mirror of https://github.com/grpc/grpc.git
This removes all xDS protos except for 5 of them that have services. We still have some limitations in our internal build system that make it hard to use the real xDS protos for those files, but we're now using the real xDS protos for the rest. (Note: discovery.proto is actually a special case. While it does have services, we don't actually use those services, so that's not the reason we need a copy of this file. Unfortunately, the xDS BUILD files group discovery.proto into the same build target as ads.proto, which has services that we actually use, thus requiring us to have our own copy. This means that depending on the real discovery.proto causes us to also depend on the real ads.proto, which causes a conflict in the protobuf registry by linking two copies of ads.proto. However, we *are* using the real discovery.proto in unit tests, which do not depend on ads.proto.) PiperOrigin-RevId: 693907782pull/38046/head
Mark D. Roth
3 weeks ago
committed by
Copybara-Service
parent
f7b0454018
commit
d60ebf710b
83 changed files with 13125 additions and 7972 deletions
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,75 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.core.v3; |
||||
|
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: Network addresses] |
||||
|
||||
// [#next-free-field: 7] |
||||
message SocketAddress { |
||||
enum Protocol { |
||||
TCP = 0; |
||||
UDP = 1; |
||||
} |
||||
Protocol protocol = 1; |
||||
|
||||
// The address for this socket. :ref:`Listeners <config_listeners>` will bind |
||||
// to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::`` |
||||
// to bind to any address. [#comment:TODO(zuercher) reinstate when implemented: |
||||
// It is possible to distinguish a Listener address via the prefix/suffix matching |
||||
// in :ref:`FilterChainMatch <envoy_api_msg_config.listener.v3.FilterChainMatch>`.] When used |
||||
// within an upstream :ref:`BindConfig <envoy_api_msg_config.core.v3.BindConfig>`, the address |
||||
// controls the source address of outbound connections. For :ref:`clusters |
||||
// <envoy_api_msg_config.cluster.v3.Cluster>`, the cluster type determines whether the |
||||
// address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS |
||||
// (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized |
||||
// via :ref:`resolver_name <envoy_api_field_config.core.v3.SocketAddress.resolver_name>`. |
||||
string address = 2; |
||||
|
||||
oneof port_specifier { |
||||
uint32 port_value = 3; |
||||
} |
||||
|
||||
// The name of the custom resolver. This must have been registered with Envoy. If |
||||
// this is empty, a context dependent default applies. If the address is a concrete |
||||
// IP address, no resolution will occur. If address is a hostname this |
||||
// should be set for resolution other than DNS. Specifying a custom resolver with |
||||
// *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime. |
||||
string resolver_name = 5; |
||||
} |
||||
|
||||
// Addresses specify either a logical or physical address and port, which are |
||||
// used to tell Envoy where to bind/listen, connect to upstream and find |
||||
// management servers. |
||||
message Address { |
||||
oneof address { |
||||
SocketAddress socket_address = 1; |
||||
} |
||||
} |
||||
|
||||
// CidrRange specifies an IP Address and a prefix length to construct |
||||
// the subnet mask for a `CIDR <https://tools.ietf.org/html/rfc4632>`_ range. |
||||
message CidrRange { |
||||
// IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``. |
||||
string address_prefix = 1; |
||||
|
||||
// Length of prefix, e.g. 0, 32. |
||||
google.protobuf.UInt32Value prefix_len = 2; |
||||
} |
||||
@ -1,28 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.clusters.aggregate.v3; |
||||
|
||||
// Configuration for the aggregate cluster. See the :ref:`architecture overview |
||||
// <arch_overview_aggregate_cluster>` for more information. |
||||
// [#extension: envoy.clusters.aggregate] |
||||
message ClusterConfig { |
||||
// Load balancing clusters in aggregate cluster. Clusters are prioritized based on the order they |
||||
// appear in this list. |
||||
repeated string clusters = 1; |
||||
} |
||||
@ -1,30 +0,0 @@ |
||||
// Copyright 2023 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.rbac.audit_loggers.stream.v3; |
||||
|
||||
option java_package = "io.envoyproxy.envoy.extensions.rbac.audit_loggers.stream.v3"; |
||||
option java_outer_classname = "StreamProto"; |
||||
option java_multiple_files = true; |
||||
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/rbac/audit_loggers/stream/v3;streamv3"; |
||||
|
||||
// Custom configuration for the RBAC audit logger that writes log entries |
||||
// directly to the operating system's standard output. |
||||
// The logger outputs in JSON format and is currently not configurable. |
||||
message StdoutAuditLog { |
||||
} |
||||
@ -1,171 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.core.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/percent.proto"; |
||||
|
||||
import "google/protobuf/any.proto"; |
||||
import "google/protobuf/struct.proto"; |
||||
|
||||
// Identifies location of where either Envoy runs or where upstream hosts run. |
||||
message Locality { |
||||
// Region this :ref:`zone <envoy_api_field_config.core.v3.Locality.zone>` belongs to. |
||||
string region = 1; |
||||
|
||||
// Defines the local service zone where Envoy is running. Though optional, it |
||||
// should be set if discovery service routing is used and the discovery |
||||
// service exposes :ref:`zone data <envoy_api_field_config.endpoint.v3.LocalityLbEndpoints.locality>`, |
||||
// either in this message or via :option:`--service-zone`. The meaning of zone |
||||
// is context dependent, e.g. `Availability Zone (AZ) |
||||
// <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html>`_ |
||||
// on AWS, `Zone <https://cloud.google.com/compute/docs/regions-zones/>`_ on |
||||
// GCP, etc. |
||||
string zone = 2; |
||||
|
||||
// When used for locality of upstream hosts, this field further splits zone |
||||
// into smaller chunks of sub-zones so they can be load balanced |
||||
// independently. |
||||
string sub_zone = 3; |
||||
} |
||||
|
||||
// Identifies a specific Envoy instance. The node identifier is presented to the |
||||
// management server, which may use this identifier to distinguish per Envoy |
||||
// configuration for serving. |
||||
// [#next-free-field: 12] |
||||
message Node { |
||||
// An opaque node identifier for the Envoy node. This also provides the local |
||||
// service node name. It should be set if any of the following features are |
||||
// used: :ref:`statsd <arch_overview_statistics>`, :ref:`CDS |
||||
// <config_cluster_manager_cds>`, and :ref:`HTTP tracing |
||||
// <arch_overview_tracing>`, either in this message or via |
||||
// :option:`--service-node`. |
||||
string id = 1; |
||||
|
||||
// Defines the local service cluster name where Envoy is running. Though |
||||
// optional, it should be set if any of the following features are used: |
||||
// :ref:`statsd <arch_overview_statistics>`, :ref:`health check cluster |
||||
// verification |
||||
// <envoy_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher>`, |
||||
// :ref:`runtime override directory <envoy_api_msg_config.bootstrap.v3.Runtime>`, |
||||
// :ref:`user agent addition |
||||
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent>`, |
||||
// :ref:`HTTP global rate limiting <config_http_filters_rate_limit>`, |
||||
// :ref:`CDS <config_cluster_manager_cds>`, and :ref:`HTTP tracing |
||||
// <arch_overview_tracing>`, either in this message or via |
||||
// :option:`--service-cluster`. |
||||
string cluster = 2; |
||||
|
||||
// Opaque metadata extending the node identifier. Envoy will pass this |
||||
// directly to the management server. |
||||
google.protobuf.Struct metadata = 3; |
||||
|
||||
// Locality specifying where the Envoy instance is running. |
||||
Locality locality = 4; |
||||
|
||||
// Free-form string that identifies the entity requesting config. |
||||
// E.g. "envoy" or "grpc" |
||||
string user_agent_name = 6; |
||||
|
||||
oneof user_agent_version_type { |
||||
// Free-form string that identifies the version of the entity requesting config. |
||||
// E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild" |
||||
string user_agent_version = 7; |
||||
} |
||||
|
||||
// Client feature support list. These are well known features described |
||||
// in the Envoy API repository for a given major version of an API. Client features |
||||
// use reverse DNS naming scheme, for example `com.acme.feature`. |
||||
// See :ref:`the list of features <client_features>` that xDS client may |
||||
// support. |
||||
repeated string client_features = 10; |
||||
} |
||||
|
||||
// Data source consisting of either a file or an inline value. |
||||
message DataSource {} |
||||
|
||||
// Runtime derived FractionalPercent with defaults for when the numerator or denominator is not |
||||
// specified via a runtime key. |
||||
// |
||||
// .. note:: |
||||
// |
||||
// Parsing of the runtime key's data is implemented such that it may be represented as a |
||||
// :ref:`FractionalPercent <envoy_api_msg_type.v3.FractionalPercent>` proto represented as JSON/YAML |
||||
// and may also be represented as an integer with the assumption that the value is an integral |
||||
// percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse |
||||
// as a `FractionalPercent` whose numerator is 42 and denominator is HUNDRED. |
||||
message RuntimeFractionalPercent { |
||||
// Default value if the runtime value's for the numerator/denominator keys are not available. |
||||
type.v3.FractionalPercent default_value = 1; |
||||
} |
||||
|
||||
// Configuration for transport socket in :ref:`listeners <config_listeners>` and |
||||
// :ref:`clusters <envoy_api_msg_config.cluster.v3.Cluster>`. If the configuration is |
||||
// empty, a default transport socket implementation and configuration will be |
||||
// chosen based on the platform and existence of tls_context. |
||||
message TransportSocket { |
||||
// The name of the transport socket to instantiate. The name must match a supported transport |
||||
// socket implementation. |
||||
string name = 1; |
||||
|
||||
// Implementation specific configuration which depends on the implementation being instantiated. |
||||
// See the supported transport socket implementations for further documentation. |
||||
oneof config_type { |
||||
google.protobuf.Any typed_config = 3; |
||||
} |
||||
} |
||||
|
||||
// Metadata provides additional inputs to filters based on matched listeners, |
||||
// filter chains, routes and endpoints. It is structured as a map, usually from |
||||
// filter name (in reverse DNS format) to metadata specific to the filter. Metadata |
||||
// key-values for a filter are merged as connection and request handling occurs, |
||||
// with later values for the same key overriding earlier values. |
||||
// |
||||
// An example use of metadata is providing additional values to |
||||
// http_connection_manager in the envoy.http_connection_manager.access_log |
||||
// namespace. |
||||
// |
||||
// Another example use of metadata is to per service config info in cluster metadata, which may get |
||||
// consumed by multiple filters. |
||||
// |
||||
// For load balancing, Metadata provides a means to subset cluster endpoints. |
||||
// Endpoints have a Metadata object associated and routes contain a Metadata |
||||
// object to match against. There are some well defined metadata used today for |
||||
// this purpose: |
||||
// |
||||
// * ``{"envoy.lb": {"canary": <bool> }}`` This indicates the canary status of an |
||||
// endpoint and is also used during header processing |
||||
// (x-envoy-upstream-canary) and for stats purposes. |
||||
// [#next-major-version: move to type/metadata/v2] |
||||
message Metadata { |
||||
// Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*`` |
||||
// namespace is reserved for Envoy's built-in filters. |
||||
// If both ``filter_metadata`` and |
||||
// :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` |
||||
// fields are present in the metadata with same keys, |
||||
// only ``typed_filter_metadata`` field will be parsed. |
||||
map<string, google.protobuf.Struct> filter_metadata = 1; |
||||
|
||||
// Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*`` |
||||
// namespace is reserved for Envoy's built-in filters. |
||||
// The value is encoded as google.protobuf.Any. |
||||
// If both :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` |
||||
// and ``typed_filter_metadata`` fields are present in the metadata with same keys, |
||||
// only ``typed_filter_metadata`` field will be parsed. |
||||
map<string, google.protobuf.Any> typed_filter_metadata = 2; |
||||
} |
||||
@ -1,71 +0,0 @@ |
||||
// Copyright 2023 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.load_balancing_policies.client_side_weighted_round_robin.v3; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: Client-Side Weighted Round Robin Load Balancing Policy] |
||||
// [#not-implemented-hide:] |
||||
|
||||
// Configuration for the client_side_weighted_round_robin LB policy. |
||||
// |
||||
// This policy differs from the built-in ROUND_ROBIN policy in terms of |
||||
// how the endpoint weights are determined. In the ROUND_ROBIN policy, |
||||
// the endpoint weights are sent by the control plane via EDS. However, |
||||
// in this policy, the endpoint weights are instead determined via |
||||
// qps and CPU utilization metrics sent by the endpoint using the Open |
||||
// Request Cost Aggregation (ORCA) protocol. The weight of a given endpoint |
||||
// is computed as qps / cpu_utilization. |
||||
// |
||||
// See the :ref:`load balancing architecture overview<arch_overview_load_balancing_types>` for more information. |
||||
// |
||||
// [#next-free-field: 6] |
||||
message ClientSideWeightedRoundRobin { |
||||
// Whether to enable out-of-band utilization reporting collection from |
||||
// the endpoints. By default, per-request utilization reporting is used. |
||||
google.protobuf.BoolValue enable_oob_load_report = 1; |
||||
|
||||
// Load reporting interval to request from the server. Note that the |
||||
// server may not provide reports as frequently as the client requests. |
||||
// Used only when enable_oob_load_report is true. Default is 10 seconds. |
||||
google.protobuf.Duration oob_reporting_period = 2; |
||||
|
||||
// A given endpoint must report load metrics continuously for at least |
||||
// this long before the endpoint weight will be used. This avoids |
||||
// churn when the set of endpoint addresses changes. Takes effect |
||||
// both immediately after we establish a connection to an endpoint and |
||||
// after weight_expiration_period has caused us to stop using the most |
||||
// recent load metrics. Default is 10 seconds. |
||||
google.protobuf.Duration blackout_period = 3; |
||||
|
||||
// If a given endpoint has not reported load metrics in this long, |
||||
// then we stop using the reported weight. This ensures that we do |
||||
// not continue to use very stale weights. Once we stop using a stale |
||||
// value, if we later start seeing fresh reports again, the |
||||
// blackout_period applies. Defaults to 3 minutes. |
||||
google.protobuf.Duration weight_expiration_period = 4; |
||||
|
||||
// How often endpoint weights are recalculated. Default is 1 second. |
||||
google.protobuf.Duration weight_update_period = 5; |
||||
|
||||
// The multiplier used to adjust endpoint weights with the error rate |
||||
// calculated as eps/qps. Default is 1.0. |
||||
google.protobuf.FloatValue error_utilization_penalty = 6; |
||||
} |
||||
@ -1,312 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.cluster.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/base.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/config_source.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/endpoint.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/extension.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/health_check.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/outlier_detection.proto"; |
||||
|
||||
import "google/protobuf/any.proto"; |
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
enum RoutingPriority { |
||||
DEFAULT = 0; |
||||
HIGH = 1; |
||||
} |
||||
|
||||
message CircuitBreakers { |
||||
message Thresholds { |
||||
RoutingPriority priority = 1; |
||||
google.protobuf.UInt32Value max_requests = 4; |
||||
} |
||||
repeated Thresholds thresholds = 1; |
||||
} |
||||
|
||||
// Extended cluster type. |
||||
message CustomClusterType { |
||||
// The type of the cluster to instantiate. The name must match a supported cluster type. |
||||
string name = 1; |
||||
|
||||
// Cluster specific configuration which depends on the cluster being instantiated. |
||||
// See the supported cluster for further documentation. |
||||
google.protobuf.Any typed_config = 2; |
||||
} |
||||
|
||||
// [#protodoc-title: Cluster configuration] |
||||
|
||||
// Configuration for a single upstream cluster. |
||||
// [#next-free-field: 48] |
||||
message Cluster { |
||||
// Refer to :ref:`service discovery type <arch_overview_service_discovery_types>` |
||||
// for an explanation on each type. |
||||
enum DiscoveryType { |
||||
// Refer to the :ref:`static discovery type<arch_overview_service_discovery_types_static>` |
||||
// for an explanation. |
||||
STATIC = 0; |
||||
|
||||
// Refer to the :ref:`strict DNS discovery |
||||
// type<arch_overview_service_discovery_types_strict_dns>` |
||||
// for an explanation. |
||||
STRICT_DNS = 1; |
||||
|
||||
// Refer to the :ref:`logical DNS discovery |
||||
// type<arch_overview_service_discovery_types_logical_dns>` |
||||
// for an explanation. |
||||
LOGICAL_DNS = 2; |
||||
|
||||
// Refer to the :ref:`service discovery type<arch_overview_service_discovery_types_eds>` |
||||
// for an explanation. |
||||
EDS = 3; |
||||
|
||||
// Refer to the :ref:`original destination discovery |
||||
// type<arch_overview_service_discovery_types_original_destination>` |
||||
// for an explanation. |
||||
ORIGINAL_DST = 4; |
||||
} |
||||
|
||||
// Refer to :ref:`load balancer type <arch_overview_load_balancing_types>` architecture |
||||
// overview section for information on each type. |
||||
enum LbPolicy { |
||||
reserved 4; |
||||
|
||||
reserved "ORIGINAL_DST_LB"; |
||||
|
||||
// Refer to the :ref:`round robin load balancing |
||||
// policy<arch_overview_load_balancing_types_round_robin>` |
||||
// for an explanation. |
||||
ROUND_ROBIN = 0; |
||||
|
||||
// Refer to the :ref:`least request load balancing |
||||
// policy<arch_overview_load_balancing_types_least_request>` |
||||
// for an explanation. |
||||
LEAST_REQUEST = 1; |
||||
|
||||
// Refer to the :ref:`ring hash load balancing |
||||
// policy<arch_overview_load_balancing_types_ring_hash>` |
||||
// for an explanation. |
||||
RING_HASH = 2; |
||||
|
||||
// Refer to the :ref:`random load balancing |
||||
// policy<arch_overview_load_balancing_types_random>` |
||||
// for an explanation. |
||||
RANDOM = 3; |
||||
|
||||
// Refer to the :ref:`Maglev load balancing policy<arch_overview_load_balancing_types_maglev>` |
||||
// for an explanation. |
||||
MAGLEV = 5; |
||||
|
||||
// This load balancer type must be specified if the configured cluster provides a cluster |
||||
// specific load balancer. Consult the configured cluster's documentation for whether to set |
||||
// this option or not. |
||||
CLUSTER_PROVIDED = 6; |
||||
|
||||
// [#not-implemented-hide:] Use the new :ref:`load_balancing_policy |
||||
// <envoy_api_field_config.cluster.v3.Cluster.load_balancing_policy>` field to determine the LB policy. |
||||
// [#next-major-version: In the v3 API, we should consider deprecating the lb_policy field |
||||
// and instead using the new load_balancing_policy field as the one and only mechanism for |
||||
// configuring this.] |
||||
LOAD_BALANCING_POLICY_CONFIG = 7; |
||||
} |
||||
|
||||
// Only valid when discovery type is EDS. |
||||
message EdsClusterConfig { |
||||
// Configuration for the source of EDS updates for this Cluster. |
||||
core.v3.ConfigSource eds_config = 1; |
||||
|
||||
// Optional alternative to cluster name to present to EDS. This does not |
||||
// have the same restrictions as cluster name, i.e. it may be arbitrary |
||||
// length. |
||||
string service_name = 2; |
||||
} |
||||
|
||||
message CommonLbConfig { |
||||
core.v3.HealthStatusSet override_host_status = 8; |
||||
} |
||||
|
||||
// Supplies the name of the cluster which must be unique across all clusters. |
||||
// The cluster name is used when emitting |
||||
// :ref:`statistics <config_cluster_manager_cluster_stats>` if :ref:`alt_stat_name |
||||
// <envoy_api_field_config.cluster.v3.Cluster.alt_stat_name>` is not provided. |
||||
// Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics. |
||||
string name = 1; |
||||
|
||||
oneof cluster_discovery_type { |
||||
// The :ref:`service discovery type <arch_overview_service_discovery_types>` |
||||
// to use for resolving the cluster. |
||||
DiscoveryType type = 2; |
||||
|
||||
// The custom cluster type. |
||||
CustomClusterType cluster_type = 38; |
||||
} |
||||
|
||||
// Configuration to use for EDS updates for the Cluster. |
||||
EdsClusterConfig eds_cluster_config = 3; |
||||
|
||||
// Specific configuration for the :ref:`RingHash<arch_overview_load_balancing_types_ring_hash>` |
||||
// load balancing policy. |
||||
message RingHashLbConfig { |
||||
// The hash function used to hash hosts onto the ketama ring. |
||||
enum HashFunction { |
||||
// Use `xxHash <https://github.com/Cyan4973/xxHash>`_, this is the default hash function. |
||||
XX_HASH = 0; |
||||
MURMUR_HASH_2 = 1; |
||||
} |
||||
|
||||
reserved 2; |
||||
|
||||
// Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each |
||||
// provided host) the better the request distribution will reflect the desired weights. Defaults |
||||
// to 1024 entries, and limited to 8M entries. See also |
||||
// :ref:`maximum_ring_size<envoy_api_field_config.cluster.v3.Cluster.RingHashLbConfig.maximum_ring_size>`. |
||||
google.protobuf.UInt64Value minimum_ring_size = 1; |
||||
|
||||
// The hash function used to hash hosts onto the ketama ring. The value defaults to |
||||
// :ref:`XX_HASH<envoy_api_enum_value_config.cluster.v3.Cluster.RingHashLbConfig.HashFunction.XX_HASH>`. |
||||
HashFunction hash_function = 3; |
||||
|
||||
// Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered |
||||
// to further constrain resource use. See also |
||||
// :ref:`minimum_ring_size<envoy_api_field_config.cluster.v3.Cluster.RingHashLbConfig.minimum_ring_size>`. |
||||
google.protobuf.UInt64Value maximum_ring_size = 4; |
||||
} |
||||
|
||||
// The :ref:`load balancer type <arch_overview_load_balancing_types>` to use |
||||
// when picking a host in the cluster. |
||||
LbPolicy lb_policy = 6; |
||||
|
||||
// Setting this is required for specifying members of |
||||
// :ref:`STATIC<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STATIC>`, |
||||
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` |
||||
// or :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` clusters. |
||||
// This field supersedes the *hosts* field in the v2 API. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// Setting this allows non-EDS cluster types to contain embedded EDS equivalent |
||||
// :ref:`endpoint assignments<envoy_api_msg_config.endpoint.v3.ClusterLoadAssignment>`. |
||||
// |
||||
endpoint.v3.ClusterLoadAssignment load_assignment = 33; |
||||
|
||||
CircuitBreakers circuit_breakers = 10; |
||||
|
||||
// If specified, outlier detection will be enabled for this upstream cluster. |
||||
// Each of the configuration values can be overridden via |
||||
// :ref:`runtime values <config_cluster_manager_cluster_runtime_outlier_detection>`. |
||||
OutlierDetection outlier_detection = 19; |
||||
|
||||
// Optional configuration for the load balancing algorithm selected by |
||||
// LbPolicy. Currently only |
||||
// :ref:`RING_HASH<envoy_api_enum_value_config.cluster.v3.Cluster.LbPolicy.RING_HASH>`, |
||||
// Specifying ring_hash_lb_config without setting the corresponding |
||||
// LbPolicy will generate an error at runtime. |
||||
oneof lb_config { |
||||
// Optional configuration for the Ring Hash load balancing policy. |
||||
RingHashLbConfig ring_hash_lb_config = 23; |
||||
} |
||||
|
||||
CommonLbConfig common_lb_config = 27; |
||||
|
||||
// Optional custom transport socket implementation to use for upstream connections. |
||||
// To setup TLS, set a transport socket with name `tls` and |
||||
// :ref:`UpstreamTlsContexts <envoy_api_msg_extensions.transport_sockets.tls.v3.UpstreamTlsContext>` in the `typed_config`. |
||||
// If no transport socket configuration is specified, new connections |
||||
// will be set up with plaintext. |
||||
core.v3.TransportSocket transport_socket = 24; |
||||
|
||||
// If this field is set and is supported by the client, it will supersede the value of |
||||
// :ref:`lb_policy<envoy_v3_api_field_config.cluster.v3.Cluster.lb_policy>`. |
||||
LoadBalancingPolicy load_balancing_policy = 41; |
||||
|
||||
// [#not-implemented-hide:] |
||||
// If present, tells the client where to send load reports via LRS. If not present, the |
||||
// client will fall back to a client-side default, which may be either (a) don't send any |
||||
// load reports or (b) send load reports for all clusters to a single default server |
||||
// (which may be configured in the bootstrap file). |
||||
// |
||||
// Note that if multiple clusters point to the same LRS server, the client may choose to |
||||
// create a separate stream for each cluster or it may choose to coalesce the data for |
||||
// multiple clusters onto a single stream. Either way, the client must make sure to send |
||||
// the data for any given cluster on no more than one stream. |
||||
// |
||||
// [#next-major-version: In the v3 API, we should consider restructuring this somehow, |
||||
// maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation |
||||
// from the LRS stream here.] |
||||
core.v3.ConfigSource lrs_server = 42; |
||||
|
||||
// A list of metric names from ORCA load reports to propagate to LRS. |
||||
// |
||||
// For map fields in the ORCA proto, the string will be of the form ``<map_field_name>.<map_key>``. |
||||
// For example, the string ``named_metrics.foo`` will mean to look for the key ``foo`` in the ORCA |
||||
// ``named_metrics`` field. |
||||
// |
||||
// The special map key ``*`` means to report all entries in the map (e.g., ``named_metrics.*`` means to |
||||
// report all entries in the ORCA named_metrics field). Note that this should be used only with trusted |
||||
// backends. |
||||
// |
||||
// The metric names in LRS will follow the same semantics as this field. In other words, if this field |
||||
// contains ``named_metrics.foo``, then the LRS load report will include the data with that same string |
||||
// as the key. |
||||
repeated string lrs_report_endpoint_metrics = 57; |
||||
|
||||
// The Metadata field can be used to provide additional information about the |
||||
// cluster. It can be used for stats, logging, and varying filter behavior. |
||||
// Fields should use reverse DNS notation to denote which entity within Envoy |
||||
// will need the information. For instance, if the metadata is intended for |
||||
// the Router filter, the filter name should be specified as ``envoy.filters.http.router``. |
||||
core.v3.Metadata metadata = 25; |
||||
|
||||
core.v3.TypedExtensionConfig upstream_config = 48; |
||||
} |
||||
|
||||
// Extensible load balancing policy configuration. |
||||
// |
||||
// Every LB policy defined via this mechanism will be identified via a unique name using reverse |
||||
// DNS notation. If the policy needs configuration parameters, it must define a message for its |
||||
// own configuration, which will be stored in the config field. The name of the policy will tell |
||||
// clients which type of message they should expect to see in the config field. |
||||
// |
||||
// Note that there are cases where it is useful to be able to independently select LB policies |
||||
// for choosing a locality and for choosing an endpoint within that locality. For example, a |
||||
// given deployment may always use the same policy to choose the locality, but for choosing the |
||||
// endpoint within the locality, some clusters may use weighted-round-robin, while others may |
||||
// use some sort of session-based balancing. |
||||
// |
||||
// This can be accomplished via hierarchical LB policies, where the parent LB policy creates a |
||||
// child LB policy for each locality. For each request, the parent chooses the locality and then |
||||
// delegates to the child policy for that locality to choose the endpoint within the locality. |
||||
// |
||||
// To facilitate this, the config message for the top-level LB policy may include a field of |
||||
// type LoadBalancingPolicy that specifies the child policy. |
||||
message LoadBalancingPolicy { |
||||
message Policy { |
||||
reserved 2, 1, 3; |
||||
|
||||
reserved "config", "name", "typed_config"; |
||||
|
||||
core.v3.TypedExtensionConfig typed_extension_config = 4; |
||||
} |
||||
|
||||
// Each client will iterate over the list in order and stop at the first policy that it |
||||
// supports. This provides a mechanism for starting to use new LB policies that are not yet |
||||
// supported by all clients. |
||||
repeated Policy policies = 1; |
||||
} |
||||
@ -1,284 +0,0 @@ |
||||
// Copyright 2021 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.admin.v3; |
||||
|
||||
import "google/protobuf/any.proto"; |
||||
import "google/protobuf/timestamp.proto"; |
||||
|
||||
// Resource status from the view of a xDS client, which tells the synchronization |
||||
// status between the xDS client and the xDS server. |
||||
enum ClientResourceStatus { |
||||
// Resource status is not available/unknown. |
||||
UNKNOWN = 0; |
||||
|
||||
// Client requested this resource but hasn't received any update from management |
||||
// server. The client will not fail requests, but will queue them until update |
||||
// arrives or the client times out waiting for the resource. |
||||
REQUESTED = 1; |
||||
|
||||
// This resource has been requested by the client but has either not been |
||||
// delivered by the server or was previously delivered by the server and then |
||||
// subsequently removed from resources provided by the server. For more |
||||
// information, please refer to the :ref:`"Knowing When a Requested Resource |
||||
// Does Not Exist" <xds_protocol_resource_not_existed>` section. |
||||
DOES_NOT_EXIST = 2; |
||||
|
||||
// Client received this resource and replied with ACK. |
||||
ACKED = 3; |
||||
|
||||
// Client received this resource and replied with NACK. |
||||
NACKED = 4; |
||||
} |
||||
|
||||
message UpdateFailureState { |
||||
// What the component configuration would have been if the update had succeeded. |
||||
// This field may not be populated by xDS clients due to storage overhead. |
||||
google.protobuf.Any failed_configuration = 1; |
||||
|
||||
// Time of the latest failed update attempt. |
||||
google.protobuf.Timestamp last_update_attempt = 2; |
||||
|
||||
// Details about the last failed update attempt. |
||||
string details = 3; |
||||
|
||||
// This is the version of the rejected resource. |
||||
// [#not-implemented-hide:] |
||||
string version_info = 4; |
||||
} |
||||
|
||||
// Envoy's listener manager fills this message with all currently known listeners. Listener |
||||
// configuration information can be used to recreate an Envoy configuration by populating all |
||||
// listeners as static listeners or by returning them in a LDS response. |
||||
message ListenersConfigDump { |
||||
// Describes a statically loaded listener. |
||||
message StaticListener { |
||||
// The listener config. |
||||
google.protobuf.Any listener = 1; |
||||
|
||||
// The timestamp when the Listener was last successfully updated. |
||||
google.protobuf.Timestamp last_updated = 2; |
||||
} |
||||
|
||||
message DynamicListenerState { |
||||
// This is the per-resource version information. This version is currently taken from the |
||||
// :ref:`version_info <envoy_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time |
||||
// that the listener was loaded. In the future, discrete per-listener versions may be supported |
||||
// by the API. |
||||
string version_info = 1; |
||||
|
||||
// The listener config. |
||||
google.protobuf.Any listener = 2; |
||||
|
||||
// The timestamp when the Listener was last successfully updated. |
||||
google.protobuf.Timestamp last_updated = 3; |
||||
} |
||||
|
||||
// Describes a dynamically loaded listener via the LDS API. |
||||
// [#next-free-field: 7] |
||||
message DynamicListener { |
||||
// The name or unique id of this listener, pulled from the DynamicListenerState config. |
||||
string name = 1; |
||||
|
||||
// The listener state for any active listener by this name. |
||||
// These are listeners that are available to service data plane traffic. |
||||
DynamicListenerState active_state = 2; |
||||
|
||||
// The listener state for any warming listener by this name. |
||||
// These are listeners that are currently undergoing warming in preparation to service data |
||||
// plane traffic. Note that if attempting to recreate an Envoy configuration from a |
||||
// configuration dump, the warming listeners should generally be discarded. |
||||
DynamicListenerState warming_state = 3; |
||||
|
||||
// The listener state for any draining listener by this name. |
||||
// These are listeners that are currently undergoing draining in preparation to stop servicing |
||||
// data plane traffic. Note that if attempting to recreate an Envoy configuration from a |
||||
// configuration dump, the draining listeners should generally be discarded. |
||||
DynamicListenerState draining_state = 4; |
||||
|
||||
// Set if the last update failed, cleared after the next successful update. |
||||
// The *error_state* field contains the rejected version of this particular |
||||
// resource along with the reason and timestamp. For successfully updated or |
||||
// acknowledged resource, this field should be empty. |
||||
UpdateFailureState error_state = 5; |
||||
|
||||
// The client status of this resource. |
||||
// [#not-implemented-hide:] |
||||
ClientResourceStatus client_status = 6; |
||||
} |
||||
|
||||
// This is the :ref:`version_info <envoy_api_field_service.discovery.v3.DiscoveryResponse.version_info>` in the |
||||
// last processed LDS discovery response. If there are only static bootstrap listeners, this field |
||||
// will be "". |
||||
string version_info = 1; |
||||
|
||||
// The statically loaded listener configs. |
||||
repeated StaticListener static_listeners = 2; |
||||
|
||||
// State for any warming, active, or draining listeners. |
||||
repeated DynamicListener dynamic_listeners = 3; |
||||
} |
||||
|
||||
// Envoy's cluster manager fills this message with all currently known clusters. Cluster |
||||
// configuration information can be used to recreate an Envoy configuration by populating all |
||||
// clusters as static clusters or by returning them in a CDS response. |
||||
message ClustersConfigDump { |
||||
// Describes a statically loaded cluster. |
||||
message StaticCluster { |
||||
// The cluster config. |
||||
google.protobuf.Any cluster = 1; |
||||
|
||||
// The timestamp when the Cluster was last updated. |
||||
google.protobuf.Timestamp last_updated = 2; |
||||
} |
||||
|
||||
// Describes a dynamically loaded cluster via the CDS API. |
||||
// [#next-free-field: 6] |
||||
message DynamicCluster { |
||||
// This is the per-resource version information. This version is currently taken from the |
||||
// :ref:`version_info <envoy_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time |
||||
// that the cluster was loaded. In the future, discrete per-cluster versions may be supported by |
||||
// the API. |
||||
string version_info = 1; |
||||
|
||||
// The cluster config. |
||||
google.protobuf.Any cluster = 2; |
||||
|
||||
// The timestamp when the Cluster was last updated. |
||||
google.protobuf.Timestamp last_updated = 3; |
||||
|
||||
// Set if the last update failed, cleared after the next successful update. |
||||
// The *error_state* field contains the rejected version of this particular |
||||
// resource along with the reason and timestamp. For successfully updated or |
||||
// acknowledged resource, this field should be empty. |
||||
// [#not-implemented-hide:] |
||||
UpdateFailureState error_state = 4; |
||||
|
||||
// The client status of this resource. |
||||
// [#not-implemented-hide:] |
||||
ClientResourceStatus client_status = 5; |
||||
} |
||||
|
||||
// This is the :ref:`version_info <envoy_api_field_service.discovery.v3.DiscoveryResponse.version_info>` in the |
||||
// last processed CDS discovery response. If there are only static bootstrap clusters, this field |
||||
// will be "". |
||||
string version_info = 1; |
||||
|
||||
// The statically loaded cluster configs. |
||||
repeated StaticCluster static_clusters = 2; |
||||
|
||||
// The dynamically loaded active clusters. These are clusters that are available to service |
||||
// data plane traffic. |
||||
repeated DynamicCluster dynamic_active_clusters = 3; |
||||
|
||||
// The dynamically loaded warming clusters. These are clusters that are currently undergoing |
||||
// warming in preparation to service data plane traffic. Note that if attempting to recreate an |
||||
// Envoy configuration from a configuration dump, the warming clusters should generally be |
||||
// discarded. |
||||
repeated DynamicCluster dynamic_warming_clusters = 4; |
||||
} |
||||
|
||||
// Envoy's RDS implementation fills this message with all currently loaded routes, as described by |
||||
// their RouteConfiguration objects. Static routes that are either defined in the bootstrap configuration |
||||
// or defined inline while configuring listeners are separated from those configured dynamically via RDS. |
||||
// Route configuration information can be used to recreate an Envoy configuration by populating all routes |
||||
// as static routes or by returning them in RDS responses. |
||||
message RoutesConfigDump { |
||||
message StaticRouteConfig { |
||||
// The route config. |
||||
google.protobuf.Any route_config = 1; |
||||
|
||||
// The timestamp when the Route was last updated. |
||||
google.protobuf.Timestamp last_updated = 2; |
||||
} |
||||
|
||||
// [#next-free-field: 6] |
||||
message DynamicRouteConfig { |
||||
// This is the per-resource version information. This version is currently taken from the |
||||
// :ref:`version_info <envoy_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that |
||||
// the route configuration was loaded. |
||||
string version_info = 1; |
||||
|
||||
// The route config. |
||||
google.protobuf.Any route_config = 2; |
||||
|
||||
// The timestamp when the Route was last updated. |
||||
google.protobuf.Timestamp last_updated = 3; |
||||
|
||||
// Set if the last update failed, cleared after the next successful update. |
||||
// The *error_state* field contains the rejected version of this particular |
||||
// resource along with the reason and timestamp. For successfully updated or |
||||
// acknowledged resource, this field should be empty. |
||||
// [#not-implemented-hide:] |
||||
UpdateFailureState error_state = 4; |
||||
|
||||
// The client status of this resource. |
||||
// [#not-implemented-hide:] |
||||
ClientResourceStatus client_status = 5; |
||||
} |
||||
|
||||
// The statically loaded route configs. |
||||
repeated StaticRouteConfig static_route_configs = 2; |
||||
|
||||
// The dynamically loaded route configs. |
||||
repeated DynamicRouteConfig dynamic_route_configs = 3; |
||||
} |
||||
|
||||
// Envoy's admin fill this message with all currently known endpoints. Endpoint |
||||
// configuration information can be used to recreate an Envoy configuration by populating all |
||||
// endpoints as static endpoints or by returning them in an EDS response. |
||||
message EndpointsConfigDump { |
||||
message StaticEndpointConfig { |
||||
// The endpoint config. |
||||
google.protobuf.Any endpoint_config = 1; |
||||
|
||||
// [#not-implemented-hide:] The timestamp when the Endpoint was last updated. |
||||
google.protobuf.Timestamp last_updated = 2; |
||||
} |
||||
|
||||
// [#next-free-field: 6] |
||||
message DynamicEndpointConfig { |
||||
// [#not-implemented-hide:] This is the per-resource version information. This version is currently taken from the |
||||
// :ref:`version_info <envoy_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that |
||||
// the endpoint configuration was loaded. |
||||
string version_info = 1; |
||||
|
||||
// The endpoint config. |
||||
google.protobuf.Any endpoint_config = 2; |
||||
|
||||
// [#not-implemented-hide:] The timestamp when the Endpoint was last updated. |
||||
google.protobuf.Timestamp last_updated = 3; |
||||
|
||||
// Set if the last update failed, cleared after the next successful update. |
||||
// The *error_state* field contains the rejected version of this particular |
||||
// resource along with the reason and timestamp. For successfully updated or |
||||
// acknowledged resource, this field should be empty. |
||||
// [#not-implemented-hide:] |
||||
UpdateFailureState error_state = 4; |
||||
|
||||
// The client status of this resource. |
||||
// [#not-implemented-hide:] |
||||
ClientResourceStatus client_status = 5; |
||||
} |
||||
|
||||
// The statically loaded endpoint configs. |
||||
repeated StaticEndpointConfig static_endpoint_configs = 2; |
||||
|
||||
// The dynamically loaded endpoint configs. |
||||
repeated DynamicEndpointConfig dynamic_endpoint_configs = 3; |
||||
} |
||||
@ -1,77 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.core.v3; |
||||
|
||||
// [#protodoc-title: Configuration sources] |
||||
|
||||
// Aggregated Discovery Service (ADS) options. This is currently empty, but when |
||||
// set in :ref:`ConfigSource <envoy_api_msg_config.core.v3.ConfigSource>` can be used to |
||||
// specify that ADS is to be used. |
||||
message AggregatedConfigSource { |
||||
} |
||||
|
||||
// [#not-implemented-hide:] |
||||
// Self-referencing config source options. This is currently empty, but when |
||||
// set in :ref:`ConfigSource <envoy_api_msg_config.core.v3.ConfigSource>` can be used to |
||||
// specify that other data can be obtained from the same server. |
||||
message SelfConfigSource { |
||||
} |
||||
|
||||
// Configuration for :ref:`listeners <config_listeners>`, :ref:`clusters |
||||
// <config_cluster_manager>`, :ref:`routes |
||||
// <envoy_api_msg_config.route.v3.RouteConfiguration>`, :ref:`endpoints |
||||
// <arch_overview_service_discovery>` etc. may either be sourced from the |
||||
// filesystem or from an xDS API source. Filesystem configs are watched with |
||||
// inotify for updates. |
||||
// [#next-free-field: 7] |
||||
message ConfigSource { |
||||
oneof config_source_specifier { |
||||
// Path on the filesystem to source and watch for configuration updates. |
||||
// When sourcing configuration for :ref:`secret <envoy_api_msg_extensions.transport_sockets.tls.v3.Secret>`, |
||||
// the certificate and key files are also watched for updates. |
||||
// |
||||
// .. note:: |
||||
// |
||||
// The path to the source must exist at config load time. |
||||
// |
||||
// .. note:: |
||||
// |
||||
// Envoy will only watch the file path for *moves.* This is because in general only moves |
||||
// are atomic. The same method of swapping files as is demonstrated in the |
||||
// :ref:`runtime documentation <config_runtime_symbolic_link_swap>` can be used here also. |
||||
string path = 1; |
||||
|
||||
// When set, ADS will be used to fetch resources. The ADS API configuration |
||||
// source in the bootstrap configuration is used. |
||||
AggregatedConfigSource ads = 3; |
||||
|
||||
// [#not-implemented-hide:] |
||||
// When set, the client will access the resources from the same server it got the |
||||
// ConfigSource from, although not necessarily from the same stream. This is similar to the |
||||
// :ref:`ads<envoy_api_field.ConfigSource.ads>` field, except that the client may use a |
||||
// different stream to the same server. As a result, this field can be used for things |
||||
// like LRS that cannot be sent on an ADS stream. It can also be used to link from (e.g.) |
||||
// LDS to RDS on the same server without requiring the management server to know its name |
||||
// or required credentials. |
||||
// [#next-major-version: In xDS v3, consider replacing the ads field with this one, since |
||||
// this field can implicitly mean to use the same stream in the case where the ConfigSource |
||||
// is provided via ADS and the specified data can also be obtained via ADS.] |
||||
SelfConfigSource self = 5; |
||||
} |
||||
} |
||||
@ -1,38 +0,0 @@ |
||||
// Copyright 2022 gRPC authors. |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.type.http.v3; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
|
||||
// [#protodoc-title: Http cookie API] |
||||
|
||||
// Cookie defines an API for obtaining or generating HTTP cookie. |
||||
message Cookie { |
||||
// The name that will be used to obtain cookie value from downstream HTTP request or generate |
||||
// new cookie for downstream. |
||||
string name = 1; |
||||
|
||||
// Duration of cookie. This will be used to set the expiry time of a new cookie when it is |
||||
// generated. Set this to 0 to use a session cookie. |
||||
google.protobuf.Duration ttl = 2; |
||||
|
||||
// Path of cookie. This will be used to set the path of a new cookie when it is generated. |
||||
// If no path is specified here, no path will be set for the cookie. |
||||
string path = 3; |
||||
} |
||||
@ -1,192 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.endpoint.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/address.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/base.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/health_check.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/percent.proto"; |
||||
|
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: Endpoints] |
||||
|
||||
// Upstream host identifier. |
||||
message Endpoint { |
||||
message AdditionalAddress { |
||||
// Additional address that is associated with the endpoint. |
||||
core.v3.Address address = 1; |
||||
} |
||||
|
||||
// The upstream host address. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// The form of host address depends on the given cluster type. For STATIC or EDS, |
||||
// it is expected to be a direct IP address (or something resolvable by the |
||||
// specified :ref:`resolver <envoy_api_field_config.core.v3.SocketAddress.resolver_name>` |
||||
// in the Address). For LOGICAL or STRICT DNS, it is expected to be hostname, |
||||
// and will be resolved via DNS. |
||||
core.v3.Address address = 1; |
||||
|
||||
// The hostname associated with this endpoint. This hostname is not used for routing or address |
||||
// resolution. If provided, it will be associated with the endpoint, and can be used for features |
||||
// that require a hostname, like |
||||
// :ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`. |
||||
string hostname = 3; |
||||
|
||||
// An ordered list of addresses that together with `address` comprise the |
||||
// list of addresses for an endpoint. The address given in the `address` is |
||||
// prepended to this list. It is assumed that the list must already be |
||||
// sorted by preference order of the addresses. This will only be supported |
||||
// for STATIC and EDS clusters. |
||||
repeated AdditionalAddress additional_addresses = 4; |
||||
} |
||||
|
||||
// An Endpoint that Envoy can route traffic to. |
||||
// [#next-free-field: 6] |
||||
message LbEndpoint { |
||||
// Upstream host identifier or a named reference. |
||||
oneof host_identifier { |
||||
Endpoint endpoint = 1; |
||||
} |
||||
|
||||
// Optional health status when known and supplied by EDS server. |
||||
core.v3.HealthStatus health_status = 2; |
||||
|
||||
// The endpoint metadata specifies values that may be used by the load |
||||
// balancer to select endpoints in a cluster for a given request. The filter |
||||
// name should be specified as ``envoy.lb``. An example boolean key-value pair |
||||
// is ``canary``, providing the optional canary status of the upstream host. |
||||
// This may be matched against in a route's |
||||
// :ref:`RouteAction <envoy_v3_api_msg_config.route.v3.RouteAction>` metadata_match field |
||||
// to subset the endpoints considered in cluster load balancing. |
||||
core.v3.Metadata metadata = 3; |
||||
|
||||
// The optional load balancing weight of the upstream host; at least 1. |
||||
// Envoy uses the load balancing weight in some of the built in load |
||||
// balancers. The load balancing weight for an endpoint is divided by the sum |
||||
// of the weights of all endpoints in the endpoint's locality to produce a |
||||
// percentage of traffic for the endpoint. This percentage is then further |
||||
// weighted by the endpoint's locality's load balancing weight from |
||||
// LocalityLbEndpoints. If unspecified, each host is presumed to have equal |
||||
// weight in a locality. The sum of the weights of all endpoints in the |
||||
// endpoint's locality must not exceed uint32_t maximal value (4294967295). |
||||
google.protobuf.UInt32Value load_balancing_weight = 4; |
||||
} |
||||
|
||||
// A group of endpoints belonging to a Locality. |
||||
// One can have multiple LocalityLbEndpoints for a locality, but this is |
||||
// generally only done if the different groups need to have different load |
||||
// balancing weights or different priorities. |
||||
// [#next-free-field: 7] |
||||
message LocalityLbEndpoints { |
||||
// Identifies location of where the upstream hosts run. |
||||
core.v3.Locality locality = 1; |
||||
|
||||
// Metadata to provide additional information about the locality endpoints in aggregate. |
||||
core.v3.Metadata metadata = 9; |
||||
|
||||
// The group of endpoints belonging to the locality specified. |
||||
repeated LbEndpoint lb_endpoints = 2; |
||||
|
||||
// Optional: Per priority/region/zone/sub_zone weight; at least 1. The load |
||||
// balancing weight for a locality is divided by the sum of the weights of all |
||||
// localities at the same priority level to produce the effective percentage |
||||
// of traffic for the locality. The sum of the weights of all localities at |
||||
// the same priority level must not exceed uint32_t maximal value (4294967295). |
||||
// |
||||
// Locality weights are only considered when :ref:`locality weighted load |
||||
// balancing <arch_overview_load_balancing_locality_weighted_lb>` is |
||||
// configured. These weights are ignored otherwise. If no weights are |
||||
// specified when locality weighted load balancing is enabled, the locality is |
||||
// assigned no load. |
||||
google.protobuf.UInt32Value load_balancing_weight = 3; |
||||
|
||||
// Optional: the priority for this LocalityLbEndpoints. If unspecified this will |
||||
// default to the highest priority (0). |
||||
// |
||||
// Under usual circumstances, Envoy will only select endpoints for the highest |
||||
// priority (0). In the event all endpoints for a particular priority are |
||||
// unavailable/unhealthy, Envoy will fail over to selecting endpoints for the |
||||
// next highest priority group. |
||||
// |
||||
// Priorities should range from 0 (highest) to N (lowest) without skipping. |
||||
uint32 priority = 5; |
||||
} |
||||
|
||||
// [#protodoc-title: Endpoint configuration] |
||||
// Endpoint discovery :ref:`architecture overview <arch_overview_service_discovery_types_eds>` |
||||
|
||||
// Each route from RDS will map to a single cluster or traffic split across |
||||
// clusters using weights expressed in the RDS WeightedCluster. |
||||
// |
||||
// With EDS, each cluster is treated independently from a LB perspective, with |
||||
// LB taking place between the Localities within a cluster and at a finer |
||||
// granularity between the hosts within a locality. The percentage of traffic |
||||
// for each endpoint is determined by both its load_balancing_weight, and the |
||||
// load_balancing_weight of its locality. First, a locality will be selected, |
||||
// then an endpoint within that locality will be chose based on its weight. |
||||
// [#next-free-field: 6] |
||||
message ClusterLoadAssignment { |
||||
// Load balancing policy settings. |
||||
// [#next-free-field: 6] |
||||
message Policy { |
||||
message DropOverload { |
||||
// Identifier for the policy specifying the drop. |
||||
string category = 1; |
||||
|
||||
// Percentage of traffic that should be dropped for the category. |
||||
type.v3.FractionalPercent drop_percentage = 2; |
||||
} |
||||
|
||||
// Action to trim the overall incoming traffic to protect the upstream |
||||
// hosts. This action allows protection in case the hosts are unable to |
||||
// recover from an outage, or unable to autoscale or unable to handle |
||||
// incoming traffic volume for any reason. |
||||
// |
||||
// At the client each category is applied one after the other to generate |
||||
// the 'actual' drop percentage on all outgoing traffic. For example: |
||||
// |
||||
// .. code-block:: json |
||||
// |
||||
// { "drop_overloads": [ |
||||
// { "category": "throttle", "drop_percentage": 60 } |
||||
// { "category": "lb", "drop_percentage": 50 } |
||||
// ]} |
||||
// |
||||
// The actual drop percentages applied to the traffic at the clients will be |
||||
// "throttle"_drop = 60% |
||||
// "lb"_drop = 20% // 50% of the remaining 'actual' load, which is 40%. |
||||
// actual_outgoing_load = 20% // remaining after applying all categories. |
||||
repeated DropOverload drop_overloads = 2; |
||||
} |
||||
|
||||
// Name of the cluster. This will be the :ref:`service_name |
||||
// <envoy_api_field_config.cluster.v3.Cluster.EdsClusterConfig.service_name>` value if specified |
||||
// in the cluster :ref:`EdsClusterConfig |
||||
// <envoy_api_msg_config.cluster.v3.Cluster.EdsClusterConfig>`. |
||||
string cluster_name = 1; |
||||
|
||||
// List of endpoints to load balance to. |
||||
repeated LocalityLbEndpoints endpoints = 2; |
||||
|
||||
// Load balancing policy settings. |
||||
Policy policy = 4; |
||||
} |
||||
@ -1,29 +0,0 @@ |
||||
// Copyright 2021 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// We would ideally just use the proto file from the googleapis submodule, but |
||||
// that breaks the expectations of the CMake build system - gRPC C++ needs to |
||||
// stay buildable/installable even if the submodules are not present (e.g. the |
||||
// tar.gz archive with gRPC doesn't contain the submodules), assuming that the |
||||
// dependencies are already installed. Given that this is needed for a test we |
||||
// could probably say that this test does not build for CMake but that way we |
||||
// would lose the ability to test xds_end2end_test for portability. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package google.api.expr.v1alpha1; |
||||
|
||||
message Expr {} |
||||
|
||||
message CheckedExpr {} |
||||
@ -1,38 +0,0 @@ |
||||
// Copyright 2021 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.core.v3; |
||||
|
||||
import "google/protobuf/any.proto"; |
||||
|
||||
// [#protodoc-title: Extension configuration] |
||||
|
||||
// Message type for extension configuration. |
||||
// [#next-major-version: revisit all existing typed_config that doesn't use this wrapper.]. |
||||
message TypedExtensionConfig { |
||||
// The name of an extension. This is not used to select the extension, instead |
||||
// it serves the role of an opaque identifier. |
||||
string name = 1; |
||||
|
||||
// The typed config for the extension. The type URL will be used to identify |
||||
// the extension. In the case that the type URL is *udpa.type.v1.TypedStruct*, |
||||
// the inner type URL of *TypedStruct* will be utilized. See the |
||||
// :ref:`extension configuration overview |
||||
// <config_overview_extension_configuration>` for further details. |
||||
google.protobuf.Any typed_config = 2; |
||||
} |
||||
@ -1,91 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.http.fault.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/fault_common.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/route.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/percent.proto"; |
||||
|
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: Fault Injection] |
||||
// Fault Injection :ref:`configuration overview <config_http_filters_fault_injection>`. |
||||
// [#extension: envoy.filters.http.fault] |
||||
|
||||
// [#next-free-field: 6] |
||||
message FaultAbort { |
||||
// Fault aborts are controlled via an HTTP header (if applicable). See the |
||||
// :ref:`HTTP fault filter <config_http_filters_fault_injection_http_header>` documentation for |
||||
// more information. |
||||
message HeaderAbort { |
||||
} |
||||
|
||||
reserved 1; |
||||
|
||||
oneof error_type { |
||||
// HTTP status code to use to abort the HTTP request. |
||||
uint32 http_status = 2; |
||||
|
||||
// gRPC status code to use to abort the gRPC request. |
||||
uint32 grpc_status = 5; |
||||
|
||||
// Fault aborts are controlled via an HTTP header (if applicable). |
||||
HeaderAbort header_abort = 4; |
||||
} |
||||
|
||||
// The percentage of requests/operations/connections that will be aborted with the error code |
||||
// provided. |
||||
type.v3.FractionalPercent percentage = 3; |
||||
} |
||||
|
||||
// [#next-free-field: 15] |
||||
message HTTPFault { |
||||
// If specified, the filter will inject delays based on the values in the |
||||
// object. |
||||
common.fault.v3.FaultDelay delay = 1; |
||||
|
||||
// If specified, the filter will abort requests based on the values in |
||||
// the object. At least *abort* or *delay* must be specified. |
||||
FaultAbort abort = 2; |
||||
|
||||
// Specifies a set of headers that the filter should match on. The fault |
||||
// injection filter can be applied selectively to requests that match a set of |
||||
// headers specified in the fault filter config. The chances of actual fault |
||||
// injection further depend on the value of the :ref:`percentage |
||||
// <envoy_api_field_extensions.filters.http.fault.v3.FaultAbort.percentage>` field. |
||||
// The filter will check the request's headers against all the specified |
||||
// headers in the filter config. A match will happen if all the headers in the |
||||
// config are present in the request with the same values (or based on |
||||
// presence if the *value* field is not in the config). |
||||
repeated config.route.v3.HeaderMatcher headers = 4; |
||||
|
||||
// The maximum number of faults that can be active at a single time via the configured fault |
||||
// filter. Note that because this setting can be overridden at the route level, it's possible |
||||
// for the number of active faults to be greater than this value (if injected via a different |
||||
// route). If not specified, defaults to unlimited. This setting can be overridden via |
||||
// `runtime <config_http_filters_fault_injection_runtime>` and any faults that are not injected |
||||
// due to overflow will be indicated via the `faults_overflow |
||||
// <config_http_filters_fault_injection_stats>` stat. |
||||
// |
||||
// .. attention:: |
||||
// Like other :ref:`circuit breakers <arch_overview_circuit_break>` in Envoy, this is a fuzzy |
||||
// limit. It's possible for the number of active faults to rise slightly above the configured |
||||
// amount due to the implementation details. |
||||
google.protobuf.UInt32Value max_active_faults = 6; |
||||
} |
||||
@ -1,49 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.common.fault.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/percent.proto"; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
|
||||
// Delay specification is used to inject latency into the |
||||
// HTTP/gRPC/Mongo/Redis operation or delay proxying of TCP connections. |
||||
message FaultDelay { |
||||
// Fault delays are controlled via an HTTP header (if applicable). See the |
||||
// :ref:`HTTP fault filter <config_http_filters_fault_injection_http_header>` |
||||
// documentation for more information. |
||||
message HeaderDelay {} |
||||
|
||||
oneof fault_delay_secifier { |
||||
// Add a fixed delay before forwarding the operation upstream. See |
||||
// https://developers.google.com/protocol-buffers/docs/proto3#json for |
||||
// the JSON/YAML Duration mapping. For HTTP/Mongo/Redis, the specified |
||||
// delay will be injected before a new request/operation. For TCP |
||||
// connections, the proxying of the connection upstream will be delayed |
||||
// for the specified period. This is required if type is FIXED. |
||||
google.protobuf.Duration fixed_delay = 3; |
||||
|
||||
// Fault delays are controlled via an HTTP header (if applicable). |
||||
HeaderDelay header_delay = 5; |
||||
} |
||||
|
||||
// The percentage of operations/connections/requests on which the delay will |
||||
// be injected. |
||||
type.v3.FractionalPercent percentage = 4; |
||||
} |
||||
@ -1,45 +0,0 @@ |
||||
// Copyright 2024 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.http.gcp_authn.v3; |
||||
|
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: GCP authentication] |
||||
// GCP authentication :ref:`configuration overview <config_http_filters_gcp_authn>`. |
||||
// [#extension: envoy.filters.http.gcp_authn] |
||||
|
||||
// Filter configuration. |
||||
// [#next-free-field: 7] |
||||
message GcpAuthnFilterConfig { |
||||
// Token cache configuration. This field is optional. |
||||
TokenCacheConfig cache_config = 3; |
||||
} |
||||
|
||||
// Audience is the URL of the receiving service that performs token authentication. |
||||
// It will be provided to the filter through cluster's typed_filter_metadata. |
||||
message Audience { |
||||
string url = 1; |
||||
} |
||||
|
||||
// Token Cache configuration. |
||||
message TokenCacheConfig { |
||||
// The number of cache entries. The maximum number of entries is INT64_MAX as it is constrained by underlying cache implementation. |
||||
// Default value 0 (i.e., proto3 defaults) disables the cache by default. Other default values will enable the cache. |
||||
google.protobuf.UInt64Value cache_size = 1; |
||||
} |
||||
@ -1,55 +0,0 @@ |
||||
// Copyright 2022 gRPC authors. |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.core.v3; |
||||
|
||||
// [#protodoc-title: Health check] |
||||
// * Health checking :ref:`architecture overview <arch_overview_health_checking>`. |
||||
// * If health checking is configured for a cluster, additional statistics are emitted. They are |
||||
// documented :ref:`here <config_cluster_manager_cluster_stats>`. |
||||
|
||||
// Endpoint health status. |
||||
enum HealthStatus { |
||||
// The health status is not known. This is interpreted by Envoy as ``HEALTHY``. |
||||
UNKNOWN = 0; |
||||
|
||||
// Healthy. |
||||
HEALTHY = 1; |
||||
|
||||
// Unhealthy. |
||||
UNHEALTHY = 2; |
||||
|
||||
// Connection draining in progress. E.g., |
||||
// `<https://aws.amazon.com/blogs/aws/elb-connection-draining-remove-instances-from-service-with-care/>`_ |
||||
// or |
||||
// `<https://cloud.google.com/compute/docs/load-balancing/enabling-connection-draining>`_. |
||||
// This is interpreted by Envoy as ``UNHEALTHY``. |
||||
DRAINING = 3; |
||||
|
||||
// Health check timed out. This is part of HDS and is interpreted by Envoy as |
||||
// ``UNHEALTHY``. |
||||
TIMEOUT = 4; |
||||
|
||||
// Degraded. |
||||
DEGRADED = 5; |
||||
} |
||||
|
||||
message HealthStatusSet { |
||||
// An order-independent set of health status. |
||||
repeated HealthStatus statuses = 1; |
||||
} |
||||
@ -1,109 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.network.http_connection_manager.v3; |
||||
|
||||
import "google/protobuf/any.proto"; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/config_source.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/extension.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/protocol.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/route.proto"; |
||||
|
||||
// [#protodoc-title: HTTP connection manager] |
||||
// HTTP connection manager :ref:`configuration overview <config_http_conn_man>`. |
||||
// [#extension: envoy.filters.network.http_connection_manager] |
||||
|
||||
message HttpConnectionManager { |
||||
oneof route_specifier { |
||||
// The connection manager’s route table will be dynamically loaded via the RDS API. |
||||
Rds rds = 3; |
||||
|
||||
// The route table for the connection manager is static and is specified in this property. |
||||
config.route.v3.RouteConfiguration route_config = 4; |
||||
|
||||
// A route table will be dynamically assigned to each request based on request attributes |
||||
// (e.g., the value of a header). The "routing scopes" (i.e., route tables) and "scope keys" are |
||||
// specified in this message. |
||||
ScopedRoutes scoped_routes = 31; |
||||
} |
||||
|
||||
// A list of individual HTTP filters that make up the filter chain for |
||||
// requests made to the connection manager. :ref:`Order matters <arch_overview_http_filters_ordering>` |
||||
// as the filters are processed sequentially as request events happen. |
||||
repeated HttpFilter http_filters = 5; |
||||
|
||||
// Additional settings for HTTP requests handled by the connection manager. These will be |
||||
// applicable to both HTTP1 and HTTP2 requests. |
||||
config.core.v3.HttpProtocolOptions common_http_protocol_options = 35; |
||||
|
||||
// The number of additional ingress proxy hops from the right side of the |
||||
// :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when |
||||
// determining the origin client's IP address. The default is zero if this option |
||||
// is not specified. See the documentation for |
||||
// :ref:`config_http_conn_man_headers_x-forwarded-for` for more information. |
||||
uint32 xff_num_trusted_hops = 19; |
||||
|
||||
// The configuration for the original IP detection extensions. |
||||
// |
||||
// When configured the extensions will be called along with the request headers |
||||
// and information about the downstream connection, such as the directly connected address. |
||||
// Each extension will then use these parameters to decide the request's effective remote address. |
||||
// If an extension fails to detect the original IP address and isn't configured to reject |
||||
// the request, the HCM will try the remaining extensions until one succeeds or rejects |
||||
// the request. If the request isn't rejected nor any extension succeeds, the HCM will |
||||
// fallback to using the remote address. |
||||
// |
||||
// .. WARNING:: |
||||
// Extensions cannot be used in conjunction with :ref:`use_remote_address |
||||
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>` |
||||
// nor :ref:`xff_num_trusted_hops |
||||
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.xff_num_trusted_hops>`. |
||||
// |
||||
// [#extension-category: envoy.http.original_ip_detection] |
||||
repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46; |
||||
} |
||||
|
||||
message Rds { |
||||
// Configuration source specifier for RDS. |
||||
config.core.v3.ConfigSource config_source = 1; |
||||
|
||||
// The name of the route configuration. This name will be passed to the RDS |
||||
// API. This allows an Envoy configuration with multiple HTTP listeners (and |
||||
// associated HTTP connection manager filters) to use different route |
||||
// configurations. |
||||
string route_config_name = 2; |
||||
} |
||||
|
||||
message ScopedRoutes { |
||||
} |
||||
|
||||
message HttpFilter { |
||||
// The name of the filter configuration. The name is used as a fallback to |
||||
// select an extension if the type of the configuration proto is not |
||||
// sufficient. It also serves as a resource name in ExtensionConfigDS. |
||||
string name = 1; |
||||
|
||||
oneof config_type { |
||||
// Filter specific configuration which depends on the filter being instantiated. See the supported |
||||
// filters for further documentation. |
||||
google.protobuf.Any typed_config = 4; |
||||
} |
||||
|
||||
bool is_optional = 6; |
||||
} |
||||
@ -1,41 +0,0 @@ |
||||
// |
||||
// Copyright 2021 gRPC authors. |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
// |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.http.rbac.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/rbac.proto"; |
||||
|
||||
// [#protodoc-title: RBAC] |
||||
// Role-Based Access Control :ref:`configuration overview <config_http_filters_rbac>`. |
||||
// [#extension: envoy.filters.http.rbac] |
||||
|
||||
// RBAC filter config. |
||||
message RBAC { |
||||
// Specify the RBAC rules to be applied globally. |
||||
// If absent, no enforcing RBAC policy will be applied. |
||||
// If present and empty, DENY. |
||||
config.rbac.v3.RBAC rules = 1; |
||||
} |
||||
|
||||
message RBACPerRoute { |
||||
// Override the global configuration of the filter with this new config. |
||||
// If absent, the global RBAC policy will be disabled for this route. |
||||
RBAC rbac = 2; |
||||
} |
||||
@ -1,26 +0,0 @@ |
||||
// Copyright 2023 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.upstreams.http.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/protocol.proto"; |
||||
|
||||
message HttpProtocolOptions { |
||||
// This contains options common across HTTP/1 and HTTP/2 |
||||
config.core.v3.HttpProtocolOptions common_http_protocol_options = 1; |
||||
} |
||||
@ -1,213 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.listener.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/address.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/base.proto"; |
||||
|
||||
import "google/protobuf/any.proto"; |
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: Listener configuration] |
||||
// Listener :ref:`configuration overview <config_listeners>` |
||||
|
||||
// Describes a type of API listener, which is used in non-proxy clients. The type of API |
||||
// exposed to the non-proxy application depends on the type of API listener. |
||||
message ApiListener { |
||||
// The type in this field determines the type of API listener. At present, the following |
||||
// types are supported: |
||||
// envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager (HTTP) |
||||
// [#next-major-version: In the v3 API, replace this Any field with a oneof containing the |
||||
// specific config message for each type of API listener. We could not do this in v2 because |
||||
// it would have caused circular dependencies for go protos: lds.proto depends on this file, |
||||
// and http_connection_manager.proto depends on rds.proto, which is in the same directory as |
||||
// lds.proto, so lds.proto cannot depend on this file.] |
||||
google.protobuf.Any api_listener = 1; |
||||
} |
||||
|
||||
message Filter { |
||||
reserved 3; |
||||
|
||||
// The name of the filter to instantiate. The name must match a |
||||
// :ref:`supported filter <config_network_filters>`. |
||||
string name = 1; |
||||
|
||||
// [#extension-category: envoy.filters.network] |
||||
oneof config_type { |
||||
// Filter specific configuration which depends on the filter being |
||||
// instantiated. See the supported filters for further documentation. |
||||
google.protobuf.Any typed_config = 4; |
||||
} |
||||
} |
||||
|
||||
message FilterChainMatch { |
||||
enum ConnectionSourceType { |
||||
// Any connection source matches. |
||||
ANY = 0; |
||||
|
||||
// Match a connection originating from the same host. |
||||
SAME_IP_OR_LOOPBACK = 1; |
||||
|
||||
// Match a connection originating from a different host. |
||||
EXTERNAL = 2; |
||||
} |
||||
|
||||
reserved 1; |
||||
|
||||
// Optional destination port to consider when use_original_dst is set on the |
||||
// listener in determining a filter chain match. |
||||
google.protobuf.UInt32Value destination_port = 8; |
||||
|
||||
// If non-empty, an IP address and prefix length to match addresses when the |
||||
// listener is bound to 0.0.0.0/:: or when use_original_dst is specified. |
||||
repeated core.v3.CidrRange prefix_ranges = 3; |
||||
|
||||
// Specifies the connection source IP match type. Can be any, local or external network. |
||||
ConnectionSourceType source_type = 12; |
||||
|
||||
// The criteria is satisfied if the source IP address of the downstream |
||||
// connection is contained in at least one of the specified subnets. If the |
||||
// parameter is not specified or the list is empty, the source IP address is |
||||
// ignored. |
||||
repeated core.v3.CidrRange source_prefix_ranges = 6; |
||||
|
||||
// The criteria is satisfied if the source port of the downstream connection |
||||
// is contained in at least one of the specified ports. If the parameter is |
||||
// not specified, the source port is ignored. |
||||
repeated uint32 source_ports = 7; |
||||
|
||||
// If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining |
||||
// a filter chain match. Those values will be compared against the server names of a new |
||||
// connection, when detected by one of the listener filters. |
||||
// |
||||
// The server name will be matched against all wildcard domains, i.e. ``www.example.com`` |
||||
// will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``. |
||||
// |
||||
// Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more |
||||
// information. |
||||
repeated string server_names = 11; |
||||
|
||||
// If non-empty, a transport protocol to consider when determining a filter chain match. |
||||
// This value will be compared against the transport protocol of a new connection, when |
||||
// it's detected by one of the listener filters. |
||||
// |
||||
// Suggested values include: |
||||
// |
||||
// * ``raw_buffer`` - default, used when no transport protocol is detected, |
||||
// * ``tls`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>` |
||||
// when TLS protocol is detected. |
||||
string transport_protocol = 9; |
||||
|
||||
// If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when |
||||
// determining a filter chain match. Those values will be compared against the application |
||||
// protocols of a new connection, when detected by one of the listener filters. |
||||
// |
||||
// Suggested values include: |
||||
// |
||||
// * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector |
||||
// <config_listener_filters_tls_inspector>`, |
||||
// * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>` |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// Currently, only :ref:`TLS Inspector <config_listener_filters_tls_inspector>` provides |
||||
// application protocol detection based on the requested |
||||
// `ALPN <https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_ values. |
||||
// |
||||
// However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet, |
||||
// and matching on values other than ``h2`` is going to lead to a lot of false negatives, |
||||
// unless all connecting clients are known to use ALPN. |
||||
repeated string application_protocols = 10; |
||||
} |
||||
|
||||
// A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and |
||||
// various other parameters. |
||||
// [#next-free-field: 10] |
||||
message FilterChain { |
||||
// The criteria to use when matching a connection to this filter chain. |
||||
FilterChainMatch filter_chain_match = 1; |
||||
|
||||
// A list of individual network filters that make up the filter chain for |
||||
// connections established with the listener. Order matters as the filters are |
||||
// processed sequentially as connection events happen. Note: If the filter |
||||
// list is empty, the connection will close by default. |
||||
repeated Filter filters = 3; |
||||
|
||||
// Optional custom transport socket implementation to use for downstream connections. |
||||
// To setup TLS, set a transport socket with name `tls` and |
||||
// :ref:`DownstreamTlsContext <envoy_api_msg_extensions.transport_sockets.tls.v3.DownstreamTlsContext>` in the `typed_config`. |
||||
// If no transport socket configuration is specified, new connections |
||||
// will be set up with plaintext. |
||||
core.v3.TransportSocket transport_socket = 6; |
||||
} |
||||
|
||||
// [#next-free-field: 23] |
||||
message Listener { |
||||
// The unique name by which this listener is known. If no name is provided, |
||||
// Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically |
||||
// updated or removed via :ref:`LDS <config_listeners_lds>` a unique name must be provided. |
||||
string name = 1; |
||||
|
||||
// The address that the listener should listen on. In general, the address must be unique, though |
||||
// that is governed by the bind rules of the OS. E.g., multiple listeners can listen on port 0 on |
||||
// Linux as the actual port will be allocated by the OS. |
||||
core.v3.Address address = 2; |
||||
|
||||
// A list of filter chains to consider for this listener. The |
||||
// :ref:`FilterChain <envoy_api_msg_config.listener.v3.FilterChain>` with the most specific |
||||
// :ref:`FilterChainMatch <envoy_api_msg_config.listener.v3.FilterChainMatch>` criteria is used on a |
||||
// connection. |
||||
// |
||||
// Example using SNI for filter chain selection can be found in the |
||||
// :ref:`FAQ entry <faq_how_to_setup_sni>`. |
||||
repeated FilterChain filter_chains = 3; |
||||
|
||||
// If a connection is redirected using *iptables*, the port on which the proxy |
||||
// receives it might be different from the original destination address. When this flag is set to |
||||
// true, the listener hands off redirected connections to the listener associated with the |
||||
// original destination address. If there is no listener associated with the original destination |
||||
// address, the connection is handled by the listener that receives it. Defaults to false. |
||||
google.protobuf.BoolValue use_original_dst = 4; |
||||
|
||||
// The default filter chain if none of the filter chain matches. If no default filter chain is supplied, |
||||
// the connection will be closed. The filter chain match is ignored in this field. |
||||
FilterChain default_filter_chain = 25; |
||||
|
||||
// Used to represent an API listener, which is used in non-proxy clients. The type of API |
||||
// exposed to the non-proxy application depends on the type of API listener. |
||||
// When this field is set, no other field except for :ref:`name<envoy_api_field_config.listener.v3.Listener.name>` |
||||
// should be set. |
||||
// |
||||
// .. note:: |
||||
// |
||||
// Currently only one ApiListener can be installed; and it can only be done via bootstrap config, |
||||
// not LDS. |
||||
// |
||||
// [#next-major-version: In the v3 API, instead of this messy approach where the socket |
||||
// listener fields are directly in the top-level Listener message and the API listener types |
||||
// are in the ApiListener message, the socket listener messages should be in their own message, |
||||
// and the top-level Listener should essentially be a oneof that selects between the |
||||
// socket listener and the various types of API listener. That way, a given Listener message |
||||
// can structurally only contain the fields of the relevant type.] |
||||
ApiListener api_listener = 19; |
||||
} |
||||
@ -1,185 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.endpoint.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/address.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/base.proto"; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
import "google/protobuf/struct.proto"; |
||||
|
||||
// These are stats Envoy reports to GLB every so often. Report frequency is |
||||
// defined by |
||||
// :ref:`LoadStatsResponse.load_reporting_interval<envoy_api_field_service.load_stats.v3.LoadStatsResponse.load_reporting_interval>`. |
||||
// Stats per upstream region/zone and optionally per subzone. |
||||
// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. |
||||
// [#next-free-field: 9] |
||||
message UpstreamLocalityStats { |
||||
// Name of zone, region and optionally endpoint group these metrics were |
||||
// collected from. Zone and region names could be empty if unknown. |
||||
core.v3.Locality locality = 1; |
||||
|
||||
// The total number of requests successfully completed by the endpoints in the |
||||
// locality. |
||||
uint64 total_successful_requests = 2; |
||||
|
||||
// The total number of unfinished requests |
||||
uint64 total_requests_in_progress = 3; |
||||
|
||||
// The total number of requests that failed due to errors at the endpoint, |
||||
// aggregated over all endpoints in the locality. |
||||
uint64 total_error_requests = 4; |
||||
|
||||
// The total number of requests that were issued by this Envoy since |
||||
// the last report. This information is aggregated over all the |
||||
// upstream endpoints in the locality. |
||||
uint64 total_issued_requests = 8; |
||||
|
||||
// CPU utilization stats for multi-dimensional load balancing. |
||||
// This typically comes from endpoint metrics reported via ORCA. |
||||
UnnamedEndpointLoadMetricStats cpu_utilization = 12; |
||||
|
||||
// Memory utilization for multi-dimensional load balancing. |
||||
// This typically comes from endpoint metrics reported via ORCA. |
||||
UnnamedEndpointLoadMetricStats mem_utilization = 13; |
||||
|
||||
// Blended application-defined utilization for multi-dimensional load balancing. |
||||
// This typically comes from endpoint metrics reported via ORCA. |
||||
UnnamedEndpointLoadMetricStats application_utilization = 14; |
||||
|
||||
// Named stats for multi-dimensional load balancing. |
||||
// These typically come from endpoint metrics reported via ORCA. |
||||
repeated EndpointLoadMetricStats load_metric_stats = 5; |
||||
|
||||
// Endpoint granularity stats information for this locality. This information |
||||
// is populated if the Server requests it by setting |
||||
// :ref:`LoadStatsResponse.report_endpoint_granularity<envoy_api_field_service.load_stats.v3.LoadStatsResponse.report_endpoint_granularity>`. |
||||
repeated UpstreamEndpointStats upstream_endpoint_stats = 7; |
||||
|
||||
// [#not-implemented-hide:] The priority of the endpoint group these metrics |
||||
// were collected from. |
||||
uint32 priority = 6; |
||||
} |
||||
|
||||
// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. |
||||
// [#next-free-field: 8] |
||||
message UpstreamEndpointStats { |
||||
// Upstream host address. |
||||
core.v3.Address address = 1; |
||||
|
||||
// Opaque and implementation dependent metadata of the |
||||
// endpoint. Envoy will pass this directly to the management server. |
||||
google.protobuf.Struct metadata = 6; |
||||
|
||||
// The total number of requests successfully completed by the endpoints in the |
||||
// locality. These include non-5xx responses for HTTP, where errors |
||||
// originate at the client and the endpoint responded successfully. For gRPC, |
||||
// the grpc-status values are those not covered by total_error_requests below. |
||||
uint64 total_successful_requests = 2; |
||||
|
||||
// The total number of unfinished requests for this endpoint. |
||||
uint64 total_requests_in_progress = 3; |
||||
|
||||
// The total number of requests that failed due to errors at the endpoint. |
||||
// For HTTP these are responses with 5xx status codes and for gRPC the |
||||
// grpc-status values: |
||||
// |
||||
// - DeadlineExceeded |
||||
// - Unimplemented |
||||
// - Internal |
||||
// - Unavailable |
||||
// - Unknown |
||||
// - DataLoss |
||||
uint64 total_error_requests = 4; |
||||
|
||||
// The total number of requests that were issued to this endpoint |
||||
// since the last report. A single TCP connection, HTTP or gRPC |
||||
// request or stream is counted as one request. |
||||
uint64 total_issued_requests = 7; |
||||
|
||||
// Stats for multi-dimensional load balancing. |
||||
repeated EndpointLoadMetricStats load_metric_stats = 5; |
||||
} |
||||
|
||||
// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. |
||||
message EndpointLoadMetricStats { |
||||
// Name of the metric; may be empty. |
||||
string metric_name = 1; |
||||
|
||||
// Number of calls that finished and included this metric. |
||||
uint64 num_requests_finished_with_metric = 2; |
||||
|
||||
// Sum of metric values across all calls that finished with this metric for |
||||
// load_reporting_interval. |
||||
double total_metric_value = 3; |
||||
} |
||||
|
||||
// Same as EndpointLoadMetricStats, except without the metric_name field. |
||||
message UnnamedEndpointLoadMetricStats { |
||||
// Number of calls that finished and included this metric. |
||||
uint64 num_requests_finished_with_metric = 1; |
||||
|
||||
// Sum of metric values across all calls that finished with this metric for |
||||
// load_reporting_interval. |
||||
double total_metric_value = 2; |
||||
} |
||||
|
||||
// Per cluster load stats. Envoy reports these stats a management server in a |
||||
// :ref:`LoadStatsRequest<envoy_api_msg_service.load_stats.v3.LoadStatsRequest>` |
||||
// [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. |
||||
// Next ID: 7 |
||||
// [#next-free-field: 7] |
||||
message ClusterStats { |
||||
message DroppedRequests { |
||||
// Identifier for the policy specifying the drop. |
||||
string category = 1; |
||||
|
||||
// Total number of deliberately dropped requests for the category. |
||||
uint64 dropped_count = 2; |
||||
} |
||||
|
||||
// The name of the cluster. |
||||
string cluster_name = 1; |
||||
|
||||
// The eds_cluster_config service_name of the cluster. |
||||
// It's possible that two clusters send the same service_name to EDS, |
||||
// in that case, the management server is supposed to do aggregation on the load reports. |
||||
string cluster_service_name = 6; |
||||
|
||||
// Need at least one. |
||||
repeated UpstreamLocalityStats upstream_locality_stats = 2; |
||||
|
||||
// Cluster-level stats such as total_successful_requests may be computed by |
||||
// summing upstream_locality_stats. In addition, below there are additional |
||||
// cluster-wide stats. |
||||
// |
||||
// The total number of dropped requests. This covers requests |
||||
// deliberately dropped by the drop_overload policy and circuit breaking. |
||||
uint64 total_dropped_requests = 3; |
||||
|
||||
// Information about deliberately dropped requests for each category specified |
||||
// in the DropOverload policy. |
||||
repeated DroppedRequests dropped_requests = 5; |
||||
|
||||
// Period over which the actual load report occurred. This will be guaranteed to include every |
||||
// request reported. Due to system load and delays between the *LoadStatsRequest* sent from Envoy |
||||
// and the *LoadStatsResponse* message sent from the management server, this may be longer than |
||||
// the requested load reporting interval in the *LoadStatsResponse*. |
||||
google.protobuf.Duration load_report_interval = 4; |
||||
} |
||||
@ -1,86 +0,0 @@ |
||||
// Copyright 2021 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.type.matcher.v3; |
||||
|
||||
// [#protodoc-title: Metadata matcher] |
||||
|
||||
// MetadataMatcher provides a general interface to check if a given value is matched in |
||||
// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses `filter` and `path` to retrieve the value |
||||
// from the Metadata and then check if it's matched to the specified value. |
||||
// |
||||
// For example, for the following Metadata: |
||||
// |
||||
// .. code-block:: yaml |
||||
// |
||||
// filter_metadata: |
||||
// envoy.filters.http.rbac: |
||||
// fields: |
||||
// a: |
||||
// struct_value: |
||||
// fields: |
||||
// b: |
||||
// struct_value: |
||||
// fields: |
||||
// c: |
||||
// string_value: pro |
||||
// t: |
||||
// list_value: |
||||
// values: |
||||
// - string_value: m |
||||
// - string_value: n |
||||
// |
||||
// The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro" |
||||
// from the Metadata which is matched to the specified prefix match. |
||||
// |
||||
// .. code-block:: yaml |
||||
// |
||||
// filter: envoy.filters.http.rbac |
||||
// path: |
||||
// - key: a |
||||
// - key: b |
||||
// - key: c |
||||
// value: |
||||
// string_match: |
||||
// prefix: pr |
||||
// |
||||
// The following MetadataMatcher is matched as the code will match one of the string values in the |
||||
// list at the path [a, t]. |
||||
// |
||||
// .. code-block:: yaml |
||||
// |
||||
// filter: envoy.filters.http.rbac |
||||
// path: |
||||
// - key: a |
||||
// - key: t |
||||
// value: |
||||
// list_match: |
||||
// one_of: |
||||
// string_match: |
||||
// exact: m |
||||
// |
||||
// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to |
||||
// enforce access control based on dynamic metadata in a request. See :ref:`Permission |
||||
// <envoy_v3_api_msg_config.rbac.v3.Permission>` and :ref:`Principal |
||||
// <envoy_v3_api_msg_config.rbac.v3.Principal>`. |
||||
|
||||
// [#next-major-version: MetadataMatcher should use StructMatcher] |
||||
message MetadataMatcher { |
||||
// If true, the match result will be inverted. |
||||
bool invert = 4; |
||||
} |
||||
@ -1,64 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package xds.data.orca.v3; |
||||
|
||||
// See section `ORCA load report format` of the design document in |
||||
// :ref:`https://github.com/envoyproxy/envoy/issues/6614`. |
||||
|
||||
message OrcaLoadReport { |
||||
// CPU utilization expressed as a fraction of available CPU resources. This |
||||
// should be derived from the latest sample or measurement. The value may be |
||||
// larger than 1.0 when the usage exceeds the reporter dependent notion of |
||||
// soft limits. |
||||
double cpu_utilization = 1; |
||||
|
||||
// Memory utilization expressed as a fraction of available memory |
||||
// resources. This should be derived from the latest sample or measurement. |
||||
double mem_utilization = 2; |
||||
|
||||
// Total RPS being served by an endpoint. This should cover all services that an endpoint is |
||||
// responsible for. |
||||
uint64 rps = 3 [deprecated = true]; |
||||
|
||||
// Application specific requests costs. Each value is an absolute cost (e.g. 3487 bytes of |
||||
// storage) associated with the request. |
||||
map<string, double> request_cost = 4; |
||||
|
||||
// Resource utilization values. Each value is expressed as a fraction of total resources |
||||
// available, derived from the latest sample or measurement. |
||||
map<string, double> utilization = 5; |
||||
|
||||
double rps_fractional = 6; |
||||
|
||||
// Total EPS (errors/second) being served by an endpoint. This should cover |
||||
// all services that an endpoint is responsible for. |
||||
double eps = 7; |
||||
|
||||
// Application specific opaque metrics. |
||||
map<string, double> named_metrics = 8; |
||||
|
||||
// Application specific utilization expressed as a fraction of available |
||||
// resources. For example, an application may report the max of CPU and memory |
||||
// utilization for better load balancing if it is both CPU and memory bound. |
||||
// This should be derived from the latest sample or measurement. |
||||
// The value may be larger than 1.0 when the usage exceeds the reporter |
||||
// dependent notion of soft limits. |
||||
double application_utilization = 9; |
||||
} |
||||
|
||||
@ -1,96 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.cluster.v3; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
message OutlierDetection { |
||||
// The time interval between ejection analysis sweeps. This can result in |
||||
// both new ejections as well as hosts being returned to service. Defaults |
||||
// to 10000ms or 10s. |
||||
google.protobuf.Duration interval = 2; |
||||
|
||||
// The base time that a host is ejected for. The real time is equal to the |
||||
// base time multiplied by the number of times the host has been ejected and is |
||||
// capped by :ref:`max_ejection_time<envoy_v3_api_field_config.cluster.v3.OutlierDetection.max_ejection_time>`. |
||||
// Defaults to 30000ms or 30s. |
||||
google.protobuf.Duration base_ejection_time = 3; |
||||
|
||||
// The maximum % of an upstream cluster that can be ejected due to outlier |
||||
// detection. Defaults to 10% but will eject at least one host regardless of the value. |
||||
google.protobuf.UInt32Value max_ejection_percent = 4; |
||||
|
||||
// The % chance that a host will be actually ejected when an outlier status |
||||
// is detected through success rate statistics. This setting can be used to |
||||
// disable ejection or to ramp it up slowly. Defaults to 100. |
||||
google.protobuf.UInt32Value enforcing_success_rate = 6; |
||||
|
||||
// The number of hosts in a cluster that must have enough request volume to |
||||
// detect success rate outliers. If the number of hosts is less than this |
||||
// setting, outlier detection via success rate statistics is not performed |
||||
// for any host in the cluster. Defaults to 5. |
||||
google.protobuf.UInt32Value success_rate_minimum_hosts = 7; |
||||
|
||||
// The minimum number of total requests that must be collected in one |
||||
// interval (as defined by the interval duration above) to include this host |
||||
// in success rate based outlier detection. If the volume is lower than this |
||||
// setting, outlier detection via success rate statistics is not performed |
||||
// for that host. Defaults to 100. |
||||
google.protobuf.UInt32Value success_rate_request_volume = 8; |
||||
|
||||
// This factor is used to determine the ejection threshold for success rate |
||||
// outlier ejection. The ejection threshold is the difference between the |
||||
// mean success rate, and the product of this factor and the standard |
||||
// deviation of the mean success rate: mean - (stdev * |
||||
// success_rate_stdev_factor). This factor is divided by a thousand to get a |
||||
// double. That is, if the desired factor is 1.9, the runtime value should |
||||
// be 1900. Defaults to 1900. |
||||
google.protobuf.UInt32Value success_rate_stdev_factor = 9; |
||||
|
||||
// The failure percentage to use when determining failure percentage-based outlier detection. If |
||||
// the failure percentage of a given host is greater than or equal to this value, it will be |
||||
// ejected. Defaults to 85. |
||||
google.protobuf.UInt32Value failure_percentage_threshold = 16; |
||||
|
||||
// The % chance that a host will be actually ejected when an outlier status is detected through |
||||
// failure percentage statistics. This setting can be used to disable ejection or to ramp it up |
||||
// slowly. Defaults to 0. |
||||
// |
||||
// [#next-major-version: setting this without setting failure_percentage_threshold should be |
||||
// invalid in v4.] |
||||
google.protobuf.UInt32Value enforcing_failure_percentage = 17; |
||||
|
||||
// The minimum number of hosts in a cluster in order to perform failure percentage-based ejection. |
||||
// If the total number of hosts in the cluster is less than this value, failure percentage-based |
||||
// ejection will not be performed. Defaults to 5. |
||||
google.protobuf.UInt32Value failure_percentage_minimum_hosts = 19; |
||||
|
||||
// The minimum number of total requests that must be collected in one interval (as defined by the |
||||
// interval duration above) to perform failure percentage-based ejection for this host. If the |
||||
// volume is lower than this setting, failure percentage-based ejection will not be performed for |
||||
// this host. Defaults to 50. |
||||
google.protobuf.UInt32Value failure_percentage_request_volume = 20; |
||||
|
||||
// The maximum time that a host is ejected for. See :ref:`base_ejection_time<envoy_v3_api_field_config.cluster.v3.OutlierDetection.base_ejection_time>` |
||||
// for more information. If not specified, the default value (300000ms or 300s) or |
||||
// :ref:`base_ejection_time<envoy_v3_api_field_config.cluster.v3.OutlierDetection.base_ejection_time>` value is applied, whatever is larger. |
||||
google.protobuf.Duration max_ejection_time = 21; |
||||
|
||||
} |
||||
@ -1,35 +0,0 @@ |
||||
// |
||||
// Copyright 2021 gRPC authors. |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
// |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.type.matcher.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/string.proto"; |
||||
|
||||
// [#protodoc-title: Path matcher] |
||||
|
||||
// Specifies the way to match a path on HTTP request. |
||||
message PathMatcher { |
||||
oneof rule { |
||||
// The `path` must match the URL path portion of the :path header. The query and fragment |
||||
// string (if present) are removed in the URL path portion. |
||||
// For example, the path */data* will match the *:path* header */data#fragment?param=value*. |
||||
StringMatcher path = 1; |
||||
} |
||||
} |
||||
@ -1,52 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.type.v3; |
||||
|
||||
// A fractional percentage is used in cases in which for performance reasons performing floating |
||||
// point to integer conversions during randomness calculations is undesirable. The message includes |
||||
// both a numerator and denominator that together determine the final fractional value. |
||||
// |
||||
// * **Example**: 1/100 = 1%. |
||||
// * **Example**: 3/10000 = 0.03%. |
||||
message FractionalPercent { |
||||
// Fraction percentages support several fixed denominator values. |
||||
enum DenominatorType { |
||||
// 100. |
||||
// |
||||
// **Example**: 1/100 = 1%. |
||||
HUNDRED = 0; |
||||
|
||||
// 10,000. |
||||
// |
||||
// **Example**: 1/10000 = 0.01%. |
||||
TEN_THOUSAND = 1; |
||||
|
||||
// 1,000,000. |
||||
// |
||||
// **Example**: 1/1000000 = 0.0001%. |
||||
MILLION = 2; |
||||
} |
||||
|
||||
// Specifies the numerator. Defaults to 0. |
||||
uint32 numerator = 1; |
||||
|
||||
// Specifies the denominator. If the denominator specified is less than the numerator, the final |
||||
// fractional percentage is capped at 1 (100%). |
||||
DenominatorType denominator = 2; |
||||
} |
||||
@ -1,29 +0,0 @@ |
||||
// Copyright 2023 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.load_balancing_policies.pick_first.v3; |
||||
|
||||
// [#protodoc-title: Round Robin Load Balancing Policy] |
||||
|
||||
// This configuration allows the built-in PICK_FIRST LB policy to be configured |
||||
// via the LB policy extension point. |
||||
message PickFirst { |
||||
// If set to true, instructs the LB policy to shuffle the list of addresses |
||||
// received from the name resolver before attempting to connect to them. |
||||
bool shuffle_address_list = 1; |
||||
} |
||||
@ -1,30 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.core.v3; |
||||
|
||||
import "google/protobuf/duration.proto"; |
||||
|
||||
// [#next-free-field: 5] |
||||
message HttpProtocolOptions { |
||||
// The connection idle timeout. Defaults to 1h. |
||||
google.protobuf.Duration idle_timeout = 1; |
||||
|
||||
// The maximum duration of a stream. |
||||
google.protobuf.Duration max_stream_duration = 4; |
||||
} |
||||
@ -1,41 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.type.v3; |
||||
|
||||
// [#protodoc-title: Range] |
||||
|
||||
// Specifies the int64 start and end of the range using half-open interval semantics [start, |
||||
// end). |
||||
message Int64Range { |
||||
// start of the range (inclusive) |
||||
int64 start = 1; |
||||
|
||||
// end of the range (exclusive) |
||||
int64 end = 2; |
||||
} |
||||
|
||||
// Specifies the int32 start and end of the range using half-open interval semantics [start, |
||||
// end). |
||||
message Int32Range { |
||||
// start of the range (inclusive) |
||||
int32 start = 1; |
||||
|
||||
// end of the range (exclusive) |
||||
int32 end = 2; |
||||
} |
||||
@ -1,338 +0,0 @@ |
||||
// |
||||
// Copyright 2021 gRPC authors. |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
// |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.rbac.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/address.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/extension.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/route.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/metadata.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/path.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/string.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/range.proto"; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/expr.proto"; |
||||
|
||||
// [#protodoc-title: Role Based Access Control (RBAC)] |
||||
|
||||
// Role Based Access Control (RBAC) provides service-level and method-level access control for a |
||||
// service. Requests are allowed or denied based on the `action` and whether a matching policy is |
||||
// found. For instance, if the action is ALLOW and a matching policy is found the request should be |
||||
// allowed. |
||||
// |
||||
// RBAC can also be used to make access logging decisions by communicating with access loggers |
||||
// through dynamic metadata. When the action is LOG and at least one policy matches, the |
||||
// `access_log_hint` value in the shared key namespace 'envoy.common' is set to `true` indicating |
||||
// the request should be logged. |
||||
// |
||||
// Here is an example of RBAC configuration. It has two policies: |
||||
// |
||||
// * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so |
||||
// does "cluster.local/ns/default/sa/superuser". |
||||
// |
||||
// * Any user can read ("GET") the service at paths with prefix "/products", so long as the |
||||
// destination port is either 80 or 443. |
||||
// |
||||
// .. code-block:: yaml |
||||
// |
||||
// action: ALLOW |
||||
// policies: |
||||
// "service-admin": |
||||
// permissions: |
||||
// - any: true |
||||
// principals: |
||||
// - authenticated: |
||||
// principal_name: |
||||
// exact: "cluster.local/ns/default/sa/admin" |
||||
// - authenticated: |
||||
// principal_name: |
||||
// exact: "cluster.local/ns/default/sa/superuser" |
||||
// "product-viewer": |
||||
// permissions: |
||||
// - and_rules: |
||||
// rules: |
||||
// - header: |
||||
// name: ":method" |
||||
// string_match: |
||||
// exact: "GET" |
||||
// - url_path: |
||||
// path: { prefix: "/products" } |
||||
// - or_rules: |
||||
// rules: |
||||
// - destination_port: 80 |
||||
// - destination_port: 443 |
||||
// principals: |
||||
// - any: true |
||||
// |
||||
message RBAC { |
||||
// Should we do safe-list or block-list style access control? |
||||
enum Action { |
||||
// The policies grant access to principals. The rest are denied. This is safe-list style |
||||
// access control. This is the default type. |
||||
ALLOW = 0; |
||||
|
||||
// The policies deny access to principals. The rest are allowed. This is block-list style |
||||
// access control. |
||||
DENY = 1; |
||||
|
||||
// The policies set the `access_log_hint` dynamic metadata key based on if requests match. |
||||
// All requests are allowed. |
||||
LOG = 2; |
||||
} |
||||
|
||||
message AuditLoggingOptions { |
||||
// Deny and allow here refer to RBAC decisions, not actions. |
||||
enum AuditCondition { |
||||
// Never audit. |
||||
NONE = 0; |
||||
|
||||
// Audit when RBAC denies the request. |
||||
ON_DENY = 1; |
||||
|
||||
// Audit when RBAC allows the request. |
||||
ON_ALLOW = 2; |
||||
|
||||
// Audit whether RBAC allows or denies the request. |
||||
ON_DENY_AND_ALLOW = 3; |
||||
} |
||||
|
||||
// [#not-implemented-hide:] |
||||
message AuditLoggerConfig { |
||||
// Typed logger configuration. |
||||
// |
||||
// [#extension-category: envoy.rbac.audit_loggers] |
||||
core.v3.TypedExtensionConfig audit_logger = 1; |
||||
|
||||
// If true, when the logger is not supported, the data plane will not NACK but simply ignore it. |
||||
bool is_optional = 2; |
||||
} |
||||
|
||||
// Condition for the audit logging to happen. |
||||
// If this condition is met, all the audit loggers configured here will be invoked. |
||||
// |
||||
// [#not-implemented-hide:] |
||||
AuditCondition audit_condition = 1; |
||||
|
||||
// Configurations for RBAC-based authorization audit loggers. |
||||
// |
||||
// [#not-implemented-hide:] |
||||
repeated AuditLoggerConfig logger_configs = 2; |
||||
} |
||||
|
||||
// The action to take if a policy matches. Every action either allows or denies a request, |
||||
// and can also carry out action-specific operations. |
||||
// |
||||
// Actions: |
||||
// |
||||
// * ALLOW: Allows the request if and only if there is a policy that matches |
||||
// the request. |
||||
// * DENY: Allows the request if and only if there are no policies that |
||||
// match the request. |
||||
// * LOG: Allows all requests. If at least one policy matches, the dynamic |
||||
// metadata key `access_log_hint` is set to the value `true` under the shared |
||||
// key namespace 'envoy.common'. If no policies match, it is set to `false`. |
||||
// Other actions do not modify this key. |
||||
// |
||||
Action action = 1; |
||||
|
||||
// Maps from policy name to policy. A match occurs when at least one policy matches the request. |
||||
// The policies are evaluated in lexicographic order of the policy name. |
||||
map<string, Policy> policies = 2; |
||||
|
||||
// Audit logging options that include the condition for audit logging to happen |
||||
// and audit logger configurations. |
||||
// |
||||
// [#not-implemented-hide:] |
||||
AuditLoggingOptions audit_logging_options = 3; |
||||
} |
||||
|
||||
// Policy specifies a role and the principals that are assigned/denied the role. |
||||
// A policy matches if and only if at least one of its permissions match the |
||||
// action taking place AND at least one of its principals match the downstream |
||||
// AND the condition is true if specified. |
||||
message Policy { |
||||
// Required. The set of permissions that define a role. Each permission is |
||||
// matched with OR semantics. To match all actions for this policy, a single |
||||
// Permission with the `any` field set to true should be used. |
||||
repeated Permission permissions = 1; |
||||
|
||||
// Required. The set of principals that are assigned/denied the role based on |
||||
// “action”. Each principal is matched with OR semantics. To match all |
||||
// downstreams for this policy, a single Principal with the `any` field set to |
||||
// true should be used. |
||||
repeated Principal principals = 2; |
||||
|
||||
// An optional symbolic expression specifying an access control |
||||
// :ref:`condition <arch_overview_condition>`. The condition is combined |
||||
// with the permissions and the principals as a clause with AND semantics. |
||||
// Only be used when checked_condition is not used. |
||||
google.api.expr.v1alpha1.Expr condition = 3; |
||||
|
||||
// [#not-implemented-hide:] |
||||
// An optional symbolic expression that has been successfully type checked. |
||||
// Only be used when condition is not used. |
||||
google.api.expr.v1alpha1.CheckedExpr checked_condition = 4; |
||||
} |
||||
|
||||
// Permission defines an action (or actions) that a principal can take. |
||||
// [#next-free-field: 13] |
||||
message Permission { |
||||
// Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context, |
||||
// each are applied with the associated behavior. |
||||
message Set { |
||||
repeated Permission rules = 1; |
||||
} |
||||
|
||||
oneof rule { |
||||
// A set of rules that all must match in order to define the action. |
||||
Set and_rules = 1; |
||||
|
||||
// A set of rules where at least one must match in order to define the action. |
||||
Set or_rules = 2; |
||||
|
||||
// When any is set, it matches any action. |
||||
bool any = 3; |
||||
|
||||
// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only |
||||
// available for HTTP request. |
||||
// Note: the pseudo-header :path includes the query and fragment string. Use the `url_path` |
||||
// field if you want to match the URL path without the query and fragment string. |
||||
route.v3.HeaderMatcher header = 4; |
||||
|
||||
// A URL path on the incoming HTTP request. Only available for HTTP. |
||||
type.matcher.v3.PathMatcher url_path = 10; |
||||
|
||||
// A CIDR block that describes the destination IP. |
||||
core.v3.CidrRange destination_ip = 5; |
||||
|
||||
// A port number that describes the destination port connecting to. |
||||
uint32 destination_port = 6; |
||||
|
||||
// A port number range that describes a range of destination ports connecting to. |
||||
type.v3.Int32Range destination_port_range = 11; |
||||
|
||||
// Metadata that describes additional information about the action. |
||||
type.matcher.v3.MetadataMatcher metadata = 7; |
||||
|
||||
// Negates matching the provided permission. For instance, if the value of |
||||
// `not_rule` would match, this permission would not match. Conversely, if |
||||
// the value of `not_rule` would not match, this permission would match. |
||||
Permission not_rule = 8; |
||||
|
||||
// The request server from the client's connection request. This is |
||||
// typically TLS SNI. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// The behavior of this field may be affected by how Envoy is configured |
||||
// as explained below. |
||||
// |
||||
// * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>` |
||||
// filter is not added, and if a `FilterChainMatch` is not defined for |
||||
// the :ref:`server name |
||||
// <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`, |
||||
// a TLS connection's requested SNI server name will be treated as if it |
||||
// wasn't present. |
||||
// |
||||
// * A :ref:`listener filter <arch_overview_listener_filters>` may |
||||
// overwrite a connection's requested server name within Envoy. |
||||
// |
||||
// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to |
||||
// setup SNI. |
||||
type.matcher.v3.StringMatcher requested_server_name = 9; |
||||
|
||||
// Extension for configuring custom matchers for RBAC. |
||||
// [#extension-category: envoy.rbac.matchers] |
||||
core.v3.TypedExtensionConfig matcher = 12; |
||||
} |
||||
} |
||||
|
||||
// Principal defines an identity or a group of identities for a downstream |
||||
// subject. |
||||
// [#next-free-field: 12] |
||||
message Principal { |
||||
// Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. |
||||
// Depending on the context, each are applied with the associated behavior. |
||||
message Set { |
||||
repeated Principal ids = 1; |
||||
} |
||||
|
||||
// Authentication attributes for a downstream. |
||||
message Authenticated { |
||||
reserved 1; |
||||
|
||||
// The name of the principal. If set, The URI SAN or DNS SAN in that order |
||||
// is used from the certificate, otherwise the subject field is used. If |
||||
// unset, it applies to any user that is authenticated. |
||||
type.matcher.v3.StringMatcher principal_name = 2; |
||||
} |
||||
|
||||
oneof identifier { |
||||
// A set of identifiers that all must match in order to define the |
||||
// downstream. |
||||
Set and_ids = 1; |
||||
|
||||
// A set of identifiers at least one must match in order to define the |
||||
// downstream. |
||||
Set or_ids = 2; |
||||
|
||||
// When any is set, it matches any downstream. |
||||
bool any = 3; |
||||
|
||||
// Authenticated attributes that identify the downstream. |
||||
Authenticated authenticated = 4; |
||||
|
||||
// A CIDR block that describes the downstream IP. |
||||
// This address will honor proxy protocol, but will not honor XFF. |
||||
core.v3.CidrRange source_ip = 5; |
||||
|
||||
// A CIDR block that describes the downstream remote/origin address. |
||||
// Note: This is always the physical peer even if the |
||||
// :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is |
||||
// inferred from for example the x-forwarder-for header, proxy protocol, |
||||
// etc. |
||||
core.v3.CidrRange direct_remote_ip = 10; |
||||
|
||||
// A CIDR block that describes the downstream remote/origin address. |
||||
// Note: This may not be the physical peer and could be different from the |
||||
// :ref:`direct_remote_ip |
||||
// <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the |
||||
// remote ip is inferred from for example the x-forwarder-for header, proxy |
||||
// protocol, etc. |
||||
core.v3.CidrRange remote_ip = 11; |
||||
|
||||
// A header (or pseudo-header such as :path or :method) on the incoming HTTP |
||||
// request. Only available for HTTP request. Note: the pseudo-header :path |
||||
// includes the query and fragment string. Use the `url_path` field if you |
||||
// want to match the URL path without the query and fragment string. |
||||
route.v3.HeaderMatcher header = 6; |
||||
|
||||
// A URL path on the incoming HTTP request. Only available for HTTP. |
||||
type.matcher.v3.PathMatcher url_path = 9; |
||||
|
||||
// Metadata that describes additional information about the principal. |
||||
type.matcher.v3.MetadataMatcher metadata = 7; |
||||
|
||||
// Negates matching the provided principal. For instance, if the value of |
||||
// `not_id` would match, this principal would not match. Conversely, if the |
||||
// value of `not_id` would not match, this principal would match. |
||||
Principal not_id = 8; |
||||
} |
||||
} |
||||
@ -1,43 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.type.matcher.v3; |
||||
|
||||
// [#protodoc-title: Regex matcher] |
||||
|
||||
// A regex matcher designed for safety when used with untrusted input. |
||||
message RegexMatcher { |
||||
// Google's `RE2 <https://github.com/google/re2>`_ regex engine. The regex string must adhere to |
||||
// the documented `syntax <https://github.com/google/re2/wiki/Syntax>`_. The engine is designed |
||||
// to complete execution in linear time as well as limit the amount of memory used. |
||||
message GoogleRE2 { |
||||
} |
||||
|
||||
oneof engine_type { |
||||
// Google's RE2 regex engine. |
||||
GoogleRE2 google_re2 = 1; |
||||
} |
||||
|
||||
// The regex match string. The string must be supported by the configured engine. |
||||
string regex = 2; |
||||
} |
||||
|
||||
message RegexMatchAndSubstitute { |
||||
RegexMatcher pattern = 1; |
||||
string substitution = 2; |
||||
} |
||||
@ -1,59 +0,0 @@ |
||||
// Copyright 2022 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.load_balancing_policies.ring_hash.v3; |
||||
|
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: Ring Hash Load Balancing Policy] |
||||
|
||||
// This configuration allows the built-in RING_HASH LB policy to be configured via the LB policy |
||||
// extension point. See the :ref:`load balancing architecture overview |
||||
// <arch_overview_load_balancing_types>` for more information. |
||||
// [#extension: envoy.clusters.lb_policy] |
||||
// [#next-free-field: 6] |
||||
message RingHash { |
||||
// The hash function used to hash hosts onto the ketama ring. |
||||
enum HashFunction { |
||||
// Currently defaults to XX_HASH. |
||||
DEFAULT_HASH = 0; |
||||
|
||||
// Use `xxHash <https://github.com/Cyan4973/xxHash>`_. |
||||
XX_HASH = 1; |
||||
|
||||
// Use `MurmurHash2 <https://sites.google.com/site/murmurhash/>`_, this is compatible with |
||||
// std:hash<string> in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled |
||||
// on Linux and not macOS. |
||||
MURMUR_HASH_2 = 2; |
||||
} |
||||
|
||||
// The hash function used to hash hosts onto the ketama ring. The value defaults to |
||||
// :ref:`XX_HASH<envoy_v3_api_enum_value_config.cluster.v3.Cluster.RingHashLbConfig.HashFunction.XX_HASH>`. |
||||
HashFunction hash_function = 1; |
||||
|
||||
// Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each |
||||
// provided host) the better the request distribution will reflect the desired weights. Defaults |
||||
// to 1024 entries, and limited to 8M entries. See also |
||||
// :ref:`maximum_ring_size<envoy_v3_api_field_config.cluster.v3.Cluster.RingHashLbConfig.maximum_ring_size>`. |
||||
google.protobuf.UInt64Value minimum_ring_size = 2; |
||||
|
||||
// Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered |
||||
// to further constrain resource use. See also |
||||
// :ref:`minimum_ring_size<envoy_v3_api_field_config.cluster.v3.Cluster.RingHashLbConfig.minimum_ring_size>`. |
||||
google.protobuf.UInt64Value maximum_ring_size = 3; |
||||
} |
||||
@ -1,28 +0,0 @@ |
||||
// Copyright 2022 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.load_balancing_policies.round_robin.v3; |
||||
|
||||
// [#protodoc-title: Round Robin Load Balancing Policy] |
||||
|
||||
// This configuration allows the built-in ROUND_ROBIN LB policy to be configured via the LB policy |
||||
// extension point. See the :ref:`load balancing architecture overview |
||||
// <arch_overview_load_balancing_types>` for more information. |
||||
// [#extension: envoy.clusters.lb_policy] |
||||
message RoundRobin { |
||||
} |
||||
@ -1,522 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.config.route.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/base.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/extension.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/regex.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/string.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/percent.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/range.proto"; |
||||
|
||||
import "google/protobuf/any.proto"; |
||||
import "google/protobuf/duration.proto"; |
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// [#protodoc-title: HTTP route components] |
||||
// * Routing :ref:`architecture overview <arch_overview_http_routing>` |
||||
// * HTTP :ref:`router filter <config_http_filters_router>` |
||||
|
||||
message RetryPolicy { |
||||
string retry_on = 1; |
||||
google.protobuf.UInt32Value num_retries = 2; |
||||
|
||||
message RetryBackOff { |
||||
google.protobuf.Duration base_interval = 1; |
||||
google.protobuf.Duration max_interval = 2; |
||||
} |
||||
|
||||
RetryBackOff retry_back_off = 8; |
||||
} |
||||
|
||||
// The top level element in the routing configuration is a virtual host. Each virtual host has |
||||
// a logical name as well as a set of domains that get routed to it based on the incoming request's |
||||
// host header. This allows a single listener to service multiple top level domain path trees. Once |
||||
// a virtual host is selected based on the domain, the routes are processed in order to see which |
||||
// upstream cluster to route to or whether to perform a redirect. |
||||
// [#next-free-field: 21] |
||||
message VirtualHost { |
||||
// The logical name of the virtual host. This is used when emitting certain |
||||
// statistics but is not relevant for routing. |
||||
string name = 1; |
||||
|
||||
// A list of domains (host/authority header) that will be matched to this |
||||
// virtual host. Wildcard hosts are supported in the suffix or prefix form. |
||||
// |
||||
// Domain search order: |
||||
// 1. Exact domain names: ``www.foo.com``. |
||||
// 2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``. |
||||
// 3. Prefix domain wildcards: ``foo.*`` or ``foo-*``. |
||||
// 4. Special wildcard ``*`` matching any domain. |
||||
// |
||||
// .. note:: |
||||
// |
||||
// The wildcard will not match the empty string. |
||||
// e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``. |
||||
// The longest wildcards match first. |
||||
// Only a single virtual host in the entire route configuration can match on ``*``. A domain |
||||
// must be unique across all virtual hosts or the config will fail to load. |
||||
// |
||||
// Domains cannot contain control characters. This is validated by the well_known_regex HTTP_HEADER_VALUE. |
||||
repeated string domains = 2; |
||||
|
||||
// The list of routes that will be matched, in order, for incoming requests. |
||||
// The first route that matches will be used. |
||||
repeated Route routes = 3; |
||||
|
||||
// The per_filter_config field can be used to provide virtual host-specific |
||||
// configurations for filters. The key should match the filter name, such as |
||||
// *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter |
||||
// specific; see the :ref:`HTTP filter documentation <config_http_filters>` |
||||
// for if and how it is utilized. |
||||
map<string, google.protobuf.Any> typed_per_filter_config = 15; |
||||
|
||||
RetryPolicy retry_policy = 16; |
||||
} |
||||
|
||||
// A route is both a specification of how to match a request as well as an indication of what to do |
||||
// next (e.g., redirect, forward, rewrite, etc.). |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// Envoy supports routing on HTTP method via :ref:`header matching |
||||
// <envoy_api_msg_config.route.v3.HeaderMatcher>`. |
||||
// [#next-free-field: 18] |
||||
message Route { |
||||
// Name for the route. |
||||
string name = 14; |
||||
|
||||
// Route matching parameters. |
||||
RouteMatch match = 1; |
||||
|
||||
message NonForwardingAction { |
||||
} |
||||
|
||||
oneof action { |
||||
// Route request to some upstream cluster. |
||||
RouteAction route = 2; |
||||
|
||||
// Return a redirect. |
||||
RedirectAction redirect = 3; |
||||
|
||||
// An action used when the route will generate a response directly, |
||||
// without forwarding to an upstream host. This will be used in non-proxy |
||||
// xDS clients like the gRPC server. It could also be used in the future |
||||
// in Envoy for a filter that directly generates responses for requests. |
||||
NonForwardingAction non_forwarding_action = 18; |
||||
} |
||||
|
||||
// The typed_per_filter_config field can be used to provide route-specific |
||||
// configurations for filters. The key should match the filter name, such as |
||||
// *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter |
||||
// specific; see the :ref:`HTTP filter documentation <config_http_filters>` for |
||||
// if and how it is utilized. |
||||
map<string, google.protobuf.Any> typed_per_filter_config = 13; |
||||
} |
||||
|
||||
// Compared to the :ref:`cluster <envoy_api_field_config.route.v3.RouteAction.cluster>` field that specifies a |
||||
// single upstream cluster as the target of a request, the :ref:`weighted_clusters |
||||
// <envoy_api_field_config.route.v3.RouteAction.weighted_clusters>` option allows for specification of |
||||
// multiple upstream clusters along with weights that indicate the percentage of |
||||
// traffic to be forwarded to each cluster. The router selects an upstream cluster based on the |
||||
// weights. |
||||
message WeightedCluster { |
||||
// [#next-free-field: 11] |
||||
message ClusterWeight { |
||||
// Name of the upstream cluster. The cluster must exist in the |
||||
// :ref:`cluster manager configuration <config_cluster_manager>`. |
||||
string name = 1; |
||||
|
||||
// An integer between 0 and :ref:`total_weight |
||||
// <envoy_api_field_config.route.v3.WeightedCluster.total_weight>`. When a request matches the route, |
||||
// the choice of an upstream cluster is determined by its weight. The sum of weights across all |
||||
// entries in the clusters array must add up to the total_weight, which defaults to 100. |
||||
google.protobuf.UInt32Value weight = 2; |
||||
|
||||
// The per_filter_config field can be used to provide weighted cluster-specific |
||||
// configurations for filters. The key should match the filter name, such as |
||||
// *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter |
||||
// specific; see the :ref:`HTTP filter documentation <config_http_filters>` |
||||
// for if and how it is utilized. |
||||
map<string, google.protobuf.Any> typed_per_filter_config = 10; |
||||
} |
||||
|
||||
// Specifies one or more upstream clusters associated with the route. |
||||
repeated ClusterWeight clusters = 1; |
||||
|
||||
// Specifies the total weight across all clusters. The sum of all cluster weights must equal this |
||||
// value, which must be greater than 0. Defaults to 100. |
||||
google.protobuf.UInt32Value total_weight = 3; |
||||
} |
||||
|
||||
// [#next-free-field: 13] |
||||
message RouteMatch { |
||||
oneof path_specifier { |
||||
// If specified, the route is a prefix rule meaning that the prefix must |
||||
// match the beginning of the *:path* header. |
||||
string prefix = 1; |
||||
|
||||
// If specified, the route is an exact path rule meaning that the path must |
||||
// exactly match the *:path* header once the query string is removed. |
||||
string path = 2; |
||||
|
||||
// If specified, the route is a regular expression rule meaning that the |
||||
// regex must match the *:path* header once the query string is removed. The entire path |
||||
// (without the query string) must match the regex. The rule will not match if only a |
||||
// subsequence of the *:path* header matches the regex. |
||||
// |
||||
// [#next-major-version: In the v3 API we should redo how path specification works such |
||||
// that we utilize StringMatcher, and additionally have consistent options around whether we |
||||
// strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive |
||||
// to deprecate the existing options. We should even consider whether we want to do away with |
||||
// path_specifier entirely and just rely on a set of header matchers which can already match |
||||
// on :path, etc. The issue with that is it is unclear how to generically deal with query string |
||||
// stripping. This needs more thought.] |
||||
type.matcher.v3.RegexMatcher safe_regex = 10; |
||||
|
||||
string path_separated_prefix = 14; |
||||
} |
||||
|
||||
// Indicates that prefix/path matching should be case insensitive. The default |
||||
// is true. |
||||
google.protobuf.BoolValue case_sensitive = 4; |
||||
|
||||
// Indicates that the route should additionally match on a runtime key. Every time the route |
||||
// is considered for a match, it must also fall under the percentage of matches indicated by |
||||
// this field. For some fraction N/D, a random number in the range [0,D) is selected. If the |
||||
// number is <= the value of the numerator N, or if the key is not present, the default |
||||
// value, the router continues to evaluate the remaining match criteria. A runtime_fraction |
||||
// route configuration can be used to roll out route changes in a gradual manner without full |
||||
// code/config deploys. Refer to the :ref:`traffic shifting |
||||
// <config_http_conn_man_route_table_traffic_splitting_shift>` docs for additional documentation. |
||||
// |
||||
// .. note:: |
||||
// |
||||
// Parsing this field is implemented such that the runtime key's data may be represented |
||||
// as a FractionalPercent proto represented as JSON/YAML and may also be represented as an |
||||
// integer with the assumption that the value is an integral percentage out of 100. For |
||||
// instance, a runtime key lookup returning the value "42" would parse as a FractionalPercent |
||||
// whose numerator is 42 and denominator is HUNDRED. This preserves legacy semantics. |
||||
core.v3.RuntimeFractionalPercent runtime_fraction = 9; |
||||
|
||||
// Specifies a set of headers that the route should match on. The router will |
||||
// check the request’s headers against all the specified headers in the route |
||||
// config. A match will happen if all the headers in the route are present in |
||||
// the request with the same values (or based on presence if the value field |
||||
// is not in the config). |
||||
repeated HeaderMatcher headers = 6; |
||||
|
||||
// Specifies a set of URL query parameters on which the route should |
||||
// match. The router will check the query string from the *path* header |
||||
// against all the specified query parameters. If the number of specified |
||||
// query parameters is nonzero, they all must match the *path* header's |
||||
// query string for a match to occur. |
||||
repeated QueryParameterMatcher query_parameters = 7; |
||||
} |
||||
|
||||
message MaxStreamDuration { |
||||
// Specifies the maximum duration allowed for streams on the route. If not specified, the value |
||||
// from the :ref:`max_stream_duration |
||||
// <envoy_api_field_config.core.v3.HttpProtocolOptions.max_stream_duration>` field in |
||||
// :ref:`HttpConnectionManager.common_http_protocol_options |
||||
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options>` |
||||
// is used. If this field is set explicitly to zero, any |
||||
// HttpConnectionManager max_stream_duration timeout will be disabled for |
||||
// this route. |
||||
google.protobuf.Duration max_stream_duration = 1; |
||||
|
||||
// If present, and the request contains a `grpc-timeout header |
||||
// <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_, use that value as the |
||||
// *max_stream_duration*, but limit the applied timeout to the maximum value specified here. |
||||
// If set to 0, the `grpc-timeout` header is used without modification. |
||||
google.protobuf.Duration grpc_timeout_header_max = 2; |
||||
} |
||||
|
||||
// [#next-free-field: 37] |
||||
message RouteAction { |
||||
oneof cluster_specifier { |
||||
// Indicates the upstream cluster to which the request should be routed |
||||
// to. |
||||
string cluster = 1; |
||||
|
||||
// Envoy will determine the cluster to route to by reading the value of the |
||||
// HTTP header named by cluster_header from the request headers. If the |
||||
// header is not found or the referenced cluster does not exist, Envoy will |
||||
// return a 404 response. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 |
||||
// *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead. |
||||
string cluster_header = 2; |
||||
|
||||
// Multiple upstream clusters can be specified for a given route. The |
||||
// request is routed to one of the upstream clusters based on weights |
||||
// assigned to each cluster. See |
||||
// :ref:`traffic splitting <config_http_conn_man_route_table_traffic_splitting_split>` |
||||
// for additional documentation. |
||||
WeightedCluster weighted_clusters = 3; |
||||
|
||||
// Name of the cluster specifier plugin to use to determine the cluster for |
||||
// requests on this route. The plugin name must be defined in the associated |
||||
// :ref:`envoy_v3_api_field_config.route.v3.RouteConfiguration.cluster_specifier_plugins` |
||||
// in the |
||||
// :ref:`envoy_v3_api_field_config.core.v3.TypedExtensionConfig.name` field. |
||||
string cluster_specifier_plugin = 37; |
||||
} |
||||
|
||||
message HashPolicy { |
||||
message Header { |
||||
// The name of the request header that will be used to obtain the hash |
||||
// key. If the request header is not present, no hash will be produced. |
||||
string header_name = 1; |
||||
|
||||
// If specified, the request header value will be rewritten and used |
||||
// to produce the hash key. |
||||
type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 2; |
||||
} |
||||
|
||||
message Cookie { |
||||
string name = 1; |
||||
} |
||||
|
||||
message ConnectionProperties { |
||||
bool source_ip = 1; |
||||
} |
||||
|
||||
message QueryParameter { |
||||
string name = 1; |
||||
} |
||||
|
||||
message FilterState { |
||||
// The name of the Object in the per-request filterState, which is an |
||||
// Envoy::Http::Hashable object. If there is no data associated with the key, |
||||
// or the stored object is not Envoy::Http::Hashable, no hash will be produced. |
||||
string key = 1; |
||||
} |
||||
|
||||
oneof policy_specifier { |
||||
// Header hash policy. |
||||
Header header = 1; |
||||
|
||||
// Cookie hash policy. |
||||
Cookie cookie = 2; |
||||
|
||||
// Connection properties hash policy. |
||||
ConnectionProperties connection_properties = 3; |
||||
|
||||
// Query parameter hash policy. |
||||
QueryParameter query_parameter = 5; |
||||
|
||||
// Filter state hash policy. |
||||
FilterState filter_state = 6; |
||||
} |
||||
|
||||
// The flag that short-circuits the hash computing. This field provides a |
||||
// 'fallback' style of configuration: "if a terminal policy doesn't work, |
||||
// fallback to rest of the policy list", it saves time when the terminal |
||||
// policy works. |
||||
// |
||||
// If true, and there is already a hash computed, ignore rest of the |
||||
// list of hash polices. |
||||
// For example, if the following hash methods are configured: |
||||
// |
||||
// ========= ======== |
||||
// specifier terminal |
||||
// ========= ======== |
||||
// Header A true |
||||
// Header B false |
||||
// Header C false |
||||
// ========= ======== |
||||
// |
||||
// The generateHash process ends if policy "header A" generates a hash, as |
||||
// it's a terminal policy. |
||||
bool terminal = 4; |
||||
} |
||||
|
||||
repeated HashPolicy hash_policy = 15; |
||||
|
||||
RetryPolicy retry_policy = 9; |
||||
|
||||
// Specifies the maximum stream duration for this route. |
||||
MaxStreamDuration max_stream_duration = 36; |
||||
|
||||
oneof host_rewrite_specifier { |
||||
// Indicates that during forwarding, the host header will be swapped with |
||||
// the hostname of the upstream host chosen by the cluster manager. This |
||||
// option is applicable only when the destination cluster for a route is of |
||||
// type ``strict_dns`` or ``logical_dns``, |
||||
// or when :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>` |
||||
// field is not empty. Setting this to true with other cluster types |
||||
// has no effect. Using this option will append the |
||||
// :ref:`config_http_conn_man_headers_x-forwarded-host` header if |
||||
// :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>` |
||||
// is set. |
||||
google.protobuf.BoolValue auto_host_rewrite = 7; |
||||
} |
||||
|
||||
// If set, then a host rewrite action (one of |
||||
// :ref:`host_rewrite_literal <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>`, |
||||
// :ref:`auto_host_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.auto_host_rewrite>`, |
||||
// :ref:`host_rewrite_header <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_header>`, or |
||||
// :ref:`host_rewrite_path_regex <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_path_regex>`) |
||||
// causes the original value of the host header, if any, to be appended to the |
||||
// :ref:`config_http_conn_man_headers_x-forwarded-host` HTTP header if it is different to the last value appended. |
||||
// This can be disabled by setting the runtime guard ``envoy_reloadable_features_append_xfh_idempotent`` to false. |
||||
bool append_x_forwarded_host = 38; |
||||
} |
||||
|
||||
// .. attention:: |
||||
// |
||||
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 *Host* |
||||
// header. Thus, if attempting to match on *Host*, match on *:authority* instead. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// To route on HTTP method, use the special HTTP/2 *:method* header. This works for both |
||||
// HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g., |
||||
// |
||||
// .. code-block:: json |
||||
// |
||||
// { |
||||
// "name": ":method", |
||||
// "exact_match": "POST" |
||||
// } |
||||
// |
||||
// .. attention:: |
||||
// In the absence of any header match specifier, match will default to :ref:`present_match |
||||
// <envoy_api_field_config.route.v3.HeaderMatcher.present_match>`. i.e, a request that has the :ref:`name |
||||
// <envoy_api_field_config.route.v3.HeaderMatcher.name>` header will match, regardless of the header's |
||||
// value. |
||||
// |
||||
// [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.] |
||||
// [#next-free-field: 12] |
||||
message HeaderMatcher { |
||||
// Specifies the name of the header in the request. |
||||
string name = 1; |
||||
|
||||
// Specifies how the header match will be performed to route the request. |
||||
oneof header_match_specifier { |
||||
// If specified, header match will be performed based on the value of the header. |
||||
string exact_match = 4; |
||||
|
||||
// If specified, this regex string is a regular expression rule which implies the entire request |
||||
// header value must match the regex. The rule will not match if only a subsequence of the |
||||
// request header value matches the regex. |
||||
type.matcher.v3.RegexMatcher safe_regex_match = 11; |
||||
|
||||
// If specified, header match will be performed based on range. |
||||
// The rule will match if the request header value is within this range. |
||||
// The entire request header value must represent an integer in base 10 notation: consisting of |
||||
// an optional plus or minus sign followed by a sequence of digits. The rule will not match if |
||||
// the header value does not represent an integer. Match will fail for empty values, floating |
||||
// point numbers or if only a subsequence of the header value is an integer. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * For range [-10,0), route will match for header value -1, but not for 0, "somestring", 10.9, |
||||
// "-1somestring" |
||||
type.v3.Int64Range range_match = 6; |
||||
|
||||
// If specified, header match will be performed based on whether the header is in the |
||||
// request. |
||||
bool present_match = 7; |
||||
|
||||
// If specified, header match will be performed based on the prefix of the header value. |
||||
// Note: empty prefix is not allowed, please use present_match instead. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * The prefix *abcd* matches the value *abcdxyz*, but not for *abcxyz*. |
||||
string prefix_match = 9; |
||||
|
||||
// If specified, header match will be performed based on the suffix of the header value. |
||||
// Note: empty suffix is not allowed, please use present_match instead. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * The suffix *abcd* matches the value *xyzabcd*, but not for *xyzbcd*. |
||||
string suffix_match = 10; |
||||
|
||||
string contains_match = 12; |
||||
|
||||
type.matcher.v3.StringMatcher string_match = 13; |
||||
} |
||||
|
||||
// If specified, the match result will be inverted before checking. Defaults to false. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * The regex ``\d{3}`` does not match the value *1234*, so it will match when inverted. |
||||
// * The range [-10,0) will match the value -1, so it will not match when inverted. |
||||
bool invert_match = 8; |
||||
} |
||||
|
||||
// Query parameter matching treats the query string of a request's :path header |
||||
// as an ampersand-separated list of keys and/or key=value elements. |
||||
// [#next-free-field: 7] |
||||
message QueryParameterMatcher { |
||||
} |
||||
|
||||
// Configuration for a cluster specifier plugin. |
||||
message ClusterSpecifierPlugin { |
||||
// The name of the plugin and its opaque configuration. |
||||
core.v3.TypedExtensionConfig extension = 1; |
||||
|
||||
// If is_optional is not set and the plugin defined by this message is not |
||||
// a supported type, the containing resource is NACKed. If is_optional is |
||||
// set, the resource would not be NACKed for this reason. In this case, |
||||
// routes referencing this plugin's name would not be treated as an illegal |
||||
// configuration, but would result in a failure if the route is selected. |
||||
bool is_optional = 2; |
||||
} |
||||
|
||||
// [#protodoc-title: HTTP route configuration] |
||||
// * Routing :ref:`architecture overview <arch_overview_http_routing>` |
||||
// * HTTP :ref:`router filter <config_http_filters_router>` |
||||
|
||||
// [#next-free-field: 11] |
||||
message RouteConfiguration { |
||||
// The name of the route configuration. For example, it might match |
||||
// :ref:`route_config_name |
||||
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.Rds.route_config_name>` in |
||||
// :ref:`envoy_api_msg_extensions.filters.network.http_connection_manager.v3.Rds`. |
||||
string name = 1; |
||||
|
||||
// An array of virtual hosts that make up the route table. |
||||
repeated VirtualHost virtual_hosts = 2; |
||||
|
||||
// A list of plugins and their configurations which may be used by a |
||||
// :ref:`envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin` |
||||
// within the route. All *extension.name* fields in this list must be unique. |
||||
repeated ClusterSpecifierPlugin cluster_specifier_plugins = 12; |
||||
} |
||||
|
||||
message RedirectAction { |
||||
} |
||||
|
||||
message FilterConfig { |
||||
// The filter config. |
||||
google.protobuf.Any config = 1; |
||||
|
||||
// If true, the filter is optional, meaning that if the client does |
||||
// not support the specified filter, it may ignore the map entry rather |
||||
// than rejecting the config. |
||||
bool is_optional = 2; |
||||
} |
||||
@ -1,28 +0,0 @@ |
||||
// Copyright 2021 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.http.router.v3; |
||||
|
||||
// [#protodoc-title: Router] |
||||
// Router :ref:`configuration overview <config_http_filters_router>`. |
||||
// [#extension: envoy.filters.http.router] |
||||
|
||||
// We don't actually use any of the fields in this message, but we need |
||||
// the message itself to signify which filter to use. |
||||
message Router { |
||||
} |
||||
@ -1,44 +0,0 @@ |
||||
// Copyright 2022 gRPC authors. |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.filters.http.stateful_session.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/extension.proto"; |
||||
|
||||
// [#protodoc-title: Stateful session filter] |
||||
// Stateful session :ref:`configuration overview <config_http_filters_stateful_session>`. |
||||
// [#extension: envoy.filters.http.stateful_session] |
||||
|
||||
message StatefulSession { |
||||
// Specific implementation of session state. This session state will be used to store and |
||||
// get address of the upstream host to which the session is assigned. |
||||
// |
||||
// [#extension-category: envoy.http.stateful_session] |
||||
config.core.v3.TypedExtensionConfig session_state = 1; |
||||
} |
||||
|
||||
message StatefulSessionPerRoute { |
||||
oneof override { |
||||
// Disable the stateful session filter for this particular vhost or route. If disabled is |
||||
// specified in multiple per-filter-configs, the most specific one will be used. |
||||
bool disabled = 1; |
||||
|
||||
// Per-route stateful session configuration that can be served by RDS or static route table. |
||||
StatefulSession stateful_session = 2; |
||||
} |
||||
} |
||||
@ -1,50 +0,0 @@ |
||||
// Copyright 2022 gRPC authors. |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.http.stateful_session.cookie.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/cookie.proto"; |
||||
|
||||
// [#protodoc-title: Cookie based stateful session extension] |
||||
|
||||
// This extension allows the session state to be tracked via cookies. |
||||
// |
||||
// This extension first encodes the address of the upstream host selected by the load balancer |
||||
// into a ``set-cookie`` response header with the :ref:`cookie configuration |
||||
// <envoy_v3_api_field_extensions.http.stateful_session.cookie.v3.CookieBasedSessionState.cookie>`. |
||||
// when new requests are incoming, this extension will try to parse the specific upstream host |
||||
// address by the cookie name. If the address parsed from the cookie corresponds to a valid |
||||
// upstream host, this upstream host will be selected first. See :ref:`stateful session filter |
||||
// <envoy_v3_api_msg_extensions.filters.http.stateful_session.v3.StatefulSession>`. |
||||
// |
||||
// For example, if the cookie name is set to ``sticky-host``, envoy will prefer ``1.2.3.4:80`` |
||||
// as the upstream host when the request contains the following header: |
||||
// |
||||
// .. code-block:: none |
||||
// |
||||
// cookie: sticky-host="MS4yLjMuNDo4MA==" |
||||
// |
||||
// When processing the upstream response, if ``1.2.3.4:80`` is indeed the final choice the extension |
||||
// does nothing. If ``1.2.3.4:80`` is not the final choice, the new selected host will be used to |
||||
// update the cookie (via the ``set-cookie`` response header). |
||||
// |
||||
// [#extension: envoy.http.stateful_session.cookie] |
||||
message CookieBasedSessionState { |
||||
// The cookie configuration used to track session state. |
||||
type.http.v3.Cookie cookie = 1; |
||||
} |
||||
@ -1,64 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.type.matcher.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/regex.proto"; |
||||
|
||||
message StringMatcher { |
||||
oneof match_pattern { |
||||
// The input string must match exactly the string specified here. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * *abc* only matches the value *abc*. |
||||
string exact = 1; |
||||
|
||||
// The input string must have the prefix specified here. |
||||
// Note: empty prefix is not allowed, please use regex instead. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * *abc* matches the value *abc.xyz* |
||||
string prefix = 2; |
||||
|
||||
// The input string must have the suffix specified here. |
||||
// Note: empty prefix is not allowed, please use regex instead. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * *abc* matches the value *xyz.abc* |
||||
string suffix = 3; |
||||
|
||||
// The input string must match the regular expression specified here. |
||||
RegexMatcher safe_regex = 5; |
||||
|
||||
// The input string must have the substring specified here. |
||||
// Note: empty contains match is not allowed, please use regex instead. |
||||
// |
||||
// Examples: |
||||
// |
||||
// * *abc* matches the value *xyz.abc.def* |
||||
string contains = 7; |
||||
} |
||||
|
||||
// If true, indicates the exact/prefix/suffix matching should be case insensitive. This has no |
||||
// effect for the safe_regex match. |
||||
// For example, the matcher *data* will match both input string *Data* and *data* if set to true. |
||||
bool ignore_case = 6; |
||||
} |
||||
@ -1,317 +0,0 @@ |
||||
// Copyright 2020 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.transport_sockets.tls.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/base.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/extension.proto"; |
||||
import "src/proto/grpc/testing/xds/v3/string.proto"; |
||||
|
||||
import "google/protobuf/wrappers.proto"; |
||||
|
||||
// Indicates a certificate to be obtained from a named CertificateProvider plugin instance. |
||||
// The plugin instances are defined in the client's bootstrap file. |
||||
// The plugin allows certificates to be fetched/refreshed over the network asynchronously with |
||||
// respect to the TLS handshake. |
||||
// [#not-implemented-hide:] |
||||
message CertificateProviderPluginInstance { |
||||
// Provider instance name. If not present, defaults to "default". |
||||
// |
||||
// Instance names should generally be defined not in terms of the underlying provider |
||||
// implementation (e.g., "file_watcher") but rather in terms of the function of the |
||||
// certificates (e.g., "foo_deployment_identity"). |
||||
string instance_name = 1; |
||||
|
||||
// Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify |
||||
// a root-certificate (validation context) or "example.com" to specify a certificate for a |
||||
// particular domain. Not all provider instances will actually use this field, so the value |
||||
// defaults to the empty string. |
||||
string certificate_name = 2; |
||||
} |
||||
|
||||
message CertificateValidationContext { |
||||
message SystemRootCerts { |
||||
} |
||||
|
||||
// Certificate provider instance for fetching TLS certificates. |
||||
// |
||||
// Only one of *trusted_ca* and *ca_certificate_provider_instance* may be specified. |
||||
// [#not-implemented-hide:] |
||||
CertificateProviderPluginInstance ca_certificate_provider_instance = 13; |
||||
|
||||
// Use system root certs for validation. |
||||
// If present, system root certs are used only if neither of the ``trusted_ca`` |
||||
// or ``ca_certificate_provider_instance`` fields are set. |
||||
// [#not-implemented-hide:] |
||||
SystemRootCerts system_root_certs = 17; |
||||
|
||||
// An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the |
||||
// SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate |
||||
// matches one of the specified values. |
||||
// |
||||
// A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate |
||||
// can be generated with the following command: |
||||
// |
||||
// .. code-block:: bash |
||||
// |
||||
// $ openssl x509 -in path/to/client.crt -noout -pubkey |
||||
// | openssl pkey -pubin -outform DER |
||||
// | openssl dgst -sha256 -binary |
||||
// | openssl enc -base64 |
||||
// NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A= |
||||
// |
||||
// This is the format used in HTTP Public Key Pinning. |
||||
// |
||||
// When both: |
||||
// :ref:`verify_certificate_hash |
||||
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and |
||||
// :ref:`verify_certificate_spki |
||||
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified, |
||||
// a hash matching value from either of the lists will result in the certificate being accepted. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// This option is preferred over :ref:`verify_certificate_hash |
||||
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>`, |
||||
// because SPKI is tied to a private key, so it doesn't change when the certificate |
||||
// is renewed using the same private key. |
||||
repeated string verify_certificate_spki = 3; |
||||
|
||||
// An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that |
||||
// the SHA-256 of the DER-encoded presented certificate matches one of the specified values. |
||||
// |
||||
// A hex-encoded SHA-256 of the certificate can be generated with the following command: |
||||
// |
||||
// .. code-block:: bash |
||||
// |
||||
// $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2 |
||||
// df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a |
||||
// |
||||
// A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate |
||||
// can be generated with the following command: |
||||
// |
||||
// .. code-block:: bash |
||||
// |
||||
// $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2 |
||||
// DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A |
||||
// |
||||
// Both of those formats are acceptable. |
||||
// |
||||
// When both: |
||||
// :ref:`verify_certificate_hash |
||||
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and |
||||
// :ref:`verify_certificate_spki |
||||
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified, |
||||
// a hash matching value from either of the lists will result in the certificate being accepted. |
||||
repeated string verify_certificate_hash = 2; |
||||
|
||||
// An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the |
||||
// Subject Alternative Name of the presented certificate matches one of the specified matchers. |
||||
// |
||||
// When a certificate has wildcard DNS SAN entries, to match a specific client, it should be |
||||
// configured with exact match type in the :ref:`string matcher <envoy_v3_api_msg_type.matcher.v3.StringMatcher>`. |
||||
// For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com", |
||||
// it should be configured as shown below. |
||||
// |
||||
// .. code-block:: yaml |
||||
// |
||||
// match_subject_alt_names: |
||||
// exact: "api.example.com" |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// Subject Alternative Names are easily spoofable and verifying only them is insecure, |
||||
// therefore this option must be used together with :ref:`trusted_ca |
||||
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`. |
||||
repeated type.matcher.v3.StringMatcher match_subject_alt_names = 9; |
||||
|
||||
// [#not-implemented-hide:] Must present signed certificate time-stamp. |
||||
google.protobuf.BoolValue require_signed_certificate_timestamp = 6; |
||||
|
||||
// An optional `certificate revocation list |
||||
// <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ |
||||
// (in PEM format). If specified, Envoy will verify that the presented peer |
||||
// certificate has not been revoked by this CRL. If this DataSource contains |
||||
// multiple CRLs, all of them will be used. Note that if a CRL is provided |
||||
// for any certificate authority in a trust chain, a CRL must be provided |
||||
// for all certificate authorities in that chain. Failure to do so will |
||||
// result in verification failure for both revoked and unrevoked certificates |
||||
// from that chain. |
||||
config.core.v3.DataSource crl = 7; |
||||
|
||||
// The configuration of an extension specific certificate validator. |
||||
// If specified, all validation is done by the specified validator, |
||||
// and the behavior of all other validation settings is defined by the specified validator (and may be entirely ignored, unused, and unvalidated). |
||||
// Refer to the documentation for the specified validator. If you do not want a custom validation algorithm, do not set this field. |
||||
// [#extension-category: envoy.tls.cert_validator] |
||||
config.core.v3.TypedExtensionConfig custom_validator_config = 12; |
||||
} |
||||
|
||||
message UpstreamTlsContext { |
||||
// Common TLS context settings. |
||||
// |
||||
// .. attention:: |
||||
// |
||||
// Server certificate verification is not enabled by default. Configure |
||||
// :ref:`trusted_ca<envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable |
||||
// verification. |
||||
CommonTlsContext common_tls_context = 1; |
||||
} |
||||
|
||||
message DownstreamTlsContext { |
||||
enum OcspStaplePolicy { |
||||
// OCSP responses are optional. If an OCSP response is absent |
||||
// or expired, the associated certificate will be used for |
||||
// connections without an OCSP staple. |
||||
LENIENT_STAPLING = 0; |
||||
|
||||
// OCSP responses are optional. If an OCSP response is absent, |
||||
// the associated certificate will be used without an |
||||
// OCSP staple. If a response is provided but is expired, |
||||
// the associated certificate will not be used for |
||||
// subsequent connections. If no suitable certificate is found, |
||||
// the connection is rejected. |
||||
STRICT_STAPLING = 1; |
||||
|
||||
// OCSP responses are required. Configuration will fail if |
||||
// a certificate is provided without an OCSP response. If a |
||||
// response expires, the associated certificate will not be |
||||
// used connections. If no suitable certificate is found, the |
||||
// connection is rejected. |
||||
MUST_STAPLE = 2; |
||||
} |
||||
|
||||
// Common TLS context settings. |
||||
CommonTlsContext common_tls_context = 1; |
||||
|
||||
// If specified, Envoy will reject connections without a valid client |
||||
// certificate. |
||||
google.protobuf.BoolValue require_client_certificate = 2; |
||||
|
||||
// If specified, Envoy will reject connections without a valid and matching SNI. |
||||
// [#not-implemented-hide:] |
||||
google.protobuf.BoolValue require_sni = 3; |
||||
|
||||
// Config for whether to use certificates if they do not have |
||||
// an accompanying OCSP response or if the response expires at runtime. |
||||
// Defaults to LENIENT_STAPLING |
||||
OcspStaplePolicy ocsp_staple_policy = 8; |
||||
} |
||||
|
||||
|
||||
// TLS context shared by both client and server TLS contexts. |
||||
// [#next-free-field: 14] |
||||
message CommonTlsContext { |
||||
// Similar to CertificateProvider above, but allows the provider instances to be configured on |
||||
// the client side instead of being sent from the control plane. |
||||
message CertificateProviderInstance { |
||||
// Provider instance name. This name must be defined in the client's configuration (e.g., a |
||||
// bootstrap file) to correspond to a provider instance (i.e., the same data in the typed_config |
||||
// field that would be sent in the CertificateProvider message if the config was sent by the |
||||
// control plane). If not present, defaults to "default". |
||||
// |
||||
// Instance names should generally be defined not in terms of the underlying provider |
||||
// implementation (e.g., "file_watcher") but rather in terms of the function of the |
||||
// certificates (e.g., "foo_deployment_identity"). |
||||
string instance_name = 1; |
||||
|
||||
// Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify |
||||
// a root-certificate (validation context) or "example.com" to specify a certificate for a |
||||
// particular domain. Not all provider instances will actually use this field, so the value |
||||
// defaults to the empty string. |
||||
string certificate_name = 2; |
||||
} |
||||
|
||||
message CombinedCertificateValidationContext { |
||||
// How to validate peer certificates. |
||||
CertificateValidationContext default_validation_context = 1; |
||||
|
||||
// Certificate provider instance for fetching validation context. |
||||
// Only one of validation_context_sds_secret_config, validation_context_certificate_provider, |
||||
// or validation_context_certificate_provider_instance may be used. |
||||
CertificateProviderInstance validation_context_certificate_provider_instance = 4; |
||||
} |
||||
|
||||
message TlsParameters {} |
||||
|
||||
// TLS protocol versions, cipher suites etc. |
||||
TlsParameters tls_params = 1; |
||||
|
||||
message TlsCertificate {} |
||||
|
||||
// :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the |
||||
// same context to allow both RSA and ECDSA certificates. |
||||
// |
||||
// Only a single TLS certificate is supported in client contexts. In server contexts, the first |
||||
// RSA certificate is used for clients that only support RSA and the first ECDSA certificate is |
||||
// used for clients that support ECDSA. |
||||
// |
||||
// Only one of *tls_certificates*, *tls_certificate_sds_secret_configs*, |
||||
// and *tls_certificate_provider_instance* may be used. |
||||
// [#next-major-version: These mutually exclusive fields should ideally be in a oneof, but it's |
||||
// not legal to put a repeated field in a oneof. In the next major version, we should rework |
||||
// this to avoid this problem.] |
||||
repeated TlsCertificate tls_certificates = 2; |
||||
|
||||
message SdsSecretConfig {} |
||||
|
||||
// Configs for fetching TLS certificates via SDS API. Note SDS API allows certificates to be |
||||
// fetched/refreshed over the network asynchronously with respect to the TLS handshake. |
||||
// |
||||
// The same number and types of certificates as :ref:`tls_certificates <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CommonTlsContext.tls_certificates>` |
||||
// are valid in the the certificates fetched through this setting. |
||||
// |
||||
// Only one of *tls_certificates*, *tls_certificate_sds_secret_configs*, |
||||
// and *tls_certificate_provider_instance* may be used. |
||||
// [#next-major-version: These mutually exclusive fields should ideally be in a oneof, but it's |
||||
// not legal to put a repeated field in a oneof. In the next major version, we should rework |
||||
// this to avoid this problem.] |
||||
repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6; |
||||
|
||||
// Certificate provider instance for fetching TLS certs. |
||||
// |
||||
// Only one of *tls_certificates*, *tls_certificate_sds_secret_configs*, |
||||
// and *tls_certificate_provider_instance* may be used. |
||||
// [#not-implemented-hide:] |
||||
CertificateProviderPluginInstance tls_certificate_provider_instance = 14; |
||||
|
||||
// Certificate provider instance for fetching TLS certificates. |
||||
CertificateProviderInstance tls_certificate_certificate_provider_instance = 11; |
||||
|
||||
oneof validation_context_type { |
||||
// How to validate peer certificates. |
||||
CertificateValidationContext validation_context = 3; |
||||
|
||||
// Config for fetching validation context via SDS API. Note SDS API allows certificates to be |
||||
// fetched/refreshed over the network asynchronously with respect to the TLS handshake. |
||||
SdsSecretConfig validation_context_sds_secret_config = 7; |
||||
|
||||
// Combined certificate validation context holds a default CertificateValidationContext |
||||
// and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic |
||||
// and default CertificateValidationContext are merged into a new CertificateValidationContext |
||||
// for validation. This merge is done by Message::MergeFrom(), so dynamic |
||||
// CertificateValidationContext overwrites singular fields in default |
||||
// CertificateValidationContext, and concatenates repeated fields to default |
||||
// CertificateValidationContext, and logical OR is applied to boolean fields. |
||||
CombinedCertificateValidationContext combined_validation_context = 8; |
||||
} |
||||
|
||||
// Custom TLS handshaker. If empty, defaults to native TLS handshaking |
||||
// behavior. |
||||
config.core.v3.TypedExtensionConfig custom_handshaker = 13; |
||||
} |
||||
@ -1,53 +0,0 @@ |
||||
// Copyright 2022 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package xds.type.v3; |
||||
|
||||
import "google/protobuf/struct.proto"; |
||||
|
||||
// A TypedStruct contains an arbitrary JSON serialized protocol buffer message with a URL that |
||||
// describes the type of the serialized message. This is very similar to google.protobuf.Any, |
||||
// instead of having protocol buffer binary, this employs google.protobuf.Struct as value. |
||||
// |
||||
// This message is intended to be embedded inside Any, so it shouldn't be directly referred |
||||
// from other UDPA messages. |
||||
// |
||||
// When packing an opaque extension config, packing the expected type into Any is preferred |
||||
// wherever possible for its efficiency. TypedStruct should be used only if a proto descriptor |
||||
// is not available, for example if: |
||||
// - A control plane sends opaque message that is originally from external source in human readable |
||||
// format such as JSON or YAML. |
||||
// - The control plane doesn't have the knowledge of the protocol buffer schema hence it cannot |
||||
// serialize the message in protocol buffer binary format. |
||||
// - The DPLB doesn't have have the knowledge of the protocol buffer schema its plugin or extension |
||||
// uses. This has to be indicated in the DPLB capability negotiation. |
||||
// |
||||
// When a DPLB receives a TypedStruct in Any, it should: |
||||
// - Check if the type_url of the TypedStruct matches the type the extension expects. |
||||
// - Convert value to the type described in type_url and perform validation. |
||||
// TODO(lizan): Figure out how TypeStruct should be used with DPLB extensions that doesn't link |
||||
// protobuf descriptor with DPLB itself, (e.g. gRPC LB Plugin, Envoy WASM extensions). |
||||
message TypedStruct { |
||||
// A URL that uniquely identifies the type of the serialize protocol buffer message. |
||||
// This has same semantics and format described in google.protobuf.Any: |
||||
// https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto |
||||
string type_url = 1; |
||||
|
||||
// A JSON representation of the above specified type. |
||||
google.protobuf.Struct value = 2; |
||||
} |
||||
@ -1,53 +0,0 @@ |
||||
// Copyright 2022 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package udpa.type.v1; |
||||
|
||||
import "google/protobuf/struct.proto"; |
||||
|
||||
// A TypedStruct contains an arbitrary JSON serialized protocol buffer message with a URL that |
||||
// describes the type of the serialized message. This is very similar to google.protobuf.Any, |
||||
// instead of having protocol buffer binary, this employs google.protobuf.Struct as value. |
||||
// |
||||
// This message is intended to be embedded inside Any, so it shouldn't be directly referred |
||||
// from other UDPA messages. |
||||
// |
||||
// When packing an opaque extension config, packing the expected type into Any is preferred |
||||
// wherever possible for its efficiency. TypedStruct should be used only if a proto descriptor |
||||
// is not available, for example if: |
||||
// - A control plane sends opaque message that is originally from external source in human readable |
||||
// format such as JSON or YAML. |
||||
// - The control plane doesn't have the knowledge of the protocol buffer schema hence it cannot |
||||
// serialize the message in protocol buffer binary format. |
||||
// - The DPLB doesn't have have the knowledge of the protocol buffer schema its plugin or extension |
||||
// uses. This has to be indicated in the DPLB capability negotiation. |
||||
// |
||||
// When a DPLB receives a TypedStruct in Any, it should: |
||||
// - Check if the type_url of the TypedStruct matches the type the extension expects. |
||||
// - Convert value to the type described in type_url and perform validation. |
||||
// TODO(lizan): Figure out how TypeStruct should be used with DPLB extensions that doesn't link |
||||
// protobuf descriptor with DPLB itself, (e.g. gRPC LB Plugin, Envoy WASM extensions). |
||||
message TypedStruct { |
||||
// A URL that uniquely identifies the type of the serialize protocol buffer message. |
||||
// This has same semantics and format described in google.protobuf.Any: |
||||
// https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto |
||||
string type_url = 1; |
||||
|
||||
// A JSON representation of the above specified type. |
||||
google.protobuf.Struct value = 2; |
||||
} |
||||
@ -1,43 +0,0 @@ |
||||
// Copyright 2024 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.transport_sockets.http_11_proxy.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/base.proto"; |
||||
|
||||
// [#protodoc-title: Upstream HTTP/1.1 Proxy] |
||||
// [#extension: envoy.transport_sockets.http_11_proxy] |
||||
|
||||
// Configuration for HTTP/1.1 proxy transport sockets. |
||||
// This is intended for use in Envoy Mobile, though may eventually be extended |
||||
// for upstream Envoy use. |
||||
// If this transport socket is configured, and an intermediate filter adds the |
||||
// stream info necessary for proxying to the stream info (as the test filter |
||||
// does :repo:`here <test/integration/filters/header_to_proxy_filter.cc>`) then |
||||
// |
||||
// * Upstream connections will be directed to the specified proxy address rather |
||||
// than the host's address |
||||
// * Upstream TLS connections will have a raw HTTP/1.1 CONNECT header prefaced |
||||
// to the payload, and 200 response stripped (if less than 200 bytes) |
||||
// * Plaintext HTTP/1.1 connections will be sent with a fully qualified URL. |
||||
// |
||||
// This transport socket is not compatible with HTTP/3, plaintext HTTP/2, or raw TCP. |
||||
message Http11ProxyUpstreamTransport { |
||||
// The underlying transport socket being wrapped. |
||||
config.core.v3.TransportSocket transport_socket = 1; |
||||
} |
||||
@ -1,31 +0,0 @@ |
||||
// Copyright 2022 The gRPC Authors |
||||
// |
||||
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||
// you may not use this file except in compliance with the License. |
||||
// You may obtain a copy of the License at |
||||
// |
||||
// http://www.apache.org/licenses/LICENSE-2.0 |
||||
// |
||||
// Unless required by applicable law or agreed to in writing, software |
||||
// distributed under the License is distributed on an "AS IS" BASIS, |
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
// See the License for the specific language governing permissions and |
||||
// limitations under the License. |
||||
|
||||
// Local copy of Envoy xDS proto file, used for testing only. |
||||
|
||||
syntax = "proto3"; |
||||
|
||||
package envoy.extensions.load_balancing_policies.wrr_locality.v3; |
||||
|
||||
import "src/proto/grpc/testing/xds/v3/cluster.proto"; |
||||
|
||||
// [#protodoc-title: Weighted Round Robin Locality-Picking Load Balancing Policy] |
||||
|
||||
// Configuration for the wrr_locality LB policy. See the :ref:`load balancing architecture overview |
||||
// <arch_overview_load_balancing_types>` for more information. |
||||
// [#extension: envoy.clusters.lb_policy] |
||||
message WrrLocality { |
||||
// The child LB policy to create for endpoint-picking within the chosen locality. |
||||
config.cluster.v3.LoadBalancingPolicy endpoint_picking_policy = 1; |
||||
} |
||||
Loading…
Reference in new issue