You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
310 lines
14 KiB
310 lines
14 KiB
syntax = "proto3"; |
|
|
|
package envoy.config.tap.v3; |
|
|
|
import "envoy/config/common/matcher/v3/matcher.proto"; |
|
import "envoy/config/core/v3/base.proto"; |
|
import "envoy/config/core/v3/grpc_service.proto"; |
|
import "envoy/config/route/v3/route_components.proto"; |
|
|
|
import "google/protobuf/duration.proto"; |
|
import "google/protobuf/wrappers.proto"; |
|
|
|
import "envoy/annotations/deprecation.proto"; |
|
import "udpa/annotations/status.proto"; |
|
import "udpa/annotations/versioning.proto"; |
|
import "validate/validate.proto"; |
|
|
|
option java_package = "io.envoyproxy.envoy.config.tap.v3"; |
|
option java_outer_classname = "CommonProto"; |
|
option java_multiple_files = true; |
|
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/tap/v3;tapv3"; |
|
option (udpa.annotations.file_status).package_version_status = ACTIVE; |
|
|
|
// [#protodoc-title: Common tap configuration] |
|
|
|
// Tap configuration. |
|
message TapConfig { |
|
// [#comment:TODO(mattklein123): Rate limiting] |
|
|
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.TapConfig"; |
|
|
|
// The match configuration. If the configuration matches the data source being tapped, a tap will |
|
// occur, with the result written to the configured output. |
|
// Exactly one of :ref:`match <envoy_v3_api_field_config.tap.v3.TapConfig.match>` and |
|
// :ref:`match_config <envoy_v3_api_field_config.tap.v3.TapConfig.match_config>` must be set. If both |
|
// are set, the :ref:`match <envoy_v3_api_field_config.tap.v3.TapConfig.match>` will be used. |
|
MatchPredicate match_config = 1 |
|
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; |
|
|
|
// The match configuration. If the configuration matches the data source being tapped, a tap will |
|
// occur, with the result written to the configured output. |
|
// Exactly one of :ref:`match <envoy_v3_api_field_config.tap.v3.TapConfig.match>` and |
|
// :ref:`match_config <envoy_v3_api_field_config.tap.v3.TapConfig.match_config>` must be set. If both |
|
// are set, the :ref:`match <envoy_v3_api_field_config.tap.v3.TapConfig.match>` will be used. |
|
common.matcher.v3.MatchPredicate match = 4; |
|
|
|
// The tap output configuration. If a match configuration matches a data source being tapped, |
|
// a tap will occur and the data will be written to the configured output. |
|
OutputConfig output_config = 2 [(validate.rules).message = {required: true}]; |
|
|
|
// [#not-implemented-hide:] Specify if Tap matching is enabled. The % of requests\connections for |
|
// which the tap matching is enabled. When not enabled, the request\connection will not be |
|
// recorded. |
|
// |
|
// .. note:: |
|
// |
|
// This field defaults to 100/:ref:`HUNDRED |
|
// <envoy_v3_api_enum_type.v3.FractionalPercent.DenominatorType>`. |
|
core.v3.RuntimeFractionalPercent tap_enabled = 3; |
|
} |
|
|
|
// Tap match configuration. This is a recursive structure which allows complex nested match |
|
// configurations to be built using various logical operators. |
|
// [#next-free-field: 11] |
|
message MatchPredicate { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.MatchPredicate"; |
|
|
|
// A set of match configurations used for logical operations. |
|
message MatchSet { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.MatchPredicate.MatchSet"; |
|
|
|
// The list of rules that make up the set. |
|
repeated MatchPredicate rules = 1 [(validate.rules).repeated = {min_items: 2}]; |
|
} |
|
|
|
oneof rule { |
|
option (validate.required) = true; |
|
|
|
// A set that describes a logical OR. If any member of the set matches, the match configuration |
|
// matches. |
|
MatchSet or_match = 1; |
|
|
|
// A set that describes a logical AND. If all members of the set match, the match configuration |
|
// matches. |
|
MatchSet and_match = 2; |
|
|
|
// A negation match. The match configuration will match if the negated match condition matches. |
|
MatchPredicate not_match = 3; |
|
|
|
// The match configuration will always match. |
|
bool any_match = 4 [(validate.rules).bool = {const: true}]; |
|
|
|
// HTTP request headers match configuration. |
|
HttpHeadersMatch http_request_headers_match = 5; |
|
|
|
// HTTP request trailers match configuration. |
|
HttpHeadersMatch http_request_trailers_match = 6; |
|
|
|
// HTTP response headers match configuration. |
|
HttpHeadersMatch http_response_headers_match = 7; |
|
|
|
// HTTP response trailers match configuration. |
|
HttpHeadersMatch http_response_trailers_match = 8; |
|
|
|
// HTTP request generic body match configuration. |
|
HttpGenericBodyMatch http_request_generic_body_match = 9; |
|
|
|
// HTTP response generic body match configuration. |
|
HttpGenericBodyMatch http_response_generic_body_match = 10; |
|
} |
|
} |
|
|
|
// HTTP headers match configuration. |
|
message HttpHeadersMatch { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.HttpHeadersMatch"; |
|
|
|
// HTTP headers to match. |
|
repeated route.v3.HeaderMatcher headers = 1; |
|
} |
|
|
|
// HTTP generic body match configuration. |
|
// List of text strings and hex strings to be located in HTTP body. |
|
// All specified strings must be found in the HTTP body for positive match. |
|
// The search may be limited to specified number of bytes from the body start. |
|
// |
|
// .. attention:: |
|
// |
|
// Searching for patterns in HTTP body is potentially cpu intensive. For each specified pattern, http body is scanned byte by byte to find a match. |
|
// If multiple patterns are specified, the process is repeated for each pattern. If location of a pattern is known, ``bytes_limit`` should be specified |
|
// to scan only part of the http body. |
|
message HttpGenericBodyMatch { |
|
message GenericTextMatch { |
|
oneof rule { |
|
option (validate.required) = true; |
|
|
|
// Text string to be located in HTTP body. |
|
string string_match = 1 [(validate.rules).string = {min_len: 1}]; |
|
|
|
// Sequence of bytes to be located in HTTP body. |
|
bytes binary_match = 2 [(validate.rules).bytes = {min_len: 1}]; |
|
} |
|
} |
|
|
|
// Limits search to specified number of bytes - default zero (no limit - match entire captured buffer). |
|
uint32 bytes_limit = 1; |
|
|
|
// List of patterns to match. |
|
repeated GenericTextMatch patterns = 2 [(validate.rules).repeated = {min_items: 1}]; |
|
} |
|
|
|
// Tap output configuration. |
|
message OutputConfig { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.OutputConfig"; |
|
|
|
// Output sinks for tap data. Currently a single sink is allowed in the list. Once multiple |
|
// sink types are supported this constraint will be relaxed. |
|
repeated OutputSink sinks = 1 [(validate.rules).repeated = {min_items: 1 max_items: 1}]; |
|
|
|
// For buffered tapping, the maximum amount of received body that will be buffered prior to |
|
// truncation. If truncation occurs, the :ref:`truncated |
|
// <envoy_v3_api_field_data.tap.v3.Body.truncated>` field will be set. If not specified, the |
|
// default is 1KiB. |
|
google.protobuf.UInt32Value max_buffered_rx_bytes = 2; |
|
|
|
// For buffered tapping, the maximum amount of transmitted body that will be buffered prior to |
|
// truncation. If truncation occurs, the :ref:`truncated |
|
// <envoy_v3_api_field_data.tap.v3.Body.truncated>` field will be set. If not specified, the |
|
// default is 1KiB. |
|
google.protobuf.UInt32Value max_buffered_tx_bytes = 3; |
|
|
|
// Indicates whether taps produce a single buffered message per tap, or multiple streamed |
|
// messages per tap in the emitted :ref:`TraceWrapper |
|
// <envoy_v3_api_msg_data.tap.v3.TraceWrapper>` messages. Note that streamed tapping does not |
|
// mean that no buffering takes place. Buffering may be required if data is processed before a |
|
// match can be determined. See the HTTP tap filter :ref:`streaming |
|
// <config_http_filters_tap_streaming>` documentation for more information. |
|
bool streaming = 4; |
|
} |
|
|
|
// Tap output sink configuration. |
|
// [#next-free-field: 6] |
|
message OutputSink { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.OutputSink"; |
|
|
|
// Output format. All output is in the form of one or more :ref:`TraceWrapper |
|
// <envoy_v3_api_msg_data.tap.v3.TraceWrapper>` messages. This enumeration indicates |
|
// how those messages are written. Note that not all sinks support all output formats. See |
|
// individual sink documentation for more information. |
|
enum Format { |
|
// Each message will be written as JSON. Any :ref:`body <envoy_v3_api_msg_data.tap.v3.Body>` |
|
// data will be present in the :ref:`as_bytes |
|
// <envoy_v3_api_field_data.tap.v3.Body.as_bytes>` field. This means that body data will be |
|
// base64 encoded as per the `proto3 JSON mappings |
|
// <https://developers.google.com/protocol-buffers/docs/proto3#json>`_. |
|
JSON_BODY_AS_BYTES = 0; |
|
|
|
// Each message will be written as JSON. Any :ref:`body <envoy_v3_api_msg_data.tap.v3.Body>` |
|
// data will be present in the :ref:`as_string |
|
// <envoy_v3_api_field_data.tap.v3.Body.as_string>` field. This means that body data will be |
|
// string encoded as per the `proto3 JSON mappings |
|
// <https://developers.google.com/protocol-buffers/docs/proto3#json>`_. This format type is |
|
// useful when it is known that that body is human readable (e.g., JSON over HTTP) and the |
|
// user wishes to view it directly without being forced to base64 decode the body. |
|
JSON_BODY_AS_STRING = 1; |
|
|
|
// Binary proto format. Note that binary proto is not self-delimiting. If a sink writes |
|
// multiple binary messages without any length information the data stream will not be |
|
// useful. However, for certain sinks that are self-delimiting (e.g., one message per file) |
|
// this output format makes consumption simpler. |
|
PROTO_BINARY = 2; |
|
|
|
// Messages are written as a sequence tuples, where each tuple is the message length encoded |
|
// as a `protobuf 32-bit varint |
|
// <https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.io.coded_stream>`_ |
|
// followed by the binary message. The messages can be read back using the language specific |
|
// protobuf coded stream implementation to obtain the message length and the message. |
|
PROTO_BINARY_LENGTH_DELIMITED = 3; |
|
|
|
// Text proto format. |
|
PROTO_TEXT = 4; |
|
} |
|
|
|
// Sink output format. |
|
Format format = 1 [(validate.rules).enum = {defined_only: true}]; |
|
|
|
oneof output_sink_type { |
|
option (validate.required) = true; |
|
|
|
// Tap output will be streamed out the :http:post:`/tap` admin endpoint. |
|
// |
|
// .. attention:: |
|
// |
|
// It is only allowed to specify the streaming admin output sink if the tap is being |
|
// configured from the :http:post:`/tap` admin endpoint. Thus, if an extension has |
|
// been configured to receive tap configuration from some other source (e.g., static |
|
// file, XDS, etc.) configuring the streaming admin output type will fail. |
|
StreamingAdminSink streaming_admin = 2; |
|
|
|
// Tap output will be written to a file per tap sink. |
|
FilePerTapSink file_per_tap = 3; |
|
|
|
// [#not-implemented-hide:] |
|
// GrpcService to stream data to. The format argument must be PROTO_BINARY. |
|
// [#comment: TODO(samflattery): remove cleanup in uber_per_filter.cc once implemented] |
|
StreamingGrpcSink streaming_grpc = 4; |
|
|
|
// Tap output will be buffered in a single block before flushing to the :http:post:`/tap` admin endpoint |
|
// |
|
// .. attention:: |
|
// |
|
// It is only allowed to specify the buffered admin output sink if the tap is being |
|
// configured from the :http:post:`/tap` admin endpoint. Thus, if an extension has |
|
// been configured to receive tap configuration from some other source (e.g., static |
|
// file, XDS, etc.) configuring the buffered admin output type will fail. |
|
BufferedAdminSink buffered_admin = 5; |
|
} |
|
} |
|
|
|
// Streaming admin sink configuration. |
|
message StreamingAdminSink { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.StreamingAdminSink"; |
|
} |
|
|
|
// BufferedAdminSink configures a tap output to collect traces without returning them until |
|
// one of multiple criteria are satisfied. |
|
// Similar to StreamingAdminSink, it is only allowed to specify the buffered admin output |
|
// sink if the tap is being configured from the ``/tap`` admin endpoint. |
|
message BufferedAdminSink { |
|
// Stop collecting traces when the specified number are collected. |
|
// If other criteria for ending collection are reached first, this value will not be used. |
|
uint64 max_traces = 1 [(validate.rules).uint64 = {gt: 0}]; |
|
|
|
// Acts as a fallback to prevent the client from waiting for long periods of time. |
|
// After timeout has occurred, a buffer flush will be triggered, returning the traces buffered so far. |
|
// This may result in returning fewer traces than were requested, and in the case that no traces are |
|
// buffered during this time, no traces will be returned. |
|
// Specifying 0 for the timeout value (or not specifying a value at all) indicates an infinite timeout. |
|
google.protobuf.Duration timeout = 2; |
|
} |
|
|
|
// The file per tap sink outputs a discrete file for every tapped stream. |
|
message FilePerTapSink { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.FilePerTapSink"; |
|
|
|
// Path prefix. The output file will be of the form <path_prefix>_<id>.pb, where <id> is an |
|
// identifier distinguishing the recorded trace for stream instances (the Envoy |
|
// connection ID, HTTP stream ID, etc.). |
|
string path_prefix = 1 [(validate.rules).string = {min_len: 1}]; |
|
} |
|
|
|
// [#not-implemented-hide:] Streaming gRPC sink configuration sends the taps to an external gRPC |
|
// server. |
|
message StreamingGrpcSink { |
|
option (udpa.annotations.versioning).previous_message_type = |
|
"envoy.service.tap.v2alpha.StreamingGrpcSink"; |
|
|
|
// Opaque identifier, that will be sent back to the streaming grpc server. |
|
string tap_id = 1; |
|
|
|
// The gRPC server that hosts the Tap Sink Service. |
|
core.v3.GrpcService grpc_service = 2 [(validate.rules).message = {required: true}]; |
|
}
|
|
|