outage or should they be unable to autoscale and hence + // overall incoming traffic volume need to be trimmed to protect them. + // [#v2-api-diff: This is known as maintenance mode in v1.] + double drop_overload = 1 [(validate.rules).double = {gte: 0, lte: 100}]; + } + + // Load balancing policy settings. + Policy policy = 4; +} diff --git a/api/hds.proto b/envoy/service/discovery/v2/hds.proto similarity index 88% rename from api/hds.proto rename to envoy/service/discovery/v2/hds.proto index a40d4157..957f8a47 100644 --- a/api/hds.proto +++ b/envoy/service/discovery/v2/hds.proto @@ -1,13 +1,19 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.service.discovery.v2; -import "api/base.proto"; -import "api/health_check.proto"; +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/health_check.proto"; +import "envoy/api/v2/endpoint/endpoint.proto"; import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; +// [#not-implemented-hide:] Not configuration. Workaround c++ protobuf issue with importing +// services: https://github.com/google/protobuf/issues/4221 +message HdsDummy { +} + // [#proto-status: experimental] // HDS is Health Discovery Service. It compliments Envoy’s health checking // service by designating this Envoy to be a healthchecker for a subset of hosts @@ -78,13 +84,13 @@ message Capability { } message HealthCheckRequest { - Node node = 1; + envoy.api.v2.Node node = 1; Capability capability = 2; } message EndpointHealth { - Endpoint endpoint = 1; - HealthStatus health_status = 2; + envoy.api.v2.endpoint.Endpoint endpoint = 1; + envoy.api.v2.HealthStatus health_status = 2; } message EndpointHealthResponse { @@ -99,8 +105,8 @@ message HealthCheckRequestOrEndpointHealthResponse { } message LocalityEndpoints { - Locality locality = 1; - repeated Endpoint endpoints = 2; + envoy.api.v2.Locality locality = 1; + repeated envoy.api.v2.endpoint.Endpoint endpoints = 2; } // The cluster name and locality is provided to Envoy for the endpoints that it @@ -109,7 +115,7 @@ message LocalityEndpoints { // same cluster structure as that provided by EDS. message ClusterHealthCheck { string cluster_name = 1; - repeated HealthCheck health_checks = 2; + repeated envoy.api.v2.HealthCheck health_checks = 2; repeated LocalityEndpoints endpoints = 3; } diff --git a/envoy/service/discovery/v2/lds.proto b/envoy/service/discovery/v2/lds.proto new file mode 100644 index 00000000..78712bd3 --- /dev/null +++ b/envoy/service/discovery/v2/lds.proto @@ -0,0 +1,28 @@ +syntax = "proto3"; + +package envoy.service.discovery.v2; + +import "envoy/service/discovery/v2/common.proto"; + +import "google/api/annotations.proto"; + +// [#not-implemented-hide:] Not configuration. Workaround c++ protobuf issue with importing +// services: https://github.com/google/protobuf/issues/4221 +message LdsDummy { +} + +// The Envoy instance initiates an RPC at startup to discover a list of +// listeners. Updates are delivered via streaming from the LDS server and +// consist of a complete update of all listeners. Existing connections will be +// allowed to drain from listeners that are no longer present. +service ListenerDiscoveryService { + rpc StreamListeners(stream DiscoveryRequest) returns (stream DiscoveryResponse) { + } + + rpc FetchListeners(DiscoveryRequest) returns (DiscoveryResponse) { + option (google.api.http) = { + post: "/v2/discovery:listeners" + body: "*" + }; + } +} diff --git a/envoy/service/discovery/v2/rds.proto b/envoy/service/discovery/v2/rds.proto new file mode 100644 index 00000000..6bdb8663 --- /dev/null +++ b/envoy/service/discovery/v2/rds.proto @@ -0,0 +1,29 @@ +syntax = "proto3"; + +package envoy.service.discovery.v2; + +import "envoy/service/discovery/v2/common.proto"; + +import "google/api/annotations.proto"; + +// [#not-implemented-hide:] Not configuration. Workaround c++ protobuf issue with importing +// services: https://github.com/google/protobuf/issues/4221 +message RdsDummy { +} + +// The resource_names field in DiscoveryRequest specifies a route configuration. +// This allows an Envoy configuration with multiple HTTP listeners (and +// associated HTTP connection manager filters) to use different route +// configurations. Each listener will bind its HTTP connection manager filter to +// a route table via this identifier. +service RouteDiscoveryService { + rpc StreamRoutes(stream DiscoveryRequest) returns (stream DiscoveryResponse) { + } + + rpc FetchRoutes(DiscoveryRequest) returns (DiscoveryResponse) { + option (google.api.http) = { + post: "/v2/discovery:routes" + body: "*" + }; + } +} diff --git a/envoy/service/discovery/v2/sds.proto b/envoy/service/discovery/v2/sds.proto new file mode 100644 index 00000000..e0dd7431 --- /dev/null +++ b/envoy/service/discovery/v2/sds.proto @@ -0,0 +1,24 @@ +syntax = "proto3"; + +package envoy.service.discovery.v2; + +import "envoy/service/discovery/v2/common.proto"; + +import "google/api/annotations.proto"; + +// [#not-implemented-hide:] Not configuration. Workaround c++ protobuf issue with importing +// services: https://github.com/google/protobuf/issues/4221 +message SdsDummy { +} + +service SecretDiscoveryService { + rpc StreamSecrets(stream DiscoveryRequest) returns (stream DiscoveryResponse) { + } + + rpc FetchSecrets(DiscoveryRequest) returns (DiscoveryResponse) { + option (google.api.http) = { + post: "/v2/discovery:secrets" + body: "*" + }; + } +} diff --git a/envoy/service/load_stats/BUILD b/envoy/service/load_stats/BUILD new file mode 100644 index 00000000..e9dc0a43 --- /dev/null +++ b/envoy/service/load_stats/BUILD @@ -0,0 +1,7 @@ +proto_library( + name = "load_stats", + visibility = ["//envoy:__pkg__"], + deps = [ + "//envoy/service/load_stats/v2:lrs", + ], +) diff --git a/envoy/service/load_stats/v2/BUILD b/envoy/service/load_stats/v2/BUILD new file mode 100644 index 00000000..318bbd5d --- /dev/null +++ b/envoy/service/load_stats/v2/BUILD @@ -0,0 +1,22 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "lrs", + srcs = ["lrs.proto"], + has_services = 1, + deps = [ + "//envoy/api/v2:base", + "//envoy/api/v2/endpoint:load_report", + ], +) + +api_go_grpc_library( + name = "lrs", + proto = ":lrs", + deps = [ + "//envoy/api/v2:base_go_proto", + "//envoy/api/v2/endpoint:load_report_go_proto", + ], +) diff --git a/envoy/service/load_stats/v2/lrs.proto b/envoy/service/load_stats/v2/lrs.proto new file mode 100644 index 00000000..e5d5ba3a --- /dev/null +++ b/envoy/service/load_stats/v2/lrs.proto @@ -0,0 +1,67 @@ +syntax = "proto3"; + +package envoy.service.load_stats.v2; +option go_package = "load_stats"; + +import "envoy/api/v2/base.proto"; +import "envoy/api/v2/endpoint/load_report.proto"; + +import "google/protobuf/duration.proto"; + +import "validate/validate.proto"; + +// [#protodoc-title: Load reporting service] + +service LoadReportingService { + // Advanced API to allow for multi-dimensional load balancing by remote + // server. For receiving LB assignments, the steps are: + // 1, The management server is configured with per cluster/zone/load metric + // capacity configuration. The capacity configuration definition is + // outside of the scope of this document. + // 2. Envoy issues a standard {Stream,Fetch}Endpoints request for the clusters + // to balance. + // + // Independently, Envoy will initiate a StreamLoadStats bidi stream with a + // management server: + // 1. Once a connection establishes, the management server publishes a + // LoadStatsResponse for all clusters it is interested in learning load + // stats about. + // 2. For each cluster, Envoy load balances incoming traffic to upstream hosts + // based on per-zone weights and/or per-instance weights (if specified) + // based on intra-zone LbPolicy. This information comes from the above + // {Stream,Fetch}Endpoints. + // 3. When upstream hosts reply, they optionally add header with ASCII representation of EndpointLoadMetricStats. + // 4. Envoy aggregates load reports over the period of time given to it in + // LoadStatsResponse.load_reporting_interval. This includes aggregation + // stats Envoy maintains by itself (total_requests, rpc_errors etc.) as + // well as load metrics from upstream hosts. + // 5. When the timer of load_reporting_interval expires, Envoy sends new + // LoadStatsRequest filled with load reports for each cluster. + // 6. The management server uses the load reports from all reported Envoys + // from around the world, computes global assignment and prepares traffic + // assignment destined for each zone Envoys are located in. Goto 2. + rpc StreamLoadStats(stream LoadStatsRequest) returns (stream LoadStatsResponse) { + } +} + +// A load report Envoy sends to the management server. +// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. +message LoadStatsRequest { + // Node identifier for Envoy instance. + envoy.api.v2.Node node = 1; + + // A list of load stats to report. + repeated envoy.api.v2.endpoint.ClusterStats cluster_stats = 2; +} + +// The management server sends envoy a LoadStatsResponse with all clusters it +// is interested in learning load stats about. +// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. +message LoadStatsResponse { + // Clusters to report stats for. + repeated string clusters = 1 [(validate.rules).repeated .min_items = 1]; + + // The interval of time to collect stats. The default is 10 seconds. + google.protobuf.Duration load_reporting_interval = 2; +} diff --git a/envoy/service/metrics/BUILD b/envoy/service/metrics/BUILD new file mode 100644 index 00000000..74ed8111 --- /dev/null +++ b/envoy/service/metrics/BUILD @@ -0,0 +1,7 @@ +proto_library( + name = "metrics", + visibility = ["//envoy:__pkg__"], + deps = [ + "//envoy/service/metrics/v2:metrics_service", + ], +) diff --git a/envoy/service/metrics/v2/BUILD b/envoy/service/metrics/v2/BUILD new file mode 100644 index 00000000..aac79fb1 --- /dev/null +++ b/envoy/service/metrics/v2/BUILD @@ -0,0 +1,15 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "metrics_service", + srcs = ["metrics_service.proto"], + has_services = 1, + require_py = 0, + deps = [ + "//envoy/api/v2:base", + "//envoy/api/v2:grpc_service", + "@promotheus_metrics_model//:client_model", + ], +) diff --git a/api/metrics_service.proto b/envoy/service/metrics/v2/metrics_service.proto similarity index 65% rename from api/metrics_service.proto rename to envoy/service/metrics/v2/metrics_service.proto index 0d82a076..c70af05d 100644 --- a/api/metrics_service.proto +++ b/envoy/service/metrics/v2/metrics_service.proto @@ -2,12 +2,10 @@ syntax = "proto3"; // [#proto-status: draft] -// [#protodoc-title: Metrics Service] +package envoy.service.metrics.v2; +option go_package = "metrics"; -package envoy.api.v2; - -import "api/base.proto"; -import "api/grpc_service.proto"; +import "envoy/api/v2/base.proto"; import "metrics.proto"; @@ -28,7 +26,7 @@ message StreamMetricsResponse { message StreamMetricsMessage { message Identifier { // The node sending metrics over the stream. - Node node = 1 [(validate.rules).message.required = true]; + envoy.api.v2.Node node = 1 [(validate.rules).message.required = true]; } // Identifier data effectively is a structured metadata. As a performance optimization this will @@ -38,10 +36,3 @@ message StreamMetricsMessage { // A list of metric entries repeated io.prometheus.client.MetricFamily envoy_metrics = 2; } - -// Metrics Service is configured as a built-in *envoy.metrics_service* :ref:`StatsSink -// `. This opaque configuration will be used to create Metrics Service. -message MetricsServiceConfig { - // The upstream gRPC cluster that hosts the metrics service. - GrpcService grpc_service = 1 [(validate.rules).message.required = true]; -} diff --git a/envoy/service/ratelimit/BUILD b/envoy/service/ratelimit/BUILD new file mode 100644 index 00000000..5948cff9 --- /dev/null +++ b/envoy/service/ratelimit/BUILD @@ -0,0 +1,7 @@ +proto_library( + name = "ratelimit", + visibility = ["//envoy:__pkg__"], + deps = [ + "//envoy/service/ratelimit/v2:rls", + ], +) diff --git a/envoy/service/ratelimit/v2/BUILD b/envoy/service/ratelimit/v2/BUILD new file mode 100644 index 00000000..1b6db360 --- /dev/null +++ b/envoy/service/ratelimit/v2/BUILD @@ -0,0 +1,22 @@ +load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_grpc_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "rls", + srcs = ["rls.proto"], + has_services = 1, + deps = [ + "//envoy/api/v2:grpc_service", + "//envoy/api/v2/ratelimit", + ], +) + +api_go_grpc_library( + name = "rls", + proto = ":rls", + deps = [ + "//envoy/api/v2:grpc_service_go_proto", + "//envoy/api/v2/ratelimit:ratelimit_go_proto", + ], +) diff --git a/api/rls.proto b/envoy/service/ratelimit/v2/rls.proto similarity index 56% rename from api/rls.proto rename to envoy/service/ratelimit/v2/rls.proto index 8f4f7908..4719087f 100644 --- a/api/rls.proto +++ b/envoy/service/ratelimit/v2/rls.proto @@ -1,10 +1,11 @@ syntax = "proto3"; -package envoy.api.v2; +package envoy.service.ratelimit.v2; +option go_package = "ratelimit"; -import "validate/validate.proto"; +import "envoy/api/v2/ratelimit/ratelimit.proto"; -// [#protodoc-title: Common rate limit components] +import "validate/validate.proto"; service RateLimitService { // Determine whether rate limiting should take place. @@ -28,67 +29,13 @@ message RateLimitRequest { // All rate limit requests must specify at least one RateLimitDescriptor. Each descriptor is // processed by the service (see below). If any of the descriptors are over limit, the entire // request is considered to be over limit. - repeated RateLimitDescriptor descriptors = 2; + repeated envoy.api.v2.ratelimit.RateLimitDescriptor descriptors = 2; // Rate limit requests can optionally specify the number of hits a request adds to the matched // limit. If the value is not set in the message, a request increases the matched limit by 1. uint32 hits_addend = 3; } -// A RateLimitDescriptor is a list of hierarchical entries that are used by the service to -// determine the final rate limit key and overall allowed limit. Here are some examples of how -// they might be used for the domain "envoy". -// -// .. code-block:: cpp -// -// ["authenticated": "false"], ["remote_address": "10.0.0.1"] -// -// What it does: Limits all unauthenticated traffic for the IP address 10.0.0.1. The -// configuration supplies a default limit for the *remote_address* key. If there is a desire to -// raise the limit for 10.0.0.1 or block it entirely it can be specified directly in the -// configuration. -// -// .. code-block:: cpp -// -// ["authenticated": "false"], ["path": "/foo/bar"] -// -// What it does: Limits all unauthenticated traffic globally for a specific path (or prefix if -// configured that way in the service). -// -// .. code-block:: cpp -// -// ["authenticated": "false"], ["path": "/foo/bar"], ["remote_address": "10.0.0.1"] -// -// What it does: Limits unauthenticated traffic to a specific path for a specific IP address. -// Like (1) we can raise/block specific IP addresses if we want with an override configuration. -// -// .. code-block:: cpp -// -// ["authenticated": "true"], ["client_id": "foo"] -// -// What it does: Limits all traffic for an authenticated client "foo" -// -// .. code-block:: cpp -// -// ["authenticated": "true"], ["client_id": "foo"], ["path": "/foo/bar"] -// -// What it does: Limits traffic to a specific path for an authenticated client "foo" -// -// The idea behind the API is that (1)/(2)/(3) and (4)/(5) can be sent in 1 request if desired. -// This enables building complex application scenarios with a generic backend. -message RateLimitDescriptor { - message Entry { - // Descriptor key. - string key = 1 [(validate.rules).string.min_bytes = 1]; - - // Descriptor value. - string value = 2 [(validate.rules).string.min_bytes = 1]; - } - - // Descriptor entries. - repeated Entry entries = 1 [(validate.rules).repeated .min_items = 1]; -} - // A response from a ShouldRateLimit call. // [#not-implemented-hide:] Hiding API for now. message RateLimitResponse { diff --git a/envoy/service/trace/v2/BUILD b/envoy/service/trace/v2/BUILD new file mode 100644 index 00000000..10b3de2f --- /dev/null +++ b/envoy/service/trace/v2/BUILD @@ -0,0 +1,14 @@ +load("//bazel:api_build_system.bzl", "api_proto_library") + +licenses(["notice"]) # Apache 2 + +api_proto_library( + name = "trace_service", + srcs = ["trace_service.proto"], + has_services = 1, + require_py = 0, + deps = [ + "//envoy/api/v2:base", + "@io_opencensus_trace//:trace_model", + ], +) diff --git a/api/trace_service.proto b/envoy/service/trace/v2/trace_service.proto similarity index 75% rename from api/trace_service.proto rename to envoy/service/trace/v2/trace_service.proto index 55fb9570..142afb7e 100644 --- a/api/trace_service.proto +++ b/envoy/service/trace/v2/trace_service.proto @@ -2,10 +2,10 @@ syntax = "proto3"; // [#proto-status: draft] -package envoy.api.v2; +package envoy.service.trace.v2; +option go_package = "trace"; -import "api/base.proto"; -import "api/grpc_service.proto"; +import "envoy/api/v2/base.proto"; import "trace.proto"; import "google/api/annotations.proto"; @@ -28,7 +28,7 @@ message StreamTracesResponse { message StreamTracesMessage { message Identifier { // The node sending the access log messages over the stream. - Node node = 1 [(validate.rules).message.required = true]; + envoy.api.v2.Node node = 1 [(validate.rules).message.required = true]; } // Identifier data effectively is a structured metadata. @@ -39,9 +39,3 @@ message StreamTracesMessage { // A list of Span entries repeated opencensus.proto.trace.Span spans = 2; } - -// Configuration structure. -message TraceServiceConfig { - // The upstream gRPC cluster that hosts the metrics service. - GrpcService grpc_service = 1 [(validate.rules).message.required = true]; -} diff --git a/test/build/BUILD b/test/build/BUILD index d214a2dc..987cd6e1 100644 --- a/test/build/BUILD +++ b/test/build/BUILD @@ -6,15 +6,15 @@ api_cc_test( name = "build_test", srcs = ["build_test.cc"], proto_deps = [ - "//api:cds", - "//api:discovery", - "//api:eds", - "//api:hds", - "//api:lds", - "//api:metrics", - "//api:rds", - "//api:rls", - "//api/filter/accesslog", + "//envoy/service/accesslog/v2:als", + "//envoy/service/discovery/v2:ads", + "//envoy/service/discovery/v2:cds", + "//envoy/service/discovery/v2:eds", + "//envoy/service/discovery/v2:hds", + "//envoy/service/discovery/v2:lds", + "//envoy/service/discovery/v2:rds", + "//envoy/service/metrics/v2:metrics_service", + "//envoy/service/ratelimit/v2:rls", ], ) @@ -24,14 +24,15 @@ api_go_test( srcs = ["go_build_test.go"], importpath = "go_build_test", deps = [ - "//api:bootstrap_go_proto", - "//api:cds_go_grpc", - "//api:discovery_go_grpc", - "//api:eds_go_grpc", - "//api:hds_go_grpc", - "//api:lds_go_grpc", - "//api:rds_go_grpc", - "//api:rls_go_grpc", - "//api:sds_go_grpc", + "//envoy/api/v2/auth:cert_go_proto", + "//envoy/config/bootstrap/v2:bootstrap_go_proto", + "//envoy/service/discovery/v2:ads_go_grpc", + "//envoy/service/discovery/v2:cds_go_grpc", + "//envoy/service/discovery/v2:eds_go_grpc", + "//envoy/service/discovery/v2:hds_go_grpc", + "//envoy/service/discovery/v2:lds_go_grpc", + "//envoy/service/discovery/v2:rds_go_grpc", + "//envoy/service/discovery/v2:sds_go_grpc", + "//envoy/service/ratelimit/v2:rls_go_grpc", ], ) diff --git a/test/build/build_test.cc b/test/build/build_test.cc index cc4ff80e..3e790a31 100644 --- a/test/build/build_test.cc +++ b/test/build/build_test.cc @@ -6,20 +6,20 @@ // Basic C++ build/link validation for the v2 xDS APIs. int main(int argc, char* argv[]) { const auto methods = { - "envoy.api.v2.filter.accesslog.AccessLogService.StreamAccessLogs", - "envoy.api.v2.AggregatedDiscoveryService.StreamAggregatedResources", - "envoy.api.v2.ClusterDiscoveryService.FetchClusters", - "envoy.api.v2.ClusterDiscoveryService.StreamClusters", - "envoy.api.v2.EndpointDiscoveryService.FetchEndpoints", - "envoy.api.v2.EndpointDiscoveryService.StreamEndpoints", - "envoy.api.v2.HealthDiscoveryService.FetchHealthCheck", - "envoy.api.v2.HealthDiscoveryService.StreamHealthCheck", - "envoy.api.v2.ListenerDiscoveryService.FetchListeners", - "envoy.api.v2.ListenerDiscoveryService.StreamListeners", - "envoy.api.v2.MetricsService.StreamMetrics", - "envoy.api.v2.RouteDiscoveryService.FetchRoutes", - "envoy.api.v2.RouteDiscoveryService.StreamRoutes", - "envoy.api.v2.RateLimitService.ShouldRateLimit", + "envoy.service.discovery.v2.AggregatedDiscoveryService.StreamAggregatedResources", + "envoy.service.discovery.v2.ClusterDiscoveryService.FetchClusters", + "envoy.service.discovery.v2.ClusterDiscoveryService.StreamClusters", + "envoy.service.discovery.v2.EndpointDiscoveryService.FetchEndpoints", + "envoy.service.discovery.v2.EndpointDiscoveryService.StreamEndpoints", + "envoy.service.discovery.v2.HealthDiscoveryService.FetchHealthCheck", + "envoy.service.discovery.v2.HealthDiscoveryService.StreamHealthCheck", + "envoy.service.discovery.v2.ListenerDiscoveryService.FetchListeners", + "envoy.service.discovery.v2.ListenerDiscoveryService.StreamListeners", + "envoy.service.discovery.v2.RouteDiscoveryService.FetchRoutes", + "envoy.service.discovery.v2.RouteDiscoveryService.StreamRoutes", + "envoy.service.accesslog.v2.AccessLogService.StreamAccessLogs", + "envoy.service.metrics.v2.MetricsService.StreamMetrics", + "envoy.service.ratelimit.v2.RateLimitService.ShouldRateLimit", }; for (const auto& method : methods) { diff --git a/test/build/go_build_test.go b/test/build/go_build_test.go index bd0daa7b..0b4b5ad3 100644 --- a/test/build/go_build_test.go +++ b/test/build/go_build_test.go @@ -1,18 +1,18 @@ package go_build_test import ( - "testing" - _ "github.com/envoyproxy/data-plane-api/api/bootstrap" - _ "github.com/envoyproxy/data-plane-api/api/discovery" - _ "github.com/envoyproxy/data-plane-api/api/cds" - _ "github.com/envoyproxy/data-plane-api/api/eds" - _ "github.com/envoyproxy/data-plane-api/api/hds" - _ "github.com/envoyproxy/data-plane-api/api/lds" - _ "github.com/envoyproxy/data-plane-api/api/rds" - _ "github.com/envoyproxy/data-plane-api/api/rls" - _ "github.com/envoyproxy/data-plane-api/api/sds" + "testing" + + _ "github.com/envoyproxy/data-plane-api/api/bootstrap" + _ "github.com/envoyproxy/data-plane-api/api/cds" + _ "github.com/envoyproxy/data-plane-api/api/eds" + _ "github.com/envoyproxy/data-plane-api/api/hds" + _ "github.com/envoyproxy/data-plane-api/api/lds" + _ "github.com/envoyproxy/data-plane-api/api/rds" + _ "github.com/envoyproxy/data-plane-api/api/rls" + _ "github.com/envoyproxy/data-plane-api/api/sds" ) func TestNoop(t *testing.T) { - // Noop test that verifies the successful importation of Envoy V2 API protos + // Noop test that verifies the successful importation of Envoy V2 API protos } diff --git a/test/validate/BUILD b/test/validate/BUILD index 501decf6..aabe6567 100644 --- a/test/validate/BUILD +++ b/test/validate/BUILD @@ -6,24 +6,24 @@ api_cc_test( name = "pgv_test", srcs = ["pgv_test.cc"], proto_deps = [ - "//api:bootstrap", - "//api:cds", - "//api:eds", - "//api:lds", - "//api:protocol", - "//api:rds", - "//api/filter/accesslog", - "//api/filter/http:buffer", - "//api/filter/http:fault", - "//api/filter/http:gzip", - "//api/filter/http:health_check", - "//api/filter/http:lua", - "//api/filter/http:router", - "//api/filter/http:squash", - "//api/filter/http:transcoder", - "//api/filter/network:http_connection_manager", - "//api/filter/network:mongo_proxy", - "//api/filter/network:redis_proxy", - "//api/filter/network:tcp_proxy", + "//envoy/api/v2:protocol", + "//envoy/api/v2/filter/accesslog", + "//envoy/api/v2/filter/http:buffer", + "//envoy/api/v2/filter/http:fault", + "//envoy/api/v2/filter/http:gzip", + "//envoy/api/v2/filter/http:health_check", + "//envoy/api/v2/filter/http:lua", + "//envoy/api/v2/filter/http:router", + "//envoy/api/v2/filter/http:squash", + "//envoy/api/v2/filter/http:transcoder", + "//envoy/api/v2/filter/network:http_connection_manager", + "//envoy/api/v2/filter/network:mongo_proxy", + "//envoy/api/v2/filter/network:redis_proxy", + "//envoy/api/v2/filter/network:tcp_proxy", + "//envoy/config/bootstrap/v2:bootstrap", + "//envoy/service/discovery/v2:cds", + "//envoy/service/discovery/v2:eds", + "//envoy/service/discovery/v2:lds", + "//envoy/service/discovery/v2:rds", ], ) diff --git a/test/validate/pgv_test.cc b/test/validate/pgv_test.cc index 1e7cc1c1..b7e383e6 100644 --- a/test/validate/pgv_test.cc +++ b/test/validate/pgv_test.cc @@ -3,26 +3,28 @@ // We don't use all the headers in the test below, but including them anyway as // a cheap way to get some C++ compiler sanity checking. -#include "api/bootstrap.pb.validate.h" -#include "api/protocol.pb.validate.h" -#include "api/cds.pb.validate.h" -#include "api/eds.pb.validate.h" -#include "api/lds.pb.validate.h" -#include "api/rds.pb.validate.h" -#include "api/rds.pb.validate.h" -#include "api/filter/accesslog/accesslog.pb.validate.h" -#include "api/filter/http/buffer.pb.validate.h" -#include "api/filter/http/fault.pb.validate.h" -#include "api/filter/http/health_check.pb.validate.h" -#include "api/filter/http/lua.pb.validate.h" -#include "api/filter/http/gzip.pb.validate.h" -#include "api/filter/http/router.pb.validate.h" -#include "api/filter/http/squash.pb.validate.h" -#include "api/filter/http/transcoder.pb.validate.h" -#include "api/filter/network/http_connection_manager.pb.validate.h" -#include "api/filter/network/mongo_proxy.pb.validate.h" -#include "api/filter/network/redis_proxy.pb.validate.h" -#include "api/filter/network/tcp_proxy.pb.validate.h" +#include "envoy/api/v2/protocol.pb.validate.h" +#include "envoy/api/v2/cluster/cluster.pb.validate.h" +#include "envoy/api/v2/filter/accesslog/accesslog.pb.validate.h" +#include "envoy/api/v2/filter/http/buffer.pb.validate.h" +#include "envoy/api/v2/filter/http/fault.pb.validate.h" +#include "envoy/api/v2/filter/http/health_check.pb.validate.h" +#include "envoy/api/v2/filter/http/gzip.pb.validate.h" +#include "envoy/api/v2/filter/http/lua.pb.validate.h" +#include "envoy/api/v2/filter/http/router.pb.validate.h" +#include "envoy/api/v2/filter/http/squash.pb.validate.h" +#include "envoy/api/v2/filter/http/transcoder.pb.validate.h" +#include "envoy/api/v2/filter/network/http_connection_manager.pb.validate.h" +#include "envoy/api/v2/filter/network/mongo_proxy.pb.validate.h" +#include "envoy/api/v2/filter/network/redis_proxy.pb.validate.h" +#include "envoy/api/v2/filter/network/tcp_proxy.pb.validate.h" +#include "envoy/api/v2/listener/listener.pb.validate.h" +#include "envoy/api/v2/route/route.pb.validate.h" +#include "envoy/config/bootstrap/v2/bootstrap.pb.validate.h" +#include "envoy/service/discovery/v2/cds.pb.validate.h" +#include "envoy/service/discovery/v2/eds.pb.validate.h" +#include "envoy/service/discovery/v2/lds.pb.validate.h" +#include "envoy/service/discovery/v2/rds.pb.validate.h" #include "google/protobuf/text_format.h" @@ -48,7 +50,7 @@ template struct TestCase { // Basic protoc-gen-validate C++ validation header inclusion and Validate calls // from data-plane-api. int main(int argc, char* argv[]) { - envoy::api::v2::Bootstrap invalid_bootstrap; + envoy::config::bootstrap::v2::Bootstrap invalid_bootstrap; // This is a baseline test of the validation features we care about. It's // probably not worth adding in every filter and field that we want to valid // in the API upfront, but as regressions occur, this is the place to add the @@ -61,12 +63,12 @@ int main(int argc, char* argv[]) { address {} } )EOF"; - envoy::api::v2::Bootstrap valid_bootstrap; + envoy::config::bootstrap::v2::Bootstrap valid_bootstrap; if (!google::protobuf::TextFormat::ParseFromString(valid_bootstrap_text, &valid_bootstrap)) { std::cerr << "Unable to parse text proto: " << valid_bootstrap_text << std::endl; exit(EXIT_FAILURE); } - TestCase{invalid_bootstrap, valid_bootstrap}.run(); + TestCase{invalid_bootstrap, valid_bootstrap}.run(); exit(EXIT_SUCCESS); } diff --git a/tools/BUILD b/tools/BUILD index 4f5c318f..0f3325a5 100644 --- a/tools/BUILD +++ b/tools/BUILD @@ -6,8 +6,8 @@ py_binary( licenses = ["notice"], # Apache 2 visibility = ["//visibility:public"], deps = [ - "//api:lds_py", - "//api/filter/network:http_connection_manager_py", + "//envoy/api/v2/filter/network:http_connection_manager_py", + "//envoy/api/v2/listener:listener_py", ], ) diff --git a/tools/generate_listeners.py b/tools/generate_listeners.py index 6e239355..f35cb776 100644 --- a/tools/generate_listeners.py +++ b/tools/generate_listeners.py @@ -16,8 +16,8 @@ from google.protobuf import json_format from google.protobuf import struct_pb2 from google.protobuf import text_format -from api import lds_pb2 -from api.filter.network import http_connection_manager_pb2 +from envoy.api.v2.listener import listener_pb2 +from envoy.api.v2.filter.network import http_connection_manager_pb2 # Convert an arbitrary proto object to its Struct proto representation. @@ -43,7 +43,7 @@ def ParseProto(path, filter_name): def GenerateListeners(listeners_pb_path, output_pb_path, output_json_path, fragments): - listener = lds_pb2.Listener() + listener = listener_pb2.Listener() with open(listeners_pb_path, 'r') as f: text_format.Merge(f.read(), listener) diff --git a/tools/protodoc/protodoc.py b/tools/protodoc/protodoc.py index 0c083f01..2ad03a7a 100755 --- a/tools/protodoc/protodoc.py +++ b/tools/protodoc/protodoc.py @@ -15,9 +15,12 @@ import re from google.protobuf.compiler import plugin_pb2 from validate import validate_pb2 -# Namespace prefix for Envoy APIs. +# Namespace prefix for Envoy core APIs. ENVOY_API_NAMESPACE_PREFIX = '.envoy.api.v2.' +# Namespace prefix for Envoy top-level APIs. +ENVOY_PREFIX = '.envoy.' + # Namespace prefix for WKTs. WKT_NAMESPACE_PREFIX = '.google.protobuf.' @@ -385,7 +388,7 @@ def FormatMessageAsJson(type_context, msg): def NormalizeFQN(fqn): """Normalize a fully qualified field type name. - Strips leading ENVOY_API_NAMESPACE_PREFIX and makes pretty wrapped type names. + Strips leading ENVOY_API_NAMESPACE_PREFIX and ENVOY_PREFIX and makes pretty wrapped type names. Args: fqn: a fully qualified type name from FieldDescriptorProto.type_name. @@ -394,6 +397,8 @@ def NormalizeFQN(fqn): """ if fqn.startswith(ENVOY_API_NAMESPACE_PREFIX): return fqn[len(ENVOY_API_NAMESPACE_PREFIX):] + if fqn.startswith(ENVOY_PREFIX): + return fqn[len(ENVOY_PREFIX):] return fqn @@ -414,7 +419,7 @@ def FormatFieldType(type_context, field): Return: RST formatted field type. """ - if field.type_name.startswith(ENVOY_API_NAMESPACE_PREFIX): + if field.type_name.startswith(ENVOY_API_NAMESPACE_PREFIX) or field.type_name.startswith(ENVOY_PREFIX): type_name = NormalizeFQN(field.type_name) if field.type == field.TYPE_MESSAGE: if type_context.map_typenames and type_name in type_context.map_typenames: