api: validation of API structure. (#9598)

This patch introduces a new checker, tools/api/validate_structure.py, that is run as part of the
bazel.api CI job. It ensures that the package layout for the API doesn't violate some constraints,
largely reflecting the heuristics we used for v3alpha migration.

Along the way, I discovered there were some packages that were versionless and not boosted to
v3alpha, and there were some extensions left behind in envoy.config. These are fixed as well to
allow the validation to succeed.

Risk level: Low
Testing: tools/api/validate_structure.py passes, bazel test //test/...

Fixes #9580

Signed-off-by: Harvey Tuch <htuch@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 29b30911dbfb3f9760efeb28238ceac36e1a1a23

BUILD

@@ -19,6 +19,7 @@ proto_library(
         "//envoy/api/v2/ratelimit:pkg",
         "//envoy/api/v2/route:pkg",
         "//envoy/config/accesslog/v2:pkg",
+        "//envoy/config/accesslog/v3alpha:pkg",
         "//envoy/config/bootstrap/v2:pkg",
         "//envoy/config/bootstrap/v3alpha:pkg",
         "//envoy/config/cluster/aggregate/v2alpha:pkg",
@@ -30,7 +31,6 @@ proto_library(
         "//envoy/config/core/v3alpha:pkg",
         "//envoy/config/endpoint/v3alpha:pkg",
         "//envoy/config/filter/accesslog/v2:pkg",
-        "//envoy/config/filter/accesslog/v3alpha:pkg",
         "//envoy/config/filter/dubbo/router/v2alpha1:pkg",
         "//envoy/config/filter/fault/v2:pkg",
         "//envoy/config/filter/http/adaptive_concurrency/v2alpha:pkg",
@@ -70,7 +70,6 @@ proto_library(
         "//envoy/config/filter/network/http_connection_manager/v2:pkg",
         "//envoy/config/filter/network/kafka_broker/v2alpha1:pkg",
         "//envoy/config/filter/network/local_rate_limit/v2alpha:pkg",
-        "//envoy/config/filter/network/local_rate_limit/v3alpha:pkg",
         "//envoy/config/filter/network/mongo_proxy/v2:pkg",
         "//envoy/config/filter/network/mysql_proxy/v1alpha1:pkg",
         "//envoy/config/filter/network/rate_limit/v2:pkg",
@@ -81,7 +80,6 @@ proto_library(
         "//envoy/config/filter/network/thrift_proxy/v2alpha1:pkg",
         "//envoy/config/filter/network/zookeeper_proxy/v1alpha1:pkg",
         "//envoy/config/filter/thrift/rate_limit/v2alpha1:pkg",
-        "//envoy/config/filter/thrift/rate_limit/v3alpha:pkg",
         "//envoy/config/filter/thrift/router/v2alpha1:pkg",
         "//envoy/config/filter/udp/udp_proxy/v2alpha:pkg",
         "//envoy/config/grpc_credential/v2alpha:pkg",
@@ -117,9 +115,11 @@ proto_library(
         "//envoy/data/core/v3alpha:pkg",
         "//envoy/data/tap/v2alpha:pkg",
         "//envoy/data/tap/v3alpha:pkg",
+        "//envoy/extensions/access_loggers/file/v3alpha:pkg",
         "//envoy/extensions/access_loggers/grpc/v3alpha:pkg",
         "//envoy/extensions/clusters/aggregate/v3alpha:pkg",
         "//envoy/extensions/clusters/dynamic_forward_proxy/v3alpha:pkg",
+        "//envoy/extensions/clusters/redis/v3alpha:pkg",
         "//envoy/extensions/common/dynamic_forward_proxy/v3alpha:pkg",
         "//envoy/extensions/common/ratelimit/v3alpha:pkg",
         "//envoy/extensions/common/tap/v3alpha:pkg",
@@ -161,6 +161,7 @@ proto_library(
         "//envoy/extensions/filters/network/ext_authz/v3alpha:pkg",
         "//envoy/extensions/filters/network/http_connection_manager/v3alpha:pkg",
         "//envoy/extensions/filters/network/kafka_broker/v3alpha:pkg",
+        "//envoy/extensions/filters/network/local_ratelimit/v3alpha:pkg",
         "//envoy/extensions/filters/network/mongo_proxy/v3alpha:pkg",
         "//envoy/extensions/filters/network/mysql_proxy/v3alpha:pkg",
         "//envoy/extensions/filters/network/ratelimit/v3alpha:pkg",
@@ -168,8 +169,10 @@ proto_library(
         "//envoy/extensions/filters/network/redis_proxy/v3alpha:pkg",
         "//envoy/extensions/filters/network/sni_cluster/v3alpha:pkg",
         "//envoy/extensions/filters/network/tcp_proxy/v3alpha:pkg",
+        "//envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3alpha:pkg",
         "//envoy/extensions/filters/network/thrift_proxy/v3alpha:pkg",
         "//envoy/extensions/filters/network/zookeeper_proxy/v3alpha:pkg",
+        "//envoy/extensions/retry/priority/previous_priorities/v3alpha:pkg",
         "//envoy/extensions/transport_sockets/alts/v3alpha:pkg",
         "//envoy/extensions/transport_sockets/raw_buffer/v3alpha:pkg",
         "//envoy/extensions/transport_sockets/tap/v3alpha:pkg",

envoy/config/accesslog/v2/file.proto

@@ -11,7 +11,7 @@ option java_package = "io.envoyproxy.envoy.config.accesslog.v2";
 option java_outer_classname = "FileProto";
 option java_multiple_files = true;
 option (udpa.annotations.file_migrate).move_to_package =
-    "envoy.extensions.access_loggers.grpc.v3alpha";
+    "envoy.extensions.access_loggers.file.v3alpha";
 
 // [#protodoc-title: File access log]
 // [#extension: envoy.access_loggers.file]

envoy/config/accesslog/v3alpha/accesslog.proto

@@ -1,6 +1,6 @@
 syntax = "proto3";
 
-package envoy.config.filter.accesslog.v3alpha;
+package envoy.config.accesslog.v3alpha;
 
 import "envoy/config/core/v3alpha/base.proto";
 import "envoy/config/route/v3alpha/route_components.proto";
@@ -13,7 +13,7 @@ import "udpa/annotations/versioning.proto";
 
 import "validate/validate.proto";
 
-option java_package = "io.envoyproxy.envoy.config.filter.accesslog.v3alpha";
+option java_package = "io.envoyproxy.envoy.config.accesslog.v3alpha";
 option java_outer_classname = "AccesslogProto";
 option java_multiple_files = true;
 
@@ -42,7 +42,7 @@ message AccessLog {
   // configurations include:
   //
   // #. "envoy.file_access_log": :ref:`FileAccessLog
-  //    <envoy_api_msg_extensions.access_loggers.grpc.v3alpha.FileAccessLog>`
+  //    <envoy_api_msg_extensions.access_loggers.file.v3alpha.FileAccessLog>`
   // #. "envoy.http_grpc_access_log": :ref:`HttpGrpcAccessLogConfig
   //    <envoy_api_msg_extensions.access_loggers.grpc.v3alpha.HttpGrpcAccessLogConfig>`
   // #. "envoy.tcp_grpc_access_log": :ref:`TcpGrpcAccessLogConfig
@@ -170,10 +170,10 @@ message RuntimeFilter {
   // missing, or *use_independent_randomness* is set to true, the filter will randomly sample based
   // on the runtime key value alone. *use_independent_randomness* can be used for logging kill
   // switches within complex nested :ref:`AndFilter
-  // <envoy_api_msg_config.filter.accesslog.v3alpha.AndFilter>` and :ref:`OrFilter
-  // <envoy_api_msg_config.filter.accesslog.v3alpha.OrFilter>` blocks that are easier to reason
-  // about from a probability perspective (i.e., setting to true will cause the filter to behave
-  // like an independent random variable when composed within logical operator filters).
+  // <envoy_api_msg_config.accesslog.v3alpha.AndFilter>` and :ref:`OrFilter
+  // <envoy_api_msg_config.accesslog.v3alpha.OrFilter>` blocks that are easier to reason about
+  // from a probability perspective (i.e., setting to true will cause the filter to behave like
+  // an independent random variable when composed within logical operator filters).
   bool use_independent_randomness = 3;
 }
 

envoy/config/filter/accesslog/v2/BUILD

@@ -9,5 +9,6 @@ api_proto_package(
         "//envoy/api/v2/core:pkg",
         "//envoy/api/v2/route:pkg",
         "//envoy/type:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],
 )

envoy/config/filter/accesslog/v2/accesslog.proto

@@ -9,11 +9,13 @@ import "envoy/type/percent.proto";
 import "google/protobuf/any.proto";
 import "google/protobuf/struct.proto";
 
+import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.filter.accesslog.v2";
 option java_outer_classname = "AccesslogProto";
 option java_multiple_files = true;
+option (udpa.annotations.file_migrate).move_to_package = "envoy.config.accesslog.v3alpha";
 
 // [#protodoc-title: Common access log types]
 

envoy/config/filter/network/local_rate_limit/v2alpha/BUILD

@@ -8,5 +8,6 @@ api_proto_package(
     deps = [
         "//envoy/api/v2/core:pkg",
         "//envoy/type:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],
 )

envoy/config/filter/network/local_rate_limit/v2alpha/local_rate_limit.proto

@@ -5,11 +5,14 @@ package envoy.config.filter.network.local_rate_limit.v2alpha;
 import "envoy/api/v2/core/base.proto";
 import "envoy/type/token_bucket.proto";
 
+import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.filter.network.local_rate_limit.v2alpha";
 option java_outer_classname = "LocalRateLimitProto";
 option java_multiple_files = true;
+option (udpa.annotations.file_migrate).move_to_package =
+    "envoy.extensions.filters.network.local_ratelimit.v3alpha";
 
 // [#protodoc-title: Local rate limit]
 // Local rate limit :ref:`configuration overview <config_network_filters_local_rate_limit>`.

envoy/config/filter/thrift/rate_limit/v2alpha1/BUILD

@@ -5,5 +5,8 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 
 api_proto_package(
-    deps = ["//envoy/config/ratelimit/v2:pkg"],
+    deps = [
+        "//envoy/config/ratelimit/v2:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
 )

envoy/config/filter/thrift/rate_limit/v2alpha1/rate_limit.proto

@@ -6,11 +6,14 @@ import "envoy/config/ratelimit/v2/rls.proto";
 
 import "google/protobuf/duration.proto";
 
+import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.filter.thrift.rate_limit.v2alpha1";
 option java_outer_classname = "RateLimitProto";
 option java_multiple_files = true;
+option (udpa.annotations.file_migrate).move_to_package =
+    "envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3alpha";
 
 // [#protodoc-title: Rate limit]
 // Rate limit :ref:`configuration overview <config_thrift_filters_rate_limit>`.

envoy/config/listener/v2/BUILD

@@ -4,4 +4,6 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 
 licenses(["notice"])  # Apache 2
 
-api_proto_package()
+api_proto_package(
+    deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"],
+)

envoy/config/listener/v2/api_listener.proto

@@ -4,9 +4,12 @@ package envoy.config.listener.v2;
 
 import "google/protobuf/any.proto";
 
+import "udpa/annotations/migrate.proto";
+
 option java_package = "io.envoyproxy.envoy.config.listener.v2";
 option java_outer_classname = "ApiListenerProto";
 option java_multiple_files = true;
+option (udpa.annotations.file_migrate).move_to_package = "envoy.config.listener.v3alpha";
 
 // [#not-implemented-hide:]
 // Describes a type of API listener, which is used in non-proxy clients. The type of API

envoy/config/listener/v3alpha/api_listener.proto

@@ -0,0 +1,29 @@
+syntax = "proto3";
+
+package envoy.config.listener.v3alpha;
+
+import "google/protobuf/any.proto";
+
+import "udpa/annotations/versioning.proto";
+
+option java_package = "io.envoyproxy.envoy.config.listener.v3alpha";
+option java_outer_classname = "ApiListenerProto";
+option java_multiple_files = true;
+
+// [#not-implemented-hide:]
+// Describes a type of API listener, which is used in non-proxy clients. The type of API
+// exposed to the non-proxy application depends on the type of API listener.
+message ApiListener {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.listener.v2.ApiListener";
+
+  // The type in this field determines the type of API listener. At present, the following
+  // types are supported:
+  //   envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager (HTTP)
+  // [#next-major-version: In the v3 API, replace this Any field with a oneof containing the
+  // specific config message for each type of API listener. We could not do this in v2 because
+  // it would have caused circular dependencies for go protos: lds.proto depends on this file,
+  // and http_connection_manager.proto depends on rds.proto, which is in the same directory as
+  // lds.proto, so lds.proto cannot depend on this file.]
+  google.protobuf.Any api_listener = 1;
+}

envoy/config/listener/v3alpha/listener.proto

@@ -4,7 +4,7 @@ package envoy.config.listener.v3alpha;
 
 import "envoy/config/core/v3alpha/address.proto";
 import "envoy/config/core/v3alpha/base.proto";
-import "envoy/config/listener/v2/api_listener.proto";
+import "envoy/config/listener/v3alpha/api_listener.proto";
 import "envoy/config/listener/v3alpha/listener_components.proto";
 import "envoy/config/listener/v3alpha/udp_listener_config.proto";
 
@@ -208,7 +208,7 @@ message Listener {
   // and the top-level Listener should essentially be a oneof that selects between the
   // socket listener and the various types of API listener. That way, a given Listener message
   // can structurally only contain the fields of the relevant type.]
-  v2.ApiListener api_listener = 19;
+  ApiListener api_listener = 19;
 
   // The listener's connection balancer configuration, currently only applicable to TCP listeners.
   // If no configuration is specified, Envoy will not attempt to balance active connections between

envoy/extensions/access_loggers/file/v3alpha/BUILD

@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/config/accesslog/v2:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)

envoy/extensions/access_loggers/file/v3alpha/file.proto

@@ -1,6 +1,6 @@
 syntax = "proto3";
 
-package envoy.extensions.access_loggers.grpc.v3alpha;
+package envoy.extensions.access_loggers.file.v3alpha;
 
 import "google/protobuf/struct.proto";
 
@@ -8,16 +8,16 @@ import "udpa/annotations/versioning.proto";
 
 import "validate/validate.proto";
 
-option java_package = "io.envoyproxy.envoy.extensions.access_loggers.grpc.v3alpha";
+option java_package = "io.envoyproxy.envoy.extensions.access_loggers.file.v3alpha";
 option java_outer_classname = "FileProto";
 option java_multiple_files = true;
 
 // [#protodoc-title: File access log]
 // [#extension: envoy.access_loggers.file]
 
-// Custom configuration for an :ref:`AccessLog
-// <envoy_api_msg_config.filter.accesslog.v3alpha.AccessLog>` that writes log entries directly to a
-// file. Configures the built-in *envoy.file_access_log* AccessLog.
+// Custom configuration for an :ref:`AccessLog <envoy_api_msg_config.accesslog.v3alpha.AccessLog>`
+// that writes log entries directly to a file. Configures the built-in *envoy.file_access_log*
+// AccessLog.
 message FileAccessLog {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.accesslog.v2.FileAccessLog";

envoy/extensions/access_loggers/grpc/v3alpha/als.proto

@@ -18,8 +18,8 @@ option java_multiple_files = true;
 // [#protodoc-title: gRPC Access Log Service (ALS)]
 
 // Configuration for the built-in *envoy.http_grpc_access_log*
-// :ref:`AccessLog <envoy_api_msg_config.filter.accesslog.v3alpha.AccessLog>`. This configuration
-// will populate :ref:`StreamAccessLogsMessage.http_logs
+// :ref:`AccessLog <envoy_api_msg_config.accesslog.v3alpha.AccessLog>`. This configuration will
+// populate :ref:`StreamAccessLogsMessage.http_logs
 // <envoy_api_field_service.accesslog.v3alpha.StreamAccessLogsMessage.http_logs>`.
 // [#extension: envoy.access_loggers.http_grpc]
 message HttpGrpcAccessLogConfig {

envoy/extensions/clusters/redis/v3alpha/BUILD

@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/config/cluster/redis:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)

envoy/extensions/clusters/redis/v3alpha/redis_cluster.proto

@@ -0,0 +1,84 @@
+syntax = "proto3";
+
+package envoy.extensions.clusters.redis.v3alpha;
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/wrappers.proto";
+
+import "udpa/annotations/versioning.proto";
+
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.clusters.redis.v3alpha";
+option java_outer_classname = "RedisClusterProto";
+option java_multiple_files = true;
+
+// [#protodoc-title: Redis Cluster Configuration]
+// This cluster adds support for `Redis Cluster <https://redis.io/topics/cluster-spec>`_, as part
+// of :ref:`Envoy's support for Redis Cluster <arch_overview_redis>`.
+//
+// Redis Cluster is an extension of Redis which supports sharding and high availability (where a
+// shard that loses its master fails over to a replica, and designates it as the new master).
+// However, as there is no unified frontend or proxy service in front of Redis Cluster, the client
+// (in this case Envoy) must locally maintain the state of the Redis Cluster, specifically the
+// topology. A random node in the cluster is queried for the topology using the `CLUSTER SLOTS
+// command <https://redis.io/commands/cluster-slots>`_. This result is then stored locally, and
+// updated at user-configured intervals.
+//
+// Additionally, if
+// :ref:`enable_redirection<envoy_api_field_extensions.filters.network.redis_proxy.v3alpha.RedisProxy.ConnPoolSettings.enable_redirection>`
+// is true, then moved and ask redirection errors from upstream servers will trigger a topology
+// refresh when they exceed a user-configured error threshold.
+//
+// Example:
+//
+// .. code-block:: yaml
+//
+//     name: name
+//     connect_timeout: 0.25s
+//     dns_lookup_family: V4_ONLY
+//     hosts:
+//     - socket_address:
+//       address: foo.bar.com
+//       port_value: 22120
+//     cluster_type:
+//     name: envoy.clusters.redis
+//     typed_config:
+//       "@type": type.googleapis.com/google.protobuf.Struct
+//       value:
+//         cluster_refresh_rate: 30s
+//         cluster_refresh_timeout: 0.5s
+//         redirect_refresh_interval: 10s
+//         redirect_refresh_threshold: 10
+// [#extension: envoy.clusters.redis]
+
+// [#next-free-field: 7]
+message RedisClusterConfig {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.cluster.redis.RedisClusterConfig";
+
+  // Interval between successive topology refresh requests. If not set, this defaults to 5s.
+  google.protobuf.Duration cluster_refresh_rate = 1 [(validate.rules).duration = {gt {}}];
+
+  // Timeout for topology refresh request. If not set, this defaults to 3s.
+  google.protobuf.Duration cluster_refresh_timeout = 2 [(validate.rules).duration = {gt {}}];
+
+  // The minimum interval that must pass after triggering a topology refresh request before a new
+  // request can possibly be triggered again. Any errors received during one of these
+  // time intervals are ignored. If not set, this defaults to 5s.
+  google.protobuf.Duration redirect_refresh_interval = 3;
+
+  // The number of redirection errors that must be received before
+  // triggering a topology refresh request. If not set, this defaults to 5.
+  // If this is set to 0, topology refresh after redirect is disabled.
+  google.protobuf.UInt32Value redirect_refresh_threshold = 4;
+
+  // The number of failures that must be received before triggering a topology refresh request.
+  // If not set, this defaults to 0, which disables the topology refresh due to failure.
+  uint32 failure_refresh_threshold = 5;
+
+  // The number of hosts became degraded or unhealthy before triggering a topology refresh request.
+  // If not set, this defaults to 0, which disables the topology refresh due to degraded or
+  // unhealthy host.
+  uint32 host_degraded_refresh_threshold = 6;
+}

envoy/extensions/filters/http/router/v3alpha/BUILD

@@ -6,7 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
-        "//envoy/config/filter/accesslog/v3alpha:pkg",
+        "//envoy/config/accesslog/v3alpha:pkg",
         "//envoy/config/filter/http/router/v2:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],

envoy/extensions/filters/http/router/v3alpha/router.proto

@@ -2,7 +2,7 @@ syntax = "proto3";
 
 package envoy.extensions.filters.http.router.v3alpha;
 
-import "envoy/config/filter/accesslog/v3alpha/accesslog.proto";
+import "envoy/config/accesslog/v3alpha/accesslog.proto";
 
 import "google/protobuf/wrappers.proto";
 
@@ -37,7 +37,7 @@ message Router {
   // are configured in the same way as access logs, but each log entry represents
   // an upstream request. Presuming retries are configured, multiple upstream
   // requests may be made for each downstream (inbound) request.
-  repeated config.filter.accesslog.v3alpha.AccessLog upstream_log = 3;
+  repeated config.accesslog.v3alpha.AccessLog upstream_log = 3;
 
   // Do not add any additional *x-envoy-* headers to requests or responses. This
   // only affects the :ref:`router filter generated *x-envoy-* headers

envoy/extensions/filters/network/http_connection_manager/v3alpha/BUILD

@@ -6,8 +6,8 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/config/accesslog/v3alpha:pkg",
         "//envoy/config/core/v3alpha:pkg",
-        "//envoy/config/filter/accesslog/v3alpha:pkg",
         "//envoy/config/filter/network/http_connection_manager/v2:pkg",
         "//envoy/config/route/v3alpha:pkg",
         "//envoy/type/tracing/v2:pkg",

envoy/extensions/filters/network/http_connection_manager/v3alpha/http_connection_manager.proto

@@ -2,9 +2,9 @@ syntax = "proto3";
 
 package envoy.extensions.filters.network.http_connection_manager.v3alpha;
 
+import "envoy/config/accesslog/v3alpha/accesslog.proto";
 import "envoy/config/core/v3alpha/config_source.proto";
 import "envoy/config/core/v3alpha/protocol.proto";
-import "envoy/config/filter/accesslog/v3alpha/accesslog.proto";
 import "envoy/config/route/v3alpha/route.proto";
 import "envoy/config/route/v3alpha/scoped_route.proto";
 import "envoy/type/tracing/v2/custom_tag.proto";
@@ -368,7 +368,7 @@ message HttpConnectionManager {
 
   // Configuration for :ref:`HTTP access logs <arch_overview_access_logs>`
   // emitted by the connection manager.
-  repeated config.filter.accesslog.v3alpha.AccessLog access_log = 13;
+  repeated config.accesslog.v3alpha.AccessLog access_log = 13;
 
   // If set to true, the connection manager will use the real remote address
   // of the client connection when determining internal versus external origin and manipulating

envoy/extensions/filters/network/local_ratelimit/v3alpha/local_rate_limit.proto

@@ -1,6 +1,6 @@
 syntax = "proto3";
 
-package envoy.config.filter.network.local_rate_limit.v3alpha;
+package envoy.extensions.filters.network.local_ratelimit.v3alpha;
 
 import "envoy/config/core/v3alpha/base.proto";
 import "envoy/type/v3alpha/token_bucket.proto";
@@ -9,7 +9,7 @@ import "udpa/annotations/versioning.proto";
 
 import "validate/validate.proto";
 
-option java_package = "io.envoyproxy.envoy.config.filter.network.local_rate_limit.v3alpha";
+option java_package = "io.envoyproxy.envoy.extensions.filters.network.local_ratelimit.v3alpha";
 option java_outer_classname = "LocalRateLimitProto";
 option java_multiple_files = true;
 
@@ -41,5 +41,5 @@ message LocalRateLimit {
 
   // Runtime flag that controls whether the filter is enabled or not. If not specified, defaults
   // to enabled.
-  core.v3alpha.RuntimeFeatureFlag runtime_enabled = 3;
+  config.core.v3alpha.RuntimeFeatureFlag runtime_enabled = 3;
 }

envoy/extensions/filters/network/tcp_proxy/v3alpha/BUILD

@@ -6,8 +6,8 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/config/accesslog/v3alpha:pkg",
         "//envoy/config/core/v3alpha:pkg",
-        "//envoy/config/filter/accesslog/v3alpha:pkg",
         "//envoy/config/filter/network/tcp_proxy/v2:pkg",
         "//envoy/type/v3alpha:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",

envoy/extensions/filters/network/tcp_proxy/v3alpha/tcp_proxy.proto

@@ -2,9 +2,9 @@ syntax = "proto3";
 
 package envoy.extensions.filters.network.tcp_proxy.v3alpha;
 
+import "envoy/config/accesslog/v3alpha/accesslog.proto";
 import "envoy/config/core/v3alpha/address.proto";
 import "envoy/config/core/v3alpha/base.proto";
-import "envoy/config/filter/accesslog/v3alpha/accesslog.proto";
 import "envoy/type/v3alpha/hash_policy.proto";
 
 import "google/protobuf/duration.proto";
@@ -107,7 +107,7 @@ message TcpProxy {
 
   // Configuration for :ref:`access logs <arch_overview_access_logs>`
   // emitted by the this tcp_proxy.
-  repeated config.filter.accesslog.v3alpha.AccessLog access_log = 5;
+  repeated config.accesslog.v3alpha.AccessLog access_log = 5;
 
   // The maximum number of unsuccessful connection attempts that will be made before
   // giving up. If the parameter is not specified, 1 connection attempt will be made.

envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3alpha/rate_limit.proto

@@ -1,6 +1,6 @@
 syntax = "proto3";
 
-package envoy.config.filter.thrift.rate_limit.v3alpha;
+package envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3alpha;
 
 import "envoy/config/ratelimit/v3alpha/rls.proto";
 
@@ -10,7 +10,7 @@ import "udpa/annotations/versioning.proto";
 
 import "validate/validate.proto";
 
-option java_package = "io.envoyproxy.envoy.config.filter.thrift.rate_limit.v3alpha";
+option java_package = "io.envoyproxy.envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3alpha";
 option java_outer_classname = "RateLimitProto";
 option java_multiple_files = true;
 
@@ -50,6 +50,6 @@ message RateLimit {
   // Configuration for an external rate limit service provider. If not
   // specified, any calls to the rate limit service will immediately return
   // success.
-  ratelimit.v3alpha.RateLimitServiceConfig rate_limit_service = 5
+  config.ratelimit.v3alpha.RateLimitServiceConfig rate_limit_service = 5
       [(validate.rules).message = {required: true}];
 }

envoy/extensions/retry/priority/previous_priorities/v3alpha/BUILD

@@ -0,0 +1,12 @@
+# DO NOT EDIT. This file is generated by tools/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/config/retry/previous_priorities:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)

envoy/extensions/retry/priority/previous_priorities/v3alpha/previous_priorities_config.proto

@@ -0,0 +1,54 @@
+syntax = "proto3";
+
+package envoy.extensions.retry.priority.previous_priorities.v3alpha;
+
+import "udpa/annotations/versioning.proto";
+
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.retry.priority.previous_priorities.v3alpha";
+option java_outer_classname = "PreviousPrioritiesConfigProto";
+option java_multiple_files = true;
+
+// A retry host selector that attempts to spread retries between priorities, even if certain
+// priorities would not normally be attempted due to higher priorities being available.
+//
+// As priorities get excluded, load will be distributed amongst the remaining healthy priorities
+// based on the relative health of the priorities, matching how load is distributed during regular
+// host selection. For example, given priority healths of {100, 50, 50}, the original load will be
+// {100, 0, 0} (since P0 has capacity to handle 100% of the traffic). If P0 is excluded, the load
+// changes to {0, 50, 50}, because P1 is only able to handle 50% of the traffic, causing the
+// remaining to spill over to P2.
+//
+// Each priority attempted will be excluded until there are no healthy priorities left, at which
+// point the list of attempted priorities will be reset, essentially starting from the beginning.
+// For example, given three priorities P0, P1, P2 with healthy % of 100, 0 and 50 respectively, the
+// following sequence of priorities would be selected (assuming update_frequency = 1):
+// Attempt 1: P0 (P0 is 100% healthy)
+// Attempt 2: P2 (P0 already attempted, P2 only healthy priority)
+// Attempt 3: P0 (no healthy priorities, reset)
+// Attempt 4: P2
+//
+// In the case of all upstream hosts being unhealthy, no adjustments will be made to the original
+// priority load, so behavior should be identical to not using this plugin.
+//
+// Using this PriorityFilter requires rebuilding the priority load, which runs in O(# of
+// priorities), which might incur significant overhead for clusters with many priorities.
+// [#extension: envoy.retry_priorities.previous_priorities]
+message PreviousPrioritiesConfig {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.retry.previous_priorities.PreviousPrioritiesConfig";
+
+  // How often the priority load should be updated based on previously attempted priorities. Useful
+  // to allow each priorities to receive more than one request before being excluded or to reduce
+  // the number of times that the priority load has to be recomputed.
+  //
+  // For example, by setting this to 2, then the first two attempts (initial attempt and first
+  // retry) will use the unmodified priority load. The third and fourth attempt will use priority
+  // load which excludes the priorities routed to with the first two attempts, and the fifth and
+  // sixth attempt will use the priority load excluding the priorities used for the first four
+  // attempts.
+  //
+  // Must be greater than 0.
+  int32 update_frequency = 1 [(validate.rules).int32 = {gt: 0}];
+}